Skip to content

Add developers and maintainers to security policy project

Sashi Kumar Kumaresan requested to merge sk/336523-add-developers into master

What does this MR do?

Addresses #336523 (closed)

Currently, when creating a security policy project via the GraphQL mutation securityPolicyProjectCreate , only maintainers from the target project are added as developers in the newly created security policy project. As per requirements, developers and maintainers from the target project should be added as developers in the newly created security policy project.

Screenshots or Screencasts (strongly suggested)

Members in target project

Screenshot_2021-08-06_at_1.24.31_PM

Members in policy project

Screenshot_2021-08-06_at_1.25.47_PM

How to setup and validate locally (strongly suggested)

  1. Enable feature flag
    Feature.enable(:security_orchestration_policies_configuration, target_project)
  2. Add developers and maintainers to the target project
  3. In graphql console post this mutation:
     mutation createPolicyProject{
       securityPolicyProjectCreate(input:{
         projectPath: <target_project_path>
       }) {
         project {
           id
           name
           repository {
             rootRef
           }
         }
         errors
       }
     }
  4. Check if the added users are configured as developers in the newly created policy project.

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

Does this MR contain changes to processing or storing of credentials or tokens, authorization and authentication methods or other items described in the security review guidelines? If not, then delete this Security section.

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team
Edited by Sashi Kumar Kumaresan

Merge request reports

Loading