Merge branch '340505-fix-editing-network-policies' into 'master'

Fix editing network policies without policy management project

See merge request gitlab-org/gitlab!70171

ee/app/services/security/security_orchestration_policies/policy_configuration_validation_service.rb

@@ -14,20 +14,24 @@ module Security
       def execute
         return error_response(_('type parameter is missing and is required'), :parameter) unless @type
         return error_response(_('Invalid policy type'), :parameter) unless valid_type?
-        return error_response(_('environment_id parameter is required when type is container_policy'), :parameter) if container_policy? && !@environment_id
-        return error_response(_('Project does not have a policy configuration'), :policy_configuration) if policy_configuration.nil?
-
-        unless policy_configuration.policy_configuration_exists?
-          return error_response(
-            _("Policy management project does have any policies in %{policy_path}" % {
-              policy_path: ::Security::OrchestrationPolicyConfiguration::POLICY_PATH
-            }),
-            :policy_project
-          )
-        end
 
-        unless policy_configuration.policy_configuration_valid?
-          return error_response(_('Could not fetch policy because existing policy YAML is invalid'), :policy_yaml)
+        if container_policy?
+          return error_response(_('environment_id parameter is required when type is container_policy'), :parameter) unless @environment_id
+        else
+          return error_response(_('Project does not have a policy configuration'), :policy_configuration) if policy_configuration.nil?
+
+          unless policy_configuration.policy_configuration_exists?
+            return error_response(
+              _("Policy management project does have any policies in %{policy_path}" % {
+                policy_path: ::Security::OrchestrationPolicyConfiguration::POLICY_PATH
+              }),
+              :policy_project
+            )
+          end
+
+          unless policy_configuration.policy_configuration_valid?
+            return error_response(_('Could not fetch policy because existing policy YAML is invalid'), :policy_yaml)
+          end
         end
 
         success

ee/spec/services/security/security_orchestration_policies/policy_configuration_validation_service_spec.rb

@@ -92,6 +92,30 @@ RSpec.describe Security::SecurityOrchestrationPolicies::PolicyConfigurationValid
           expect(response[:invalid_component]).to eq(:parameter)
         end
       end
+
+      context 'when environment_id is provided' do
+        let(:environment_id) { 123 }
+
+        context 'when security_orchestration_policies_configuration is missing' do
+          let(:policy_configuration) { nil }
+
+          it 'ignores policy configuration errors and returns success' do
+            response = service.execute
+
+            expect(response[:status]).to eq(:success)
+          end
+        end
+
+        context 'when security_orchestration_policies_configuration is invalid' do
+          let(:policy_blob) { { scan_execution_policy: 'invalid' }.to_yaml }
+
+          it 'ignores policy configuration errors and returns success' do
+            response = service.execute
+
+            expect(response[:status]).to eq(:success)
+          end
+        end
+      end
     end
 
     context 'when policy.yml is empty' do