Merge branch 'enable_scan_result_policy_ff_by_default' into 'master'

Enable scan_result_policy by default

See merge request gitlab-org/gitlab!80831

doc/user/application_security/policies/scan-result-policies.md

@@ -13,7 +13,7 @@ job is fully executed.
 
 ## Scan result policy editor
 
-> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/77814) in GitLab 14.8 with a flag named `scan_result_policy`. Disabled by default.
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/77814) in GitLab 14.8.
 
 NOTE:
 Only project Owners have the [permissions](../../permissions.md#project-members-permissions)

ee/app/controllers/projects/security/policies_controller.rb

@@ -92,7 +92,7 @@ module Projects
       end
 
       def approvers
-        return unless Feature.enabled?(:scan_result_policy, project) && @policy_type == :scan_result_policy
+        return unless Feature.enabled?(:scan_result_policy, project, default_enabled: :yaml) && @policy_type == :scan_result_policy
 
         result = ::Security::SecurityOrchestrationPolicies::FetchPolicyApproversService.new(
           policy: @policy,

ee/app/graphql/resolvers/security_orchestration/scan_result_policy_resolver.rb

@@ -8,7 +8,7 @@ module Resolvers
       type Types::SecurityOrchestration::ScanResultPolicyType, null: true
 
       def resolve(**args)
-        return [] unless valid? && Feature.enabled?(:scan_result_policy, project)
+        return [] unless valid? && Feature.enabled?(:scan_result_policy, project, default_enabled: :yaml)
 
         authorize!
 

ee/app/models/approvals/scan_finding_wrapped_rule_set.rb

@@ -6,7 +6,7 @@ module Approvals
     override :wrapped_rules
     def wrapped_rules
       strong_memoize(:wrapped_rules) do
-        if ::Feature.enabled?(:scan_result_policy, merge_request.project)
+        if ::Feature.enabled?(:scan_result_policy, merge_request.project, default_enabled: :yaml)
           grouped_merge_request_rules = approval_rules.group_by(&:orchestration_policy_idx)
           grouped_merge_request_rules.map do |_, merge_request_rules|
             wrapped_rules_sorted_by_approval(merge_request_rules).first

ee/app/models/concerns/security/scan_result_policy.rb

@@ -17,7 +17,7 @@ module Security
       delegate :approval_rules, to: :project
 
       def active_scan_result_policies
-        return [] unless ::Feature.enabled?(:scan_result_policy, project)
+        return [] unless ::Feature.enabled?(:scan_result_policy, project, default_enabled: :yaml)
 
         scan_result_policies&.select { |config| config[:enabled] }&.first(LIMIT)
       end

ee/app/services/ci/sync_reports_to_approval_rules_service.rb

@@ -73,7 +73,7 @@ module Ci
     end
 
     def sync_scan_finding
-      return if ::Feature.disabled?(:scan_result_policy, pipeline.project)
+      return if ::Feature.disabled?(:scan_result_policy, pipeline.project, default_enabled: :yaml)
       return if policy_rule_reports.empty? && !pipeline.complete?
 
       remove_required_approvals_for_scan_finding(pipeline.merge_requests_as_head_pipeline.opened)

ee/app/services/security/security_orchestration_policies/process_scan_result_policy_service.rb

@@ -14,7 +14,7 @@ module Security
       end
 
       def execute
-        return if ::Feature.disabled?(:scan_result_policy, project)
+        return if ::Feature.disabled?(:scan_result_policy, project, default_enabled: :yaml)
 
         create_new_approval_rules
       end

ee/config/feature_flags/development/scan_result_policy.yml

@@ -5,4 +5,4 @@ rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/339338
 milestone: '14.4'
 type: development
 group: group::container security
-default_enabled: false
+default_enabled: true