Skip to content

Sync security_policies when project is added to group

Sashi Kumar Kumaresanrequested to merge
sk/464034-handle-events into master

What does this MR do and why?

This MR handles the linking of a project to security policies when a project is added or transferred to a group with security policies.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

  • Enablesecurity_policies_sync_group feature flags
  • Create a group with a project
  • Create an approval policy with multiple rules and a scan execution policy from Secure->Policies for the group:
Policies 
name: Multi-rules Policy
description: ''
enabled: true
actions:
- type: require_approval
  approvals_required: 1
  role_approvers:
  - maintainer
- type: send_bot_message
  enabled: true
rules:
- type: scan_finding
  scanners: []
  vulnerabilities_allowed: 0
  severity_levels: []
  vulnerability_states: []
  branch_type: protected
- type: license_finding
  match_on_inclusion_license: true
  license_types:
  - MIT License
  license_states:
  - newly_detected
  branch_type: protected
- type: any_merge_request
  branch_type: protected
  commits: any
approval_settings:
  block_branch_modification: true
  prevent_pushing_and_force_pushing: true
  prevent_approval_by_author: true
  prevent_approval_by_commit_author: true
  remove_approvals_with_new_commit: true
  require_password_to_approve: false
fallback_behavior:
  fail: closed
name: Scan Execution Policy
description: ''
enabled: true
actions:
- scan: secret_detection
rules:
- type: pipeline
  branches:
  - "*"
  • Verify that there are rows in Security::PolicyProjectLink and Security::ApprovalPolicyRuleProjectLink for the projects
  • Now add a new project to the group and verify that there are new rows added for the new project in Security::PolicyProjectLink and Security::ApprovalPolicyRuleProjectLink tables
  • Transfer a project from a different group to the group with security policies and also verify that there are rows in Security::PolicyProjectLink and Security::ApprovalPolicyRuleProjectLink

Addresses #464034 (closed)

Edited by Sashi Kumar Kumaresan

Merge request reports