Commit 79c3b03a authored by Alan Paruszewski's avatar Alan Paruszewski

Remove first class vulnerabilities feature flag

Standalone Vulnerabilities are available now without feature flag. This
commit enables them by default.
parent 6576dcec
...@@ -2,14 +2,6 @@ ...@@ -2,14 +2,6 @@
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/10242) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.6. > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/10242) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.6.
CAUTION: **Caution:**
This API is currently in development and is protected by a **disabled**
[feature flag](../development/feature_flags/index.md).
On a self-managed GitLab instance, an administrator can enable it by starting the Rails console
(`sudo gitlab-rails console`) and then running the following command: `Feature.enable(:first_class_vulnerabilities)`.
To test if the Vulnerabilities API was successfully enabled, run the following command:
`Feature.enabled?(:first_class_vulnerabilities)`.
CAUTION: **Caution:** CAUTION: **Caution:**
This API is in an alpha stage and considered unstable. This API is in an alpha stage and considered unstable.
The response payload may be subject to change or breakage The response payload may be subject to change or breakage
......
...@@ -8,14 +8,6 @@ and its documentation was moved to [a different location](vulnerability_findings ...@@ -8,14 +8,6 @@ and its documentation was moved to [a different location](vulnerability_findings
This document now describes the new Vulnerabilities API that provides access to This document now describes the new Vulnerabilities API that provides access to
[Standalone Vulnerabilities](https://gitlab.com/groups/gitlab-org/-/epics/634). [Standalone Vulnerabilities](https://gitlab.com/groups/gitlab-org/-/epics/634).
CAUTION: **Caution:**
This API is currently in development and is protected by a **disabled**
[feature flag](../development/feature_flags/index.md).
On a self-managed GitLab instance, an administrator can enable it by starting the Rails console
(`sudo gitlab-rails console`) and then running the following command: `Feature.enable(:first_class_vulnerabilities)`.
To test if the Vulnerabilities API was successfully enabled, run the following command:
`Feature.enabled?(:first_class_vulnerabilities)`.
CAUTION: **Caution:** CAUTION: **Caution:**
This API is in an alpha stage and considered unstable. This API is in an alpha stage and considered unstable.
The response payload may be subject to change or breakage The response payload may be subject to change or breakage
......
...@@ -2,14 +2,6 @@ ...@@ -2,14 +2,6 @@
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/197494) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.10. [Updated](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/30397) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.0. > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/197494) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.10. [Updated](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/30397) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.0.
CAUTION: **Caution:**
This API is currently in development and is protected by a **disabled**
[feature flag](../development/feature_flags/index.md).
On a self-managed GitLab instance, an administrator can enable it by starting the Rails console
(`sudo gitlab-rails console`) and then running the following command: `Feature.enable(:first_class_vulnerabilities)`.
To test if the Vulnerability Exports API was successfully enabled, run the following command:
`Feature.enabled?(:first_class_vulnerabilities)`.
CAUTION: **Caution:** CAUTION: **Caution:**
This API is in an alpha stage and considered unstable. This API is in an alpha stage and considered unstable.
The response payload may be subject to change or breakage The response payload may be subject to change or breakage
......
import initGroupSecurityDashboard from 'ee/security_dashboard/group_init';
import initFirstClassSecurityDashboard from 'ee/security_dashboard/first_class_init'; import initFirstClassSecurityDashboard from 'ee/security_dashboard/first_class_init';
import { DASHBOARD_TYPES } from 'ee/security_dashboard/store/constants'; import { DASHBOARD_TYPES } from 'ee/security_dashboard/store/constants';
document.addEventListener('DOMContentLoaded', () => { document.addEventListener('DOMContentLoaded', () => {
if (gon.features?.firstClassVulnerabilities) {
initFirstClassSecurityDashboard( initFirstClassSecurityDashboard(
document.getElementById('js-group-security-dashboard'), document.getElementById('js-group-security-dashboard'),
DASHBOARD_TYPES.GROUP, DASHBOARD_TYPES.GROUP,
); );
} else {
initGroupSecurityDashboard();
}
}); });
import initProjectSecurityDashboard from 'ee/security_dashboard/project_init';
import initFirstClassSecurityDashboard from 'ee/security_dashboard/first_class_init'; import initFirstClassSecurityDashboard from 'ee/security_dashboard/first_class_init';
import { DASHBOARD_TYPES } from 'ee/security_dashboard/store/constants'; import { DASHBOARD_TYPES } from 'ee/security_dashboard/store/constants';
document.addEventListener('DOMContentLoaded', () => { document.addEventListener('DOMContentLoaded', () => {
if (gon.features?.firstClassVulnerabilities) {
initFirstClassSecurityDashboard( initFirstClassSecurityDashboard(
document.getElementById('js-security-report-app'), document.getElementById('js-security-report-app'),
DASHBOARD_TYPES.PROJECT, DASHBOARD_TYPES.PROJECT,
); );
} else {
initProjectSecurityDashboard();
}
}); });
import initInstanceSecurityDashboard from 'ee/security_dashboard/instance_init';
import initFirstClassSecurityDashboard from 'ee/security_dashboard/first_class_init'; import initFirstClassSecurityDashboard from 'ee/security_dashboard/first_class_init';
import { DASHBOARD_TYPES } from 'ee/security_dashboard/store/constants'; import { DASHBOARD_TYPES } from 'ee/security_dashboard/store/constants';
document.addEventListener('DOMContentLoaded', () => { document.addEventListener('DOMContentLoaded', () => {
if (gon.features?.firstClassVulnerabilities) { initFirstClassSecurityDashboard(document.getElementById('js-security'), DASHBOARD_TYPES.INSTANCE);
initFirstClassSecurityDashboard(
document.getElementById('js-security'),
DASHBOARD_TYPES.INSTANCE,
);
} else if (gon.features?.instanceSecurityDashboard) {
initInstanceSecurityDashboard();
}
}); });
...@@ -2,10 +2,6 @@ ...@@ -2,10 +2,6 @@
class Groups::Security::DashboardController < Groups::ApplicationController class Groups::Security::DashboardController < Groups::ApplicationController
layout 'group' layout 'group'
before_action only: [:show] do
push_frontend_feature_flag(:first_class_vulnerabilities, group, default_enabled: true)
end
def show def show
render :unavailable unless dashboard_available? render :unavailable unless dashboard_available?
end end
......
...@@ -9,7 +9,6 @@ module Projects ...@@ -9,7 +9,6 @@ module Projects
before_action only: [:index] do before_action only: [:index] do
push_frontend_feature_flag(:hide_dismissed_vulnerabilities) push_frontend_feature_flag(:hide_dismissed_vulnerabilities)
push_frontend_feature_flag(:first_class_vulnerabilities, @project, default_enabled: true)
end end
def index def index
......
...@@ -11,7 +11,6 @@ module Projects ...@@ -11,7 +11,6 @@ module Projects
include NotesHelper include NotesHelper
include ToggleAwardEmoji include ToggleAwardEmoji
before_action :not_found, unless: -> { project.first_class_vulnerabilities_enabled? }
before_action :authorize_create_note!, only: [:create] before_action :authorize_create_note!, only: [:create]
private private
......
...@@ -7,8 +7,7 @@ module Projects ...@@ -7,8 +7,7 @@ module Projects
include IssuableActions include IssuableActions
include RendersNotes include RendersNotes
before_action :not_found, unless: -> { project.first_class_vulnerabilities_enabled? } before_action :vulnerability, except: :index
before_action :vulnerability
alias_method :vulnerable, :project alias_method :vulnerable, :project
......
...@@ -2,8 +2,5 @@ ...@@ -2,8 +2,5 @@
module Security module Security
class DashboardController < ::Security::ApplicationController class DashboardController < ::Security::ApplicationController
before_action only: [:show] do
push_frontend_feature_flag(:first_class_vulnerabilities, default_enabled: true)
end
end end
end end
...@@ -130,10 +130,6 @@ module EE ...@@ -130,10 +130,6 @@ module EE
::License.feature_available?(:ci_cd_projects) && import_sources_enabled? ::License.feature_available?(:ci_cd_projects) && import_sources_enabled?
end end
def first_class_vulnerabilities_available?(project)
::Feature.enabled?(:first_class_vulnerabilities, project, default_enabled: true)
end
def merge_pipelines_available? def merge_pipelines_available?
return false unless @project.builds_enabled? return false unless @project.builds_enabled?
...@@ -190,6 +186,7 @@ module EE ...@@ -190,6 +186,7 @@ module EE
project_full_path: project.full_path, project_full_path: project.full_path,
vulnerabilities_endpoint: project_security_vulnerability_findings_path(project), vulnerabilities_endpoint: project_security_vulnerability_findings_path(project),
vulnerabilities_summary_endpoint: summary_project_security_vulnerability_findings_path(project), vulnerabilities_summary_endpoint: summary_project_security_vulnerability_findings_path(project),
vulnerabilities_export_endpoint: api_v4_security_projects_vulnerability_exports_path(id: project.id),
vulnerability_feedback_help_path: help_page_path("user/application_security/index", anchor: "interacting-with-the-vulnerabilities"), vulnerability_feedback_help_path: help_page_path("user/application_security/index", anchor: "interacting-with-the-vulnerabilities"),
empty_state_svg_path: image_path('illustrations/security-dashboard-empty-state.svg'), empty_state_svg_path: image_path('illustrations/security-dashboard-empty-state.svg'),
dashboard_documentation: help_page_path('user/application_security/security_dashboard/index'), dashboard_documentation: help_page_path('user/application_security/security_dashboard/index'),
...@@ -225,8 +222,6 @@ module EE ...@@ -225,8 +222,6 @@ module EE
end end
def project_vulnerabilities_config(project) def project_vulnerabilities_config(project)
return {} unless first_class_vulnerabilities_available?(project)
{ vulnerabilities_export_endpoint: api_v4_security_projects_vulnerability_exports_path(id: project.id) } { vulnerabilities_export_endpoint: api_v4_security_projects_vulnerability_exports_path(id: project.id) }
end end
......
...@@ -303,10 +303,6 @@ module EE ...@@ -303,10 +303,6 @@ module EE
::Feature.enabled?(:repository_push_audit_event, self) ::Feature.enabled?(:repository_push_audit_event, self)
end end
def first_class_vulnerabilities_enabled?
::Feature.enabled?(:first_class_vulnerabilities, self, default_enabled: true)
end
def feature_available?(feature, user = nil) def feature_available?(feature, user = nil)
if ::ProjectFeature::FEATURES.include?(feature) if ::ProjectFeature::FEATURES.include?(feature)
super super
......
...@@ -139,7 +139,6 @@ module Vulnerabilities ...@@ -139,7 +139,6 @@ module Vulnerabilities
def state def state
return 'dismissed' if dismissal_feedback.present? return 'dismissed' if dismissal_feedback.present?
return 'detected' unless Feature.enabled?(:first_class_vulnerabilities, project, default_enabled: true)
if vulnerability.nil? if vulnerability.nil?
'detected' 'detected'
......
---
title: Improve Vulnerability Management with Standalone Vulnerabilities
merge_request: 28212
author:
type: added
...@@ -34,8 +34,6 @@ module API ...@@ -34,8 +34,6 @@ module API
end end
get ':id' do get ':id' do
vulnerability = find_and_authorize_vulnerability!(:read_vulnerability) vulnerability = find_and_authorize_vulnerability!(:read_vulnerability)
not_found! unless Feature.enabled?(:first_class_vulnerabilities, vulnerability.project, default_enabled: true)
render_vulnerability(vulnerability) render_vulnerability(vulnerability)
end end
...@@ -44,8 +42,6 @@ module API ...@@ -44,8 +42,6 @@ module API
end end
post ':id/resolve' do post ':id/resolve' do
vulnerability = find_and_authorize_vulnerability!(:admin_vulnerability) vulnerability = find_and_authorize_vulnerability!(:admin_vulnerability)
not_found! unless Feature.enabled?(:first_class_vulnerabilities, vulnerability.project, default_enabled: true)
not_modified! if vulnerability.resolved? not_modified! if vulnerability.resolved?
vulnerability = ::Vulnerabilities::ResolveService.new(current_user, vulnerability).execute vulnerability = ::Vulnerabilities::ResolveService.new(current_user, vulnerability).execute
...@@ -57,8 +53,6 @@ module API ...@@ -57,8 +53,6 @@ module API
end end
post ':id/dismiss' do post ':id/dismiss' do
vulnerability = find_and_authorize_vulnerability!(:admin_vulnerability) vulnerability = find_and_authorize_vulnerability!(:admin_vulnerability)
not_found! unless Feature.enabled?(:first_class_vulnerabilities, vulnerability.project, default_enabled: true)
not_modified! if vulnerability.dismissed? not_modified! if vulnerability.dismissed?
vulnerability = ::Vulnerabilities::DismissService.new(current_user, vulnerability).execute vulnerability = ::Vulnerabilities::DismissService.new(current_user, vulnerability).execute
...@@ -70,8 +64,6 @@ module API ...@@ -70,8 +64,6 @@ module API
end end
post ':id/confirm' do post ':id/confirm' do
vulnerability = find_and_authorize_vulnerability!(:admin_vulnerability) vulnerability = find_and_authorize_vulnerability!(:admin_vulnerability)
not_found! unless Feature.enabled?(:first_class_vulnerabilities, vulnerability.project, default_enabled: true)
not_modified! if vulnerability.confirmed? not_modified! if vulnerability.confirmed?
vulnerability = ::Vulnerabilities::ConfirmService.new(current_user, vulnerability).execute vulnerability = ::Vulnerabilities::ConfirmService.new(current_user, vulnerability).execute
...@@ -86,9 +78,6 @@ module API ...@@ -86,9 +78,6 @@ module API
desc 'Get a list of project vulnerabilities' do desc 'Get a list of project vulnerabilities' do
success EE::API::Entities::Vulnerability success EE::API::Entities::Vulnerability
end end
before do
not_found! unless Feature.enabled?(:first_class_vulnerabilities, user_project, default_enabled: true)
end
params do params do
use :pagination use :pagination
end end
......
...@@ -42,10 +42,6 @@ module API ...@@ -42,10 +42,6 @@ module API
success EE::API::Entities::VulnerabilityExport success EE::API::Entities::VulnerabilityExport
end end
before do
not_found! unless Feature.enabled?(:first_class_vulnerabilities, user_project, default_enabled: true)
end
post ':id/vulnerability_exports' do post ':id/vulnerability_exports' do
authorize! :create_vulnerability_export, user_project authorize! :create_vulnerability_export, user_project
...@@ -64,10 +60,6 @@ module API ...@@ -64,10 +60,6 @@ module API
success EE::API::Entities::VulnerabilityExport success EE::API::Entities::VulnerabilityExport
end end
before do
not_found! unless Feature.enabled?(:first_class_vulnerabilities, user_group, default_enabled: true)
end
post ':id/vulnerability_exports' do post ':id/vulnerability_exports' do
authorize! :create_vulnerability_export, user_group authorize! :create_vulnerability_export, user_group
...@@ -76,10 +68,6 @@ module API ...@@ -76,10 +68,6 @@ module API
end end
namespace do namespace do
before do
not_found! unless Feature.enabled?(:first_class_vulnerabilities, default_enabled: true)
end
params do params do
optional :export_format, type: String, desc: 'The format of export to be generated', optional :export_format, type: String, desc: 'The format of export to be generated',
default: ::Vulnerabilities::Export.formats.each_key.first, default: ::Vulnerabilities::Export.formats.each_key.first,
......
...@@ -33,8 +33,6 @@ module API ...@@ -33,8 +33,6 @@ module API
end end
get ':id/issue_links' do get ':id/issue_links' do
vulnerability = find_and_authorize_vulnerability!(:read_vulnerability) vulnerability = find_and_authorize_vulnerability!(:read_vulnerability)
not_found! unless Feature.enabled?(:first_class_vulnerabilities, vulnerability.project, default_enabled: true)
present vulnerability present vulnerability
.related_issues .related_issues
.with_api_entity_associations .with_api_entity_associations
...@@ -51,8 +49,6 @@ module API ...@@ -51,8 +49,6 @@ module API
end end
post ':id/issue_links' do post ':id/issue_links' do
vulnerability = find_and_authorize_vulnerability!(:admin_vulnerability_issue_link) vulnerability = find_and_authorize_vulnerability!(:admin_vulnerability_issue_link)
not_found! unless Feature.enabled?(:first_class_vulnerabilities, vulnerability.project, default_enabled: true)
issue = find_project_issue(params[:target_issue_iid], vulnerability.project_id) issue = find_project_issue(params[:target_issue_iid], vulnerability.project_id)
response = ::VulnerabilityIssueLinks::CreateService.new( response = ::VulnerabilityIssueLinks::CreateService.new(
...@@ -68,9 +64,7 @@ module API ...@@ -68,9 +64,7 @@ module API
requires :issue_link_id, type: Integer, desc: 'The ID of a vulnerability-issue-link to delete' requires :issue_link_id, type: Integer, desc: 'The ID of a vulnerability-issue-link to delete'
end end
delete ':id/issue_links/:issue_link_id' do delete ':id/issue_links/:issue_link_id' do
vulnerability = find_and_authorize_vulnerability!(:admin_vulnerability_issue_link) find_and_authorize_vulnerability!(:admin_vulnerability_issue_link)
not_found! unless Feature.enabled?(:first_class_vulnerabilities, vulnerability.project, default_enabled: true)
issue_link = find_issue_link! issue_link = find_issue_link!
service_response = ::VulnerabilityIssueLinks::DeleteService.new(current_user, issue_link).execute service_response = ::VulnerabilityIssueLinks::DeleteService.new(current_user, issue_link).execute
......
...@@ -40,18 +40,6 @@ RSpec.describe Projects::Security::Vulnerabilities::NotesController do ...@@ -40,18 +40,6 @@ RSpec.describe Projects::Security::Vulnerabilities::NotesController do
expect(json_response['notes']).to be_an Array expect(json_response['notes']).to be_an Array
expect(json_response['notes'].pluck('id')).to eq([note.id.to_s]) expect(json_response['notes'].pluck('id')).to eq([note.id.to_s])
end end
context 'when the feature flag is disabled' do
before do
stub_feature_flags(first_class_vulnerabilities: false)
end
it 'renders the 404 page' do
view_all_notes
expect(response).to have_gitlab_http_status(:not_found)
end
end
end end
describe 'POST create' do describe 'POST create' do
......
...@@ -52,18 +52,6 @@ RSpec.describe Projects::Security::VulnerabilitiesController do ...@@ -52,18 +52,6 @@ RSpec.describe Projects::Security::VulnerabilitiesController do
expect(response.body).to have_text(vulnerability.title) expect(response.body).to have_text(vulnerability.title)
end end
end end
context 'when the feature flag is disabled' do
before do
stub_feature_flags(first_class_vulnerabilities: false)
end
it 'renders the 404 page' do
show_vulnerability
expect(response).to have_gitlab_http_status(:not_found)
end
end
end end
describe 'GET #discussions' do describe 'GET #discussions' do
...@@ -85,17 +73,5 @@ RSpec.describe Projects::Security::VulnerabilitiesController do ...@@ -85,17 +73,5 @@ RSpec.describe Projects::Security::VulnerabilitiesController do
expect(json_response.pluck('id')).to eq([discussion_note.discussion_id]) expect(json_response.pluck('id')).to eq([discussion_note.discussion_id])
end end
context 'when the feature flag is disabled' do
before do
stub_feature_flags(first_class_vulnerabilities: false)
end
it 'renders the 404 page' do
show_vulnerability_discussion_list
expect(response).to have_gitlab_http_status(:not_found)
end
end
end end
end end
...@@ -10,7 +10,6 @@ RSpec.describe 'Group overview', :js, :aggregate_failures do ...@@ -10,7 +10,6 @@ RSpec.describe 'Group overview', :js, :aggregate_failures do
subject(:visit_page) { visit group_path(group) } subject(:visit_page) { visit group_path(group) }
before do before do
stub_feature_flags(first_class_vulnerabilities: false)
group.add_owner(user) group.add_owner(user)
sign_in(user) sign_in(user)
end end
...@@ -35,51 +34,6 @@ RSpec.describe 'Group overview', :js, :aggregate_failures do ...@@ -35,51 +34,6 @@ RSpec.describe 'Group overview', :js, :aggregate_failures do
let(:user) { create(:user, group_view: :security_dashboard) } let(:user) { create(:user, group_view: :security_dashboard) }
context 'and Security Dashboard feature is available for a group' do
let(:group) { create(:group_with_plan, plan: :gold_plan) }
let(:project) { create(:project, :public, namespace: group) }
before do
create(:vulnerability, :with_findings, project: project)
end
context 'when the "first_class_vulnerabilities" feature flag is not enabled' do
it 'displays the Security Dashboard view' do
visit_page
expect(page).to have_selector('.js-security-dashboard-table')
page.within(find('aside')) do
expect(page).to have_content _('Vulnerabilities over time')
expect(page).to have_selector('.js-vulnerabilities-chart-time-info')
expect(page).to have_selector('.js-vulnerabilities-chart-severity-level-breakdown')
expect(page).to have_content _('Project security status')
expect(page).to have_selector('.js-projects-security-status')
end
page.within(all('div.row')[1]) do
expect(page).not_to have_content s_('VulnerabilityStatusTypes|Detected')
end
end
end
context 'when the "first_class_vulnerabilities" feature flag is enabled' do
before do
stub_feature_flags(first_class_vulnerabilities: true)
end
it 'loads the first class group security dashboard' do
visit_page
page.within(all('div.row')[1]) do
expect(page).to have_content s_('VulnerabilityStatusTypes|Detected')
expect(page).to have_content s_('Vulnerability|Severity')
end
end
end
end
context 'and Security Dashboard feature is not available for a group' do context 'and Security Dashboard feature is not available for a group' do
let(:group) { create(:group_with_plan, plan: :bronze_plan) } let(:group) { create(:group_with_plan, plan: :bronze_plan) }
......
...@@ -135,25 +135,6 @@ RSpec.describe ProjectsHelper do ...@@ -135,25 +135,6 @@ RSpec.describe ProjectsHelper do
it { is_expected.to match(expected_core_values) } it { is_expected.to match(expected_core_values) }
context 'when the first_class_vulnerabilities available' do
let(:export_endpoint) { "/api/v4/security/projects/#{project.id}/vulnerability_exports" }
let(:expected_sub_hash) { hash_including(vulnerabilities_export_endpoint: export_endpoint) }
before do
allow(::Feature).to receive(:enabled?).with(:first_class_vulnerabilities, project, default_enabled: true).and_return(true)
end
it { is_expected.to match(expected_sub_hash) }
end
context 'when the first_class_vulnerabilities is not available' do
before do
allow(::Feature).to receive(:enabled?).with(:first_class_vulnerabilities, project, default_enabled: true).and_return(false)
end
it { is_expected.not_to have_key(:vulnerabilities_export_endpoint) }
end
context 'project without pipeline' do context 'project without pipeline' do
let(:expected_sub_hash) do let(:expected_sub_hash) do
hash_including( hash_including(
...@@ -187,7 +168,8 @@ RSpec.describe ProjectsHelper do ...@@ -187,7 +168,8 @@ RSpec.describe ProjectsHelper do
ref_path: "#{project_path}/-/commits/#{project.default_branch}", ref_path: "#{project_path}/-/commits/#{project.default_branch}",
pipeline_path: "#{project_path}/-/pipelines/#{pipeline.id}", pipeline_path: "#{project_path}/-/pipelines/#{pipeline.id}",
pipeline_created: pipeline.created_at.to_s(:iso8601), pipeline_created: pipeline.created_at.to_s(:iso8601),
has_pipeline_data: 'true' has_pipeline_data: 'true',
vulnerabilities_export_endpoint: "/api/v4/security/projects/#{project.id}/vulnerability_exports"
) )
end end
......
...@@ -4,10 +4,6 @@ require 'spec_helper' ...@@ -4,10 +4,6 @@ require 'spec_helper'
RSpec.describe SecurityHelper do RSpec.describe SecurityHelper do
describe '#instance_security_dashboard_data' do describe '#instance_security_dashboard_data' do
before do
stub_feature_flags(first_class_vulnerabilities: true)
end
subject { instance_security_dashboard_data } subject { instance_security_dashboard_data }
it 'returns vulnerability, project, feedback, asset, and docs paths for the instance security dashboard' do it 'returns vulnerability, project, feedback, asset, and docs paths for the instance security dashboard' do
......
# frozen_string_literal: true # frozen_string_literal: true
RSpec.shared_examples 'forbids access to vulnerability API endpoint in case of disabled features' do RSpec.shared_examples 'forbids access to vulnerability API endpoint in case of disabled features' do
context 'when "first-class vulnerabilities" feature is disabled' do
before do
stub_feature_flags(first_class_vulnerabilities: false)
end
it 'responds with "not found"' do
subject
expect(response).to have_gitlab_http_status(:not_found)
end
end
context 'when security dashboard feature is not available' do context 'when security dashboard feature is not available' do
before do before do
stub_licensed_features(security_dashboard: false) stub_licensed_features(security_dashboard: false)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment