Enable SSH key expiration enforcement

Removes all references to feature flag to make this feature available by default to all self-managed installs. Note: The feature is still _disabled_ by default, even once the flag has been removed to avoid breaking changes.

Enable SSH key expiration enforcement
Removes all references to feature flag to make this feature available by default to all self-managed installs. Note: The feature is still _disabled_ by default, even once the flag has been removed to avoid breaking changes.
043225fe · Max Woolf · bb19877a · 043225fe · 043225fe · 043225fe
Commit 043225fe authored Feb 01, 2021 by Max Woolf
6 changed files
--- a/doc/user/admin_area/settings/account_and_limit_settings.md
+++ b/doc/user/admin_area/settings/account_and_limit_settings.md
@@ -163,13 +163,7 @@ Once a lifetime for personal access tokens is set, GitLab will:
  allowed lifetime. Three hours is given to allow administrators to change the allowed lifetime,
  or remove it, before revocation takes place.
-## Enforcement of SSH key expiration **(ULTIMATE ONLY)**
+## Enforcement of SSH key expiration **(ULTIMATE SELF)**
-> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/276221) in GitLab Ultimate 13.9.
-> - It is deployed behind a feature flag, disabled by default.
-> - It is disabled on GitLab.com.
-> - It is not recommended for production use.
-> - To use it in GitLab self-managed instances, ask a GitLab administrator to [enable it](#enable-or-disable-enforcement-of-ssh-key-expiration-feature). **(CORE ONLY)**
 GitLab administrators can choose to enforce the expiration of SSH keys after their expiration dates.
 If you enable this feature, this disables all _expired_ SSH keys.
@@ -180,23 +174,6 @@ To do this:
 1. Expand the **Account and limit** section.
 1. Select the **Enforce SSH key expiration** checkbox.
-### Enable or disable enforcement of SSH key expiration Feature **(CORE ONLY)**
-Enforcement of SSH key expiry is deployed behind a feature flag and is **disabled by default**.
-[GitLab administrators with access to the GitLab Rails console](../../../administration/feature_flags.md) can enable it for your instance from the [rails console](../../../administration/feature_flags.md#start-the-gitlab-rails-console).
-To enable it:
-```ruby
-Feature.enable(:ff_enforce_ssh_key_expiration)
-```
-To disable it:
-```ruby
-Feature.disable(:ff_enforce_ssh_key_expiration)
-```
 ## Optional enforcement of Personal Access Token expiry **(ULTIMATE SELF)**
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/214723) in GitLab Ultimate 13.1.

--- a/ee/app/models/ee/key.rb
+++ b/ee/app/models/ee/key.rb
@@ -28,7 +28,7 @@ module EE
      end
      def enforce_ssh_key_expiration_feature_available?
-        License.feature_available?(:enforce_ssh_key_expiration) && ::Feature.enabled?(:ff_enforce_ssh_key_expiration)
+        License.feature_available?(:enforce_ssh_key_expiration)
      end
    end
  end

--- a/ee/changelogs/unreleased/mw-ff-remove-ff_enforce_ssh_key_expiration-flag.yml
+++ b/ee/changelogs/unreleased/mw-ff-remove-ff_enforce_ssh_key_expiration-flag.yml
+---
+title: Add ability to enforce SSH key expiration
+merge_request: 53035
+author:
+type: added
--- a/ee/config/feature_flags/development/ff_enforce_ssh_key_expiration.yml
+++ b/ee/config/feature_flags/development/ff_enforce_ssh_key_expiration.yml
---
-name: ff_enforce_ssh_key_expiration
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/51921
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/299092
-milestone: '13.9'
-type: development
-group: group::compliance
-default_enabled: false
--- a/ee/spec/lib/gitlab/git_access_spec.rb
+++ b/ee/spec/lib/gitlab/git_access_spec.rb
@@ -785,7 +785,6 @@ RSpec.describe Gitlab::GitAccess do
      before do
        stub_licensed_features(enforce_ssh_key_expiration: true)
-        stub_feature_flags(ff_enforce_ssh_key_expiration: true)
        stub_ee_application_setting(enforce_ssh_key_expiration: true)
      end

--- a/ee/spec/models/ee/key_spec.rb
+++ b/ee/spec/models/ee/key_spec.rb
@@ -27,20 +27,15 @@ RSpec.describe Key do
  describe '.expiration_enforced?' do
    using RSpec::Parameterized::TableSyntax
-    where(:feature_enabled, :licensed, :application_setting, :available) do
+    where(:licensed, :application_setting, :available) do
-      true  | true  | true  | true
+      true  | true  | true
-      true  | true  | false | false
+      true  | false | false
-      true  | false | true  | false
+      false | true  | false
-      true  | false | false | false
+      false | false | false
-      false | true  | true  | false
-      false | true  | false | false
-      false | false | true  | false
-      false | false | false | false
    end
    with_them do
      before do
-        stub_feature_flags(ff_enforce_ssh_key_expiration: feature_enabled)
        stub_licensed_features(enforce_ssh_key_expiration: licensed)
        stub_ee_application_setting(enforce_ssh_key_expiration: application_setting)
      end