Add compliance framework templates backend support

Harsimar Sandhurequested to merge
feature/591059-backend-compliance-framework-templates into master

What does this MR do and why?

Add compliance framework templates backend support

Allow users to create compliance frameworks from predefined templates (SOC 2, GDPR) instead of building them from scratch. Templates include requirements and controls that are automatically created when a framework is instantiated from a template.

The feature is gated behind the compliance_framework_templates feature flag and requires the custom_compliance_frameworks license.

Changelog: added EE: true

How to validate locally

Feature.enable(:compliance_framework_templates)
  1. Query: complianceFrameworkTemplates (List all templates)
query {
  complianceFrameworkTemplates {
    id
    templateVersion
    name
    description
    color
    json
  }
}
  1. Query: complianceFrameworkTemplates (Filter by ID)
query {
  complianceFrameworkTemplates(
    id: "gid://gitlab/ComplianceManagement::Frameworks::TemplateRegistry::Template/soc2"
  ) {
    id
    templateVersion
    name
    description
    color
    json
  }
}

You can also try with gdpr instead of soc2:

query {
  complianceFrameworkTemplates(
    id: "gid://gitlab/ComplianceManagement::Frameworks::TemplateRegistry::Template/gdpr"
  ) {
    id
    templateVersion
    name
    description
    color
    json
  }
}
  1. Mutation: createComplianceFrameworkFromTemplate (Create framework from template)
mutation {
  createComplianceFrameworkFromTemplate(
    input: {
      namespacePath: "<YOUR_GROUP_FULL_PATH>"
      templateId: "gid://gitlab/ComplianceManagement::Frameworks::TemplateRegistry::Template/soc2"
    }
  ) {
    framework {
      id
      name
      description
      color
    }
    errors
  }
}
  1. Mutation: createComplianceFrameworkFromTemplate (With overrides)
mutation {
  createComplianceFrameworkFromTemplate(
    input: {
      namespacePath: "<YOUR_GROUP_FULL_PATH>"
      templateId: "gid://gitlab/ComplianceManagement::Frameworks::TemplateRegistry::Template/gdpr"
      name: "Custom GDPR"
      description: "My custom GDPR framework"
      color: "#FCA121"
      default: true
    }
  ) {
    framework {
      id
      name
      description
      color
    }
    errors
  }
}

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #591059 (closed)

Edited by Harsimar Sandhu

Merge request reports