Rebuild MR report approval rules on project access changes
requested to merge 359278-eligible-approvers-not-added-to-mr-approval-rules-in-specific-conditions into master
What does this MR do and why?
Scan result policies allow specifying merge request approvers by specifying their username or ID. Currently, when a user is referenced in a policy and only afterwards given project access, merge request approvers are not updated. Hence, the added user is unable to approve merge requests they are listed as approver for.
This MR rectifies this by enqueueing the SyncScanResultPoliciesService
on project member changes.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
How to set up and validate locally
- Create a new project
- Create the following Scan Result Policy for the project:
type: scan_result_policy
name: Test
description: ''
enabled: true
rules:
- type: scan_finding
branches: []
scanners:
- dependency_scanning
vulnerabilities_allowed: 0
severity_levels:
- critical
- high
- medium
- low
- unknown
- info
vulnerability_states:
- newly_detected
- detected
- confirmed
- dismissed
- resolved
actions:
- type: require_approval
approvals_required: 1
user_approvers_ids: [7, 8, 9]
- Create a new MR and note that the MR rule lists no members
- Invite the one of the users listed in the policy to the project
- Verify the user is listed as a rule approver
Related to #359278 (closed)
Edited by Luke Duncalfe