Commit 4c75c7d2 authored by James Lopez's avatar James Lopez

Merge branch '328717-remove-legacy-compliance-frameworks' into 'master'

Remove remaining legacy compliance framework code

See merge request gitlab-org/gitlab!63225
parents 0e2a585b b23a0d1a
# frozen_string_literal: true
require_dependency 'compliance_management/compliance_framework'
module ComplianceManagement
module ComplianceFramework
module ProjectSettingsHelper
def compliance_framework_options
option_values = compliance_framework_option_values
::ComplianceManagement::Framework::DEFAULT_FRAMEWORKS.map { |framework| [option_values.fetch(framework.identifier), framework.identifier] }
end
def compliance_framework_checkboxes
::ComplianceManagement::Framework::DEFAULT_FRAMEWORKS.map do |framework|
[framework.id, compliance_framework_title_values.fetch(framework.identifier)]
end
end
def compliance_framework_description(framework)
compliance_framework_option_values.fetch(framework.to_sym)
end
def compliance_framework_title(framework)
compliance_framework_title_values.fetch(framework.to_sym)
end
def compliance_framework_color(framework)
compliance_framework_color_values.fetch(framework.to_sym)
end
def compliance_framework_tooltip(framework)
compliance_framework_tooltip_values.fetch(framework.to_sym)
end
private
def compliance_framework_option_values
{
gdpr: s_('ComplianceFramework|GDPR - General Data Protection Regulation'),
hipaa: s_('ComplianceFramework|HIPAA - Health Insurance Portability and Accountability Act'),
pci_dss: s_('ComplianceFramework|PCI-DSS - Payment Card Industry-Data Security Standard'),
soc_2: s_('ComplianceFramework|SOC 2 - Service Organization Control 2'),
sox: s_('ComplianceFramework|SOX - Sarbanes-Oxley')
}.freeze
end
def compliance_framework_title_values
{
gdpr: s_('ComplianceFramework|GDPR'),
hipaa: s_('ComplianceFramework|HIPAA'),
pci_dss: s_('ComplianceFramework|PCI-DSS'),
soc_2: s_('ComplianceFramework|SOC 2'),
sox: s_('ComplianceFramework|SOX')
}.freeze
end
def compliance_framework_color_values
{
gdpr: 'gl-bg-green-500',
hipaa: 'gl-bg-blue-500',
pci_dss: 'gl-bg-theme-indigo-500',
soc_2: 'gl-bg-red-500',
sox: 'gl-bg-orange-500'
}.freeze
end
def compliance_framework_tooltip_values
@compliance_framework_tooltip_values ||=
compliance_framework_title_values.transform_values { |v| get_compliance_framework_tooltip(v) }
end
def get_compliance_framework_tooltip(framework)
s_("ComplianceFramework|This project is regulated by %{framework}." % { framework: framework })
end
end
end
end
...@@ -3,59 +3,9 @@ ...@@ -3,59 +3,9 @@
module ComplianceManagement module ComplianceManagement
class Framework < ApplicationRecord class Framework < ApplicationRecord
include StripAttribute include StripAttribute
include IgnorableColumns
include Gitlab::Utils::StrongMemoize
DefaultFramework = Struct.new(:name, :description, :color, :identifier, :id) do
def to_framework_params
to_h.slice(:name, :description, :color)
end
end
DEFAULT_FRAMEWORKS = [
DefaultFramework.new(
'GDPR',
'General Data Protection Regulation',
'#1aaa55',
:gdpr,
1
).freeze,
DefaultFramework.new(
'HIPAA',
'Health Insurance Portability and Accountability Act',
'#1f75cb',
:hipaa,
2
).freeze,
DefaultFramework.new(
'PCI-DSS',
'Payment Card Industry-Data Security Standard',
'#6666c4',
:pci_dss,
3
).freeze,
DefaultFramework.new(
'SOC 2',
'Service Organization Control 2',
'#dd2b0e',
:soc_2,
4
).freeze,
DefaultFramework.new(
'SOX',
'Sarbanes-Oxley',
'#fc9403',
:sox,
5
).freeze
].freeze
DEFAULT_FRAMEWORKS_BY_IDENTIFIER = DEFAULT_FRAMEWORKS.index_by(&:identifier).with_indifferent_access.freeze
self.table_name = 'compliance_management_frameworks' self.table_name = 'compliance_management_frameworks'
ignore_columns :group_id, remove_after: '2020-12-06', remove_with: '13.7'
strip_attributes :name, :color strip_attributes :name, :color
belongs_to :namespace belongs_to :namespace
...@@ -72,21 +22,5 @@ module ComplianceManagement ...@@ -72,21 +22,5 @@ module ComplianceManagement
scope :with_projects, ->(project_ids) { includes(:projects).where(projects: { id: project_ids }) } scope :with_projects, ->(project_ids) { includes(:projects).where(projects: { id: project_ids }) }
scope :with_namespaces, ->(namespace_ids) { includes(:namespace).where(namespaces: { id: namespace_ids })} scope :with_namespaces, ->(namespace_ids) { includes(:namespace).where(namespaces: { id: namespace_ids })}
def default_framework_definition
strong_memoize(:default_framework_definition) do
DEFAULT_FRAMEWORKS.find { |framework| framework.name.eql?(name) }
end
end
def self.find_or_create_legacy_default_framework(project, framework_identifier)
framework_params = ComplianceManagement::Framework::DEFAULT_FRAMEWORKS_BY_IDENTIFIER.fetch(framework_identifier).to_framework_params
root_namespace = project.root_namespace
# Framework is associated with the root group, there could be a case where the framework is already there.
ComplianceManagement::Framework
.create_with(framework_params)
.safe_find_or_create_by(namespace_id: root_namespace.id, name: framework_params[:name])
end
end end
end end
...@@ -104,8 +104,6 @@ module EE ...@@ -104,8 +104,6 @@ module EE
allow_blank: true, allow_blank: true,
numericality: { only_integer: true, greater_than: 0, less_than_or_equal_to: 365 } numericality: { only_integer: true, greater_than: 0, less_than_or_equal_to: 365 }
validate :allowed_frameworks, if: :compliance_frameworks_changed?
validates :new_user_signups_cap, validates :new_user_signups_cap,
allow_blank: true, allow_blank: true,
numericality: { only_integer: true, greater_than: 0 } numericality: { only_integer: true, greater_than: 0 }
...@@ -463,11 +461,5 @@ module EE ...@@ -463,11 +461,5 @@ module EE
rescue ::Gitlab::UrlBlocker::BlockedUrlError rescue ::Gitlab::UrlBlocker::BlockedUrlError
errors.add(:elasticsearch_url, "only supports valid HTTP(S) URLs.") errors.add(:elasticsearch_url, "only supports valid HTTP(S) URLs.")
end end
def allowed_frameworks
if Array.wrap(compliance_frameworks).any? { |value| !::ComplianceManagement::Framework::DEFAULT_FRAMEWORKS.map(&:id).include?(value) }
errors.add(:compliance_frameworks, _('must contain only valid frameworks'))
end
end
end end
end end
...@@ -3,13 +3,10 @@ ...@@ -3,13 +3,10 @@
FactoryBot.define do FactoryBot.define do
factory :compliance_framework_project_setting, class: 'ComplianceManagement::ComplianceFramework::ProjectSettings' do factory :compliance_framework_project_setting, class: 'ComplianceManagement::ComplianceFramework::ProjectSettings' do
project project
compliance_management_framework factory: :compliance_framework
gdpr trait :sox do
association :compliance_management_framework, :sox, factory: :compliance_framework
ComplianceManagement::Framework::DEFAULT_FRAMEWORKS.each do |framework|
trait framework.identifier do
compliance_management_framework { association :compliance_framework, framework.to_framework_params.merge(namespace: project.root_namespace) }
end
end end
end end
end end
...@@ -8,5 +8,9 @@ FactoryBot.define do ...@@ -8,5 +8,9 @@ FactoryBot.define do
description { 'The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA).' } description { 'The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA).' }
color { '#004494' } color { '#004494' }
regulated { true } regulated { true }
trait :sox do
name { 'SOX' }
end
end end
end end
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe ComplianceManagement::ComplianceFramework::ProjectSettingsHelper do
describe '#compliance_framework_options' do
it 'has all the options' do
expect(helper.compliance_framework_options).to contain_exactly(
['GDPR - General Data Protection Regulation', :gdpr],
['HIPAA - Health Insurance Portability and Accountability Act', :hipaa],
['PCI-DSS - Payment Card Industry-Data Security Standard', :pci_dss],
['SOC 2 - Service Organization Control 2', :soc_2],
['SOX - Sarbanes-Oxley', :sox]
)
end
end
describe '#compliance_framework_checkboxes' do
it 'has all the checkboxes' do
expect(helper.compliance_framework_checkboxes).to contain_exactly(
[1, 'GDPR'],
[2, 'HIPAA'],
[3, 'PCI-DSS'],
[4, 'SOC 2'],
[5, 'SOX']
)
end
end
describe '#compliance_framework_description' do
using RSpec::Parameterized::TableSyntax
where(:framework, :description) do
:gdpr | 'GDPR - General Data Protection Regulation'
:hipaa | 'HIPAA - Health Insurance Portability and Accountability Act'
:pci_dss | 'PCI-DSS - Payment Card Industry-Data Security Standard'
:soc_2 | 'SOC 2 - Service Organization Control 2'
:sox | 'SOX - Sarbanes-Oxley'
end
with_them do
it { expect(helper.compliance_framework_description(framework)).to eq(description) }
end
end
describe '#compliance_framework_title' do
using RSpec::Parameterized::TableSyntax
where(:framework, :title) do
:gdpr | 'GDPR'
:hipaa | 'HIPAA'
:pci_dss | 'PCI-DSS'
:soc_2 | 'SOC 2'
:sox | 'SOX'
end
with_them do
it { expect(helper.compliance_framework_title(framework)).to eq(title) }
end
end
describe '#compliance_framework_color' do
using RSpec::Parameterized::TableSyntax
where(:framework, :color) do
:gdpr | 'gl-bg-green-500'
:hipaa | 'gl-bg-blue-500'
:pci_dss | 'gl-bg-theme-indigo-500'
:soc_2 | 'gl-bg-red-500'
:sox | 'gl-bg-orange-500'
end
with_them do
it { expect(helper.compliance_framework_color(framework)).to eq(color) }
end
end
describe '#compliance_framework_tooltip' do
using RSpec::Parameterized::TableSyntax
where(:framework, :tooltip) do
:gdpr | 'This project is regulated by GDPR.'
:hipaa | 'This project is regulated by HIPAA.'
:pci_dss | 'This project is regulated by PCI-DSS.'
:soc_2 | 'This project is regulated by SOC 2.'
:sox | 'This project is regulated by SOX.'
end
with_them do
it { expect(helper.compliance_framework_tooltip(framework)).to eq(tooltip) }
end
end
end
...@@ -166,24 +166,6 @@ RSpec.describe ApplicationSetting do ...@@ -166,24 +166,6 @@ RSpec.describe ApplicationSetting do
end end
end end
context 'when validating compliance_frameworks' do
where(:compliance_frameworks, :is_valid) do
[1, 2, 3, 4, 5] | true
nil | true
1 | true
[2, 3, 4, 6] | false
6 | false
end
with_them do
specify do
setting.compliance_frameworks = compliance_frameworks
expect(setting.valid?).to eq(is_valid)
end
end
end
context 'when license presented' do context 'when license presented' do
let_it_be(:max_active_user_count) { 20 } let_it_be(:max_active_user_count) { 20 }
......
...@@ -26,43 +26,4 @@ RSpec.describe ComplianceManagement::Framework do ...@@ -26,43 +26,4 @@ RSpec.describe ComplianceManagement::Framework do
end end
end end
end end
describe '.find_or_create_legacy_default_framework' do
let_it_be(:group) { create(:group) }
let_it_be(:project_1) { create(:project, group: group) }
let_it_be(:project_2) { create(:project, group: group) }
let_it_be(:sox_framework) { create(:compliance_framework_project_setting, :sox, project: project_1).compliance_management_framework }
shared_examples 'framework sharing on the group level' do
it 'shares the same compliance framework on the group level' do
framework = described_class.find_or_create_legacy_default_framework(project_2, :sox)
expect(framework).to eq(sox_framework)
end
end
it_behaves_like 'framework sharing on the group level'
context 'when not "important" attributes differ' do
before do
sox_framework.update!(color: '#ccc')
end
it_behaves_like 'framework sharing on the group level'
end
context 'when the framework does no exist' do
it 'creates the new framework record' do
expect do
described_class.find_or_create_legacy_default_framework(project_2, :gdpr)
end.to change { ComplianceManagement::Framework.where(namespace: group).count }.from(1).to(2)
end
end
context 'when creating an unknown legacy framework' do
it 'raises error' do
expect { described_class.find_or_create_legacy_default_framework(project_2, :unknown) }.to raise_error(KeyError)
end
end
end
end end
...@@ -8319,42 +8319,9 @@ msgstr "" ...@@ -8319,42 +8319,9 @@ msgstr ""
msgid "ComplianceFramework|Edit Compliance Framework" msgid "ComplianceFramework|Edit Compliance Framework"
msgstr "" msgstr ""
msgid "ComplianceFramework|GDPR"
msgstr ""
msgid "ComplianceFramework|GDPR - General Data Protection Regulation"
msgstr ""
msgid "ComplianceFramework|HIPAA"
msgstr ""
msgid "ComplianceFramework|HIPAA - Health Insurance Portability and Accountability Act"
msgstr ""
msgid "ComplianceFramework|New Compliance Framework" msgid "ComplianceFramework|New Compliance Framework"
msgstr "" msgstr ""
msgid "ComplianceFramework|PCI-DSS"
msgstr ""
msgid "ComplianceFramework|PCI-DSS - Payment Card Industry-Data Security Standard"
msgstr ""
msgid "ComplianceFramework|SOC 2"
msgstr ""
msgid "ComplianceFramework|SOC 2 - Service Organization Control 2"
msgstr ""
msgid "ComplianceFramework|SOX"
msgstr ""
msgid "ComplianceFramework|SOX - Sarbanes-Oxley"
msgstr ""
msgid "ComplianceFramework|This project is regulated by %{framework}."
msgstr ""
msgid "Component" msgid "Component"
msgstr "" msgstr ""
...@@ -39282,9 +39249,6 @@ msgstr "" ...@@ -39282,9 +39249,6 @@ msgstr ""
msgid "must be greater than start date" msgid "must be greater than start date"
msgstr "" msgstr ""
msgid "must contain only valid frameworks"
msgstr ""
msgid "my-awesome-group" msgid "my-awesome-group"
msgstr "" msgstr ""
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment