Display security approval rules when creating a new project [Parent Issue]
Problem
License-check and Vulnerability-Check security approval rules are not visible in the UI until activated (user adding the names manually to the approval group). This deters discoverability of the feature and usability of setup is poor. The issue is UX debt
Solution
When a new project is created we want to show default or 'pinned' approval rules in a project. In particular License-Check and Vulnerability-Check
earlier design
| When there both scans already setup | When the scan is not setup | | -------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- | |
| 
|
| When the scan is enabled, user can see the edit button. The rules are there, but there is 0 people assign to view it, use still need to edit | When the scan is NOT enabled, user can NOT see the edit button. a message displayed to tell user why they can't use it now and what they can do |
Implementation Plan
Backend
-
Extend current configuration end point to return json as well as html (example payload can be seen here) -
Add field called typefor each element under features for FE to determine type of scanner. I.etype: 'container_scanning'. This field is added just to make FE parsing easier. Instead of parsing "name" field FE will usetypefield
Progress will be tracked in this sub-issue: #229496 (closed)
Frontend
| Tasks # | Description | frontend issue | frontend weight |
|---|---|---|---|
| 1 | Implement Action/Mutations for Security Configuration endpoint | #229827 (closed) | frontend-weight3 |
| 2 | Implement Vulnerability-Check/License-Check rows | #229825 (closed) | frontend-weight5 |
| 3 | Implement tooltips in `unconfigured_approval_rule' component | #229828 (closed) | frontend-weight3 |
Follow-up issues (not sub-issue)
| Description | frontend issue | frontend weight |
|---|---|---|
| Enable feature flag and docs | #235114 (closed) | frontend-weight2 |
| Remove feature flag | #235114 (closed) | frontend-weight2 |
Related Issues that should be done in parallel, but not required
@kmann : Ideally, implemented in tandem with: #213707 (closed)
@farias-gl: #213707 (closed) compliments this issue, but is a separate deliverable, and not a subissue of this issue #31922 (closed)
Testing
Engineer to add applicable unit tests to exercise component functionality
SET to add to end to end test suite, a test and assertion such that security approval rules are displayed on a new project - tracked at gitlab-org/quality/testcases#990 (closed)