Merge branch '332751-remove-feature-flag' into 'master'

Remove the read_container_registry_access_level feature flag [RUN ALL RSPEC] [RUN AS-IF-FOSS] See merge request gitlab-org/gitlab!65540

Merge branch '332751-remove-feature-flag' into 'master'
Remove the read_container_registry_access_level feature flag [RUN ALL RSPEC] [RUN AS-IF-FOSS] See merge request gitlab-org/gitlab!65540
beb0a6c8 · David Fernandez · e379db2a · aeff2cf9 · beb0a6c8 · beb0a6c8
Commit beb0a6c8 authored Jul 09, 2021 by David Fernandez
9 changed files
--- a/app/models/container_repository.rb
+++ b/app/models/container_repository.rb
@@ -24,15 +24,8 @@ class ContainerRepository < ApplicationRecord
  scope :for_group_and_its_subgroups, ->(group) do
    project_scope = Project
      .for_group_and_its_subgroups(group)
-
-    project_scope =
-      if Feature.enabled?(:read_container_registry_access_level, group, default_enabled: :yaml)
-        project_scope.with_feature_enabled(:container_registry)
-      else
-        project_scope.with_container_registry
-      end
-
-    project_scope = project_scope.select(:id)
+      .with_feature_enabled(:container_registry)
+      .select(:id)

    joins("INNER JOIN (#{project_scope.to_sql}) projects on projects.id=container_repositories.project_id")
  end

--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -406,8 +406,9 @@ class Project < ApplicationRecord
    :wiki_access_level, :snippets_access_level, :builds_access_level,
    :repository_access_level, :pages_access_level, :metrics_dashboard_access_level, :analytics_access_level,
    :operations_enabled?, :operations_access_level, :security_and_compliance_access_level,
-    :container_registry_access_level,
+    :container_registry_access_level, :container_registry_enabled?,
    to: :project_feature, allow_nil: true
+  alias_method :container_registry_enabled, :container_registry_enabled?
  delegate :show_default_award_emojis, :show_default_award_emojis=,
    :show_default_award_emojis?,
    to: :project_setting, allow_nil: true
@@ -547,7 +548,6 @@ class Project < ApplicationRecord
  scope :include_project_feature, -> { includes(:project_feature) }
  scope :with_integration, ->(integration) { joins(integration).eager_load(integration) }
  scope :with_shared_runners, -> { where(shared_runners_enabled: true) }
-  scope :with_container_registry, -> { where(container_registry_enabled: true) }
  scope :inside_path, ->(path) do
    # We need routes alias rs for JOIN so it does not conflict with
    # includes(:route) which we use in ProjectsFinder.
@@ -2621,15 +2621,6 @@ class Project < ApplicationRecord
    !!read_attribute(:merge_requests_author_approval)
  end

-  def container_registry_enabled
-    if Feature.enabled?(:read_container_registry_access_level, self.namespace, default_enabled: :yaml)
-      project_feature.container_registry_enabled?
-    else
-      read_attribute(:container_registry_enabled)
-    end
-  end
-  alias_method :container_registry_enabled?, :container_registry_enabled
-
  def ci_forward_deployment_enabled?
    return false unless ci_cd_settings


--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -51,11 +51,7 @@ class ProjectPolicy < BasePolicy

  desc "Container registry is disabled"
  condition(:container_registry_disabled, scope: :subject) do
-    if ::Feature.enabled?(:read_container_registry_access_level, @subject&.namespace, default_enabled: :yaml)
-      !access_allowed_to?(:container_registry)
-    else
-      !project.container_registry_enabled
-    end
+    !access_allowed_to?(:container_registry)
  end

  desc "Project has an external wiki"

--- a/config/feature_flags/development/read_container_registry_access_level.yml
+++ b/config/feature_flags/development/read_container_registry_access_level.yml
---
-name: read_container_registry_access_level
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/55071
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/332751
-milestone: '14.0'
-type: development
-group: group::package
-default_enabled: false
--- a/lib/api/entities/project.rb
+++ b/lib/api/entities/project.rb
@@ -53,13 +53,7 @@ module API
      expose(:wiki_enabled) { |project, options| project.feature_available?(:wiki, options[:current_user]) }
      expose(:jobs_enabled) { |project, options| project.feature_available?(:builds, options[:current_user]) }
      expose(:snippets_enabled) { |project, options| project.feature_available?(:snippets, options[:current_user]) }
-      expose(:container_registry_enabled) do |project, options|
-        if ::Feature.enabled?(:read_container_registry_access_level, project.namespace, default_enabled: :yaml)
-          project.feature_available?(:container_registry, options[:current_user])
-        else
-          project.read_attribute(:container_registry_enabled)
-        end
-      end
+      expose(:container_registry_enabled) { |project, options| project.feature_available?(:container_registry, options[:current_user]) }
      expose :service_desk_enabled
      expose :service_desk_address


--- a/spec/models/container_repository_spec.rb
+++ b/spec/models/container_repository_spec.rb
@@ -321,13 +321,18 @@ RSpec.describe ContainerRepository do
    end

    context 'with a subgroup' do
-      let(:test_group) { create(:group) }
-      let(:another_project) { create(:project, path: 'test', group: test_group) }
+      let_it_be(:test_group) { create(:group) }
+      let_it_be(:another_project) { create(:project, path: 'test', group: test_group) }
+      let_it_be(:project3) { create(:project, path: 'test3', group: test_group, container_registry_enabled: false) }

-      let(:another_repository) do
+      let_it_be(:another_repository) do
        create(:container_repository, name: 'my_image', project: another_project)
      end

+      let_it_be(:repository3) do
+        create(:container_repository, name: 'my_image3', project: project3)
+      end
+
      before do
        group.parent = test_group
        group.save!
@@ -341,40 +346,6 @@ RSpec.describe ContainerRepository do

      it { is_expected.to eq([]) }
    end
-
-    context 'with read_container_registry_access_level disabled' do
-      before do
-        stub_feature_flags(read_container_registry_access_level: false)
-      end
-
-      context 'in a group' do
-        let(:test_group) { group }
-
-        it { is_expected.to contain_exactly(repository) }
-      end
-
-      context 'with a subgroup' do
-        let(:test_group) { create(:group) }
-        let(:another_project) { create(:project, path: 'test', group: test_group) }
-
-        let(:another_repository) do
-          create(:container_repository, name: 'my_image', project: another_project)
-        end
-
-        before do
-          group.parent = test_group
-          group.save!
-        end
-
-        it { is_expected.to contain_exactly(repository, another_repository) }
-      end
-
-      context 'group without container_repositories' do
-        let(:test_group) { create(:group) }
-
-        it { is_expected.to eq([]) }
-      end
-    end
  end

  describe '.search_by_name' do

--- a/spec/models/project_spec.rb
+++ b/spec/models/project_spec.rb
@@ -704,14 +704,6 @@ RSpec.describe Project, factory_default: :keep do
        let(:delegated_method) { :group_runners_enabled? }
      end
    end
-
-    context 'when read_container_registry_access_level is disabled' do
-      before do
-        stub_feature_flags(read_container_registry_access_level: false)
-      end
-
-      it { is_expected.not_to delegate_method(:container_registry_enabled?).to(:project_feature) }
-    end
  end

  describe 'reference methods' do
@@ -2455,20 +2447,6 @@ RSpec.describe Project, factory_default: :keep do
      expect(project.container_registry_enabled).to eq(false)
      expect(project.container_registry_enabled?).to eq(false)
    end
-
-    context 'with read_container_registry_access_level disabled' do
-      before do
-        stub_feature_flags(read_container_registry_access_level: false)
-      end
-
-      it 'reads project.container_registry_enabled' do
-        project.update_column(:container_registry_enabled, true)
-        project.project_feature.update_column(:container_registry_access_level, ProjectFeature::DISABLED)
-
-        expect(project.container_registry_enabled).to eq(true)
-        expect(project.container_registry_enabled?).to eq(true)
-      end
-    end
  end

  describe '#has_container_registry_tags?' do

--- a/spec/policies/project_policy_spec.rb
+++ b/spec/policies/project_policy_spec.rb
@@ -1558,73 +1558,6 @@ RSpec.describe ProjectPolicy do
        end
      end
    end
-
-    context 'with read_container_registry_access_level disabled' do
-      before do
-        stub_feature_flags(read_container_registry_access_level: false)
-      end
-
-      where(:project_visibility, :container_registry_enabled, :role, :allowed) do
-        :public   | true   | :maintainer | true
-        :public   | true   | :developer  | true
-        :public   | true   | :reporter   | true
-        :public   | true   | :guest      | true
-        :public   | true   | :anonymous  | true
-        :public   | false  | :maintainer | false
-        :public   | false  | :developer  | false
-        :public   | false  | :reporter   | false
-        :public   | false  | :guest      | false
-        :public   | false  | :anonymous  | false
-        :internal | true   | :maintainer | true
-        :internal | true   | :developer  | true
-        :internal | true   | :reporter   | true
-        :internal | true   | :guest      | true
-        :internal | true   | :anonymous  | false
-        :internal | false  | :maintainer | false
-        :internal | false  | :developer  | false
-        :internal | false  | :reporter   | false
-        :internal | false  | :guest      | false
-        :internal | false  | :anonymous  | false
-        :private  | true   | :maintainer | true
-        :private  | true   | :developer  | true
-        :private  | true   | :reporter   | true
-        :private  | true   | :guest      | false
-        :private  | true   | :anonymous  | false
-        :private  | false  | :maintainer | false
-        :private  | false  | :developer  | false
-        :private  | false  | :reporter   | false
-        :private  | false  | :guest      | false
-        :private  | false  | :anonymous  | false
-      end
-
-      with_them do
-        let(:current_user) { send(role) }
-        let(:project) { send("#{project_visibility}_project") }
-
-        it 'allows/disallows the abilities based on container_registry_enabled' do
-          project.update_column(:container_registry_enabled, container_registry_enabled)
-
-          if allowed
-            expect_allowed(*permissions_abilities(role))
-          else
-            expect_disallowed(*permissions_abilities(role))
-          end
-        end
-
-        def permissions_abilities(role)
-          case role
-          when :maintainer
-            maintainer_operations_permissions
-          when :developer
-            developer_operations_permissions
-          when :reporter, :guest, :anonymous
-            guest_operations_permissions
-          else
-            raise "Unknown role #{role}"
-          end
-        end
-      end
-    end
  end

  describe 'update_runners_registration_token' do

--- a/spec/requests/api/projects_spec.rb
+++ b/spec/requests/api/projects_spec.rb
@@ -230,20 +230,6 @@ RSpec.describe API::Projects do
        expect(project_response['container_registry_enabled']).to eq(false)
      end

-      it 'reads projects.container_registry_enabled when read_container_registry_access_level is disabled' do
-        stub_feature_flags(read_container_registry_access_level: false)
-
-        project.project_feature.update!(container_registry_access_level: ProjectFeature::DISABLED)
-        project.update_column(:container_registry_enabled, true)
-
-        get api('/projects', user)
-        project_response = json_response.find { |p| p['id'] == project.id }
-
-        expect(response).to have_gitlab_http_status(:ok)
-        expect(json_response).to be_an Array
-        expect(project_response['container_registry_enabled']).to eq(true)
-      end
-
      it 'includes project topics' do
        get api('/projects', user)