Yaml preview does not preview yaml
Summary
The "YAML Preview" as presented in the Policy Editor will not work if used as valid YAML. If the preview is copied and pasted into a policy.yml then the resulting policy is invalid and it will not be applied.
Steps to reproduce
- Create a new project
- Add
.gitlab/security-policies - Open the Security Editor on a different project (which does not matter; we are using it for preview purposes)
- Configure a policy
- Copy the presented ".yaml preview"
- Paste it into
.gitlab/security-policies/policy.yml - Use Edit Policy Project to apply your policy to a project
- Policy does not appear in Secure → Policies
Example Project
In this private group:
https://gitlab.com/duncan_harris_ultimate_group/yaml-preview-550427
Project not-yaml is linked to policy project linked-security-policy-project. Navigating to project not-yaml → Secure → Policies shows "New policy" instead of the manually-created policy
What is the current bug behavior?
The .yaml preview appears to produce reasonable YAML, but it's output can't be used since it is not valid.
What is the expected correct behavior?
The YAML preview should generate yaml that will work in a Policy Project or we should indicate that the preview is not intended to be used to generate valid YAML.
Relevant logs and/or screenshots
Test YAML:
type: scan_execution_policy
name: Default scan
description: ''
enabled: true
rules:
- type: pipeline
branch_type: default
actions:
- scan: secret_detection
- scan: sast
- scan: dependency_scanning
template: latest
- scan: sast_iacOutput of checks
Reproduced on: GitLab Enterprise Edition 17.3.0-pre 5315e05d
Possible fixes
- At minimum, let's consider a tooltip to clarify the behavior.
- small/medium effort, needs minimal design and could be implemented soon. Where would this tooltip go?
- I think we need to solve the problem where we can't show the
typeattribute directly.
- small effort, could be implemented immediately to hide the
typeattribute from the user in the policy editor