Add REST API endpoint for designating centralised security policy management group (CSP)

Martin Cavojrequested to merge
541511-be-add-api-to-allow-updates-of-csp into master

What does this MR do and why?

We are working on centralised security policy management (CSP, &17392 (closed)). We need a mechanism to designate a top-level group as the instance's centralised security policy group, for which this MR implements a new REST API endpoint PUT admin/security/policy_settings.

References

#541511 (closed)

How to set up and validate locally

Use an administrator's $GITLAB_TOKEN and verify that ::Security::PolicySetting.instance.csp_namespace_id reflects the updates.

Setting the CSP group

curl -X PUT "http://gdk.test:3000/api/v4/admin/security/policy_settings" \
  -H "Authorization: Bearer $GITLAB_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"csp_namespace_id": 123456}'

Unsetting the CSP group

curl -X PUT "http://gdk.test:3000/api/v4/admin/security/policy_settings" \
  -H "Authorization: Bearer $GITLAB_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"csp_namespace_id": null}'

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #541511 (closed)

Edited by Dominic Bauer

Merge request reports