Enables notifications when administrators revoke credentials

When an administrator or managed group administrator revokes or deletes a credential, send the credential owner an email to inform them of it and the next steps that they can take.

Enables notifications when administrators revoke credentials
When an administrator or managed group administrator revokes or deletes a credential, send the credential owner an email to inform them of it and the next steps that they can take.
38f6d4f8 · Max Woolf · 8188bc2d · 38f6d4f8 · 38f6d4f8 · 38f6d4f8
Commit 38f6d4f8 authored Nov 05, 2020 by Max Woolf
6 changed files
--- a/doc/user/admin_area/credentials_inventory.md
+++ b/doc/user/admin_area/credentials_inventory.md
@@ -40,39 +40,12 @@ If you see a **Revoke** button, you can revoke that user's PAT. Whether you see
 | Revoked     | Yes                    | No                 | Not applicable; token is already revoked                                   |
 | Revoked     | No                     | No                 | Not applicable; token is already revoked                                   |

+Revoking a PAT from the credentials inventory will notify the user.
+
 ## Delete a user's SSH key

 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/225248) in GitLab 13.5.

-You can **Delete** a user's SSH key by navigating to the credentials inventory's SSH Keys tab.
+You can **Delete** a user's SSH key by navigating to the credentials inventory's SSH Keys tab. Deleting a user's SSH key from the credentials inventory will notify the user.

 ![Credentials inventory page - SSH keys](img/credentials_inventory_ssh_keys_v13_5.png)
-
-## Revocation or deletion notification
-
-> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/250354) in GitLab 13.6.
-> - It's [deployed behind a feature flag](../../user/feature_flags.md), disabled by default.
-> - It's disabled on GitLab.com.
-> - It's not recommended for production use.
-> - To use it in GitLab self-managed instances, ask a GitLab administrator to [enable it](#enable-or-disable-revocation-or-deletion-notification).
-
-CAUTION: **Warning:**
-This feature might not be available to you. Check the **version history** note above for details.
-
-### Enable or disable revocation or deletion notification **(ULTIMATE ONLY)**
-
-Revocation or deletion notification is under development and not ready for production use. It is deployed behind a feature flag that is **disabled by default**.
-[GitLab administrators with access to the GitLab Rails console](../../administration/feature_flags.md)
-can enable it.
-
-To enable it:
-
-```ruby
-Feature.enable(:credentials_inventory_revocation_emails)
-```
-
-To disable it:
-
-```ruby
-Feature.disable(:credentials_inventory_revocation_emails)
-```
--- a/ee/app/controllers/concerns/credentials_inventory_actions.rb
+++ b/ee/app/controllers/concerns/credentials_inventory_actions.rb
@@ -55,8 +55,6 @@ module CredentialsInventoryActions
  end

  def notify_deleted_or_revoked_credential(credential)
-    return unless Feature.enabled?(:credentials_inventory_revocation_emails, credential.user)
-
    if credential.is_a?(Key)
      CredentialsInventoryMailer.ssh_key_deleted_email(
        params: {

--- a/ee/changelogs/unreleased/271577-delete-feature-flag.yml
+++ b/ee/changelogs/unreleased/271577-delete-feature-flag.yml
+---
+title: Enable credentials inventory revocation emails
+merge_request:
+author:
+type: added
--- a/ee/config/feature_flags/development/credentials_inventory_revocation_emails.yml
+++ b/ee/config/feature_flags/development/credentials_inventory_revocation_emails.yml
---
-name: credentials_inventory_revocation_emails
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/46033
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/271577
-type: development
-group: group::compliance
-default_enabled: false
--- a/ee/spec/controllers/admin/credentials_controller_spec.rb
+++ b/ee/spec/controllers/admin/credentials_controller_spec.rb
@@ -170,18 +170,6 @@ RSpec.describe Admin::CredentialsController do

              put :revoke, params: { id: personal_access_token.id }
            end
-
-            context 'when credentials_inventory_revocation_emails flag is disabled' do
-              before do
-                stub_feature_flags(credentials_inventory_revocation_emails: false)
-              end
-
-              it 'does not inform the token owner' do
-                expect do
-                  put :revoke, params: { id: personal_access_token.id }
-                end.not_to change { ActionMailer::Base.deliveries.size }
-              end
-            end
          end
        end
      end

--- a/ee/spec/support/shared_examples/controllers/credentials_inventory_shared_examples.rb
+++ b/ee/spec/support/shared_examples/controllers/credentials_inventory_shared_examples.rb
@@ -39,18 +39,6 @@ RSpec.shared_examples_for 'credentials inventory controller delete SSH key' do |
              expect { subject }.to change { ActionMailer::Base.deliveries.size }.by(1)
            end
          end
-
-          context 'when credentials_inventory_revocation_emails is disabled' do
-            before do
-              stub_feature_flags(credentials_inventory_revocation_emails: false)
-            end
-
-            it 'does not notify the key owner' do
-              expect(CredentialsInventoryMailer).not_to receive(:ssh_key_deleted_email)
-
-              subject
-            end
-          end
        end

        context 'and it fails to remove the key' do