Expose csp in GQL for all policy types

Martin Cavojrequested to merge
541516-be-extend-graphql-for-frontend-for-csp into master

What does this MR do and why?

Expose csp in GQL for project and namespace policies.

This change allows to query csp attribute of a policy for frontend to annotate the policy as "Instance policy" when it's coming from a CSP group.

References

Screenshots or screen recordings

CleanShot_2025-05-27_at_16.25.24_2x

How to set up and validate locally

  1. Enable the feature flag: 
    Feature.enable(:security_policies_csp)
  2. Create a top-level group and assign it as a CSP using rails console: 
    Security::PolicySetting.instance.update! csp_namespace: Group.find(<group_id>)
  3. Create another top-level group, create some policies in it
  4. Using /-/graphql-explorer, run the following query for the non-CSP group: 
    {
  namespace(fullPath: "<group-full-path>") {
    id
    approvalPolicies(relationship: INHERITED) {
      nodes {
        name
        enabled
        csp
      }
    }
    scanExecutionPolicies(relationship:INHERITED) {
      nodes {
        name
        enabled
        csp
      }
    }
    vulnerabilityManagementPolicies(relationship:INHERITED) {
      nodes { 
        name
        enabled
        csp
      }
    }
    pipelineExecutionPolicies(relationship:INHERITED) {
      nodes { 
        name
        enabled
        csp
      }
    }
    pipelineExecutionSchedulePolicies(relationship:INHERITED) {
      nodes { 
        name
        enabled
        csp
      }
    }
  }
}

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #541516 (closed)

Edited by Martin Cavoj

Merge request reports