Skip to content

Added update mutation for project frameworks

Hitesh Raghuvanshi requested to merge 464160-update-frameworks-mutation into master

What does this MR do and why?

This MR introduces a new mutation projectUpdateComplianceFrameworks which allows users to add and remove compliance framework labels from a project. The mutation expects an array of compliance framework ids and replaces the existing frameworks associated with the project with these new ones.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

GraphQl mutation

mutation projectUpdateComplianceFrameworks {
  projectUpdateComplianceFrameworks(input: {projectId: "gid://gitlab/Project/7", 
    complianceFrameworkIds: ["gid://gitlab/ComplianceManagement::Framework/10",
      "gid://gitlab/ComplianceManagement::Framework/11"]}) {
    errors
    project {
     id
     name
    }
  }
}

How to set up and validate locally

  1. For this you need to have a group with Ultimate license.
  2. Let's say the name of group is Flightjs.
  3. Add three compliance frameworks to this group by following steps mentioned in https://docs.gitlab.com/ee/user/compliance/compliance_center/compliance_frameworks_report.html#create-a-new-compliance-framework.
  4. Also create several projects for the group.
  5. Now visit the project's tab in compliance center for the group at http://gitlab.localdev:3000/groups/flightjs/-/security/compliance_dashboard/projects.
  6. You will be able to check that the newly created projects do not have any framework assigned to them.
  7. You can get the ids of compliance frameworks associated with the group by running group.compliance_management_frameworks in the rails console, the ids will be helpful in mutations.
  8. Now, let's add two frameworks to one of the projects by running following mutation in http://gitlab.localdev:3000/-/graphql-explorer.
mutation projectUpdateComplianceFrameworks {
  projectUpdateComplianceFrameworks(input: {projectId: "gid://gitlab/Project/<project_id>", 
    complianceFrameworkIds: ["gid://gitlab/ComplianceManagement::Framework/<framework1_id>",
      "gid://gitlab/ComplianceManagement::Framework/<framework2_id>"]}) {
    errors
    project {
     id
     name
    }
  }
}
  1. Make sure above mutation does not return any error and then refresh the projects tab of compliance center for the group.
  2. You will notice that the frameworks have been added to the project, it will look something like following image
  3. You can also remove any framework by removing the framework from the list of frameworks in the mutation, for example to remove framework with id framework1_id and to add a new framework with id framework3_id, you can run the mutation as follows:
mutation projectUpdateComplianceFrameworks {
  projectUpdateComplianceFrameworks(input: {projectId: "gid://gitlab/Project/<project_id>", 
    complianceFrameworkIds: ["gid://gitlab/ComplianceManagement::Framework/<framework2_id>",
      "gid://gitlab/ComplianceManagement::Framework/<framework3_id>"]}) {
    errors
    project {
     id
     name
    }
  }
}
  1. If you will refresh the compliance center then you will notice that the framework for the project has changed.

Related to #464160

Edited by Hitesh Raghuvanshi

Merge request reports