Skip to content

Add Project.complianceFrameworks field to GraphQL schema

Max Woolf requested to merge 215157-graphql-compliance-frameworks into master

What does this MR do?

Adds a set of complianceFrameworks nodes from ProjectType. This allows GraphQL API consumers to find out if a project has a compliance framework assigned to it, and if so, which one.

Example Queries

Query

{
  project(fullPath: "root/lab-coat") {
    id
    name
    complianceFrameworks {
      nodes {
        name
      }
    }
  }
}

Output

{
  "data": {
    "project": {
      "id": "gid://gitlab/Project/10",
      "name": "Lab Coat",
      "complianceFrameworks": {
        "nodes": [
          {
            "name": "gdpr"
          }
        ]
      }
    }
  }
}

Considerations

As a general direction, we're likely to iterate to allow projects to have more than one compliance framework in the future. (See conversation between EM and PM on this)

But we're also not keen on the idea of adding new API functionality only to have to make a breaking change in the relatively-near future. (compliance_framework -> name rather than compliance_frameworks -> nodes -> name)

By treating compliance_frameworks as a list, rather than a single value, this seemed like the best way to avoid it. I'm aware there's an element of code-smell here though, so I'm more than open to better solutions.

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team

Mentions #215157 (closed)

Edited by Alex Kalderimis

Merge request reports