Commit 51393d6a authored by Kerri Miller's avatar Kerri Miller

Merge branch 'group_level_compliance_pipeline_availability_fix' into 'master'

Segregate feature flag control for Compliance frameworks and Pipeline configuration

See merge request gitlab-org/gitlab!56672
parents ed020986 60f69c53
......@@ -179,7 +179,6 @@ class License < ApplicationRecord
subepics
threat_monitoring
vulnerability_auto_fix
evaluate_group_level_compliance_pipeline
]
EEU_FEATURES.freeze
......
......@@ -11,7 +11,7 @@ module ComplianceManagement
condition(:group_level_compliance_pipeline_enabled) do
@subject.namespace.feature_available?(:evaluate_group_level_compliance_pipeline) &&
Feature.enabled?(:ff_custom_compliance_frameworks, @subject.namespace)
Feature.enabled?(:ff_evaluate_group_level_compliance_pipeline, @subject.namespace)
end
rule { can?(:owner_access) & custom_compliance_frameworks_enabled }.policy do
......
......@@ -135,7 +135,7 @@ module EE
condition(:group_level_compliance_pipeline_available) do
@subject.feature_available?(:evaluate_group_level_compliance_pipeline) &&
::Feature.enabled?(:ff_custom_compliance_frameworks, @subject, default_enabled: :yaml)
::Feature.enabled?(:ff_evaluate_group_level_compliance_pipeline, @subject, default_enabled: :yaml)
end
rule { public_group | logged_in_viewable }.policy do
......
......@@ -3,9 +3,9 @@
module ComplianceManagement
module Frameworks
def compliance_pipeline_configuration_available?
return true unless params[:pipeline_configuration_full_path].present?
return true unless params.key?(:pipeline_configuration_full_path)
can? current_user, :manage_group_level_compliance_pipeline_config, framework
can?(current_user, :manage_group_level_compliance_pipeline_config, framework)
end
end
end
......@@ -57,7 +57,9 @@ RSpec.describe ComplianceManagement::FrameworkPolicy do
context 'feature is disabled' do
before do
stub_feature_flags(ff_custom_compliance_framework: false)
stub_licensed_features(custom_compliance_frameworks: true, evaluate_group_level_compliance_pipeline: true)
stub_feature_flags(ff_custom_compliance_frameworks: false)
stub_feature_flags(ff_evaluate_group_level_compliance_pipeline: false)
end
it { is_expected.to be_disallowed(:manage_compliance_framework) }
......
......@@ -1569,7 +1569,7 @@ RSpec.describe GroupPolicy do
end
describe 'compliance framework permissions' do
shared_context 'compliance framework permissions' do
shared_examples 'compliance framework permissions' do
using RSpec::Parameterized::TableSyntax
where(:role, :licensed, :feature_flag, :admin_mode, :allowed) do
......@@ -1590,7 +1590,7 @@ RSpec.describe GroupPolicy do
before do
stub_licensed_features(licensed_feature => licensed)
stub_feature_flags(ff_custom_compliance_frameworks: feature_flag)
stub_feature_flags(feature_flag_name => feature_flag)
enable_admin_mode!(current_user) if admin_mode
end
......@@ -1601,15 +1601,17 @@ RSpec.describe GroupPolicy do
context ':admin_compliance_framework' do
let(:policy) { :admin_compliance_framework }
let(:licensed_feature) { :custom_compliance_frameworks }
let(:feature_flag_name) { :ff_custom_compliance_frameworks }
include_context 'compliance framework permissions'
include_examples 'compliance framework permissions'
end
context ':admin_compliance_pipeline_configuration' do
let(:policy) { :admin_compliance_pipeline_configuration }
let(:licensed_feature) { :evaluate_group_level_compliance_pipeline }
let(:feature_flag_name) { :ff_evaluate_group_level_compliance_pipeline }
include_context 'compliance framework permissions'
include_examples 'compliance framework permissions'
end
end
......
......@@ -42,7 +42,7 @@ RSpec.describe 'Create a Compliance Framework' do
end
end
context 'feature is unlicensed' do
context 'framework feature is unlicensed' do
before do
stub_licensed_features(custom_compliance_frameworks: false)
post_graphql_mutation(mutation, current_user: current_user)
......@@ -51,12 +51,21 @@ RSpec.describe 'Create a Compliance Framework' do
it_behaves_like 'a mutation that returns errors in the response', errors: ['Not permitted to create framework']
end
context 'pipeline configuration feature is unlicensed' do
before do
stub_licensed_features(custom_compliance_frameworks: true, evaluate_group_level_compliance_pipeline: false)
post_graphql_mutation(mutation, current_user: current_user)
end
it_behaves_like 'a mutation that returns errors in the response', errors: ['Pipeline configuration full path feature is not available']
end
context 'feature is licensed' do
before do
stub_licensed_features(custom_compliance_frameworks: true, evaluate_group_level_compliance_pipeline: true)
end
context 'feature is disabled' do
context 'framework feature is disabled' do
before do
stub_feature_flags(ff_custom_compliance_frameworks: false)
end
......@@ -64,6 +73,14 @@ RSpec.describe 'Create a Compliance Framework' do
it_behaves_like 'a mutation that returns errors in the response', errors: ['Not permitted to create framework']
end
context 'pipeline configuration feature is disabled' do
before do
stub_feature_flags(ff_evaluate_group_level_compliance_pipeline: false)
end
it_behaves_like 'a mutation that returns errors in the response', errors: ['Pipeline configuration full path feature is not available']
end
context 'current_user is namespace owner' do
it_behaves_like 'a mutation that creates a compliance framework'
end
......
......@@ -91,6 +91,19 @@ RSpec.describe 'Update a compliance framework' do
expect(mutation_response['errors']).to contain_exactly "Pipeline configuration full path feature is not available"
end
end
context 'when compliance pipeline configuration feature flag is not enabled' do
before do
stub_licensed_features(custom_compliance_frameworks: true, evaluate_group_level_compliance_pipeline: true)
stub_feature_flags(ff_evaluate_group_level_compliance_pipeline: false)
end
it 'returns an error' do
subject
expect(mutation_response['errors']).to contain_exactly "Pipeline configuration full path feature is not available"
end
end
end
context 'current_user is not permitted to update framework' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment