Merge branch 'mw-ff/remove-ff_enforce_ssh_key_expiration-flag' into 'master'

Enable SSH key expiration enforcement See merge request gitlab-org/gitlab!53035

Merge branch 'mw-ff/remove-ff_enforce_ssh_key_expiration-flag' into 'master'
Enable SSH key expiration enforcement See merge request gitlab-org/gitlab!53035
4421c856 · Mikołaj Wawrzyniak · b1394f1e · 1da99025 · 4421c856 · 4421c856
Commit 4421c856 authored Feb 04, 2021 by Mikołaj Wawrzyniak
6 changed files
--- a/doc/user/admin_area/settings/account_and_limit_settings.md
+++ b/doc/user/admin_area/settings/account_and_limit_settings.md
@@ -163,13 +163,7 @@ Once a lifetime for personal access tokens is set, GitLab will:
  allowed lifetime. Three hours is given to allow administrators to change the allowed lifetime,
  or remove it, before revocation takes place.

-## Enforcement of SSH key expiration **(ULTIMATE ONLY)**
-
-> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/276221) in GitLab Ultimate 13.9.
-> - It is deployed behind a feature flag, disabled by default.
-> - It is disabled on GitLab.com.
-> - It is not recommended for production use.
-> - To use it in GitLab self-managed instances, ask a GitLab administrator to [enable it](#enable-or-disable-enforcement-of-ssh-key-expiration-feature). **(CORE ONLY)**
+## Enforcement of SSH key expiration **(ULTIMATE SELF)**

 GitLab administrators can choose to enforce the expiration of SSH keys after their expiration dates.
 If you enable this feature, this disables all _expired_ SSH keys.
@@ -180,23 +174,6 @@ To do this:
 1. Expand the **Account and limit** section.
 1. Select the **Enforce SSH key expiration** checkbox.

-### Enable or disable enforcement of SSH key expiration Feature **(CORE ONLY)**
-
-Enforcement of SSH key expiry is deployed behind a feature flag and is **disabled by default**.
-[GitLab administrators with access to the GitLab Rails console](../../../administration/feature_flags.md) can enable it for your instance from the [rails console](../../../administration/feature_flags.md#start-the-gitlab-rails-console).
-
-To enable it:
-
-```ruby
-Feature.enable(:ff_enforce_ssh_key_expiration)
-```
-
-To disable it:
-
-```ruby
-Feature.disable(:ff_enforce_ssh_key_expiration)
-```
-
 ## Optional enforcement of Personal Access Token expiry **(ULTIMATE SELF)**

 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/214723) in GitLab Ultimate 13.1.

--- a/ee/app/models/ee/key.rb
+++ b/ee/app/models/ee/key.rb
@@ -28,7 +28,7 @@ module EE
      end

      def enforce_ssh_key_expiration_feature_available?
-        License.feature_available?(:enforce_ssh_key_expiration) && ::Feature.enabled?(:ff_enforce_ssh_key_expiration)
+        License.feature_available?(:enforce_ssh_key_expiration)
      end
    end
  end

--- a/ee/changelogs/unreleased/mw-ff-remove-ff_enforce_ssh_key_expiration-flag.yml
+++ b/ee/changelogs/unreleased/mw-ff-remove-ff_enforce_ssh_key_expiration-flag.yml
+---
+title: Add ability to enforce SSH key expiration (feature flag removed)
+merge_request: 53035
+author:
+type: added
--- a/ee/config/feature_flags/development/ff_enforce_ssh_key_expiration.yml
+++ b/ee/config/feature_flags/development/ff_enforce_ssh_key_expiration.yml
---
-name: ff_enforce_ssh_key_expiration
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/51921
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/299092
-milestone: '13.9'
-type: development
-group: group::compliance
-default_enabled: false
--- a/ee/spec/lib/gitlab/git_access_spec.rb
+++ b/ee/spec/lib/gitlab/git_access_spec.rb
@@ -785,7 +785,6 @@ RSpec.describe Gitlab::GitAccess do

      before do
        stub_licensed_features(enforce_ssh_key_expiration: true)
-        stub_feature_flags(ff_enforce_ssh_key_expiration: true)
        stub_ee_application_setting(enforce_ssh_key_expiration: true)
      end


--- a/ee/spec/models/ee/key_spec.rb
+++ b/ee/spec/models/ee/key_spec.rb
@@ -27,20 +27,15 @@ RSpec.describe Key do
  describe '.expiration_enforced?' do
    using RSpec::Parameterized::TableSyntax

-    where(:feature_enabled, :licensed, :application_setting, :available) do
-      true  | true  | true  | true
-      true  | true  | false | false
-      true  | false | true  | false
-      true  | false | false | false
-      false | true  | true  | false
-      false | true  | false | false
-      false | false | true  | false
-      false | false | false | false
+    where(:licensed, :application_setting, :available) do
+      true  | true  | true
+      true  | false | false
+      false | true  | false
+      false | false | false
    end

    with_them do
      before do
-        stub_feature_flags(ff_enforce_ssh_key_expiration: feature_enabled)
        stub_licensed_features(enforce_ssh_key_expiration: licensed)
        stub_ee_application_setting(enforce_ssh_key_expiration: application_setting)
      end