Release vulnerability report identifier filter for group level

Remove the feature flag definition and related code. Changelog: other EE: true

Release vulnerability report identifier filter for group level
022bbec4 · Savas Vedova · da1e86ff · 022bbec4 · 022bbec4 · 022bbec4
Verified Commit 022bbec4 authored 2 weeks ago by Savas Vedova
--- a/doc/api/graphql/reference/_index.md
+++ b/doc/api/graphql/reference/_index.md
@@ -1547,7 +1547,7 @@ four standard [pagination arguments](#pagination-arguments):
 | <a id="queryvulnerabilitieshasmergerequest"></a>`hasMergeRequest` | [`Boolean`](#boolean) | Returns only the vulnerabilities which have linked merge requests. |
 | <a id="queryvulnerabilitieshasremediations"></a>`hasRemediations` | [`Boolean`](#boolean) | Returns only the vulnerabilities which have remediations. |
 | <a id="queryvulnerabilitieshasresolution"></a>`hasResolution` | [`Boolean`](#boolean) | Returns only the vulnerabilities which have been resolved on default branch. |
-| <a id="queryvulnerabilitiesidentifiername"></a>`identifierName` | [`String`](#string) | Filter vulnerabilities by identifier name. Applicable on group level when feature flag `vulnerability_filtering_by_identifier_group` is enabled. Ignored when applied on instance security dashboard queries. |
+| <a id="queryvulnerabilitiesidentifiername"></a>`identifierName` | [`String`](#string) | Filter vulnerabilities by identifier name. Ignored when applied on instance security dashboard queries. |
 | <a id="queryvulnerabilitiesimage"></a>`image` | [`[String!]`](#string) | Filter vulnerabilities by location image. When this filter is present, the response only matches entries for a `reportType` that includes `container_scanning`, `cluster_image_scanning`. |
 | <a id="queryvulnerabilitiesowasptopten"></a>`owaspTopTen` | [`[VulnerabilityOwaspTop10!]`](#vulnerabilityowasptop10) | Filter vulnerabilities by OWASP Top 10 category. Wildcard value "NONE" also supported and it cannot be combined with other OWASP top 10 values. |
 | <a id="queryvulnerabilitiesprojectid"></a>`projectId` | [`[ID!]`](#id) | Filter vulnerabilities by project. |
@@ -27636,7 +27636,7 @@ four standard [pagination arguments](#pagination-arguments):
 | <a id="groupvulnerabilitieshasmergerequest"></a>`hasMergeRequest` | [`Boolean`](#boolean) | Returns only the vulnerabilities which have linked merge requests. |
 | <a id="groupvulnerabilitieshasremediations"></a>`hasRemediations` | [`Boolean`](#boolean) | Returns only the vulnerabilities which have remediations. |
 | <a id="groupvulnerabilitieshasresolution"></a>`hasResolution` | [`Boolean`](#boolean) | Returns only the vulnerabilities which have been resolved on default branch. |
-| <a id="groupvulnerabilitiesidentifiername"></a>`identifierName` | [`String`](#string) | Filter vulnerabilities by identifier name. Applicable on group level when feature flag `vulnerability_filtering_by_identifier_group` is enabled. Ignored when applied on instance security dashboard queries. |
+| <a id="groupvulnerabilitiesidentifiername"></a>`identifierName` | [`String`](#string) | Filter vulnerabilities by identifier name. Ignored when applied on instance security dashboard queries. |
 | <a id="groupvulnerabilitiesimage"></a>`image` | [`[String!]`](#string) | Filter vulnerabilities by location image. When this filter is present, the response only matches entries for a `reportType` that includes `container_scanning`, `cluster_image_scanning`. |
 | <a id="groupvulnerabilitiesowasptopten"></a>`owaspTopTen` | [`[VulnerabilityOwaspTop10!]`](#vulnerabilityowasptop10) | Filter vulnerabilities by OWASP Top 10 category. Wildcard value "NONE" also supported and it cannot be combined with other OWASP top 10 values. |
 | <a id="groupvulnerabilitiesprojectid"></a>`projectId` | [`[ID!]`](#id) | Filter vulnerabilities by project. |
@@ -27679,12 +27679,7 @@ Returns [`[VulnerableProjectsByGrade!]`](#vulnerableprojectsbygrade).
  
 ##### `Group.vulnerabilityIdentifierSearch`
  
-Search for vulnerabilities by identifier. Feature flag `vulnerability_filtering_by_identifier_group` has to be enabled for the group.
-
-{{< details >}}
-**Introduced** in GitLab 17.8.
-**Status**: Experiment.
-{{< /details >}}
+Search for vulnerabilities by identifier.
  
 Returns [`[String!]`](#string).
  
@@ -27734,7 +27729,7 @@ Returns [`VulnerabilitySeveritiesCount`](#vulnerabilityseveritiescount).
 | <a id="groupvulnerabilityseveritiescounthasmergerequest"></a>`hasMergeRequest` | [`Boolean`](#boolean) | Filter vulnerabilities that do or do not have a merge request. |
 | <a id="groupvulnerabilityseveritiescounthasremediations"></a>`hasRemediations` | [`Boolean`](#boolean) | Filter vulnerabilities that do or do not have remediations. |
 | <a id="groupvulnerabilityseveritiescounthasresolution"></a>`hasResolution` | [`Boolean`](#boolean) | Filter vulnerabilities that do or do not have a resolution. |
-| <a id="groupvulnerabilityseveritiescountidentifiername"></a>`identifierName` {{< icon name="warning-solid" >}} | [`String`](#string) | **Introduced** in GitLab 17.7. **Status**: Experiment. Filter vulnerabilities by identifier name. Applicable on group level when feature flag `vulnerability_filtering_by_identifier_group` is enabled. Ignored when applied on instance security dashboard queries. |
+| <a id="groupvulnerabilityseveritiescountidentifiername"></a>`identifierName` {{< icon name="warning-solid" >}} | [`String`](#string) | **Introduced** in GitLab 17.7. **Status**: Experiment. Filter vulnerabilities by identifier name. Ignored when applied on instance security dashboard queries. |
 | <a id="groupvulnerabilityseveritiescountimage"></a>`image` | [`[String!]`](#string) | Filter vulnerabilities by location image. When this filter is present, the response only matches entries for a `reportType` that includes `container_scanning`, `cluster_image_scanning`. |
 | <a id="groupvulnerabilityseveritiescountowasptopten"></a>`owaspTopTen` | [`[VulnerabilityOwaspTop10!]`](#vulnerabilityowasptop10) | Filter vulnerabilities by OWASP Top 10 category. Wildcard value "NONE" also supported and it cannot be combined with other OWASP top 10 values. |
 | <a id="groupvulnerabilityseveritiescountprojectid"></a>`projectId` | [`[ID!]`](#id) | Filter vulnerabilities by project. |
@@ -28511,7 +28506,7 @@ Returns [`VulnerabilitySeveritiesCount`](#vulnerabilityseveritiescount).
 | <a id="instancesecuritydashboardvulnerabilityseveritiescounthasmergerequest"></a>`hasMergeRequest` | [`Boolean`](#boolean) | Filter vulnerabilities that do or do not have a merge request. |
 | <a id="instancesecuritydashboardvulnerabilityseveritiescounthasremediations"></a>`hasRemediations` | [`Boolean`](#boolean) | Filter vulnerabilities that do or do not have remediations. |
 | <a id="instancesecuritydashboardvulnerabilityseveritiescounthasresolution"></a>`hasResolution` | [`Boolean`](#boolean) | Filter vulnerabilities that do or do not have a resolution. |
-| <a id="instancesecuritydashboardvulnerabilityseveritiescountidentifiername"></a>`identifierName` {{< icon name="warning-solid" >}} | [`String`](#string) | **Introduced** in GitLab 17.7. **Status**: Experiment. Filter vulnerabilities by identifier name. Applicable on group level when feature flag `vulnerability_filtering_by_identifier_group` is enabled. Ignored when applied on instance security dashboard queries. |
+| <a id="instancesecuritydashboardvulnerabilityseveritiescountidentifiername"></a>`identifierName` {{< icon name="warning-solid" >}} | [`String`](#string) | **Introduced** in GitLab 17.7. **Status**: Experiment. Filter vulnerabilities by identifier name. Ignored when applied on instance security dashboard queries. |
 | <a id="instancesecuritydashboardvulnerabilityseveritiescountimage"></a>`image` | [`[String!]`](#string) | Filter vulnerabilities by location image. When this filter is present, the response only matches entries for a `reportType` that includes `container_scanning`, `cluster_image_scanning`. |
 | <a id="instancesecuritydashboardvulnerabilityseveritiescountowasptopten"></a>`owaspTopTen` | [`[VulnerabilityOwaspTop10!]`](#vulnerabilityowasptop10) | Filter vulnerabilities by OWASP Top 10 category. Wildcard value "NONE" also supported and it cannot be combined with other OWASP top 10 values. |
 | <a id="instancesecuritydashboardvulnerabilityseveritiescountprojectid"></a>`projectId` | [`[ID!]`](#id) | Filter vulnerabilities by project. |
@@ -35290,7 +35285,7 @@ four standard [pagination arguments](#pagination-arguments):
 | <a id="projectvulnerabilitieshasmergerequest"></a>`hasMergeRequest` | [`Boolean`](#boolean) | Returns only the vulnerabilities which have linked merge requests. |
 | <a id="projectvulnerabilitieshasremediations"></a>`hasRemediations` | [`Boolean`](#boolean) | Returns only the vulnerabilities which have remediations. |
 | <a id="projectvulnerabilitieshasresolution"></a>`hasResolution` | [`Boolean`](#boolean) | Returns only the vulnerabilities which have been resolved on default branch. |
-| <a id="projectvulnerabilitiesidentifiername"></a>`identifierName` | [`String`](#string) | Filter vulnerabilities by identifier name. Applicable on group level when feature flag `vulnerability_filtering_by_identifier_group` is enabled. Ignored when applied on instance security dashboard queries. |
+| <a id="projectvulnerabilitiesidentifiername"></a>`identifierName` | [`String`](#string) | Filter vulnerabilities by identifier name. Ignored when applied on instance security dashboard queries. |
 | <a id="projectvulnerabilitiesimage"></a>`image` | [`[String!]`](#string) | Filter vulnerabilities by location image. When this filter is present, the response only matches entries for a `reportType` that includes `container_scanning`, `cluster_image_scanning`. |
 | <a id="projectvulnerabilitiesowasptopten"></a>`owaspTopTen` | [`[VulnerabilityOwaspTop10!]`](#vulnerabilityowasptop10) | Filter vulnerabilities by OWASP Top 10 category. Wildcard value "NONE" also supported and it cannot be combined with other OWASP top 10 values. |
 | <a id="projectvulnerabilitiesprojectid"></a>`projectId` | [`[ID!]`](#id) | Filter vulnerabilities by project. |
@@ -35370,7 +35365,7 @@ Returns [`VulnerabilitySeveritiesCount`](#vulnerabilityseveritiescount).
 | <a id="projectvulnerabilityseveritiescounthasmergerequest"></a>`hasMergeRequest` | [`Boolean`](#boolean) | Filter vulnerabilities that do or do not have a merge request. |
 | <a id="projectvulnerabilityseveritiescounthasremediations"></a>`hasRemediations` | [`Boolean`](#boolean) | Filter vulnerabilities that do or do not have remediations. |
 | <a id="projectvulnerabilityseveritiescounthasresolution"></a>`hasResolution` | [`Boolean`](#boolean) | Filter vulnerabilities that do or do not have a resolution. |
-| <a id="projectvulnerabilityseveritiescountidentifiername"></a>`identifierName` {{< icon name="warning-solid" >}} | [`String`](#string) | **Introduced** in GitLab 17.7. **Status**: Experiment. Filter vulnerabilities by identifier name. Applicable on group level when feature flag `vulnerability_filtering_by_identifier_group` is enabled. Ignored when applied on instance security dashboard queries. |
+| <a id="projectvulnerabilityseveritiescountidentifiername"></a>`identifierName` {{< icon name="warning-solid" >}} | [`String`](#string) | **Introduced** in GitLab 17.7. **Status**: Experiment. Filter vulnerabilities by identifier name. Ignored when applied on instance security dashboard queries. |
 | <a id="projectvulnerabilityseveritiescountimage"></a>`image` | [`[String!]`](#string) | Filter vulnerabilities by location image. When this filter is present, the response only matches entries for a `reportType` that includes `container_scanning`, `cluster_image_scanning`. |
 | <a id="projectvulnerabilityseveritiescountowasptopten"></a>`owaspTopTen` | [`[VulnerabilityOwaspTop10!]`](#vulnerabilityowasptop10) | Filter vulnerabilities by OWASP Top 10 category. Wildcard value "NONE" also supported and it cannot be combined with other OWASP top 10 values. |
 | <a id="projectvulnerabilityseveritiescountprojectid"></a>`projectId` | [`[ID!]`](#id) | Filter vulnerabilities by project. |
--- a/ee/app/assets/javascripts/security_dashboard/components/shared/filtered_search/vulnerability_report_filtered_search.vue
+++ b/ee/app/assets/javascripts/security_dashboard/components/shared/filtered_search/vulnerability_report_filtered_search.vue
@@ -30,6 +30,9 @@ export default {
    projectFullPath: {
      default: '',
    },
+    groupFullPath: {
+      default: '',
+    },
  },
  props: {
    availableFilters: {
@@ -59,9 +62,7 @@ export default {

    // This `includes` part is necessary because we don't include this filter everywhere.
    if (this.availableFilters.includes(FILTERS.IDENTIFIER)) {
-      if (this.projectFullPath || this.glFeatures?.vulnerabilityFilteringByIdentifierGroup) {
-        nonDefaultTypes.push('identifier');
-      }
+      nonDefaultTypes.push('identifier');
    }

    nonDefaultTypes.forEach((type) => {
@@ -120,7 +121,7 @@ export default {
        case FILTERS.PROJECT:
          return PROJECT_TOKEN_DEFINITION;
        case FILTERS.IDENTIFIER:
-          if (this.projectFullPath || this.glFeatures?.vulnerabilityFilteringByIdentifierGroup) {
+          if (this.projectFullPath || this.groupFullPath) {
            return IDENTIFIER_TOKEN_DEFINITION;
          }


--- a/ee/app/controllers/groups/security/vulnerabilities_controller.rb
+++ b/ee/app/controllers/groups/security/vulnerabilities_controller.rb
@@ -18,7 +18,6 @@ class VulnerabilitiesController < Groups::ApplicationController
        push_frontend_feature_flag(:vulnerability_report_vr_badge, @group, type: :beta)
        push_frontend_feature_flag(:vulnerability_report_vr_filter, @group, type: :beta)
        push_frontend_feature_flag(:vulnerability_report_filtered_search_v2, @group, type: :wip)
-        push_frontend_feature_flag(:vulnerability_filtering_by_identifier_group, @group, type: :beta)
        push_frontend_feature_flag(:enhanced_vulnerability_bulk_actions, @group, type: :wip)
        push_frontend_feature_flag(:vulnerability_severity_override, @group.root_ancestor, type: :wip)
        push_frontend_feature_flag(:existing_jira_issue_attachment_from_vulnerability_bulk_action, @project, type: :wip)

--- a/ee/app/finders/security/vulnerability_reads_finder.rb
+++ b/ee/app/finders/security/vulnerability_reads_finder.rb
@@ -143,9 +143,6 @@ def filter_by_owasp_top_10
    def filter_by_identifier_name
      return if params[:identifier_name].blank?

-      return if vulnerable.is_a?(Group) && Feature.disabled?(:vulnerability_filtering_by_identifier_group, vulnerable,
-        type: :beta)
-
      @vulnerability_reads = vulnerability_reads.with_identifier_name(params[:identifier_name])
    end


--- a/ee/app/graphql/ee/types/group_type.rb
+++ b/ee/app/graphql/ee/types/group_type.rb
@@ -77,12 +77,9 @@ module GroupType

        field :vulnerability_identifier_search,
          [GraphQL::Types::String],
-          experiment: { milestone: '17.8' },
          resolver: ::Resolvers::Vulnerabilities::IdentifierSearchResolver,
          null: true,
-          description: 'Search for vulnerabilities by identifier. ' \
-                     'Feature flag `vulnerability_filtering_by_identifier_group` ' \
-                     'has to be enabled for the group.'
+          description: 'Search for vulnerabilities by identifier.'

        field :vulnerability_severities_count, ::Types::VulnerabilitySeveritiesCountType,
          null: true,

--- a/ee/app/graphql/resolvers/vulnerabilities/identifier_search_resolver.rb
+++ b/ee/app/graphql/resolvers/vulnerabilities/identifier_search_resolver.rb
@@ -37,12 +37,6 @@ def resolve(**args)
      private

      def validate_args(args)
-        if object.is_a?(::Group) && Feature.disabled?(:vulnerability_filtering_by_identifier_group, object,
-          type: :beta)
-          raise ::Gitlab::Graphql::Errors::ArgumentError,
-            'Feature flag `vulnerability_filtering_by_identifier_group` is disabled for the group.'
-        end
-
        return unless args[:name].length < 3

        raise ::Gitlab::Graphql::Errors::ArgumentError,

--- a/ee/app/graphql/resolvers/vulnerabilities_resolver.rb
+++ b/ee/app/graphql/resolvers/vulnerabilities_resolver.rb
@@ -32,8 +32,7 @@ class VulnerabilitiesResolver < VulnerabilitiesBaseResolver

    argument :identifier_name, GraphQL::Types::String,
      required: false,
-      description: 'Filter vulnerabilities by identifier name. Applicable on group ' \
-                   'level when feature flag `vulnerability_filtering_by_identifier_group` is enabled. ' \
+      description: 'Filter vulnerabilities by identifier name. ' \
                   'Ignored when applied on instance security dashboard queries.'

    argument :scanner, [GraphQL::Types::String],

--- a/ee/app/graphql/resolvers/vulnerability_severities_count_resolver.rb
+++ b/ee/app/graphql/resolvers/vulnerability_severities_count_resolver.rb
@@ -85,7 +85,6 @@ class VulnerabilitySeveritiesCountResolver < VulnerabilitiesBaseResolver
      required: false,
      experiment: { milestone: '17.7' },
      description: 'Filter vulnerabilities by identifier name. ' \
-                    'Applicable on group level when feature flag `vulnerability_filtering_by_identifier_group` is enabled. ' \
                    'Ignored when applied on instance security dashboard queries.'

    def resolve(**args)

--- a/ee/config/feature_flags/beta/vulnerability_filtering_by_identifier_group.yml
+++ b/ee/config/feature_flags/beta/vulnerability_filtering_by_identifier_group.yml
---
-name: vulnerability_filtering_by_identifier_group
-feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/508713
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175902
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/516877
-milestone: '17.8'
-group: group::security insights
-type: beta
-default_enabled: false
--- a/ee/spec/finders/security/vulnerability_reads_finder_spec.rb
+++ b/ee/spec/finders/security/vulnerability_reads_finder_spec.rb
@@ -740,16 +740,6 @@
      it 'returns only vulnerabilities with the specified identifier name' do
        is_expected.to contain_exactly(vul_read_with_identifier_name)
      end
-
-      context 'when FF vulnerability_filtering_by_identifier_group is disabled' do
-        before do
-          stub_feature_flags(vulnerability_filtering_by_identifier_group: false)
-        end
-
-        it 'returns all vulnerabilities regardless of identifier name' do
-          is_expected.to match_array([vul_read_without_identifier_name, vul_read_with_identifier_name])
-        end
-      end
    end
  end


--- a/ee/spec/frontend/security_dashboard/components/shared/filtered_search/vulnerability_report_filtered_search_spec.js
+++ b/ee/spec/frontend/security_dashboard/components/shared/filtered_search/vulnerability_report_filtered_search_spec.js
@@ -35,6 +35,7 @@ describe('Vulnerability Report Filtered Search component', () => {
        scanners: [],
        toolFilterType,
        glFeatures,
+        projectFullPath: 'security-reports/example',
      },
      mocks: {
        $route: {
@@ -87,7 +88,6 @@ describe('Vulnerability Report Filtered Search component', () => {
        createWrapper({
          availableFilters,
          vulnerabilityReportTypeScannerFilter,
-          glFeatures: { vulnerabilityFilteringByIdentifierGroup: true },
        });

        expect(findFilteredSearchComponent().props('availableTokens')).toEqual(availableTokens);
@@ -119,7 +119,10 @@ describe('Vulnerability Report Filtered Search component', () => {

  describe('with non-empty query parameters', () => {
    beforeEach(() => {
-      createWrapper({ query: { severity: 'MEDIUM,LOW', scanner: 'gitlab-api-fuzzing' } });
+      createWrapper({
+        availableFilters: [FILTERS.STATUS, FILTERS.ACTIVITY, FILTERS.PROJECT, FILTERS.IDENTIFIER],
+        query: { severity: 'MEDIUM,LOW', scanner: 'gitlab-api-fuzzing', identifier: 'cve-test' },
+      });
    });

    it('should pass route parameters to the tokens', () => {
@@ -152,48 +155,6 @@ describe('Vulnerability Report Filtered Search component', () => {
            operator: '||',
          },
        },
-      ]);
-    });
-  });
-
-  describe('when vulnerabilityFilteringByIdentifierGroup feature flag is on', () => {
-    beforeEach(() => {
-      createWrapper({
-        availableFilters: [FILTERS.STATUS, FILTERS.ACTIVITY, FILTERS.PROJECT, FILTERS.IDENTIFIER],
-        query: {
-          identifier: 'cve-test',
-        },
-        glFeatures: {
-          vulnerabilityFilteringByIdentifierGroup: true,
-        },
-      });
-    });
-
-    it('includes identifier token in available tokens', () => {
-      expect(findFilteredSearchComponent().props('availableTokens')).toEqual([
-        STATUS_TOKEN_DEFINITION,
-        ACTIVITY_TOKEN_DEFINITION,
-        PROJECT_TOKEN_DEFINITION,
-        IDENTIFIER_TOKEN_DEFINITION,
-      ]);
-    });
-
-    it('should pass route parameters to the identifier token', () => {
-      expect(findFilteredSearchComponent().props('value')).toEqual([
-        {
-          type: 'state',
-          value: {
-            data: StatusToken.DEFAULT_VALUES,
-            operator: '||',
-          },
-        },
-        {
-          type: 'activity',
-          value: {
-            data: ActivityToken.DEFAULT_VALUES,
-            operator: '||',
-          },
-        },
        {
          type: 'identifier',
          value: {

--- a/ee/spec/graphql/resolvers/vulnerabilities/identifier_search_resolver_spec.rb
+++ b/ee/spec/graphql/resolvers/vulnerabilities/identifier_search_resolver_spec.rb
@@ -87,9 +87,6 @@
        end

        it_behaves_like 'handles invalid search input'
-        it_behaves_like 'handles a disabled feature flag' do
-          let(:feature_flag) { :vulnerability_filtering_by_identifier_group }
-        end
      end

      context 'with a project' do

--- a/ee/spec/graphql/resolvers/vulnerability_severities_count_resolver_spec.rb
+++ b/ee/spec/graphql/resolvers/vulnerability_severities_count_resolver_spec.rb
@@ -330,23 +330,6 @@
            it 'only returns count for vulnerabilities with identifier_name' do
              is_expected.to eq('critical' => 1)
            end
-
-            context 'when FF vulnerability_filtering_by_identifier_group is disabled' do
-              before do
-                stub_feature_flags(vulnerability_filtering_by_identifier_group: false)
-              end
-
-              it 'ignores the filter argument' do
-                all_vul_reads = group.vulnerability_reads
-
-                is_expected.to eq(
-                  'critical' => all_vul_reads.with_severities(:critical).count,
-                  'high' => all_vul_reads.with_severities(:high).count,
-                  'medium' => all_vul_reads.with_severities(:medium).count,
-                  'low' => all_vul_reads.with_severities(:low).count
-                )
-              end
-            end
          end
        end