Skip to content

Rebuild MR report approval rules on project access changes

What does this MR do and why?

Scan result policies allow specifying merge request approvers by specifying their username or ID. Currently, when a user is referenced in a policy and only afterwards given project access, merge request approvers are not updated. Hence, the added user is unable to approve merge requests they are listed as approver for.

This MR rectifies this by enqueueing the SyncScanResultPoliciesService on project member changes.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

How to set up and validate locally

  1. Create a new project
  2. Create the following Scan Result Policy for the project:
type: scan_result_policy
name: Test
description: ''
enabled: true
rules:
  - type: scan_finding
    branches: []
    scanners:
      - dependency_scanning
    vulnerabilities_allowed: 0
    severity_levels:
      - critical
      - high
      - medium
      - low
      - unknown
      - info
    vulnerability_states:
      - newly_detected
      - detected
      - confirmed
      - dismissed
      - resolved
actions:
  - type: require_approval
    approvals_required: 1
    user_approvers_ids: [7, 8, 9]
  1. Create a new MR and note that the MR rule lists no members
  2. Invite the one of the users listed in the policy to the project
  3. Verify the user is listed as a rule approver

Related to #359278 (closed)

Edited by Luke Duncalfe

Merge request reports

Loading