Fix removal of policies which have reached limits
What does this MR do and why?
Fixes two bugs of the same kind introduced by !146760 (merged) and !186095 (merged): Both MRs added a policy validation that enforces an action/rule limit, but these validations also apply when attempting to remove a policy that exceeds these limits, effectively blocking their removal.
References
How to set up and validate locally
For example to test the removal of a policy that exceeds the upcoming action limit of 10, first ensure the feature flag is disabled:
echo "Feature.disable(:scan_execution_policy_action_limit)" | rails cCreate a new project, navigate to Secure > Policies and create the following Scan execution policy:
scan_execution_policy:
- name: Secret detection
enabled: true
rules:
- type: pipeline
branches:
- '*'
actions:
- scan: secret_detection
- scan: secret_detection
- scan: secret_detection
- scan: secret_detection
- scan: secret_detection
- scan: secret_detection
- scan: secret_detection
- scan: secret_detection
- scan: secret_detection
- scan: secret_detection
- scan: secret_detectionEnable the feature flag:
echo "Feature.enable(:scan_execution_policy_action_limit)" | rails c- Verify that you cannot save the policy in its current form, because
Policy exceeds the maximum of 10 actions. - Verify that you can delete the policy
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Edited by Dominic Bauer