Merge branch 'remove-dast-on-demand-scans-feature-flag-240879' into 'master'

Remove security_on_demand_scans_feature_flag See merge request gitlab-org/gitlab!45924

Merge branch 'remove-dast-on-demand-scans-feature-flag-240879' into 'master'
Remove security_on_demand_scans_feature_flag See merge request gitlab-org/gitlab!45924
25b436b4 · Mayra Cabrera · 23056f87 · 8e5f23df · 25b436b4 · 25b436b4
Commit 25b436b4 authored Oct 28, 2020 by Mayra Cabrera
32 changed files
--- a/doc/user/application_security/dast/index.md
+++ b/doc/user/application_security/dast/index.md
@@ -714,10 +714,6 @@ To delete a scanner profile:

 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/218465) in GitLab 13.2.
 > - [Improved](https://gitlab.com/gitlab-org/gitlab/-/issues/218465) in GitLab 13.3.
-> - It's deployed behind a feature flag, enabled by default.
-> - It's enabled on GitLab.com.
-> - It's able to be enabled or disabled per-project.
-> - To use it in GitLab self-managed instances, ask a GitLab administrator to [enable it](#enable-or-disable-on-demand-scans).

 An on-demand DAST scan runs outside the DevOps life cycle. Changes in your repository don't trigger
 the scan. You must start it manually.
@@ -748,35 +744,6 @@ To run an on-demand DAST scan, you need:

 The on-demand DAST scan runs and the project's dashboard shows the results.

-### Enable or disable On-demand Scans
-
-The On-demand DAST Scans feature is enabled by default. You can disable on-demand scans
-instance-wide, or disable it for specific projects if you prefer.
-
-To run on-demand DAST scans, an administrator must enable the
-`security_on_demand_scans_feature_flag` feature flag.
-
-[GitLab administrators with access to the GitLab Rails console](../../../administration/feature_flags.md)
-can disable or enable the feature flags.
-
-To disable On-demand DAST Scans:
-
-```ruby
-# Instance-wide
-Feature.disable(:security_on_demand_scans_feature_flag)
-# or by project
-Feature.disable(:security_on_demand_scans_feature_flag, Project.find(<project id>))
-```
-
-To enable On-demand DAST Scans:
-
-```ruby
-# Instance-wide
-Feature.enable(:security_on_demand_scans_feature_flag)
-# or by project
-Feature.enable(:security_on_demand_scans_feature_flag, Project.find(<project ID>))
-```
-
 ## Reports

 The DAST tool outputs a report file in JSON format by default. However, this tool can also generate reports in

--- a/ee/app/graphql/ee/types/project_type.rb
+++ b/ee/app/graphql/ee/types/project_type.rb
@@ -17,8 +17,6 @@ module EE
            null: true,
            description: 'The DAST scanner profiles associated with the project',
            resolve: -> (project, _args, _ctx) do
-              return DastScannerProfile.none unless ::Feature.enabled?(:security_on_demand_scans_feature_flag, project, default_enabled: true)
-
              DastScannerProfilesFinder.new(project_ids: [project.id]).execute
            end


--- a/ee/app/policies/ee/project_policy.rb
+++ b/ee/app/policies/ee/project_policy.rb
@@ -101,7 +101,6 @@ module EE

      with_scope :subject
      condition(:on_demand_scans_enabled) do
-        ::Feature.enabled?(:security_on_demand_scans_feature_flag, project, default_enabled: true) &&
        @subject.feature_available?(:security_on_demand_scans)
      end


--- a/ee/config/feature_flags/development/security_on_demand_scans_feature_flag.yml
+++ b/ee/config/feature_flags/development/security_on_demand_scans_feature_flag.yml
---
-name: security_on_demand_scans_feature_flag
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/32994
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/237796
-group: group::dynamic analysis
-type: development
-default_enabled: true
--- a/ee/spec/graphql/mutations/dast_on_demand_scans/create_spec.rb
+++ b/ee/spec/graphql/mutations/dast_on_demand_scans/create_spec.rb
@@ -135,14 +135,6 @@ RSpec.describe Mutations::DastOnDemandScans::Create do
          end
        end

-        context 'when on demand scan feature is not enabled' do
-          it 'raises an exception' do
-            stub_feature_flags(security_on_demand_scans_feature_flag: false)
-
-            expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-          end
-        end
-
        context 'when on demand scan licensed feature is not available' do
          it 'raises an exception' do
            stub_licensed_features(security_on_demand_scans: false)

--- a/ee/spec/graphql/mutations/dast_scanner_profiles/create_spec.rb
+++ b/ee/spec/graphql/mutations/dast_scanner_profiles/create_spec.rb
@@ -84,16 +84,6 @@ RSpec.describe Mutations::DastScannerProfiles::Create do
        end
      end

-      context 'when security_on_demand_scans_feature_flag is disabled' do
-        before do
-          stub_feature_flags(security_on_demand_scans_feature_flag: false)
-        end
-
-        it 'raises an exception' do
-          expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-        end
-      end
-
      context 'when on demand scan licensed feature is not available' do
        it 'raises an exception' do
          stub_licensed_features(security_on_demand_scans: false)

--- a/ee/spec/graphql/mutations/dast_scanner_profiles/delete_spec.rb
+++ b/ee/spec/graphql/mutations/dast_scanner_profiles/delete_spec.rb
@@ -54,14 +54,6 @@ RSpec.describe Mutations::DastScannerProfiles::Delete do
        end
      end

-      context 'when security_on_demand_scans_feature_flag is disabled' do
-        it 'raises an exception' do
-          stub_feature_flags(security_on_demand_scans_feature_flag: false)
-
-          expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-        end
-      end
-
      context 'when on demand scan licensed feature is not available' do
        it 'raises an exception' do
          stub_licensed_features(security_on_demand_scans: false)

--- a/ee/spec/graphql/mutations/dast_scanner_profiles/update_spec.rb
+++ b/ee/spec/graphql/mutations/dast_scanner_profiles/update_spec.rb
@@ -109,14 +109,6 @@ RSpec.describe Mutations::DastScannerProfiles::Update do
          end
        end

-        context 'when on demand scan feature is not enabled' do
-          it 'raises an exception' do
-            stub_feature_flags(security_on_demand_scans_feature_flag: false)
-
-            expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-          end
-        end
-
        context 'when on demand scan licensed feature is not available' do
          it 'raises an exception' do
            stub_licensed_features(security_on_demand_scans: false)

--- a/ee/spec/graphql/mutations/dast_site_profiles/create_spec.rb
+++ b/ee/spec/graphql/mutations/dast_site_profiles/create_spec.rb
@@ -90,14 +90,6 @@ RSpec.describe Mutations::DastSiteProfiles::Create do
          end
        end

-        context 'when on demand scan feature is not enabled' do
-          it 'raises an exception' do
-            stub_feature_flags(security_on_demand_scans_feature_flag: false)
-
-            expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-          end
-        end
-
        context 'when on demand scan licensed feature is not available' do
          it 'raises an exception' do
            stub_licensed_features(security_on_demand_scans: false)

--- a/ee/spec/graphql/mutations/dast_site_profiles/delete_spec.rb
+++ b/ee/spec/graphql/mutations/dast_site_profiles/delete_spec.rb
@@ -97,14 +97,6 @@ RSpec.describe Mutations::DastSiteProfiles::Delete do
          end
        end

-        context 'when on demand scan feature is not enabled' do
-          it 'raises an exception' do
-            stub_feature_flags(security_on_demand_scans_feature_flag: false)
-
-            expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-          end
-        end
-
        context 'when on demand scan licensed feature is not available' do
          it 'raises an exception' do
            stub_licensed_features(security_on_demand_scans: false)

--- a/ee/spec/graphql/mutations/dast_site_profiles/update_spec.rb
+++ b/ee/spec/graphql/mutations/dast_site_profiles/update_spec.rb
@@ -97,14 +97,6 @@ RSpec.describe Mutations::DastSiteProfiles::Update do
          end
        end

-        context 'when on demand scan feature is not enabled' do
-          it 'raises an exception' do
-            stub_feature_flags(security_on_demand_scans_feature_flag: false)
-
-            expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-          end
-        end
-
        context 'when on demand scan licensed feature is not available' do
          it 'raises an exception' do
            stub_licensed_features(security_on_demand_scans: false)

--- a/ee/spec/graphql/mutations/dast_site_tokens/create_spec.rb
+++ b/ee/spec/graphql/mutations/dast_site_tokens/create_spec.rb
@@ -87,14 +87,6 @@ RSpec.describe Mutations::DastSiteTokens::Create do
          end
        end

-        context 'when on demand scan feature is not enabled' do
-          it 'raises an exception' do
-            stub_feature_flags(security_on_demand_scans_feature_flag: false)
-
-            expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-          end
-        end
-
        context 'when on demand scan site validations feature is not enabled' do
          it 'raises an exception' do
            stub_feature_flags(security_on_demand_scans_site_validation: false)

--- a/ee/spec/graphql/mutations/dast_site_validations/create_spec.rb
+++ b/ee/spec/graphql/mutations/dast_site_validations/create_spec.rb
@@ -71,14 +71,6 @@ RSpec.describe Mutations::DastSiteValidations::Create do
          expect(subject[:status]).to eq(dast_site_validation.state)
        end

-        context 'when on demand scan feature is not enabled' do
-          it 'raises an exception' do
-            stub_feature_flags(security_on_demand_scans_feature_flag: false)
-
-            expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-          end
-        end
-
        context 'when on demand scan site validations feature is not enabled' do
          it 'raises an exception' do
            stub_feature_flags(security_on_demand_scans_site_validation: false)

--- a/ee/spec/graphql/mutations/pipelines/run_dast_scan_spec.rb
+++ b/ee/spec/graphql/mutations/pipelines/run_dast_scan_spec.rb
@@ -34,10 +34,6 @@ RSpec.describe Mutations::Pipelines::RunDastScan do
    end

    context 'when on demand scan feature is enabled' do
-      before do
-        stub_feature_flags(security_on_demand_scans_feature_flag: true)
-      end
-
      context 'when the project does not exist' do
        let(:project_path) { SecureRandom.hex }


--- a/ee/spec/policies/dast_site_profile_policy_spec.rb
+++ b/ee/spec/policies/dast_site_profile_policy_spec.rb
@@ -33,14 +33,6 @@ RSpec.describe DastSiteProfilePolicy do

      it { is_expected.to be_allowed(:create_on_demand_dast_scan) }

-      context 'when on demand scan feature flag is disabled' do
-        before do
-          stub_feature_flags(security_on_demand_scans_feature_flag: false)
-        end
-
-        it { is_expected.to be_disallowed(:create_on_demand_dast_scan) }
-      end
-
      context 'when on demand scan licensed feature is not available' do
        before do
          stub_licensed_features(security_on_demand_scans: false)

--- a/ee/spec/policies/dast_site_validation_policy_spec.rb
+++ b/ee/spec/policies/dast_site_validation_policy_spec.rb
@@ -33,14 +33,6 @@ RSpec.describe DastSiteValidationPolicy do

      it { is_expected.to be_allowed(:create_on_demand_dast_scan) }

-      context 'when on demand scan feature flag is disabled' do
-        before do
-          stub_feature_flags(security_on_demand_scans_feature_flag: false)
-        end
-
-        it { is_expected.to be_disallowed(:create_on_demand_dast_scan) }
-      end
-
      context 'when on demand scan licensed feature is not available' do
        before do
          stub_licensed_features(security_on_demand_scans: false)

--- a/ee/spec/requests/api/graphql/mutations/pipelines/run_dast_scan_spec.rb
+++ b/ee/spec/requests/api/graphql/mutations/pipelines/run_dast_scan_spec.rb
@@ -37,10 +37,6 @@ RSpec.describe 'Running a DAST Scan' do
  end

  context 'when on demand scan feature is enabled' do
-    before do
-      stub_feature_flags(security_on_demand_scans_feature_flag: true)
-    end
-
    context 'when the user does not have permission to run a dast scan' do
      it_behaves_like 'a mutation that returns top-level errors',
                      errors: ['The resource that you are attempting to access does not ' \

--- a/ee/spec/requests/api/graphql/project/dast_scanner_profiles_spec.rb
+++ b/ee/spec/requests/api/graphql/project/dast_scanner_profiles_spec.rb
@@ -93,17 +93,5 @@ RSpec.describe 'Query.project(fullPath).dastScannerProfiles' do

      it { is_expected.to eq(dast_scanner_profile.to_global_id.to_s) }
    end
-
-    context 'when on demand scan feature flag is disabled' do
-      before do
-        stub_feature_flags(security_on_demand_scans_feature_flag: false)
-      end
-
-      describe 'dast scanner profiles' do
-        subject { response_data.dig('project', 'dastScannerProfiles', 'nodes') }
-
-        it { is_expected.to be_empty }
-      end
-    end
  end
 end
--- a/ee/spec/requests/api/graphql/project/dast_site_profile_spec.rb
+++ b/ee/spec/requests/api/graphql/project/dast_site_profile_spec.rb
@@ -83,14 +83,6 @@ RSpec.describe 'Query.project(fullPath).dastSiteProfile' do
      end
    end

-    context 'when on demand scan feature flag is disabled' do
-      it 'returns a null dast_site_profile' do
-        stub_feature_flags(security_on_demand_scans_feature_flag: false)
-
-        expect(dast_site_profile_response).to be_nil
-      end
-    end
-
    context 'when on demand scan licensed feature is not available' do
      it 'returns a null dast_site_profile' do
        stub_licensed_features(security_on_demand_scans: false)

--- a/ee/spec/requests/api/graphql/project/dast_site_profiles_spec.rb
+++ b/ee/spec/requests/api/graphql/project/dast_site_profiles_spec.rb
@@ -106,14 +106,6 @@ RSpec.describe 'Query.project(fullPath).dastSiteProfiles' do
      end
    end

-    context 'when on demand scan feature flag is disabled' do
-      it 'returns an empty edges array' do
-        stub_feature_flags(security_on_demand_scans_feature_flag: false)
-
-        expect(dast_site_profiles_response['nodes']).to be_empty
-      end
-    end
-
    context 'when on demand scan licensed feature is not available' do
      it 'returns an empty edges array' do
        stub_licensed_features(security_on_demand_scans: false)

--- a/ee/spec/requests/projects/on_demand_scans_controller_spec.rb
+++ b/ee/spec/requests/projects/on_demand_scans_controller_spec.rb
@@ -9,7 +9,6 @@ RSpec.describe Projects::OnDemandScansController, type: :request do
  describe 'GET #index' do
    context 'feature available' do
      before do
-        stub_feature_flags(security_on_demand_scans_feature_flag: true)
        stub_licensed_features(security_on_demand_scans: true)
      end

@@ -49,16 +48,7 @@ RSpec.describe Projects::OnDemandScansController, type: :request do
        login_as(user)
      end

-      it "sees a 404 error if the feature flag is disabled" do
-        stub_feature_flags(security_on_demand_scans_feature_flag: false)
-        stub_licensed_features(security_on_demand_scans: true)
-        get project_on_demand_scans_path(project)
-
-        expect(response).to have_gitlab_http_status(:not_found)
-      end
-
      it "sees a 404 error if the license doesn't support the feature" do
-        stub_feature_flags(security_on_demand_scans_feature_flag: true)
        stub_licensed_features(security_on_demand_scans: false)
        get project_on_demand_scans_path(project)


--- a/ee/spec/requests/projects/security/dast_profiles_controller_spec.rb
+++ b/ee/spec/requests/projects/security/dast_profiles_controller_spec.rb
@@ -9,7 +9,6 @@ RSpec.describe Projects::Security::DastProfilesController, type: :request do
  describe 'GET #index' do
    context 'feature available' do
      before do
-        stub_feature_flags(security_on_demand_scans_feature_flag: true)
        stub_licensed_features(security_on_demand_scans: true)
      end

@@ -49,19 +48,8 @@ RSpec.describe Projects::Security::DastProfilesController, type: :request do
        login_as(user)
      end

-      context 'feature flag is disabled' do
-        it 'sees a 404 error' do
-          stub_feature_flags(security_on_demand_scans_feature_flag: false)
-          stub_licensed_features(security_on_demand_scans: true)
-          get project_security_configuration_dast_profiles_path(project)
-
-          expect(response).to have_gitlab_http_status(:not_found)
-        end
-      end
-
      context 'license doesnt\'t support the feature' do
        it 'sees a 404 error' do
-          stub_feature_flags(security_on_demand_scans_feature_flag: true)
          stub_licensed_features(security_on_demand_scans: false)
          get project_security_configuration_dast_profiles_path(project)


--- a/ee/spec/requests/projects/security/dast_scanner_profiles_controller_spec.rb
+++ b/ee/spec/requests/projects/security/dast_scanner_profiles_controller_spec.rb
@@ -9,7 +9,6 @@ RSpec.describe Projects::Security::DastScannerProfilesController, type: :request

  shared_context 'on-demand scans feature available' do
    before do
-      stub_feature_flags(security_on_demand_scans_feature_flag: true)
      stub_licensed_features(security_on_demand_scans: true)
    end
  end
@@ -54,23 +53,13 @@ RSpec.describe Projects::Security::DastScannerProfilesController, type: :request
    end

    context 'feature not available' do
-      using RSpec::Parameterized::TableSyntax
-
      include_context 'user authorized'

-      where(:feature_flag_enabled, :license_support) do
-        false | true
-        true  | false
-      end
+      it 'sees a 404 error' do
+        stub_licensed_features(security_on_demand_scans: false)
+        get path

-      with_them do
-        it 'sees a 404 error' do
-          stub_feature_flags(security_on_demand_scans_feature_flag: feature_flag_enabled)
-          stub_licensed_features(security_on_demand_scans: license_support)
-          get path
-
-          expect(response).to have_gitlab_http_status(:not_found)
-        end
+        expect(response).to have_gitlab_http_status(:not_found)
      end
    end
  end

--- a/ee/spec/requests/projects/security/dast_site_profiles_controller_spec.rb
+++ b/ee/spec/requests/projects/security/dast_site_profiles_controller_spec.rb
@@ -8,7 +8,6 @@ RSpec.describe Projects::Security::DastSiteProfilesController, type: :request do
  let(:dast_site_profile) { create(:dast_site_profile, project: project) }

  def with_feature_available
-    stub_feature_flags(security_on_demand_scans_feature_flag: true)
    stub_licensed_features(security_on_demand_scans: true)
  end

@@ -55,19 +54,8 @@ RSpec.describe Projects::Security::DastSiteProfilesController, type: :request do
        with_user_authorized
      end

-      context 'feature flag is disabled' do
-        it 'sees a 404 error' do
-          stub_feature_flags(security_on_demand_scans_feature_flag: false)
-          stub_licensed_features(security_on_demand_scans: true)
-          get path
-
-          expect(response).to have_gitlab_http_status(:not_found)
-        end
-      end
-
      context 'license doesnt\'t support the feature' do
        it 'sees a 404 error' do
-          stub_feature_flags(security_on_demand_scans_feature_flag: true)
          stub_licensed_features(security_on_demand_scans: false)
          get path


--- a/ee/spec/services/ci/run_dast_scan_service_spec.rb
+++ b/ee/spec/services/ci/run_dast_scan_service_spec.rb
@@ -171,20 +171,6 @@ RSpec.describe Ci::RunDastScanService do
        end
      end

-      context 'when on demand scan feature is disabled' do
-        before do
-          stub_feature_flags(security_on_demand_scans_feature_flag: false)
-        end
-
-        it 'returns an error status' do
-          expect(status).to eq(:error)
-        end
-
-        it 'populates message' do
-          expect(message).to eq('Insufficient permissions')
-        end
-      end
-
      context 'when on demand scan licensed feature is not available' do
        before do
          stub_licensed_features(security_on_demand_scans: false)

--- a/ee/spec/services/dast_scanner_profiles/create_service_spec.rb
+++ b/ee/spec/services/dast_scanner_profiles/create_service_spec.rb
@@ -106,20 +106,6 @@ RSpec.describe DastScannerProfiles::CreateService do
        end
      end

-      context 'when on demand scan feature is disabled' do
-        before do
-          stub_feature_flags(security_on_demand_scans_feature_flag: false)
-        end
-
-        it 'returns an error status' do
-          expect(status).to eq(:error)
-        end
-
-        it 'populates message' do
-          expect(message).to eq('Insufficient permissions')
-        end
-      end
-
      context 'when on demand scan licensed feature is not available' do
        before do
          stub_licensed_features(security_on_demand_scans: false)

--- a/ee/spec/services/dast_scanner_profiles/destroy_service_spec.rb
+++ b/ee/spec/services/dast_scanner_profiles/destroy_service_spec.rb
@@ -64,20 +64,6 @@ RSpec.describe DastScannerProfiles::DestroyService do
        end
      end

-      context 'when on demand scan feature is disabled' do
-        before do
-          stub_feature_flags(security_on_demand_scans_feature_flag: false)
-        end
-
-        it 'returns an error status' do
-          expect(status).to eq(:error)
-        end
-
-        it 'populates message' do
-          expect(message).to eq('You are not authorized to update this scanner profile')
-        end
-      end
-
      context 'when on demand scan licensed feature is not available' do
        before do
          stub_licensed_features(security_on_demand_scans: false)

--- a/ee/spec/services/dast_scanner_profiles/update_service_spec.rb
+++ b/ee/spec/services/dast_scanner_profiles/update_service_spec.rb
@@ -151,20 +151,6 @@ RSpec.describe DastScannerProfiles::UpdateService do
        end
      end

-      context 'when on demand scan feature is disabled' do
-        before do
-          stub_feature_flags(security_on_demand_scans_feature_flag: false)
-        end
-
-        it 'returns an error status' do
-          expect(status).to eq(:error)
-        end
-
-        it 'populates message' do
-          expect(message).to eq('You are not authorized to update this scanner profile')
-        end
-      end
-
      context 'when on demand scan licensed feature is not available' do
        before do
          stub_licensed_features(security_on_demand_scans: false)

--- a/ee/spec/services/dast_site_profiles/create_service_spec.rb
+++ b/ee/spec/services/dast_site_profiles/create_service_spec.rb
@@ -77,20 +77,6 @@ RSpec.describe DastSiteProfiles::CreateService do
        end
      end

-      context 'when on demand scan feature is disabled' do
-        before do
-          stub_feature_flags(security_on_demand_scans_feature_flag: false)
-        end
-
-        it 'returns an error status' do
-          expect(status).to eq(:error)
-        end
-
-        it 'populates message' do
-          expect(message).to eq('Insufficient permissions')
-        end
-      end
-
      context 'when on demand scan licensed feature is not available' do
        before do
          stub_licensed_features(security_on_demand_scans: false)

--- a/ee/spec/services/dast_site_profiles/update_service_spec.rb
+++ b/ee/spec/services/dast_site_profiles/update_service_spec.rb
@@ -86,20 +86,6 @@ RSpec.describe DastSiteProfiles::UpdateService do
        end
      end

-      context 'when on demand scan feature is disabled' do
-        before do
-          stub_feature_flags(security_on_demand_scans_feature_flag: false)
-        end
-
-        it 'returns an error status' do
-          expect(status).to eq(:error)
-        end
-
-        it 'populates message' do
-          expect(message).to eq('Insufficient permissions')
-        end
-      end
-
      context 'when on demand scan licensed feature is not available' do
        before do
          stub_licensed_features(security_on_demand_scans: false)

--- a/ee/spec/services/dast_sites/find_or_create_service_spec.rb
+++ b/ee/spec/services/dast_sites/find_or_create_service_spec.rb
@@ -59,16 +59,6 @@ RSpec.describe DastSites::FindOrCreateService do
        end
      end

-      context 'when on demand scan feature is disabled' do
-        it 'raises an exception' do
-          stub_feature_flags(security_on_demand_scans_feature_flag: false)
-
-          expect { subject }.to raise_error(DastSites::FindOrCreateService::PermissionsError) do |err|
-            expect(err.message).to include('Insufficient permissions')
-          end
-        end
-      end
-
      context 'when on demand scan licensed feature is not available' do
        it 'raises an exception' do
          stub_licensed_features(security_on_demand_scans: false)

--- a/ee/spec/support/shared_examples/graphql/mutations/on_demand_scan_with_user_abilities_shared_examples.rb
+++ b/ee/spec/support/shared_examples/graphql/mutations/on_demand_scan_with_user_abilities_shared_examples.rb
@@ -27,14 +27,6 @@ RSpec.shared_examples 'an on-demand scan mutation when user can run an on-demand
    expect(mutation_response["errors"]).to be_empty
  end

-  context 'when on demand scan feature is disabled' do
-    before do
-      stub_feature_flags(security_on_demand_scans_feature_flag: false)
-    end
-
-    it_behaves_like 'a mutation that returns a top-level access error'
-  end
-
  context 'when on demand scan licensed feature is not available' do
    before do
      stub_licensed_features(security_on_demand_scans: false)