Add graphql query to list policies for compliance framework
What does this MR do and why?
This change adds query to list scan result policies and scan execution policies for a selected compliance framework. We are using lazy aggregation to avoid N+1 queries to gitaly as the policy is loaded from the git repository.
Steps to verify
-
Create a top level group and create a compliance framework -
Create a scan result policy and scan execution policy with policy_scope and add the ID of the compliance framework:
type: scan_result_policy
name: SRP
description: ''
enabled: true
policy_scope:
compliance_frameworks:
- id: 5
rules:
- type: scan_finding
scanners: []
vulnerabilities_allowed: 0
severity_levels: []
vulnerability_states: []
branch_type: protected
actions:
- type: require_approval
approvals_required: 1
group_approvers_ids:
- 22type: scan_execution_policy
name: Scan Execution Policy
description: ''
enabled: true
rules:
- type: pipeline
branches:
- '*'
actions:
- scan: secret_detection-
Go to graphiql explorer and execute the query for the group:
query{
group(fullPath:"compliance-policies") {
complianceFrameworks {
nodes {
scanResultPolicies {
nodes {
name
editPath
roleApprovers
userApprovers {
id
}
allGroupApprovers {
id
}
}
}
scanExecutionPolicies {
nodes {
name
}
}
}
}
}
}Screenshot
query{
group(fullPath:"compliance-policies") {
complianceFrameworks {
nodes {
scanResultPolicies {
nodes {
name
editPath
roleApprovers
userApprovers {
id
}
allGroupApprovers {
id
}
}
}
scanExecutionPolicies {
nodes {
name
}
}
}
}
}
}MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Addresses #428493 (closed)
Edited by Sashi Kumar Kumaresan