Cleanup of backend and E2E for `pipeline_security_dashboard_graphql`

- Remove feature flag push
- Remove remaining e2e tests for old security dashboard
- Removes `pipeline_security_dashboard_graphql` feauture flag
definition
-

Changelog: other

ee/app/controllers/ee/projects/pipelines_controller.rb

@@ -11,7 +11,6 @@ module PipelinesController
 
         before_action :authorize_read_licenses!, only: [:licenses, :license_count]
         before_action do
-          push_frontend_feature_flag(:pipeline_security_dashboard_graphql, project, type: :development)
           push_frontend_feature_flag(:dora_charts_forecast, project.namespace)
           push_frontend_feature_flag(:use_holt_winters_forecast_for_deployment_frequency, project)
           push_frontend_feature_flag(:vulnerability_code_flow, project)

ee/config/feature_flags/development/pipeline_security_dashboard_graphql.yml

----
-name: pipeline_security_dashboard_graphql
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/60138
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/328818
-milestone: '13.12'
-type: development
-group: group::threat insights
-default_enabled: true

qa/qa/ee/page/component/secure_report.rb

@@ -11,10 +11,6 @@ def self.prepended(base)
             super
 
             base.class_eval do
-              view 'ee/app/assets/javascripts/security_dashboard/components/security_dashboard_table.vue' do
-                element 'security-report-content'
-              end
-
               view 'ee/app/assets/javascripts/security_dashboard/components/shared/filters/activity_filter.vue' do
                 element 'filter-activity-dropdown'
               end
@@ -148,13 +144,6 @@ def has_vulnerability?(name)
             end
           end
 
-          def has_vulnerability_info_content?(name)
-            retry_until(reload: true, sleep_interval: 2, max_attempts: 2, message: 'Finding "Security Finding" text') do
-              has_element?('vulnerability-info-content', text: name,
-                wait: 1) || has_element?('vulnerability', text: name, wait: 1)
-            end
-          end
-
           def has_status?(status, vulnerability_name)
             retry_until(reload: true, sleep_interval: 3, raise_on_failure: false) do
               # Capitalizing first letter in each word to account for "Needs Triage" state

qa/qa/ee/page/group/secure/show.rb

@@ -8,10 +8,6 @@ module Secure
           class Show < QA::Page::Base
             include Page::Component::SecureReport
 
-            view 'ee/app/assets/javascripts/security_dashboard/components/pipeline/security_dashboard_table.vue' do
-              element 'security-report-content', required: true
-            end
-
             view 'ee/app/assets/javascripts/security_dashboard/components/shared/project_security_status_chart.vue' do
               element 'project-name-text', required: true
             end

qa/qa/ee/page/merge_request/show.rb

@@ -127,10 +127,10 @@ def click_vulnerability(name)
             end
           end
 
-          def dismiss_vulnerability_with_reason(name, reason)
+          def dismiss_vulnerability_with_comment(name, comment)
             expand_vulnerability_report
             click_vulnerability(name)
-            add_comment_and_dismiss(reason)
+            add_comment_and_dismiss(comment)
           end
 
           def add_comment_and_dismiss(comment)
@@ -207,10 +207,10 @@ def has_dast_vulnerability_count?
             find_element('dast-scan-report').has_content?(/DAST detected \d*( new)?( potential)? vulnerabilit/)
           end
 
-          def has_security_finding_dismissed_on_mr_widget?(reason)
+          def has_security_finding_dismissed_on_mr_widget?(comment)
             within_element('vulnerability-modal-content') do
               has_element?('event-item-content', text: /Dismissed.*/) &&
-                has_element?('event-item-content', text: reason)
+                has_element?('event-item-content', text: comment)
             end
           end
 

qa/qa/ee/page/project/pipeline/show.rb

@@ -18,13 +18,18 @@ def self.prepended(base)
                 view 'app/assets/javascripts/ci/reports/components/report_item.vue' do
                   element 'report-item-row'
                 end
+
+                view 'ee/app/assets/javascripts/security_dashboard/components/pipeline/' \
+                  'pipeline_security_dashboard.vue' do
+                  element 'pipeline-vulnerability-report'
+                end
               end
             end
 
             def click_on_security
               retry_until(sleep_interval: 3, message: "Security report didn't open") do
                 click_link('Security')
-                has_element?('security-report-content') || has_element?('pipeline-vulnerability-report')
+                has_element?('pipeline-vulnerability-report')
               end
             end
 

qa/qa/ee/page/project/secure/pipeline_security.rb

@@ -6,28 +6,6 @@ module Page
       module Project
         module Secure
           class PipelineSecurity < QA::Page::Base
-            view 'ee/app/assets/javascripts/security_dashboard/components/pipeline/security_dashboard_table_row.vue' do
-              element 'vulnerability-info-content'
-              element 'security-finding-name-button'
-              element 'security-finding-checkbox'
-            end
-
-            view 'ee/app/assets/javascripts/security_dashboard/components/pipeline/vulnerability_action_buttons.vue' do
-              element 'dismiss-vulnerability'
-              element 'create-issue'
-              element 'undo-dismiss'
-              element 'more-info'
-            end
-
-            view 'ee/app/assets/javascripts/security_dashboard/components/pipeline/filters.vue' do
-              element 'findings-hide-dismissed-toggle'
-            end
-
-            view 'ee/app/assets/javascripts/security_dashboard/components/pipeline/selection_summary_vuex.vue' do
-              element 'finding-dismissal-reason'
-              element 'finding-dismiss-button'
-            end
-
             view 'ee/app/assets/javascripts/security_dashboard/components/shared/vulnerability_report/' \
               'vulnerability_list.vue' do
               element 'vulnerability'
@@ -46,12 +24,6 @@ class PipelineSecurity < QA::Page::Base
               element 'filter-status-dropdown'
             end
 
-            def dismiss_finding_with_reason_old_dashboard(finding_name, reason)
-              check_element('security-finding-checkbox', true, finding_name: finding_name, visible: false)
-              select_element('finding-dismissal-reason', reason)
-              click_element('finding-dismiss-button')
-            end
-
             def dismiss_finding_with_reason(finding_name, reason = "not_applicable")
               select_finding(finding_name)
               select_state('dismissed')
@@ -61,27 +33,11 @@ def dismiss_finding_with_reason(finding_name, reason = "not_applicable")
             end
 
             def has_vulnerability?(vulnerability_name)
-              vulnerability_element = feature_flag_controlled_element(:pipeline_security_dashboard_graphql,
-                'vulnerability',
-                'security-finding-name-button')
-
-              if vulnerability_element.eql?('vulnerability')
-                has_element?('vulnerability', vulnerability_description: vulnerability_name)
-              else
-                has_element?('security-finding-name-button', status_description: vulnerability_name)
-              end
+              has_element?('vulnerability', vulnerability_description: vulnerability_name)
             end
 
             def select_vulnerability(vulnerability_name)
-              vulnerability_element = feature_flag_controlled_element(:pipeline_security_dashboard_graphql,
-                'vulnerability',
-                'security-finding-name-button')
-
-              if vulnerability_element.eql?('vulnerability')
-                click_element('vulnerability', vulnerability_description: vulnerability_name)
-              else
-                click_element('security-finding-name-button', status_description: vulnerability_name)
-              end
+              click_element('vulnerability', vulnerability_description: vulnerability_name)
             end
 
             def has_modal_scanner_type?(scanner_type)
@@ -129,30 +85,6 @@ def select_status(status)
               click_element('filter-status-dropdown')
             end
 
-            def toggle_hide_dismissed_off
-              toggle_hide_dismissed("off")
-            end
-
-            def toggle_hide_dismissed_on
-              toggle_hide_dismissed("on")
-            end
-
-            def toggle_hide_dismissed(toggle_to)
-              within_element('findings-hide-dismissed-toggle') do
-                toggle = find('button.gl-toggle')
-                checked = toggle[:class].include?('is-checked')
-                toggle.click if (checked && toggle_to == "off") || (!checked && toggle_to == "on")
-              end
-            end
-
-            def undo_dismiss_button_present?(finding_name)
-              has_element?('undo-dismiss', finding_name: finding_name)
-            end
-
-            def create_issue_old_dashboard(finding_name)
-              click_element('create-issue', QA::Page::Project::Issue::Show, finding_name: finding_name)
-            end
-
             def create_issue(finding_name)
               click_finding(finding_name)
               click_element('create-issue-button')
@@ -162,10 +94,6 @@ def click_finding(finding_name)
               click_element('vulnerability', vulnerability_description: finding_name)
               wait_for_requests
             end
-
-            def expand_security_finding(finding_name)
-              click_element('more-info', finding_name: finding_name)
-            end
           end
         end
       end

qa/qa/ee/page/project/secure/show.rb

@@ -8,10 +8,6 @@ module Secure
           class Show < QA::Page::Base
             include Page::Component::SecureReport
 
-            view 'ee/app/assets/javascripts/security_dashboard/components/pipeline/security_dashboard_table.vue' do
-              element 'security-report-content', required: true
-            end
-
             view 'ee/app/assets/javascripts/security_dashboard/components/shared/vulnerability_report/vulnerability_list.vue' do
               element 'false-positive-vulnerability'
             end

qa/qa/specs/features/ee/browser_ui/10_govern/security_reports_spec.rb

@@ -86,24 +86,24 @@ module QA
           pipeline.click_on_security
 
           filter_report_and_perform(page: pipeline, filter_report: "Dependency Scanning") do
-            expect(pipeline).to have_vulnerability_info_content dependency_scan_example_vuln
+            expect(pipeline).to have_vulnerability dependency_scan_example_vuln
           end
 
           filter_report_and_perform(page: pipeline, filter_report: "Container Scanning") do
-            expect(pipeline).to have_vulnerability_info_content container_scan_example_vuln
+            expect(pipeline).to have_vulnerability container_scan_example_vuln
           end
 
           filter_report_and_perform(page: pipeline, filter_report: "SAST") do
-            expect(pipeline).to have_vulnerability_info_content sast_scan_example_vuln
-            expect(pipeline).to have_vulnerability_info_content sast_scan_fp_example_vuln
+            expect(pipeline).to have_vulnerability sast_scan_example_vuln
+            expect(pipeline).to have_vulnerability sast_scan_fp_example_vuln
           end
 
           filter_report_and_perform(page: pipeline, filter_report: "DAST") do
-            expect(pipeline).to have_vulnerability_info_content dast_scan_example_vuln
+            expect(pipeline).to have_vulnerability dast_scan_example_vuln
           end
 
           filter_report_and_perform(page: pipeline, filter_report: "Secret Detection") do
-            expect(pipeline).to have_vulnerability_info_content secret_detection_vuln
+            expect(pipeline).to have_vulnerability secret_detection_vuln
           end
         end
       end

qa/qa/specs/features/ee/browser_ui/10_govern/vulnerability_management_spec.rb

@@ -10,7 +10,6 @@ module QA
       let(:remediable_vuln_name) { "Authentication bypass via incorrect DOM traversal and canonicalization" }
       let(:security_finding_name) { "CVE-2017-18269 in glibc" }
       let(:create_issue_finding) { "Cipher with no integrity" }
-      let(:dismiss_reason) { "Won't fix / Accept risk" }
       let(:activity_name) { "Has issue" }
       let(:vulnerability_filename) { 'yarn.lock' }
 
@@ -68,11 +67,11 @@ module QA
 
       it 'can dismiss a vulnerability with a reason from mr security widget', :blocking,
         testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/348008' do
-        dismiss_reason = "Vulnerability not applicable"
+        comment = "Vulnerability not applicable"
 
         Page::MergeRequest::Show.perform do |merge_request|
           expect(merge_request).to have_vulnerability_report
-          merge_request.dismiss_vulnerability_with_reason(vuln_name, dismiss_reason)
+          merge_request.dismiss_vulnerability_with_comment(vuln_name, comment)
 
           merge_request.click_vulnerability(vuln_name)
 
@@ -83,7 +82,7 @@ module QA
         view_vulnerability_file(vulnerability_filename)
 
         Page::MergeRequest::Show.perform do |merge_request|
-          expect(merge_request).to have_security_finding_dismissed_on_mr_widget(dismiss_reason)
+          expect(merge_request).to have_security_finding_dismissed_on_mr_widget(comment)
 
           merge_request.cancel_vulnerability_modal
         end
@@ -108,24 +107,13 @@ module QA
         :blocking, testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/378294' do
         visit_pipeline_security_tab
         EE::Page::Project::Secure::PipelineSecurity.perform do |pipeline_security|
-          if new_security_dashboard?(pipeline_security)
-            pipeline_security.dismiss_finding_with_reason(security_finding_name)
-            pipeline_security.select_status('DISMISSED')
-            pipeline_security.click_finding(security_finding_name)
-          else
-            pipeline_security.dismiss_finding_with_reason_old_dashboard(security_finding_name, dismiss_reason)
-            pipeline_security.toggle_hide_dismissed_off
-            pipeline_security.undo_dismiss_button_present?(security_finding_name)
-            pipeline_security.expand_security_finding(security_finding_name)
-          end
+          pipeline_security.dismiss_finding_with_reason(security_finding_name)
+          pipeline_security.select_status('DISMISSED')
+          pipeline_security.click_finding(security_finding_name)
         end
 
         Page::MergeRequest::Show.perform do |merge_request|
-          if new_security_dashboard?(merge_request)
-            expect(merge_request).to have_security_finding_dismissed('Not applicable', project.full_path)
-          else
-            expect(merge_request).to have_security_finding_dismissed(dismiss_reason, project.full_path)
-          end
+          expect(merge_request).to have_security_finding_dismissed('Not applicable', project.full_path)
 
           merge_request.cancel_vulnerability_modal
         end
@@ -139,11 +127,7 @@ module QA
         testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/383756' do
         visit_pipeline_security_tab
         EE::Page::Project::Secure::PipelineSecurity.perform do |pipeline_security|
-          if new_security_dashboard?(pipeline_security)
-            pipeline_security.create_issue(create_issue_finding)
-          else
-            pipeline_security.create_issue_old_dashboard(create_issue_finding)
-          end
+          pipeline_security.create_issue(create_issue_finding)
         end
 
         Page::Project::Issue::Show.perform do |issue|
@@ -212,10 +196,6 @@ def verify_vulnerability_dismissed(vulnerability:)
         end
       end
 
-      def new_security_dashboard?(page)
-        page.has_element?('pipeline-vulnerability-report')
-      end
-
       def visit_pipeline_security_tab
         Flow::Pipeline.visit_latest_pipeline
         Page::Project::Pipeline::Show.perform(&:click_on_security)