Merge branch 'djadmin-dast-site-ff-removal' into 'master'

Remove DAST site profile related feature flags [RUN ALL RSPEC] [RUN AS-IF-FOSS]

See merge request gitlab-org/gitlab!61460

config/feature_flags/development/security_dast_site_profiles_additional_fields.yml

----
-name: security_dast_site_profiles_additional_fields
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/46848
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/292897
-milestone: '13.7'
-type: development
-group: group::dynamic analysis
-default_enabled: true

config/feature_flags/development/security_dast_site_profiles_api_option.yml

----
-name: security_dast_site_profiles_api_option
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/58723
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/325130
-milestone: '13.12'
-type: development
-group: group::dynamic analysis
-default_enabled: true

doc/api/graphql/reference/index.md

@@ -1533,13 +1533,13 @@ Input type: `DastSiteProfileCreateInput`
 
 | Name | Type | Description |
 | ---- | ---- | ----------- |
-| <a id="mutationdastsiteprofilecreateauth"></a>`auth` | [`DastSiteProfileAuthInput`](#dastsiteprofileauthinput) | Parameters for authentication. Will be ignored if `security_dast_site_profiles_additional_fields` feature flag is disabled. |
+| <a id="mutationdastsiteprofilecreateauth"></a>`auth` | [`DastSiteProfileAuthInput`](#dastsiteprofileauthinput) | Parameters for authentication. |
 | <a id="mutationdastsiteprofilecreateclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
-| <a id="mutationdastsiteprofilecreateexcludedurls"></a>`excludedUrls` | [`[String!]`](#string) | The URLs to skip during an authenticated scan. Defaults to `[]`. Will be ignored if `security_dast_site_profiles_additional_fields` feature flag is disabled. |
+| <a id="mutationdastsiteprofilecreateexcludedurls"></a>`excludedUrls` | [`[String!]`](#string) | The URLs to skip during an authenticated scan. Defaults to `[]`. |
 | <a id="mutationdastsiteprofilecreatefullpath"></a>`fullPath` | [`ID!`](#id) | The project the site profile belongs to. |
 | <a id="mutationdastsiteprofilecreateprofilename"></a>`profileName` | [`String!`](#string) | The name of the site profile. |
-| <a id="mutationdastsiteprofilecreaterequestheaders"></a>`requestHeaders` | [`String`](#string) | Comma-separated list of request header names and values to be added to every request made by DAST. Will be ignored if `security_dast_site_profiles_additional_fields` feature flag is disabled. |
-| <a id="mutationdastsiteprofilecreatetargettype"></a>`targetType` | [`DastTargetTypeEnum`](#dasttargettypeenum) | The type of target to be scanned. Will be ignored if `security_dast_site_profiles_api_option` feature flag is disabled. |
+| <a id="mutationdastsiteprofilecreaterequestheaders"></a>`requestHeaders` | [`String`](#string) | Comma-separated list of request header names and values to be added to every request made by DAST. |
+| <a id="mutationdastsiteprofilecreatetargettype"></a>`targetType` | [`DastTargetTypeEnum`](#dasttargettypeenum) | The type of target to be scanned. |
 | <a id="mutationdastsiteprofilecreatetargeturl"></a>`targetUrl` | [`String`](#string) | The URL of the target to be scanned. |
 
 #### Fields
@@ -1577,14 +1577,14 @@ Input type: `DastSiteProfileUpdateInput`
 
 | Name | Type | Description |
 | ---- | ---- | ----------- |
-| <a id="mutationdastsiteprofileupdateauth"></a>`auth` | [`DastSiteProfileAuthInput`](#dastsiteprofileauthinput) | Parameters for authentication. Will be ignored if `security_dast_site_profiles_additional_fields` feature flag is disabled. |
+| <a id="mutationdastsiteprofileupdateauth"></a>`auth` | [`DastSiteProfileAuthInput`](#dastsiteprofileauthinput) | Parameters for authentication. |
 | <a id="mutationdastsiteprofileupdateclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
-| <a id="mutationdastsiteprofileupdateexcludedurls"></a>`excludedUrls` | [`[String!]`](#string) | The URLs to skip during an authenticated scan. Will be ignored if `security_dast_site_profiles_additional_fields` feature flag is disabled. |
+| <a id="mutationdastsiteprofileupdateexcludedurls"></a>`excludedUrls` | [`[String!]`](#string) | The URLs to skip during an authenticated scan. |
 | <a id="mutationdastsiteprofileupdatefullpath"></a>`fullPath` | [`ID!`](#id) | The project the site profile belongs to. |
 | <a id="mutationdastsiteprofileupdateid"></a>`id` | [`DastSiteProfileID!`](#dastsiteprofileid) | ID of the site profile to be updated. |
 | <a id="mutationdastsiteprofileupdateprofilename"></a>`profileName` | [`String!`](#string) | The name of the site profile. |
-| <a id="mutationdastsiteprofileupdaterequestheaders"></a>`requestHeaders` | [`String`](#string) | Comma-separated list of request header names and values to be added to every request made by DAST. Will be ignored if `security_dast_site_profiles_additional_fields` feature flag is disabled. |
-| <a id="mutationdastsiteprofileupdatetargettype"></a>`targetType` | [`DastTargetTypeEnum`](#dasttargettypeenum) | The type of target to be scanned. Will be ignored if `security_dast_site_profiles_api_option` feature flag is disabled. |
+| <a id="mutationdastsiteprofileupdaterequestheaders"></a>`requestHeaders` | [`String`](#string) | Comma-separated list of request header names and values to be added to every request made by DAST. |
+| <a id="mutationdastsiteprofileupdatetargettype"></a>`targetType` | [`DastTargetTypeEnum`](#dasttargettypeenum) | The type of target to be scanned. |
 | <a id="mutationdastsiteprofileupdatetargeturl"></a>`targetUrl` | [`String`](#string) | The URL of the target to be scanned. |
 
 #### Fields
@@ -7857,15 +7857,15 @@ Represents a DAST Site Profile.
 
 | Name | Type | Description |
 | ---- | ---- | ----------- |
-| <a id="dastsiteprofileauth"></a>`auth` | [`DastSiteProfileAuth`](#dastsiteprofileauth) | Target authentication details. Will always return `null` if `security_dast_site_profiles_additional_fields` feature flag is disabled. |
+| <a id="dastsiteprofileauth"></a>`auth` | [`DastSiteProfileAuth`](#dastsiteprofileauth) | Target authentication details. |
 | <a id="dastsiteprofileeditpath"></a>`editPath` | [`String`](#string) | Relative web path to the edit page of a site profile. |
-| <a id="dastsiteprofileexcludedurls"></a>`excludedUrls` | [`[String!]`](#string) | The URLs to skip during an authenticated scan. Will always return `null` if `security_dast_site_profiles_additional_fields` feature flag is disabled. |
+| <a id="dastsiteprofileexcludedurls"></a>`excludedUrls` | [`[String!]`](#string) | The URLs to skip during an authenticated scan. |
 | <a id="dastsiteprofileid"></a>`id` | [`DastSiteProfileID!`](#dastsiteprofileid) | ID of the site profile. |
 | <a id="dastsiteprofilenormalizedtargeturl"></a>`normalizedTargetUrl` | [`String`](#string) | Normalized URL of the target to be scanned. |
 | <a id="dastsiteprofileprofilename"></a>`profileName` | [`String`](#string) | The name of the site profile. |
 | <a id="dastsiteprofilereferencedinsecuritypolicies"></a>`referencedInSecurityPolicies` | [`[String!]`](#string) | List of security policy names that are referencing given project. |
-| <a id="dastsiteprofilerequestheaders"></a>`requestHeaders` | [`String`](#string) | Comma-separated list of request header names and values to be added to every request made by DAST. Will always return `null` if `security_dast_site_profiles_additional_fields` feature flag is disabled. |
-| <a id="dastsiteprofiletargettype"></a>`targetType` | [`DastTargetTypeEnum`](#dasttargettypeenum) | The type of target to be scanned. Will always return `null` if `security_dast_site_profiles_api_option` feature flag is disabled. |
+| <a id="dastsiteprofilerequestheaders"></a>`requestHeaders` | [`String`](#string) | Comma-separated list of request header names and values to be added to every request made by DAST. |
+| <a id="dastsiteprofiletargettype"></a>`targetType` | [`DastTargetTypeEnum`](#dasttargettypeenum) | The type of target to be scanned. |
 | <a id="dastsiteprofiletargeturl"></a>`targetUrl` | [`String`](#string) | The URL of the target to be scanned. |
 | <a id="dastsiteprofileuserpermissions"></a>`userPermissions` | [`DastSiteProfilePermissions!`](#dastsiteprofilepermissions) | Permissions for the current user on the resource. |
 | <a id="dastsiteprofilevalidationstatus"></a>`validationStatus` | [`DastSiteProfileValidationStatusEnum`](#dastsiteprofilevalidationstatusenum) | The current validation status of the site profile. |

ee/app/assets/javascripts/on_demand_scans/components/profile_selector/site_profile_summary.vue

@@ -55,47 +55,41 @@ export default {
         :label="$options.i18n.targetUrl"
         :value="profile.targetUrl"
       />
-      <profile-selector-summary-cell
-        v-if="glFeatures.securityDastSiteProfilesApiOption"
-        :label="$options.i18n.targetType"
-        :value="targetTypeValue"
-      />
+      <profile-selector-summary-cell :label="$options.i18n.targetType" :value="targetTypeValue" />
     </div>
-    <template v-if="glFeatures.securityDastSiteProfilesAdditionalFields">
-      <template v-if="profile.auth.enabled">
-        <div class="row">
-          <profile-selector-summary-cell :label="$options.i18n.authUrl" :value="profile.auth.url" />
-        </div>
-        <div class="row">
-          <profile-selector-summary-cell
-            :label="$options.i18n.username"
-            :value="profile.auth.username"
-          />
-          <profile-selector-summary-cell :label="$options.i18n.password" value="••••••••" />
-        </div>
-        <div class="row">
-          <profile-selector-summary-cell
-            :label="$options.i18n.usernameField"
-            :value="profile.auth.usernameField"
-          />
-          <profile-selector-summary-cell
-            :label="$options.i18n.passwordField"
-            :value="profile.auth.passwordField"
-          />
-        </div>
-      </template>
+    <template v-if="profile.auth.enabled">
+      <div class="row">
+        <profile-selector-summary-cell :label="$options.i18n.authUrl" :value="profile.auth.url" />
+      </div>
+      <div class="row">
+        <profile-selector-summary-cell
+          :label="$options.i18n.username"
+          :value="profile.auth.username"
+        />
+        <profile-selector-summary-cell :label="$options.i18n.password" value="••••••••" />
+      </div>
       <div class="row">
         <profile-selector-summary-cell
-          v-if="hasExcludedUrls"
-          :label="$options.i18n.excludedUrls"
-          :value="profile.excludedUrls.join($options.EXCLUDED_URLS_SEPARATOR)"
+          :label="$options.i18n.usernameField"
+          :value="profile.auth.usernameField"
         />
         <profile-selector-summary-cell
-          v-if="profile.requestHeaders"
-          :label="$options.i18n.requestHeaders"
-          :value="__('[Redacted]')"
+          :label="$options.i18n.passwordField"
+          :value="profile.auth.passwordField"
         />
       </div>
     </template>
+    <div class="row">
+      <profile-selector-summary-cell
+        v-if="hasExcludedUrls"
+        :label="$options.i18n.excludedUrls"
+        :value="profile.excludedUrls.join($options.EXCLUDED_URLS_SEPARATOR)"
+      />
+      <profile-selector-summary-cell
+        v-if="profile.requestHeaders"
+        :label="$options.i18n.requestHeaders"
+        :value="__('[Redacted]')"
+      />
+    </div>
   </div>
 </template>

ee/app/assets/javascripts/security_configuration/dast_site_profiles_form/components/dast_site_profile_form.vue

@@ -168,18 +168,12 @@ export default {
       return authFields;
     },
     isTargetAPI() {
-      return (
-        this.glFeatures.securityDastSiteProfilesApiOption &&
-        this.form.fields.targetType.value === TARGET_TYPES.API.value
-      );
+      return this.form.fields.targetType.value === TARGET_TYPES.API.value;
     },
   },
   methods: {
     onSubmit() {
-      const isAuthEnabled =
-        this.glFeatures.securityDastSiteProfilesAdditionalFields &&
-        this.authSection.fields.enabled &&
-        !this.isTargetAPI;
+      const isAuthEnabled = this.authSection.fields.enabled && !this.isTargetAPI;
 
       this.form.showValidation = true;
 
@@ -205,17 +199,13 @@ export default {
           ...(this.isEdit ? { id: this.siteProfile.id } : {}),
           profileName,
           targetUrl,
-          ...(this.glFeatures.securityDastSiteProfilesApiOption && {
-            targetType,
+          targetType,
+          ...(!this.isTargetAPI && { auth: this.serializedAuthFields }),
+          ...(excludedUrls && {
+            excludedUrls: this.parsedExcludedUrls,
           }),
-          ...(this.glFeatures.securityDastSiteProfilesAdditionalFields && {
-            ...(!this.isTargetAPI && { auth: this.serializedAuthFields }),
-            ...(excludedUrls && {
-              excludedUrls: this.parsedExcludedUrls,
-            }),
-            ...(requestHeaders !== REDACTED_REQUEST_HEADERS && {
-              requestHeaders,
-            }),
+          ...(requestHeaders !== REDACTED_REQUEST_HEADERS && {
+            requestHeaders,
           }),
         },
       };
@@ -339,10 +329,7 @@ export default {
 
       <hr class="gl-border-gray-100" />
 
-      <gl-form-group
-        v-if="glFeatures.securityDastSiteProfilesApiOption"
-        :label="s__('DastProfiles|Site type')"
-      >
+      <gl-form-group :label="s__('DastProfiles|Site type')">
         <gl-form-radio-group
           v-model="form.fields.targetType.value"
           :options="targetTypesOptions"
@@ -367,7 +354,7 @@ export default {
         />
       </gl-form-group>
 
-      <div v-if="glFeatures.securityDastSiteProfilesAdditionalFields" class="row">
+      <div class="row">
         <gl-form-group
           :label="s__('DastProfiles|Excluded URLs (Optional)')"
           :invalid-feedback="form.fields.excludedUrls.feedback"
@@ -417,7 +404,7 @@ export default {
     </gl-form-group>
 
     <dast-site-auth-section
-      v-if="glFeatures.securityDastSiteProfilesAdditionalFields && !isTargetAPI"
+      v-if="!isTargetAPI"
       v-model="authSection"
       :disabled="isPolicyProfile"
       :show-validation="form.showValidation"

ee/app/controllers/projects/on_demand_scans_controller.rb

@@ -4,11 +4,6 @@ module Projects
   class OnDemandScansController < Projects::ApplicationController
     include SecurityAndCompliancePermissions
 
-    before_action do
-      push_frontend_feature_flag(:security_dast_site_profiles_additional_fields, @project, default_enabled: :yaml)
-      push_frontend_feature_flag(:security_dast_site_profiles_api_option, @project, default_enabled: :yaml)
-    end
-
     before_action :authorize_read_on_demand_scans!, only: :index
     before_action :authorize_create_on_demand_dast_scan!, only: [:new, :edit]
 

ee/app/controllers/projects/security/dast_site_profiles_controller.rb

@@ -8,8 +8,6 @@ module Projects
 
       before_action do
         authorize_read_on_demand_scans!
-        push_frontend_feature_flag(:security_dast_site_profiles_additional_fields, @project, default_enabled: :yaml)
-        push_frontend_feature_flag(:security_dast_site_profiles_api_option, @project, default_enabled: :yaml)
       end
 
       feature_category :dynamic_application_security_testing

ee/app/graphql/mutations/dast_site_profiles/create.rb

@@ -25,39 +25,35 @@ module Mutations
 
       argument :target_type, Types::DastTargetTypeEnum,
                required: false,
-               description: 'The type of target to be scanned. Will be ignored ' \
-                            'if `security_dast_site_profiles_api_option` feature flag is disabled.'
+               description: 'The type of target to be scanned.'
 
       argument :excluded_urls, [GraphQL::STRING_TYPE],
                required: false,
                default_value: [],
-               description: 'The URLs to skip during an authenticated scan. Defaults to `[]`. Will be ignored ' \
-                            'if `security_dast_site_profiles_additional_fields` feature flag is disabled.'
+               description: 'The URLs to skip during an authenticated scan. Defaults to `[]`.'
 
       argument :request_headers, GraphQL::STRING_TYPE,
                required: false,
                description: 'Comma-separated list of request header names and values to be ' \
-                            'added to every request made by DAST. Will be ignored ' \
-                            'if `security_dast_site_profiles_additional_fields` feature flag is disabled.'
+                            'added to every request made by DAST.'
 
       argument :auth, ::Types::Dast::SiteProfileAuthInputType,
                required: false,
-               description: 'Parameters for authentication. Will be ignored ' \
-                            'if `security_dast_site_profiles_additional_fields` feature flag is disabled.'
+               description: 'Parameters for authentication.'
 
       authorize :create_on_demand_dast_scan
 
       def resolve(full_path:, profile_name:, target_url: nil, **params)
         project = authorized_find!(full_path)
 
-        auth_params = feature_flagged(project, :security_dast_site_profiles_additional_fields, params[:auth], default: {})
+        auth_params = params[:auth] || {}
 
         dast_site_profile_params = {
           name: profile_name,
           target_url: target_url,
-          target_type: feature_flagged(project, :security_dast_site_profiles_api_option, params[:target_type]),
-          excluded_urls: feature_flagged(project, :security_dast_site_profiles_additional_fields, params[:excluded_urls]),
-          request_headers: feature_flagged(project, :security_dast_site_profiles_additional_fields, params[:request_headers]),
+          target_type: params[:target_type],
+          excluded_urls: params[:excluded_urls],
+          request_headers: params[:request_headers],
           auth_enabled: auth_params[:enabled],
           auth_url: auth_params[:url],
           auth_username_field: auth_params[:username_field],
@@ -70,14 +66,6 @@ module Mutations
 
         { id: result.payload.try(:to_global_id), errors: result.errors }
       end
-
-      private
-
-      def feature_flagged(project, flag, value, opts = {})
-        return opts[:default] unless Feature.enabled?(flag, project, default_enabled: :yaml)
-
-        value || opts[:default]
-      end
     end
   end
 end

ee/app/graphql/mutations/dast_site_profiles/update.rb

@@ -31,31 +31,27 @@ module Mutations
 
       argument :target_type, Types::DastTargetTypeEnum,
                required: false,
-               description: 'The type of target to be scanned. Will be ignored ' \
-                            'if `security_dast_site_profiles_api_option` feature flag is disabled.'
+               description: 'The type of target to be scanned.'
 
       argument :excluded_urls, [GraphQL::STRING_TYPE],
                required: false,
-               description: 'The URLs to skip during an authenticated scan. Will be ignored ' \
-                            'if `security_dast_site_profiles_additional_fields` feature flag is disabled.'
+               description: 'The URLs to skip during an authenticated scan.'
 
       argument :request_headers, GraphQL::STRING_TYPE,
                required: false,
                description: 'Comma-separated list of request header names and values to be ' \
-                            'added to every request made by DAST. Will be ignored ' \
-                            'if `security_dast_site_profiles_additional_fields` feature flag is disabled.'
+                            'added to every request made by DAST.'
 
       argument :auth, ::Types::Dast::SiteProfileAuthInputType,
                required: false,
-               description: 'Parameters for authentication. Will be ignored ' \
-                            'if `security_dast_site_profiles_additional_fields` feature flag is disabled.'
+               description: 'Parameters for authentication.'
 
       authorize :create_on_demand_dast_scan
 
       def resolve(full_path:, id:, profile_name:, target_url: nil, **params)
         project = authorized_find!(full_path)
 
-        auth_params = feature_flagged(project, :security_dast_site_profiles_additional_fields, params[:auth], default: {})
+        auth_params = params[:auth] || {}
 
         # TODO: remove explicit coercion once compatibility layer has been removed
         # See: https://gitlab.com/gitlab-org/gitlab/-/issues/257883
@@ -63,9 +59,9 @@ module Mutations
           id: SiteProfileID.coerce_isolated_input(id).model_id,
           name: profile_name,
           target_url: target_url,
-          target_type: feature_flagged(project, :security_dast_site_profiles_api_option, params[:target_type]),
-          excluded_urls: feature_flagged(project, :security_dast_site_profiles_additional_fields, params[:excluded_urls]),
-          request_headers: feature_flagged(project, :security_dast_site_profiles_additional_fields, params[:request_headers]),
+          target_type: params[:target_type],
+          excluded_urls: params[:excluded_urls],
+          request_headers: params[:request_headers],
           auth_enabled: auth_params[:enabled],
           auth_url: auth_params[:url],
           auth_username_field: auth_params[:username_field],
@@ -78,14 +74,6 @@ module Mutations
 
         { id: result.payload.try(:to_global_id), errors: result.errors }
       end
-
-      private
-
-      def feature_flagged(project, flag, value, opts = {})
-        return opts[:default] unless Feature.enabled?(flag, project, default_enabled: :yaml)
-
-        value || opts[:default]
-      end
     end
   end
 end

ee/app/graphql/types/dast_site_profile_type.rb

@@ -24,24 +24,20 @@ module Types
           description: 'The URL of the target to be scanned.'
 
     field :target_type, Types::DastTargetTypeEnum, null: true,
-          description: 'The type of target to be scanned. Will always return `null` ' \
-                       'if `security_dast_site_profiles_api_option` feature flag is disabled.'
+          description: 'The type of target to be scanned.'
 
     field :edit_path, GraphQL::STRING_TYPE, null: true,
           description: 'Relative web path to the edit page of a site profile.'
 
     field :auth, Types::Dast::SiteProfileAuthType, null: true,
-          description: 'Target authentication details. Will always return `null` ' \
-                       'if `security_dast_site_profiles_additional_fields` feature flag is disabled.'
+          description: 'Target authentication details.'
 
     field :excluded_urls, [GraphQL::STRING_TYPE], null: true,
-          description: 'The URLs to skip during an authenticated scan. Will always return `null` ' \
-                       'if `security_dast_site_profiles_additional_fields` feature flag is disabled.'
+          description: 'The URLs to skip during an authenticated scan.'
 
     field :request_headers, GraphQL::STRING_TYPE, null: true,
           description: 'Comma-separated list of request header names and values to be ' \
-                       'added to every request made by DAST. Will always return `null` ' \
-                       'if `security_dast_site_profiles_additional_fields` feature flag is disabled.'
+                       'added to every request made by DAST.'
 
     field :validation_status, Types::DastSiteProfileValidationStatusEnum, null: true,
           description: 'The current validation status of the site profile.',
@@ -58,28 +54,14 @@ module Types
       object.dast_site.url
     end
 
-    def target_type
-      return unless Feature.enabled?(:security_dast_site_profiles_api_option, object.project, default_enabled: :yaml)
-
-      object.target_type
-    end
-
     def edit_path
       Rails.application.routes.url_helpers.edit_project_security_configuration_dast_scans_dast_site_profile_path(object.project, object)
     end
 
     def auth
-      return unless Feature.enabled?(:security_dast_site_profiles_additional_fields, object.project, default_enabled: :yaml)
-
       object
     end
 
-    def excluded_urls
-      return unless Feature.enabled?(:security_dast_site_profiles_additional_fields, object.project, default_enabled: :yaml)
-
-      object.excluded_urls
-    end
-
     def normalized_target_url
       DastSiteValidation.get_normalized_url_base(object.dast_site.url)
     end

ee/app/models/ee/ci/pipeline.rb

@@ -174,8 +174,7 @@ module EE
       end
 
       def triggered_for_ondemand_dast_scan?
-        ondemand_dast_scan? && parameter_source? &&
-          ::Feature.enabled?(:security_dast_site_profiles_additional_fields, project, default_enabled: :yaml)
+        ondemand_dast_scan? && parameter_source?
       end
 
       private

ee/app/presenters/dast/site_profile_presenter.rb

@@ -8,14 +8,12 @@ module Dast
     presents :site_profile
 
     def password
-      return unless Feature.enabled?(:security_dast_site_profiles_additional_fields, site_profile.project, default_enabled: :yaml)
       return unless site_profile.secret_variables.any? { |variable| variable.key == ::Dast::SiteProfileSecretVariable::PASSWORD }
 
       REDACTED_PASSWORD
     end
 
     def request_headers
-      return unless Feature.enabled?(:security_dast_site_profiles_additional_fields, site_profile.project, default_enabled: :yaml)
       return unless site_profile.secret_variables.any? { |variable| variable.key == ::Dast::SiteProfileSecretVariable::REQUEST_HEADERS }
 
       REDACTED_REQUEST_HEADERS

ee/app/services/dast/site_profile_secret_variables/create_or_update_service.rb

@@ -20,8 +20,7 @@ module Dast
       private
 
       def allowed?
-        Feature.enabled?(:security_dast_site_profiles_additional_fields, container, default_enabled: :yaml) &&
-          Ability.allowed?(current_user, :create_on_demand_dast_scan, container)
+        Ability.allowed?(current_user, :create_on_demand_dast_scan, container)
       end
 
       def site_profile

ee/app/services/dast/site_profile_secret_variables/destroy_service.rb

@@ -14,8 +14,7 @@ module Dast
       private
 
       def allowed?
-        Feature.enabled?(:security_dast_site_profiles_additional_fields, container, default_enabled: :yaml) &&
-          Ability.allowed?(current_user, :create_on_demand_dast_scan, container)
+        Ability.allowed?(current_user, :create_on_demand_dast_scan, container)
       end
 
       def dast_site_profile_secret_variable

ee/spec/frontend/on_demand_scans/components/on_demand_scans_form_spec.js

@@ -537,13 +537,7 @@ describe('OnDemandScansForm', () => {
     const [{ id }] = scannerProfiles;
 
     beforeEach(() => {
-      createComponent({
-        provide: {
-          glFeatures: {
-            securityDastSiteProfilesAdditionalFields: true,
-          },
-        },
-      });
+      createComponent();
     });
 
     it('renders profile summary when a valid profile is selected', async () => {
@@ -563,14 +557,7 @@ describe('OnDemandScansForm', () => {
     const [{ id }] = siteProfiles;
 
     beforeEach(() => {
-      createComponent({
-        provide: {
-          glFeatures: {
-            securityDastSiteProfilesAdditionalFields: true,
-            securityDastSiteProfilesApiOption: true,
-          },
-        },
-      });
+      createComponent();
     });
 
     it('renders profile summary when a valid profile is selected', async () => {

ee/spec/frontend/on_demand_scans/components/profile_selector/site_profile_selector_spec.js

@@ -33,10 +33,6 @@ describe('OnDemandScansSiteProfileSelector', () => {
           provide: {
             siteProfilesLibraryPath: TEST_LIBRARY_PATH,
             newSiteProfilePath: TEST_NEW_PATH,
-            glFeatures: {
-              securityDastSiteProfilesAdditionalFields: true,
-              securityDastSiteProfilesApiOption: true,
-            },
           },
           slots: {
             summary: `<div>${profiles[0].profileName}'s summary</div>`,

ee/spec/frontend/on_demand_scans/components/profile_selector/site_profile_summary_spec.js

@@ -13,12 +13,6 @@ describe('DastSiteProfileSummary', () => {
         profile,
         ...props,
       },
-      provide: {
-        glFeatures: {
-          securityDastSiteProfilesAdditionalFields: true,
-          securityDastSiteProfilesApiOption: true,
-        },
-      },
     });
   };
 

ee/spec/frontend/security_configuration/dast_site_profiles_form/components/dast_site_profile_form_spec.js

@@ -130,12 +130,6 @@ describe('DastSiteProfileForm', () => {
       {},
       {
         propsData: defaultProps,
-        provide: {
-          glFeatures: {
-            securityDastSiteProfilesAdditionalFields: true,
-            securityDastSiteProfilesApiOption: true,
-          },
-        },
       },
       options,
       {
@@ -418,60 +412,6 @@ describe('DastSiteProfileForm', () => {
     });
   });
 
-  describe('when all feature flags are off', () => {
-    const mountOpts = {
-      provide: {
-        glFeatures: {
-          securityDastSiteProfilesAdditionalFields: false,
-          securityDastSiteProfilesApiOption: false,
-        },
-      },
-    };
-
-    const fillRequiredFieldsAndSubmitForm = async () => {
-      await setFieldValue(findProfileNameInput(), profileName);
-      await setFieldValue(findTargetUrlInput(), targetUrl);
-      submitForm();
-    };
-
-    it('should not render additional fields', () => {
-      createFullComponent(mountOpts);
-
-      expect(findAuthSection().exists()).toBe(false);
-      expect(findExcludedUrlsInput().exists()).toBe(false);
-      expect(findRequestHeadersInput().exists()).toBe(false);
-      expect(findTargetTypeOption().exists()).toBe(false);
-    });
-
-    describe.each`
-      title                  | siteProfile       | mutationVars                 | mutationKind
-      ${'New site profile'}  | ${null}           | ${{}}                        | ${'dastSiteProfileCreate'}
-      ${'Edit site profile'} | ${siteProfileOne} | ${{ id: siteProfileOne.id }} | ${'dastSiteProfileUpdate'}
-    `('$title', ({ siteProfile, mutationVars, mutationKind }) => {
-      beforeEach(() => {
-        createFullComponent({
-          propsData: {
-            siteProfile,
-          },
-          ...mountOpts,
-        });
-        fillRequiredFieldsAndSubmitForm();
-      });
-
-      it('form submission triggers correct GraphQL mutation', async () => {
-        await fillRequiredFieldsAndSubmitForm();
-        expect(requestHandlers[mutationKind]).toHaveBeenCalledWith({
-          input: {
-            profileName,
-            targetUrl,
-            fullPath,
-            ...mutationVars,
-          },
-        });
-      });
-    });
-  });
-
   describe('when profile does not come from a policy', () => {
     beforeEach(() => {
       createComponent({

ee/spec/graphql/mutations/dast_site_profiles/create_spec.rb

@@ -127,45 +127,6 @@ RSpec.describe Mutations::DastSiteProfiles::Create do
           end
         end
 
-        context 'when the feature flag security_dast_site_profiles_additional_fields is disabled' do
-          before do
-            stub_feature_flags(security_dast_site_profiles_additional_fields: false)
-          end
-
-          it 'does not set the request_headers or the password dast_site_profile_secret_variables' do
-            subject
-
-            expect(dast_site_profile.secret_variables).to be_empty
-          end
-
-          it 'does not set non-secret auth fields' do
-            subject
-
-            expect(dast_site_profile).to have_attributes(
-              auth_enabled: false,
-              auth_url: nil,
-              auth_username_field: nil,
-              auth_password_field: nil,
-              auth_username: nil
-            )
-          end
-        end
-
-        context 'when the feature flag security_dast_site_profiles_api_option is disabled' do
-          before do
-            stub_feature_flags(security_dast_site_profiles_api_option: false)
-          end
-
-          it 'ignores target_type and uses the default target_type', :aggregate_failures do
-            subject
-
-            default_target_type = dast_site_profile.class.new.target_type
-
-            expect(default_target_type).not_to eq(target_type)
-            expect(dast_site_profile.target_type).to eq(default_target_type)
-          end
-        end
-
         context 'when variable creation fails' do
           it 'returns an error and the dast_site_profile' do
             service = double(Dast::SiteProfileSecretVariables::CreateOrUpdateService)

ee/spec/graphql/mutations/dast_site_profiles/update_spec.rb

@@ -155,37 +155,6 @@ RSpec.describe Mutations::DastSiteProfiles::Update do
             expect(subject).to include(errors: ['Oops'])
           end
         end
-
-        context 'when the feature flag security_dast_site_profiles_additional_fields is disabled' do
-          before do
-            stub_feature_flags(security_dast_site_profiles_additional_fields: false)
-          end
-
-          it 'does not update the feature flagged attributes', :aggregate_failures do
-            dast_site_profile = subject[:id].find
-
-            expect(dast_site_profile).not_to have_attributes(
-              excluded_urls: new_excluded_urls,
-              auth_enabled: new_auth[:enabled],
-              auth_url: new_auth[:url],
-              auth_username_field: new_auth[:username_field],
-              auth_password_field: new_auth[:password_field],
-              auth_username: new_auth[:username]
-            )
-
-            expect(dast_site_profile.secret_variables).to be_empty
-          end
-        end
-
-        context 'when the feature flag security_dast_site_profiles_api_option is disabled' do
-          before do
-            stub_feature_flags(security_dast_site_profiles_api_option: false)
-          end
-
-          it 'does not update the target_type' do
-            expect { subject }.not_to change { dast_site_profile.reload.target_type }
-          end
-        end
       end
     end
   end

ee/spec/graphql/types/dast_site_profile_type_spec.rb

@@ -41,18 +41,8 @@ RSpec.describe GitlabSchema.types['DastSiteProfile'] do
   end
 
   describe 'targetType field' do
-    context 'when the feature flag is disabled' do
-      it 'is nil' do
-        stub_feature_flags(security_dast_site_profiles_api_option: false)
-
-        expect(resolve_field(:target_type, object, current_user: user)).to be_nil
-      end
-    end
-
-    context 'when the feature flag is enabled' do
-      it 'is the target type' do
-        expect(resolve_field(:target_type, object, current_user: user)).to eq('website')
-      end
+    it 'is the target type' do
+      expect(resolve_field(:target_type, object, current_user: user)).to eq('website')
     end
   end
 
@@ -65,59 +55,29 @@ RSpec.describe GitlabSchema.types['DastSiteProfile'] do
   end
 
   describe 'auth field' do
-    context 'when the feature flag is disabled' do
-      it 'is nil' do
-        stub_feature_flags(security_dast_site_profiles_additional_fields: false)
-
-        expect(resolve_field(:auth, object, current_user: user)).to be_nil
-      end
-    end
-
-    context 'when the feature flag is enabled' do
-      it 'is the dast_site_profile' do
-        expect(resolve_field(:auth, object, current_user: user)).to eq(object)
-      end
+    it 'is the dast_site_profile' do
+      expect(resolve_field(:auth, object, current_user: user)).to eq(object)
     end
   end
 
   describe 'excludedUrls field' do
-    context 'when the feature flag is disabled' do
-      it 'is nil' do
-        stub_feature_flags(security_dast_site_profiles_additional_fields: false)
-
-        expect(resolve_field(:excluded_urls, object, current_user: user)).to be_nil
-      end
-    end
-
-    context 'when the feature flag is enabled' do
-      it 'is the excluded urls' do
-        expect(resolve_field(:excluded_urls, object, current_user: user)).to eq(object.excluded_urls)
-      end
+    it 'is the excluded urls' do
+      expect(resolve_field(:excluded_urls, object, current_user: user)).to eq(object.excluded_urls)
     end
   end
 
   describe 'requestHeaders field' do
-    context 'when the feature flag is disabled' do
+    context 'when there is no associated secret variable' do
       it 'is nil' do
-        stub_feature_flags(security_dast_site_profiles_additional_fields: false)
-
         expect(resolve_field(:request_headers, object, current_user: user)).to be_nil
       end
     end
 
-    context 'when the feature flag is enabled' do
-      context 'when there is no associated secret variable' do
-        it 'is nil' do
-          expect(resolve_field(:request_headers, object, current_user: user)).to be_nil
-        end
-      end
-
-      context 'when there an associated secret variable' do
-        it 'is redacted' do
-          create(:dast_site_profile_secret_variable, dast_site_profile: object, key: Dast::SiteProfileSecretVariable::REQUEST_HEADERS)
+    context 'when there an associated secret variable' do
+      it 'is redacted' do
+        create(:dast_site_profile_secret_variable, dast_site_profile: object, key: Dast::SiteProfileSecretVariable::REQUEST_HEADERS)
 
-          expect(resolve_field(:request_headers, object, current_user: user)).to eq('••••••••')
-        end
+        expect(resolve_field(:request_headers, object, current_user: user)).to eq('••••••••')
       end
     end
   end

ee/spec/models/ci/build_spec.rb

@@ -182,14 +182,6 @@ RSpec.describe Ci::Build do
             expect(subject.to_runner_variables).to include(key: key, value: value, public: false, masked: true)
           end
         end
-
-        it_behaves_like 'a pipeline with no dast on-demand variables' do
-          let(:pipeline_params) { { source: :ondemand_dast_scan, config_source: :parameter_source } }
-
-          before do
-            stub_feature_flags(security_dast_site_profiles_additional_fields: false)
-          end
-        end
       end
     end
 

ee/spec/models/ci/pipeline_spec.rb

@@ -633,14 +633,6 @@ RSpec.describe Ci::Pipeline do
         it { is_expected.to be_falsey }
       end
     end
-
-    context 'when the feature flag is disabled' do
-      before do
-        stub_feature_flags(security_dast_site_profiles_additional_fields: false)
-      end
-
-      it { is_expected.to be_falsey }
-    end
   end
 
   describe '#needs_touch?' do

ee/spec/presenters/dast/site_profile_presenter_spec.rb

@@ -9,25 +9,15 @@ RSpec.describe Dast::SiteProfilePresenter do
   let(:presenter) { described_class.new(dast_site_profile) }
 
   shared_examples 'a DAST on-demand secret variable' do
-    context 'when the feature flag is disabled' do
-      before do
-        stub_feature_flags(security_dast_site_profiles_additional_fields: false)
-      end
-
+    context 'when there is no associated secret variable' do
       it { is_expected.to be_nil }
     end
 
-    context 'when the feature flag is enabled' do
-      context 'when there is no associated secret variable' do
-        it { is_expected.to be_nil }
-      end
-
-      context 'when there an associated secret variable' do
-        it 'is redacted' do
-          create(:dast_site_profile_secret_variable, dast_site_profile: dast_site_profile, key: key)
+    context 'when there an associated secret variable' do
+      it 'is redacted' do
+        create(:dast_site_profile_secret_variable, dast_site_profile: dast_site_profile, key: key)
 
-          expect(subject).to eq(redacted_value)
-        end
+        expect(subject).to eq(redacted_value)
       end
     end
   end

ee/spec/services/app_sec/dast/site_profiles/create_service_spec.rb

@@ -138,14 +138,6 @@ RSpec.describe AppSec::Dast::SiteProfiles::CreateService do
 
           expect(Base64.strict_decode64(variable.value)).to eq(raw_value)
         end
-
-        context 'when the feature flag is disabled' do
-          it 'does not create a secret variable' do
-            stub_feature_flags(security_dast_site_profiles_additional_fields: false)
-
-            expect { subject }.not_to change { Dast::SiteProfileSecretVariable.count }
-          end
-        end
       end
 
       shared_examples 'it handles secret variable creation failure' do

ee/spec/services/app_sec/dast/site_profiles/update_service_spec.rb

@@ -160,16 +160,6 @@ RSpec.describe AppSec::Dast::SiteProfiles::UpdateService do
 
           expect(Base64.strict_decode64(variable.value)).to eq(raw_value)
         end
-
-        context 'when the feature flag is disabled' do
-          it 'does not update the secret variable' do
-            stub_feature_flags(security_dast_site_profiles_additional_fields: false)
-
-            variable = Dast::SiteProfileSecretVariable.find_by(key: key, dast_site_profile: dast_site_profile)
-
-            expect { subject }.not_to change { variable.reload.value }
-          end
-        end
       end
 
       shared_examples 'it handles secret variable updating failure' do
@@ -209,18 +199,6 @@ RSpec.describe AppSec::Dast::SiteProfiles::UpdateService do
             expect { subject }.not_to change { variable.reload.value }
           end
         end
-
-        context 'when the feature flag is disabled' do
-          let(:params) { default_params.merge(argument => '') }
-
-          it 'does not delete the secret variable' do
-            stub_feature_flags(security_dast_site_profiles_additional_fields: false)
-
-            variable = Dast::SiteProfileSecretVariable.find_by(key: key, dast_site_profile: dast_site_profile)
-
-            expect { variable.reload }.not_to raise_error
-          end
-        end
       end
 
       context 'when request_headers are supplied' do

ee/spec/services/dast/site_profile_secret_variables/create_or_update_service_spec.rb

@@ -90,15 +90,6 @@ RSpec.describe Dast::SiteProfileSecretVariables::CreateOrUpdateService do
           expect(dast_site_profile_secret_variable.reload.value).to eq(Base64.strict_encode64(params[:raw_value]))
         end
       end
-
-      context 'when the feature is disabled' do
-        it 'communicates failure', :aggregate_failures do
-          stub_feature_flags(security_dast_site_profiles_additional_fields: false)
-
-          expect(subject.status).to eq(:error)
-          expect(subject.message).to include('Insufficient permissions')
-        end
-      end
     end
   end
 end