Sync security policies when compliance framework is changed
What does this MR do and why?
This MR link/unlink a security policy to a project when a compliance framework is added/removed from a project.
References
Please include cross links to any resources that are relevant to this MR. This will give reviewers and future readers helpful context to give an efficient review of the changes introduced.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
| Before | After |
|---|---|
How to set up and validate locally
- Create a top level group and create a compliance framework
- Create 2 projects within the group
- Create a MR approval policy with
policy_scopeand add the ID of the compliance framework:
type: approval_policy
name: Compliance Framework policy
description: ''
enabled: true
policy_scope:
compliance_frameworks:
- id: 5
rules:
- type: scan_finding
scanners: []
vulnerabilities_allowed: 0
severity_levels: []
vulnerability_states: []
branch_type: protected
actions:
- type: require_approval
approvals_required: 1
group_approvers_ids:
- 22- Assign the compliance framework to one of the projects in the group (
Settings->General->Compliance Frameworks) - Verify that there is a record created in
security_policy_project_linkstable for theproject_id
Security::PolicyProjectLink.last- Unassign the compliance framework from the project and verify that the
security_policy_project_linksfor project is removed
Addresses #499432 (closed)
Edited by Sashi Kumar Kumaresan