Validate compliance framework id in security policy
What does this MR do and why?
This MR adds validation to compliance framework ids when a security policy is created with policy_scope
.
Addresses #428491 (closed)
Database
SELECT
COUNT(*)
FROM
"compliance_management_frameworks"
WHERE
"compliance_management_frameworks"."namespace_id" = 148
AND "compliance_management_frameworks"."id" IN (1, 2, 3)
Query Plan
Aggregate (cost=13.92..13.93 rows=1 width=8) (actual time=16.054..16.056 rows=1 loops=1)
Buffers: shared hit=16 read=11
I/O Timings: read=15.784 write=0.000
-> Index Scan using compliance_management_frameworks_pkey on public.compliance_management_frameworks (cost=0.28..13.91 rows=1 width=0) (actual time=7.635..16.031 rows=8 loops=1)
Index Cond: (compliance_management_frameworks.id = ANY ('{3405,3489,3406,4283,3407,3997,3807,4078}'::bigint[]))
Filter: (compliance_management_frameworks.namespace_id = 7490175)
Rows Removed by Filter: 0
Buffers: shared hit=16 read=11
I/O Timings: read=15.784 write=0.000
Time: 17.319 ms
- planning: 1.158 ms
- execution: 16.161 ms
- I/O read: 15.784 ms
- I/O write: 0.000 ms
Shared buffers:
- hits: 16 (~128.00 KiB) from the buffer pool
- reads: 11 (~88.00 KiB) from the OS file cache, including disk I/O
- dirtied: 0
- writes: 0
Screenshots or screen recordings
How to set up and validate locally
-
Create a new top level group and create compliance framework from [Settings -> General -> Compliance Framework] and make note of its ID
-
Create an another top level group and create compliance framework and make note of its ID
-
Create new Policy for the the first top level group [Secure -> Policies -> Create new]
-
Choose YAML-mode in the Policy Editor
-
Add
policy_scope
:... policy_scope: compliance_frameworks: - id:<ID of the other group's compliance framework> ...
-
Verify that the policy cannot be created and an error is returned
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Sashi Kumar Kumaresan