FE: Add fallback behavior property to the yaml by default
Why are we doing this work
- a user wants to
Relevant links
Non-functional requirements
-
Documentation: Yes -
Feature flag: merge_request_approval_policies_fallback_behavior
-
Testing: unit and integration
Implementation plan
-
something like the below with the feature flag
diff --git a/ee/app/assets/javascripts/security_orchestration/components/policy_editor/scan_result/lib/from_yaml.js b/ee/app/assets/javascripts/security_orchestration/components/policy_editor/scan_result/lib/from_yaml.js
index 5421acf6dbc1..ae03e9ba2b39 100644
--- a/ee/app/assets/javascripts/security_orchestration/components/policy_editor/scan_result/lib/from_yaml.js
+++ b/ee/app/assets/javascripts/security_orchestration/components/policy_editor/scan_result/lib/from_yaml.js
@@ -35,7 +35,11 @@ export const fromYaml = ({ manifest, validateRuleMode = false }) => {
? MATCH_ON_INCLUSION_LICENSE
: MATCH_ON_INCLUSION;
- const primaryKeys = [...PRIMARY_POLICY_KEYS, ...(hasPolicyScope ? ['policy_scope'] : [])];
+ const primaryKeys = [
+ ...PRIMARY_POLICY_KEYS,
+ 'fallback_behavior',
+ ...(hasPolicyScope ? ['policy_scope'] : []),
+ ];
const rulesKeys = [
'type',
'branches',
diff --git a/ee/app/assets/javascripts/security_orchestration/components/policy_editor/scan_result/lib/index.js b/ee/app/assets/javascripts/security_orchestration/components/policy_editor/scan_result/lib/index.js
index b80e3ff5d308..1d8342d8df9a 100644
--- a/ee/app/assets/javascripts/security_orchestration/components/policy_editor/scan_result/lib/index.js
+++ b/ee/app/assets/javascripts/security_orchestration/components/policy_editor/scan_result/lib/index.js
@@ -22,6 +22,8 @@ actions:
approvals_required: 1
approval_settings:
prevent_pushing_and_force_pushing: true
+fallback_behavior:
+ fail: closed
`;
export const DEFAULT_SCAN_RESULT_POLICY_WITH_SCOPE = `type: approval_policy
Verification steps
- Upload a GitLab Ultimate license
- Navigate to a project => Secure => Policies => New policy => Merge request approval
- Verify the new value is in the yaml
Edited by Alexander Turinske