Migrate existing policy to approval_policy on replace
What does this MR do and why?
This is a follow-up of Support approval_policy as policy type (!142559 - merged) and adds an auto-migration for existing scan_result_policy
types when these are updated.
See also !142264 (comment 1742387707) for more context.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
When a policy with type: approval_policy
is submitted from frontend, the policy will be migrated in the YAML from scan_result_policy
to approval_policy
.
note: in the recording, changes from Update scan result policy name (!142264 - merged) were used, otherwise frontend wouldn't load the editor for type=approval_policy
.
CleanShot_2024-01-29_at_12.04.42
How to set up and validate locally
- Visit Secure -> Policies, create a new Scan Result policy
- Use the following YAML:
type: scan_result_policy name: Test description: '' enabled: true rules: - type: any_merge_request branch_type: protected commits: any - type: scan_finding scanners: [] vulnerabilities_allowed: 0 severity_levels: [] vulnerability_states: [] branch_type: protected actions: - type: require_approval approvals_required: 1 role_approvers: - developer
- Configure with merge request and Merge
- Click on the policy and edit it
- Go to the
.yaml mode
and change type totype: approval_policy
- Configure with merge request and Merge
- Check the MR changes and verify that policy has been migrated to
approval_policy
type in the YAML
Related to #413783 (closed)