-
Story
-
Resolution: Done
-
Undefined
-
None
-
3
-
False
-
None
-
False
-
-
ACM-12528 - UI support for standalone Policy deployments
-
-
-
GRC Sprint 2024-16, GRC Sprint 2024-17
-
None
Value Statement
To allow users to leverage a different delivery mechanism for policy templates (e.g. ConfigurationPolicy, Gatekeeper constraint, etc.), the ACM console can leverage search to list all detected policy templates. This also gives a different view for existing users that is helpful.
ACM-12528 has more detail on the market value and general requirements.
See the following Figma mockup for design details, though the wording is expected to change after ACM-13285:
https://www.figma.com/design/vUl9NQhvdwwH2gEyhTpdYz/Sub-Policies?node-id=93-9395&t=28FJUupzo4TyvDhf-0
Note that the search results will not contain all the data needed until ACM-13279 is done. Gatekeeper will be excluded from this for now.
Additional features such as label filtering and column management will come in a future Jira.
Definition of Done for Engineering Story Owner (Checklist)
- Add a "Discovered policies" tab in "Governance"
- This page will have a table aggregated by name and kind for all supported policy template types (except Gatekeeper for now). It will have these columns
- Name - clickable to a table to per cluster results
- Engine
- Kind
- Response action (generic term for remediation action)
- If multiple, it should be in the format of `inform / enforce` like the existing "Policies" table.
- Source
- This matches the same logic as the "Policies" table except that if it's deployed by a "Policy" kind, it should show a link to the parent policy.
- Severity - pick the highest severity if this differs per cluster
- Cluster violations
- The per cluster page that is reachable from the "Name" link will have a "Policy violations" card with a "Policy violations" chart. Below that will have a table with the following columns:
- Cluster - a link to the existing policy template details page for that specific policy
- Response action (generic term for remediation action)
- Violations
- Source
- Severity
- Stretch Goal:
- Verify the user has RBAC to access the root policy before making Source clickable toa policy.
Development Complete
- The code is complete.
- Functionality is working.
- Any required downstream Docker file changes are made.
Tests Automated
- [ ] Unit/function tests have been automated and incorporated into the
build. - [ ] 100% automated unit/function test coverage for new or changed APIs.
Secure Design
- [ ] Security has been assessed and incorporated into your threat model.
Multidisciplinary Teams Readiness
- [ ] Create an informative documentation issue using the Customer
Portal Doc template that you can access from [The Playbook](
and ensure doc acceptance criteria is met.
- Call out this sentence as it's own action:
- [ ] Link the development issue to the doc issue.
Support Readiness
- [ ] The must-gather script has been updated.