Merge branch '325410-remove-api-fuzzing-configuration-ui-ff' into 'master'

Remove the api_fuzzing_configuration_ui feature flag [RUN ALL RSPEC] [RUN AS-IF-FOSS] See merge request gitlab-org/gitlab!57583

Merge branch '325410-remove-api-fuzzing-configuration-ui-ff' into 'master'
Remove the api_fuzzing_configuration_ui feature flag [RUN ALL RSPEC] [RUN AS-IF-FOSS] See merge request gitlab-org/gitlab!57583
4281600b · Mikołaj Wawrzyniak · 6e5f5388 · c844bc75 · 4281600b · 4281600b
Commit 4281600b authored Mar 31, 2021 by Mikołaj Wawrzyniak
13 changed files
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -4746,7 +4746,7 @@ An edge in a connection.
 | `alertManagementIntegrations` | [`AlertManagementIntegrationConnection`](#alertmanagementintegrationconnection) | Integrations which can receive alerts for the project. |
 | `alertManagementPayloadFields` | [`[AlertManagementPayloadAlertField!]`](#alertmanagementpayloadalertfield) | Extract alert fields from payload for custom mapping. |
 | `allowMergeOnSkippedPipeline` | [`Boolean`](#boolean) | If `only_allow_merge_if_pipeline_succeeds` is true, indicates if merge requests of the project can also be merged with skipped jobs. |
-| `apiFuzzingCiConfiguration` | [`ApiFuzzingCiConfiguration`](#apifuzzingciconfiguration) | API fuzzing configuration for the project. Null unless feature flag `api_fuzzing_configuration_ui` is enabled. |
+| `apiFuzzingCiConfiguration` | [`ApiFuzzingCiConfiguration`](#apifuzzingciconfiguration) | API fuzzing configuration for the project. |
 | `archived` | [`Boolean`](#boolean) | Indicates the archived status of the project. |
 | `autocloseReferencedIssues` | [`Boolean`](#boolean) | Indicates if issues referenced by merge requests and commits within the default branch are closed automatically. |
 | `avatarUrl` | [`String`](#string) | URL to avatar image file of the project. |

--- a/doc/user/application_security/api_fuzzing/index.md
+++ b/doc/user/application_security/api_fuzzing/index.md
@@ -74,10 +74,6 @@ starting in GitLab 14.0, GitLab will not check your repository's root for config
 ### Configuration form

 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/299234) in GitLab 13.10.
-> - It's [deployed behind a feature flag](../../../user/feature_flags.md), enabled by default.
-> - It's enabled on GitLab.com.
-> - It's recommended for production use.
-> - For GitLab self-managed instances, GitLab administrators can opt to [disable it](#enable-or-disable-api-fuzzing-configuration-form). **(ULTIMATE)**

 WARNING:
 This feature might not be available to you. Check the **version history** note above for details.
@@ -103,25 +99,6 @@ to your project's `.gitlab-ci.yml` file where you can paste the YAML configurati

 Select **Copy code only** to copy the snippet to your clipboard and close the modal.

-#### Enable or disable API Fuzzing configuration form **(ULTIMATE)**
-
-The API Fuzzing configuration form is under development but ready for production use.
-It is deployed behind a feature flag that is **enabled by default**.
-[GitLab administrators with access to the GitLab Rails console](../../../administration/feature_flags.md)
-can opt to disable it.
-
-To enable it:
-
-```ruby
-Feature.enable(:api_fuzzing_configuration_ui)
-```
-
-To disable it:
-
-```ruby
-Feature.disable(:api_fuzzing_configuration_ui)
-```
-
 ### OpenAPI Specification

 > Support for OpenAPI Specification v3 was

--- a/ee/app/controllers/ee/projects/security/configuration_controller.rb
+++ b/ee/app/controllers/ee/projects/security/configuration_controller.rb
@@ -14,7 +14,6 @@ module EE

          before_action only: [:show] do
            push_frontend_feature_flag(:security_auto_fix, project, default_enabled: false)
-            push_frontend_feature_flag(:api_fuzzing_configuration_ui, project, default_enabled: :yaml)
            push_frontend_feature_flag(:sec_dependency_scanning_ui_enable, project, default_enabled: :yaml)
          end


--- a/ee/app/controllers/projects/security/api_fuzzing_configuration_controller.rb
+++ b/ee/app/controllers/projects/security/api_fuzzing_configuration_controller.rb
@@ -11,7 +11,6 @@ module Projects
      feature_category :fuzz_testing

      def show
-        not_found unless Feature.enabled?(:api_fuzzing_configuration_ui, @project, default_enabled: :yaml)
      end
    end
  end

--- a/ee/app/graphql/ee/types/project_type.rb
+++ b/ee/app/graphql/ee/types/project_type.rb
@@ -133,8 +133,7 @@ module EE
        field :api_fuzzing_ci_configuration,
              ::Types::AppSec::Fuzzing::Api::CiConfigurationType,
              null: true,
-              description: 'API fuzzing configuration for the project. '\
-                           'Null unless feature flag `api_fuzzing_configuration_ui` is enabled.'
+              description: 'API fuzzing configuration for the project. '

        field :push_rules,
              ::Types::PushRulesType,
@@ -144,8 +143,7 @@ module EE
      end

      def api_fuzzing_ci_configuration
-        return unless ::Feature.enabled?(:api_fuzzing_configuration_ui, object, default_enabled: :yaml) && \
-                      Ability.allowed?(current_user, :read_vulnerability, object)
+        return unless Ability.allowed?(current_user, :read_vulnerability, object)

        configuration = ::AppSec::Fuzzing::Api::CiConfiguration.new(project: object)


--- a/ee/app/graphql/mutations/app_sec/fuzzing/api/ci_configuration/create.rb
+++ b/ee/app/graphql/mutations/app_sec/fuzzing/api/ci_configuration/create.rb
@@ -53,8 +53,6 @@ module Mutations
            def resolve(args)
              project = authorized_find!(args[:project_path])

-              raise_feature_off_error unless feature_enabled?(project)
-
              create_service = ::AppSec::Fuzzing::Api::CiConfigurationCreateService.new(
                container: project, current_user: current_user, params: args
              )
@@ -72,10 +70,6 @@ module Mutations
              raise ::Gitlab::Graphql::Errors::ResourceNotAvailable,
                'The API fuzzing CI configuration feature is off'
            end
-
-            def feature_enabled?(project)
-              Feature.enabled?(:api_fuzzing_configuration_ui, project, default_enabled: :yaml)
-            end
          end
        end
      end

--- a/ee/app/presenters/projects/security/configuration_presenter.rb
+++ b/ee/app/presenters/projects/security/configuration_presenter.rb
@@ -91,7 +91,7 @@ module Projects
        {
          sast: project_security_configuration_sast_path(project),
          dast_profiles: project_security_configuration_dast_scans_path(project),
-          api_fuzzing: ::Feature.enabled?(:api_fuzzing_configuration_ui, project, default_enabled: :yaml) ? project_security_configuration_api_fuzzing_path(project) : nil
+          api_fuzzing: project_security_configuration_api_fuzzing_path(project)
        }[type]
      end
    end

--- a/ee/changelogs/unreleased/325410-remove-api-fuzzing-configuration-ui-ff.yml
+++ b/ee/changelogs/unreleased/325410-remove-api-fuzzing-configuration-ui-ff.yml
+---
+title: Remove the api_fuzzing_configuration_ui feature flag
+merge_request: 57583
+author:
+type: changed
--- a/ee/config/feature_flags/development/api_fuzzing_configuration_ui.yml
+++ b/ee/config/feature_flags/development/api_fuzzing_configuration_ui.yml
---
-name: api_fuzzing_configuration_ui
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/51940
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/299234
-milestone: '13.9'
-type: development
-group: group::fuzz testing
-default_enabled: true
--- a/ee/spec/controllers/projects/security/api_fuzzing_configuration_controller_spec.rb
+++ b/ee/spec/controllers/projects/security/api_fuzzing_configuration_controller_spec.rb
@@ -51,18 +51,6 @@ RSpec.describe Projects::Security::ApiFuzzingConfigurationController do

        expect(response.body).to have_active_sub_navigation('Configuration')
      end
-
-      context 'with feature flag disabled' do
-        before do
-          stub_feature_flags(api_fuzzing_configuration_ui: false)
-        end
-
-        it 'returns a 404 for an HTML request' do
-          request
-
-          expect(response).to have_gitlab_http_status(:not_found)
-        end
-      end
    end

    context 'with unauthorized user' do

--- a/ee/spec/graphql/mutations/app_sec/fuzzing/api/ci_configuration/create_spec.rb
+++ b/ee/spec/graphql/mutations/app_sec/fuzzing/api/ci_configuration/create_spec.rb
@@ -30,42 +30,23 @@ RSpec.describe Mutations::AppSec::Fuzzing::Api::CiConfiguration::Create do
        stub_licensed_features(security_dashboard: true)
      end

-      context 'when the api_fuzzing_configuration_ui feature is on' do
-        before do
-          stub_feature_flags(api_fuzzing_configuration_ui: true)
-        end
-
-        it 'returns a YAML snippet that can be used to configure API fuzzing scans for the project' do
-          aggregate_failures do
-            expect(subject[:errors]).to be_empty
-            expect(subject[:gitlab_ci_yaml_edit_path]).to eq(
-              Rails.application.routes.url_helpers.project_ci_pipeline_editor_path(project)
-            )
-            expect(Psych.load(subject[:configuration_yaml])).to eq({
-              'stages' => ['fuzz'],
-              'include' => [{ 'template' => 'API-Fuzzing.gitlab-ci.yml' }],
-              'variables' => {
-                'FUZZAPI_HTTP_PASSWORD' => '$PASSWORD',
-                'FUZZAPI_HTTP_USERNAME' => '$USERNAME',
-                'FUZZAPI_HAR' => 'https://api.gov/api_spec',
-                'FUZZAPI_PROFILE' => 'Quick-10',
-                'FUZZAPI_TARGET_URL' => 'https://api.gov'
-              }
-            })
-          end
-        end
-
-        context 'when the api_fuzzing_configuration_ui feature is off' do
-          before do
-            stub_feature_flags(api_fuzzing_configuration_ui: false)
-          end
-
-          it 'errors' do
-            expect { subject }.to raise_error(
-              ::Gitlab::Graphql::Errors::ResourceNotAvailable,
-              'The API fuzzing CI configuration feature is off'
-            )
-          end
+      it 'returns a YAML snippet that can be used to configure API fuzzing scans for the project' do
+        aggregate_failures do
+          expect(subject[:errors]).to be_empty
+          expect(subject[:gitlab_ci_yaml_edit_path]).to eq(
+            Rails.application.routes.url_helpers.project_ci_pipeline_editor_path(project)
+          )
+          expect(Psych.load(subject[:configuration_yaml])).to eq({
+            'stages' => ['fuzz'],
+            'include' => [{ 'template' => 'API-Fuzzing.gitlab-ci.yml' }],
+            'variables' => {
+              'FUZZAPI_HTTP_PASSWORD' => '$PASSWORD',
+              'FUZZAPI_HTTP_USERNAME' => '$USERNAME',
+              'FUZZAPI_HAR' => 'https://api.gov/api_spec',
+              'FUZZAPI_PROFILE' => 'Quick-10',
+              'FUZZAPI_TARGET_URL' => 'https://api.gov'
+            }
+          })
        end
      end


--- a/ee/spec/requests/api/graphql/app_sec/fuzzing/api/ci_configuration_type_spec.rb
+++ b/ee/spec/requests/api/graphql/app_sec/fuzzing/api/ci_configuration_type_spec.rb
@@ -42,58 +42,38 @@ RSpec.describe 'Query.project(fullPath).apiFuzzingCiConfiguration' do
    ).to_return(body: profiles_yaml)
  end

-  context 'when the api_fuzzing_configuration_ui feature flag is enabled' do
+  context 'when the user can read vulnerabilities for the project' do
    before do
-      stub_feature_flags(api_fuzzing_configuration_ui: true)
+      stub_licensed_features(security_dashboard: true)
    end

-    context 'when the user can read vulnerabilities for the project' do
-      before do
-        stub_licensed_features(security_dashboard: true)
-      end
-
-      it 'returns scan modes and scan profiles' do
-        post_graphql(query, current_user: user)
-
-        expect(response).to have_gitlab_http_status(:ok)
-
-        fuzzing_config = graphql_data.dig('project', 'apiFuzzingCiConfiguration')
-        modes = fuzzing_config['scanModes']
-        profiles = fuzzing_config['scanProfiles']
-        expect(modes).to contain_exactly('HAR', 'OPENAPI', 'POSTMAN')
-        expect(profiles).to contain_exactly({
-          'name' => 'Quick-10',
-          'description' => 'Fuzzing 10 times per parameter',
-          'yaml' => "---\nName: Quick-10\n"
-        })
-      end
-    end
-
-    context 'when the user cannot read vulnerabilities for the project' do
-      before do
-        stub_licensed_features(security_dashboard: false)
-      end
-
-      it 'returns nil' do
-        post_graphql(query, current_user: user)
+    it 'returns scan modes and scan profiles' do
+      post_graphql(query, current_user: user)

-        expect(response).to have_gitlab_http_status(:ok)
+      expect(response).to have_gitlab_http_status(:ok)

-        fuzzing_config = graphql_data.dig('project', 'apiFuzzingCiConfiguration')
-        expect(fuzzing_config).to be_nil
-      end
+      fuzzing_config = graphql_data.dig('project', 'apiFuzzingCiConfiguration')
+      modes = fuzzing_config['scanModes']
+      profiles = fuzzing_config['scanProfiles']
+      expect(modes).to contain_exactly('HAR', 'OPENAPI', 'POSTMAN')
+      expect(profiles).to contain_exactly({
+        'name' => 'Quick-10',
+        'description' => 'Fuzzing 10 times per parameter',
+        'yaml' => "---\nName: Quick-10\n"
+      })
    end
  end

-  context 'when the api_fuzzing_configuration_ui feature flag is disabled' do
+  context 'when the user cannot read vulnerabilities for the project' do
    before do
-      stub_feature_flags(api_fuzzing_configuration_ui: false)
+      stub_licensed_features(security_dashboard: false)
    end

    it 'returns nil' do
      post_graphql(query, current_user: user)

      expect(response).to have_gitlab_http_status(:ok)
+
      fuzzing_config = graphql_data.dig('project', 'apiFuzzingCiConfiguration')
      expect(fuzzing_config).to be_nil
    end

--- a/ee/spec/requests/api/graphql/mutations/app_sec/fuzzing/api/ci_configuration/create_spec.rb
+++ b/ee/spec/requests/api/graphql/mutations/app_sec/fuzzing/api/ci_configuration/create_spec.rb
@@ -33,7 +33,6 @@ RSpec.describe 'CreateApiFuzzingCiConfiguration' do
  end

  before do
-    stub_feature_flags(api_fuzzing_configuration_ui: true)
    stub_licensed_features(security_dashboard: true)
  end