Skip to content

Fix bug with assignSecurityPolicyProject

Alexander Turinske requested to merge 341420-security-policy-already-exists into master

What does this MR do and why?

Fix bug with assignSecurityPolicyProject

  • Having the check/creation of a new security policy project in the same method as the commit/MR creation was the issue here; the check/creation of a new security policy project needed to be separated out so that if there was a problem with the commit/MR creation, it wouldn't check/create a new security policy project again.
  • now we save the newly created security policy project for future requests so if a user puts in invalid yaml the first time, assignSecurityPolicyProject is called and a security policy project is created. If they fix the yaml and submit it again, assignSecurityPolicyProject is not called again
  • update tests

Changelog: fixed

EE: true

Screenshots or screen recordings

Scenario GIF
Creating a policy with a security policy project assigned create_policy
Creating a policy without a security policy project assigned create_security_policy_project_with_invalid_yaml
Error Screen_Shot_2021-12-16_at_10.54.10

How to set up and validate locally

  1. Protect onboarding
  2. Create scan execution policies using https://gitlab.com/-/snippets/2147628
  3. Follow this patch update_policy_patch.txt using your own scan execution policy
  4. Navigate to Security & Compliance => Policies => New Policy => Create the policy
  5. Navigate to a new project without a security policy project assigned to it and create a policy

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #341420 (closed)

Edited by Alexander Turinske

Merge request reports

Loading