Fix compliance framework graphql query to return correct policies
What does this MR do and why?
This MR fixes a bug with ComplianceFramework
graphql query where it returns all the policies associated with Security::OrchestrationPolicyConfiguration
. The fix is to filter the policies by checking if the framework is present in the policy_scope
section of the YAML.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Before | After |
---|---|
How to set up and validate locally
- Create new group, enable
Security policy scope (Experiment)
inSettings
underPermissions and group features
- Create two compliance frameworks using
Security
->Compliance center
->Frameworks
First Framework
Second Framework
- Create three scan execution policies in group, with following config:
---
scan_execution_policy:
- name: demo-scan-1
description: ''
enabled: true
policy_scope:
compliance_frameworks:
- id: 375
rules:
- type: pipeline
branches:
- "*"
actions:
- scan: secret_detection
- name: demo-scan-2
description: ''
enabled: true
policy_scope:
compliance_frameworks:
- id: 376
rules:
- type: pipeline
branches:
- "*"
actions:
- scan: secret_detection
- name: demo-scan-3
description: ''
enabled: true
policy_scope:
compliance_frameworks: []
rules:
- type: pipeline
branches:
- "*"
actions:
- scan: secret_detection
(replace 375 and 376 with relevant compliance frameworks ids)
Basically it configures following:
-
demo-scan-1
is linked to compliance frameworkFirst Framework
-
demo-scan-2
is linked to compliance frameworkSecond Framework
-
demo-scan-3
is not linked anywhere
Run following graphql query, using graphql-explorer:
{
namespace(fullPath: "compliance-pipelines") {
complianceFrameworks {
nodes {
id
scanExecutionPolicies {
nodes {
name
enabled
}
}
}
}
}
}
Addresses #443816 (closed)
Edited by Sashi Kumar Kumaresan