Commit 3f5c4cec authored by David Fernandez's avatar David Fernandez

Merge branch 'ff/custom_compliance_frameworks_removal' into 'master'

Removes ff_custom_compliance_frameworks feature flag [RUN ALL RSPEC] [RUN AS-IF-FOSS]

See merge request gitlab-org/gitlab!58884
parents db4848d1 210bbca4
...@@ -8667,7 +8667,7 @@ four standard [pagination arguments](#connection-pagination-arguments): ...@@ -8667,7 +8667,7 @@ four standard [pagination arguments](#connection-pagination-arguments):
##### `Group.complianceFrameworks` ##### `Group.complianceFrameworks`
Compliance frameworks available to projects in this namespace. Available only when feature flag `ff_custom_compliance_frameworks` is enabled. Compliance frameworks available to projects in this namespace.
Returns [`ComplianceFrameworkConnection`](#complianceframeworkconnection). Returns [`ComplianceFrameworkConnection`](#complianceframeworkconnection).
...@@ -10223,7 +10223,7 @@ Contains statistics about a milestone. ...@@ -10223,7 +10223,7 @@ Contains statistics about a milestone.
##### `Namespace.complianceFrameworks` ##### `Namespace.complianceFrameworks`
Compliance frameworks available to projects in this namespace. Available only when feature flag `ff_custom_compliance_frameworks` is enabled. Compliance frameworks available to projects in this namespace.
Returns [`ComplianceFrameworkConnection`](#complianceframeworkconnection). Returns [`ComplianceFrameworkConnection`](#complianceframeworkconnection).
......
...@@ -32,38 +32,19 @@ Adjust your project's name, description, avatar, [default branch](../repository/ ...@@ -32,38 +32,19 @@ Adjust your project's name, description, avatar, [default branch](../repository/
The project description also partially supports [standard Markdown](../../markdown.md#standard-markdown-and-extensions-in-gitlab). You can use [emphasis](../../markdown.md#emphasis), [links](../../markdown.md#links), and [line-breaks](../../markdown.md#line-breaks) to add more context to the project description. The project description also partially supports [standard Markdown](../../markdown.md#standard-markdown-and-extensions-in-gitlab). You can use [emphasis](../../markdown.md#emphasis), [links](../../markdown.md#links), and [line-breaks](../../markdown.md#line-breaks) to add more context to the project description.
#### Compliance framework **(PREMIUM)** #### Compliance frameworks **(PREMIUM)**
You can select a framework label to identify that your project has certain compliance requirements or needs additional oversight. Available labels include:
- GDPR (General Data Protection Regulation)
- HIPAA (Health Insurance Portability and Accountability Act)
- PCI-DSS (Payment Card Industry-Data Security Standard)
- SOC 2 (Service Organization Control 2)
- SOX (Sarbanes-Oxley)
NOTE:
Compliance framework labels do not affect your project settings.
#### Custom compliance frameworks
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/276221) in GitLab 13.9. > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/276221) in GitLab 13.9.
> - [Deployed behind a feature flag](../../feature_flags.md). > - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/287779) in GitLab 13.12.
> - [Enabled by default](https://gitlab.com/gitlab-org/gitlab/-/issues/287779) in GitLab 13.11.
> - Enabled on GitLab.com.
> - Recommended for production use.
WARNING:
This feature might not be available to you. Check the **version history** note above for details.
GitLab 13.9 introduces custom compliance frameworks at the group-level. A group owner can create a compliance framework label You can create a framework label to identify that your project has certain compliance requirements or needs additional oversight.
and assign it to any number of projects within that group or subgroups. When this feature is enabled, projects can only
be assigned compliance framework labels that already exist within that group.
If existing [Compliance frameworks](#compliance-framework) are not sufficient, project and group owners Group owners can create, edit and delete compliance frameworks by going to **Settings** > **General** and expanding the **Compliance frameworks** section.
can now create their own. Compliance frameworks created can then be assigned to any number of projects via the project settings page inside the group or subgroups.
New compliance framework labels can be created and updated using GraphQL. NOTE:
Attempting to create compliance frameworks on subgroups via GraphQL will cause the framework to be created on the root ancestor if the user has the correct permissions.
The web UI presents a read-only view to discourage this behavior.
#### Compliance pipeline configuration **(ULTIMATE)** #### Compliance pipeline configuration **(ULTIMATE)**
...@@ -79,7 +60,7 @@ This feature might not be available to you. Check the **version history** note a ...@@ -79,7 +60,7 @@ This feature might not be available to you. Check the **version history** note a
Group owners can use the compliance pipeline configuration to define compliance requirements Group owners can use the compliance pipeline configuration to define compliance requirements
such as scans or tests, and enforce them in individual projects. such as scans or tests, and enforce them in individual projects.
The [custom compliance framework](#custom-compliance-frameworks) feature allows group owners to specify the location The [custom compliance framework](#compliance-frameworks) feature allows group owners to specify the location
of a compliance pipeline configuration stored and managed in a dedicated project, distinct from a developer's project. of a compliance pipeline configuration stored and managed in a dedicated project, distinct from a developer's project.
When you set up the compliance pipeline configuration field, use the When you set up the compliance pipeline configuration field, use the
...@@ -387,22 +368,3 @@ Add the URL of a Jaeger server to allow your users to [easily access the Jaeger ...@@ -387,22 +368,3 @@ Add the URL of a Jaeger server to allow your users to [easily access the Jaeger
[Add Storage credentials](../../../operations/incident_management/status_page.md#sync-incidents-to-the-status-page) [Add Storage credentials](../../../operations/incident_management/status_page.md#sync-incidents-to-the-status-page)
to enable the syncing of public Issues to a [deployed status page](../../../operations/incident_management/status_page.md#create-a-status-page-project). to enable the syncing of public Issues to a [deployed status page](../../../operations/incident_management/status_page.md#create-a-status-page-project).
### Enable or disable custom compliance frameworks **(PREMIUM)**
Enabling or disabling custom compliance frameworks is under development and not ready for production use. It is
deployed behind a feature flag that is **disabled by default**.
[GitLab administrators with access to the GitLab Rails console](../../../administration/feature_flags.md)
can enable it.
To enable it:
```ruby
Feature.enable(:ff_custom_compliance_frameworks, Group.find(<group id>))
```
To disable it:
```ruby
Feature.disable(:ff_custom_compliance_frameworks, Group.find(<group id>))
```
...@@ -57,7 +57,7 @@ module EE ...@@ -57,7 +57,7 @@ module EE
field :compliance_frameworks, field :compliance_frameworks,
::Types::ComplianceManagement::ComplianceFrameworkType.connection_type, ::Types::ComplianceManagement::ComplianceFrameworkType.connection_type,
null: true, null: true,
description: 'Compliance frameworks available to projects in this namespace. Available only when feature flag `ff_custom_compliance_frameworks` is enabled.', description: 'Compliance frameworks available to projects in this namespace.',
resolver: ::Resolvers::ComplianceManagement::FrameworkResolver resolver: ::Resolvers::ComplianceManagement::FrameworkResolver
def additional_purchased_storage_size def additional_purchased_storage_size
......
...@@ -5,8 +5,7 @@ module ComplianceManagement ...@@ -5,8 +5,7 @@ module ComplianceManagement
delegate { @subject.namespace } delegate { @subject.namespace }
condition(:custom_compliance_frameworks_enabled) do condition(:custom_compliance_frameworks_enabled) do
@subject.namespace.feature_available?(:custom_compliance_frameworks) && @subject.namespace.feature_available?(:custom_compliance_frameworks)
Feature.enabled?(:ff_custom_compliance_frameworks, @subject.namespace, default_enabled: :yaml)
end end
condition(:group_level_compliance_pipeline_enabled) do condition(:group_level_compliance_pipeline_enabled) do
......
...@@ -119,8 +119,7 @@ module EE ...@@ -119,8 +119,7 @@ module EE
condition(:eligible_for_trial, scope: :subject) { @subject.eligible_for_trial? } condition(:eligible_for_trial, scope: :subject) { @subject.eligible_for_trial? }
condition(:compliance_framework_available) do condition(:compliance_framework_available) do
@subject.feature_available?(:custom_compliance_frameworks) && @subject.feature_available?(:custom_compliance_frameworks)
::Feature.enabled?(:ff_custom_compliance_frameworks, @subject, default_enabled: :yaml)
end end
condition(:group_level_compliance_pipeline_available) do condition(:group_level_compliance_pipeline_available) do
......
...@@ -7,8 +7,7 @@ module EE ...@@ -7,8 +7,7 @@ module EE
prepended do prepended do
condition(:over_storage_limit, scope: :subject) { @subject.over_storage_limit? } condition(:over_storage_limit, scope: :subject) { @subject.over_storage_limit? }
condition(:compliance_framework_available) do condition(:compliance_framework_available) do
@subject.feature_available?(:custom_compliance_frameworks) && @subject.feature_available?(:custom_compliance_frameworks)
::Feature.enabled?(:ff_custom_compliance_frameworks, @subject, default_enabled: :yaml)
end end
rule { admin & is_gitlab_com }.enable :update_subscription_limit rule { admin & is_gitlab_com }.enable :update_subscription_limit
......
...@@ -50,10 +50,6 @@ module EE ...@@ -50,10 +50,6 @@ module EE
@subject.feature_available?(:project_merge_request_analytics) @subject.feature_available?(:project_merge_request_analytics)
end end
condition(:custom_compliance_framework_available) do
::Feature.enabled?(:ff_custom_compliance_frameworks, default_enabled: :yaml)
end
with_scope :subject with_scope :subject
condition(:group_push_rules_enabled) do condition(:group_push_rules_enabled) do
@subject.group && @subject.group.licensed_feature_available?(:push_rules) @subject.group && @subject.group.licensed_feature_available?(:push_rules)
...@@ -357,8 +353,7 @@ module EE ...@@ -357,8 +353,7 @@ module EE
rule { requirements_available & owner }.enable :destroy_requirement rule { requirements_available & owner }.enable :destroy_requirement
rule { compliance_framework_available & can?(:owner_access) }.enable :admin_compliance_framework rule { compliance_framework_available & can?(:maintainer_access) }.enable :admin_compliance_framework
rule { compliance_framework_available & can?(:maintainer_access) & ~custom_compliance_framework_available }.enable :admin_compliance_framework
rule { status_page_available & can?(:owner_access) }.enable :mark_issue_for_publication rule { status_page_available & can?(:owner_access) }.enable :mark_issue_for_publication
rule { status_page_available & can?(:developer_access) }.enable :publish_status_page rule { status_page_available & can?(:developer_access) }.enable :publish_status_page
......
...@@ -78,10 +78,8 @@ module EE ...@@ -78,10 +78,8 @@ module EE
framework_identifier = settings.delete(:framework) framework_identifier = settings.delete(:framework)
if framework_identifier.blank? if framework_identifier.blank?
settings.merge!(_destroy: true) settings.merge!(_destroy: true)
elsif ::Feature.enabled?(:ff_custom_compliance_frameworks, project.namespace, default_enabled: :yaml)
settings[:compliance_management_framework] = project.namespace.root_ancestor.compliance_management_frameworks.find(framework_identifier)
else else
settings[:compliance_management_framework] = ComplianceManagement::Framework.find_or_create_legacy_default_framework(project, framework_identifier) settings[:compliance_management_framework] = project.namespace.root_ancestor.compliance_management_frameworks.find(framework_identifier)
end end
else else
params.delete(:compliance_framework_setting_attributes) params.delete(:compliance_framework_setting_attributes)
......
- user_has_edit_permissions = current_user.can?(:admin_compliance_framework, @project) - user_has_edit_permissions = current_user.can?(:admin_compliance_framework, @project)
.row .row
.form-group.col-md-9.gl-mb-6 .form-group.col-md-9.gl-mb-6
- if Feature.enabled?(:ff_custom_compliance_frameworks, @project.namespace, default_enabled: :yaml) - frameworks = @project.namespace.root_ancestor.compliance_management_frameworks
- frameworks = @project.namespace.root_ancestor.compliance_management_frameworks - if user_has_edit_permissions
- if user_has_edit_permissions = f.fields_for :compliance_framework_setting, ComplianceManagement::ComplianceFramework::ProjectSettings.new do |cf|
= f.fields_for :compliance_framework_setting, ComplianceManagement::ComplianceFramework::ProjectSettings.new do |cf| = cf.label :framework, class: 'gl-font-weight-bold' do
= cf.label :framework, class: 'gl-font-weight-bold' do = _('Compliance framework (optional)')
= _('Compliance framework (optional)') - if frameworks.any?
- if frameworks.any? - selected_default_framework = @project.compliance_framework_setting&.compliance_management_framework&.id
- selected_default_framework = @project.compliance_framework_setting&.compliance_management_framework&.id = cf.select :framework, options_for_select(frameworks.map { |fw| [fw.name.truncate(88), fw.id] }, selected_default_framework), { selected: '', prompt: _('Choose your framework'), include_blank: _('None') }, { class: 'form-control', disabled: false }
= cf.select :framework, options_for_select(frameworks.map { |fw| [fw.name.truncate(88), fw.id] }, selected_default_framework), { selected: '', prompt: _('Choose your framework'), include_blank: _('None') }, { class: 'form-control', disabled: false } - else
- else %p.form-text.text-muted
%p.form-text.text-muted = _("No compliance frameworks are in use. Create one from the %{link} section in Group Settings.").html_safe % { link: link_to('Compliance frameworks', edit_group_path(@project.namespace.root_ancestor)).html_safe }
= _("No compliance frameworks are in use. Create one using the GraphQL API.")
- else
= f.fields_for :compliance_framework_setting, ComplianceManagement::ComplianceFramework::ProjectSettings.new do |cf|
= cf.label :framework, class: 'gl-font-weight-bold' do
= _('Compliance framework')
- if frameworks.any?
- selected_framework = @project.compliance_framework_setting&.compliance_management_framework&.name&.truncate(88) || _('None')
= cf.text_field :framework, value: selected_framework, class: 'form-control read-only', disabled: true
%p.form-text.text-muted
= _("Customizable by owners.")
- else
%p.form-text.text-muted
= _("No compliance frameworks are in use.")
- else - else
= f.fields_for :compliance_framework_setting, ComplianceManagement::ComplianceFramework::ProjectSettings.new do |cf| = f.fields_for :compliance_framework_setting, ComplianceManagement::ComplianceFramework::ProjectSettings.new do |cf|
= cf.label :framework, _('Compliance framework (optional)'), class: 'gl-font-weight-bold' = cf.label :framework, class: 'gl-font-weight-bold' do
- selected_default_framework = @project.compliance_framework_setting&.compliance_management_framework&.default_framework_definition&.identifier = _('Compliance framework')
= cf.select :framework, options_for_select(compliance_framework_options, selected_default_framework), { selected: '', disabled: '', prompt: _('Choose your framework'), include_blank: _('None') }, class: 'form-control' - if frameworks.any?
= link_to _("Learn more."), help_page_path('user/project/settings/index', anchor: 'compliance-framework') - selected_framework = @project.compliance_framework_setting&.compliance_management_framework&.name&.truncate(88) || _('None')
= cf.text_field :framework, value: selected_framework, class: 'form-control read-only', disabled: true
%p.form-text.text-muted
= _("Customizable by owners.")
- else
%p.form-text.text-muted
= _("No compliance frameworks are in use.")
---
title: Remove ff_custom_compliance_frameworks flag
merge_request: 58884
author:
type: changed
---
name: ff_custom_compliance_frameworks
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/47779
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/287779
milestone: '13.7'
type: development
group: group::compliance
default_enabled: true
...@@ -547,17 +547,6 @@ RSpec.describe ProjectsController do ...@@ -547,17 +547,6 @@ RSpec.describe ProjectsController do
end end
it_behaves_like 'no compliance framework is set' it_behaves_like 'no compliance framework is set'
context 'custom frameworks are disabled' do
let(:framework) { ComplianceManagement::Framework::DEFAULT_FRAMEWORKS.last }
let(:params) { { compliance_framework_setting_attributes: { framework: framework.identifier } } }
before do
stub_feature_flags(ff_custom_compliance_frameworks: false)
end
it_behaves_like 'no compliance framework is set'
end
end end
context 'when licensed' do context 'when licensed' do
...@@ -584,41 +573,6 @@ RSpec.describe ProjectsController do ...@@ -584,41 +573,6 @@ RSpec.describe ProjectsController do
expect(project.compliance_framework_setting.compliance_management_framework).to eq(framework) expect(project.compliance_framework_setting.compliance_management_framework).to eq(framework)
end end
context 'custom frameworks are disabled' do
let(:framework) { ComplianceManagement::Framework::DEFAULT_FRAMEWORKS.last }
let(:params) { { compliance_framework_setting_attributes: { framework: framework.identifier } } }
before do
stub_feature_flags(ff_custom_compliance_frameworks: false)
end
it 'sets the compliance framework based on the framework identifier' do
put :update,
params: {
namespace_id: project.namespace,
id: project,
project: params
}
project.reload
expect(project.compliance_framework_setting.compliance_management_framework.name).to eq(framework.name)
end
it 'raises an error when using framework IDs for custom frameworks' do
framework = create(:compliance_framework, namespace: project.namespace.root_ancestor)
params = { compliance_framework_setting_attributes: { framework: framework.id } }
expect do
put :update,
params: {
namespace_id: project.namespace,
id: project,
project: params
}
end.to raise_error(KeyError)
end
end
end end
end end
end end
......
...@@ -31,20 +31,6 @@ RSpec.describe Mutations::ComplianceManagement::Frameworks::Create do ...@@ -31,20 +31,6 @@ RSpec.describe Mutations::ComplianceManagement::Frameworks::Create do
stub_licensed_features(custom_compliance_frameworks: true, evaluate_group_level_compliance_pipeline: true) stub_licensed_features(custom_compliance_frameworks: true, evaluate_group_level_compliance_pipeline: true)
end end
context 'feature flag is disabled' do
before do
stub_feature_flags(ff_custom_compliance_frameworks: false)
end
it 'does not create a new compliance framework' do
expect { subject }.not_to change { namespace.compliance_management_frameworks.count }
end
it 'returns useful error messages' do
expect(subject[:errors]).to include 'Not permitted to create framework'
end
end
context 'current_user is not namespace owner' do context 'current_user is not namespace owner' do
it 'does not create a new compliance framework' do it 'does not create a new compliance framework' do
expect { subject }.not_to change { namespace.compliance_management_frameworks.count } expect { subject }.not_to change { namespace.compliance_management_frameworks.count }
......
...@@ -36,21 +36,11 @@ RSpec.describe Mutations::ComplianceManagement::Frameworks::Destroy do ...@@ -36,21 +36,11 @@ RSpec.describe Mutations::ComplianceManagement::Frameworks::Destroy do
it_behaves_like 'a compliance framework that cannot be found' it_behaves_like 'a compliance framework that cannot be found'
end end
context 'feature is disabled but is licensed' do context 'feature is licensed' do
before do before do
stub_feature_flags(ff_custom_compliance_frameworks: false)
stub_licensed_features(custom_compliance_frameworks: true) stub_licensed_features(custom_compliance_frameworks: true)
end end
it_behaves_like 'a compliance framework that cannot be found'
end
context 'feature is enabled and licensed' do
before do
stub_licensed_features(custom_compliance_frameworks: true)
stub_feature_flags(ff_custom_compliance_frameworks: true)
end
context 'current_user is namespace owner' do context 'current_user is namespace owner' do
it_behaves_like 'one compliance framework was destroyed' it_behaves_like 'one compliance framework was destroyed'
end end
......
...@@ -19,10 +19,9 @@ RSpec.describe Mutations::ComplianceManagement::Frameworks::Update do ...@@ -19,10 +19,9 @@ RSpec.describe Mutations::ComplianceManagement::Frameworks::Update do
subject { mutation.resolve(id: global_id_of(framework), params: params) } subject { mutation.resolve(id: global_id_of(framework), params: params) }
context 'feature is enabled and licensed' do context 'feature is licensed' do
before do before do
stub_licensed_features(custom_compliance_frameworks: true) stub_licensed_features(custom_compliance_frameworks: true)
stub_feature_flags(ff_custom_compliance_frameworks: true)
end end
context 'parameters are valid' do context 'parameters are valid' do
......
...@@ -55,15 +55,4 @@ RSpec.describe ComplianceManagement::FrameworkPolicy do ...@@ -55,15 +55,4 @@ RSpec.describe ComplianceManagement::FrameworkPolicy do
it { is_expected.to be_disallowed(:manage_compliance_framework) } it { is_expected.to be_disallowed(:manage_compliance_framework) }
it { is_expected.to be_disallowed(:manage_group_level_compliance_pipeline_config) } it { is_expected.to be_disallowed(:manage_group_level_compliance_pipeline_config) }
end end
context 'feature is disabled' do
before do
stub_licensed_features(custom_compliance_frameworks: true, evaluate_group_level_compliance_pipeline: true)
stub_feature_flags(ff_custom_compliance_frameworks: false)
stub_feature_flags(ff_evaluate_group_level_compliance_pipeline: false)
end
it { is_expected.to be_disallowed(:manage_compliance_framework) }
it { is_expected.to be_disallowed(:manage_group_level_compliance_pipeline_config) }
end
end end
...@@ -1522,7 +1522,6 @@ RSpec.describe GroupPolicy do ...@@ -1522,7 +1522,6 @@ RSpec.describe GroupPolicy do
where(:role, :licensed, :feature_flag, :admin_mode, :allowed) do where(:role, :licensed, :feature_flag, :admin_mode, :allowed) do
:owner | true | true | nil | true :owner | true | true | nil | true
:owner | true | false | nil | false
:owner | false | true | nil | false :owner | false | true | nil | false
:owner | false | false | nil | false :owner | false | false | nil | false
:admin | true | true | true | true :admin | true | true | true | true
...@@ -1538,7 +1537,7 @@ RSpec.describe GroupPolicy do ...@@ -1538,7 +1537,7 @@ RSpec.describe GroupPolicy do
before do before do
stub_licensed_features(licensed_feature => licensed) stub_licensed_features(licensed_feature => licensed)
stub_feature_flags(feature_flag_name => feature_flag) stub_feature_flags(feature_flag_name => feature_flag) if feature_flag_name
enable_admin_mode!(current_user) if admin_mode enable_admin_mode!(current_user) if admin_mode
end end
...@@ -1549,7 +1548,7 @@ RSpec.describe GroupPolicy do ...@@ -1549,7 +1548,7 @@ RSpec.describe GroupPolicy do
context ':admin_compliance_framework' do context ':admin_compliance_framework' do
let(:policy) { :admin_compliance_framework } let(:policy) { :admin_compliance_framework }
let(:licensed_feature) { :custom_compliance_frameworks } let(:licensed_feature) { :custom_compliance_frameworks }
let(:feature_flag_name) { :ff_custom_compliance_frameworks } let(:feature_flag_name) { nil }
include_examples 'compliance framework permissions' include_examples 'compliance framework permissions'
end end
......
...@@ -53,10 +53,9 @@ RSpec.describe NamespacePolicy do ...@@ -53,10 +53,9 @@ RSpec.describe NamespacePolicy do
it { is_expected.to(be_disallowed(:admin_compliance_framework)) } it { is_expected.to(be_disallowed(:admin_compliance_framework)) }
end end
context 'when feature is available' do context 'when feature is licensed' do
before do before do
stub_licensed_features(custom_compliance_frameworks: true) stub_licensed_features(custom_compliance_frameworks: true)
stub_feature_flags(ff_custom_compliance_frameworks: true)
end end
context 'when user is admin', :enable_admin_mode do context 'when user is admin', :enable_admin_mode do
...@@ -72,10 +71,9 @@ RSpec.describe NamespacePolicy do ...@@ -72,10 +71,9 @@ RSpec.describe NamespacePolicy do
end end
end end
context 'when feature is not available' do context 'when feature is not licensed' do
before do before do
stub_licensed_features(custom_compliance_frameworks: false) stub_licensed_features(custom_compliance_frameworks: false)
stub_feature_flags(ff_custom_compliance_frameworks: false)
end end
context 'when user is admin', :enable_admin_mode do context 'when user is admin', :enable_admin_mode do
......
...@@ -1359,29 +1359,26 @@ RSpec.describe ProjectPolicy do ...@@ -1359,29 +1359,26 @@ RSpec.describe ProjectPolicy do
let(:policy) { :admin_compliance_framework } let(:policy) { :admin_compliance_framework }
where(:role, :feature_enabled, :admin_mode, :custom_framework_flag, :allowed) do where(:role, :feature_enabled, :admin_mode, :allowed) do
:guest | false | nil | false | false :guest | false | nil | false
:guest | true | nil | false | false :guest | true | nil | false
:reporter | false | nil | false | false :reporter | false | nil | false
:reporter | true | nil | false | false :reporter | true | nil | false
:developer | false | nil | false | false :developer | false | nil | false
:developer | true | nil | false | false :maintainer | false | nil | false
:maintainer | false | nil | false | false :maintainer | true | nil | true
:maintainer | true | nil | false | true :owner | false | nil | false
:maintainer | true | nil | true | false :owner | true | nil | true
:owner | false | nil | false | false :admin | false | false | false
:owner | true | nil | false | true :admin | false | true | false
:admin | false | false | false | false :admin | true | false | false
:admin | false | true | false | false :admin | true | true | true
:admin | true | false | false | false
:admin | true | true | false | true
end end
with_them do with_them do
let(:current_user) { public_send(role) } let(:current_user) { public_send(role) }
before do before do
stub_feature_flags(ff_custom_compliance_frameworks: custom_framework_flag)
stub_licensed_features(compliance_framework: feature_enabled) stub_licensed_features(compliance_framework: feature_enabled)
enable_admin_mode!(current_user) if admin_mode enable_admin_mode!(current_user) if admin_mode
end end
......
...@@ -65,14 +65,6 @@ RSpec.describe 'Create a Compliance Framework' do ...@@ -65,14 +65,6 @@ RSpec.describe 'Create a Compliance Framework' do
stub_licensed_features(custom_compliance_frameworks: true, evaluate_group_level_compliance_pipeline: true) stub_licensed_features(custom_compliance_frameworks: true, evaluate_group_level_compliance_pipeline: true)
end end
context 'framework feature is disabled' do
before do
stub_feature_flags(ff_custom_compliance_frameworks: false)
end
it_behaves_like 'a mutation that returns errors in the response', errors: ['Not permitted to create framework']
end
context 'pipeline configuration feature is disabled' do context 'pipeline configuration feature is disabled' do
before do before do
stub_feature_flags(ff_evaluate_group_level_compliance_pipeline: false) stub_feature_flags(ff_evaluate_group_level_compliance_pipeline: false)
......
...@@ -19,7 +19,6 @@ RSpec.describe 'Delete a compliance framework' do ...@@ -19,7 +19,6 @@ RSpec.describe 'Delete a compliance framework' do
before do before do
stub_licensed_features(custom_compliance_frameworks: false) stub_licensed_features(custom_compliance_frameworks: false)
stub_feature_flags(ff_custom_compliance_frameworks: true)
end end
it 'does not destroy a compliance framework' do it 'does not destroy a compliance framework' do
...@@ -30,10 +29,9 @@ RSpec.describe 'Delete a compliance framework' do ...@@ -30,10 +29,9 @@ RSpec.describe 'Delete a compliance framework' do
errors: ["The resource that you are attempting to access does not exist or you don't have permission to perform this action"] errors: ["The resource that you are attempting to access does not exist or you don't have permission to perform this action"]
end end
context 'when licensed and enabled' do context 'when licensed' do
before do before do
stub_licensed_features(custom_compliance_frameworks: true) stub_licensed_features(custom_compliance_frameworks: true)
stub_feature_flags(ff_custom_compliance_frameworks: true)
end end
context 'current_user is namespace owner' do context 'current_user is namespace owner' do
......
...@@ -42,10 +42,9 @@ RSpec.describe 'Update a compliance framework' do ...@@ -42,10 +42,9 @@ RSpec.describe 'Update a compliance framework' do
errors: ["The resource that you are attempting to access does not exist or you don't have permission to perform this action"] errors: ["The resource that you are attempting to access does not exist or you don't have permission to perform this action"]
end end
context 'feature is licensed and enabled' do context 'feature is licensed' do
before do before do
stub_licensed_features(custom_compliance_frameworks: true) stub_licensed_features(custom_compliance_frameworks: true)
stub_feature_flags(ff_custom_compliance_frameworks: true)
end end
context 'with valid params' do context 'with valid params' do
......
...@@ -19,7 +19,6 @@ RSpec.describe 'getting a list of compliance frameworks for a root namespace' do ...@@ -19,7 +19,6 @@ RSpec.describe 'getting a list of compliance frameworks for a root namespace' do
context 'when authenticated as the namespace owner' do context 'when authenticated as the namespace owner' do
before do before do
stub_licensed_features(custom_compliance_frameworks: true) stub_licensed_features(custom_compliance_frameworks: true)
stub_feature_flags(ff_custom_compliance_frameworks: true)
end end
let(:current_user) { namespace.owner } let(:current_user) { namespace.owner }
...@@ -116,18 +115,6 @@ RSpec.describe 'getting a list of compliance frameworks for a root namespace' do ...@@ -116,18 +115,6 @@ RSpec.describe 'getting a list of compliance frameworks for a root namespace' do
expect(graphql_data_at(:c, :complianceFrameworks, :nodes, :name)).to contain_exactly('SOX') expect(graphql_data_at(:c, :complianceFrameworks, :nodes, :name)).to contain_exactly('SOX')
end end
end end
context 'feature is disabled' do
before do
stub_feature_flags(ff_custom_compliance_frameworks: false)
end
it 'responds with error when querying a compliance framework' do
post_graphql(query, current_user: current_user)
expect(graphql_errors).to contain_exactly(include('message' => "The resource that you are attempting to access does not exist or you don't have permission to perform this action"))
end
end
end end
context 'when authenticated as a different user' do context 'when authenticated as a different user' do
......
...@@ -11,9 +11,8 @@ RSpec.describe 'group compliance frameworks' do ...@@ -11,9 +11,8 @@ RSpec.describe 'group compliance frameworks' do
login_as(user) login_as(user)
end end
context 'when compliance frameworks feature is disabled' do context 'when compliance frameworks feature is unlicensed' do
before do before do
stub_feature_flags(ff_custom_compliance_frameworks: false)
stub_licensed_features(custom_compliance_frameworks: false) stub_licensed_features(custom_compliance_frameworks: false)
end end
...@@ -34,9 +33,8 @@ RSpec.describe 'group compliance frameworks' do ...@@ -34,9 +33,8 @@ RSpec.describe 'group compliance frameworks' do
end end
end end
context 'when compliance frameworks feature is enabled' do context 'when compliance frameworks feature is licensed' do
before do before do
stub_feature_flags(ff_custom_compliance_frameworks: true)
stub_licensed_features(custom_compliance_frameworks: true) stub_licensed_features(custom_compliance_frameworks: true)
end end
......
...@@ -22,18 +22,9 @@ RSpec.describe ComplianceManagement::Frameworks::UpdateService do ...@@ -22,18 +22,9 @@ RSpec.describe ComplianceManagement::Frameworks::UpdateService do
end end
end end
context 'feature is disabled' do context 'feature is unlicensed' do
before do before do
stub_feature_flags(ff_custom_compliance_frameworks: false) stub_licensed_features(custom_compliance_frameworks: false)
end
it_behaves_like 'a failed update request'
end
context 'feature is licensed but disabled' do
before do
stub_feature_flags(ff_custom_compliance_frameworks: false)
stub_licensed_features(custom_compliance_frameworks: true)
end end
it_behaves_like 'a failed update request' it_behaves_like 'a failed update request'
...@@ -45,10 +36,9 @@ RSpec.describe ComplianceManagement::Frameworks::UpdateService do ...@@ -45,10 +36,9 @@ RSpec.describe ComplianceManagement::Frameworks::UpdateService do
it_behaves_like 'a failed update request' it_behaves_like 'a failed update request'
end end
context 'when feature is enabled and licensed' do context 'when feature is licensed' do
before do before do
stub_licensed_features(custom_compliance_frameworks: true) stub_licensed_features(custom_compliance_frameworks: true)
stub_feature_flags(ff_custom_compliance_frameworks: true)
end end
context 'with an invalid param passed' do context 'with an invalid param passed' do
......
...@@ -277,49 +277,10 @@ RSpec.describe Projects::UpdateService, '#execute' do ...@@ -277,49 +277,10 @@ RSpec.describe Projects::UpdateService, '#execute' do
end end
end end
context 'when custom compliance frameworks are disabled' do context 'custom compliance frameworks' do
let(:project_setting) { create(:compliance_framework_project_setting, :gdpr) }
before do
stub_licensed_features(compliance_framework: true)
stub_feature_flags(ff_custom_compliance_frameworks: false)
project.update!(compliance_framework_setting: project_setting)
end
context 'when framework is not blank' do
let(:framework) { ComplianceManagement::Framework::DEFAULT_FRAMEWORKS_BY_IDENTIFIER[:hipaa] }
let(:opts) { { compliance_framework_setting_attributes: { framework: framework.identifier } } }
it 'saves the framework' do
expect { update_project(project, user, opts) }.to change {
project
.reload
.compliance_framework_setting
.compliance_management_framework
.name
}.from('GDPR').to('HIPAA')
end
end
context 'when framework is blank' do
let(:opts) { { compliance_framework_setting_attributes: { framework: '' } } }
it 'removes the framework record' do
update_project(project, user, opts)
expect(project.reload.compliance_framework_setting).to be_nil
end
end
end
context 'when ff_custom_compliance_frameworks flag is enabled' do
let(:framework) { create(:compliance_framework, namespace: project.namespace) } let(:framework) { create(:compliance_framework, namespace: project.namespace) }
let(:opts) { { compliance_framework_setting_attributes: { framework: framework.id } } } let(:opts) { { compliance_framework_setting_attributes: { framework: framework.id } } }
before do
stub_feature_flags(ff_custom_compliance_frameworks: true)
end
context 'when current_user has :admin_compliance_framework ability' do context 'when current_user has :admin_compliance_framework ability' do
before do before do
stub_licensed_features(compliance_framework: true) stub_licensed_features(compliance_framework: true)
...@@ -357,35 +318,6 @@ RSpec.describe Projects::UpdateService, '#execute' do ...@@ -357,35 +318,6 @@ RSpec.describe Projects::UpdateService, '#execute' do
end end
end end
context 'when compliance framework feature is disabled' do
let(:framework) { ComplianceManagement::Framework::DEFAULT_FRAMEWORKS_BY_IDENTIFIER[:sox] }
let(:opts) { { compliance_framework_setting_attributes: { framework: framework.identifier } } }
before do
stub_licensed_features(compliance_framework: false)
end
context 'the project had the feature before' do
let(:project_setting) { create(:compliance_framework_project_setting) }
before do
project.update!(compliance_framework_setting: project_setting)
end
it 'does not save the new framework and retains the old setting' do
expect { update_project(project, user, opts) }.not_to change { framework.name }
end
end
context 'the project never had the feature' do
it 'does not save the framework' do
update_project(project, user, opts)
expect(project.reload.compliance_framework_setting).to be_nil
end
end
end
it 'returns an error result when record cannot be updated' do it 'returns an error result when record cannot be updated' do
admin = create(:admin) admin = create(:admin)
......
...@@ -14,81 +14,59 @@ RSpec.describe 'projects/edit.html.haml' do ...@@ -14,81 +14,59 @@ RSpec.describe 'projects/edit.html.haml' do
stub_licensed_features(custom_compliance_frameworks: true) stub_licensed_features(custom_compliance_frameworks: true)
end end
context 'feature enabled' do context 'group has compliance frameworks' do
before do let_it_be(:framework) { create(:compliance_framework, namespace: group, name: 'Custom framework 23') }
stub_feature_flags(ff_custom_compliance_frameworks: true)
end
context 'group has compliance frameworks' do
let_it_be(:framework) { create(:compliance_framework, namespace: group, name: 'Custom framework 23') }
it 'includes a dropdown including that framework' do
render
expect(rendered).to match /Custom framework 23/
end
it 'does not include warning message' do
render
expect(rendered).not_to match /Customizable by owners./ it 'includes a dropdown including that framework' do
end render
it 'contains the dropdown' do
render
expect(rendered).to have_css('select[id=project_compliance_framework_setting_attributes_framework]') expect(rendered).to match /Custom framework 23/
expect(rendered).not_to have_css('select[id=project_compliance_framework_setting_attributes_framework][disabled="disabled"]') end
end
context 'user is group maintainer' do it 'does not include warning message' do
let_it_be(:maintainer) { create(:user) } render
before do expect(rendered).not_to match /Customizable by owners./
group.add_maintainer(maintainer) end
allow(view).to receive(:current_user).and_return(maintainer)
end
it 'includes warning message' do it 'contains the dropdown' do
render render
expect(rendered).to match /Customizable by owners./ expect(rendered).to have_css('select[id=project_compliance_framework_setting_attributes_framework]')
end expect(rendered).not_to have_css('select[id=project_compliance_framework_setting_attributes_framework][disabled="disabled"]')
end
it 'disables the dropdown' do context 'user is group maintainer' do
render let_it_be(:maintainer) { create(:user) }
expect(rendered).to have_css('input[id=project_compliance_framework_setting_attributes_framework][disabled="disabled"]') before do
end group.add_maintainer(maintainer)
allow(view).to receive(:current_user).and_return(maintainer)
end end
end
context 'group has no compliance frameworks' do it 'includes warning message' do
before do render
group.compliance_management_frameworks.delete_all
expect(rendered).to match /Customizable by owners./
end end
it 'shows a notification' do it 'disables the dropdown' do
render render
expect(rendered).to match /No compliance frameworks are in use. Create one using the GraphQL API./ expect(rendered).to have_css('input[id=project_compliance_framework_setting_attributes_framework][disabled="disabled"]')
end end
end end
end end
context 'feature disabled' do context 'group has no compliance frameworks' do
before do before do
stub_feature_flags(ff_custom_compliance_frameworks: false) group.compliance_management_frameworks.delete_all
end end
it 'includes a dropdown including only the hard-coded frameworks' do it 'shows a notification' do
render render
expect(rendered).to match /GDPR/ expect(rendered).to match /No compliance frameworks are in use. Create one from the .* section in Group Settings./
expect(rendered).to match /HIPAA/
expect(rendered).to match /PCI-DSS/
expect(rendered).to match /SOC 2/
expect(rendered).to match /SOX/
end end
end end
end end
...@@ -8182,9 +8182,6 @@ msgstr "" ...@@ -8182,9 +8182,6 @@ msgstr ""
msgid "Compliance framework" msgid "Compliance framework"
msgstr "" msgstr ""
msgid "Compliance framework (optional)"
msgstr ""
msgid "Compliance framework (optional)" msgid "Compliance framework (optional)"
msgstr "" msgstr ""
...@@ -21915,7 +21912,7 @@ msgstr "" ...@@ -21915,7 +21912,7 @@ msgstr ""
msgid "No compliance frameworks are in use." msgid "No compliance frameworks are in use."
msgstr "" msgstr ""
msgid "No compliance frameworks are in use. Create one using the GraphQL API." msgid "No compliance frameworks are in use. Create one from the %{link} section in Group Settings."
msgstr "" msgstr ""
msgid "No confirmation email received? Please check your spam folder or" msgid "No confirmation email received? Please check your spam folder or"
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment