Skip to content

Add vulnerability management policy type for graphql query

Lorenz van Herwaarden requested to merge vulnerability-management-policy/465742-add-resolver into master

What does this MR do and why?

Related #465742 (closed)

This adds the vulnerability management policies to the project type so they can be queried in the security policies list.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

How to set up and validate locally

  1. Enable vulnerability_management_policy feature flag at http://gdk.test:3000/rails/features
  2. Enable security_policies_project_background_worker feature flag at http://gdk.test:3000/rails/features
  3. Apply patch from MR which enables save and update capability: curl https://gitlab.com/gitlab-org/gitlab/-/merge_requests/158255.diff | git apply
  4. Go to any project
  5. Go to Secure > Policies
  6. Click New policy
  7. Click Select policy on the Vulnerability management policy card
  8. Fill in name, description, and update rules if you want to.
  9. Click Create policy
  10. Merge the created MR.
  11. Use the following graphql query and variables in GraphiQL (http://gdk.test:3000/-/graphql-explorer) to validate we can query the policy

query

query projectVulnerabilityManagementPolicies(
  $fullPath: ID!
  $relationship: SecurityPolicyRelationType = INHERITED
) {
  namespace: project(fullPath: $fullPath) {
    id
    vulnerabilityManagementPolicies(relationship: $relationship) {
      nodes {
        name
        yaml
        editPath
        enabled
        policyScope {
          ...PolicyScope
          __typename
        }
        source {
          ...SecurityPolicySource
          __typename
        }
        updatedAt
        __typename
      }
      __typename
    }
    __typename
  }
}

fragment SecurityPolicySource on SecurityPolicySource {
  ... on GroupSecurityPolicySource {
    inherited
    namespace {
      id
      fullPath
      name
      __typename
    }
    __typename
  }
  ... on ProjectSecurityPolicySource {
    project {
      fullPath
      __typename
    }
    __typename
  }
  __typename
}

fragment PolicyScope on PolicyScope {
  complianceFrameworks {
    nodes {
      id
      name
      color
      description
      projects {
        nodes {
          id
          __typename
        }
        __typename
      }
      __typename
    }
    pageInfo {
      ...PageInfo
      __typename
    }
    __typename
  }
  excludingProjects {
    nodes {
      id
      name
      fullPath
      __typename
    }
    pageInfo {
      ...PageInfo
      __typename
    }
    __typename
  }
  includingProjects {
    nodes {
      id
      name
      fullPath
      __typename
    }
    pageInfo {
      ...PageInfo
      __typename
    }
    __typename
  }
  includingGroups {
    nodes {
      id
      name
      fullPath
      __typename
    }
    pageInfo {
      ...PageInfo
      __typename
    }
    __typename
  }
  __typename
}

fragment PageInfo on PageInfo {
  hasNextPage
  hasPreviousPage
  startCursor
  endCursor
  __typename
}

variables

{
  "relationship": "INHERITED",
  "fullPath": "<full path of project>"
}
Edited by Lorenz van Herwaarden

Merge request reports