Add toggle for spp_repository_pipeline_access in project settings
What does this MR do and why?
This MR adds a new project setting for Security Policy Projects to enable access for pipeline execution policy configurations to be fetched.
This allows users to run pipelines with PEP even if they don't have access to the repository with pipeline config.
It depends on Add setting for projects to access SPP reposito... (!164918 - merged) and Make the project setting spp_repository_pipelin... (!165190 - merged).
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
| For normal project | For security policy project | Setting locked by the group |
|---|---|---|
 |
|
 |
How to set up and validate locally
- Go to a project in a group, Secure -> Policies and create a new policy
- In the created Security Policy Project, go to Settings -> General
- A new setting should become available
- Make a change to the setting and verify that it gets persisted
- For the group, update the namespace setting and lock it:
Project.find(<project-id>).group.namespace_settings.update!(spp_repository_pipeline_access: true, lock_spp_repository_pipeline_access: true) - Verify that the project setting toggle is disabled
Related to #469439 (closed)
Edited by Martin Čavoj