[Backend] Add ability to create/read/update/delete compliance frameworks
Based on the designs/discussion in this discovery issue and once the dependent issue (#251113 (closed)) has been completed, this issue is to track the development of the Rails controllers to create, edit and assign compliance frameworks to groups.
To do
- Create GraphQL queries to allow the following at the root-group level:
-
List all compliance frameworks for a namespace - !47779 (merged) -
Introduce compliance framework creation service - !47909 (merged) -
Delete compliance labels - !48912 (merged) -
Filter a namespace's list of compliance frameworks by a single ID- Separate issue: #289846 (closed) -
Create group-level compliance labels - !48250 (merged) (In Maintainer Review) -
Ability to update an existing compliance framework - !49157 (merged) -
Assign them to projects(Moved to separate issue)
-
The form for Compliance Framework Labels should have the following fields:
-
Title: [ e.g. HIPAA, SOX, Internal, Tech Risk, otherCustomLabelName ]
- The labels should allow the use of labels that look scoped (use of
::) but should not implement or leverage any scoped label behavior for now.
- The labels should allow the use of labels that look scoped (use of
-
Description: [ e.g. "This label should be applied to projects which are regulated by
HIPAA" ] - Background color:
Out of scope:
- Enforcement / "regulated" toggle
- Force Merge (under workflowsolution validation)
Mockups
| Settings Page | Edit | New |
|---|---|---|
 |
 |
 |
Outstanding questions
-
Root-group level only [Discussion]
Tier
The ability to create/edit/assign custom compliance labels is a GitLab Ultimate feature.
Edited by Matt Gonzales (ex-GitLab)