Commit ed3074d8 authored by Jannik Lehmann's avatar Jannik Lehmann Committed by Kerri Miller

Remove security & compliance config page feature flag

This commit solves
https://gitlab.com/gitlab-org/gitlab/-/issues/294084
It removes the
secure_security_and_compliance_configuration_page_on_ce flag
parent 3a54e151
...@@ -84,11 +84,6 @@ export default { ...@@ -84,11 +84,6 @@ export default {
required: false, required: false,
default: false, default: false,
}, },
securityAndComplianceAvailable: {
type: Boolean,
required: false,
default: false,
},
visibilityHelpPath: { visibilityHelpPath: {
type: String, type: String,
required: false, required: false,
...@@ -595,7 +590,6 @@ export default { ...@@ -595,7 +590,6 @@ export default {
/> />
</project-setting-row> </project-setting-row>
<project-setting-row <project-setting-row
v-if="securityAndComplianceAvailable"
:label="s__('ProjectSettings|Security & Compliance')" :label="s__('ProjectSettings|Security & Compliance')"
:help-text="s__('ProjectSettings|Security & Compliance for this project')" :help-text="s__('ProjectSettings|Security & Compliance for this project')"
> >
......
...@@ -8,16 +8,8 @@ module Projects ...@@ -8,16 +8,8 @@ module Projects
feature_category :static_application_security_testing feature_category :static_application_security_testing
def show def show
return render_404 unless feature_enabled?
render_403 unless can?(current_user, :read_security_configuration, project) render_403 unless can?(current_user, :read_security_configuration, project)
end end
private
def feature_enabled?
::Feature.enabled?(:secure_security_and_compliance_configuration_page_on_ce, @project, default_enabled: :yaml)
end
end end
end end
end end
......
...@@ -379,15 +379,10 @@ module ProjectsHelper ...@@ -379,15 +379,10 @@ module ProjectsHelper
private private
def can_read_security_configuration?(project, current_user) def can_read_security_configuration?(project, current_user)
show_security_and_compliance_config? &&
can?(current_user, :access_security_and_compliance, project) && can?(current_user, :access_security_and_compliance, project) &&
can?(current_user, :read_security_configuration, project) can?(current_user, :read_security_configuration, project)
end end
def show_security_and_compliance_config?
::Feature.enabled?(:secure_security_and_compliance_configuration_page_on_ce, @subject, default_enabled: :yaml)
end
def get_project_security_nav_tabs(project, current_user) def get_project_security_nav_tabs(project, current_user)
if can_read_security_configuration?(project, current_user) if can_read_security_configuration?(project, current_user)
[:security_and_compliance, :security_configuration] [:security_and_compliance, :security_configuration]
...@@ -674,13 +669,10 @@ module ProjectsHelper ...@@ -674,13 +669,10 @@ module ProjectsHelper
pagesAvailable: Gitlab.config.pages.enabled, pagesAvailable: Gitlab.config.pages.enabled,
pagesAccessControlEnabled: Gitlab.config.pages.access_control, pagesAccessControlEnabled: Gitlab.config.pages.access_control,
pagesAccessControlForced: ::Gitlab::Pages.access_control_is_forced?, pagesAccessControlForced: ::Gitlab::Pages.access_control_is_forced?,
pagesHelpPath: help_page_path('user/project/pages/introduction', anchor: 'gitlab-pages-access-control'), pagesHelpPath: help_page_path('user/project/pages/introduction', anchor: 'gitlab-pages-access-control')
securityAndComplianceAvailable: show_security_and_compliance_toggle?
} }
end end
alias_method :show_security_and_compliance_toggle?, :show_security_and_compliance_config?
def project_permissions_panel_data_json(project) def project_permissions_panel_data_json(project)
project_permissions_panel_data(project).to_json.html_safe project_permissions_panel_data(project).to_json.html_safe
end end
......
---
title: Remove security & compliance config page feature flag
merge_request: 56219
author:
type: changed
---
name: secure_security_and_compliance_configuration_page_on_ce
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/50282
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/294076
milestone: '13.9'
type: development
group: group::static analysis
default_enabled: false
...@@ -10,12 +10,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w ...@@ -10,12 +10,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/20711) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.6. **(ULTIMATE)** > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/20711) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.6. **(ULTIMATE)**
> - SAST configuration was [enabled](https://gitlab.com/groups/gitlab-org/-/epics/3659) in 13.3 and [improved](https://gitlab.com/gitlab-org/gitlab/-/issues/232862) in 13.4. **(ULTIMATE)** > - SAST configuration was [enabled](https://gitlab.com/groups/gitlab-org/-/epics/3659) in 13.3 and [improved](https://gitlab.com/gitlab-org/gitlab/-/issues/232862) in 13.4. **(ULTIMATE)**
> - DAST Profiles feature was [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/40474) in 13.4. **(ULTIMATE)** > - DAST Profiles feature was [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/40474) in 13.4. **(ULTIMATE)**
> - A simplified version was made [available in all tiers](https://gitlab.com/gitlab-org/gitlab/-/issues/294076) in GitLab 13.9. **(FREE)** > - A simplified version was made [available in all tiers](https://gitlab.com/gitlab-org/gitlab/-/issues/294076) in GitLab 13.9.
> - It's [deployed behind a feature flag](../../feature_flags.md), disabled by default.
> - It's enabled on GitLab.com.
> - It's recommended for production use.
> - For GitLab self-managed instances, GitLab administrators can opt to [enable it](#enable-or-disable-security-configuration). **(FREE SELF)**
> - It can be enabled or disabled for a single project.
WARNING: WARNING:
This feature might not be available to you. Check the **version history** note above for details. This feature might not be available to you. Check the **version history** note above for details.
...@@ -54,25 +49,3 @@ You can configure the following security controls: ...@@ -54,25 +49,3 @@ You can configure the following security controls:
- Click either **Enable** or **Configure** to use SAST for the current project. For more details, see [Configure SAST in the UI](../sast/index.md#configure-sast-in-the-ui). - Click either **Enable** or **Configure** to use SAST for the current project. For more details, see [Configure SAST in the UI](../sast/index.md#configure-sast-in-the-ui).
- DAST Profiles - DAST Profiles
- Click **Manage** to manage the available DAST profiles used for on-demand scans. For more details, see [DAST on-demand scans](../dast/index.md#on-demand-scans). - Click **Manage** to manage the available DAST profiles used for on-demand scans. For more details, see [DAST on-demand scans](../dast/index.md#on-demand-scans).
### Enable or disable Security Configuration **(FREE SELF)**
Security Configuration is under development but ready for production use.
It is deployed behind a feature flag that is **disabled by default**.
[GitLab administrators with access to the GitLab Rails console](../../../administration/feature_flags.md)
can opt to enable it.
NOTE:
This does not apply to GitLab Ultimate.
To enable it:
```ruby
Feature.enable(:secure_security_and_compliance_configuration_page_on_ce)
```
To disable it:
```ruby
Feature.disable(:secure_security_and_compliance_configuration_page_on_ce)
```
...@@ -82,11 +82,6 @@ module EE ...@@ -82,11 +82,6 @@ module EE
panel_data panel_data
end end
override :show_security_and_compliance_toggle?
def show_security_and_compliance_toggle?
super || show_audit_events?(@project)
end
override :default_url_to_repo override :default_url_to_repo
def default_url_to_repo(project = @project) def default_url_to_repo(project = @project)
case default_clone_protocol case default_clone_protocol
......
...@@ -21,21 +21,16 @@ RSpec.describe Projects::Security::ConfigurationController do ...@@ -21,21 +21,16 @@ RSpec.describe Projects::Security::ConfigurationController do
render_views render_views
where(:user_role, :security_dashboard_enabled, :ce_flag_enabled, :status, :selector) do where(:user_role, :security_dashboard_enabled, :status, :selector) do
:guest | false | false | :not_found | nil :guest | false | :forbidden | nil
:guest | false | true | :forbidden | nil :guest | true | :forbidden | nil
:guest | true | false | :not_found | nil :developer | false | :ok | '#js-security-configuration-static'
:guest | true | true | :forbidden | nil :developer | true | :ok | '#js-security-configuration'
:developer | false | false | :not_found | nil
:developer | false | true | :ok | '#js-security-configuration-static'
:developer | true | false | :ok | '#js-security-configuration'
:developer | true | true | :ok | '#js-security-configuration'
end end
with_them do with_them do
before do before do
stub_licensed_features(security_dashboard: security_dashboard_enabled) stub_licensed_features(security_dashboard: security_dashboard_enabled)
stub_feature_flags(secure_security_and_compliance_configuration_page_on_ce: ce_flag_enabled)
group.send("add_#{user_role}", user) group.send("add_#{user_role}", user)
sign_in(user) sign_in(user)
end end
...@@ -57,20 +52,7 @@ RSpec.describe Projects::Security::ConfigurationController do ...@@ -57,20 +52,7 @@ RSpec.describe Projects::Security::ConfigurationController do
end end
context 'with developer and security dashboard feature enabled' do context 'with developer and security dashboard feature enabled' do
let(:flag) { :secure_security_and_compliance_configuration_page_on_ce }
# The tests in this context should be unaffected by this feature flag,
# and should behave identically whether this is enabled or disabled.
where(:flag_enabled) do
[
[true],
[false]
]
end
with_them do
before do before do
stub_feature_flags(flag => flag_enabled)
stub_licensed_features(security_dashboard: true) stub_licensed_features(security_dashboard: true)
group.add_developer(user) group.add_developer(user)
...@@ -126,7 +108,6 @@ RSpec.describe Projects::Security::ConfigurationController do ...@@ -126,7 +108,6 @@ RSpec.describe Projects::Security::ConfigurationController do
end end
end end
end end
end
describe 'POST #auto_fix' do describe 'POST #auto_fix' do
subject(:request) { post :auto_fix, params: params } subject(:request) { post :auto_fix, params: params }
......
...@@ -604,7 +604,7 @@ RSpec.describe ProjectsHelper do ...@@ -604,7 +604,7 @@ RSpec.describe ProjectsHelper do
using RSpec::Parameterized::TableSyntax using RSpec::Parameterized::TableSyntax
let(:user) { instance_double(User, admin?: false) } let(:user) { instance_double(User, admin?: false) }
let(:expected_data) { { requirementsAvailable: false, securityAndComplianceAvailable: true } } let(:expected_data) { { requirementsAvailable: false } }
subject { helper.project_permissions_panel_data(project) } subject { helper.project_permissions_panel_data(project) }
......
...@@ -13,19 +13,6 @@ RSpec.describe Projects::Security::ConfigurationController do ...@@ -13,19 +13,6 @@ RSpec.describe Projects::Security::ConfigurationController do
end end
describe 'GET show' do describe 'GET show' do
context 'when feature flag is disabled' do
before do
stub_feature_flags(secure_security_and_compliance_configuration_page_on_ce: false)
end
it 'renders not found' do
get :show, params: { namespace_id: project.namespace, project_id: project }
expect(response).to have_gitlab_http_status(:not_found)
end
end
context 'when feature flag is enabled' do
context 'when user has guest access' do context 'when user has guest access' do
before do before do
project.add_guest(user) project.add_guest(user)
...@@ -51,5 +38,4 @@ RSpec.describe Projects::Security::ConfigurationController do ...@@ -51,5 +38,4 @@ RSpec.describe Projects::Security::ConfigurationController do
end end
end end
end end
end
end end
...@@ -401,42 +401,22 @@ RSpec.describe ProjectsHelper do ...@@ -401,42 +401,22 @@ RSpec.describe ProjectsHelper do
context 'Security & Compliance tabs' do context 'Security & Compliance tabs' do
before do before do
stub_feature_flags(secure_security_and_compliance_configuration_page_on_ce: feature_flag_enabled)
allow(helper).to receive(:can?).with(user, :read_security_configuration, project).and_return(can_read_security_configuration) allow(helper).to receive(:can?).with(user, :read_security_configuration, project).and_return(can_read_security_configuration)
end end
context 'when user cannot read security configuration' do context 'when user cannot read security configuration' do
let(:can_read_security_configuration) { false } let(:can_read_security_configuration) { false }
context 'when feature flag is disabled' do
let(:feature_flag_enabled) { false }
it { is_expected.not_to include(:security_configuration) } it { is_expected.not_to include(:security_configuration) }
end end
context 'when feature flag is enabled' do
let(:feature_flag_enabled) { true }
it { is_expected.not_to include(:security_configuration) }
end
end
context 'when user can read security configuration' do context 'when user can read security configuration' do
let(:can_read_security_configuration) { true } let(:can_read_security_configuration) { true }
context 'when feature flag is disabled' do
let(:feature_flag_enabled) { false }
it { is_expected.not_to include(:security_configuration) }
end
context 'when feature flag is enabled' do
let(:feature_flag_enabled) { true } let(:feature_flag_enabled) { true }
it { is_expected.to include(:security_configuration) } it { is_expected.to include(:security_configuration) }
end end
end end
end
context 'when builds feature is enabled' do context 'when builds feature is enabled' do
before do before do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment