Ignore negative index policies and rules for security policies
What does this MR do and why?
This MR fixes a bug from !163942 (merged) where if a policy is marked for deletion, the policy is still included in the diff comparison until the policy is fully deleted. The actual logic of deleting the approval rules is still in development (!163945 (closed)) and this fix is to make sure that we do not include deleted (to be deleted) policies for comparison.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
How to set up and validate locally
- Enable
security_policies_sync
andsecurity_policies_sync_group
feature flags - Create a project and create a security policy for the project from
Secure
->Policies
- After the policy is merged, verify that a row is created in
security_polices
table. - Delete the policy and merge the MR to delete the policy. After the MR is merged, verify that the policy has negative
policy_index
- From
rails c
, triggerSecurity::PersistSecurityPoliciesWorker
again verify that the policy index is still negative
policy = Security::Policy.last
p policy.policy_index
Security::PersistSecurityPoliciesWorker.new.perform(policy.security_orchestration_policy_configuration_id)
Edited by Sashi Kumar Kumaresan