Skip to content

Migrate existing policy to approval_policy on replace

What does this MR do and why?

This is a follow-up of Support approval_policy as policy type (!142559 - merged) and adds an auto-migration for existing scan_result_policy types when these are updated.

See also !142264 (comment 1742387707) for more context.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

When a policy with type: approval_policy is submitted from frontend, the policy will be migrated in the YAML from scan_result_policy to approval_policy.

note: in the recording, changes from Update scan result policy name (!142264 - merged) were used, otherwise frontend wouldn't load the editor for type=approval_policy.

CleanShot_2024-01-29_at_12.04.42

How to set up and validate locally

  1. Visit Secure -> Policies, create a new Scan Result policy
  2. Use the following YAML:
    type: scan_result_policy
    name: Test
    description: ''
    enabled: true
    rules:
      - type: any_merge_request
        branch_type: protected
        commits: any
      - type: scan_finding
        scanners: []
        vulnerabilities_allowed: 0
        severity_levels: []
        vulnerability_states: []
        branch_type: protected
    actions:
      - type: require_approval
        approvals_required: 1
        role_approvers:
          - developer
  3. Configure with merge request and Merge
  4. Click on the policy and edit it
  5. Go to the .yaml mode and change type to type: approval_policy
  6. Configure with merge request and Merge
  7. Check the MR changes and verify that policy has been migrated to approval_policy type in the YAML

Related to #413783 (closed)

Edited by Martin Čavoj

Merge request reports

Loading