Migrate security policy models and workers to ProjectNamespace
Why are we doing this work
In order to facilitate future work to implement Group &4425 (closed) and Workspace-level &6881 security policies, we need to migrate the security policy objects to be related to a namespace rather than a project (see &6473 for more details).
Relevant links
Non-functional requirements
- [-] Documentation:
- [-] Feature flag:
- [-] Performance:
-
Testing: modify tests for updated classes/modules to include specs for new relationship,
Implementation plan
The following classes need to be updated:
-
backend extend ee/app/models/security/orchestration_policy_configuration.rb
withbelongs_to :namespace, foreign_key: :namespace_id, optional: true
, modifybelongs_to :project
relationship to be optional and add validation rule to check that eithergroup
orproject
is provided, -
database prepare background migration forsecurity_orchestration_policy_configurations
table to populate namespace_id column withproject.project_namespace_id
data, -
database add namespace_id
column tosecurity_orchestration_policy_configurations
table, -
backend modify #applicable_branches
method inee/app/models/security/orchestration_policy_rule_schedule.rb
to supportproject
argument (default:security_orchestration_policy_configuration.project
), -
backend add new scope with_configuration_and_group_projects
inee/app/models/security/orchestration_policy_rule_schedule.rb
to groups with projects, -
backend extend perform
method inee/app/workers/security/orchestration_policy_rule_schedule_worker.rb
to run schedule for all projects within the group that is associated with selectedsecurity_policy_management_project
,
Edited by Alan (Maciej) Paruszewski