Limit the number of descendant policies

Sashi Kumar Kumaresanrequested to merge
520440-limit-descendant-policies into master

What does this MR do and why?

This MR limits the number of descendant security policy configurations loaded to prevent timeouts when dealing with large groups. The change introduces a hard limit of 50 descendant policy projects to improve performance of security policies API.

Currently, policies are read directly from YAML rather than the database, which prevents pagination. This temporary limit prevents timeouts while we work toward a permanent solution. We plan to migrate policy retrieval from the database and implement proper pagination in [Backend]: Replace Gitaly request with DB for ... (#541270). Once that's complete, this limit can be removed in favor of paginated results.

References

Screenshots or screen recordings

Before After

How to set up and validate locally

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #520440

Edited by Sashi Kumar Kumaresan

Merge request reports