Skip to content

Limit the amount of rules per policy to 5

Zamir Martins requested to merge add_limit_for_number_of_rules_per_policy into master

What does this MR do and why?

Limit the amount of rules per policy to 5. Therefore a total of 25 rules per policy project.

Related issue: #349724 (closed) Documentation will be reflected in this MR

Screenshots or screen recordings

These are strongly recommended to assist reviewers and reduce the time to merge your change.

How to set up and validate locally

  1. It requires an orchestration policy as described in https://docs.gitlab.com/ee/user/application_security/policies/#policies.
  2. This yaml can be used as an example (increasing the amount of the rule from 1 to 6 for testing the limit):
---
scan_result_policy:
- name: critical vulnerability CS approvals
  description: critical severity level only for container scanning
  enabled: true
  rules:
  - type: scan_finding
    branches:
    - master
    scanners:
    - container_scanning
    vulnerabilities_allowed: 1
    severity_levels:
    - critical
    vulnerability_states:
    - newly_detected
  actions:
  - type: require_approval
    approvals_required: 1
    user_approvers:
    - o.lecia.conner
  1. Run the background job without having to wait for the cronjob as the following:
project_id = # id of the project in which the orchestration policy has been setup
Project.find(project_id).security_orchestration_policy_configuration.update(configured_at: nil) 
Security::CreateOrchestrationPolicyWorker.new.perform
Project.find(project_id).reload.approval_rules.count # has to be lower than the limit

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Zamir Martins

Merge request reports

Loading