Skip to content

Perform job with delay for scan result policies approval rules sync

Bala Kumar requested to merge 409047-invalid-foreign-key into master

What does this MR do and why?

Invoke SyncScanResultPoliciesProjectService with a delay of 1 minute when a protected branch is created or destroyed.

See related context discussion: #409047 (comment 1372222803)

We query for protected branches in Security::SecurityOrchestrationPolicies::ProcessScanResultPolicyService and do try to persist in ApprovalRules::Updater

After rollout we should observed these errors https://log.gprd.gitlab.net/goto/36960640-043a-11ee-8afc-c9851e4645c0

How to set up and validate locally

  1. Create a Simple scan result policy like
scan_result_policy:
- name: License Policy 1
  description: ''
  enabled: true
  actions:
  - type: require_approval
    approvals_required: 1
    users_approvers_ids:
    - 1
  rules:
  - type: license_finding
    branches: []
    match_on_inclusion: true
    license_types:
    - GNU General Public License v3.0 or later
    license_states:
    - newly_detected
  1. Create a new protected branch which invokes Security::ProcessScanResultPolicyWorker and we should observe the job invocation for ProcessScanResultPolicyWorker happens after a minute in log/Sidekiq.log.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #409047 (closed)

Edited by Bala Kumar

Merge request reports

Loading