Add variable control to policy editor
What does this MR do and why?
This change adds a new feature to the pipeline execution policy editor that allows users to control variable overrides. The feature introduces a "Variable option" accordion section where users can choose between an allowlist or denylist approach to manage which CI/CD variables can be overridden when a policy runs.
Users can select variables from a predefined list through a modal interface, which displays the currently selected variables and allows adding or removing them. The implementation includes new components (VariablesOverrideList, VariablesOverrideModal, and VariablesSelector) that work together to provide this functionality.
The feature is behind a feature flag called "security_policies_optional_variables_control" which is disabled by default. When enabled, it appears in the policy editor interface below the file path selection area. The UI provides helpful explanatory text and links to documentation to help users understand how variable overrides work.
| MR's to be done | MR |
|---|---|
| Add variables override widget | This MR |
| Add functionality to add custom variables | TBD |
References
Screenshots or screen recordings
| Description | UI |
|---|---|
| UI widget on policy editor | variables.mov |
How to set up and validate locally
-
Enable feature flag:
Feature.enable(:security_policies_optional_variables_control) -
Go to Secure -> Policies
-
New pipeline execution policy
-
Check variable widget in action section
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Related to #525084 (closed)