Add an enforcement option for policy editor
What does this MR do and why?
Add an enforcement option for policy editor
- allow for warn mode in MRAPs via radio button
- remove action to add warn mode now that enforcement type exists
- use enforcement type component
- update yaml to include enforcement_type when the feature flag is on; default to warn mode
- if policy has legacy warn mode, set to enforce but add new alert
- if policy is not a legacy warn mode policy, set to enforce
- allow for required approvers in warn mode
- disable remove button of action on warn mode
- ensure the bot action is always added in warn mode by checking for bot actions in yaml and add one if it does not exist
- add tests
What does this MR not do?
- allows for multiple require approver actions
- disables "any merge request" and "license" rules
- updates the wording for the require approver actions as the approvers are not required
References
Screenshots or screen recordings
| Before | After |
|---|---|
| No enforcement type |  |
| Feature flag off |
|
| Feature flag on |
 
|
| Feature flag on - editing existing warn mode policy |  |
How to set up and validate locally
- Upload a GitLab Ultimate license
- Enable the
security_policy_approval_warn_modefeature flag (http://gdk.test:3000/rails/features) - Navigate to a project/group => Secure => Policies => New policy => Merge Request Approval Policy
- Verify the policy starts in
enforcement_type=warn - Verify the
warnaction cannot be added - Verify the user can change the enforement type and the yaml value is updated to
enforce
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Related to #549783 (closed)
Edited by Alexander Turinske