Guard RTV behind global ai and experimental setting
What does this MR do and why?
Came up in slack discussion (internal link). The Resolve this vulnerability feature is guarded behind its resolve_vulnerability_ai feature flag, but not behind the global ai_global_switch feature flag and the Experiment & Beta features setting.
This MR adds this guard similar to how it's done for Explain this vulnerability feature.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
How to set up and validate locally
Prerequisites
- You need an EE license
- Simulate SAAS: https://docs.gitlab.com/ee/development/ee_features.html#simulate-a-saas-instance
- Make sure the group you'll be importing the project has ultimate license
- You need to have runners enabled (See $2408961 for setting up a runner)
- Import https://gitlab.com/gitlab-org/govern/demos/sandbox/minac/test-remediations in the group with the ultimate license
- Run a pipeline on master
Validation
- Go to the vulnerability report of the imported project and select a vulnerability
- Validate that in the split button (top-right) the "Resolve with AI" is not there
- Enable resolveVulnerabilityAi feature flag:
echo "Feature.enable(:resolve_vulnerability_ai)" | gdk rails c - Validate that the "Resolve with AI" is still not there
- Enable Experiment & Beta features setting:
- Go to the group with the Ultimate license
- Group Settings > General -> Permissions and group features
- Enable Experiment & Beta features
- Validate that the "Resolve with AI" is still not there
- Enable global ai switch:
echo "Feature.enable(:ai_global_switc)" | gdk rails c - Validate that the "Resolve with AI" is visible
Edited by Lorenz van Herwaarden