Sync approval rules for group policies when transferring a project
What does this MR do and why?
This MR adds a sync of approval rules for inherited group policies when transferring a project. Before this fix, the approval project rules from inherited group policy wouldn't be deleted when project is being transferred outside of the hierarchy. This MR fixes it and also ensures that new group's policy rules (if any) are being created by enqueuing Security::ScanResultPolicies::SyncProjectWorker
.
Recording
How to set up and validate locally
- Create two groups
- Create different policies in each group
- Create a project in one group
- Create MR which violates the policy
- Go to Settings -> General -> Advanced -> Transfer project to the second group
- Observe that MR rules correspond to the policy in the new group and the old rule is not enforced anymore
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #415925 (closed)
Edited by Martin Čavoj