BE: Update JSON Schema to support branch exceptions
Why are we doing this work
In the scope of this issue, we would like to extend JSON schema for Security Policies to support branch_exceptions
.
The branch_exceptions
field is a newly added, optional field to both scan_execution_policy
and scan_result_policy
items:
{
"branch_exceptions": {
"type": "array",
"minItems": 1,
"uniqueItems": true,
"items": [
{
"type": "string",
"minLength": 1
},
{
"type": "object",
"properties": {
"name": {
"type": "string",
"minLength": 1
},
"full_path": {
"type": "string",
"minLength": 1
}
},
"required": [
"name",
"full_path"
]
}
]
}
}
Relevant links
Non-functional requirements
-
Documentation: no documentation changes are needed until feature flag is enabled by default -
Feature flag: overall feature should be released behind feature flag security_policies_branch_exceptions
, schema changes can be added without considering feature flag -
Performance: -
Testing: - Test if current functionality is working with
branch_exceptions
provided - if you can use UI, it should have no impact on current functionality
- Test if current functionality is working with
Implementation plan
- MR1:
-
backend modify
ee/app/validators/json_schemas/security_orchestration_policy.json
to support new field with criteria provided from above,
-
backend modify
Verification steps
- Create a new Project
- Create a new Scan Result Policy in YAML mode and add
branch_exceptions: ["dev", { full_path: "path/to/project", "name": "main" }]
- Create a new Scan Execution Policy in YAML mode and add
branch_exceptions: ["dev", { full_path: "path/to/project", "name": "main" }]
- Try to create invalid policy with invalid
branch_exceptions
Edited by Alan (Maciej) Paruszewski