Merge branch '334565-remove-dependency-proxy-deploy-token-feature-flag' into 'master'

Remove the `dependency_proxy_deploy_tokens` feature flag

See merge request gitlab-org/gitlab!67552

app/controllers/groups/dependency_proxy/application_controller.rb

@@ -18,23 +18,14 @@ module Groups
       def authenticate_user_from_jwt_token!
         return unless dependency_proxy_for_private_groups?
 
-        if Feature.enabled?(:dependency_proxy_deploy_tokens)
-          authenticate_with_http_token do |token, _|
-            @authentication_result = EMPTY_AUTH_RESULT
-
-            found_user = user_from_token(token)
-            sign_in(found_user) if found_user.is_a?(User)
-          end
-
-          request_bearer_token! unless authenticated_user
-        else
-          authenticate_with_http_token do |token, _|
-            user = user_from_token(token)
-            sign_in(user) if user
-          end
-
-          request_bearer_token! unless current_user
+        authenticate_with_http_token do |token, _|
+          @authentication_result = EMPTY_AUTH_RESULT
+
+          found_user = user_from_token(token)
+          sign_in(found_user) if found_user.is_a?(User)
         end
+
+        request_bearer_token! unless authenticated_user
       end
 
       private
@@ -51,7 +42,6 @@ module Groups
 
       def user_from_token(token)
         token_payload = ::DependencyProxy::AuthTokenService.decoded_token_payload(token)
-        return User.find(token_payload['user_id']) unless Feature.enabled?(:dependency_proxy_deploy_tokens)
 
         if token_payload['user_id']
           token_user = User.find(token_payload['user_id'])

config/feature_flags/development/dependency_proxy_deploy_tokens.yml

----
-name: dependency_proxy_deploy_tokens
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/64363
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/334565
-milestone: '14.2'
-type: development
-group: group::package
-default_enabled: false

spec/controllers/groups/dependency_proxy_for_containers_controller_spec.rb

@@ -65,82 +65,39 @@ RSpec.describe Groups::DependencyProxyForContainersController do
       it { is_expected.to have_gitlab_http_status(:not_found) }
     end
 
-    context 'deploy tokens with dependency_proxy_deploy_tokens disabled' do
-      before do
-        stub_feature_flags(dependency_proxy_deploy_tokens: false)
-      end
-
-      context 'with deploy token from a different group,' do
-        let_it_be(:user) { create(:deploy_token, :group, :dependency_proxy_scopes) }
-
-        it { is_expected.to have_gitlab_http_status(:not_found) }
-      end
-
-      context 'with revoked deploy token' do
-        let_it_be(:user) { create(:deploy_token, :revoked, :group, :dependency_proxy_scopes) }
-        let_it_be(:group_deploy_token) { create(:group_deploy_token, deploy_token: user, group: group) }
-
-        it { is_expected.to have_gitlab_http_status(:not_found) }
-      end
-
-      context 'with expired deploy token' do
-        let_it_be(:user) { create(:deploy_token, :expired, :group, :dependency_proxy_scopes) }
-        let_it_be(:group_deploy_token) { create(:group_deploy_token, deploy_token: user, group: group) }
-
-        it { is_expected.to have_gitlab_http_status(:not_found) }
-      end
-
-      context 'with deploy token with insufficient scopes' do
-        let_it_be(:user) { create(:deploy_token, :group) }
-        let_it_be(:group_deploy_token) { create(:group_deploy_token, deploy_token: user, group: group) }
-
-        it { is_expected.to have_gitlab_http_status(:not_found) }
-      end
+    context 'with deploy token from a different group,' do
+      let_it_be(:user) { create(:deploy_token, :group, :dependency_proxy_scopes) }
 
-      context 'when a group is not found' do
-        before do
-          expect(Group).to receive(:find_by_full_path).and_return(nil)
-        end
-
-        it { is_expected.to have_gitlab_http_status(:not_found) }
-      end
+      it { is_expected.to have_gitlab_http_status(:not_found) }
     end
 
-    context 'deploy tokens with dependency_proxy_deploy_tokens enabled' do
-      context 'with deploy token from a different group,' do
-        let_it_be(:user) { create(:deploy_token, :group, :dependency_proxy_scopes) }
-
-        it { is_expected.to have_gitlab_http_status(:not_found) }
-      end
+    context 'with revoked deploy token' do
+      let_it_be(:user) { create(:deploy_token, :revoked, :group, :dependency_proxy_scopes) }
+      let_it_be(:group_deploy_token) { create(:group_deploy_token, deploy_token: user, group: group) }
 
-      context 'with revoked deploy token' do
-        let_it_be(:user) { create(:deploy_token, :revoked, :group, :dependency_proxy_scopes) }
-        let_it_be(:group_deploy_token) { create(:group_deploy_token, deploy_token: user, group: group) }
+      it { is_expected.to have_gitlab_http_status(:unauthorized) }
+    end
 
-        it { is_expected.to have_gitlab_http_status(:unauthorized) }
-      end
+    context 'with expired deploy token' do
+      let_it_be(:user) { create(:deploy_token, :expired, :group, :dependency_proxy_scopes) }
+      let_it_be(:group_deploy_token) { create(:group_deploy_token, deploy_token: user, group: group) }
 
-      context 'with expired deploy token' do
-        let_it_be(:user) { create(:deploy_token, :expired, :group, :dependency_proxy_scopes) }
-        let_it_be(:group_deploy_token) { create(:group_deploy_token, deploy_token: user, group: group) }
+      it { is_expected.to have_gitlab_http_status(:unauthorized) }
+    end
 
-        it { is_expected.to have_gitlab_http_status(:unauthorized) }
-      end
+    context 'with deploy token with insufficient scopes' do
+      let_it_be(:user) { create(:deploy_token, :group) }
+      let_it_be(:group_deploy_token) { create(:group_deploy_token, deploy_token: user, group: group) }
 
-      context 'with deploy token with insufficient scopes' do
-        let_it_be(:user) { create(:deploy_token, :group) }
-        let_it_be(:group_deploy_token) { create(:group_deploy_token, deploy_token: user, group: group) }
+      it { is_expected.to have_gitlab_http_status(:not_found) }
+    end
 
-        it { is_expected.to have_gitlab_http_status(:not_found) }
+    context 'when a group is not found' do
+      before do
+        expect(Group).to receive(:find_by_full_path).and_return(nil)
       end
 
-      context 'when a group is not found' do
-        before do
-          expect(Group).to receive(:find_by_full_path).and_return(nil)
-        end
-
-        it { is_expected.to have_gitlab_http_status(:not_found) }
-      end
+      it { is_expected.to have_gitlab_http_status(:not_found) }
     end
 
     context 'when user is not found' do
@@ -274,25 +231,6 @@ RSpec.describe Groups::DependencyProxyForContainersController do
           it_behaves_like 'returning response status', :success
           it_behaves_like 'a package tracking event', described_class.name, 'pull_manifest_from_cache'
         end
-
-        context 'with dependency_proxy_deploy_tokens feature flag disabled' do
-          before do
-            stub_feature_flags(dependency_proxy_deploy_tokens: false)
-          end
-
-          it_behaves_like 'a successful manifest pull'
-        end
-      end
-
-      context 'a valid deploy token with dependency_proxy_deploy_tokens feature flag disabled' do
-        let_it_be(:user) { create(:deploy_token, :dependency_proxy_scopes, :group) }
-        let_it_be(:group_deploy_token) { create(:group_deploy_token, deploy_token: user, group: group) }
-
-        before do
-          stub_feature_flags(dependency_proxy_deploy_tokens: false)
-        end
-
-        it { is_expected.to have_gitlab_http_status(:not_found) }
       end
 
       context 'a valid deploy token' do
@@ -395,25 +333,6 @@ RSpec.describe Groups::DependencyProxyForContainersController do
           it_behaves_like 'returning response status', :success
           it_behaves_like 'a package tracking event', described_class.name, 'pull_blob_from_cache'
         end
-
-        context 'with dependency_proxy_deploy_tokens feature flag disabled' do
-          before do
-            stub_feature_flags(dependency_proxy_deploy_tokens: false)
-          end
-
-          it_behaves_like 'a successful blob pull'
-        end
-      end
-
-      context 'a valid deploy token with dependency_proxy_deploy_tokens feature flag disabled' do
-        let_it_be(:user) { create(:deploy_token, :group, :dependency_proxy_scopes) }
-        let_it_be(:group_deploy_token) { create(:group_deploy_token, deploy_token: user, group: group) }
-
-        before do
-          stub_feature_flags(dependency_proxy_deploy_tokens: false)
-        end
-
-        it { is_expected.to have_gitlab_http_status(:not_found) }
       end
 
       context 'a valid deploy token' do