Merge branch 'rename-finding-signatures-featureflag' into 'master'

fix: Vuln tracking feature flag must be distinct from licensed feature

See merge request gitlab-org/gitlab!59700

ee/app/finders/security/pipeline_vulnerabilities_finder.rb

@@ -114,7 +114,7 @@ module Security
     end
 
     def dismissal_feedback?(finding)
-      if ::Feature.enabled?(:vulnerability_finding_signatures, pipeline.project) && !finding.signatures.empty?
+      if ::Feature.enabled?(:vulnerability_finding_tracking_signatures, pipeline.project) && pipeline.project.licensed_feature_available?(:vulnerability_finding_signatures) && !finding.signatures.empty?
         dismissal_feedback_by_finding_signatures(finding)
       else
         dismissal_feedback_by_project_fingerprint(finding)

ee/app/models/vulnerabilities/finding.rb

@@ -338,7 +338,7 @@ module Vulnerabilities
     def eql?(other)
       return false unless other.report_type == report_type && other.primary_identifier_fingerprint == primary_identifier_fingerprint
 
-      if ::Feature.enabled?(:vulnerability_finding_signatures, project)
+      if ::Feature.enabled?(:vulnerability_finding_tracking_signatures, project) && project.licensed_feature_available?(:vulnerability_finding_signatures)
         matches_signatures(other.signatures, other.uuid)
       else
         other.location_fingerprint == location_fingerprint

ee/app/services/security/store_report_service.rb

@@ -72,7 +72,7 @@ module Security
       update_vulnerability_finding(vulnerability_finding, vulnerability_params)
       reset_remediations_for(vulnerability_finding, finding)
 
-      if ::Feature.enabled?(:vulnerability_finding_signatures, project)
+      if ::Feature.enabled?(:vulnerability_finding_tracking_signatures, project) && project.licensed_feature_available?(:vulnerability_finding_signatures)
         update_feedbacks(vulnerability_finding, vulnerability_params[:uuid])
         update_finding_signatures(finding, vulnerability_finding)
       end
@@ -91,7 +91,7 @@ module Security
     end
 
     def find_or_create_vulnerability_finding(finding, create_params)
-      if ::Feature.enabled?(:vulnerability_finding_signatures, project)
+      if ::Feature.enabled?(:vulnerability_finding_tracking_signatures, project) && project.licensed_feature_available?(:vulnerability_finding_signatures)
         find_or_create_vulnerability_finding_with_signatures(finding, create_params)
       else
         find_or_create_vulnerability_finding_with_location(finding, create_params)

ee/config/feature_flags/development/vulnerability_finding_signatures.yml → ee/config/feature_flags/development/vulnerability_finding_tracking_signatures.yml

 ---
-name: vulnerability_finding_signatures
+name: vulnerability_finding_tracking_signatures
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54608
 rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/322044
 milestone: '13.11'

ee/spec/finders/security/pipeline_vulnerabilities_finder_spec.rb

@@ -174,7 +174,7 @@ RSpec.describe Security::PipelineVulnerabilitiesFinder do
       let(:ds_finding) { pipeline.security_reports.reports["dependency_scanning"].findings.first }
       let(:sast_finding) { pipeline.security_reports.reports["sast"].findings.first }
 
-      context 'when vulnerability_finding_signatures feature flag is disabled' do
+      context 'when vulnerability_finding_tracking_signatures feature flag is disabled' do
         let!(:feedback) do
           [
             create(
@@ -201,7 +201,7 @@ RSpec.describe Security::PipelineVulnerabilitiesFinder do
         end
 
         before do
-          stub_feature_flags(vulnerability_finding_signatures: false)
+          stub_feature_flags(vulnerability_finding_tracking_signatures: false)
         end
 
         context 'when unscoped' do
@@ -231,7 +231,7 @@ RSpec.describe Security::PipelineVulnerabilitiesFinder do
         end
       end
 
-      context 'when vulnerability_finding_signatures feature flag is enabled' do
+      context 'when vulnerability_finding_tracking_signatures feature flag is enabled' do
         let!(:feedback) do
           [
             create(
@@ -248,7 +248,7 @@ RSpec.describe Security::PipelineVulnerabilitiesFinder do
         end
 
         before do
-          stub_feature_flags(vulnerability_finding_signatures: true)
+          stub_feature_flags(vulnerability_finding_tracking_signatures: true)
         end
 
         context 'when unscoped' do

ee/spec/lib/gitlab/ci/reports/security/vulnerability_reports_comparer_spec.rb

@@ -13,13 +13,13 @@ RSpec.describe Gitlab::Ci::Reports::Security::VulnerabilityReportsComparer do
 
   subject { described_class.new(base_report, head_report) }
 
-  where(vulnerability_finding_signatures_enabled: [true, false])
+  where(vulnerability_finding_tracking_signatures_enabled: [true, false])
 
   with_them do
     before do
       allow(base_vulnerability).to receive(:location).and_return({})
       allow(head_vulnerability).to receive(:location).and_return({})
-      stub_feature_flags(vulnerability_finding_signatures: vulnerability_finding_signatures_enabled)
+      stub_feature_flags(vulnerability_finding_tracking_signatures: vulnerability_finding_tracking_signatures_enabled)
     end
 
     describe '#base_report_out_of_date' do

ee/spec/models/vulnerabilities/finding_spec.rb

@@ -10,7 +10,8 @@ RSpec.describe Vulnerabilities::Finding do
   where(vulnerability_finding_signatures_enabled: [true, false])
   with_them do
     before do
-      stub_feature_flags(vulnerability_finding_signatures: vulnerability_finding_signatures_enabled)
+      stub_feature_flags(vulnerability_finding_tracking_signatures: vulnerability_finding_signatures_enabled)
+      stub_licensed_features(vulnerability_finding_signatures: vulnerability_finding_signatures_enabled)
     end
 
     describe 'associations' do

ee/spec/services/ci/compare_security_reports_service_spec.rb

@@ -11,10 +11,10 @@ RSpec.describe Ci::CompareSecurityReportsService do
     collection.map { |t| t['identifiers'].first['external_id'] }
   end
 
-  where(vulnerability_finding_signatures_enabled: [true, false])
+  where(vulnerability_finding_tracking_signatures_enabled: [true, false])
   with_them do
     before do
-      stub_feature_flags(vulnerability_finding_signatures: vulnerability_finding_signatures_enabled)
+      stub_feature_flags(vulnerability_finding_tracking_signatures: vulnerability_finding_tracking_signatures_enabled)
     end
 
     describe '#execute DS' do

ee/spec/services/security/store_report_service_spec.rb

@@ -24,9 +24,15 @@ RSpec.describe Security::StoreReportService, '#execute' do
 
   with_them do
     before do
-      stub_feature_flags(vulnerability_finding_signatures: vulnerability_finding_signatures_enabled)
+      stub_feature_flags(vulnerability_finding_tracking_signatures: vulnerability_finding_signatures_enabled)
       stub_feature_flags(optimize_sql_query_for_security_report: optimize_sql_query_for_security_report_ff)
-      stub_licensed_features(sast: true, dependency_scanning: true, container_scanning: true, security_dashboard: true)
+      stub_licensed_features(
+        sast: true,
+        dependency_scanning: true,
+        container_scanning: true,
+        security_dashboard: true,
+        vulnerability_finding_signatures: vulnerability_finding_signatures_enabled
+      )
       allow(Security::AutoFixWorker).to receive(:perform_async)
     end