Remove security & compliance config page feature flag

This commit solves https://gitlab.com/gitlab-org/gitlab/-/issues/294084 It removes the secure_security_and_compliance_configuration_page_on_ce flag

Remove security & compliance config page feature flag
This commit solves https://gitlab.com/gitlab-org/gitlab/-/issues/294084 It removes the secure_security_and_compliance_configuration_page_on_ce flag
ed3074d8 · Jannik Lehmann · Kerri Miller · 3a54e151 · ed3074d8 · ed3074d8
Commit ed3074d8 authored Mar 12, 2021 by Jannik Lehmann Committed by Kerri Miller Mar 12, 2021
11 changed files
--- a/app/assets/javascripts/pages/projects/shared/permissions/components/settings_panel.vue
+++ b/app/assets/javascripts/pages/projects/shared/permissions/components/settings_panel.vue
@@ -84,11 +84,6 @@ export default {
      required: false,
      default: false,
    },
-    securityAndComplianceAvailable: {
-      type: Boolean,
-      required: false,
-      default: false,
-    },
    visibilityHelpPath: {
      type: String,
      required: false,
@@ -595,7 +590,6 @@ export default {
        />
      </project-setting-row>
      <project-setting-row
-        v-if="securityAndComplianceAvailable"
        :label="s__('ProjectSettings|Security & Compliance')"
        :help-text="s__('ProjectSettings|Security & Compliance for this project')"
      >

--- a/app/controllers/projects/security/configuration_controller.rb
+++ b/app/controllers/projects/security/configuration_controller.rb
@@ -8,16 +8,8 @@ module Projects
      feature_category :static_application_security_testing

      def show
-        return render_404 unless feature_enabled?
-
        render_403 unless can?(current_user, :read_security_configuration, project)
      end
-
-      private
-
-      def feature_enabled?
-        ::Feature.enabled?(:secure_security_and_compliance_configuration_page_on_ce, @project, default_enabled: :yaml)
-      end
    end
  end
 end

--- a/app/helpers/projects_helper.rb
+++ b/app/helpers/projects_helper.rb
@@ -379,15 +379,10 @@ module ProjectsHelper
  private

  def can_read_security_configuration?(project, current_user)
-    show_security_and_compliance_config? &&
    can?(current_user, :access_security_and_compliance, project) &&
    can?(current_user, :read_security_configuration, project)
  end

-  def show_security_and_compliance_config?
-    ::Feature.enabled?(:secure_security_and_compliance_configuration_page_on_ce, @subject, default_enabled: :yaml)
-  end
-
  def get_project_security_nav_tabs(project, current_user)
    if can_read_security_configuration?(project, current_user)
      [:security_and_compliance, :security_configuration]
@@ -674,13 +669,10 @@ module ProjectsHelper
      pagesAvailable: Gitlab.config.pages.enabled,
      pagesAccessControlEnabled: Gitlab.config.pages.access_control,
      pagesAccessControlForced: ::Gitlab::Pages.access_control_is_forced?,
-      pagesHelpPath: help_page_path('user/project/pages/introduction', anchor: 'gitlab-pages-access-control'),
-      securityAndComplianceAvailable: show_security_and_compliance_toggle?
+      pagesHelpPath: help_page_path('user/project/pages/introduction', anchor: 'gitlab-pages-access-control')
    }
  end

-  alias_method :show_security_and_compliance_toggle?, :show_security_and_compliance_config?
-
  def project_permissions_panel_data_json(project)
    project_permissions_panel_data(project).to_json.html_safe
  end

--- a/changelogs/unreleased/remove-secure_security_and_compliance_configuration_page_on_ce-flag.yml
+++ b/changelogs/unreleased/remove-secure_security_and_compliance_configuration_page_on_ce-flag.yml
+---
+title: Remove security & compliance config page feature flag
+merge_request: 56219
+author:
+type: changed
--- a/config/feature_flags/development/secure_security_and_compliance_configuration_page_on_ce.yml
+++ b/config/feature_flags/development/secure_security_and_compliance_configuration_page_on_ce.yml
---
-name: secure_security_and_compliance_configuration_page_on_ce
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/50282
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/294076
-milestone: '13.9'
-type: development
-group: group::static analysis
-default_enabled: false
--- a/doc/user/application_security/configuration/index.md
+++ b/doc/user/application_security/configuration/index.md
@@ -10,12 +10,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/20711) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.6. **(ULTIMATE)**
 > - SAST configuration was [enabled](https://gitlab.com/groups/gitlab-org/-/epics/3659) in 13.3 and [improved](https://gitlab.com/gitlab-org/gitlab/-/issues/232862) in 13.4. **(ULTIMATE)**
 > - DAST Profiles feature was [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/40474) in 13.4. **(ULTIMATE)**
-> - A simplified version was made [available in all tiers](https://gitlab.com/gitlab-org/gitlab/-/issues/294076) in GitLab 13.9. **(FREE)**
-> - It's [deployed behind a feature flag](../../feature_flags.md), disabled by default.
-> - It's enabled on GitLab.com.
-> - It's recommended for production use.
-> - For GitLab self-managed instances, GitLab administrators can opt to [enable it](#enable-or-disable-security-configuration). **(FREE SELF)**
-> - It can be enabled or disabled for a single project.
+> - A simplified version was made [available in all tiers](https://gitlab.com/gitlab-org/gitlab/-/issues/294076) in GitLab 13.9.

 WARNING:
 This feature might not be available to you. Check the **version history** note above for details.
@@ -54,25 +49,3 @@ You can configure the following security controls:
  - Click either **Enable** or **Configure** to use SAST for the current project. For more details, see [Configure SAST in the UI](../sast/index.md#configure-sast-in-the-ui).
 - DAST Profiles
  - Click **Manage** to manage the available DAST profiles used for on-demand scans. For more details, see [DAST on-demand scans](../dast/index.md#on-demand-scans).
-
-### Enable or disable Security Configuration **(FREE SELF)**
-
-Security Configuration is under development but ready for production use.
-It is deployed behind a feature flag that is **disabled by default**.
-[GitLab administrators with access to the GitLab Rails console](../../../administration/feature_flags.md)
-can opt to enable it.
-
-NOTE:
-This does not apply to GitLab Ultimate.
-
-To enable it:
-
-```ruby
-Feature.enable(:secure_security_and_compliance_configuration_page_on_ce)
-```
-
-To disable it:
-
-```ruby
-Feature.disable(:secure_security_and_compliance_configuration_page_on_ce)
-```
--- a/ee/app/helpers/ee/projects_helper.rb
+++ b/ee/app/helpers/ee/projects_helper.rb
@@ -82,11 +82,6 @@ module EE
      panel_data
    end

-    override :show_security_and_compliance_toggle?
-    def show_security_and_compliance_toggle?
-      super || show_audit_events?(@project)
-    end
-
    override :default_url_to_repo
    def default_url_to_repo(project = @project)
      case default_clone_protocol

--- a/ee/spec/controllers/projects/security/configuration_controller_spec.rb
+++ b/ee/spec/controllers/projects/security/configuration_controller_spec.rb
@@ -21,21 +21,16 @@ RSpec.describe Projects::Security::ConfigurationController do

    render_views

-    where(:user_role, :security_dashboard_enabled, :ce_flag_enabled, :status, :selector) do
-      :guest     | false | false | :not_found | nil
-      :guest     | false | true  | :forbidden | nil
-      :guest     | true  | false | :not_found | nil
-      :guest     | true  | true  | :forbidden | nil
-      :developer | false | false | :not_found | nil
-      :developer | false | true  | :ok        | '#js-security-configuration-static'
-      :developer | true  | false | :ok        | '#js-security-configuration'
-      :developer | true  | true  | :ok        | '#js-security-configuration'
+    where(:user_role, :security_dashboard_enabled, :status, :selector) do
+      :guest     | false | :forbidden | nil
+      :guest     | true  | :forbidden | nil
+      :developer | false | :ok        | '#js-security-configuration-static'
+      :developer | true  | :ok        | '#js-security-configuration'
    end

    with_them do
      before do
        stub_licensed_features(security_dashboard: security_dashboard_enabled)
-        stub_feature_flags(secure_security_and_compliance_configuration_page_on_ce: ce_flag_enabled)
        group.send("add_#{user_role}", user)
        sign_in(user)
      end
@@ -57,20 +52,7 @@ RSpec.describe Projects::Security::ConfigurationController do
    end

    context 'with developer and security dashboard feature enabled' do
-      let(:flag) { :secure_security_and_compliance_configuration_page_on_ce }
-
-      # The tests in this context should be unaffected by this feature flag,
-      # and should behave identically whether this is enabled or disabled.
-      where(:flag_enabled) do
-        [
-          [true],
-          [false]
-        ]
-      end
-
-      with_them do
      before do
-          stub_feature_flags(flag => flag_enabled)
        stub_licensed_features(security_dashboard: true)

        group.add_developer(user)
@@ -126,7 +108,6 @@ RSpec.describe Projects::Security::ConfigurationController do
      end
    end
  end
-  end

  describe 'POST #auto_fix' do
    subject(:request) { post :auto_fix, params: params }

--- a/ee/spec/helpers/projects_helper_spec.rb
+++ b/ee/spec/helpers/projects_helper_spec.rb
@@ -604,7 +604,7 @@ RSpec.describe ProjectsHelper do
    using RSpec::Parameterized::TableSyntax

    let(:user) { instance_double(User, admin?: false) }
-    let(:expected_data) { { requirementsAvailable: false, securityAndComplianceAvailable: true } }
+    let(:expected_data) { { requirementsAvailable: false } }

    subject { helper.project_permissions_panel_data(project) }


--- a/spec/controllers/projects/security/configuration_controller_spec.rb
+++ b/spec/controllers/projects/security/configuration_controller_spec.rb
@@ -13,19 +13,6 @@ RSpec.describe Projects::Security::ConfigurationController do
  end

  describe 'GET show' do
-    context 'when feature flag is disabled' do
-      before do
-        stub_feature_flags(secure_security_and_compliance_configuration_page_on_ce: false)
-      end
-
-      it 'renders not found' do
-        get :show, params: { namespace_id: project.namespace, project_id: project }
-
-        expect(response).to have_gitlab_http_status(:not_found)
-      end
-    end
-
-    context 'when feature flag is enabled' do
    context 'when user has guest access' do
      before do
        project.add_guest(user)
@@ -51,5 +38,4 @@ RSpec.describe Projects::Security::ConfigurationController do
      end
    end
  end
-  end
 end
--- a/spec/helpers/projects_helper_spec.rb
+++ b/spec/helpers/projects_helper_spec.rb
@@ -401,42 +401,22 @@ RSpec.describe ProjectsHelper do

    context 'Security & Compliance tabs' do
      before do
-        stub_feature_flags(secure_security_and_compliance_configuration_page_on_ce: feature_flag_enabled)
        allow(helper).to receive(:can?).with(user, :read_security_configuration, project).and_return(can_read_security_configuration)
      end

      context 'when user cannot read security configuration' do
        let(:can_read_security_configuration) { false }

-        context 'when feature flag is disabled' do
-          let(:feature_flag_enabled) { false }
-
        it { is_expected.not_to include(:security_configuration) }
      end

-        context 'when feature flag is enabled' do
-          let(:feature_flag_enabled) { true }
-
-          it { is_expected.not_to include(:security_configuration) }
-        end
-      end
-
      context 'when user can read security configuration' do
        let(:can_read_security_configuration) { true }
-
-        context 'when feature flag is disabled' do
-          let(:feature_flag_enabled) { false }
-
-          it { is_expected.not_to include(:security_configuration) }
-        end
-
-        context 'when feature flag is enabled' do
        let(:feature_flag_enabled) { true }

        it { is_expected.to include(:security_configuration) }
      end
    end
-    end

    context 'when builds feature is enabled' do
      before do