Skip to content

Link compliance frameworks with pipeline execution policies

Alan (Maciej) Paruszewskirequested to merge
492552-link-pipeline-execution-policies-with-compliance-frameworks into master

What does this MR do and why?

This MR adds ability to list pipeline execution policies on Framework Page by providing new API to return these policies in GraphQL API. This work is handled first by ensuring that propper link is created in the database and then adding ability to list them using API.

Background migration will be solved in separate MR.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Video

pep

How to set up and validate locally

  1. Create new root group
  2. For that group create new Compliance Framework (Secure -> Compliance center -> Frameworks)
  3. Create new project in that group, add pep.yml file with some GitLab CI jobs configuration
  4. Go to Secure -> Policies -> Create new policy -> Select Pipeline Execution Policy type
  5. In the Policy scope, select Compliance Framework you've created in 2. step,
  6. Configure the policy using the file provided in 3. step
  7. Create and merge the MR
  8. Go to GraphQL Explorer (-/graphql-explorer)
  9. Run the query: 
    query {
  group(fullPath: "root-group") {
    complianceFrameworks {
      nodes {
        id
        name
        scanExecutionPolicies {
          nodes {
            name
          }
        }
        pipelineExecutionPolicies {
          nodes {
            name
          }
        }
      }
    }
  }
}
  10. You should see in the results created Pipeline Execution Policy.

Numbered steps to set up and validate the change are strongly suggested.

Related to #492552 (closed)

Edited by Alan (Maciej) Paruszewski

Merge request reports