Add custom_role_approvers to MR approval policies
What does this MR do and why?
This MR adds a migration to add custom_roles
to scan_result_policies
table and updates the service classes to persist it from the security policy.
References
Please include cross links to any resources that are relevant to this MR. This will give reviewers and future readers helpful context to give an efficient review of the changes introduced.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Before | After |
---|---|
How to set up and validate locally
- Create a custom role for the instance following the docs and note the ID of the custom role
- Create a MR approval policy with the ID of custom role in
role_approvers
type: approval_policy
name: Custom Role Approver Policy
description: ''
enabled: true
policy_scope:
projects:
excluding: []
rules:
- type: scan_finding
scanners: []
vulnerabilities_allowed: 0
severity_levels: []
vulnerability_states: []
branch_type: protected
actions:
- type: require_approval
approvals_required: 1
role_approvers:
- developer
- 5
- type: send_bot_message
enabled: true
approval_settings:
block_branch_modification: true
block_group_branch_modification: true
prevent_pushing_and_force_pushing: true
prevent_approval_by_author: true
prevent_approval_by_commit_author: true
remove_approvals_with_new_commit: true
require_password_to_approve: false
fallback_behavior:
fail: closed
- After the policy is created verify that the
Security::ScanResultPolicyRead
hascustom_roles
value populated with the ID:
Security::ScanResultPolicyRead.last.custom_roles
Addresses #457796 (closed)
Edited by Sashi Kumar Kumaresan