Commit 210bbca4 authored by Max Woolf's avatar Max Woolf

Removes ff_custom_compliance_frameworks feature flag

* Removes flag
* Updates documentation to no longer refer to old functionality

Changelog: changed
parent 857a07c5
......@@ -8632,7 +8632,7 @@ four standard [pagination arguments](#connection-pagination-arguments):
##### `Group.complianceFrameworks`
Compliance frameworks available to projects in this namespace. Available only when feature flag `ff_custom_compliance_frameworks` is enabled.
Compliance frameworks available to projects in this namespace.
Returns [`ComplianceFrameworkConnection`](#complianceframeworkconnection).
......@@ -10162,7 +10162,7 @@ Contains statistics about a milestone.
##### `Namespace.complianceFrameworks`
Compliance frameworks available to projects in this namespace. Available only when feature flag `ff_custom_compliance_frameworks` is enabled.
Compliance frameworks available to projects in this namespace.
Returns [`ComplianceFrameworkConnection`](#complianceframeworkconnection).
......
......@@ -32,38 +32,19 @@ Adjust your project's name, description, avatar, [default branch](../repository/
The project description also partially supports [standard Markdown](../../markdown.md#standard-markdown-and-extensions-in-gitlab). You can use [emphasis](../../markdown.md#emphasis), [links](../../markdown.md#links), and [line-breaks](../../markdown.md#line-breaks) to add more context to the project description.
#### Compliance framework **(PREMIUM)**
You can select a framework label to identify that your project has certain compliance requirements or needs additional oversight. Available labels include:
- GDPR (General Data Protection Regulation)
- HIPAA (Health Insurance Portability and Accountability Act)
- PCI-DSS (Payment Card Industry-Data Security Standard)
- SOC 2 (Service Organization Control 2)
- SOX (Sarbanes-Oxley)
NOTE:
Compliance framework labels do not affect your project settings.
#### Custom compliance frameworks
#### Compliance frameworks **(PREMIUM)**
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/276221) in GitLab 13.9.
> - [Deployed behind a feature flag](../../feature_flags.md).
> - [Enabled by default](https://gitlab.com/gitlab-org/gitlab/-/issues/287779) in GitLab 13.11.
> - Enabled on GitLab.com.
> - Recommended for production use.
WARNING:
This feature might not be available to you. Check the **version history** note above for details.
> - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/287779) in GitLab 13.12.
GitLab 13.9 introduces custom compliance frameworks at the group-level. A group owner can create a compliance framework label
and assign it to any number of projects within that group or subgroups. When this feature is enabled, projects can only
be assigned compliance framework labels that already exist within that group.
You can create a framework label to identify that your project has certain compliance requirements or needs additional oversight.
If existing [Compliance frameworks](#compliance-framework) are not sufficient, project and group owners
can now create their own.
Group owners can create, edit and delete compliance frameworks by going to **Settings** > **General** and expanding the **Compliance frameworks** section.
Compliance frameworks created can then be assigned to any number of projects via the project settings page inside the group or subgroups.
New compliance framework labels can be created and updated using GraphQL.
NOTE:
Attempting to create compliance frameworks on subgroups via GraphQL will cause the framework to be created on the root ancestor if the user has the correct permissions.
The web UI presents a read-only view to discourage this behavior.
#### Compliance pipeline configuration **(ULTIMATE)**
......@@ -79,7 +60,7 @@ This feature might not be available to you. Check the **version history** note a
Group owners can use the compliance pipeline configuration to define compliance requirements
such as scans or tests, and enforce them in individual projects.
The [custom compliance framework](#custom-compliance-frameworks) feature allows group owners to specify the location
The [custom compliance framework](#compliance-frameworks) feature allows group owners to specify the location
of a compliance pipeline configuration stored and managed in a dedicated project, distinct from a developer's project.
When you set up the compliance pipeline configuration field, use the
......@@ -387,22 +368,3 @@ Add the URL of a Jaeger server to allow your users to [easily access the Jaeger
[Add Storage credentials](../../../operations/incident_management/status_page.md#sync-incidents-to-the-status-page)
to enable the syncing of public Issues to a [deployed status page](../../../operations/incident_management/status_page.md#create-a-status-page-project).
### Enable or disable custom compliance frameworks **(PREMIUM)**
Enabling or disabling custom compliance frameworks is under development and not ready for production use. It is
deployed behind a feature flag that is **disabled by default**.
[GitLab administrators with access to the GitLab Rails console](../../../administration/feature_flags.md)
can enable it.
To enable it:
```ruby
Feature.enable(:ff_custom_compliance_frameworks, Group.find(<group id>))
```
To disable it:
```ruby
Feature.disable(:ff_custom_compliance_frameworks, Group.find(<group id>))
```
......@@ -57,7 +57,7 @@ module EE
field :compliance_frameworks,
::Types::ComplianceManagement::ComplianceFrameworkType.connection_type,
null: true,
description: 'Compliance frameworks available to projects in this namespace. Available only when feature flag `ff_custom_compliance_frameworks` is enabled.',
description: 'Compliance frameworks available to projects in this namespace.',
resolver: ::Resolvers::ComplianceManagement::FrameworkResolver
def additional_purchased_storage_size
......
......@@ -5,8 +5,7 @@ module ComplianceManagement
delegate { @subject.namespace }
condition(:custom_compliance_frameworks_enabled) do
@subject.namespace.feature_available?(:custom_compliance_frameworks) &&
Feature.enabled?(:ff_custom_compliance_frameworks, @subject.namespace, default_enabled: :yaml)
@subject.namespace.feature_available?(:custom_compliance_frameworks)
end
condition(:group_level_compliance_pipeline_enabled) do
......
......@@ -119,8 +119,7 @@ module EE
condition(:eligible_for_trial, scope: :subject) { @subject.eligible_for_trial? }
condition(:compliance_framework_available) do
@subject.feature_available?(:custom_compliance_frameworks) &&
::Feature.enabled?(:ff_custom_compliance_frameworks, @subject, default_enabled: :yaml)
@subject.feature_available?(:custom_compliance_frameworks)
end
condition(:group_level_compliance_pipeline_available) do
......
......@@ -7,8 +7,7 @@ module EE
prepended do
condition(:over_storage_limit, scope: :subject) { @subject.over_storage_limit? }
condition(:compliance_framework_available) do
@subject.feature_available?(:custom_compliance_frameworks) &&
::Feature.enabled?(:ff_custom_compliance_frameworks, @subject, default_enabled: :yaml)
@subject.feature_available?(:custom_compliance_frameworks)
end
rule { admin & is_gitlab_com }.enable :update_subscription_limit
......
......@@ -50,10 +50,6 @@ module EE
@subject.feature_available?(:project_merge_request_analytics)
end
condition(:custom_compliance_framework_available) do
::Feature.enabled?(:ff_custom_compliance_frameworks, default_enabled: :yaml)
end
with_scope :subject
condition(:group_push_rules_enabled) do
@subject.group && @subject.group.feature_available?(:push_rules)
......@@ -357,8 +353,7 @@ module EE
rule { requirements_available & owner }.enable :destroy_requirement
rule { compliance_framework_available & can?(:owner_access) }.enable :admin_compliance_framework
rule { compliance_framework_available & can?(:maintainer_access) & ~custom_compliance_framework_available }.enable :admin_compliance_framework
rule { compliance_framework_available & can?(:maintainer_access) }.enable :admin_compliance_framework
rule { status_page_available & can?(:owner_access) }.enable :mark_issue_for_publication
rule { status_page_available & can?(:developer_access) }.enable :publish_status_page
......
......@@ -78,10 +78,8 @@ module EE
framework_identifier = settings.delete(:framework)
if framework_identifier.blank?
settings.merge!(_destroy: true)
elsif ::Feature.enabled?(:ff_custom_compliance_frameworks, project.namespace, default_enabled: :yaml)
settings[:compliance_management_framework] = project.namespace.root_ancestor.compliance_management_frameworks.find(framework_identifier)
else
settings[:compliance_management_framework] = ComplianceManagement::Framework.find_or_create_legacy_default_framework(project, framework_identifier)
settings[:compliance_management_framework] = project.namespace.root_ancestor.compliance_management_frameworks.find(framework_identifier)
end
else
params.delete(:compliance_framework_setting_attributes)
......
- user_has_edit_permissions = current_user.can?(:admin_compliance_framework, @project)
.row
.form-group.col-md-9.gl-mb-6
- if Feature.enabled?(:ff_custom_compliance_frameworks, @project.namespace, default_enabled: :yaml)
- frameworks = @project.namespace.root_ancestor.compliance_management_frameworks
- if user_has_edit_permissions
= f.fields_for :compliance_framework_setting, ComplianceManagement::ComplianceFramework::ProjectSettings.new do |cf|
= cf.label :framework, class: 'gl-font-weight-bold' do
= _('Compliance framework (optional)')
- if frameworks.any?
- selected_default_framework = @project.compliance_framework_setting&.compliance_management_framework&.id
= cf.select :framework, options_for_select(frameworks.map { |fw| [fw.name.truncate(88), fw.id] }, selected_default_framework), { selected: '', prompt: _('Choose your framework'), include_blank: _('None') }, { class: 'form-control', disabled: false }
- else
%p.form-text.text-muted
= _("No compliance frameworks are in use. Create one using the GraphQL API.")
- else
= f.fields_for :compliance_framework_setting, ComplianceManagement::ComplianceFramework::ProjectSettings.new do |cf|
= cf.label :framework, class: 'gl-font-weight-bold' do
= _('Compliance framework')
- if frameworks.any?
- selected_framework = @project.compliance_framework_setting&.compliance_management_framework&.name&.truncate(88) || _('None')
= cf.text_field :framework, value: selected_framework, class: 'form-control read-only', disabled: true
%p.form-text.text-muted
= _("Customizable by owners.")
- else
%p.form-text.text-muted
= _("No compliance frameworks are in use.")
- frameworks = @project.namespace.root_ancestor.compliance_management_frameworks
- if user_has_edit_permissions
= f.fields_for :compliance_framework_setting, ComplianceManagement::ComplianceFramework::ProjectSettings.new do |cf|
= cf.label :framework, class: 'gl-font-weight-bold' do
= _('Compliance framework (optional)')
- if frameworks.any?
- selected_default_framework = @project.compliance_framework_setting&.compliance_management_framework&.id
= cf.select :framework, options_for_select(frameworks.map { |fw| [fw.name.truncate(88), fw.id] }, selected_default_framework), { selected: '', prompt: _('Choose your framework'), include_blank: _('None') }, { class: 'form-control', disabled: false }
- else
%p.form-text.text-muted
= _("No compliance frameworks are in use. Create one from the %{link} section in Group Settings.").html_safe % { link: link_to('Compliance frameworks', edit_group_path(@project.namespace.root_ancestor)).html_safe }
- else
= f.fields_for :compliance_framework_setting, ComplianceManagement::ComplianceFramework::ProjectSettings.new do |cf|
= cf.label :framework, _('Compliance framework (optional)'), class: 'gl-font-weight-bold'
- selected_default_framework = @project.compliance_framework_setting&.compliance_management_framework&.default_framework_definition&.identifier
= cf.select :framework, options_for_select(compliance_framework_options, selected_default_framework), { selected: '', disabled: '', prompt: _('Choose your framework'), include_blank: _('None') }, class: 'form-control'
= link_to _("Learn more."), help_page_path('user/project/settings/index', anchor: 'compliance-framework')
= cf.label :framework, class: 'gl-font-weight-bold' do
= _('Compliance framework')
- if frameworks.any?
- selected_framework = @project.compliance_framework_setting&.compliance_management_framework&.name&.truncate(88) || _('None')
= cf.text_field :framework, value: selected_framework, class: 'form-control read-only', disabled: true
%p.form-text.text-muted
= _("Customizable by owners.")
- else
%p.form-text.text-muted
= _("No compliance frameworks are in use.")
---
title: Remove ff_custom_compliance_frameworks flag
merge_request: 58884
author:
type: changed
---
name: ff_custom_compliance_frameworks
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/47779
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/287779
milestone: '13.7'
type: development
group: group::compliance
default_enabled: true
......@@ -547,17 +547,6 @@ RSpec.describe ProjectsController do
end
it_behaves_like 'no compliance framework is set'
context 'custom frameworks are disabled' do
let(:framework) { ComplianceManagement::Framework::DEFAULT_FRAMEWORKS.last }
let(:params) { { compliance_framework_setting_attributes: { framework: framework.identifier } } }
before do
stub_feature_flags(ff_custom_compliance_frameworks: false)
end
it_behaves_like 'no compliance framework is set'
end
end
context 'when licensed' do
......@@ -584,41 +573,6 @@ RSpec.describe ProjectsController do
expect(project.compliance_framework_setting.compliance_management_framework).to eq(framework)
end
context 'custom frameworks are disabled' do
let(:framework) { ComplianceManagement::Framework::DEFAULT_FRAMEWORKS.last }
let(:params) { { compliance_framework_setting_attributes: { framework: framework.identifier } } }
before do
stub_feature_flags(ff_custom_compliance_frameworks: false)
end
it 'sets the compliance framework based on the framework identifier' do
put :update,
params: {
namespace_id: project.namespace,
id: project,
project: params
}
project.reload
expect(project.compliance_framework_setting.compliance_management_framework.name).to eq(framework.name)
end
it 'raises an error when using framework IDs for custom frameworks' do
framework = create(:compliance_framework, namespace: project.namespace.root_ancestor)
params = { compliance_framework_setting_attributes: { framework: framework.id } }
expect do
put :update,
params: {
namespace_id: project.namespace,
id: project,
project: params
}
end.to raise_error(KeyError)
end
end
end
end
end
......
......@@ -31,20 +31,6 @@ RSpec.describe Mutations::ComplianceManagement::Frameworks::Create do
stub_licensed_features(custom_compliance_frameworks: true, evaluate_group_level_compliance_pipeline: true)
end
context 'feature flag is disabled' do
before do
stub_feature_flags(ff_custom_compliance_frameworks: false)
end
it 'does not create a new compliance framework' do
expect { subject }.not_to change { namespace.compliance_management_frameworks.count }
end
it 'returns useful error messages' do
expect(subject[:errors]).to include 'Not permitted to create framework'
end
end
context 'current_user is not namespace owner' do
it 'does not create a new compliance framework' do
expect { subject }.not_to change { namespace.compliance_management_frameworks.count }
......
......@@ -36,21 +36,11 @@ RSpec.describe Mutations::ComplianceManagement::Frameworks::Destroy do
it_behaves_like 'a compliance framework that cannot be found'
end
context 'feature is disabled but is licensed' do
context 'feature is licensed' do
before do
stub_feature_flags(ff_custom_compliance_frameworks: false)
stub_licensed_features(custom_compliance_frameworks: true)
end
it_behaves_like 'a compliance framework that cannot be found'
end
context 'feature is enabled and licensed' do
before do
stub_licensed_features(custom_compliance_frameworks: true)
stub_feature_flags(ff_custom_compliance_frameworks: true)
end
context 'current_user is namespace owner' do
it_behaves_like 'one compliance framework was destroyed'
end
......
......@@ -19,10 +19,9 @@ RSpec.describe Mutations::ComplianceManagement::Frameworks::Update do
subject { mutation.resolve(id: global_id_of(framework), params: params) }
context 'feature is enabled and licensed' do
context 'feature is licensed' do
before do
stub_licensed_features(custom_compliance_frameworks: true)
stub_feature_flags(ff_custom_compliance_frameworks: true)
end
context 'parameters are valid' do
......
......@@ -55,15 +55,4 @@ RSpec.describe ComplianceManagement::FrameworkPolicy do
it { is_expected.to be_disallowed(:manage_compliance_framework) }
it { is_expected.to be_disallowed(:manage_group_level_compliance_pipeline_config) }
end
context 'feature is disabled' do
before do
stub_licensed_features(custom_compliance_frameworks: true, evaluate_group_level_compliance_pipeline: true)
stub_feature_flags(ff_custom_compliance_frameworks: false)
stub_feature_flags(ff_evaluate_group_level_compliance_pipeline: false)
end
it { is_expected.to be_disallowed(:manage_compliance_framework) }
it { is_expected.to be_disallowed(:manage_group_level_compliance_pipeline_config) }
end
end
......@@ -1522,7 +1522,6 @@ RSpec.describe GroupPolicy do
where(:role, :licensed, :feature_flag, :admin_mode, :allowed) do
:owner | true | true | nil | true
:owner | true | false | nil | false
:owner | false | true | nil | false
:owner | false | false | nil | false
:admin | true | true | true | true
......@@ -1538,7 +1537,7 @@ RSpec.describe GroupPolicy do
before do
stub_licensed_features(licensed_feature => licensed)
stub_feature_flags(feature_flag_name => feature_flag)
stub_feature_flags(feature_flag_name => feature_flag) if feature_flag_name
enable_admin_mode!(current_user) if admin_mode
end
......@@ -1549,7 +1548,7 @@ RSpec.describe GroupPolicy do
context ':admin_compliance_framework' do
let(:policy) { :admin_compliance_framework }
let(:licensed_feature) { :custom_compliance_frameworks }
let(:feature_flag_name) { :ff_custom_compliance_frameworks }
let(:feature_flag_name) { nil }
include_examples 'compliance framework permissions'
end
......
......@@ -53,10 +53,9 @@ RSpec.describe NamespacePolicy do
it { is_expected.to(be_disallowed(:admin_compliance_framework)) }
end
context 'when feature is available' do
context 'when feature is licensed' do
before do
stub_licensed_features(custom_compliance_frameworks: true)
stub_feature_flags(ff_custom_compliance_frameworks: true)
end
context 'when user is admin', :enable_admin_mode do
......@@ -72,10 +71,9 @@ RSpec.describe NamespacePolicy do
end
end
context 'when feature is not available' do
context 'when feature is not licensed' do
before do
stub_licensed_features(custom_compliance_frameworks: false)
stub_feature_flags(ff_custom_compliance_frameworks: false)
end
context 'when user is admin', :enable_admin_mode do
......
......@@ -1359,29 +1359,26 @@ RSpec.describe ProjectPolicy do
let(:policy) { :admin_compliance_framework }
where(:role, :feature_enabled, :admin_mode, :custom_framework_flag, :allowed) do
:guest | false | nil | false | false
:guest | true | nil | false | false
:reporter | false | nil | false | false
:reporter | true | nil | false | false
:developer | false | nil | false | false
:developer | true | nil | false | false
:maintainer | false | nil | false | false
:maintainer | true | nil | false | true
:maintainer | true | nil | true | false
:owner | false | nil | false | false
:owner | true | nil | false | true
:admin | false | false | false | false
:admin | false | true | false | false
:admin | true | false | false | false
:admin | true | true | false | true
where(:role, :feature_enabled, :admin_mode, :allowed) do
:guest | false | nil | false
:guest | true | nil | false
:reporter | false | nil | false
:reporter | true | nil | false
:developer | false | nil | false
:maintainer | false | nil | false
:maintainer | true | nil | true
:owner | false | nil | false
:owner | true | nil | true
:admin | false | false | false
:admin | false | true | false
:admin | true | false | false
:admin | true | true | true
end
with_them do
let(:current_user) { public_send(role) }
before do
stub_feature_flags(ff_custom_compliance_frameworks: custom_framework_flag)
stub_licensed_features(compliance_framework: feature_enabled)
enable_admin_mode!(current_user) if admin_mode
end
......
......@@ -65,14 +65,6 @@ RSpec.describe 'Create a Compliance Framework' do
stub_licensed_features(custom_compliance_frameworks: true, evaluate_group_level_compliance_pipeline: true)
end
context 'framework feature is disabled' do
before do
stub_feature_flags(ff_custom_compliance_frameworks: false)
end
it_behaves_like 'a mutation that returns errors in the response', errors: ['Not permitted to create framework']
end
context 'pipeline configuration feature is disabled' do
before do
stub_feature_flags(ff_evaluate_group_level_compliance_pipeline: false)
......
......@@ -19,7 +19,6 @@ RSpec.describe 'Delete a compliance framework' do
before do
stub_licensed_features(custom_compliance_frameworks: false)
stub_feature_flags(ff_custom_compliance_frameworks: true)
end
it 'does not destroy a compliance framework' do
......@@ -30,10 +29,9 @@ RSpec.describe 'Delete a compliance framework' do
errors: ["The resource that you are attempting to access does not exist or you don't have permission to perform this action"]
end
context 'when licensed and enabled' do
context 'when licensed' do
before do
stub_licensed_features(custom_compliance_frameworks: true)
stub_feature_flags(ff_custom_compliance_frameworks: true)
end
context 'current_user is namespace owner' do
......
......@@ -42,10 +42,9 @@ RSpec.describe 'Update a compliance framework' do
errors: ["The resource that you are attempting to access does not exist or you don't have permission to perform this action"]
end
context 'feature is licensed and enabled' do
context 'feature is licensed' do
before do
stub_licensed_features(custom_compliance_frameworks: true)
stub_feature_flags(ff_custom_compliance_frameworks: true)
end
context 'with valid params' do
......
......@@ -19,7 +19,6 @@ RSpec.describe 'getting a list of compliance frameworks for a root namespace' do
context 'when authenticated as the namespace owner' do
before do
stub_licensed_features(custom_compliance_frameworks: true)
stub_feature_flags(ff_custom_compliance_frameworks: true)
end
let(:current_user) { namespace.owner }
......@@ -116,18 +115,6 @@ RSpec.describe 'getting a list of compliance frameworks for a root namespace' do
expect(graphql_data_at(:c, :complianceFrameworks, :nodes, :name)).to contain_exactly('SOX')
end
end
context 'feature is disabled' do
before do
stub_feature_flags(ff_custom_compliance_frameworks: false)
end
it 'responds with error when querying a compliance framework' do
post_graphql(query, current_user: current_user)
expect(graphql_errors).to contain_exactly(include('message' => "The resource that you are attempting to access does not exist or you don't have permission to perform this action"))
end
end
end
context 'when authenticated as a different user' do
......
......@@ -11,9 +11,8 @@ RSpec.describe 'group compliance frameworks' do
login_as(user)
end
context 'when compliance frameworks feature is disabled' do
context 'when compliance frameworks feature is unlicensed' do
before do
stub_feature_flags(ff_custom_compliance_frameworks: false)
stub_licensed_features(custom_compliance_frameworks: false)
end
......@@ -34,9 +33,8 @@ RSpec.describe 'group compliance frameworks' do
end
end
context 'when compliance frameworks feature is enabled' do
context 'when compliance frameworks feature is licensed' do
before do
stub_feature_flags(ff_custom_compliance_frameworks: true)
stub_licensed_features(custom_compliance_frameworks: true)
end
......
......@@ -22,18 +22,9 @@ RSpec.describe ComplianceManagement::Frameworks::UpdateService do
end
end
context 'feature is disabled' do
context 'feature is unlicensed' do
before do
stub_feature_flags(ff_custom_compliance_frameworks: false)
end
it_behaves_like 'a failed update request'
end
context 'feature is licensed but disabled' do
before do
stub_feature_flags(ff_custom_compliance_frameworks: false)
stub_licensed_features(custom_compliance_frameworks: true)
stub_licensed_features(custom_compliance_frameworks: false)
end
it_behaves_like 'a failed update request'
......@@ -45,10 +36,9 @@ RSpec.describe ComplianceManagement::Frameworks::UpdateService do
it_behaves_like 'a failed update request'
end
context 'when feature is enabled and licensed' do
context 'when feature is licensed' do
before do
stub_licensed_features(custom_compliance_frameworks: true)
stub_feature_flags(ff_custom_compliance_frameworks: true)
end
context 'with an invalid param passed' do
......
......@@ -277,49 +277,10 @@ RSpec.describe Projects::UpdateService, '#execute' do
end
end
context 'when custom compliance frameworks are disabled' do
let(:project_setting) { create(:compliance_framework_project_setting, :gdpr) }
before do
stub_licensed_features(compliance_framework: true)
stub_feature_flags(ff_custom_compliance_frameworks: false)
project.update!(compliance_framework_setting: project_setting)
end
context 'when framework is not blank' do
let(:framework) { ComplianceManagement::Framework::DEFAULT_FRAMEWORKS_BY_IDENTIFIER[:hipaa] }
let(:opts) { { compliance_framework_setting_attributes: { framework: framework.identifier } } }
it 'saves the framework' do
expect { update_project(project, user, opts) }.to change {
project
.reload
.compliance_framework_setting
.compliance_management_framework
.name
}.from('GDPR').to('HIPAA')
end
end
context 'when framework is blank' do
let(:opts) { { compliance_framework_setting_attributes: { framework: '' } } }
it 'removes the framework record' do
update_project(project, user, opts)
expect(project.reload.compliance_framework_setting).to be_nil
end
end
end
context 'when ff_custom_compliance_frameworks flag is enabled' do
context 'custom compliance frameworks' do
let(:framework) { create(:compliance_framework, namespace: project.namespace) }
let(:opts) { { compliance_framework_setting_attributes: { framework: framework.id } } }
before do
stub_feature_flags(ff_custom_compliance_frameworks: true)
end
context 'when current_user has :admin_compliance_framework ability' do
before do
stub_licensed_features(compliance_framework: true)
......@@ -357,35 +318,6 @@ RSpec.describe Projects::UpdateService, '#execute' do
end
end
context 'when compliance framework feature is disabled' do
let(:framework) { ComplianceManagement::Framework::DEFAULT_FRAMEWORKS_BY_IDENTIFIER[:sox] }
let(:opts) { { compliance_framework_setting_attributes: { framework: framework.identifier } } }
before do
stub_licensed_features(compliance_framework: false)
end
context 'the project had the feature before' do
let(:project_setting) { create(:compliance_framework_project_setting) }
before do
project.update!(compliance_framework_setting: project_setting)
end
it 'does not save the new framework and retains the old setting' do
expect { update_project(project, user, opts) }.not_to change { framework.name }
end
end
context 'the project never had the feature' do
it 'does not save the framework' do
update_project(project, user, opts)
expect(project.reload.compliance_framework_setting).to be_nil
end
end
end
it 'returns an error result when record cannot be updated' do
admin = create(:admin)
......
......@@ -14,81 +14,59 @@ RSpec.describe 'projects/edit.html.haml' do
stub_licensed_features(custom_compliance_frameworks: true)
end
context 'feature enabled' do
before do
stub_feature_flags(ff_custom_compliance_frameworks: true)
end
context 'group has compliance frameworks' do
let_it_be(:framework) { create(:compliance_framework, namespace: group, name: 'Custom framework 23') }
it 'includes a dropdown including that framework' do
render
expect(rendered).to match /Custom framework 23/
end
it 'does not include warning message' do
render
context 'group has compliance frameworks' do
let_it_be(:framework) { create(:compliance_framework, namespace: group, name: 'Custom framework 23') }
expect(rendered).not_to match /Customizable by owners./
end
it 'contains the dropdown' do
render
it 'includes a dropdown including that framework' do
render
expect(rendered).to have_css('select[id=project_compliance_framework_setting_attributes_framework]')
expect(rendered).not_to have_css('select[id=project_compliance_framework_setting_attributes_framework][disabled="disabled"]')
end
expect(rendered).to match /Custom framework 23/
end
context 'user is group maintainer' do
let_it_be(:maintainer) { create(:user) }
it 'does not include warning message' do
render
before do
group.add_maintainer(maintainer)
allow(view).to receive(:current_user).and_return(maintainer)
end
expect(rendered).not_to match /Customizable by owners./
end
it 'includes warning message' do
render
it 'contains the dropdown' do
render
expect(rendered).to match /Customizable by owners./
end
expect(rendered).to have_css('select[id=project_compliance_framework_setting_attributes_framework]')
expect(rendered).not_to have_css('select[id=project_compliance_framework_setting_attributes_framework][disabled="disabled"]')
end
it 'disables the dropdown' do
render
context 'user is group maintainer' do
let_it_be(:maintainer) { create(:user) }
expect(rendered).to have_css('input[id=project_compliance_framework_setting_attributes_framework][disabled="disabled"]')
end
before do
group.add_maintainer(maintainer)
allow(view).to receive(:current_user).and_return(maintainer)
end
end
context 'group has no compliance frameworks' do
before do
group.compliance_management_frameworks.delete_all
it 'includes warning message' do
render
expect(rendered).to match /Customizable by owners./
end
it 'shows a notification' do
it 'disables the dropdown' do
render
expect(rendered).to match /No compliance frameworks are in use. Create one using the GraphQL API./
expect(rendered).to have_css('input[id=project_compliance_framework_setting_attributes_framework][disabled="disabled"]')
end
end
end
context 'feature disabled' do
context 'group has no compliance frameworks' do
before do
stub_feature_flags(ff_custom_compliance_frameworks: false)
group.compliance_management_frameworks.delete_all
end
it 'includes a dropdown including only the hard-coded frameworks' do
it 'shows a notification' do
render
expect(rendered).to match /GDPR/
expect(rendered).to match /HIPAA/
expect(rendered).to match /PCI-DSS/
expect(rendered).to match /SOC 2/
expect(rendered).to match /SOX/
expect(rendered).to match /No compliance frameworks are in use. Create one from the .* section in Group Settings./
end
end
end
......@@ -8179,9 +8179,6 @@ msgstr ""
msgid "Compliance framework"
msgstr ""
msgid "Compliance framework (optional)"
msgstr ""
msgid "Compliance framework (optional)"
msgstr ""
......@@ -21807,7 +21804,7 @@ msgstr ""
msgid "No compliance frameworks are in use."
msgstr ""
msgid "No compliance frameworks are in use. Create one using the GraphQL API."
msgid "No compliance frameworks are in use. Create one from the %{link} section in Group Settings."
msgstr ""
msgid "No confirmation email received? Please check your spam folder or"
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment