Commit b23a0d1a authored by Max Woolf's avatar Max Woolf

Remove remaining legacy compliance framework code

We no longer need any reference to legacy compliance frameworks
and all ignored columns have now been removed for several releases.

EE: true
parent 9c44e9d0
# frozen_string_literal: true
require_dependency 'compliance_management/compliance_framework'
module ComplianceManagement
module ComplianceFramework
module ProjectSettingsHelper
def compliance_framework_options
option_values = compliance_framework_option_values
::ComplianceManagement::Framework::DEFAULT_FRAMEWORKS.map { |framework| [option_values.fetch(framework.identifier), framework.identifier] }
end
def compliance_framework_checkboxes
::ComplianceManagement::Framework::DEFAULT_FRAMEWORKS.map do |framework|
[framework.id, compliance_framework_title_values.fetch(framework.identifier)]
end
end
def compliance_framework_description(framework)
compliance_framework_option_values.fetch(framework.to_sym)
end
def compliance_framework_title(framework)
compliance_framework_title_values.fetch(framework.to_sym)
end
def compliance_framework_color(framework)
compliance_framework_color_values.fetch(framework.to_sym)
end
def compliance_framework_tooltip(framework)
compliance_framework_tooltip_values.fetch(framework.to_sym)
end
private
def compliance_framework_option_values
{
gdpr: s_('ComplianceFramework|GDPR - General Data Protection Regulation'),
hipaa: s_('ComplianceFramework|HIPAA - Health Insurance Portability and Accountability Act'),
pci_dss: s_('ComplianceFramework|PCI-DSS - Payment Card Industry-Data Security Standard'),
soc_2: s_('ComplianceFramework|SOC 2 - Service Organization Control 2'),
sox: s_('ComplianceFramework|SOX - Sarbanes-Oxley')
}.freeze
end
def compliance_framework_title_values
{
gdpr: s_('ComplianceFramework|GDPR'),
hipaa: s_('ComplianceFramework|HIPAA'),
pci_dss: s_('ComplianceFramework|PCI-DSS'),
soc_2: s_('ComplianceFramework|SOC 2'),
sox: s_('ComplianceFramework|SOX')
}.freeze
end
def compliance_framework_color_values
{
gdpr: 'gl-bg-green-500',
hipaa: 'gl-bg-blue-500',
pci_dss: 'gl-bg-theme-indigo-500',
soc_2: 'gl-bg-red-500',
sox: 'gl-bg-orange-500'
}.freeze
end
def compliance_framework_tooltip_values
@compliance_framework_tooltip_values ||=
compliance_framework_title_values.transform_values { |v| get_compliance_framework_tooltip(v) }
end
def get_compliance_framework_tooltip(framework)
s_("ComplianceFramework|This project is regulated by %{framework}." % { framework: framework })
end
end
end
end
......@@ -3,59 +3,9 @@
module ComplianceManagement
class Framework < ApplicationRecord
include StripAttribute
include IgnorableColumns
include Gitlab::Utils::StrongMemoize
DefaultFramework = Struct.new(:name, :description, :color, :identifier, :id) do
def to_framework_params
to_h.slice(:name, :description, :color)
end
end
DEFAULT_FRAMEWORKS = [
DefaultFramework.new(
'GDPR',
'General Data Protection Regulation',
'#1aaa55',
:gdpr,
1
).freeze,
DefaultFramework.new(
'HIPAA',
'Health Insurance Portability and Accountability Act',
'#1f75cb',
:hipaa,
2
).freeze,
DefaultFramework.new(
'PCI-DSS',
'Payment Card Industry-Data Security Standard',
'#6666c4',
:pci_dss,
3
).freeze,
DefaultFramework.new(
'SOC 2',
'Service Organization Control 2',
'#dd2b0e',
:soc_2,
4
).freeze,
DefaultFramework.new(
'SOX',
'Sarbanes-Oxley',
'#fc9403',
:sox,
5
).freeze
].freeze
DEFAULT_FRAMEWORKS_BY_IDENTIFIER = DEFAULT_FRAMEWORKS.index_by(&:identifier).with_indifferent_access.freeze
self.table_name = 'compliance_management_frameworks'
ignore_columns :group_id, remove_after: '2020-12-06', remove_with: '13.7'
strip_attributes :name, :color
belongs_to :namespace
......@@ -72,21 +22,5 @@ module ComplianceManagement
scope :with_projects, ->(project_ids) { includes(:projects).where(projects: { id: project_ids }) }
scope :with_namespaces, ->(namespace_ids) { includes(:namespace).where(namespaces: { id: namespace_ids })}
def default_framework_definition
strong_memoize(:default_framework_definition) do
DEFAULT_FRAMEWORKS.find { |framework| framework.name.eql?(name) }
end
end
def self.find_or_create_legacy_default_framework(project, framework_identifier)
framework_params = ComplianceManagement::Framework::DEFAULT_FRAMEWORKS_BY_IDENTIFIER.fetch(framework_identifier).to_framework_params
root_namespace = project.root_namespace
# Framework is associated with the root group, there could be a case where the framework is already there.
ComplianceManagement::Framework
.create_with(framework_params)
.safe_find_or_create_by(namespace_id: root_namespace.id, name: framework_params[:name])
end
end
end
......@@ -104,8 +104,6 @@ module EE
allow_blank: true,
numericality: { only_integer: true, greater_than: 0, less_than_or_equal_to: 365 }
validate :allowed_frameworks, if: :compliance_frameworks_changed?
validates :new_user_signups_cap,
allow_blank: true,
numericality: { only_integer: true, greater_than: 0 }
......@@ -463,11 +461,5 @@ module EE
rescue ::Gitlab::UrlBlocker::BlockedUrlError
errors.add(:elasticsearch_url, "only supports valid HTTP(S) URLs.")
end
def allowed_frameworks
if Array.wrap(compliance_frameworks).any? { |value| !::ComplianceManagement::Framework::DEFAULT_FRAMEWORKS.map(&:id).include?(value) }
errors.add(:compliance_frameworks, _('must contain only valid frameworks'))
end
end
end
end
......@@ -3,13 +3,10 @@
FactoryBot.define do
factory :compliance_framework_project_setting, class: 'ComplianceManagement::ComplianceFramework::ProjectSettings' do
project
compliance_management_framework factory: :compliance_framework
gdpr
ComplianceManagement::Framework::DEFAULT_FRAMEWORKS.each do |framework|
trait framework.identifier do
compliance_management_framework { association :compliance_framework, framework.to_framework_params.merge(namespace: project.root_namespace) }
end
trait :sox do
association :compliance_management_framework, :sox, factory: :compliance_framework
end
end
end
......@@ -8,5 +8,9 @@ FactoryBot.define do
description { 'The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA).' }
color { '#004494' }
regulated { true }
trait :sox do
name { 'SOX' }
end
end
end
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe ComplianceManagement::ComplianceFramework::ProjectSettingsHelper do
describe '#compliance_framework_options' do
it 'has all the options' do
expect(helper.compliance_framework_options).to contain_exactly(
['GDPR - General Data Protection Regulation', :gdpr],
['HIPAA - Health Insurance Portability and Accountability Act', :hipaa],
['PCI-DSS - Payment Card Industry-Data Security Standard', :pci_dss],
['SOC 2 - Service Organization Control 2', :soc_2],
['SOX - Sarbanes-Oxley', :sox]
)
end
end
describe '#compliance_framework_checkboxes' do
it 'has all the checkboxes' do
expect(helper.compliance_framework_checkboxes).to contain_exactly(
[1, 'GDPR'],
[2, 'HIPAA'],
[3, 'PCI-DSS'],
[4, 'SOC 2'],
[5, 'SOX']
)
end
end
describe '#compliance_framework_description' do
using RSpec::Parameterized::TableSyntax
where(:framework, :description) do
:gdpr | 'GDPR - General Data Protection Regulation'
:hipaa | 'HIPAA - Health Insurance Portability and Accountability Act'
:pci_dss | 'PCI-DSS - Payment Card Industry-Data Security Standard'
:soc_2 | 'SOC 2 - Service Organization Control 2'
:sox | 'SOX - Sarbanes-Oxley'
end
with_them do
it { expect(helper.compliance_framework_description(framework)).to eq(description) }
end
end
describe '#compliance_framework_title' do
using RSpec::Parameterized::TableSyntax
where(:framework, :title) do
:gdpr | 'GDPR'
:hipaa | 'HIPAA'
:pci_dss | 'PCI-DSS'
:soc_2 | 'SOC 2'
:sox | 'SOX'
end
with_them do
it { expect(helper.compliance_framework_title(framework)).to eq(title) }
end
end
describe '#compliance_framework_color' do
using RSpec::Parameterized::TableSyntax
where(:framework, :color) do
:gdpr | 'gl-bg-green-500'
:hipaa | 'gl-bg-blue-500'
:pci_dss | 'gl-bg-theme-indigo-500'
:soc_2 | 'gl-bg-red-500'
:sox | 'gl-bg-orange-500'
end
with_them do
it { expect(helper.compliance_framework_color(framework)).to eq(color) }
end
end
describe '#compliance_framework_tooltip' do
using RSpec::Parameterized::TableSyntax
where(:framework, :tooltip) do
:gdpr | 'This project is regulated by GDPR.'
:hipaa | 'This project is regulated by HIPAA.'
:pci_dss | 'This project is regulated by PCI-DSS.'
:soc_2 | 'This project is regulated by SOC 2.'
:sox | 'This project is regulated by SOX.'
end
with_them do
it { expect(helper.compliance_framework_tooltip(framework)).to eq(tooltip) }
end
end
end
......@@ -166,24 +166,6 @@ RSpec.describe ApplicationSetting do
end
end
context 'when validating compliance_frameworks' do
where(:compliance_frameworks, :is_valid) do
[1, 2, 3, 4, 5] | true
nil | true
1 | true
[2, 3, 4, 6] | false
6 | false
end
with_them do
specify do
setting.compliance_frameworks = compliance_frameworks
expect(setting.valid?).to eq(is_valid)
end
end
end
context 'when license presented' do
let_it_be(:max_active_user_count) { 20 }
......
......@@ -26,43 +26,4 @@ RSpec.describe ComplianceManagement::Framework do
end
end
end
describe '.find_or_create_legacy_default_framework' do
let_it_be(:group) { create(:group) }
let_it_be(:project_1) { create(:project, group: group) }
let_it_be(:project_2) { create(:project, group: group) }
let_it_be(:sox_framework) { create(:compliance_framework_project_setting, :sox, project: project_1).compliance_management_framework }
shared_examples 'framework sharing on the group level' do
it 'shares the same compliance framework on the group level' do
framework = described_class.find_or_create_legacy_default_framework(project_2, :sox)
expect(framework).to eq(sox_framework)
end
end
it_behaves_like 'framework sharing on the group level'
context 'when not "important" attributes differ' do
before do
sox_framework.update!(color: '#ccc')
end
it_behaves_like 'framework sharing on the group level'
end
context 'when the framework does no exist' do
it 'creates the new framework record' do
expect do
described_class.find_or_create_legacy_default_framework(project_2, :gdpr)
end.to change { ComplianceManagement::Framework.where(namespace: group).count }.from(1).to(2)
end
end
context 'when creating an unknown legacy framework' do
it 'raises error' do
expect { described_class.find_or_create_legacy_default_framework(project_2, :unknown) }.to raise_error(KeyError)
end
end
end
end
......@@ -8316,42 +8316,9 @@ msgstr ""
msgid "ComplianceFramework|Edit Compliance Framework"
msgstr ""
msgid "ComplianceFramework|GDPR"
msgstr ""
msgid "ComplianceFramework|GDPR - General Data Protection Regulation"
msgstr ""
msgid "ComplianceFramework|HIPAA"
msgstr ""
msgid "ComplianceFramework|HIPAA - Health Insurance Portability and Accountability Act"
msgstr ""
msgid "ComplianceFramework|New Compliance Framework"
msgstr ""
msgid "ComplianceFramework|PCI-DSS"
msgstr ""
msgid "ComplianceFramework|PCI-DSS - Payment Card Industry-Data Security Standard"
msgstr ""
msgid "ComplianceFramework|SOC 2"
msgstr ""
msgid "ComplianceFramework|SOC 2 - Service Organization Control 2"
msgstr ""
msgid "ComplianceFramework|SOX"
msgstr ""
msgid "ComplianceFramework|SOX - Sarbanes-Oxley"
msgstr ""
msgid "ComplianceFramework|This project is regulated by %{framework}."
msgstr ""
msgid "Component"
msgstr ""
......@@ -39270,9 +39237,6 @@ msgstr ""
msgid "must be greater than start date"
msgstr ""
msgid "must contain only valid frameworks"
msgstr ""
msgid "my-awesome-group"
msgstr ""
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment