Skip to content

Mutation for destroying compliance requirement control

Hitesh Raghuvanshirequested to merge
512381-delete-controls into master

What does this MR do and why?

Mutation destroyComplianceRequirementsControl added for destroying compliance requirement control.

References

**Please include [cross links](https://handbook.gitlab.com/ha This merge request adds functionality to destroy compliance requirement controls in GitLab. It introduces a new GraphQL mutation to delete these controls, along with the necessary backend services, policies, and audit events. The changes include:

Database

Query:

DELETE FROM "compliance_requirements_controls" WHERE "compliance_requirements_controls"."id" = 1

Query plan: https://console.postgres.ai/gitlab/gitlab-production-main/sessions/35565/commands/110130

Note: Please note that this is a new table and there are no records for it on production.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

  1. You must have a group with GitLab Ultimate license for testing this.
  2. Make sure the group has at least one compliance framework associated with it. If not then you can follow steps mentioned here for creating one.
  3. Now open the graphql explorer, for example http://gdk.test:3000/-/graphql-explorer, and run the following mutation
mutation createComplianceRequirement {
  createComplianceRequirement(
    input: {
      complianceFrameworkId: "gid://gitlab/ComplianceManagement::Framework/<framework_id>",
      params: {
        name: "Custom req 1",
        description: "some description"
      }
    }) {
    errors
    requirement {
      id
      name
      description
    }
  }
}
  1. You should not get any error while running this and response would be something like:
{
  "data": {
    "createComplianceRequirement": {
      "errors": [],
      "requirement": {
        "id": "gid://gitlab/ComplianceManagement::ComplianceFramework::ComplianceRequirement/3",
        "name": "Custom req 1",
        "description": "some description"
      }
    }
  }
}
  1. Note the ComplianceRequirement id you got in response.
  2. Now, we need to create an entry for control against the above compliance requirement, for that the mutation is under dev in !177557 (merged), so for now we can do that by rails console by running following ruby command, replace <requirement_id> by compliance requirement id:
ComplianceManagement::ComplianceFramework::ComplianceRequirementsControl.create(name: 'minimum_approvals_required_2', control_type: 'internal', expression: "{\"operator\":\"=\",\"field\":\"minimum_approvals_required\",\"value\":2}", compliance_requirement: ComplianceManagement::ComplianceFramework::ComplianceRequirement.find(<requirement_id>), namespace: ComplianceManagement::ComplianceFramework::ComplianceRequirement.find(<requirement_id>).namespace)
  1. For destroying the created compliance control, run the following mutation in graphql explorer, it should return no errors:
mutation destroyComplianceRequirementsControl {
  destroyComplianceRequirementsControl(
    input: {
      id: "gid://gitlab/ComplianceManagement::ComplianceFramework::ComplianceRequirementsControl/<control_id>"
  }) {
    errors
  }
}

Related to #512381 (closed)

Edited by Hitesh Raghuvanshi

Merge request reports