Merge branch 'ff-improved_container_scan_matching-remove' into 'master'

Remove improved_container_scan_matching feature flag See merge request gitlab-org/gitlab!76286

Merge branch 'ff-improved_container_scan_matching-remove' into 'master'
Remove improved_container_scan_matching feature flag See merge request gitlab-org/gitlab!76286
343d7993 · Mayra Cabrera · 3b815509 · f408212c · 3b815509 · 343d7993
Commit 343d7993 authored Dec 20, 2021 by Mayra Cabrera
5 changed files
--- a/config/feature_flags/development/improved_container_scan_matching.yml
+++ b/config/feature_flags/development/improved_container_scan_matching.yml
---
-name: improved_container_scan_matching
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/73486
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/344534
-milestone: '14.6'
-type: development
-group: group::container security
-default_enabled: true
--- a/ee/lib/gitlab/ci/parsers/security/container_scanning.rb
+++ b/ee/lib/gitlab/ci/parsers/security/container_scanning.rb
@@ -13,22 +13,15 @@ module Gitlab
              operating_system: location_data['operating_system'],
              package_name: location_data.dig('dependency', 'package', 'name'),
              package_version: location_data.dig('dependency', 'version'),
-              default_branch_image: default_branch_image(location_data),
+              default_branch_image: default_branch_image(location_data)
-              improved_container_scan_matching_enabled: improved_container_scan_matching_enabled?
            )
          end
          def default_branch_image(location_data)
-            return unless improved_container_scan_matching_enabled?
            return if @report.pipeline.default_branch?
            location_data['default_branch_image']
          end
-          def improved_container_scan_matching_enabled?
-            Feature.enabled?(:improved_container_scan_matching, @report.pipeline.project, default_enabled: :yaml)
-          end
        end
      end
    end

--- a/ee/lib/gitlab/ci/reports/security/locations/container_scanning.rb
+++ b/ee/lib/gitlab/ci/reports/security/locations/container_scanning.rb
@@ -17,38 +17,26 @@ module Gitlab
              operating_system:,
              package_name: nil,
              package_version: nil,
-              default_branch_image: nil,
+              default_branch_image: nil
-              improved_container_scan_matching_enabled: false
            )
              @image = image
              @operating_system = operating_system
              @package_name = package_name
              @package_version = package_version
              @default_branch_image = default_branch_image
-              @improved_container_scan_matching_enabled = improved_container_scan_matching_enabled
            end
            def fingerprint_data
              "#{docker_image_name_without_tag}:#{package_name}"
            end
-            def improved_container_scan_matching_enabled?
-              @improved_container_scan_matching_enabled
-            end
            private
            def docker_image_name_without_tag
-              if improved_container_scan_matching_enabled?
+              image_name = default_branch_image.presence || image
-                image_name = default_branch_image.presence || image
+              base_name, _, version = image_name.rpartition(':')
-                base_name, _, version = image_name.rpartition(':')
-                return image_name if version_semver_like?(version)
+              return image_name if version_semver_like?(version)
-              else
-                base_name, version = image.split(':')
-                return image if version_semver_like?(version)
-              end
              base_name
            end

--- a/ee/spec/lib/gitlab/ci/parsers/security/container_scanning_spec.rb
+++ b/ee/spec/lib/gitlab/ci/parsers/security/container_scanning_spec.rb
@@ -42,63 +42,35 @@ RSpec.describe Gitlab::Ci::Parsers::Security::ContainerScanning do
  end
  describe '#parse!' do
-    context 'when improved_container_scan_matching is disabled' do
+    before do
-      before do
+      artifact.each_blob { |blob| described_class.parse!(blob, report) }
-        stub_feature_flags(improved_container_scan_matching: false)
-        artifact.each_blob { |blob| described_class.parse!(blob, report) }
-      end
-      it_behaves_like 'report'
-      context 'when not on default branch' do
-        let(:current_branch) { 'not-default' }
-        it 'does not include default_branch_image' do
-          location = report.findings.first.location
-          expect(location).to be_a(::Gitlab::Ci::Reports::Security::Locations::ContainerScanning)
-          expect(location).to have_attributes(
-            default_branch_image: nil,
-            improved_container_scan_matching_enabled?: false
-          )
-        end
-      end
    end
-    context 'when improved_container_scan_matching is enabled' do
+    it_behaves_like 'report'
-      before do
-        stub_feature_flags(improved_container_scan_matching: true)
-        artifact.each_blob { |blob| described_class.parse!(blob, report) }
-      end
-      it_behaves_like 'report'
-      context 'when on default branch' do
+    context 'when on default branch' do
-        let(:current_branch) { project.default_branch }
+      let(:current_branch) { project.default_branch }
-        it 'does not include default_branch_image in location' do
+      it 'does not include default_branch_image in location' do
-          location = report.findings.first.location
+        location = report.findings.first.location
-          expect(location).to be_a(::Gitlab::Ci::Reports::Security::Locations::ContainerScanning)
+        expect(location).to be_a(::Gitlab::Ci::Reports::Security::Locations::ContainerScanning)
-          expect(location).to have_attributes(
+        expect(location).to have_attributes(
-            default_branch_image: nil,
+          default_branch_image: nil
-            improved_container_scan_matching_enabled?: true
+        )
-          )
-        end
      end
+    end
-      context 'when not on default branch' do
+    context 'when not on default branch' do
-        let(:current_branch) { 'not-default' }
+      let(:current_branch) { 'not-default' }
-        it 'includes default_branch_image in location' do
+      it 'includes default_branch_image in location' do
-          location = report.findings.first.location
+        location = report.findings.first.location
-          expect(location).to be_a(::Gitlab::Ci::Reports::Security::Locations::ContainerScanning)
+        expect(location).to be_a(::Gitlab::Ci::Reports::Security::Locations::ContainerScanning)
-          expect(location).to have_attributes(
+        expect(location).to have_attributes(
-            default_branch_image: default_branch_image,
+          default_branch_image: default_branch_image
-            improved_container_scan_matching_enabled?: true
+        )
-          )
-        end
      end
    end
  end

--- a/ee/spec/lib/gitlab/ci/reports/security/locations/container_scanning_spec.rb
+++ b/ee/spec/lib/gitlab/ci/reports/security/locations/container_scanning_spec.rb
@@ -23,102 +23,57 @@ RSpec.describe Gitlab::Ci::Reports::Security::Locations::ContainerScanning do
  describe 'fingerprint' do
    sha1_of = -> (input) { Digest::SHA1.hexdigest(input) }
-    context 'with feature enabled' do
+    where(:image, :default_branch_image, :expected_fingerprint_input) do
-      where(:image, :default_branch_image, :expected_fingerprint_input) do
+      [
+        ['alpine:3.7.3', nil, 'alpine:3.7.3:glibc'],
+        ['alpine:3.7', nil, 'alpine:3.7:glibc'],
+        ['alpine:8101518288111119448185914762536722131810', nil, 'alpine:glibc'],
+        ['alpine:1.0.0-beta', nil, 'alpine:1.0.0-beta:glibc'],
        [
-          ['alpine:3.7.3', nil, 'alpine:3.7.3:glibc'],
+          'gdk.local:5000/group/project/branch:307e0a35643f63652a713d0820db7c388012f724',
-          ['alpine:3.7', nil, 'alpine:3.7:glibc'],
+          nil,
-          ['alpine:8101518288111119448185914762536722131810', nil, 'alpine:glibc'],
+          'gdk.local:5000/group/project/branch:glibc'
-          ['alpine:1.0.0-beta', nil, 'alpine:1.0.0-beta:glibc'],
+        ],
-          [
+        [
-            'gdk.local:5000/group/project/branch:307e0a35643f63652a713d0820db7c388012f724',
+          'registry.gitlab.com/group/project/tmp:af864bd61230d3d694eb01d6205b268b4ad63ac0',
-            nil,
+          nil,
-            'gdk.local:5000/group/project/branch:glibc'
+          'registry.gitlab.com/group/project/tmp:glibc'
-          ],
+        ],
-          [
+        [
-            'registry.gitlab.com/group/project/tmp:af864bd61230d3d694eb01d6205b268b4ad63ac0',
+          'registry.gitlab.com/group/project/feature:5b1a4a921d7a50c3757aae3f7df2221878775af4',
-            nil,
+          'registry.gitlab.com/group/project/master:ec301f43f14a2b477806875e49cfc4d3fa0d22c3',
-            'registry.gitlab.com/group/project/tmp:glibc'
+          'registry.gitlab.com/group/project/master:glibc'
-          ],
+        ],
-          [
+        [
-            'registry.gitlab.com/group/project/feature:5b1a4a921d7a50c3757aae3f7df2221878775af4',
+          'registry.gitlab.com/group/project/feature:d6704dc0b8e33fb550a86f7847d6a3036d4f8bd5',
-            'registry.gitlab.com/group/project/master:ec301f43f14a2b477806875e49cfc4d3fa0d22c3',
+          'registry.gitlab.com/group/project:latest',
-            'registry.gitlab.com/group/project/master:glibc'
+          'registry.gitlab.com/group/project:glibc'
-          ],
+        ],
-          [
+        [
-            'registry.gitlab.com/group/project/feature:d6704dc0b8e33fb550a86f7847d6a3036d4f8bd5',
+          'registry.gitlab.com/group/project@sha256:a418bbb80b9411f9a08025baa4681e192aaafd16505039bdcb113ccdb90a88fd',
-            'registry.gitlab.com/group/project:latest',
+          'registry.gitlab.com/group/project:latest',
-            'registry.gitlab.com/group/project:glibc'
+          'registry.gitlab.com/group/project:glibc'
-          ],
+        ],
-          [
+        [
-            'registry.gitlab.com/group/project@sha256:a418bbb80b9411f9a08025baa4681e192aaafd16505039bdcb113ccdb90a88fd',
+          'registry.gitlab.com/group/project/feature:latest',
-            'registry.gitlab.com/group/project:latest',
+          'registry.gitlab.com/group/project:1.0.0',
-            'registry.gitlab.com/group/project:glibc'
+          'registry.gitlab.com/group/project:1.0.0:glibc'
-          ],
-          [
-            'registry.gitlab.com/group/project/feature:latest',
-            'registry.gitlab.com/group/project:1.0.0',
-            'registry.gitlab.com/group/project:1.0.0:glibc'
-          ]
        ]
-      end
+      ]
-      with_them do
-        let(:params) do
-          {
-            image: image,
-            default_branch_image: default_branch_image,
-            operating_system: 'debian:9',
-            package_name: 'glibc',
-            package_version: '1.2.3',
-            improved_container_scan_matching_enabled: true
-          }
-        end
-        specify { expect(subject.fingerprint).to eq(sha1_of.call(expected_fingerprint_input)) }
-      end
    end
-    context 'with feature disabled' do
+    with_them do
      let(:params) do
        {
-          image: 'registry.gitlab.com/group/project/feature:ec301f43f14a2b477806875e49cfc4d3fa0d22c3',
+          image: image,
-          default_branch_image: 'registry.gitlab.com/group/project/master:ec301f43f14a2b477806875e49cfc4d3fa0d22c3',
+          default_branch_image: default_branch_image,
          operating_system: 'debian:9',
          package_name: 'glibc',
          package_version: '1.2.3'
        }
      end
-      it 'ignores default_branch_image' do
+      specify { expect(subject.fingerprint).to eq(sha1_of.call(expected_fingerprint_input)) }
-        expect(subject.fingerprint).to eq(sha1_of.call('registry.gitlab.com/group/project/feature:glibc'))
-      end
-      where(:image, :expected_fingerprint_input) do
-        [
-          ['alpine:3.7.3', 'alpine:3.7.3:glibc'],
-          ['alpine:3.7', 'alpine:3.7:glibc'],
-          ['alpine:8101518288111119448185914762536722131810', 'alpine:glibc'],
-          ['alpine:1.0.0-beta', 'alpine:1.0.0-beta:glibc'],
-          [
-            'registry.gitlab.com/group/project/tmp:af864bd61230d3d694eb01d6205b268b4ad63ac0',
-            'registry.gitlab.com/group/project/tmp:glibc'
-          ]
-        ]
-      end
-      with_them do
-        let(:params) do
-          {
-            image: image,
-            operating_system: 'debian:9',
-            package_name: 'glibc',
-            package_version: '1.2.3'
-          }
-        end
-        specify { expect(subject.fingerprint).to eq(sha1_of.call(expected_fingerprint_input)) }
-      end
    end
  end
 end