Json Import Service for Compliance Frameworks

Renée Hendricksenrequested to merge
rhendricksen/json_import_service into master

Json Import Service for Compliance Frameworks

This adds a json import service for compliance frameworks. This allows users to create a compliance framework from a json template. It modifies the create services for frameworks, requirements, and controls to support the json import.

This work is for issue: #513638 (closed)

Changelog: added EE: true

References

MR acceptance checklist

The changes follow the patterns of other services. There could be more test coverage of the error states of the import service.

How to set up and validate locally

To test the json import service to setup a compliance framework from a template:

  1. Make a file in the gitlab rails app like this:
cd gitlab
echo '{                                           
  "name": "SOC 2",   
  "description": "SOC 2 Template",
  "color": "#808080",
  "requirements": [               
    {                
      "name": "CC1.1.1 - Control Environment - Integrity and Ethical Values",
      "description": "The organization demonstrates a commitment to integrity and ethical values",
      "controls": [                                                          
        {                                                                                         
          "name": "minimum_approvals_required_2",
          "control_type": "internal",
          "expression": {                        
            "operator": "=",         
            "field": "minimum_approvals_required",
            "value": 2      
          }                                       
        }             
      ]    
    },   
    {  
      "name": "CC1.1.2 - Control Environment - Integrity and Ethical Values",
      "description": "Established standards of conduct are communicated and enforced",
      "controls": [                                                          
        {                                                                             
          "name": "minimum_approvals_required_2",
          "control_type": "internal",
          "expression": {                        
            "operator": "=",         
            "field": "minimum_approvals_required",
            "value": 2      
          }                                       
        }             
      ]    
    }    
  ]    
}' > ee/lib/compliance_management/soc2_template.json
  1. In rails console run:
user = User.first; nil
group = Group.first; nil
json_payload = ::Gitlab::Json.parse(
  File.read("#{Dir.pwd}/ee/lib/compliance_management/soc2_template.json")); nil
service = ComplianceManagement::Frameworks::JsonImportService.new(user:, group:, json_payload:); nil
service.execute; nil
  1. Either in console or at http://localhost:3000/groups/toolbox/-/security/compliance_dashboard/frameworks verify there is a SOC2 framework with 2 requirements that each have 1 control. Console example:
ComplianceManagement::Framework.last
ComplianceManagement::Framework.last.compliance_requirements.count
ComplianceManagement::Framework.last.compliance_requirements.first.compliance_requirements_controls.count

Merge request reports