Skip to content

fix(policy): inherit parent unmanaged_files when child omits block#1248

Open
abhinavgautam01 wants to merge 3 commits into
microsoft:mainfrom
abhinavgautam01:fix/1198-unmanaged-files-inheritance-transparent-child
Open

fix(policy): inherit parent unmanaged_files when child omits block#1248
abhinavgautam01 wants to merge 3 commits into
microsoft:mainfrom
abhinavgautam01:fix/1198-unmanaged-files-inheritance-transparent-child

Conversation

@abhinavgautam01
Copy link
Copy Markdown

@abhinavgautam01 abhinavgautam01 commented May 10, 2026

Fixes #1198

Description

Child policies that use extends: but leave out unmanaged_files: were parsed as if they had the schema defaults (action / directories), so merge treated them as an explicit ignore posture and org unmanaged_files.action: deny no longer applied in repo-scoped apm audit --policy.
UnmanagedFilesPolicy now uses None for “no opinion” (omitted or empty unmanaged_files), the YAML parser only sets fields when keys are present, and _merge_unmanaged_files returns the parent unchanged when the child is fully transparent—matching how allow-lists use None during inheritance. Downstream checks and diagnostics treat None like permissive/default where appropriate. Regression test covers the org + child repo override scenario from the issue.

Type of change

  • Bug fix
  • New feature
  • Documentation
  • Maintenance / refactor

Testing

  • Tested locally
  • All existing tests pass
  • Added tests for new functionality (if applicable)
    uv run pytest tests/unit/policy/ tests/integration/test_policy_discovery_e2e.py (533 passed, 15 skipped).

@abhinavgautam01
fix(policy): inherit parent unmanaged_files when child omits block
5de2b57 
Omitted or empty unmanaged_files on an extending policy is transparent
(None/None), so org action: deny and directories are not replaced by
defaults that looked like explicit ignore.
Copilot AI review requested due to automatic review settings May 10, 2026 17:03
Copilot AI reviewed May 10, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

@abhinavgautam01 abhinavgautam01 requested a review from Copilot May 12, 2026 04:22
Copilot AI reviewed May 12, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 11 out of 11 changed files in this pull request and generated 3 comments.

Comment thread src/apm_cli/policy/schema.py Outdated
Comment thread src/apm_cli/policy/parser.py Outdated
Comment thread CHANGELOG.md Outdated
@abhinavgautam01
Copy link
Copy Markdown
Author

abhinavgautam01 commented May 12, 2026

ping @danielmeppiel

This was referenced May 12, 2026
Draft
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@danielmeppiel danielmeppiel Awaiting requested review from danielmeppiel danielmeppiel is a code owner

@sergio-sisternes-epam sergio-sisternes-epam Awaiting requested review from sergio-sisternes-epam sergio-sisternes-epam is a code owner

At least 0 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[bug] policy inheritance: child without unmanaged_files block silently downgrades parent's action: deny

2 participants

@abhinavgautam01