Create add compliance framework page
What does this MR do?
This MR creates a new page to allow users to add custom compliance frameworks to a group. This page contains the HTML and JS needed to show the associated Vue form. The form itself handles the rendering, errors and submissions processes.
It also adds the Add framework button to the compliance frameworks listing in the groups general settings so users can get to the page.
These changes are behind the feature flag :ff_custom_compliance_frameworks. While the rendering of the pipeline configuration field is behind the feature flag :evaluate_group_level_compliance_pipeline.
Screenshots (strongly suggested)
Note: There are three things that have been noticed when developing this feature that could be improved in a future MR.
- The submit button text should say "Add framework"
- On successful form submission, the form shouldn't be reshown
- The success banner on framework deletion is marked as dismissable but doesn't actually dismiss
I've created an issue to implement these.
Note 2: I have found a bug with the pipeline configuration input which will be addressed in a separate MR
| Video |
|---|
| Screen_Recording_2021-02-19_at_14.55.18 |
Does this MR meet the acceptance criteria?
Conformity
- [-] Changelog entry
- [-] Documentation (if required)
-
Code review guidelines -
Merge request performance guidelines -
Style guides - [-] Database guides
-
Separation of EE specific content
Availability and Testing
- Enable the feature flag
Feature.enable(:ff_custom_compliance_frameworks)and make sure you are at least on GitLab Premium - Go to
[GDK_HOST]/groups/gitlab-org/-/edit#js-compliance-frameworks-settings - Click the
Add frameworkbutton and test the form successfully submits
To test the pipeline configuration, you will need to enable the feature flag Feature.enable(:evaluate_group_level_compliance_pipeline) and make sure you are on GitLab Ultimate. This field should be optional.
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers - [-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
- [-] Label as security and @ mention
@gitlab-com/gl-security/appsec - [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
- [-] Security reports checked/validated by a reviewer from the AppSec team
Related to #287845 (closed)