Set approval_policy_rule_id for approval rules and license policies
What does this MR do and why?
This MR sets approval_policy_rule_id for approval rules and license policies tables. This is the first step in replacing scan_result_policy_read_id with the new read model.
Currently, we do not store the real policy index from YAML in approval_project_rules & other tables. We take the active policies, check policy scope and store the index from 0. Whereas in security_policies we store both disabled and unscoped policies too, so we need to query security_policies using the real index. This is done in applicable_scan_result_policies_with_real_index
For example, if the policy YAML contains:
approval_policy:
- name: Policy 1
enabled: true
...
- name: Policy 2
enabled: false
...
- name: Policy 3
enabled: true
...
- name: Policy 4
enabled: true
- name: Policy 5
enabled: true
...If Policy 3 scope is applicable to a project, then the policy index in approval_project_rules would be: Policy 1 => 0, Policy 4 => 1, Policy 5 => 2. But in security_policies it will be Policy 1 => 0, Policy 2 => 1, Policy 3 => 2, Policy 4 => 3, Policy 5 => 4.
MR acceptance checklist
How to set up and validate locally
- Enable
security_policies_syncandsecurity_policies_sync_groupfeature flags - Create a project and create
MR approval policyfor the project fromSecure->Policies - After the policy is merged, verify that the
approval_policy_rule_idare set inapproval_project_rulesrows