Add Project.complianceFrameworks field to GraphQL schema
What does this MR do?
Adds a set of complianceFrameworks
nodes from ProjectType
. This allows GraphQL API consumers to find out if a project has a compliance framework assigned to it, and if so, which one.
Example Queries
Query
{
project(fullPath: "root/lab-coat") {
id
name
complianceFrameworks {
nodes {
name
}
}
}
}
Output
{
"data": {
"project": {
"id": "gid://gitlab/Project/10",
"name": "Lab Coat",
"complianceFrameworks": {
"nodes": [
{
"name": "gdpr"
}
]
}
}
}
}
Considerations
As a general direction, we're likely to iterate to allow projects to have more than one compliance framework in the future. (See conversation between EM and PM on this)
But we're also not keen on the idea of adding new API functionality only to have to make a breaking change in the relatively-near future. (compliance_framework
-> name
rather than compliance_frameworks
-> nodes
-> name
)
By treating compliance_frameworks
as a list, rather than a single value, this seemed like the best way to avoid it. I'm aware there's an element of code-smell here though, so I'm more than open to better solutions.
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers -
Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team
Mentions #215157 (closed)