Fix deprecated properties method for multiple policies
What does this MR do and why?
Our current version of the deprecated properties method for scan result and approval policies checks all policies stored in the orchestration_policy_configuration
.
If one of the policies contains a deprecated property, all policies from the orchestration_policy_configuration
are considered as deprecated. More context on this thread(internal only).
This MR fixes the deprecated properties method to work with multiple policies.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Before | After |
---|---|
How to set up and validate locally
- Enable the feature flag
echo "Feature.enable(:security_policies_breaking_changes)" | rails c
- Create a new project
- Add a new member to the project with developer access
- Go to Secure > Policies
- Click on New policy
- Select Merge request approval policy
- Change to .yaml mode
- Copy the yaml below:
type: approval_policy
name: 'policy with deprecated properties'
description: ''
enabled: true
actions:
- type: require_approval
approvals_required: 1
role_approvers:
- developer
rules:
- type: license_finding
match_on_inclusion: true
license_types:
- BitTorrent Open Source License v1.0
- BitTorrent Open Source License v1.1
- Mozilla Public License 1.0
- Mozilla Public License 1.1
- Mozilla Public License 2.0
license_states:
- newly_detected
- detected
branch_type: protected
- Click on Configure with a merge request
- Merge the new MR to add the policy
- Go to Secure > Policies again
- Click on New policy
- Select Merge request approval policy
- Change to .yaml mode
- Copy the yaml below:
type: approval_policy
name: 'policy without deprecated properties'
description: ''
enabled: true
actions:
- type: require_approval
approvals_required: 1
role_approvers:
- developer
rules:
- type: scan_finding
scanners:
- sast
vulnerabilities_allowed: 0
severity_levels:
- critical
- high
vulnerability_states:
- new_needs_triage
branch_type: protected
approval_settings:
block_branch_modification: false
prevent_pushing_and_force_pushing: false
- Click on Configure with a merge request
- Merge the new MR to add the policy
- Go to Secure > Policies again and verify that only
policy with deprecated properties
is marked as deprecated
Edited by Marcos Rocha