Access requirement from control and framework from requirement graphql types
What does this MR do and why?
For #542342 (closed) and #542343 (closed), we will be required to access compliance requirement and framework for a compliance control. This MR adds compliance requirement to compliance control graphql type and compliance framework to compliance requirement graphql type.
References
#542342 (closed) #542343 (closed)
How to set up and validate locally
- Assuming you have an Ultimate group with some projects and compliance frameworks with requirements and controls. The compliance statuses for at least one project is already present.
- Visit the graphql explorer and run following graphql query for the project for which the compliance status exist:
query projectComplianceControlStatuses {
project(fullPath: "<project_full_path>") {
id
name
complianceControlStatus {
nodes {
status
complianceRequirementsControl {
name
expression
complianceRequirement {
name
framework {
name
}
}
}
}
}
}
}- You will get the project control compliance statuses in response with the framework and requirement under control, something like following:
Click to expand response
{
"data": {
"project": {
"id": "gid://gitlab/Project/168",
"name": "Gel Audible Lifter-subgroup-75",
"complianceControlStatus": {
"nodes": [
{
"status": "PASS",
"complianceRequirementsControl": {
"name": "project_visibility_not_internal",
"expression": "{\"operator\":\"=\",\"field\":\"project_visibility_not_internal\",\"value\":true}",
"complianceRequirement": {
"name": "1. deleniti",
"framework": {
"name": "Red framework"
}
}
}
},
{
"status": "PENDING",
"complianceRequirementsControl": {
"name": "scanner_sast_running",
"expression": "{\"operator\":\"=\",\"field\":\"scanner_sast_running\",\"value\":true}",
"complianceRequirement": {
"name": "1. deleniti",
"framework": {
"name": "Red framework"
}
}
}
},
{
"status": "PASS",
"complianceRequirementsControl": {
"name": "external_control",
"expression": "{\"operator\":\"=\",\"field\":\"scanner_sast_running\",\"value\":true}",
"complianceRequirement": {
"name": "1. deleniti",
"framework": {
"name": "Red framework"
}
}
}
},
{
"status": "PASS",
"complianceRequirementsControl": {
"name": "scanner_sast_running",
"expression": "{\"operator\":\"=\",\"field\":\"scanner_sast_running\",\"value\":true}",
"complianceRequirement": {
"name": "2. tempore",
"framework": {
"name": "Red framework"
}
}
}
},
{
"status": "PASS",
"complianceRequirementsControl": {
"name": "external_control",
"expression": "{\"operator\":\"=\",\"field\":\"scanner_sast_running\",\"value\":true}",
"complianceRequirement": {
"name": "2. tempore",
"framework": {
"name": "Red framework"
}
}
}
},
{
"status": "PASS",
"complianceRequirementsControl": {
"name": "project_visibility_not_internal",
"expression": "{\"operator\":\"=\",\"field\":\"project_visibility_not_internal\",\"value\":true}",
"complianceRequirement": {
"name": "1. perspiciatis",
"framework": {
"name": "Green framework"
}
}
}
},
{
"status": "PASS",
"complianceRequirementsControl": {
"name": "scanner_sast_running",
"expression": "{\"operator\":\"=\",\"field\":\"scanner_sast_running\",\"value\":true}",
"complianceRequirement": {
"name": "1. perspiciatis",
"framework": {
"name": "Green framework"
}
}
}
},
{
"status": "PASS",
"complianceRequirementsControl": {
"name": "external_control",
"expression": "{\"operator\":\"=\",\"field\":\"scanner_sast_running\",\"value\":true}",
"complianceRequirement": {
"name": "1. perspiciatis",
"framework": {
"name": "Green framework"
}
}
}
},
{
"status": "PASS",
"complianceRequirementsControl": {
"name": "scanner_sast_running",
"expression": "{\"operator\":\"=\",\"field\":\"scanner_sast_running\",\"value\":true}",
"complianceRequirement": {
"name": "2. ratione",
"framework": {
"name": "Green framework"
}
}
}
},
{
"status": "PASS",
"complianceRequirementsControl": {
"name": "external_control",
"expression": "{\"operator\":\"=\",\"field\":\"scanner_sast_running\",\"value\":true}",
"complianceRequirement": {
"name": "2. ratione",
"framework": {
"name": "Green framework"
}
}
}
}
]
}
}
},
"correlationId": "01JXETR7C6B37W1FVQQ6XZPRFA"
}MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Related to #542342 (closed)
Edited by Hitesh Raghuvanshi