Skip to content
Snippets Groups Projects

Add admin compliance framework custom permission

Merged Jarka Košanová requested to merge 411502-compliance-framework-custom-ab into master
All threads resolved!

What does this MR do and why?

It adds a new custom permission, admin compliance framework.

  • it adds a custom ability YAML file created by running ./ee/bin/custom-ability -d "Allows admin of compliance framework." -c compliance_management -p -i "#411502" admin_compliance_framework
  • the migration was generated by running rails g gitlab:custom_roles:code --ability admin_compliance_framework
  • the documentation was generated by running bundle exec rake gitlab:custom_roles:compile_docs

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

  1. Log in with a user who has a guest role in a group
  2. Make sure you can't access compliance-related views / endpoints (see below)
  3. Create a new custom permission enabling managing admin compliance framework - on self-managed in the admin UI (http://gdk.test:3000/admin/application_settings/roles_and_permissions), on SaaS in the group settings (eg. http://gdk.test:3000/groups/flightjs/-/settings/roles_and_permissions)
  4. Assign this custom role to the guest user (on group members page, eg. http://gdk.test:3000/groups/flightjs/-/group_members)
  5. Now test the compliance-related views / endpoints again, they now should be accessible and work as expected

Compliance-related views & endpoints

Group

  • Menu item Settings - General should be accessible
  • Only section Compliance frameworks should be visible there
  • And it should be possible to view, edit, and add compliance frameworks

Project

  • Menu item Settings - General should be accessible
  • Only section Compliance framework should be visible there
  • And it should be possible to change the project compliance framework
  • GraphQL mutation, example:
mutation {
  projectSetComplianceFramework(input: { 
    projectId: "gid://gitlab/Project/7",
    complianceFrameworkId: "gid://gitlab/ComplianceManagement::Framework/4"
  }) {
    project {
      id
    }
  }
}

Related to #411502 (closed)

Edited by Jarka Košanová

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • changed milestone to %16.11

  • Jarka Košanová added 994 commits

    added 994 commits

    Compare with previous version

  • added 1 commit

    • 4a178406 - Add admin admin compliance framework as custom ability

    Compare with previous version

  • added 1 commit

    • 92789a2a - Add admin admin compliance framework as custom ability

    Compare with previous version

  • Database migrations (on the main database)

    Migrations included in this change have been executed on gitlab.com data for testing purposes. For details, please see the migration testing pipeline (limited access).

    Migration Type Total runtime Result DB size change
    20240110165214 - AddAdminComplianceFrameworkToMemberRoles Regular 2.0 s :white_check_mark: +8.00 KiB [note]
    Runtime Histogram for all migrations
    Query Runtime Count
    0 seconds - 0.01 seconds 0
    0.01 seconds - 0.1 seconds 5
    0.1 seconds - 1 second 0
    1 second - 5 seconds 0
    5 seconds - 15 seconds 0
    15 seconds - 5 minutes 0
    5 minutes + 0

    Migration: 20240110165214 - AddAdminComplianceFrameworkToMemberRoles

    • Type: Regular
    • Duration: 2.0 s
    • Database size change: +8.00 KiB [note]
    Calls Total Time Max Time Mean Time Rows Query
    1 6.8 ms 6.8 ms 6.8 ms 0
    ALTER TABLE "member_roles" ADD "admin_compliance_framework" boolean DEFAULT FALSE NOT NULL
    1 4.4 ms 4.4 ms 4.4 ms 1
    SELECT "feature_gates"."key", "feature_gates"."value"  FROM "feature_gates"  WHERE "feature_gates"."feature_key" = $1
    1 0.0 ms 0.0 ms 0.0 ms 1
    SELECT $1::regtype::oid
    2 0.0 ms 0.0 ms 0.0 ms 2
    SELECT pg_backend_pid()
    Histogram for AddAdminComplianceFrameworkToMemberRoles
    Query Runtime Count
    0 seconds - 0.01 seconds 0
    0.01 seconds - 0.1 seconds 5
    0.1 seconds - 1 second 0
    1 second - 5 seconds 0
    5 seconds - 15 seconds 0
    15 seconds - 5 minutes 0
    5 minutes + 0

    Other information

    Other migrations pending on GitLab.com
    Migration Type Total runtime Result DB size change
    20240221145450 - CreateAuditEventsInstanceStreamingEventTypeFilters Regular 1.7 s :white_check_mark: +40.00 KiB
    20240319132847 - AddIndexOnZoektIndicesStateAndId Regular 2.5 s :warning: +200.00 KiB
    20240306030118 - DropIndexEnvironmentsForNameSearchWithinFolder Post deploy 2.3 s :white_check_mark: -1007.18 MiB
    20240318011341 - ValidateForeignKeyForCommitIdBetweenPCiBuildsAndCiPipelines Post deploy 2.7 s :warning: +0.00 B
    20240318150930 - FinalizeBackfillOnboardingStatusStepUrl Post deploy 1.8 s :white_check_mark: +0.00 B
    20240318180554 - DropPromoteUltimateFeaturesAtColumn Post deploy 1.5 s :white_check_mark: +0.00 B
    Clone details
    Clone ID Clone Created At Clone Data Timestamp Expected Removal Time
    database-testing-3017637-13248178-main 2024-03-21T16:12:02Z 2024-03-20T14:05:52Z 2024-03-22 04:16:55 +0000
    database-testing-3017637-13248178-ci 2024-03-21T16:12:02Z 2024-03-21T12:44:58Z 2024-03-22 04:16:55 +0000

    Job artifacts

    Database migrations (on the ci database)

    Migrations included in this change have been executed on gitlab.com data for testing purposes. For details, please see the migration testing pipeline (limited access).

    Migration Type Total runtime Result DB size change
    20240110165214 - AddAdminComplianceFrameworkToMemberRoles Regular 2.9 s :white_check_mark: +0.00 B
    Runtime Histogram for all migrations
    Query Runtime Count
    0 seconds - 0.01 seconds 0
    0.01 seconds - 0.1 seconds 4
    0.1 seconds - 1 second 0
    1 second - 5 seconds 0
    5 seconds - 15 seconds 0
    15 seconds - 5 minutes 0
    5 minutes + 0

    Migration: 20240110165214 - AddAdminComplianceFrameworkToMemberRoles

    • Type: Regular
    • Duration: 2.9 s
    • Database size change: +0.00 B
    Calls Total Time Max Time Mean Time Rows Query
    1 57.4 ms 57.4 ms 57.4 ms 0
    ALTER TABLE "member_roles" ADD "admin_compliance_framework" boolean DEFAULT FALSE NOT NULL
    2 0.0 ms 0.0 ms 0.0 ms 2
    SELECT pg_backend_pid()
    1 0.0 ms 0.0 ms 0.0 ms 1
    SELECT $1::regtype::oid
    Histogram for AddAdminComplianceFrameworkToMemberRoles
    Query Runtime Count
    0 seconds - 0.01 seconds 0
    0.01 seconds - 0.1 seconds 4
    0.1 seconds - 1 second 0
    1 second - 5 seconds 0
    5 seconds - 15 seconds 0
    15 seconds - 5 minutes 0
    5 minutes + 0

    Other information

    Other migrations pending on GitLab.com
    Migration Type Total runtime Result DB size change
    20240306030118 - DropIndexEnvironmentsForNameSearchWithinFolder Post deploy 3.6 s :white_check_mark: -8.00 KiB
    20240318011341 - ValidateForeignKeyForCommitIdBetweenPCiBuildsAndCiPipelines Post deploy 5.3 s :warning: +0.00 B
    20240318150930 - FinalizeBackfillOnboardingStatusStepUrl Post deploy 2.3 s :white_check_mark: +0.00 B
    20240318180554 - DropPromoteUltimateFeaturesAtColumn Post deploy 2.5 s :white_check_mark: +0.00 B
    Clone details
    Clone ID Clone Created At Clone Data Timestamp Expected Removal Time
    database-testing-3017637-13248178-main 2024-03-21T16:12:02Z 2024-03-20T14:05:52Z 2024-03-22 04:16:55 +0000
    database-testing-3017637-13248178-ci 2024-03-21T16:12:02Z 2024-03-21T12:44:58Z 2024-03-22 04:16:55 +0000

    Job artifacts


    Brought to you by gitlab-org/database-team/gitlab-com-database-testing. Epic

  • added 1 commit

    • 8b1768c0 - Add admin admin compliance framework as custom ability

    Compare with previous version

  • added 1 commit

    • 314c2510 - Add admin admin compliance framework as custom ability

    Compare with previous version

  • added 1 commit

    • 3a8afc79 - Add admin admin compliance framework as custom ability

    Compare with previous version

  • Jarka Košanová changed the description

    changed the description

  • added 1 commit

    • 2aaacc36 - Add admin admin compliance framework as custom ability

    Compare with previous version

  • Jarka Košanová resolved all threads

    resolved all threads

  • requested review from @alexbuijs, @bdenkovych, and @nradina

  • Alex Buijs
  • Alex Buijs
  • Alex Buijs
  • Alex Buijs
  • Alex Buijs removed review request for @alexbuijs

    removed review request for @alexbuijs

  • Alex Buijs
  • Nataliia Radina
  • Hi, @jarka ! Thank you for working on this. I left one small comment, please let me know what you think.

  • Bogdan Denkovych removed review request for @bdenkovych

    removed review request for @bdenkovych

  • Jarka Košanová added 945 commits

    added 945 commits

    Compare with previous version

  • added 1 commit

    • 92dc2680 - Add admin admin compliance framework as custom ability

    Compare with previous version

  • Jarka Košanová requested review from @nradina

    requested review from @nradina

  • requested review from @alexbuijs

  • Nataliia Radina approved this merge request

    approved this merge request

  • Nataliia Radina requested review from @zcuddy

    requested review from @zcuddy

  • Alex Buijs removed review request for @alexbuijs

    removed review request for @alexbuijs

  • Zack Cuddy approved this merge request

    approved this merge request

  • Zack Cuddy removed review request for @zcuddy

    removed review request for @zcuddy

  • Jarka Košanová added 515 commits

    added 515 commits

    Compare with previous version

  • Jarka Košanová reset approvals from @zcuddy by pushing to the branch

    reset approvals from @zcuddy by pushing to the branch

  • :tools: Generated by gitlab_quality-test_tooling.


    :snail: Slow tests detected in this merge request. These slow tests might be related to this merge request's changes.

    Click to expand
    Job File Name Duration Expected duration
    #6527434886 spec/lib/release_highlights/validator_spec.rb#L82 ReleaseHighlights::Validator when validating all files they should have no errors 66.32 s < 27.12 s
    #6528282308 spec/lib/release_highlights/validator_spec.rb#L82 ReleaseHighlights::Validator when validating all files they should have no errors 65.72 s < 27.12 s
    #6602433221 spec/lib/release_highlights/validator_spec.rb#L82 ReleaseHighlights::Validator when validating all files they should have no errors 78.98 s < 27.12 s
    #6614861237 spec/lib/release_highlights/validator_spec.rb#L82 ReleaseHighlights::Validator when validating all files they should have no errors 77.89 s < 27.12 s
    #6639343295 spec/lib/release_highlights/validator_spec.rb#L82 ReleaseHighlights::Validator when validating all files they should have no errors 67.9 s < 27.12 s
    #6683352457 spec/lib/release_highlights/validator_spec.rb#L82 ReleaseHighlights::Validator when validating all files they should have no errors 67.08 s < 27.12 s
    #6687542358 spec/lib/release_highlights/validator_spec.rb#L82 ReleaseHighlights::Validator when validating all files they should have no errors 69.64 s < 27.12 s
    #6688153884 spec/lib/release_highlights/validator_spec.rb#L82 ReleaseHighlights::Validator when validating all files they should have no errors 64.94 s < 27.12 s
  • A deleted user added rspec:slow test detected label
  • added 1 commit

    Compare with previous version

  • requested review from @huzaifaiftikhar1

  • Jarka Košanová added 195 commits

    added 195 commits

    Compare with previous version

  • Huzaifa Iftikhar requested review from @harsimarsandhu and removed review request for @huzaifaiftikhar1

    requested review from @harsimarsandhu and removed review request for @huzaifaiftikhar1

  • Jay mentioned in issue #411502 (closed)

    mentioned in issue #411502 (closed)

  • Harsimar Sandhu approved this merge request

    approved this merge request

  • Jarka Košanová added 1323 commits

    added 1323 commits

    Compare with previous version

  • Jarka Košanová reset approvals from @harsimarsandhu by pushing to the branch

    reset approvals from @harsimarsandhu by pushing to the branch

  • Harsimar Sandhu removed review request for @harsimarsandhu

    removed review request for @harsimarsandhu

  • removed database label

  • requested review from @jtapiab, @zcuddy, and @mokhax

  • Zack Cuddy approved this merge request

    approved this merge request

  • Zack Cuddy removed review request for @zcuddy

    removed review request for @zcuddy

  • mo khan approved this merge request

    approved this merge request

    • Resolved by Javiera Tapia

      Thank you @jarka! :raised_hands: This is looking great. I did a short review today and I left a question and a small suggestion.

      Before approving, I want to give this a final review early tomorrow (my time) and try the MR locally.

  • added 1 commit

    Compare with previous version

  • Jarka Košanová reset approvals from @zcuddy and @mokhax by pushing to the branch

    reset approvals from @zcuddy and @mokhax by pushing to the branch

  • Jarka Košanová added 778 commits

    added 778 commits

    Compare with previous version

  • changed milestone to %17.0

  • requested review from @jglassman1

  • requested review from @phillipwells

  • Phillip Wells removed review request for @phillipwells

    removed review request for @phillipwells

  • added 1 commit

    • 25f91165 - Change description of the ability

    Compare with previous version

  • Jarka Košanová requested review from @jtapiab

    requested review from @jtapiab

  • mo khan approved this merge request

    approved this merge request

    • Resolved by Javiera Tapia

      Thank you @jarka for applying the changes! backend LGTM :thumbsup: I left one small suggestion that I think we should address before merging. I'm approving this MR in the meantime. Please, ping me once we have the Technical Writing approval so I can merge this.


      I have reviewed the merge request and left comments. I asked a question about the milestone and recommended updating it to 17.0. I estimate a small amount of work is required to address my comments.

  • Javiera Tapia approved this merge request

    approved this merge request

  • Javiera Tapia removed review request for @jtapiab

    removed review request for @jtapiab

  • Phillip Wells approved this merge request

    approved this merge request

  • added 1 commit

    Compare with previous version

  • Jarka Košanová reset approvals from @jtapiab by pushing to the branch

    reset approvals from @jtapiab by pushing to the branch

  • Jarka Košanová requested review from @jtapiab

    requested review from @jtapiab

  • Javiera Tapia resolved all threads

    resolved all threads

  • Javiera Tapia approved this merge request

    approved this merge request

  • Javiera Tapia enabled an automatic merge when the pipeline for 4be2b7ca succeeds

    enabled an automatic merge when the pipeline for 4be2b7ca succeeds

    • Resolved by Javiera Tapia

      @jarka the pipeline failed :point_down:

      $ bundle exec rake gitlab:custom_roles:check_docs
      ##########
      #
      # Custom roles documentation is outdated! Please update it by running `bundle exec rake gitlab:custom_roles:compile_docs`.
      #
      ##########

      Could you please run bundle exec rake gitlab:custom_roles:compile_docs to update the docs?

  • Jarka Košanová aborted the automatic merge because source branch was updated

    aborted the automatic merge because source branch was updated

  • added 1 commit

    • 22f421a6 - Update the custom roles documentation

    Compare with previous version

  • Jarka Košanová reset approvals from @phillipwells by pushing to the branch

    reset approvals from @phillipwells by pushing to the branch

  • Javiera Tapia resolved all threads

    resolved all threads

  • Javiera Tapia enabled an automatic merge when the pipeline for a6189c8e succeeds

    enabled an automatic merge when the pipeline for a6189c8e succeeds

  • Javiera Tapia mentioned in commit ccf4656b

    mentioned in commit ccf4656b

  • added workflowstaging label and removed workflowcanary label

  • mentioned in issue #463149 (closed)

  • mo khan mentioned in merge request !158884 (merged)

    mentioned in merge request !158884 (merged)

  • Alex Buijs mentioned in merge request !160531 (merged)

    mentioned in merge request !160531 (merged)

  • Please register or sign in to reply
    Loading