Skip to content

Fix FetchPolicyApproversService for ComplianceFramework

Sashi Kumar Kumaresan requested to merge sk/451711-fix-finder into master

What does this MR do and why?

This change fixes a bug in Security::SecurityOrchestrationPolicies::FetchPolicyApproversService when the container is ComplianceManagement::Framework.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Before After
Screenshot_2024-04-15_at_2.51.11_PM Screenshot_2024-04-15_at_2.53.25_PM

How to set up and validate locally

  • Create a compliance framework for a root group in Settings-> General -> Compliance Frameworks
  • Create a security policy with compliance framework in the scope for the group
  • Disable security_policy_global_group_approvers_enabled settings in rails-console:
Gitlab::CurrentSettings.current_application_settings.update(security_policy_global_group_approvers_enabled: false)
  • Go to graphql-explorer and try the graphql query:
query {
  namespace(fullPath:<path of the group>) {
    complianceFrameworks {
      nodes {
        name
        scanResultPolicies {
          nodes {
            name
            allGroupApprovers {
              fullPath
            }
          }
        }
      } 
    }
  }
}

Merge request reports

Loading