Skip to content

Commit 0e580be

Browse files
committed
add disable requirements auto matching org setting
Signed-off-by: Sylwester Piskozub <sylwesterpiskozub@gmail.com>
1 parent b6bfb35 commit 0e580be

29 files changed

Lines changed: 349 additions & 32 deletions

app/cli/cmd/organization_update.go

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@ func newOrganizationUpdateCmd() *cobra.Command {
2626
blockOnPolicyViolation bool
2727
policiesAllowedHostnames []string
2828
preventImplicitWorkflowCreation bool
29+
disableRequirementsAutoMatching bool
2930
)
3031

3132
cmd := &cobra.Command{
@@ -45,6 +46,10 @@ func newOrganizationUpdateCmd() *cobra.Command {
4546
opts.PreventImplicitWorkflowCreation = &preventImplicitWorkflowCreation
4647
}
4748

49+
if cmd.Flags().Changed("disable-requirements-auto-matching") {
50+
opts.DisableRequirementsAutoMatching = &disableRequirementsAutoMatching
51+
}
52+
4853
_, err := action.NewOrgUpdate(ActionOpts).Run(cmd.Context(), orgName, opts)
4954
if err != nil {
5055
return err
@@ -62,5 +67,6 @@ func newOrganizationUpdateCmd() *cobra.Command {
6267
cmd.Flags().BoolVar(&blockOnPolicyViolation, "block", false, "set the default policy violation blocking strategy")
6368
cmd.Flags().StringSliceVar(&policiesAllowedHostnames, "policies-allowed-hostnames", []string{}, "set the allowed hostnames for the policy engine")
6469
cmd.Flags().BoolVar(&preventImplicitWorkflowCreation, "prevent-implicit-workflow-creation", false, "prevent workflows and projects from being created implicitly during attestation init")
70+
cmd.Flags().BoolVar(&disableRequirementsAutoMatching, "disable-requirements-auto-matching", false, "disable automatic matching of policies to requirements based on parameters. When enabled, only explicit requirement references are used")
6571
return cmd
6672
}

app/cli/documentation/cli-reference.mdx

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2763,6 +2763,7 @@ Options
27632763

27642764
```
27652765
--block set the default policy violation blocking strategy
2766+
--disable-requirements-auto-matching disable automatic matching of policies to requirements based on parameters. When enabled, only explicit requirement references are used
27662767
-h, --help help for update
27672768
--name string organization name
27682769
--policies-allowed-hostnames strings set the allowed hostnames for the policy engine

app/cli/pkg/action/org_update.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,7 @@ type NewOrgUpdateOpts struct {
3333
BlockOnPolicyViolation *bool
3434
PoliciesAllowedHostnames *[]string
3535
PreventImplicitWorkflowCreation *bool
36+
DisableRequirementsAutoMatching *bool
3637
}
3738

3839
func (action *OrgUpdate) Run(ctx context.Context, name string, opts *NewOrgUpdateOpts) (*OrgItem, error) {
@@ -42,6 +43,7 @@ func (action *OrgUpdate) Run(ctx context.Context, name string, opts *NewOrgUpdat
4243
Name: name,
4344
BlockOnPolicyViolation: opts.BlockOnPolicyViolation,
4445
PreventImplicitWorkflowCreation: opts.PreventImplicitWorkflowCreation,
46+
DisableRequirementsAutoMatching: opts.DisableRequirementsAutoMatching,
4547
}
4648

4749
if opts.PoliciesAllowedHostnames != nil {

app/controlplane/api/controlplane/v1/organization.pb.go

Lines changed: 16 additions & 5 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

app/controlplane/api/controlplane/v1/organization.proto

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -99,6 +99,9 @@ message OrganizationServiceUpdateRequest {
9999

100100
// restrict_contract_creation_to_org_admins restricts contract creation (org-level and project-level) to only organization admins (owner/admin roles)
101101
optional bool restrict_contract_creation_to_org_admins = 6;
102+
103+
// disable_requirements_auto_matching disables automatic matching of policies to requirements
104+
optional bool disable_requirements_auto_matching = 7;
102105
}
103106

104107
message OrganizationServiceUpdateResponse {

app/controlplane/api/controlplane/v1/response_messages.pb.go

Lines changed: 14 additions & 4 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

app/controlplane/api/controlplane/v1/response_messages.proto

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -283,6 +283,8 @@ message OrgItem {
283283
bool prevent_implicit_workflow_creation = 7;
284284
// restrict_contract_creation_to_org_admins restricts contract creation (org-level and project-level) to only organization admins (owner/admin roles)
285285
bool restrict_contract_creation_to_org_admins = 8;
286+
// disable_requirements_auto_matching disables automatic matching of policies to requirements
287+
bool disable_requirements_auto_matching = 9;
286288

287289
enum PolicyViolationBlockingStrategy {
288290
POLICY_VIOLATION_BLOCKING_STRATEGY_UNSPECIFIED = 0;

app/controlplane/api/gen/frontend/controlplane/v1/organization.ts

Lines changed: 22 additions & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

app/controlplane/api/gen/frontend/controlplane/v1/response_messages.ts

Lines changed: 19 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

app/controlplane/api/gen/jsonschema/controlplane.v1.OrgItem.jsonschema.json

Lines changed: 8 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)