Add admin compliance framework custom permission
What does this MR do and why?
It adds a new custom permission, admin compliance framework.
- it adds a custom ability YAML file created by running
./ee/bin/custom-ability -d "Allows admin of compliance framework." -c compliance_management -p -i "#411502" admin_compliance_framework
- the migration was generated by running
rails g gitlab:custom_roles:code --ability admin_compliance_framework
- the documentation was generated by running
bundle exec rake gitlab:custom_roles:compile_docs
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
How to set up and validate locally
- Log in with a user who has a
guest
role in a group - Make sure you can't access compliance-related views / endpoints (see below)
- Create a new custom permission enabling managing admin compliance framework - on self-managed in the admin UI (http://gdk.test:3000/admin/application_settings/roles_and_permissions), on SaaS in the group settings (eg. http://gdk.test:3000/groups/flightjs/-/settings/roles_and_permissions)
- Assign this custom role to the guest user (on group members page, eg. http://gdk.test:3000/groups/flightjs/-/group_members)
- Now test the compliance-related views / endpoints again, they now should be accessible and work as expected
Compliance-related views & endpoints
Group
- Menu item Settings - General should be accessible
- Only section
Compliance frameworks
should be visible there - And it should be possible to view, edit, and add compliance frameworks
Project
- Menu item Settings - General should be accessible
- Only section
Compliance framework
should be visible there - And it should be possible to change the project compliance framework
- GraphQL mutation, example:
mutation {
projectSetComplianceFramework(input: {
projectId: "gid://gitlab/Project/7",
complianceFrameworkId: "gid://gitlab/ComplianceManagement::Framework/4"
}) {
project {
id
}
}
}
Related to #411502 (closed)
Merge request reports
Activity
changed milestone to %16.9
assigned to @jarka
- A deleted user
added database databasereview pending labels
3 Warnings dca62448: The commit subject must contain at least 3 words. For more information, take a look at our Commit message guidelines. dca62448: The commit subject must start with a capital letter. For more information, take a look at our Commit message guidelines. a60420f5: The commit body should not contain more than 72 characters per line. For more information, take a look at our Commit message guidelines. 1 Message This merge request adds or changes documentation files. A review from the Technical Writing team before you merge is recommended. Reviews can happen after you merge. Documentation review
The following files require a review from a technical writer:
-
doc/api/graphql/reference/index.md
(Link to current live version) -
doc/user/custom_roles/abilities.md
(Link to current live version)
The review does not need to block merging this merge request. See the:
-
Metadata for the
*.md
files that you've changed. The first few lines of each*.md
file identify the stage and group most closely associated with your docs change. - The Technical Writer assigned for that stage and group.
- Documentation workflows for information on when to assign a merge request for review.
Reviewer roulette
Category Reviewer Maintainer backend @mokhax
(UTC-6, 8 hours behind author)
@jtapiab
(UTC-4, 6 hours behind author)
frontend @marina.mosti
(UTC+2, same timezone as author)
@slashmanov
(UTC+4, 2 hours ahead of author)
groupauthorization Reviewer review is optional for groupauthorization @mokhax
(UTC-6, 8 hours behind author)
Please check reviewer's status!
Please refer to documentation page for guidance on how you can benefit from the Reviewer Roulette, or use the GitLab Review Workload Dashboard to find other available reviewers.
If needed, you can retry the
danger-review
job that generated this comment.Generated by
Danger-
E2E Test Result Summary
allure-report-publisher
generated test report!e2e-test-on-gdk:
test report for 22f421a6expand test summary
+------------------------------------------------------------------+ | suites summary | +-------------+--------+--------+---------+-------+-------+--------+ | | passed | failed | skipped | flaky | total | result | +-------------+--------+--------+---------+-------+-------+--------+ | Govern | 66 | 0 | 0 | 0 | 66 | ✅ | | Data Stores | 31 | 0 | 0 | 0 | 31 | ✅ | | Create | 87 | 0 | 9 | 0 | 96 | ✅ | | Plan | 51 | 0 | 2 | 0 | 53 | ✅ | | Verify | 35 | 0 | 1 | 0 | 36 | ✅ | | Monitor | 7 | 0 | 0 | 0 | 7 | ✅ | | Package | 24 | 0 | 6 | 0 | 30 | ✅ | | Analytics | 2 | 0 | 0 | 0 | 2 | ✅ | | Release | 5 | 0 | 0 | 0 | 5 | ✅ | | Manage | 0 | 0 | 1 | 0 | 1 | ➖ | +-------------+--------+--------+---------+-------+-------+--------+ | Total | 308 | 0 | 19 | 0 | 327 | ✅ | +-------------+--------+--------+---------+-------+-------+--------+
e2e-package-and-test:
test report for 22f421a6expand test summary
+------------------------------------------------------------------+ | suites summary | +-------------+--------+--------+---------+-------+-------+--------+ | | passed | failed | skipped | flaky | total | result | +-------------+--------+--------+---------+-------+-------+--------+ | Govern | 300 | 0 | 13 | 5 | 313 | ✅ | | Create | 182 | 0 | 21 | 2 | 203 | ✅ | | Plan | 44 | 0 | 4 | 0 | 48 | ✅ | | Verify | 18 | 0 | 0 | 0 | 18 | ✅ | | Data Stores | 22 | 0 | 0 | 0 | 22 | ✅ | | Package | 6 | 0 | 8 | 0 | 14 | ✅ | | Monitor | 8 | 0 | 0 | 0 | 8 | ✅ | | Release | 2 | 0 | 0 | 0 | 2 | ✅ | +-------------+--------+--------+---------+-------+-------+--------+ | Total | 582 | 0 | 46 | 7 | 628 | ✅ | +-------------+--------+--------+---------+-------+-------+--------+
changed milestone to %16.10
added missed:16.9 label
added 2815 commits
-
6ba31d97...96e85d37 - 2812 commits from branch
master
- c204f84c - Generate ability YAML file
- 233b49a4 - Generate migration and request spec
- 08a906cb - Add admin admin compliance framework as custom ability
Toggle commit list-
6ba31d97...96e85d37 - 2812 commits from branch
- A deleted user
added frontend label
Bundle size analysis [beta]
This compares changes in bundle size for entry points between the commits 58909b24 and 2f0c538b
Special assetsEntrypoint / Name Size before Size after Diff Diff in percent average 4.24 MB 4.24 MB - 0.0 % mainChunk 3.22 MB 3.22 MB - 0.0 %
Note: We do not have exact data for 58909b24. So we have used data from: a46bcdd6.
The target commit was too new, so we used the latest commit from master we have info on.
It might help to rerun thebundle-size-review
job
This might mean that you have a few false positives in this report. If something unrelated to your code changes is reported, you can check this comparison in order to see if they caused this change.Please look at the full report for more details
Read more about how this report works.
Generated by
Dangermentioned in merge request gitlab-com/www-gitlab-com!133326 (merged)
added 1989 commits
-
08a906cb...69642368 - 1986 commits from branch
master
- b00d05c8 - Generate ability YAML file
- 3aa1553d - Generate migration and request spec
- 50078139 - Add admin admin compliance framework as custom ability
Toggle commit list-
08a906cb...69642368 - 1986 commits from branch
- Resolved by Jarka Košanová
changed milestone to %16.11
added missed:16.10 label
added 994 commits
-
50078139...cb2e0b06 - 991 commits from branch
master
- 06a82ea0 - Generate ability YAML file
- 733c3f0e - Generate migration and request spec
- d44064bf - Add admin admin compliance framework as custom ability
Toggle commit list-
50078139...cb2e0b06 - 991 commits from branch
added 1 commit
- 4a178406 - Add admin admin compliance framework as custom ability
added 1 commit
- 92789a2a - Add admin admin compliance framework as custom ability
Database migrations (on the main database)
Migrations included in this change have been executed on gitlab.com data for testing purposes. For details, please see the migration testing pipeline (limited access).
Migration Type Total runtime Result DB size change 20240110165214 - AddAdminComplianceFrameworkToMemberRoles Regular 2.0 s +8.00 KiB [note] Runtime Histogram for all migrations
Query Runtime Count 0 seconds - 0.01 seconds 0 0.01 seconds - 0.1 seconds 5 0.1 seconds - 1 second 0 1 second - 5 seconds 0 5 seconds - 15 seconds 0 15 seconds - 5 minutes 0 5 minutes + 0 Migration: 20240110165214 - AddAdminComplianceFrameworkToMemberRoles
- Type: Regular
- Duration: 2.0 s
- Database size change: +8.00 KiB [note]
Calls Total Time Max Time Mean Time Rows Query 1 6.8 ms 6.8 ms 6.8 ms 0 ALTER TABLE "member_roles" ADD "admin_compliance_framework" boolean DEFAULT FALSE NOT NULL
1 4.4 ms 4.4 ms 4.4 ms 1 SELECT "feature_gates"."key", "feature_gates"."value" FROM "feature_gates" WHERE "feature_gates"."feature_key" = $1
1 0.0 ms 0.0 ms 0.0 ms 1 SELECT $1::regtype::oid
2 0.0 ms 0.0 ms 0.0 ms 2 SELECT pg_backend_pid()
Histogram for AddAdminComplianceFrameworkToMemberRoles
Query Runtime Count 0 seconds - 0.01 seconds 0 0.01 seconds - 0.1 seconds 5 0.1 seconds - 1 second 0 1 second - 5 seconds 0 5 seconds - 15 seconds 0 15 seconds - 5 minutes 0 5 minutes + 0 Other information
Other migrations pending on GitLab.com
Migration Type Total runtime Result DB size change 20240221145450 - CreateAuditEventsInstanceStreamingEventTypeFilters Regular 1.7 s +40.00 KiB 20240319132847 - AddIndexOnZoektIndicesStateAndId Regular 2.5 s +200.00 KiB 20240306030118 - DropIndexEnvironmentsForNameSearchWithinFolder Post deploy 2.3 s -1007.18 MiB 20240318011341 - ValidateForeignKeyForCommitIdBetweenPCiBuildsAndCiPipelines Post deploy 2.7 s +0.00 B 20240318150930 - FinalizeBackfillOnboardingStatusStepUrl Post deploy 1.8 s +0.00 B 20240318180554 - DropPromoteUltimateFeaturesAtColumn Post deploy 1.5 s +0.00 B Clone details
Clone ID Clone Created At Clone Data Timestamp Expected Removal Time database-testing-3017637-13248178-main
2024-03-21T16:12:02Z 2024-03-20T14:05:52Z 2024-03-22 04:16:55 +0000 database-testing-3017637-13248178-ci
2024-03-21T16:12:02Z 2024-03-21T12:44:58Z 2024-03-22 04:16:55 +0000 Database migrations (on the ci database)
Migrations included in this change have been executed on gitlab.com data for testing purposes. For details, please see the migration testing pipeline (limited access).
Migration Type Total runtime Result DB size change 20240110165214 - AddAdminComplianceFrameworkToMemberRoles Regular 2.9 s +0.00 B Runtime Histogram for all migrations
Query Runtime Count 0 seconds - 0.01 seconds 0 0.01 seconds - 0.1 seconds 4 0.1 seconds - 1 second 0 1 second - 5 seconds 0 5 seconds - 15 seconds 0 15 seconds - 5 minutes 0 5 minutes + 0 Migration: 20240110165214 - AddAdminComplianceFrameworkToMemberRoles
- Type: Regular
- Duration: 2.9 s
- Database size change: +0.00 B
Calls Total Time Max Time Mean Time Rows Query 1 57.4 ms 57.4 ms 57.4 ms 0 ALTER TABLE "member_roles" ADD "admin_compliance_framework" boolean DEFAULT FALSE NOT NULL
2 0.0 ms 0.0 ms 0.0 ms 2 SELECT pg_backend_pid()
1 0.0 ms 0.0 ms 0.0 ms 1 SELECT $1::regtype::oid
Histogram for AddAdminComplianceFrameworkToMemberRoles
Query Runtime Count 0 seconds - 0.01 seconds 0 0.01 seconds - 0.1 seconds 4 0.1 seconds - 1 second 0 1 second - 5 seconds 0 5 seconds - 15 seconds 0 15 seconds - 5 minutes 0 5 minutes + 0 Other information
Other migrations pending on GitLab.com
Migration Type Total runtime Result DB size change 20240306030118 - DropIndexEnvironmentsForNameSearchWithinFolder Post deploy 3.6 s -8.00 KiB 20240318011341 - ValidateForeignKeyForCommitIdBetweenPCiBuildsAndCiPipelines Post deploy 5.3 s +0.00 B 20240318150930 - FinalizeBackfillOnboardingStatusStepUrl Post deploy 2.3 s +0.00 B 20240318180554 - DropPromoteUltimateFeaturesAtColumn Post deploy 2.5 s +0.00 B Clone details
Clone ID Clone Created At Clone Data Timestamp Expected Removal Time database-testing-3017637-13248178-main
2024-03-21T16:12:02Z 2024-03-20T14:05:52Z 2024-03-22 04:16:55 +0000 database-testing-3017637-13248178-ci
2024-03-21T16:12:02Z 2024-03-21T12:44:58Z 2024-03-22 04:16:55 +0000
Brought to you by gitlab-org/database-team/gitlab-com-database-testing. Epic
- A deleted user
added database-testing-automation label
added 1 commit
- 8b1768c0 - Add admin admin compliance framework as custom ability
added 1 commit
- 314c2510 - Add admin admin compliance framework as custom ability
added 1 commit
- 3a8afc79 - Add admin admin compliance framework as custom ability
added 1 commit
- 2aaacc36 - Add admin admin compliance framework as custom ability
- Resolved by Jarka Košanová
@alexbuijs could you do the initial review?
@bdenkovych could you review the db changes?
@nradina could you review the frontend?
requested review from @alexbuijs, @bdenkovych, and @nradina
- Resolved by Alex Buijs
- Resolved by Alex Buijs
- Resolved by Jarka Košanová
- Resolved by Jarka Košanová
- Resolved by Alex Buijs
removed review request for @alexbuijs
- Resolved by Alex Buijs
- Resolved by Zack Cuddy
Hi, @jarka ! Thank you for working on this. I left one small comment, please let me know what you think.
- Resolved by Jarka Košanová
added databasereviewed label and removed databasereview pending label
removed review request for @bdenkovych
mentioned in issue gitlab-com/www-gitlab-com#14450 (moved)
added 945 commits
-
2aaacc36...b27c26e7 - 943 commits from branch
master
- 4e367846 - Generate ability YAML file
- 2f0c538b - Add admin admin compliance framework as custom ability
-
2aaacc36...b27c26e7 - 943 commits from branch
added 1 commit
- 92dc2680 - Add admin admin compliance framework as custom ability
requested review from @nradina
- Resolved by Jarka Košanová
Thanks @nradina @alexbuijs, could you take another look?
requested review from @alexbuijs
added pipeline:mr-approved label
- Resolved by Javiera Tapia
@nradina
, thanks for approving this merge request.This is the first time the merge request has been approved. To ensure we don't only run predictive pipelines, and we don't break
master
, a new pipeline will be started shortly.Please wait for the pipeline to start before resolving this discussion and set auto-merge for the new pipeline. See merging a merge request for more details.
requested review from @zcuddy
removed review request for @alexbuijs
removed review request for @zcuddy
added 515 commits
-
92dc2680...b74c6ee7 - 513 commits from branch
master
- 8c0bb260 - Generate ability YAML file
- f995d9a2 - Add admin admin compliance framework as custom ability
-
92dc2680...b74c6ee7 - 513 commits from branch
reset approvals from @zcuddy by pushing to the branch
Generated bygitlab_quality-test_tooling
.
Slow tests detected in this merge request. These slow tests might be related to this merge request's changes.Click to expand
Job File Name Duration Expected duration #6527434886 spec/lib/release_highlights/validator_spec.rb#L82
ReleaseHighlights::Validator when validating all files they should have no errors 66.32 s < 27.12 s #6528282308 spec/lib/release_highlights/validator_spec.rb#L82
ReleaseHighlights::Validator when validating all files they should have no errors 65.72 s < 27.12 s #6602433221 spec/lib/release_highlights/validator_spec.rb#L82
ReleaseHighlights::Validator when validating all files they should have no errors 78.98 s < 27.12 s #6614861237 spec/lib/release_highlights/validator_spec.rb#L82
ReleaseHighlights::Validator when validating all files they should have no errors 77.89 s < 27.12 s #6639343295 spec/lib/release_highlights/validator_spec.rb#L82
ReleaseHighlights::Validator when validating all files they should have no errors 67.9 s < 27.12 s #6683352457 spec/lib/release_highlights/validator_spec.rb#L82
ReleaseHighlights::Validator when validating all files they should have no errors 67.08 s < 27.12 s #6687542358 spec/lib/release_highlights/validator_spec.rb#L82
ReleaseHighlights::Validator when validating all files they should have no errors 69.64 s < 27.12 s #6688153884 spec/lib/release_highlights/validator_spec.rb#L82
ReleaseHighlights::Validator when validating all files they should have no errors 64.94 s < 27.12 s - A deleted user
added rspec:slow test detected label
requested review from @huzaifaiftikhar1
added 195 commits
-
87990723...e15624c3 - 192 commits from branch
master
- d848c241 - Generate ability YAML file
- 3559829f - Add admin admin compliance framework as custom ability
- 575ed62a - Fix failing specs
Toggle commit list-
87990723...e15624c3 - 192 commits from branch
requested review from @harsimarsandhu and removed review request for @huzaifaiftikhar1
mentioned in issue bdenkovych/notes#6
mentioned in issue #411502 (closed)
added 1323 commits
-
575ed62a...0c98f747 - 1320 commits from branch
master
- 719539aa - Generate ability YAML file
- 2769bbca - Add admin admin compliance framework as custom ability
- 44fea4cc - Fix failing specs
Toggle commit list-
575ed62a...0c98f747 - 1320 commits from branch
reset approvals from @harsimarsandhu by pushing to the branch
removed review request for @harsimarsandhu
removed databasereviewed label
removed database label
removed review request for @zcuddy
- Resolved by Javiera Tapia
- Resolved by Jarka Košanová
- Resolved by Javiera Tapia
Thank you @jarka!
This is looking great. I did a short review today and I left a question and a small suggestion.Before approving, I want to give this a final review early tomorrow (my time) and try the MR locally.
- Resolved by Javiera Tapia
@jarka
Great work! I left one comment for you: !144183 (comment 1863440816), which we might need to check to make the pipeline pass.- I think we are also missing a Technical Writing review as per Danger bot comment.
- Should we consider adding a Changelog commit with an
EE: true
trailer since this affects only theEE
context?
added 778 commits
-
c72fa2d3...b2d687b7 - 775 commits from branch
master
- a60420f5 - Generate ability YAML file
- a0b34a64 - Add admin admin compliance framework as custom ability
- 9c4c4075 - Raise error when namespace úath is invalid
Toggle commit list-
c72fa2d3...b2d687b7 - 775 commits from branch
changed milestone to %17.0
added missed:16.11 label
requested review from @jglassman1
requested review from @phillipwells
- Resolved by Jarka Košanová
added Technical Writing docs-channel docsfeature labels
removed review request for @phillipwells
requested review from @jtapiab
- Resolved by Jarka Košanová
- Resolved by Javiera Tapia
Thank you @jarka for applying the changes! backend LGTM
I left one small suggestion that I think we should address before merging. I'm approving this MR in the meantime. Please, ping me once we have the Technical Writing approval so I can merge this.
I have reviewed the merge request and left comments. I asked a question about the milestone and recommended updating it to
17.0
. I estimate a small amount of work is required to address my comments.
removed review request for @jtapiab
reset approvals from @jtapiab by pushing to the branch
requested review from @jtapiab
enabled an automatic merge when the pipeline for 4be2b7ca succeeds
- Resolved by Javiera Tapia
@jarka the pipeline failed
$ bundle exec rake gitlab:custom_roles:check_docs ########## # # Custom roles documentation is outdated! Please update it by running `bundle exec rake gitlab:custom_roles:compile_docs`. # ##########
Could you please run
bundle exec rake gitlab:custom_roles:compile_docs
to update the docs?
reset approvals from @phillipwells by pushing to the branch
enabled an automatic merge when the pipeline for a6189c8e succeeds
mentioned in commit ccf4656b
added workflowstaging-canary label and removed workflowin dev label
added workflowcanary label and removed workflowstaging-canary label
added workflowstaging label and removed workflowcanary label
added workflowproduction label and removed workflowstaging label
added workflowpost-deploy-db-staging label and removed workflowproduction label
added releasedcandidate label
mentioned in merge request kubitus-project/kubitus-installer!3058 (merged)
mentioned in issue #463149 (closed)
added releasedpublished label and removed releasedcandidate label
added pipelinetier-3 label
mentioned in merge request !158884 (merged)
mentioned in merge request !160531 (merged)