Skip to content

Add approval_policy_merge_request_bypass_events to store the bypasses

Sashi Kumar Kumaresanrequested to merge
549797-add-table into master

What does this MR do and why?

As a part of User and Group Exceptions in MR Approval Policies (&18114), we want to allow specific users/groups to bypass the approvals or push protection from MR approval policy with full audit trail. This can be done at 2 levels:

  • Merge Request: An user/group can bypass the approvals by providing a reason from the MR UI
  • Branch Push: An user can push to a branch with push protection (protected branch and branch protection from MR approval policy) through a git push options (something like --push-option security_policy.bypass_reason='reason')

This MR adds a new table to store the bypass events with reason for merge requests. This allows us to check if an MR is bypassed from approval by checking this table. For branch push, the events will be logged to audit logs, so we don't need to persist them in a table.

References

Screenshots or screen recordings

Before After

How to set up and validate locally

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #549797 (closed)

Edited by Sashi Kumar Kumaresan

Merge request reports