[go: up one dir, main page]
Skip to content

Gate scan result policy rules by license

Imam Hossainrequested to merge
431229-existing-security-policies-are-accessible-in-premium-plans into master

What does this MR do and why?

Scan result policy approval rules should only be applied if the security_orchestration_policies feature is licensed. This change adds a check to prevent synchronization of these rules when the feature is not available, ensuring correct feature gating. Specs are updated to cover this licensing scenario.

References

This is part 1 of fixing #431229

In part 2 of the MR, we will create a cron job to automatically unlink security orchestration policies when the license becomes unavailable, after a buffer period.

Screenshots or screen recordings

Before After

How to set up and validate locally

  1. Simulate SAAS instance https://docs.gitlab.com/development/ee_features/#simulate-a-saas-instance
  2. Enable Allow use of licensed EE features and assign Ultimate plan to the test group following the steps mentioned here
  3. Create a project and setup security policies for the project
  4. Create a test MR and see the approval rules are being created and enforced
  5. Update the group plan to "Premium"
  6. Create a new MR in the project
  7. Verify the security policy approval rules are not created/enforced for the new MR

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #431229

Edited by Imam Hossain

Merge request reports