Make external control ping optional

Problem to solve

Currently external controls are configured by adding a URL and HMAC secret. The GitLab system will then on a 12 hour basis ping the URL and place the external controls status into pending. The GitLab system will then expect a API request to update the status to either pass or fail.

But it is possible to use GitLab CI to perform checks of a project at the time of the pipeline and update the status of an external control based on the result.

The problem comes from the 12 hour ping that resets the status to pending. This effectively overwrites the status from the last pipeline.

Proposal

Add the option for the 12 hour ping to be stopped for certain external controls

Implementation Plan

Database Schema Changes

File: db/migrate/add_ping_enabled_to_compliance_requirements_controls.rb

class AddPingEnabledToComplianceRequirementsControls < Gitlab::Database::Migration[2.2]
  def change
    add_column :compliance_requirements_controls, :ping_enabled, :boolean, default: true, null: false
  end
end

Model Updates

File: ee/app/models/compliance_management/compliance_framework/compliance_requirements_control.rb

Changes needed:

• Add validation for ping_enabled field
• Add scope for ping-enabled controls
• Update existing validations if needed

Background Job Modification

File: ee/app/workers/compliance_management/project_compliance_evaluator_worker.rb

Changes needed:

• Filter external controls by ping_enabled: true before calling TriggerExternalControlService
• Update the logic in the perform method where external controls are processed

Service Layer Updates

Files to potentially update:

• ee/app/services/compliance_management/compliance_framework/compliance_requirements/create_service.rb
• ee/app/services/compliance_management/compliance_framework/compliance_requirements/update_service.rb
• ee/app/services/compliance_management/compliance_framework/compliance_requirements_controls/create_service.rb

GraphQL Schema Updates

Files to update:

• ee/app/graphql/types/compliance_management/compliance_requirements_control_type.rb
• ee/app/graphql/types/compliance_management/compliance_requirements_control_input_type.rb

Changes:

• Add ping_enabled field to the type
• Add ping_enabled argument to input types
• Update resolvers to handle the new field

REST API Updates (if needed)

The current API (ee/lib/api/compliance_external_controls.rb) only handles status updates, but we may need to add endpoints for CRUD operations on controls that include the ping_enabled field.

UI Components

Files to update: ee/app/assets/javascripts/compliance_dashboard/components/frameworks_report/edit_framework/components/requirement_modal.vue

Related Vue components for external control management. Changes:

• Add toggle switch for ping configuration
• Display ping status in control lists
• Add help text explaining ping behavior

Form Validation

Client-side validation for the new field. Warning messages when disabling ping for existing controls

Backend Tests

Files to update/create:

• ee/spec/models/compliance_management/compliance_framework/compliance_requirements_control_spec.rb
• ee/spec/workers/compliance_management/project_compliance_evaluator_worker_spec.rb
• ee/spec/services/compliance_management/compliance_framework/compliance_requirements_controls/create_service_spec.rb

Frontend Tests

Update existing Vue component tests Add tests for new ping toggle functionality

Documentation

File: doc/api/external_controls.md

Update API documentation if new endpoints are added. Document the ping_enabled field