Update scan policies related approval rules and rule schedules
What does this MR do and why?
Update scan result and execution policies related approval rules as part of the post merge hook.
Shared code is also extracted from the existing worker.
Related issues: #357298 (closed), #360291 (closed) and #360293 (closed)
How to set up and validate locally
- Create a policy management project
- Create a scan result policy.
- Merge the MR
Expected: for the projects linked to the security project to have their respective approval rules. It can be checked with the following:
> Project.find(<PROJECT_ID>).approval_rules.scan_finding
- Create a scan execution policy with scheduled job.
- Merge the MR.
Expected: for the projects linked to the security project to have their respective schedule jobs. It can be checked with the following:
> Project.find(<PROJECT_ID>).security_orchestration_policy_configuration.rule_schedules
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Zamir Martins