From 41736524920f4a584e4e702a473ae5cdb7679726 Mon Sep 17 00:00:00 2001
From: smriti <sgarg@gitlab.com>
Date: Wed, 12 Mar 2025 15:49:20 +0530
Subject: [PATCH 1/2] Removed feature flag
extended_expiry_webhook_execution_setting
This flag is enabled for .com version since last 3 weeks or so. There had been
no related incidents or functionliaty issues. The functionality is also
verified
Changelog: removed
---
app/controllers/projects_controller.rb | 7 +-----
app/models/project.rb | 1 -
.../personal_access_tokens/expiring_worker.rb | 15 +-----------
...ended_expiry_webhook_execution_setting.yml | 9 --------
doc/user/project/settings/_index.md | 1 +
.../controllers/concerns/ee/groups/params.rb | 3 +--
ee/app/models/ee/group.rb | 5 +---
ee/app/models/ee/project.rb | 3 +--
...nded_grat_expiry_webhook_execute.html.haml | 1 -
ee/spec/models/ee/group_spec.rb | 19 ---------------
ee/spec/models/ee/project_spec.rb | 17 --------------
ee/spec/requests/groups_controller_spec.rb | 11 ---------
.../settings/_permissions.html.haml_spec.rb | 16 -------------
spec/controllers/projects_controller_spec.rb | 22 ------------------
spec/models/project_spec.rb | 10 --------
.../expiring_worker_spec.rb | 23 -------------------
16 files changed, 6 insertions(+), 157 deletions(-)
delete mode 100644 config/feature_flags/gitlab_com_derisk/extended_expiry_webhook_execution_setting.yml
diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index 0f4784cbdd0d51..1775aaf3dd2cc1 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -54,8 +54,6 @@ class ProjectsController < Projects::ApplicationController
push_force_frontend_feature_flag(:work_items, !!@project&.work_items_feature_flag_enabled?)
push_force_frontend_feature_flag(:work_items_beta, !!@project&.work_items_beta_feature_flag_enabled?)
push_force_frontend_feature_flag(:work_items_alpha, !!@project&.work_items_alpha_feature_flag_enabled?)
- # FF to enable setting to allow webhook execution on 30D and 60D notification delivery too
- push_frontend_feature_flag(:extended_expiry_webhook_execution_setting, @project&.namespace)
end
layout :determine_layout
@@ -471,10 +469,7 @@ def project_setting_attributes
emails_enabled
]
- if ::Feature.enabled?(:extended_expiry_webhook_execution_setting, @project&.namespace) &&
- can?(current_user, :admin_project, project)
- attributes << :extended_prat_expiry_webhooks_execute
- end
+ attributes << :extended_prat_expiry_webhooks_execute if can?(current_user, :admin_project, project)
attributes
end
diff --git a/app/models/project.rb b/app/models/project.rb
index 3e9839657cbcac..86f51d6dd0f390 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -2012,7 +2012,6 @@ def triggered_hooks(hooks_scope, data)
# seven_days interval but we have a setting to allow webhook execution
# for thirty_days and sixty_days interval too.
if hooks_scope == :resource_access_token_hooks &&
- ::Feature.enabled?(:extended_expiry_webhook_execution_setting, self.namespace) &&
data[:interval] != :seven_days &&
!self.extended_prat_expiry_webhooks_execute?
diff --git a/app/workers/personal_access_tokens/expiring_worker.rb b/app/workers/personal_access_tokens/expiring_worker.rb
index d81d866afbbd80..8f27cf0713dfe9 100644
--- a/app/workers/personal_access_tokens/expiring_worker.rb
+++ b/app/workers/personal_access_tokens/expiring_worker.rb
@@ -129,12 +129,7 @@ def process_project_bot_tokens(interval = :seven_days)
# project bot does not have more than 1 token
expiring_user_token = project_bot.personal_access_tokens.first
- # If feature flag is not enabled webhooks will only execute if interval is seven_days
- resource_namespace = bot_resource_namepace(project_bot.resource_bot_resource)
- if Feature.enabled?(:extended_expiry_webhook_execution_setting, resource_namespace) ||
- interval == :seven_days
- execute_web_hooks(project_bot, expiring_user_token, { interval: interval })
- end
+ execute_web_hooks(project_bot, expiring_user_token, { interval: interval })
interval_days = PersonalAccessToken.notification_interval(interval)
deliver_bot_notifications(project_bot, expiring_user_token.name, days_to_expire: interval_days)
@@ -221,13 +216,5 @@ def notification_service
NotificationService.new
end
strong_memoize_attr :notification_service
-
- def bot_resource_namepace(resource)
- if resource.is_a?(Project)
- resource.namespace
- else
- resource
- end
- end
end
end
diff --git a/config/feature_flags/gitlab_com_derisk/extended_expiry_webhook_execution_setting.yml b/config/feature_flags/gitlab_com_derisk/extended_expiry_webhook_execution_setting.yml
deleted file mode 100644
index 5d73d12d5808a4..00000000000000
--- a/config/feature_flags/gitlab_com_derisk/extended_expiry_webhook_execution_setting.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-name: extended_expiry_webhook_execution_setting
-feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/499732
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/178266
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/513684
-milestone: '17.9'
-group: group::authentication
-type: gitlab_com_derisk
-default_enabled: false
diff --git a/doc/user/project/settings/_index.md b/doc/user/project/settings/_index.md
index 3d0b6e9794be3d..bc63157b28b911 100644
--- a/doc/user/project/settings/_index.md
+++ b/doc/user/project/settings/_index.md
@@ -172,6 +172,7 @@ To set this default:
- [Added](https://gitlab.com/gitlab-org/gitlab/-/issues/463016) 60 day and 30 days triggers to project and group access tokens webhooks in GitLab 17.9 [with a flag](../../../administration/feature_flags.md) named `extended_expiry_webhook_execution_setting`. Disabled by default.
- [Enabled on GitLab.com](https://gitlab.com/gitlab-org/gitlab/-/issues/513684) in GitLab 17.10.
+- [Removed]GitLab 17.10
{{< /history >}}
diff --git a/ee/app/controllers/concerns/ee/groups/params.rb b/ee/app/controllers/concerns/ee/groups/params.rb
index f9fecab0d2679e..ed50b0512ebe9a 100644
--- a/ee/app/controllers/concerns/ee/groups/params.rb
+++ b/ee/app/controllers/concerns/ee/groups/params.rb
@@ -80,8 +80,7 @@ def group_params_ee
params_ee << :enterprise_users_extensions_marketplace_enabled
end
- if ::Feature.enabled?(:extended_expiry_webhook_execution_setting, current_group) &&
- can?(current_user, :admin_group, current_group) &&
+ if can?(current_user, :admin_group, current_group) &&
current_group.licensed_feature_available?(:group_webhooks)
params_ee << :extended_grat_expiry_webhooks_execute
end
diff --git a/ee/app/models/ee/group.rb b/ee/app/models/ee/group.rb
index c20239d0b8e6a6..3ed414d5e2ac57 100644
--- a/ee/app/models/ee/group.rb
+++ b/ee/app/models/ee/group.rb
@@ -825,8 +825,7 @@ def execute_hooks(data, hooks_scope)
# seven_days interval but we have a setting to allow webhook execution
# for thirty_days and sixty_days_plus interval too.
is_extended_expiry_webhook = hooks_scope == :resource_access_token_hooks &&
- data[:interval] != :seven_days &&
- ::Feature.enabled?(:extended_expiry_webhook_execution_setting, self)
+ data[:interval] != :seven_days
group_hooks = if is_extended_expiry_webhook
GroupHook.where(group_id: groups_for_extended_webhook_execution_on_token_expiry)
@@ -1119,8 +1118,6 @@ def enable_auto_assign_gitlab_duo_pro_seats?
end
def groups_for_extended_webhook_execution_on_token_expiry
- return Group.none unless ::Feature.enabled?(:extended_expiry_webhook_execution_setting, self)
-
self_and_ancestors
.joins(:namespace_settings)
.where(namespace_settings: { extended_grat_expiry_webhooks_execute: true })
diff --git a/ee/app/models/ee/project.rb b/ee/app/models/ee/project.rb
index 969ae22a60aa01..267abf53e0e793 100644
--- a/ee/app/models/ee/project.rb
+++ b/ee/app/models/ee/project.rb
@@ -871,8 +871,7 @@ def triggered_hooks(scope, data)
triggered = super
if group && feature_available?(:group_webhooks)
- if ::Feature.enabled?(:extended_expiry_webhook_execution_setting, self.namespace) &&
- scope == :resource_access_token_hooks &&
+ if scope == :resource_access_token_hooks &&
data[:interval] != :seven_days
triggered.add_hooks(group_webhooks_including_extended_token_expiry)
else
diff --git a/ee/app/views/groups/settings/_extended_grat_expiry_webhook_execute.html.haml b/ee/app/views/groups/settings/_extended_grat_expiry_webhook_execute.html.haml
index 846466963a7152..8a9683dc6b1976 100644
--- a/ee/app/views/groups/settings/_extended_grat_expiry_webhook_execute.html.haml
+++ b/ee/app/views/groups/settings/_extended_grat_expiry_webhook_execute.html.haml
@@ -1,4 +1,3 @@
-- return unless Feature.enabled?(:extended_expiry_webhook_execution_setting, group)
- return unless group.licensed_feature_available?(:group_webhooks)
%h5= s_('GroupSettings|Add additional webhook triggers for group access token expiration')
diff --git a/ee/spec/models/ee/group_spec.rb b/ee/spec/models/ee/group_spec.rb
index 9d24a9551b608a..03cfdd887386dc 100644
--- a/ee/spec/models/ee/group_spec.rb
+++ b/ee/spec/models/ee/group_spec.rb
@@ -2977,25 +2977,6 @@ def webhook_headers
end
end
- context 'when feature flag is disabled' do
- let(:data) { { interval: :thirty_days } }
-
- before do
- stub_feature_flags(extended_expiry_webhook_execution_setting: false)
- end
-
- it 'executes the webhook since the setting does not apply' do
- group.namespace_settings.update!(extended_grat_expiry_webhooks_execute: false)
-
- expect(WebHookService)
- .to receive(:new)
- .with(group_hook, data, 'resource_access_token_hooks', idempotency_key: anything)
- .and_call_original
-
- group.execute_hooks(data, :resource_access_token_hooks)
- end
- end
-
context 'when setting extended_grat_expiry_webhooks_execute is disabled' do
before do
group.namespace_settings.update!(extended_grat_expiry_webhooks_execute: false)
diff --git a/ee/spec/models/ee/project_spec.rb b/ee/spec/models/ee/project_spec.rb
index 51fa1f2adb1451..890a64c085ef5e 100644
--- a/ee/spec/models/ee/project_spec.rb
+++ b/ee/spec/models/ee/project_spec.rb
@@ -1737,23 +1737,6 @@
end
end
- context 'when feature flag is disabled' do
- let(:data) { { interval: :thirty_days } }
-
- before do
- stub_feature_flags(extended_expiry_webhook_execution_setting: false)
- end
-
- it 'adds webhook to the execution list since no setting is there' do
- expect(WebHookService)
- .to receive(:new)
- .with(group_hook, data, 'resource_access_token_hooks', idempotency_key: anything)
- .and_return(wh_service)
-
- project.execute_hooks(data, :resource_access_token_hooks)
- end
- end
-
context 'when setting extended_grat_expiry_webhooks_execute is disabled' do
before do
group.namespace_settings.update!(extended_grat_expiry_webhooks_execute: false)
diff --git a/ee/spec/requests/groups_controller_spec.rb b/ee/spec/requests/groups_controller_spec.rb
index 7f9b664a5faf07..8fce76f7283854 100644
--- a/ee/spec/requests/groups_controller_spec.rb
+++ b/ee/spec/requests/groups_controller_spec.rb
@@ -430,17 +430,6 @@
expect { request }.to change { group.reload.extended_grat_expiry_webhooks_execute? }
expect(response).to have_gitlab_http_status(:found)
end
-
- context 'when feature flag is disabled' do
- before do
- stub_feature_flags(extended_expiry_webhook_execution_setting: false)
- end
-
- it 'does not change the column' do
- expect { request }.not_to change { group.reload.extended_grat_expiry_webhooks_execute? }
- expect(response).to have_gitlab_http_status(:found)
- end
- end
end
end
diff --git a/ee/spec/views/groups/settings/_permissions.html.haml_spec.rb b/ee/spec/views/groups/settings/_permissions.html.haml_spec.rb
index 3e39654140f2cf..63985d1e7895e7 100644
--- a/ee/spec/views/groups/settings/_permissions.html.haml_spec.rb
+++ b/ee/spec/views/groups/settings/_permissions.html.haml_spec.rb
@@ -116,22 +116,6 @@
)
expect(rendered).to have_unchecked_field(checkbox_label, type: 'checkbox')
end
-
- context 'when feature flag is disabled' do
- before do
- stub_feature_flags(extended_expiry_webhook_execution_setting: false)
- end
-
- it 'renders nothing', :aggregate_failures do
- render
-
- expect(rendered).to render_template('groups/settings/_extended_grat_expiry_webhook_execute')
- expect(rendered).not_to have_content(
- s_('GroupSettings|Add additional webhook triggers for group access token expiration')
- )
- expect(rendered).not_to have_unchecked_field(checkbox_label, type: 'checkbox')
- end
- end
end
end
diff --git a/spec/controllers/projects_controller_spec.rb b/spec/controllers/projects_controller_spec.rb
index d4ad55f4230ac3..40b88088c15477 100644
--- a/spec/controllers/projects_controller_spec.rb
+++ b/spec/controllers/projects_controller_spec.rb
@@ -953,28 +953,6 @@ def update_project(**parameters)
expect(project.emails_disabled?).to eq(!result)
expect(project.extended_prat_expiry_webhooks_execute?).to eq(result)
end
-
- context 'when extended_expiry_webhook_execution_setting feature flag is false' do
- before do
- stub_feature_flags(extended_expiry_webhook_execution_setting: false)
- end
-
- it "does not update extended_expiry_webhook_execution_setting" do
- put :update, params: {
- namespace_id: project.namespace,
- id: project.path,
- project: {
- project_setting_attributes: {
- extended_prat_expiry_webhooks_execute: boolean_value
- }
- }
- }
-
- project.reload
-
- expect(project.extended_prat_expiry_webhooks_execute?).to be false
- end
- end
end
end
diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb
index c892da72ba1ecf..fdbacb39a433b8 100644
--- a/spec/models/project_spec.rb
+++ b/spec/models/project_spec.rb
@@ -6453,16 +6453,6 @@ def has_external_wiki
it_behaves_like 'webhook is added to execution list'
end
- context 'when feature flag is disabled' do
- let(:data) { { interval: :thirty_days } }
-
- before do
- stub_feature_flags(extended_expiry_webhook_execution_setting: false)
- end
-
- it_behaves_like 'webhook is added to execution list'
- end
-
context 'when setting extended_prat_expiry_webhooks_execute is disabled' do
before do
project.update!(extended_prat_expiry_webhooks_execute: false)
diff --git a/spec/workers/personal_access_tokens/expiring_worker_spec.rb b/spec/workers/personal_access_tokens/expiring_worker_spec.rb
index e4fc6204fb6a91..647c9e01e540da 100644
--- a/spec/workers/personal_access_tokens/expiring_worker_spec.rb
+++ b/spec/workers/personal_access_tokens/expiring_worker_spec.rb
@@ -266,29 +266,6 @@
worker.perform
end
- context 'when feature flag extended_expiry_webhook_execution_setting is disabled' do
- before do
- stub_feature_flags(extended_expiry_webhook_execution_setting: false)
- end
-
- it "does not call execute_web_hooks for interval 30 days" do
- expiring_token.update!(expires_at: 30.days.from_now)
- project_hook = create(:project_hook, project: project, resource_access_token_events: true)
-
- expect(Gitlab::DataBuilder::ResourceAccessTokenPayload).not_to receive(:build)
- expect(WebHookService)
- .not_to receive(:new)
- .with(
- project_hook,
- {},
- 'resource_access_token_hooks',
- idempotency_key: anything
- ) { fake_wh_service }
-
- worker.perform
- end
- end
-
context 'with multiple batches of tokens' do
let_it_be(:expiring_tokens) { create_list(:resource_access_token, 4, expires_at: 6.days.from_now) }
--
GitLab
From 5f111fa2f57fbe9db4a35fc7f29dfb99a9c9e375 Mon Sep 17 00:00:00 2001
From: smriti <sgarg@gitlab.com>
Date: Wed, 12 Mar 2025 22:45:18 +0530
Subject: [PATCH 2/2] Corrected docs
---
doc/user/project/settings/_index.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/doc/user/project/settings/_index.md b/doc/user/project/settings/_index.md
index bc63157b28b911..2e2eded57f7c0c 100644
--- a/doc/user/project/settings/_index.md
+++ b/doc/user/project/settings/_index.md
@@ -172,7 +172,7 @@ To set this default:
- [Added](https://gitlab.com/gitlab-org/gitlab/-/issues/463016) 60 day and 30 days triggers to project and group access tokens webhooks in GitLab 17.9 [with a flag](../../../administration/feature_flags.md) named `extended_expiry_webhook_execution_setting`. Disabled by default.
- [Enabled on GitLab.com](https://gitlab.com/gitlab-org/gitlab/-/issues/513684) in GitLab 17.10.
-- [Removed]GitLab 17.10
+- [Generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/513684) in GitLab 17.10. Feature flag `extended_expiry_webhook_execution_setting` removed.
{{< /history >}}
--
GitLab