Make actions optional if approval_settings are provided
Why are we doing this work
It should be possible to create a policy without requiring approvals when we only want to override project approval settings.
After the first MR from BE: Support Project Approval Settings in Securi... (#418752 - closed) is merged, we can make a next step and make actions
optional, as long approval_settings
is provided.
Relevant links
Non-functional requirements
-
Documentation: The change should be reflected in the documentation -
Feature flag: Put the changes behind a feature flag where possible
Implementation plan
e.g.:
-
MR1: backend Modify security_orchestration_policy.json
and require eitheractions
orapproval_settings
:
diff --git a/ee/app/validators/json_schemas/security_orchestration_policy.json b/ee/app/validators/json_schemas/security_orchestration_policy.json
index ac5bdffbb114..368f1bb41308 100644
--- a/ee/app/validators/json_schemas/security_orchestration_policy.json
+++ b/ee/app/validators/json_schemas/security_orchestration_policy.json
@@ -306,11 +306,23 @@
"additionalItems": false,
"items": {
"maxItems": 5,
- "required": [
- "name",
- "enabled",
- "rules",
- "actions"
+ "anyOf": [
+ {
+ "required": [
+ "name",
+ "enabled",
+ "rules",
+ "actions"
+ ]
+ },
+ {
+ "required": [
+ "name",
+ "enabled",
+ "rules",
+ "approval_settings"
+ ]
+ }
],
"type": "object",
"properties": {
diff --git a/ee/app/services/security/security_orchestration_policies/fetch_policy_approvers_service.rb b/ee/app/services/security/security_orchestration_policies/fetch_policy_approvers_service.rb
index 22221343b770..28b6689f40e0 100644
--- a/ee/app/services/security/security_orchestration_policies/fetch_policy_approvers_service.rb
+++ b/ee/app/services/security/security_orchestration_policies/fetch_policy_approvers_service.rb
@@ -31,7 +31,7 @@ def execute
attr_reader :policy, :container, :current_user
def required_approval(policy)
- policy&.fetch(:actions)&.find { |action| action&.fetch(:type) == Security::ScanResultPolicy::REQUIRE_APPROVAL }
+ policy&.dig(:actions)&.find { |action| action&.fetch(:type) == Security::ScanResultPolicy::REQUIRE_APPROVAL }
end
def user_approvers(action)
-
MR 2: frontend Handle possibly undefined
values foractions
in policy drawer
Before | After |
---|---|
Not blank |
diff --git a/ee/app/assets/javascripts/security_orchestration/components/policy_drawer/scan_result/details_drawer.vue b/ee/app/assets/javascripts/security_orchestration/components/policy_drawer/scan_result/details_drawer.vue
index 6c3eca0babbb..cb8d1cace108 100644
--- a/ee/app/assets/javascripts/security_orchestration/components/policy_drawer/scan_result/details_drawer.vue
+++ b/ee/app/assets/javascripts/security_orchestration/components/policy_drawer/scan_result/details_drawer.vue
@@ -35,7 +35,7 @@ export default {
}
},
requireApproval() {
- return this.parsedYaml.actions.find((action) => action.type === 'require_approval');
+ return this.parsedYaml?.actions?.find((action) => action.type === 'require_approval');
},
approvers() {
return [
diff --git a/ee/app/assets/javascripts/security_orchestration/components/policy_drawer/scan_result/policy_approvals.vue b/ee/app/assets/javascripts/security_orchestration/components/policy_drawer/scan_result/policy_approvals.vue
index 1e0e61ca4b3d..a8610ecc6782 100644
--- a/ee/app/assets/javascripts/security_orchestration/components/policy_drawer/scan_result/policy_approvals.vue
+++ b/ee/app/assets/javascripts/security_orchestration/components/policy_drawer/scan_result/policy_approvals.vue
@@ -22,7 +22,8 @@ export default {
props: {
action: {
type: Object,
- required: true,
+ required: false,
+ default: () => ({}),
},
approvers: {
type: Array,
-
MR 3 frontend update scan result policy editor rule mode to have ability to add/remove actions like scan execution policy editor
Before | After |
---|---|
Verification steps
- Create policy without
actions
, includingapproval_settings
- Verify the policy can be saved, loaded in the table and in the policy drawer
- Verify the project override settings of the policy are enforced in MRs
Edited by Alexander Turinske