Update usages of all_project_ids to account for CSP

Martin Cavojrequested to merge
541510-be-designation-of-a-csp-group-all-projects-csp into master

What does this MR do and why?

Update usages of all_project_ids to account for CSP

Update IDs used for:

  • PEP enforcement
  • SEP scheduling
  • Approval policies sync

References

How to set up and validate locally

  1. Enable the feature flag: 
    Feature.enable(:security_policies_csp)
  2. Create a top-level group and assign it as a CSP using rails console: 
    Security::PolicySetting.instance.update! csp_namespace: Group.find(<group_id>)
  3. Create another top-level group with a test project
  4. In the CSP group, create various policies:
    • scheduled SEP
    • pipeline execution policy
    • approval policy
  5. Go to the second top-level group / test project and verify that the policies are enforced:
    • Run a pipeline and verify that PEP injects a job
    • Via rails console, force a scheduled SEP to run (to avoid waiting)
    • Open MR to verify that approvals are required

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #541510 (closed)

Edited by Martin Cavoj

Merge request reports