Check project policy_configuration ids on syncing compliance framework
What does this MR do and why?
This MR fixes a bug with the policy scope experimental feature where if a compliance framework is linked to multiple policies of different groups, the policies are enforced on MRs of projects that do not inherit the corresponding policy.
flowchart TD
A[Framework A] --> B(Policy A)
A --> C(Policy B)
C --> D(Project A)
B --> E(Project B)
In this case the bug is: MRs in project B have approvals from policy A enforced.
The fix is to check if the security_orchestration_policy_configuration ID is applicable for the project before syncing the approval rules.
Steps to reproduce
- Create two subgroups
- Create policies within the two subgroups that enforce against the same compliance framework label
- Observe that any projects in the group with the label are enforced (when instead the enforcement should filter to only projects within the same subgroup)
Addresses #439911 (closed)
Edited by Sashi Kumar Kumaresan