Raise error when more than 1 frameworks for a project
What does this MR do and why?
What?
GraphQL endpoint ProjectSetComplianceFramework
returns error if user tries to assign or unassign a compliance framework to a project, if the project has more than 1 compliance frameworks assigned to it.
Why?
We are introducing support for multiple compliance frameworks for a project. Earlier at max there can be only one framework associated with a project and hence the mutation ProjectSetComplianceFramework
was written in such a way that if a framework is being assigned to a project, then the framework gets assigned to project and in case other framework is assigned to project then that framework gets replaced. Also, the same endpoint unassigns any framework associated with the project.
Now, we are introducing new mutations which will allow users to assign and unassign multiple frameworks to a project, so the existing mutation poses an issue here, so in case multiple frameworks are assigned to a project and older mutation is being used then we will return an error.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
How to set up and validate locally
- You need to have a group with Ultimate licence for this.
- Under the group, create at least 3 different compliance frameworks by following steps at https://docs.gitlab.com/ee/user/compliance/compliance_center/compliance_frameworks_report.html#create-a-new-compliance-framework.
- Now, create a project under the group.
- Apply the first compliance framework to this project by following steps in https://docs.gitlab.com/ee/user/compliance/compliance_center/compliance_projects_report.html#apply-a-compliance-framework-to-projects-in-a-group.
- Now, open the rails console
gdk rails console
to add the second compliance framework to the project, currently it is not possible via UI or API, we are adding support for it. - In rails console, first get the group object by running
group = Group.find(<group_id>)
, you can get the <group_id> from group's dashboard. - Then list down all the compliance frameworks for the group by running
frameworks = group.compliance_management_frameworks
, this will return the ids and names of the frameworks, which will be helpful in further steps. - Get the project object by running
project = Project.find(<project_id>)
, you can get <project_id> from project's dashboard. - Now add the second framework to the project by running
ComplianceManagement::ComplianceFramework::ProjectSettings.create(project: project, compliance_management_framework: frameworks.second)
, assuming first framework is already assigned to the project. - Now, open graphql explorer and run the following mutation to add third framework to the project, it should return error with message
You cannot assign or unassign framework to a project which has more than 1 frameworks associated with it.
as this mutation should not be allowed to add or remove framework if there are multiple frameworks assigned to the project
mutation projectSetComplianceFramework {
projectSetComplianceFramework(input: {projectId: "gid://gitlab/Project/<project_id>",
complianceFrameworkId: "gid://gitlab/ComplianceManagement::Framework/<third_framework_id>"}) {
errors
project {
id
name
}
}
}
Related to #464159 (closed)