Remove legacy license compliance approval_status

Update SoftwareLicensePolicy to remove the legacy license approval
status and use classification names instead.

Changelog: changed
EE: true

ee/app/models/ee/merge_request.rb

@@ -182,7 +182,11 @@ module EE
 
       licenses.any? do |l|
         status = l.dig('classification', 'approval_status')
-        %w(blacklisted denied).include?(status)
+        if ::Feature.enabled?(:lc_remove_legacy_approval_status)
+          'denied' == status
+        else
+          %w[blacklisted denied].include?(status)
+        end
       end
     end
 

ee/app/models/software_license_policy.rb

@@ -50,7 +50,15 @@ class SoftwareLicensePolicy < ApplicationRecord
   delegate :name, :spdx_identifier, to: :software_license
 
   def approval_status
-    LEGACY_CLASSIFICATION_STATUS.key(classification) || classification
+    if Feature.enabled?(:lc_remove_legacy_approval_status, project, default_enabled: :yaml)
+      classification
+    else
+      legacy_approval_status
+    end
+  end
+
+  def legacy_approval_status
+    LEGACY_CLASSIFICATION_STATUS.key(classification)
   end
 
   def self.to_classification(approval_status)

ee/app/serializers/managed_license_entity.rb

-# frozen_string_literal: true
-
-class ManagedLicenseEntity < Grape::Entity
-  expose :id
-  expose :approval_status
-  expose :software_license, merge: true do
-    expose :name
-  end
-end

ee/app/serializers/managed_license_serializer.rb

-# frozen_string_literal: true
-
-class ManagedLicenseSerializer < BaseSerializer
-  entity ManagedLicenseEntity
-end

ee/config/feature_flags/development/lc_remove_legacy_approval_status.yml

+---
+name: lc_remove_legacy_approval_status
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/79266
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/352977
+milestone: '14.8'
+type: development
+group: group::composition analysis
+default_enabled: false

ee/lib/ee/api/entities/managed_license.rb

@@ -5,7 +5,7 @@ module EE
     module Entities
       class ManagedLicense < Grape::Entity
         expose :id, :name
-        expose :approval_status
+        expose :legacy_approval_status, as: :approval_status
       end
     end
   end

ee/spec/controllers/projects/pipelines_controller_spec.rb

@@ -104,11 +104,31 @@ RSpec.describe Projects::PipelinesController do
           expect(payload.first.keys).to match_array(%w(name classification dependencies count url))
         end
 
-        it 'will return mit license approved status' do
+        it 'will return mit license allowed status' do
           payload_mit = payload.find { |l| l['name'] == 'MIT' }
           expect(payload_mit['count']).to eq(pipeline.license_scanning_report.licenses.find { |x| x.name == 'MIT' }.count)
           expect(payload_mit['url']).to eq('http://opensource.org/licenses/mit-license')
-          expect(payload_mit['classification']['approval_status']).to eq('approved')
+          expect(payload_mit['classification']['approval_status']).to eq('allowed')
+        end
+
+        context 'approval_status' do
+          subject(:status) { payload.find { |l| l['name'] == 'MIT' }.dig('classification', 'approval_status') }
+
+          context 'using legacy name' do
+            before do
+              stub_feature_flags(lc_remove_legacy_approval_status: false)
+            end
+
+            it { is_expected.to eq('approved') }
+          end
+
+          context 'using classification' do
+            before do
+              stub_feature_flags(lc_remove_legacy_approval_status: true)
+            end
+
+            it { is_expected.to eq('allowed') }
+          end
         end
 
         it 'will return sorted by name' do

ee/spec/models/merge_request_spec.rb

@@ -265,6 +265,14 @@ RSpec.describe MergeRequest do
 
           it { is_expected.to be_truthy }
 
+          context 'and legacy approval status present' do
+            before do
+              stub_feature_flags(lc_remove_legacy_approval_status: false)
+            end
+
+            it { is_expected.to be_truthy }
+          end
+
           context 'with disabled licensed feature' do
             before do
               stub_licensed_features(license_scanning: false)

ee/spec/models/software_license_policy_spec.rb

@@ -50,17 +50,42 @@ RSpec.describe SoftwareLicensePolicy do
   end
 
   describe "#approval_status" do
-    where(:classification, :approval_status) do
-      [
-        %w[allowed approved],
-        %w[denied blacklisted]
-      ]
+    context 'with legacy approval status feature flag enabled' do
+      before do
+        stub_feature_flags(lc_remove_legacy_approval_status: true)
+      end
+
+      where(:classification, :approval_status) do
+        [
+          %w[allowed allowed],
+          %w[denied denied]
+        ]
+      end
+
+      with_them do
+        subject { build(:software_license_policy, classification: classification) }
+
+        it { expect(subject.approval_status).to eql(approval_status) }
+      end
     end
 
-    with_them do
-      subject { build(:software_license_policy, classification: classification) }
+    context 'with legacy approval status feature flag disabled' do
+      before do
+        stub_feature_flags(lc_remove_legacy_approval_status: false)
+      end
+
+      where(:classification, :approval_status) do
+        [
+          %w[allowed approved],
+          %w[denied blacklisted]
+        ]
+      end
+
+      with_them do
+        subject { build(:software_license_policy, classification: classification) }
 
-      it { expect(subject.approval_status).to eql(approval_status) }
+        it { expect(subject.approval_status).to eql(approval_status) }
+      end
     end
   end
 

ee/spec/serializers/managed_license_entity_spec.rb

-# frozen_string_literal: true
-
-require 'spec_helper'
-
-RSpec.describe ManagedLicenseEntity do
-  let(:software_license_policy) { create(:software_license_policy) }
-  let(:entity) { described_class.new(software_license_policy) }
-
-  describe '#as_json' do
-    subject { entity.as_json }
-
-    it 'contains required fields' do
-      expect(subject).to include(:id, :name, :approval_status)
-    end
-
-    describe "#approval_status" do
-      where(:classification, :approval_status) do
-        [
-          %w[allowed approved],
-          %w[denied blacklisted]
-        ]
-      end
-
-      with_them do
-        let(:software_license_policy) { build(:software_license_policy, classification: classification) }
-
-        it { expect(subject[:approval_status]).to eql(approval_status) }
-      end
-    end
-  end
-end

qa/qa/specs/features/ee/browser_ui/13_secure/merge_request_license_widget_spec.rb

 # frozen_string_literal: true
 
 module QA
-  RSpec.describe 'Secure', :runner do
+  RSpec.describe 'Secure', :runner, :requires_admin do
     describe 'License merge request widget' do
       let(:approved_license_name) { "MIT License" }
       let(:denied_license_name) { "zlib License" }
       let(:executor) { "qa-runner-#{Time.now.to_i}" }
 
       after do
+        Runtime::Feature.enable(:lc_remove_legacy_approval_status) if @feature_was_enabled
+
         @runner.remove_via_api!
       end
 
       before do
+        @feature_was_enabled = Runtime::Feature.enabled?(:lc_remove_legacy_approval_status)
+        Runtime::Feature.disable(:lc_remove_legacy_approval_status)
         Flow::Login.sign_in
 
         @project = Resource::Project.fabricate_via_api! do |project|