Skip to content

Create GraphQL mutation to create/update/delete a policy

Sashi Kumar Kumaresan requested to merge sk/333383-commit-policy-mutation into master

What does this MR do?

Addresses: #333383 (closed)

This MR introduces a new graphql mutation to create/update/delete a scan policy that is persisted in Scan Policy Project. This feature is still behind a feature flag (security_orchestration_policies_configuration)

Setup Instructions

  1. Clone and create a project from https://gitlab.com/sashi_kumar/security-orchestration-policies
  2. Enable security_orchestration_policies_configuration for the target project for which the scan policies should be enabled for by doing:
Feature.enable(:security_orchestration_policies_configuration, Project.find(<target_project.id>))
  1. Go to Security & Compliance -> Scan Policies for the target project Screenshot_2021-05-26_at_6.41.24_PM
  2. Select the policy project (security-orchestration-policies) that was created in step 1 and click save Screenshot_2021-05-26_at_6.43.27_PM

Mutation Sample

Mutation
mutation createPolicy{
  scanExecutionPolicyCommit(input:{
    projectPath:"root/rails-demo",
    operationMode:REPLACE,
    policyYaml: "name: INVALID\ntype: scan_execution_policy\ndescription: This policy enforces pipeline configuration to have a job with DAST scan\nenabled: true\nrules:\n- type: pipeline\n  branches: \n    - master\nactions:\n- scan: dast\n  scanner_profile: Scanner Profile\n  site_profile: Site Profile"
  }) {
    clientMutationId
    branch
    errors
  }
} 
Response
{
  "data": {
    "scanExecutionPolicyCommit": {
      "clientMutationId": null,
      "branch": "update-policy-1624288106",
      "errors": []
    }
  }
} 

Screenshots (strongly suggested)

Case Screenshot
Append a policy Screenshot_2021-06-21_at_8.28.57_PM
Append a policy with existing name Screenshot_2021-06-21_at_8.29.09_PM
Replace a policy with existing name Screenshot_2021-06-21_at_8.30.24_PM
Replace a policy with new name Screenshot_2021-06-21_at_8.31.17_PM
Remove a policy with existing name Screenshot_2021-06-21_at_8.30.42_PM
Remove a policy with new name Screenshot_2021-06-21_at_8.30.58_PM

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

Does this MR contain changes to processing or storing of credentials or tokens, authorization and authentication methods or other items described in the security review guidelines? If not, then delete this Security section.

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team
Edited by Sashi Kumar Kumaresan

Merge request reports

Loading