Add metadata to security policies
What does this MR do and why?
This MR adds metadata to security policies to allow us to store custom key-value pairs that can help us identify ie. source of given policy. Initially we want to test if we can use it to mark policies as created as a part of migration from Compliance Pipelines.
For now, we will not update the documentation; even though users will be able to use it, we do not want to guarantee that it will be like this in the long term. We need to understand if this is efficient and performs well.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Migration Output
main: == [advisory_lock_connection] object_id: 142400, pg_backend_pid: 13868
main: == 20240815102415 AddMetadataColumnToSecurityPolicies: migrating ==============
main: -- add_column(:security_policies, :metadata, :jsonb, {:default=>{}, :null=>false})
main: -> 0.0056s
main: == 20240815102415 AddMetadataColumnToSecurityPolicies: migrated (0.0146s) =====
How to set up and validate locally
- Create a security policy for a project/group with
metadata
by going to.yaml mode
in the policy editor
type: scan_execution_policy
name: Test Policy
description: ''
enabled: true
metadata:
test: true
rules:
- type: pipeline
branches:
- '*'
actions:
- scan: secret_detection
- Now try to update
metadata
with invalid values like nested object and observe the error:
metadata:
test:
test: true
Related to #479284 (closed)
Edited by Sashi Kumar Kumaresan