Update Security Policy GraphQL mutations to work with group-level policies

Why are we doing this work

As part of the implementation for Group-level security policies (&4425 (closed)), we need to update Security Policy GraphQL mutations to be able to work with Group-level policies (via namespaces &6473)

Relevant links

Non-functional requirements

• Documentation:
• Feature flag:
• Performance:
• Testing:

Implementation plan

The following mutations need to be updated:

• backend modify ee/app/graphql/mutations/security_policy/assign_security_policy_project.rb to have argument :namespace_path or argument :full_path (GraphQL::Types::ID, required: true), mark :project_path argument as deprecated (using deprecated: { reason: "", milestone: "" } param), modify resolve method to find namespace instead of project (and fallback to project when namespace is not found), modify assign_project method to accept namespace,

• backend modify ::Security::Orchestration::AssignService (ee/app/services/security/orchestration/assign_service.rb) to accept namespace instead of project,

• backend add ScanExecutionPolicyCommit to ee/app/graphql/ee/types/deprecated_mutations.rb and use ScanPolicyCommit instead in ee/app/graphql/mutations/security_policy/commit_scan_execution_policy.rb (you can also rename the mutation class to CommitScanPolicy),

• backend modify ee/app/graphql/mutations/security_policy/commit_scan_execution_policy.rb to have argument :namespace_path or argument :full_path (GraphQL::Types::ID, required: true), mark :project_path argument as deprecated (using deprecated: { reason: "", milestone: "" } param), modify resolve method to find namespace instead of project (and fallback to project when namespace is not found), modify commit_policy method to accept namespace,

• backend modify ::Security::SecurityOrchestrationPolicies::PolicyCommitService (ee/app/services/security/security_orchestration_policies/policy_commit_service.rb) to accept namespace instead of project,

• backend modify ee/app/graphql/mutations/security_policy/create_security_policy_project.rb to have argument :namespace_path or argument :full_path (GraphQL::Types::ID, required: true), mark :project_path argument as deprecated (using deprecated: { reason: "", milestone: "" } param), modify resolve method to find namespace instead of project (and fallback to project when namespace is not found), modify commit_policy method to accept namespace,

• backend modify ::Security::SecurityOrchestrationPolicies::ProjectCreateService (ee/app/services/security/security_orchestration_policies/project_create_service.rb) to accept namespace instead of project, modify add_members method to support both Project and Namespace to get list of team members to add new policy project; modify create_project_params method to support both namespace and project to prepare params to new Project,

• backend modify ee/app/graphql/mutations/security_policy/unassign_security_policy_project.rb to have argument :namespace_path or argument :full_path (GraphQL::Types::ID, required: true), mark :project_path argument as deprecated (using deprecated: { reason: "", milestone: "" } param), modify resolve method to find namespace instead of project (and fallback to project when namespace is not found), modify assign_project method to accept namespace,

• backend modify ::Security::Orchestration::UnassignService (ee/app/services/security/orchestration/unassign_service.rb) to accept namespace instead of project,

NOTES:

1. Both namespace and project will have has_one: security_orchestration_policy_configuration relationship, so we only need to modify services in ee/app/services/security/security_orchestration_policies to accept namespace instead of project (mainly we need to rename project to namespace (or container), no logic change is needed, this is only to increase readability of these classes)
2. For now (until #337100 (closed) is not merged) we need to support both project and namespace in all migrations/services

All of these share a common implementation (using project_path to find the affected project), so we can update them all at once.

1. Add a new full_path argument, which can be a project or group path (will workspaces have a path?)
2. If it is set, find the namespace by the full_path rather than the project_path