diff --git a/ee/app/assets/javascripts/security_orchestration/components/policy_editor/scan_execution/lib/from_yaml.js b/ee/app/assets/javascripts/security_orchestration/components/policy_editor/scan_execution/lib/from_yaml.js
index 9d226d9643b7950e45750dd9330bdc8a18e6b2c1..2a4f53ae827ac9047736c71fdb616e2f86701b73 100644
--- a/ee/app/assets/javascripts/security_orchestration/components/policy_editor/scan_execution/lib/from_yaml.js
+++ b/ee/app/assets/javascripts/security_orchestration/components/policy_editor/scan_execution/lib/from_yaml.js
@@ -77,13 +77,14 @@ export const fromYaml = ({ manifest, validateRuleMode = false }) => {
actionsKeys.push('ci_configuration');
}
+ const hasPolicyScope =
+ gon?.features?.securityPoliciesPolicyScope ||
+ gon?.features?.securityPoliciesPolicyScopeProject;
+
/**
* Can be removed after ff is enabled
*/
- const primaryKeys = PRIMARY_POLICY_KEYS;
- if (gon?.features?.securityPoliciesPolicyScope) {
- primaryKeys.push('policy_scope');
- }
+ const primaryKeys = [...PRIMARY_POLICY_KEYS, ...(hasPolicyScope ? ['policy_scope'] : [])];
return isValidPolicy({ policy, primaryKeys, rulesKeys, actionsKeys }) &&
!hasInvalidCron(policy) &&
diff --git a/ee/app/assets/javascripts/security_orchestration/components/policy_editor/scan_result/lib/from_yaml.js b/ee/app/assets/javascripts/security_orchestration/components/policy_editor/scan_result/lib/from_yaml.js
index 38594ccb04ddc82c449e6ba00484dfaddb7efbdb..1060408a81eba8b314dd54e3783713764645d03c 100644
--- a/ee/app/assets/javascripts/security_orchestration/components/policy_editor/scan_result/lib/from_yaml.js
+++ b/ee/app/assets/javascripts/security_orchestration/components/policy_editor/scan_result/lib/from_yaml.js
@@ -24,10 +24,11 @@ export const fromYaml = ({ manifest, validateRuleMode = false }) => {
* the UI for new attributes may not be available.
*/
- const primaryKeys = [
- ...PRIMARY_POLICY_KEYS,
- ...(gon?.features?.securityPoliciesPolicyScope ? ['policy_scope'] : []),
- ];
+ const hasPolicyScope =
+ gon?.features?.securityPoliciesPolicyScope ||
+ gon?.features?.securityPoliciesPolicyScopeProject;
+
+ const primaryKeys = [...PRIMARY_POLICY_KEYS, ...(hasPolicyScope ? ['policy_scope'] : [])];
const rulesKeys = [
'type',
'branches',
diff --git a/ee/app/assets/javascripts/security_orchestration/graphql/queries/get_spp_linked_projects_namespaces.graphql b/ee/app/assets/javascripts/security_orchestration/graphql/queries/get_spp_linked_projects_namespaces.graphql
new file mode 100644
index 0000000000000000000000000000000000000000..3566a1d3b4b7f3431fb20f093ce57f6da52405ce
--- /dev/null
+++ b/ee/app/assets/javascripts/security_orchestration/graphql/queries/get_spp_linked_projects_namespaces.graphql
@@ -0,0 +1,17 @@
+query getSppLinkedProjectsNamespaces($fullPath: ID!) {
+ project(fullPath: $fullPath) {
+ id
+ securityPolicyProjectLinkedProjects {
+ nodes {
+ id
+ name
+ }
+ }
+ securityPolicyProjectLinkedNamespaces {
+ nodes {
+ id
+ name
+ }
+ }
+ }
+}
diff --git a/ee/spec/frontend/security_orchestration/components/policy_editor/scan_execution/lib/from_yaml_spec.js b/ee/spec/frontend/security_orchestration/components/policy_editor/scan_execution/lib/from_yaml_spec.js
index c29c0ce25d594c007a102b987b0f74f6fe88fd35..ba1637cc261fa6c29eeeda9e4dea9563943675e9 100644
--- a/ee/spec/frontend/security_orchestration/components/policy_editor/scan_execution/lib/from_yaml_spec.js
+++ b/ee/spec/frontend/security_orchestration/components/policy_editor/scan_execution/lib/from_yaml_spec.js
@@ -34,6 +34,8 @@ describe('fromYaml', () => {
${'returns the policy object for branch exceptions'} | ${{ manifest: mockBranchExceptionsExecutionManifest, validateRuleMode: true }} | ${mockBranchExceptionsScanExecutionObject} | ${{}}
${'returns the policy object for project scope with disabled ff'} | ${{ manifest: mockPolicyScopeExecutionManifest, validateRuleMode: true }} | ${{ error: true }} | ${{ securityPoliciesPolicyScope: false }}
${'returns the policy object for project scope with enabled ff'} | ${{ manifest: mockPolicyScopeExecutionManifest, validateRuleMode: true }} | ${mockPolicyScopeScanExecutionObject} | ${{ securityPoliciesPolicyScope: true }}
+ ${'returns the policy object for project scope with disabled ff for project'} | ${{ manifest: mockPolicyScopeExecutionManifest, validateRuleMode: true }} | ${{ error: true }} | ${{ securityPoliciesPolicyScopeProject: false }}
+ ${'returns the policy object for project scope with enabled ff for project'} | ${{ manifest: mockPolicyScopeExecutionManifest, validateRuleMode: true }} | ${mockPolicyScopeScanExecutionObject} | ${{ securityPoliciesPolicyScopeProject: true }}
${'returns the policy object for custom code block with file path with enabled ff'} | ${{ manifest: mockCodeBlockFilePathScanExecutionManifest, validateRuleMode: true }} | ${mockCodeBlockFilePathScanExecutionObject} | ${{ compliancePipelineInPolicies: true }}
${'returns the policy object for custom code block with file path with disabled ff'} | ${{ manifest: mockCodeBlockFilePathScanExecutionManifest, validateRuleMode: true }} | ${{ error: true }} | ${{ compliancePipelineInPolicies: false }}
`('$title', ({ input, output, features }) => {
diff --git a/ee/spec/frontend/security_orchestration/components/policy_editor/scan_result/lib/from_yaml_spec.js b/ee/spec/frontend/security_orchestration/components/policy_editor/scan_result/lib/from_yaml_spec.js
index 0000c25ffc27e69ce9f1c18ebddff5bb0059e2f3..3b50d45cbd2ac5d7d338899bf59835d3a84b58bb 100644
--- a/ee/spec/frontend/security_orchestration/components/policy_editor/scan_result/lib/from_yaml_spec.js
+++ b/ee/spec/frontend/security_orchestration/components/policy_editor/scan_result/lib/from_yaml_spec.js
@@ -89,6 +89,7 @@ describe('createPolicyObject', () => {
${'returns the policy object for a manifest with `approval_settings` with the `scanResultPoliciesBlockUnprotectingBranches` feature flag on'} | ${{ scanResultPoliciesBlockUnprotectingBranches: true }} | ${mockApprovalSettingsScanResultManifest} | ${{ policy: mockApprovalSettingsScanResultObject, hasParsingError: false }}
${'returns the policy object for a manifest with `approval_settings` containing permitted invalid settings and the `scanResultPoliciesBlockUnprotectingBranches` feature flag on'} | ${{ scanResultPoliciesBlockUnprotectingBranches: true }} | ${mockApprovalSettingsPermittedInvalidScanResultManifest} | ${{ policy: mockApprovalSettingsPermittedInvalidScanResultObject, hasParsingError: false }}
${'returns the policy object for a manifest with `policy_scope` feature flag on'} | ${{ securityPoliciesPolicyScope: true }} | ${mockPolicyScopeScanResultManifest} | ${{ policy: mockPolicyScopeScanResultObject, hasParsingError: false }}
+ ${'returns the policy object for a manifest with `policy_scope` feature flag on for project'} | ${{ securityPoliciesPolicyScopeProject: true }} | ${mockPolicyScopeScanResultManifest} | ${{ policy: mockPolicyScopeScanResultObject, hasParsingError: false }}
${'returns the error object for a manifest with `approval_settings` containing permitted invalid settings and the `scanResultPoliciesBlockUnprotectingBranches` feature flag off'} | ${{}} | ${mockApprovalSettingsPermittedInvalidScanResultManifest} | ${{ policy: mockApprovalSettingsPermittedInvalidScanResultObject, hasParsingError: false }}
${'returns the policy object for a manifest with `approval_settings` with all feature flags off'} | ${{}} | ${mockApprovalSettingsScanResultManifest} | ${{ policy: mockApprovalSettingsScanResultObject, hasParsingError: false }}
${'returns the error object for a manifest with `policy_scope` feature flag off'} | ${{}} | ${mockPolicyScopeScanResultManifest} | ${{ policy: { error: true }, hasParsingError: true }}