Skip to content

Update license scanning widget with license approval policies

What does this MR do and why?

Addresses #385608 (closed)

This change updates the license compliance MR widget and pipeline license tab to consider license approval policies based on these conditions:

  • Licenses should be marked as Denied if any one of the policies (either License Approval or license-check does not allow that license).
  • Licenses should be marked as Approved only if both of the following conditions are met:
    • they are not already marked as Denied
    • they are explicitly marked as Approved in the License Compliance -> Policies page OR they are part of a License Approval policy where they are specifically named in an except clause
    • image
  • All other licenses should be marked as Uncategorized only if they do not meet the criteria for either Approved or Denied

If a license policy has except clause for a license type, it means that any license that is not of given type would require approval. It also sets match_on_inclusion to false in DB (scan_result_policies table).

Database Queries

SELECT
    1 AS one 
FROM
    "software_license_policies" 
INNER JOIN
    "scan_result_policies" "scan_result_policy_read" 
        ON "scan_result_policy_read"."id" = "software_license_policies"."scan_result_policy_id" 
LEFT OUTER JOIN
    "software_licenses" 
        ON "software_licenses"."id" = "software_license_policies"."software_license_id" 
WHERE
    "software_license_policies"."project_id" = 43774395 
    AND "scan_result_policy_read"."match_on_inclusion" = FALSE LIMIT 1

Plan: console.postgre.ai

 Limit  (cost=1.85..6.14 rows=1 width=4) (actual time=3.845..3.848 rows=1 loops=1)
   Buffers: shared hit=5 read=3 dirtied=1
   I/O Timings: read=2.603 write=0.000
   ->  Hash Join  (cost=1.85..6.14 rows=1 width=4) (actual time=3.843..3.845 rows=1 loops=1)
         Hash Cond: (scan_result_policy_read.id = software_license_policies.scan_result_policy_id)
         Buffers: shared hit=5 read=3 dirtied=1
         I/O Timings: read=2.603 write=0.000
         ->  Seq Scan on public.scan_result_policies scan_result_policy_read  (cost=0.00..4.23 rows=11 width=8) (actual time=1.099..1.105 rows=9 loops=1)
               Filter: (NOT scan_result_policy_read.match_on_inclusion)
               Rows Removed by Filter: 9
               Buffers: shared hit=1 dirtied=1
               I/O Timings: read=0.000 write=0.000
         ->  Hash  (cost=1.82..1.82 rows=2 width=12) (actual time=2.671..2.671 rows=4 loops=1)
               Buckets: 1024  Batches: 1  Memory Usage: 9kB
               Buffers: shared hit=1 read=3
               I/O Timings: read=2.603 write=0.000
               ->  Index Only Scan using idx_software_license_policies_unique_on_project_and_scan_policy on public.software_license_policies  (cost=0.29..1.82 rows=2 width=12) (actual time=2.655..2.658 rows=4 loops=1)
                     Index Cond: (software_license_policies.project_id = 43774395)
                     Heap Fetches: 4
                     Buffers: shared hit=1 read=3
                     I/O Timings: read=2.603 write=0.000

Time: 5.608 ms
  - planning: 1.577 ms
  - execution: 4.031 ms
    - I/O read: 2.603 ms
    - I/O write: 0.000 ms

Shared buffers:
  - hits: 5 (~40.00 KiB) from the buffer pool
  - reads: 3 (~24.00 KiB) from the OS file cache, including disk I/O
  - dirtied: 1 (~8.00 KiB)
  - writes: 0

Screenshots or screen recordings

There is a list of test-cases created for the epic in &8092 (comment 1278192815) and its status for approvals in #385606 (comment 1289749704). Those test cases are run against the changes in this MR.These are the MR widget and pipeline tab changes for those cases:

MR Widget (before) MR Widget (after) Pipeline tab (before) Pipeline tab (after)
Screenshot_2023-03-07_at_11.10.25_AM Screenshot_2023-03-07_at_11.10.55_AM Screenshot_2023-03-07_at_11.59.13_AM Screenshot_2023-03-07_at_11.59.18_AM
Screenshot_2023-03-07_at_11.55.20_AM Screenshot_2023-03-07_at_11.55.29_AM Screenshot_2023-03-07_at_11.58.18_AM Screenshot_2023-03-07_at_11.58.28_AM
Screenshot_2023-03-07_at_1.48.32_PM Screenshot_2023-03-07_at_1.48.25_PM Screenshot_2023-03-07_at_11.57.33_AM Screenshot_2023-03-07_at_11.57.43_AM
Screenshot_2023-03-07_at_1.28.46_PM Screenshot_2023-03-07_at_1.28.53_PM Screenshot_2023-03-07_at_1.29.15_PM Screenshot_2023-03-07_at_1.29.11_PM

How to set up and validate locally

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Sashi Kumar Kumaresan

Merge request reports

Loading