Skip to content

Raise error when more than 1 frameworks for a project

Hitesh Raghuvanshi requested to merge 464159-multiple-frameworks-assign-service into master

What does this MR do and why?

What?

GraphQL endpoint ProjectSetComplianceFramework returns error if user tries to assign or unassign a compliance framework to a project, if the project has more than 1 compliance frameworks assigned to it.

Why?

We are introducing support for multiple compliance frameworks for a project. Earlier at max there can be only one framework associated with a project and hence the mutation ProjectSetComplianceFramework was written in such a way that if a framework is being assigned to a project, then the framework gets assigned to project and in case other framework is assigned to project then that framework gets replaced. Also, the same endpoint unassigns any framework associated with the project. Now, we are introducing new mutations which will allow users to assign and unassign multiple frameworks to a project, so the existing mutation poses an issue here, so in case multiple frameworks are assigned to a project and older mutation is being used then we will return an error.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

  1. You need to have a group with Ultimate licence for this.
  2. Under the group, create at least 3 different compliance frameworks by following steps at https://docs.gitlab.com/ee/user/compliance/compliance_center/compliance_frameworks_report.html#create-a-new-compliance-framework.
  3. Now, create a project under the group.
  4. Apply the first compliance framework to this project by following steps in https://docs.gitlab.com/ee/user/compliance/compliance_center/compliance_projects_report.html#apply-a-compliance-framework-to-projects-in-a-group.
  5. Now, open the rails console gdk rails console to add the second compliance framework to the project, currently it is not possible via UI or API, we are adding support for it.
  6. In rails console, first get the group object by running group = Group.find(<group_id>), you can get the <group_id> from group's dashboard.
  7. Then list down all the compliance frameworks for the group by running frameworks = group.compliance_management_frameworks, this will return the ids and names of the frameworks, which will be helpful in further steps.
  8. Get the project object by running project = Project.find(<project_id>), you can get <project_id> from project's dashboard.
  9. Now add the second framework to the project by running ComplianceManagement::ComplianceFramework::ProjectSettings.create(project: project, compliance_management_framework: frameworks.second), assuming first framework is already assigned to the project.
  10. Now, open graphql explorer and run the following mutation to add third framework to the project, it should return error with message You cannot assign or unassign framework to a project which has more than 1 frameworks associated with it. as this mutation should not be allowed to add or remove framework if there are multiple frameworks assigned to the project
mutation projectSetComplianceFramework {
  projectSetComplianceFramework(input: {projectId: "gid://gitlab/Project/<project_id>", 
    complianceFrameworkId: "gid://gitlab/ComplianceManagement::Framework/<third_framework_id>"}) {
    errors
    project {
     id
     name
    }
  }
}

Related to #464159 (closed)

Edited by Hitesh Raghuvanshi

Merge request reports