Merge branch 'ff/custom_compliance_frameworks_removal' into 'master'

Removes ff_custom_compliance_frameworks feature flag [RUN ALL RSPEC] [RUN AS-IF-FOSS] See merge request gitlab-org/gitlab!58884

Merge branch 'ff/custom_compliance_frameworks_removal' into 'master'
Removes ff_custom_compliance_frameworks feature flag [RUN ALL RSPEC] [RUN AS-IF-FOSS] See merge request gitlab-org/gitlab!58884
3f5c4cec · David Fernandez · db4848d1 · 210bbca4 · 3f5c4cec · 3f5c4cec
Commit 3f5c4cec authored May 04, 2021 by David Fernandez
28 changed files
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -8667,7 +8667,7 @@ four standard [pagination arguments](#connection-pagination-arguments):

 ##### `Group.complianceFrameworks`

-Compliance frameworks available to projects in this namespace. Available only when feature flag `ff_custom_compliance_frameworks` is enabled.
+Compliance frameworks available to projects in this namespace.

 Returns [`ComplianceFrameworkConnection`](#complianceframeworkconnection).

@@ -10223,7 +10223,7 @@ Contains statistics about a milestone.

 ##### `Namespace.complianceFrameworks`

-Compliance frameworks available to projects in this namespace. Available only when feature flag `ff_custom_compliance_frameworks` is enabled.
+Compliance frameworks available to projects in this namespace.

 Returns [`ComplianceFrameworkConnection`](#complianceframeworkconnection).


--- a/doc/user/project/settings/index.md
+++ b/doc/user/project/settings/index.md
@@ -32,38 +32,19 @@ Adjust your project's name, description, avatar, [default branch](../repository/

 The project description also partially supports [standard Markdown](../../markdown.md#standard-markdown-and-extensions-in-gitlab). You can use [emphasis](../../markdown.md#emphasis), [links](../../markdown.md#links), and [line-breaks](../../markdown.md#line-breaks) to add more context to the project description.

-#### Compliance framework **(PREMIUM)**
-
-You can select a framework label to identify that your project has certain compliance requirements or needs additional oversight. Available labels include:
-
- GDPR (General Data Protection Regulation)
- HIPAA (Health Insurance Portability and Accountability Act)
- PCI-DSS (Payment Card Industry-Data Security Standard)
- SOC 2 (Service Organization Control 2)
- SOX (Sarbanes-Oxley)
-
-NOTE:
-Compliance framework labels do not affect your project settings.
-
-#### Custom compliance frameworks
+#### Compliance frameworks **(PREMIUM)**

 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/276221) in GitLab 13.9.
-> - [Deployed behind a feature flag](../../feature_flags.md).
-> - [Enabled by default](https://gitlab.com/gitlab-org/gitlab/-/issues/287779) in GitLab 13.11.
-> - Enabled on GitLab.com.
-> - Recommended for production use.
-
-WARNING:
-This feature might not be available to you. Check the **version history** note above for details.
+> - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/287779) in GitLab 13.12.

-GitLab 13.9 introduces custom compliance frameworks at the group-level. A group owner can create a compliance framework label
-and assign it to any number of projects within that group or subgroups. When this feature is enabled, projects can only
-be assigned compliance framework labels that already exist within that group.
+You can create a framework label to identify that your project has certain compliance requirements or needs additional oversight.

-If existing [Compliance frameworks](#compliance-framework) are not sufficient, project and group owners
-can now create their own.
+Group owners can create, edit and delete compliance frameworks by going to **Settings** > **General** and expanding the **Compliance frameworks** section.
+Compliance frameworks created can then be assigned to any number of projects via the project settings page inside the group or subgroups. 

-New compliance framework labels can be created and updated using GraphQL.
+NOTE:
+Attempting to create compliance frameworks on subgroups via GraphQL will cause the framework to be created on the root ancestor if the user has the correct permissions.
+The web UI presents a read-only view to discourage this behavior.

 #### Compliance pipeline configuration **(ULTIMATE)**

@@ -79,7 +60,7 @@ This feature might not be available to you. Check the **version history** note a
 Group owners can use the compliance pipeline configuration to define compliance requirements
 such as scans or tests, and enforce them in individual projects.

-The [custom compliance framework](#custom-compliance-frameworks) feature allows group owners to specify the location
+The [custom compliance framework](#compliance-frameworks) feature allows group owners to specify the location
 of a compliance pipeline configuration stored and managed in a dedicated project, distinct from a developer's project.

 When you set up the compliance pipeline configuration field, use the
@@ -387,22 +368,3 @@ Add the URL of a Jaeger server to allow your users to [easily access the Jaeger

 [Add Storage credentials](../../../operations/incident_management/status_page.md#sync-incidents-to-the-status-page)
 to enable the syncing of public Issues to a [deployed status page](../../../operations/incident_management/status_page.md#create-a-status-page-project).
-
-### Enable or disable custom compliance frameworks **(PREMIUM)**
-
-Enabling or disabling custom compliance frameworks is under development and not ready for production use. It is
-deployed behind a feature flag that is **disabled by default**.
-[GitLab administrators with access to the GitLab Rails console](../../../administration/feature_flags.md)
-can enable it.
-
-To enable it:
-
-```ruby
-Feature.enable(:ff_custom_compliance_frameworks, Group.find(<group id>))
-```
-
-To disable it:
-
-```ruby
-Feature.disable(:ff_custom_compliance_frameworks, Group.find(<group id>))
-```
--- a/ee/app/graphql/ee/types/namespace_type.rb
+++ b/ee/app/graphql/ee/types/namespace_type.rb
@@ -57,7 +57,7 @@ module EE
        field :compliance_frameworks,
              ::Types::ComplianceManagement::ComplianceFrameworkType.connection_type,
              null: true,
-              description: 'Compliance frameworks available to projects in this namespace. Available only when feature flag `ff_custom_compliance_frameworks` is enabled.',
+              description: 'Compliance frameworks available to projects in this namespace.',
              resolver: ::Resolvers::ComplianceManagement::FrameworkResolver

        def additional_purchased_storage_size

--- a/ee/app/policies/compliance_management/framework_policy.rb
+++ b/ee/app/policies/compliance_management/framework_policy.rb
@@ -5,8 +5,7 @@ module ComplianceManagement
    delegate { @subject.namespace }

    condition(:custom_compliance_frameworks_enabled) do
-      @subject.namespace.feature_available?(:custom_compliance_frameworks) &&
-        Feature.enabled?(:ff_custom_compliance_frameworks, @subject.namespace, default_enabled: :yaml)
+      @subject.namespace.feature_available?(:custom_compliance_frameworks)
    end

    condition(:group_level_compliance_pipeline_enabled) do

--- a/ee/app/policies/ee/group_policy.rb
+++ b/ee/app/policies/ee/group_policy.rb
@@ -119,8 +119,7 @@ module EE
      condition(:eligible_for_trial, scope: :subject) { @subject.eligible_for_trial? }

      condition(:compliance_framework_available) do
-        @subject.feature_available?(:custom_compliance_frameworks) &&
-          ::Feature.enabled?(:ff_custom_compliance_frameworks, @subject, default_enabled: :yaml)
+        @subject.feature_available?(:custom_compliance_frameworks)
      end

      condition(:group_level_compliance_pipeline_available) do

--- a/ee/app/policies/ee/namespace_policy.rb
+++ b/ee/app/policies/ee/namespace_policy.rb
@@ -7,8 +7,7 @@ module EE
    prepended do
      condition(:over_storage_limit, scope: :subject) { @subject.over_storage_limit? }
      condition(:compliance_framework_available) do
-        @subject.feature_available?(:custom_compliance_frameworks) &&
-          ::Feature.enabled?(:ff_custom_compliance_frameworks, @subject, default_enabled: :yaml)
+        @subject.feature_available?(:custom_compliance_frameworks)
      end

      rule { admin & is_gitlab_com }.enable :update_subscription_limit

--- a/ee/app/policies/ee/project_policy.rb
+++ b/ee/app/policies/ee/project_policy.rb
@@ -50,10 +50,6 @@ module EE
        @subject.feature_available?(:project_merge_request_analytics)
      end

-      condition(:custom_compliance_framework_available) do
-        ::Feature.enabled?(:ff_custom_compliance_frameworks, default_enabled: :yaml)
-      end
-
      with_scope :subject
      condition(:group_push_rules_enabled) do
        @subject.group && @subject.group.licensed_feature_available?(:push_rules)
@@ -357,8 +353,7 @@ module EE

      rule { requirements_available & owner }.enable :destroy_requirement

-      rule { compliance_framework_available & can?(:owner_access) }.enable :admin_compliance_framework
-      rule { compliance_framework_available & can?(:maintainer_access) & ~custom_compliance_framework_available }.enable :admin_compliance_framework
+      rule { compliance_framework_available & can?(:maintainer_access) }.enable :admin_compliance_framework

      rule { status_page_available & can?(:owner_access) }.enable :mark_issue_for_publication
      rule { status_page_available & can?(:developer_access) }.enable :publish_status_page

--- a/ee/app/services/ee/projects/update_service.rb
+++ b/ee/app/services/ee/projects/update_service.rb
@@ -78,10 +78,8 @@ module EE
          framework_identifier = settings.delete(:framework)
          if framework_identifier.blank?
            settings.merge!(_destroy: true)
-          elsif ::Feature.enabled?(:ff_custom_compliance_frameworks, project.namespace, default_enabled: :yaml)
-            settings[:compliance_management_framework] = project.namespace.root_ancestor.compliance_management_frameworks.find(framework_identifier)
          else
-            settings[:compliance_management_framework] = ComplianceManagement::Framework.find_or_create_legacy_default_framework(project, framework_identifier)
+            settings[:compliance_management_framework] = project.namespace.root_ancestor.compliance_management_frameworks.find(framework_identifier)
          end
        else
          params.delete(:compliance_framework_setting_attributes)

--- a/ee/app/views/compliance_management/compliance_framework/_project_settings.html.haml
+++ b/ee/app/views/compliance_management/compliance_framework/_project_settings.html.haml
 - user_has_edit_permissions = current_user.can?(:admin_compliance_framework, @project)
 .row
  .form-group.col-md-9.gl-mb-6
-    - if Feature.enabled?(:ff_custom_compliance_frameworks, @project.namespace, default_enabled: :yaml)
-      - frameworks = @project.namespace.root_ancestor.compliance_management_frameworks
-      - if user_has_edit_permissions
-        = f.fields_for :compliance_framework_setting, ComplianceManagement::ComplianceFramework::ProjectSettings.new do |cf|
-          = cf.label :framework, class: 'gl-font-weight-bold' do
-            = _('Compliance framework  (optional)')
-          - if frameworks.any?
-            - selected_default_framework = @project.compliance_framework_setting&.compliance_management_framework&.id
-            = cf.select :framework, options_for_select(frameworks.map { |fw| [fw.name.truncate(88), fw.id] }, selected_default_framework), { selected: '', prompt: _('Choose your framework'), include_blank: _('None') }, { class: 'form-control', disabled: false }
-          - else
-            %p.form-text.text-muted
-              = _("No compliance frameworks are in use. Create one using the GraphQL API.")
-      - else
-        = f.fields_for :compliance_framework_setting, ComplianceManagement::ComplianceFramework::ProjectSettings.new do |cf|
-          = cf.label :framework, class: 'gl-font-weight-bold' do
-            = _('Compliance framework')
-          - if frameworks.any?
-            - selected_framework = @project.compliance_framework_setting&.compliance_management_framework&.name&.truncate(88) || _('None')
-            = cf.text_field :framework, value: selected_framework, class: 'form-control read-only', disabled: true
-            %p.form-text.text-muted
-              = _("Customizable by owners.")
-          - else
-            %p.form-text.text-muted
-              = _("No compliance frameworks are in use.")
-
+    - frameworks = @project.namespace.root_ancestor.compliance_management_frameworks
+    - if user_has_edit_permissions
+      = f.fields_for :compliance_framework_setting, ComplianceManagement::ComplianceFramework::ProjectSettings.new do |cf|
+        = cf.label :framework, class: 'gl-font-weight-bold' do
+          = _('Compliance framework (optional)')
+        - if frameworks.any?
+          - selected_default_framework = @project.compliance_framework_setting&.compliance_management_framework&.id
+          = cf.select :framework, options_for_select(frameworks.map { |fw| [fw.name.truncate(88), fw.id] }, selected_default_framework), { selected: '', prompt: _('Choose your framework'), include_blank: _('None') }, { class: 'form-control', disabled: false }
+        - else
+          %p.form-text.text-muted
+            = _("No compliance frameworks are in use. Create one from the %{link} section in Group Settings.").html_safe % { link: link_to('Compliance frameworks', edit_group_path(@project.namespace.root_ancestor)).html_safe }
    - else
      = f.fields_for :compliance_framework_setting, ComplianceManagement::ComplianceFramework::ProjectSettings.new do |cf|
-        = cf.label :framework, _('Compliance framework (optional)'), class: 'gl-font-weight-bold'
-        - selected_default_framework = @project.compliance_framework_setting&.compliance_management_framework&.default_framework_definition&.identifier
-        = cf.select :framework, options_for_select(compliance_framework_options, selected_default_framework), { selected: '', disabled: '', prompt: _('Choose your framework'), include_blank: _('None') }, class: 'form-control'
-        = link_to _("Learn more."), help_page_path('user/project/settings/index', anchor: 'compliance-framework')
-
+        = cf.label :framework, class: 'gl-font-weight-bold' do
+          = _('Compliance framework')
+        - if frameworks.any?
+          - selected_framework = @project.compliance_framework_setting&.compliance_management_framework&.name&.truncate(88) || _('None')
+          = cf.text_field :framework, value: selected_framework, class: 'form-control read-only', disabled: true
+          %p.form-text.text-muted
+            = _("Customizable by owners.")
+        - else
+          %p.form-text.text-muted
+            = _("No compliance frameworks are in use.")
--- a/ee/changelogs/unreleased/ff-custom_compliance_frameworks_removal.yml
+++ b/ee/changelogs/unreleased/ff-custom_compliance_frameworks_removal.yml
+---
+title: Remove ff_custom_compliance_frameworks flag
+merge_request: 58884
+author:
+type: changed
--- a/ee/config/feature_flags/development/ff_custom_compliance_frameworks.yml
+++ b/ee/config/feature_flags/development/ff_custom_compliance_frameworks.yml
---
-name: ff_custom_compliance_frameworks
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/47779
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/287779
-milestone: '13.7'
-type: development
-group: group::compliance
-default_enabled: true
--- a/ee/spec/controllers/projects_controller_spec.rb
+++ b/ee/spec/controllers/projects_controller_spec.rb
@@ -547,17 +547,6 @@ RSpec.describe ProjectsController do
        end

        it_behaves_like 'no compliance framework is set'
-
-        context 'custom frameworks are disabled' do
-          let(:framework) { ComplianceManagement::Framework::DEFAULT_FRAMEWORKS.last }
-          let(:params) { { compliance_framework_setting_attributes: { framework: framework.identifier } } }
-
-          before do
-            stub_feature_flags(ff_custom_compliance_frameworks: false)
-          end
-
-          it_behaves_like 'no compliance framework is set'
-        end
      end

      context 'when licensed' do
@@ -584,41 +573,6 @@ RSpec.describe ProjectsController do

            expect(project.compliance_framework_setting.compliance_management_framework).to eq(framework)
          end
-
-          context 'custom frameworks are disabled' do
-            let(:framework) { ComplianceManagement::Framework::DEFAULT_FRAMEWORKS.last }
-            let(:params) { { compliance_framework_setting_attributes: { framework: framework.identifier } } }
-
-            before do
-              stub_feature_flags(ff_custom_compliance_frameworks: false)
-            end
-
-            it 'sets the compliance framework based on the framework identifier' do
-              put :update,
-                  params: {
-                    namespace_id: project.namespace,
-                    id: project,
-                    project: params
-                  }
-              project.reload
-
-              expect(project.compliance_framework_setting.compliance_management_framework.name).to eq(framework.name)
-            end
-
-            it 'raises an error when using framework IDs for custom frameworks' do
-              framework = create(:compliance_framework, namespace: project.namespace.root_ancestor)
-              params = { compliance_framework_setting_attributes: { framework: framework.id } }
-
-              expect do
-                put :update,
-                    params: {
-                      namespace_id: project.namespace,
-                      id: project,
-                      project: params
-                    }
-              end.to raise_error(KeyError)
-            end
-          end
        end
      end
    end

--- a/ee/spec/graphql/mutations/compliance_management/frameworks/create_spec.rb
+++ b/ee/spec/graphql/mutations/compliance_management/frameworks/create_spec.rb
@@ -31,20 +31,6 @@ RSpec.describe Mutations::ComplianceManagement::Frameworks::Create do
        stub_licensed_features(custom_compliance_frameworks: true, evaluate_group_level_compliance_pipeline: true)
      end

-      context 'feature flag is disabled' do
-        before do
-          stub_feature_flags(ff_custom_compliance_frameworks: false)
-        end
-
-        it 'does not create a new compliance framework' do
-          expect { subject }.not_to change { namespace.compliance_management_frameworks.count }
-        end
-
-        it 'returns useful error messages' do
-          expect(subject[:errors]).to include 'Not permitted to create framework'
-        end
-      end
-
      context 'current_user is not namespace owner' do
        it 'does not create a new compliance framework' do
          expect { subject }.not_to change { namespace.compliance_management_frameworks.count }

--- a/ee/spec/graphql/mutations/compliance_management/frameworks/destroy_spec.rb
+++ b/ee/spec/graphql/mutations/compliance_management/frameworks/destroy_spec.rb
@@ -36,21 +36,11 @@ RSpec.describe Mutations::ComplianceManagement::Frameworks::Destroy do
    it_behaves_like 'a compliance framework that cannot be found'
  end

-  context 'feature is disabled but is licensed' do
+  context 'feature is licensed' do
    before do
-      stub_feature_flags(ff_custom_compliance_frameworks: false)
      stub_licensed_features(custom_compliance_frameworks: true)
    end

-    it_behaves_like 'a compliance framework that cannot be found'
-  end
-
-  context 'feature is enabled and licensed' do
-    before do
-      stub_licensed_features(custom_compliance_frameworks: true)
-      stub_feature_flags(ff_custom_compliance_frameworks: true)
-    end
-
    context 'current_user is namespace owner' do
      it_behaves_like 'one compliance framework was destroyed'
    end

--- a/ee/spec/graphql/mutations/compliance_management/frameworks/update_spec.rb
+++ b/ee/spec/graphql/mutations/compliance_management/frameworks/update_spec.rb
@@ -19,10 +19,9 @@ RSpec.describe Mutations::ComplianceManagement::Frameworks::Update do

  subject { mutation.resolve(id: global_id_of(framework), params: params) }

-  context 'feature is enabled and licensed' do
+  context 'feature is licensed' do
    before do
      stub_licensed_features(custom_compliance_frameworks: true)
-      stub_feature_flags(ff_custom_compliance_frameworks: true)
    end

    context 'parameters are valid' do

--- a/ee/spec/policies/compliance_management/framework_policy_spec.rb
+++ b/ee/spec/policies/compliance_management/framework_policy_spec.rb
@@ -55,15 +55,4 @@ RSpec.describe ComplianceManagement::FrameworkPolicy do
    it { is_expected.to be_disallowed(:manage_compliance_framework) }
    it { is_expected.to be_disallowed(:manage_group_level_compliance_pipeline_config) }
  end
-
-  context 'feature is disabled' do
-    before do
-      stub_licensed_features(custom_compliance_frameworks: true, evaluate_group_level_compliance_pipeline: true)
-      stub_feature_flags(ff_custom_compliance_frameworks: false)
-      stub_feature_flags(ff_evaluate_group_level_compliance_pipeline: false)
-    end
-
-    it { is_expected.to be_disallowed(:manage_compliance_framework) }
-    it { is_expected.to be_disallowed(:manage_group_level_compliance_pipeline_config) }
-  end
 end
--- a/ee/spec/policies/group_policy_spec.rb
+++ b/ee/spec/policies/group_policy_spec.rb
@@ -1522,7 +1522,6 @@ RSpec.describe GroupPolicy do

      where(:role, :licensed, :feature_flag, :admin_mode, :allowed) do
        :owner      | true  | true  | nil   | true
-        :owner      | true  | false | nil   | false
        :owner      | false | true  | nil   | false
        :owner      | false | false | nil   | false
        :admin      | true  | true  | true  | true
@@ -1538,7 +1537,7 @@ RSpec.describe GroupPolicy do

        before do
          stub_licensed_features(licensed_feature => licensed)
-          stub_feature_flags(feature_flag_name => feature_flag)
+          stub_feature_flags(feature_flag_name => feature_flag) if feature_flag_name
          enable_admin_mode!(current_user) if admin_mode
        end

@@ -1549,7 +1548,7 @@ RSpec.describe GroupPolicy do
    context ':admin_compliance_framework' do
      let(:policy) { :admin_compliance_framework }
      let(:licensed_feature) { :custom_compliance_frameworks }
-      let(:feature_flag_name) { :ff_custom_compliance_frameworks }
+      let(:feature_flag_name) { nil }

      include_examples 'compliance framework permissions'
    end

--- a/ee/spec/policies/namespace_policy_spec.rb
+++ b/ee/spec/policies/namespace_policy_spec.rb
@@ -53,10 +53,9 @@ RSpec.describe NamespacePolicy do
      it { is_expected.to(be_disallowed(:admin_compliance_framework)) }
    end

-    context 'when feature is available' do
+    context 'when feature is licensed' do
      before do
        stub_licensed_features(custom_compliance_frameworks: true)
-        stub_feature_flags(ff_custom_compliance_frameworks: true)
      end

      context 'when user is admin', :enable_admin_mode do
@@ -72,10 +71,9 @@ RSpec.describe NamespacePolicy do
      end
    end

-    context 'when feature is not available' do
+    context 'when feature is not licensed' do
      before do
        stub_licensed_features(custom_compliance_frameworks: false)
-        stub_feature_flags(ff_custom_compliance_frameworks: false)
      end

      context 'when user is admin', :enable_admin_mode do

--- a/ee/spec/policies/project_policy_spec.rb
+++ b/ee/spec/policies/project_policy_spec.rb
@@ -1359,29 +1359,26 @@ RSpec.describe ProjectPolicy do

    let(:policy) { :admin_compliance_framework }

-    where(:role, :feature_enabled, :admin_mode, :custom_framework_flag, :allowed) do
-      :guest      | false | nil   | false | false
-      :guest      | true  | nil   | false | false
-      :reporter   | false | nil   | false | false
-      :reporter   | true  | nil   | false | false
-      :developer  | false | nil   | false | false
-      :developer  | true  | nil   | false | false
-      :maintainer | false | nil   | false | false
-      :maintainer | true  | nil   | false | true
-      :maintainer | true  | nil   | true  | false
-      :owner      | false | nil   | false | false
-      :owner      | true  | nil   | false | true
-      :admin      | false | false | false | false
-      :admin      | false | true  | false | false
-      :admin      | true  | false | false | false
-      :admin      | true  | true  | false | true
+    where(:role, :feature_enabled, :admin_mode, :allowed) do
+      :guest      | false | nil   | false
+      :guest      | true  | nil   | false
+      :reporter   | false | nil   | false
+      :reporter   | true  | nil   | false
+      :developer  | false | nil   | false
+      :maintainer | false | nil   | false
+      :maintainer | true  | nil   | true
+      :owner      | false | nil   | false
+      :owner      | true  | nil   | true
+      :admin      | false | false | false
+      :admin      | false | true  | false
+      :admin      | true  | false | false
+      :admin      | true  | true  | true
    end

    with_them do
      let(:current_user) { public_send(role) }

      before do
-        stub_feature_flags(ff_custom_compliance_frameworks: custom_framework_flag)
        stub_licensed_features(compliance_framework: feature_enabled)
        enable_admin_mode!(current_user) if admin_mode
      end

--- a/ee/spec/requests/api/graphql/mutations/compliance_management/frameworks/create_spec.rb
+++ b/ee/spec/requests/api/graphql/mutations/compliance_management/frameworks/create_spec.rb
@@ -65,14 +65,6 @@ RSpec.describe 'Create a Compliance Framework' do
      stub_licensed_features(custom_compliance_frameworks: true, evaluate_group_level_compliance_pipeline: true)
    end

-    context 'framework feature is disabled' do
-      before do
-        stub_feature_flags(ff_custom_compliance_frameworks: false)
-      end
-
-      it_behaves_like 'a mutation that returns errors in the response', errors: ['Not permitted to create framework']
-    end
-
    context 'pipeline configuration feature is disabled' do
      before do
        stub_feature_flags(ff_evaluate_group_level_compliance_pipeline: false)

--- a/ee/spec/requests/api/graphql/mutations/compliance_management/frameworks/destroy_spec.rb
+++ b/ee/spec/requests/api/graphql/mutations/compliance_management/frameworks/destroy_spec.rb
@@ -19,7 +19,6 @@ RSpec.describe 'Delete a compliance framework' do

    before do
      stub_licensed_features(custom_compliance_frameworks: false)
-      stub_feature_flags(ff_custom_compliance_frameworks: true)
    end

    it 'does not destroy a compliance framework' do
@@ -30,10 +29,9 @@ RSpec.describe 'Delete a compliance framework' do
                    errors: ["The resource that you are attempting to access does not exist or you don't have permission to perform this action"]
  end

-  context 'when licensed and enabled' do
+  context 'when licensed' do
    before do
      stub_licensed_features(custom_compliance_frameworks: true)
-      stub_feature_flags(ff_custom_compliance_frameworks: true)
    end

    context 'current_user is namespace owner' do

--- a/ee/spec/requests/api/graphql/mutations/compliance_management/frameworks/update_spec.rb
+++ b/ee/spec/requests/api/graphql/mutations/compliance_management/frameworks/update_spec.rb
@@ -42,10 +42,9 @@ RSpec.describe 'Update a compliance framework' do
                    errors: ["The resource that you are attempting to access does not exist or you don't have permission to perform this action"]
  end

-  context 'feature is licensed and enabled' do
+  context 'feature is licensed' do
    before do
      stub_licensed_features(custom_compliance_frameworks: true)
-      stub_feature_flags(ff_custom_compliance_frameworks: true)
    end

    context 'with valid params' do

--- a/ee/spec/requests/api/graphql/namespace/compliance_frameworks_spec.rb
+++ b/ee/spec/requests/api/graphql/namespace/compliance_frameworks_spec.rb
@@ -19,7 +19,6 @@ RSpec.describe 'getting a list of compliance frameworks for a root namespace' do
  context 'when authenticated as the namespace owner' do
    before do
      stub_licensed_features(custom_compliance_frameworks: true)
-      stub_feature_flags(ff_custom_compliance_frameworks: true)
    end

    let(:current_user) { namespace.owner }
@@ -116,18 +115,6 @@ RSpec.describe 'getting a list of compliance frameworks for a root namespace' do
        expect(graphql_data_at(:c, :complianceFrameworks, :nodes, :name)).to contain_exactly('SOX')
      end
    end
-
-    context 'feature is disabled' do
-      before do
-        stub_feature_flags(ff_custom_compliance_frameworks: false)
-      end
-
-      it 'responds with error when querying a compliance framework' do
-        post_graphql(query, current_user: current_user)
-
-        expect(graphql_errors).to contain_exactly(include('message' => "The resource that you are attempting to access does not exist or you don't have permission to perform this action"))
-      end
-    end
  end

  context 'when authenticated as a different user' do

--- a/ee/spec/requests/groups/compliance_frameworks_spec.rb
+++ b/ee/spec/requests/groups/compliance_frameworks_spec.rb
@@ -11,9 +11,8 @@ RSpec.describe 'group compliance frameworks' do
    login_as(user)
  end

-  context 'when compliance frameworks feature is disabled' do
+  context 'when compliance frameworks feature is unlicensed' do
    before do
-      stub_feature_flags(ff_custom_compliance_frameworks: false)
      stub_licensed_features(custom_compliance_frameworks: false)
    end

@@ -34,9 +33,8 @@ RSpec.describe 'group compliance frameworks' do
    end
  end

-  context 'when compliance frameworks feature is enabled' do
+  context 'when compliance frameworks feature is licensed' do
    before do
-      stub_feature_flags(ff_custom_compliance_frameworks: true)
      stub_licensed_features(custom_compliance_frameworks: true)
    end


--- a/ee/spec/services/compliance_management/frameworks/update_service_spec.rb
+++ b/ee/spec/services/compliance_management/frameworks/update_service_spec.rb
@@ -22,18 +22,9 @@ RSpec.describe ComplianceManagement::Frameworks::UpdateService do
    end
  end

-  context 'feature is disabled' do
+  context 'feature is unlicensed' do
    before do
-      stub_feature_flags(ff_custom_compliance_frameworks: false)
-    end
-
-    it_behaves_like 'a failed update request'
-  end
-
-  context 'feature is licensed but disabled' do
-    before do
-      stub_feature_flags(ff_custom_compliance_frameworks: false)
-      stub_licensed_features(custom_compliance_frameworks: true)
+      stub_licensed_features(custom_compliance_frameworks: false)
    end

    it_behaves_like 'a failed update request'
@@ -45,10 +36,9 @@ RSpec.describe ComplianceManagement::Frameworks::UpdateService do
    it_behaves_like 'a failed update request'
  end

-  context 'when feature is enabled and licensed' do
+  context 'when feature is licensed' do
    before do
      stub_licensed_features(custom_compliance_frameworks: true)
-      stub_feature_flags(ff_custom_compliance_frameworks: true)
    end

    context 'with an invalid param passed' do

--- a/ee/spec/services/projects/update_service_spec.rb
+++ b/ee/spec/services/projects/update_service_spec.rb
@@ -277,49 +277,10 @@ RSpec.describe Projects::UpdateService, '#execute' do
    end
  end

-  context 'when custom compliance frameworks are disabled' do
-    let(:project_setting) { create(:compliance_framework_project_setting, :gdpr) }
-
-    before do
-      stub_licensed_features(compliance_framework: true)
-      stub_feature_flags(ff_custom_compliance_frameworks: false)
-      project.update!(compliance_framework_setting: project_setting)
-    end
-
-    context 'when framework is not blank' do
-      let(:framework) { ComplianceManagement::Framework::DEFAULT_FRAMEWORKS_BY_IDENTIFIER[:hipaa] }
-      let(:opts) { { compliance_framework_setting_attributes: { framework: framework.identifier } } }
-
-      it 'saves the framework' do
-        expect { update_project(project, user, opts) }.to change {
-          project
-            .reload
-            .compliance_framework_setting
-            .compliance_management_framework
-            .name
-        }.from('GDPR').to('HIPAA')
-      end
-    end
-
-    context 'when framework is blank' do
-      let(:opts) { { compliance_framework_setting_attributes: { framework: '' } } }
-
-      it 'removes the framework record' do
-        update_project(project, user, opts)
-
-        expect(project.reload.compliance_framework_setting).to be_nil
-      end
-    end
-  end
-
-  context 'when ff_custom_compliance_frameworks flag is enabled' do
+  context 'custom compliance frameworks' do
    let(:framework) { create(:compliance_framework, namespace: project.namespace) }
    let(:opts) { { compliance_framework_setting_attributes: { framework: framework.id } } }

-    before do
-      stub_feature_flags(ff_custom_compliance_frameworks: true)
-    end
-
    context 'when current_user has :admin_compliance_framework ability' do
      before do
        stub_licensed_features(compliance_framework: true)
@@ -357,35 +318,6 @@ RSpec.describe Projects::UpdateService, '#execute' do
    end
  end

-  context 'when compliance framework feature is disabled' do
-    let(:framework) { ComplianceManagement::Framework::DEFAULT_FRAMEWORKS_BY_IDENTIFIER[:sox] }
-    let(:opts) { { compliance_framework_setting_attributes: { framework: framework.identifier } } }
-
-    before do
-      stub_licensed_features(compliance_framework: false)
-    end
-
-    context 'the project had the feature before' do
-      let(:project_setting) { create(:compliance_framework_project_setting) }
-
-      before do
-        project.update!(compliance_framework_setting: project_setting)
-      end
-
-      it 'does not save the new framework and retains the old setting' do
-        expect { update_project(project, user, opts) }.not_to change { framework.name }
-      end
-    end
-
-    context 'the project never had the feature' do
-      it 'does not save the framework' do
-        update_project(project, user, opts)
-
-        expect(project.reload.compliance_framework_setting).to be_nil
-      end
-    end
-  end
-
  it 'returns an error result when record cannot be updated' do
    admin = create(:admin)


--- a/ee/spec/views/compliance_management/compliance_framework/_project_settings.html.haml_spec.rb
+++ b/ee/spec/views/compliance_management/compliance_framework/_project_settings.html.haml_spec.rb
@@ -14,81 +14,59 @@ RSpec.describe 'projects/edit.html.haml' do
    stub_licensed_features(custom_compliance_frameworks: true)
  end

-  context 'feature enabled' do
-    before do
-      stub_feature_flags(ff_custom_compliance_frameworks: true)
-    end
-
-    context 'group has compliance frameworks' do
-      let_it_be(:framework) { create(:compliance_framework, namespace: group, name: 'Custom framework 23') }
-
-      it 'includes a dropdown including that framework' do
-        render
-
-        expect(rendered).to match /Custom framework 23/
-      end
-
-      it 'does not include warning message' do
-        render
+  context 'group has compliance frameworks' do
+    let_it_be(:framework) { create(:compliance_framework, namespace: group, name: 'Custom framework 23') }

-        expect(rendered).not_to match /Customizable by owners./
-      end
-
-      it 'contains the dropdown' do
-        render
+    it 'includes a dropdown including that framework' do
+      render

-        expect(rendered).to have_css('select[id=project_compliance_framework_setting_attributes_framework]')
-        expect(rendered).not_to have_css('select[id=project_compliance_framework_setting_attributes_framework][disabled="disabled"]')
-      end
+      expect(rendered).to match /Custom framework 23/
+    end

-      context 'user is group maintainer' do
-        let_it_be(:maintainer) { create(:user) }
+    it 'does not include warning message' do
+      render

-        before do
-          group.add_maintainer(maintainer)
-          allow(view).to receive(:current_user).and_return(maintainer)
-        end
+      expect(rendered).not_to match /Customizable by owners./
+    end

-        it 'includes warning message' do
-          render
+    it 'contains the dropdown' do
+      render

-          expect(rendered).to match /Customizable by owners./
-        end
+      expect(rendered).to have_css('select[id=project_compliance_framework_setting_attributes_framework]')
+      expect(rendered).not_to have_css('select[id=project_compliance_framework_setting_attributes_framework][disabled="disabled"]')
+    end

-        it 'disables the dropdown' do
-          render
+    context 'user is group maintainer' do
+      let_it_be(:maintainer) { create(:user) }

-          expect(rendered).to have_css('input[id=project_compliance_framework_setting_attributes_framework][disabled="disabled"]')
-        end
+      before do
+        group.add_maintainer(maintainer)
+        allow(view).to receive(:current_user).and_return(maintainer)
      end
-    end

-    context 'group has no compliance frameworks' do
-      before do
-        group.compliance_management_frameworks.delete_all
+      it 'includes warning message' do
+        render
+
+        expect(rendered).to match /Customizable by owners./
      end

-      it 'shows a notification' do
+      it 'disables the dropdown' do
        render

-        expect(rendered).to match /No compliance frameworks are in use. Create one using the GraphQL API./
+        expect(rendered).to have_css('input[id=project_compliance_framework_setting_attributes_framework][disabled="disabled"]')
      end
    end
  end

-  context 'feature disabled' do
+  context 'group has no compliance frameworks' do
    before do
-      stub_feature_flags(ff_custom_compliance_frameworks: false)
+      group.compliance_management_frameworks.delete_all
    end

-    it 'includes a dropdown including only the hard-coded frameworks' do
+    it 'shows a notification' do
      render

-      expect(rendered).to match /GDPR/
-      expect(rendered).to match /HIPAA/
-      expect(rendered).to match /PCI-DSS/
-      expect(rendered).to match /SOC 2/
-      expect(rendered).to match /SOX/
+      expect(rendered).to match /No compliance frameworks are in use. Create one from the .* section in Group Settings./
    end
  end
 end
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -8182,9 +8182,6 @@ msgstr ""
 msgid "Compliance framework"
 msgstr ""

-msgid "Compliance framework  (optional)"
-msgstr ""
-
 msgid "Compliance framework (optional)"
 msgstr ""

@@ -21915,7 +21912,7 @@ msgstr ""
 msgid "No compliance frameworks are in use."
 msgstr ""

-msgid "No compliance frameworks are in use. Create one using the GraphQL API."
+msgid "No compliance frameworks are in use. Create one from the %{link} section in Group Settings."
 msgstr ""

 msgid "No confirmation email received? Please check your spam folder or"