Commit 8e5f23df authored by Philip Cunningham's avatar Philip Cunningham Committed by Mayra Cabrera

Remove redundant DAST on-demand scan feature flag

Removes feature flag that was previously enabled by default.
parent a05759d0
......@@ -714,10 +714,6 @@ To delete a scanner profile:
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/218465) in GitLab 13.2.
> - [Improved](https://gitlab.com/gitlab-org/gitlab/-/issues/218465) in GitLab 13.3.
> - It's deployed behind a feature flag, enabled by default.
> - It's enabled on GitLab.com.
> - It's able to be enabled or disabled per-project.
> - To use it in GitLab self-managed instances, ask a GitLab administrator to [enable it](#enable-or-disable-on-demand-scans).
An on-demand DAST scan runs outside the DevOps life cycle. Changes in your repository don't trigger
the scan. You must start it manually.
......@@ -748,35 +744,6 @@ To run an on-demand DAST scan, you need:
The on-demand DAST scan runs and the project's dashboard shows the results.
### Enable or disable On-demand Scans
The On-demand DAST Scans feature is enabled by default. You can disable on-demand scans
instance-wide, or disable it for specific projects if you prefer.
To run on-demand DAST scans, an administrator must enable the
`security_on_demand_scans_feature_flag` feature flag.
[GitLab administrators with access to the GitLab Rails console](../../../administration/feature_flags.md)
can disable or enable the feature flags.
To disable On-demand DAST Scans:
```ruby
# Instance-wide
Feature.disable(:security_on_demand_scans_feature_flag)
# or by project
Feature.disable(:security_on_demand_scans_feature_flag, Project.find(<project id>))
```
To enable On-demand DAST Scans:
```ruby
# Instance-wide
Feature.enable(:security_on_demand_scans_feature_flag)
# or by project
Feature.enable(:security_on_demand_scans_feature_flag, Project.find(<project ID>))
```
## Reports
The DAST tool outputs a report file in JSON format by default. However, this tool can also generate reports in
......
......@@ -17,8 +17,6 @@ module EE
null: true,
description: 'The DAST scanner profiles associated with the project',
resolve: -> (project, _args, _ctx) do
return DastScannerProfile.none unless ::Feature.enabled?(:security_on_demand_scans_feature_flag, project, default_enabled: true)
DastScannerProfilesFinder.new(project_ids: [project.id]).execute
end
......
......@@ -101,7 +101,6 @@ module EE
with_scope :subject
condition(:on_demand_scans_enabled) do
::Feature.enabled?(:security_on_demand_scans_feature_flag, project, default_enabled: true) &&
@subject.feature_available?(:security_on_demand_scans)
end
......
---
name: security_on_demand_scans_feature_flag
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/32994
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/237796
group: group::dynamic analysis
type: development
default_enabled: true
......@@ -135,14 +135,6 @@ RSpec.describe Mutations::DastOnDemandScans::Create do
end
end
context 'when on demand scan feature is not enabled' do
it 'raises an exception' do
stub_feature_flags(security_on_demand_scans_feature_flag: false)
expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
end
end
context 'when on demand scan licensed feature is not available' do
it 'raises an exception' do
stub_licensed_features(security_on_demand_scans: false)
......
......@@ -84,16 +84,6 @@ RSpec.describe Mutations::DastScannerProfiles::Create do
end
end
context 'when security_on_demand_scans_feature_flag is disabled' do
before do
stub_feature_flags(security_on_demand_scans_feature_flag: false)
end
it 'raises an exception' do
expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
end
end
context 'when on demand scan licensed feature is not available' do
it 'raises an exception' do
stub_licensed_features(security_on_demand_scans: false)
......
......@@ -54,14 +54,6 @@ RSpec.describe Mutations::DastScannerProfiles::Delete do
end
end
context 'when security_on_demand_scans_feature_flag is disabled' do
it 'raises an exception' do
stub_feature_flags(security_on_demand_scans_feature_flag: false)
expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
end
end
context 'when on demand scan licensed feature is not available' do
it 'raises an exception' do
stub_licensed_features(security_on_demand_scans: false)
......
......@@ -109,14 +109,6 @@ RSpec.describe Mutations::DastScannerProfiles::Update do
end
end
context 'when on demand scan feature is not enabled' do
it 'raises an exception' do
stub_feature_flags(security_on_demand_scans_feature_flag: false)
expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
end
end
context 'when on demand scan licensed feature is not available' do
it 'raises an exception' do
stub_licensed_features(security_on_demand_scans: false)
......
......@@ -90,14 +90,6 @@ RSpec.describe Mutations::DastSiteProfiles::Create do
end
end
context 'when on demand scan feature is not enabled' do
it 'raises an exception' do
stub_feature_flags(security_on_demand_scans_feature_flag: false)
expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
end
end
context 'when on demand scan licensed feature is not available' do
it 'raises an exception' do
stub_licensed_features(security_on_demand_scans: false)
......
......@@ -97,14 +97,6 @@ RSpec.describe Mutations::DastSiteProfiles::Delete do
end
end
context 'when on demand scan feature is not enabled' do
it 'raises an exception' do
stub_feature_flags(security_on_demand_scans_feature_flag: false)
expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
end
end
context 'when on demand scan licensed feature is not available' do
it 'raises an exception' do
stub_licensed_features(security_on_demand_scans: false)
......
......@@ -97,14 +97,6 @@ RSpec.describe Mutations::DastSiteProfiles::Update do
end
end
context 'when on demand scan feature is not enabled' do
it 'raises an exception' do
stub_feature_flags(security_on_demand_scans_feature_flag: false)
expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
end
end
context 'when on demand scan licensed feature is not available' do
it 'raises an exception' do
stub_licensed_features(security_on_demand_scans: false)
......
......@@ -87,14 +87,6 @@ RSpec.describe Mutations::DastSiteTokens::Create do
end
end
context 'when on demand scan feature is not enabled' do
it 'raises an exception' do
stub_feature_flags(security_on_demand_scans_feature_flag: false)
expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
end
end
context 'when on demand scan site validations feature is not enabled' do
it 'raises an exception' do
stub_feature_flags(security_on_demand_scans_site_validation: false)
......
......@@ -71,14 +71,6 @@ RSpec.describe Mutations::DastSiteValidations::Create do
expect(subject[:status]).to eq(dast_site_validation.state)
end
context 'when on demand scan feature is not enabled' do
it 'raises an exception' do
stub_feature_flags(security_on_demand_scans_feature_flag: false)
expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
end
end
context 'when on demand scan site validations feature is not enabled' do
it 'raises an exception' do
stub_feature_flags(security_on_demand_scans_site_validation: false)
......
......@@ -34,10 +34,6 @@ RSpec.describe Mutations::Pipelines::RunDastScan do
end
context 'when on demand scan feature is enabled' do
before do
stub_feature_flags(security_on_demand_scans_feature_flag: true)
end
context 'when the project does not exist' do
let(:project_path) { SecureRandom.hex }
......
......@@ -33,14 +33,6 @@ RSpec.describe DastSiteProfilePolicy do
it { is_expected.to be_allowed(:create_on_demand_dast_scan) }
context 'when on demand scan feature flag is disabled' do
before do
stub_feature_flags(security_on_demand_scans_feature_flag: false)
end
it { is_expected.to be_disallowed(:create_on_demand_dast_scan) }
end
context 'when on demand scan licensed feature is not available' do
before do
stub_licensed_features(security_on_demand_scans: false)
......
......@@ -33,14 +33,6 @@ RSpec.describe DastSiteValidationPolicy do
it { is_expected.to be_allowed(:create_on_demand_dast_scan) }
context 'when on demand scan feature flag is disabled' do
before do
stub_feature_flags(security_on_demand_scans_feature_flag: false)
end
it { is_expected.to be_disallowed(:create_on_demand_dast_scan) }
end
context 'when on demand scan licensed feature is not available' do
before do
stub_licensed_features(security_on_demand_scans: false)
......
......@@ -37,10 +37,6 @@ RSpec.describe 'Running a DAST Scan' do
end
context 'when on demand scan feature is enabled' do
before do
stub_feature_flags(security_on_demand_scans_feature_flag: true)
end
context 'when the user does not have permission to run a dast scan' do
it_behaves_like 'a mutation that returns top-level errors',
errors: ['The resource that you are attempting to access does not ' \
......
......@@ -93,17 +93,5 @@ RSpec.describe 'Query.project(fullPath).dastScannerProfiles' do
it { is_expected.to eq(dast_scanner_profile.to_global_id.to_s) }
end
context 'when on demand scan feature flag is disabled' do
before do
stub_feature_flags(security_on_demand_scans_feature_flag: false)
end
describe 'dast scanner profiles' do
subject { response_data.dig('project', 'dastScannerProfiles', 'nodes') }
it { is_expected.to be_empty }
end
end
end
end
......@@ -83,14 +83,6 @@ RSpec.describe 'Query.project(fullPath).dastSiteProfile' do
end
end
context 'when on demand scan feature flag is disabled' do
it 'returns a null dast_site_profile' do
stub_feature_flags(security_on_demand_scans_feature_flag: false)
expect(dast_site_profile_response).to be_nil
end
end
context 'when on demand scan licensed feature is not available' do
it 'returns a null dast_site_profile' do
stub_licensed_features(security_on_demand_scans: false)
......
......@@ -106,14 +106,6 @@ RSpec.describe 'Query.project(fullPath).dastSiteProfiles' do
end
end
context 'when on demand scan feature flag is disabled' do
it 'returns an empty edges array' do
stub_feature_flags(security_on_demand_scans_feature_flag: false)
expect(dast_site_profiles_response['nodes']).to be_empty
end
end
context 'when on demand scan licensed feature is not available' do
it 'returns an empty edges array' do
stub_licensed_features(security_on_demand_scans: false)
......
......@@ -9,7 +9,6 @@ RSpec.describe Projects::OnDemandScansController, type: :request do
describe 'GET #index' do
context 'feature available' do
before do
stub_feature_flags(security_on_demand_scans_feature_flag: true)
stub_licensed_features(security_on_demand_scans: true)
end
......@@ -49,16 +48,7 @@ RSpec.describe Projects::OnDemandScansController, type: :request do
login_as(user)
end
it "sees a 404 error if the feature flag is disabled" do
stub_feature_flags(security_on_demand_scans_feature_flag: false)
stub_licensed_features(security_on_demand_scans: true)
get project_on_demand_scans_path(project)
expect(response).to have_gitlab_http_status(:not_found)
end
it "sees a 404 error if the license doesn't support the feature" do
stub_feature_flags(security_on_demand_scans_feature_flag: true)
stub_licensed_features(security_on_demand_scans: false)
get project_on_demand_scans_path(project)
......
......@@ -9,7 +9,6 @@ RSpec.describe Projects::Security::DastProfilesController, type: :request do
describe 'GET #index' do
context 'feature available' do
before do
stub_feature_flags(security_on_demand_scans_feature_flag: true)
stub_licensed_features(security_on_demand_scans: true)
end
......@@ -49,19 +48,8 @@ RSpec.describe Projects::Security::DastProfilesController, type: :request do
login_as(user)
end
context 'feature flag is disabled' do
it 'sees a 404 error' do
stub_feature_flags(security_on_demand_scans_feature_flag: false)
stub_licensed_features(security_on_demand_scans: true)
get project_security_configuration_dast_profiles_path(project)
expect(response).to have_gitlab_http_status(:not_found)
end
end
context 'license doesnt\'t support the feature' do
it 'sees a 404 error' do
stub_feature_flags(security_on_demand_scans_feature_flag: true)
stub_licensed_features(security_on_demand_scans: false)
get project_security_configuration_dast_profiles_path(project)
......
......@@ -9,7 +9,6 @@ RSpec.describe Projects::Security::DastScannerProfilesController, type: :request
shared_context 'on-demand scans feature available' do
before do
stub_feature_flags(security_on_demand_scans_feature_flag: true)
stub_licensed_features(security_on_demand_scans: true)
end
end
......@@ -54,23 +53,13 @@ RSpec.describe Projects::Security::DastScannerProfilesController, type: :request
end
context 'feature not available' do
using RSpec::Parameterized::TableSyntax
include_context 'user authorized'
where(:feature_flag_enabled, :license_support) do
false | true
true | false
end
it 'sees a 404 error' do
stub_licensed_features(security_on_demand_scans: false)
get path
with_them do
it 'sees a 404 error' do
stub_feature_flags(security_on_demand_scans_feature_flag: feature_flag_enabled)
stub_licensed_features(security_on_demand_scans: license_support)
get path
expect(response).to have_gitlab_http_status(:not_found)
end
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
......
......@@ -8,7 +8,6 @@ RSpec.describe Projects::Security::DastSiteProfilesController, type: :request do
let(:dast_site_profile) { create(:dast_site_profile, project: project) }
def with_feature_available
stub_feature_flags(security_on_demand_scans_feature_flag: true)
stub_licensed_features(security_on_demand_scans: true)
end
......@@ -55,19 +54,8 @@ RSpec.describe Projects::Security::DastSiteProfilesController, type: :request do
with_user_authorized
end
context 'feature flag is disabled' do
it 'sees a 404 error' do
stub_feature_flags(security_on_demand_scans_feature_flag: false)
stub_licensed_features(security_on_demand_scans: true)
get path
expect(response).to have_gitlab_http_status(:not_found)
end
end
context 'license doesnt\'t support the feature' do
it 'sees a 404 error' do
stub_feature_flags(security_on_demand_scans_feature_flag: true)
stub_licensed_features(security_on_demand_scans: false)
get path
......
......@@ -171,20 +171,6 @@ RSpec.describe Ci::RunDastScanService do
end
end
context 'when on demand scan feature is disabled' do
before do
stub_feature_flags(security_on_demand_scans_feature_flag: false)
end
it 'returns an error status' do
expect(status).to eq(:error)
end
it 'populates message' do
expect(message).to eq('Insufficient permissions')
end
end
context 'when on demand scan licensed feature is not available' do
before do
stub_licensed_features(security_on_demand_scans: false)
......
......@@ -106,20 +106,6 @@ RSpec.describe DastScannerProfiles::CreateService do
end
end
context 'when on demand scan feature is disabled' do
before do
stub_feature_flags(security_on_demand_scans_feature_flag: false)
end
it 'returns an error status' do
expect(status).to eq(:error)
end
it 'populates message' do
expect(message).to eq('Insufficient permissions')
end
end
context 'when on demand scan licensed feature is not available' do
before do
stub_licensed_features(security_on_demand_scans: false)
......
......@@ -64,20 +64,6 @@ RSpec.describe DastScannerProfiles::DestroyService do
end
end
context 'when on demand scan feature is disabled' do
before do
stub_feature_flags(security_on_demand_scans_feature_flag: false)
end
it 'returns an error status' do
expect(status).to eq(:error)
end
it 'populates message' do
expect(message).to eq('You are not authorized to update this scanner profile')
end
end
context 'when on demand scan licensed feature is not available' do
before do
stub_licensed_features(security_on_demand_scans: false)
......
......@@ -151,20 +151,6 @@ RSpec.describe DastScannerProfiles::UpdateService do
end
end
context 'when on demand scan feature is disabled' do
before do
stub_feature_flags(security_on_demand_scans_feature_flag: false)
end
it 'returns an error status' do
expect(status).to eq(:error)
end
it 'populates message' do
expect(message).to eq('You are not authorized to update this scanner profile')
end
end
context 'when on demand scan licensed feature is not available' do
before do
stub_licensed_features(security_on_demand_scans: false)
......
......@@ -77,20 +77,6 @@ RSpec.describe DastSiteProfiles::CreateService do
end
end
context 'when on demand scan feature is disabled' do
before do
stub_feature_flags(security_on_demand_scans_feature_flag: false)
end
it 'returns an error status' do
expect(status).to eq(:error)
end
it 'populates message' do
expect(message).to eq('Insufficient permissions')
end
end
context 'when on demand scan licensed feature is not available' do
before do
stub_licensed_features(security_on_demand_scans: false)
......
......@@ -86,20 +86,6 @@ RSpec.describe DastSiteProfiles::UpdateService do
end
end
context 'when on demand scan feature is disabled' do
before do
stub_feature_flags(security_on_demand_scans_feature_flag: false)
end
it 'returns an error status' do
expect(status).to eq(:error)
end
it 'populates message' do
expect(message).to eq('Insufficient permissions')
end
end
context 'when on demand scan licensed feature is not available' do
before do
stub_licensed_features(security_on_demand_scans: false)
......
......@@ -59,16 +59,6 @@ RSpec.describe DastSites::FindOrCreateService do
end
end
context 'when on demand scan feature is disabled' do
it 'raises an exception' do
stub_feature_flags(security_on_demand_scans_feature_flag: false)
expect { subject }.to raise_error(DastSites::FindOrCreateService::PermissionsError) do |err|
expect(err.message).to include('Insufficient permissions')
end
end
end
context 'when on demand scan licensed feature is not available' do
it 'raises an exception' do
stub_licensed_features(security_on_demand_scans: false)
......
......@@ -27,14 +27,6 @@ RSpec.shared_examples 'an on-demand scan mutation when user can run an on-demand
expect(mutation_response["errors"]).to be_empty
end
context 'when on demand scan feature is disabled' do
before do
stub_feature_flags(security_on_demand_scans_feature_flag: false)
end
it_behaves_like 'a mutation that returns a top-level access error'
end
context 'when on demand scan licensed feature is not available' do
before do
stub_licensed_features(security_on_demand_scans: false)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment