CVE ID Request button Feature Flag removal

ee/app/controllers/ee/projects/issues_controller.rb

@@ -14,10 +14,6 @@ module EE
           populate_vulnerability_id
         end
 
-        before_action only: :show do
-          push_frontend_feature_flag(:cve_id_request_button, project)
-        end
-
         before_action :redirect_if_test_case, only: [:show]
 
         feature_category :issue_tracking, [:delete_description_version, :description_diff]

ee/app/controllers/ee/projects_controller.rb

@@ -11,7 +11,6 @@ module EE
       before_action :log_unarchive_audit_event, only: [:unarchive]
 
       before_action only: :show do
-        push_frontend_feature_flag(:cve_id_request_button, project)
         enable_sast_entry_points_experiment
       end
 
@@ -82,13 +81,7 @@ module EE
 
     override :project_setting_attributes
     def project_setting_attributes
-      proj_setting_attrs = super + [:prevent_merge_without_jira_issue]
-
-      if ::Feature.enabled?(:cve_id_request_button, project)
-        proj_setting_attrs << :cve_id_request_enabled
-      end
-
-      proj_setting_attrs
+      super + [:prevent_merge_without_jira_issue, :cve_id_request_enabled]
     end
 
     def project_params_ee

ee/app/helpers/ee/projects_helper.rb

@@ -14,29 +14,19 @@ module EE
 
     override :project_permissions_settings
     def project_permissions_settings(project)
-      settings = super.merge(
-        requirementsAccessLevel: project.requirements_access_level
-      )
-
-      if ::Feature.enabled?(:cve_id_request_button, project)
-        settings[:cveIdRequestEnabled] = project.public? && project.project_setting.cve_id_request_enabled?
-      end
-
-      settings
+      super.merge({
+        requirementsAccessLevel: project.requirements_access_level,
+        cveIdRequestEnabled: (project.public? && project.project_setting.cve_id_request_enabled?)
+      })
     end
 
     override :project_permissions_panel_data
     def project_permissions_panel_data(project)
-      panel_data = super.merge(
-        requirementsAvailable: project.feature_available?(:requirements)
-      )
-
-      if ::Feature.enabled?(:cve_id_request_button, project)
-        panel_data[:requestCveAvailable] = ::Gitlab.com?
-        panel_data[:cveIdRequestHelpPath] = help_page_path('user/application_security/cve_id_request')
-      end
-
-      panel_data
+      super.merge({
+        requirementsAvailable: project.feature_available?(:requirements),
+        requestCveAvailable: ::Gitlab.com?,
+        cveIdRequestHelpPath: help_page_path('user/application_security/cve_id_request')
+      })
     end
 
     override :default_url_to_repo

ee/app/serializers/ee/issue_sidebar_basic_entity.rb

@@ -19,7 +19,7 @@ module EE
         end
       end
 
-      expose :request_cve_enabled_for_user, if: ->(issue) { ::Feature.enabled?(:cve_id_request_button, issue.project) } do |issue|
+      expose :request_cve_enabled_for_user do |issue|
         ::Gitlab.com? \
           && can?(current_user, :admin_project, issue.project) \
           && issue.project.public? \

ee/config/feature_flags/development/cve_id_request_button.yml

----
-name: cve_id_request_button
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/41203
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/299569
-milestone: '13.10'
-type: development
-group: group::vulnerability research
-default_enabled: false

ee/spec/controllers/projects_controller_spec.rb

@@ -298,6 +298,26 @@ RSpec.describe ProjectsController do
       end
     end
 
+    it 'updates cve_id_request_enabled' do
+      project.project_setting.cve_id_request_enabled = false
+      project.project_setting.save!
+
+      params = {
+        project_setting_attributes: {
+          cve_id_request_enabled: true
+        }
+      }
+      put :update,
+        params: {
+        namespace_id: project.namespace,
+        id: project,
+        project: params
+      }
+      project.reload
+
+      expect(project.project_setting.cve_id_request_enabled).to eq(true)
+    end
+
     context 'when merge_pipelines_enabled param is specified' do
       let(:params) { { merge_pipelines_enabled: true } }
 
@@ -565,35 +585,6 @@ RSpec.describe ProjectsController do
         end
       end
     end
-
-    context 'cve_id_request_button feature flag' do
-      where(feature_flag_enabled: [true, false])
-      with_them do
-        before do
-          stub_feature_flags(cve_id_request_button: feature_flag_enabled)
-        end
-
-        it 'handles setting cve_id_request_enabled' do
-          project.project_setting.cve_id_request_enabled = false
-          project.project_setting.save!
-
-          params = {
-            project_setting_attributes: {
-              cve_id_request_enabled: true
-            }
-          }
-          put :update,
-              params: {
-                namespace_id: project.namespace,
-                id: project,
-                project: params
-              }
-          project.reload
-
-          expect(project.project_setting.cve_id_request_enabled).to eq(feature_flag_enabled)
-        end
-      end
-    end
   end
 
   describe '#download_export' do

ee/spec/features/projects/settings/issues_settings_spec.rb

@@ -73,40 +73,21 @@ RSpec.describe 'Project settings > Issues', :js do
     end
   end
 
-  context 'when viewing CVE request settings with different :cve_id_request_button feature flag values' do
-    using RSpec::Parameterized::TableSyntax
-
-    where(:feature_flag_enabled, :should_show_toggle) do
-      true | true
-      false | false
-    end
-
-    with_them do
-      before do
-        stub_feature_flags(cve_id_request_button: feature_flag_enabled)
-
-        # setup the project so that it *should* be visible IF the feature flag
-        # were enabled
-        allow(::Gitlab).to receive(:com?).and_return(true)
+  context 'when viewing CVE request settings' do
+    before do
+      allow(::Gitlab).to receive(:com?).and_return(true)
 
-        vis_val = Gitlab::VisibilityLevel.const_get(:PUBLIC, false)
-        project.visibility_level = vis_val
-        project.save!
+      project.update_column(:visibility_level, Gitlab::VisibilityLevel::PUBLIC)
 
-        project_setting = project.project_setting
-        project_setting.cve_id_request_enabled = true
-        project_setting.save!
+      project_setting = project.project_setting
+      project_setting.cve_id_request_enabled = true
+      project_setting.save!
 
-        visit edit_project_path(project)
-      end
+      visit edit_project_path(project)
+    end
 
-      it 'CVE ID Request toggle should only be visible if the feature is enabled' do
-        if should_show_toggle
-          expect(page).to have_selector('[data-testid="cve_id_request_toggle"')
-        else
-          expect(page).not_to have_selector('[data-testid="cve_id_request_toggle"')
-        end
-      end
+    it 'CVE ID Request toggle should only be visible if the feature is enabled' do
+      expect(page).to have_selector('[data-testid="cve_id_request_toggle"')
     end
   end
 

ee/spec/helpers/projects_helper_spec.rb

@@ -318,27 +318,13 @@ RSpec.describe ProjectsHelper do
     it { is_expected.to include(expected_settings) }
 
     context 'cveIdRequestEnabled' do
-      context "with cve_id_request_button feature flag" do
-        where(feature_flag_enabled: [true, false])
-        with_them do
-          before do
-            stub_feature_flags(cve_id_request_button: feature_flag_enabled)
-          end
-
-          it 'includes cveIdRequestEnabled' do
-            expect(subject.key?(:cveIdRequestEnabled)).to eq(feature_flag_enabled)
-          end
-        end
-      end
-
-      where(:project_attrs, :cve_enabled, :expected) do
-        [:public]   | true  | true
-        [:public]   | false | false
-        [:internal] | true  | false
-        [:private]  | true  | false
+      where(:project_attrs, :expected) do
+        [:public]   | true
+        [:internal] | false
+        [:private]  | false
       end
       with_them do
-        let(:project) { create(:project, :with_cve_request, *project_attrs, cve_request_enabled: cve_enabled) }
+        let(:project) { create(:project, :with_cve_request, *project_attrs) }
         subject { helper.project_permissions_settings(project) }
 
         it 'has the correct cveIdRequestEnabled value' do
@@ -375,19 +361,6 @@ RSpec.describe ProjectsHelper do
         end
       end
     end
-
-    context "with cve_id_request_button feature flag" do
-      where(feature_flag_enabled: [true, false])
-      with_them do
-        before do
-          stub_feature_flags(cve_id_request_button: feature_flag_enabled)
-        end
-
-        it 'includes requestCveAvailable' do
-          expect(subject.key?(:requestCveAvailable)).to eq(feature_flag_enabled)
-        end
-      end
-    end
   end
 
   describe '#approvals_app_data' do

ee/spec/serializers/ee/issue_sidebar_basic_entity_spec.rb

@@ -10,7 +10,7 @@ RSpec.describe EE::IssueSidebarBasicEntity do
   let(:subject) { IssueSerializer.new(current_user: user, project: project) }
 
   context "When serializing" do
-    context "with the cve_id_request_button feature flag enabled" do
+    context "with the cve_id_request_button" do
       using RSpec::Parameterized::TableSyntax
 
       where(:is_gitlab_com, :is_public, :is_admin, :expected_value) do
@@ -25,25 +25,13 @@ RSpec.describe EE::IssueSidebarBasicEntity do
           allow(issue.project).to receive(:public?).and_return(is_public)
           issue.project.add_maintainer(user) if is_admin
           allow(Gitlab).to receive(:com?).and_return(is_gitlab_com)
-          stub_feature_flags(cve_id_request_button: true)
         end
 
-        it 'uses the value from request_cve_enabled_for_user when the feature flag is on' do
+        it 'uses the value from request_cve_enabled_for_user' do
           data = subject.represent(issue, serializer: 'sidebar')
           expect(data[:request_cve_enabled_for_user]).to eq(expected_value)
         end
       end
     end
-
-    context "with the cve_id_request_button feature flag disabled" do
-      before do
-        stub_feature_flags(cve_id_request_button: false)
-      end
-
-      it 'does not use the value from request_cve_enabled_for_user when the feature flag is off' do
-        data = subject.represent(issue, serializer: 'sidebar')
-        expect(data).not_to include(:request_cve_enabled_for_user)
-      end
-    end
   end
 end