Add dependency firewall policy service layer integration

Michael Eddingtonrequested to merge
589594-depfw-serice-layer-integration into master

What does this MR do and why?

Add dependency firewall policy service layer integration

Integrates dependency_firewall_policy into the security orchestration policy service layer by:

  • Adding dependency_firewall_policy case to PersistPolicyService relation_scope method
  • Adding comprehensive test coverage for dependency_firewall_policy persistence
  • Adding tests for policy limit and policy type name retrieval

Related to https://gitlab.com/gitlab-org/gitlab/-/work_items/589594

References

How to set up and validate locally

  1. Setup a Vulnerability Management Policy in your GDK.
  2. Verify that the SELECT * FROM security_policies; query returns only one policy. Note down the security_orchestration_policy_configuration_id.
  3. Enable the feature flag :dependency_firewall_phase1 => Feature.enable(:dependency_firewall_phase1)
  4. Manually modify the policy YAML file in the security policy project. Add the following dependency firewall policy and create an MR:
dependency_firewall_policy:
  - name: Block copyleft
    description: Prevent copyleft-licensed packages from being downloaded
    enabled: true
    enforcement_type: enforced
    rules:
    - type: license
      denied:
      - name: NIST Software License
      - name: NTP License
      exceptions:
      - purl: pkg:npm/my-internal-lib
    bypass_settings:
      access_tokens:
      - id: 333
  - name: Approved licenses
    description: Warn on any package whose license is not on the allowed list
    enabled: true
    enforcement_type: warn
    rules:
    - type: license
      allowed:
      - name: MIT License
      - name: Apache License 2.0
      exceptions:
      - purl: pkg:npm/my-internal-lib
    bypass_settings:
      users:
      - id: 123
  1. Merge the policy changes MR
  2. The policies should have been updated now. There should be 3 rows returned when you perform the SELECT * FROM security_policies WHERE security_orchestration_policy_configuration_id == <>; query now.

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #589594

Edited by Arpit Gogia

Merge request reports