Remove feature flag from vulnerability GQL fields

Since the feature flag can't be scoped to a specific project, it's making it hard to test this feature in production. Removing the flag will allow us to test the fields and it's been decided that it's okay for customers to begin consuming the fields. https://gitlab.com/gitlab-org/gitlab/-/issues/215568

Remove feature flag from vulnerability GQL fields
Since the feature flag can't be scoped to a specific project, it's making it hard to test this feature in production. Removing the flag will allow us to test the fields and it's been decided that it's okay for customers to begin consuming the fields. https://gitlab.com/gitlab-org/gitlab/-/issues/215568
851d0c3d · Avielle Wolfe · Stan Hu · e2c99624 · 851d0c3d · 851d0c3d
Commit 851d0c3d authored Apr 29, 2020 by Avielle Wolfe Committed by Stan Hu Apr 29, 2020
9 changed files
--- a/doc/api/graphql/reference/gitlab_schema.graphql
+++ b/doc/api/graphql/reference/gitlab_schema.graphql
@@ -4001,8 +4001,7 @@ type Group {
  visibility: String
  """
-  Vulnerabilities reported on the projects in the group and its subgroups.
+  Vulnerabilities reported on the projects in the group and its subgroups
-  Available only when feature flag `first_class_vulnerabilities` is enabled
  """
  vulnerabilities(
    """
@@ -7237,7 +7236,7 @@ type Project {
  visibility: String
  """
-  Vulnerabilities reported on the project. Available only when feature flag `first_class_vulnerabilities` is enabled
+  Vulnerabilities reported on the project
  """
  vulnerabilities(
    """
@@ -7282,8 +7281,7 @@ type Project {
  ): VulnerabilityConnection
  """
-  Counts for each severity of vulnerability of the project. Available only when
+  Counts for each severity of vulnerability of the project
-  feature flag `first_class_vulnerabilities` is enabled
  """
  vulnerabilitySeveritiesCount: VulnerabilitySeveritiesCount

--- a/doc/api/graphql/reference/gitlab_schema.json
+++ b/doc/api/graphql/reference/gitlab_schema.json
@@ -11257,7 +11257,7 @@
            },
            {
              "name": "vulnerabilities",
-              "description": "Vulnerabilities reported on the projects in the group and its subgroups. Available only when feature flag `first_class_vulnerabilities` is enabled",
+              "description": "Vulnerabilities reported on the projects in the group and its subgroups",
              "args": [
                {
                  "name": "projectId",
@@ -21409,7 +21409,7 @@
            },
            {
              "name": "vulnerabilities",
-              "description": "Vulnerabilities reported on the project. Available only when feature flag `first_class_vulnerabilities` is enabled",
+              "description": "Vulnerabilities reported on the project",
              "args": [
                {
                  "name": "projectId",
@@ -21534,7 +21534,7 @@
            },
            {
              "name": "vulnerabilitySeveritiesCount",
-              "description": "Counts for each severity of vulnerability of the project. Available only when feature flag `first_class_vulnerabilities` is enabled",
+              "description": "Counts for each severity of vulnerability of the project",
              "args": [
              ],

--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -1044,7 +1044,7 @@ Information about pagination in a connection.
 | `tagList` | String | List of project topics (not Git tags) |
 | `userPermissions` | ProjectPermissions! | Permissions for the current user on the resource |
 | `visibility` | String | Visibility of the project |
-| `vulnerabilitySeveritiesCount` | VulnerabilitySeveritiesCount | Counts for each severity of vulnerability of the project. Available only when feature flag `first_class_vulnerabilities` is enabled |
+| `vulnerabilitySeveritiesCount` | VulnerabilitySeveritiesCount | Counts for each severity of vulnerability of the project |
 | `webUrl` | String | Web URL of the project |
 | `wikiEnabled` | Boolean | Indicates if Wikis are enabled for the current user |

--- a/ee/app/graphql/ee/types/group_type.rb
+++ b/ee/app/graphql/ee/types/group_type.rb
@@ -30,8 +30,7 @@ module EE
              ::Types::VulnerabilityType.connection_type,
              null: true,
              description: 'Vulnerabilities reported on the projects in the group and its subgroups',
-              resolver: Resolvers::VulnerabilitiesResolver,
+              resolver: Resolvers::VulnerabilitiesResolver
-              feature_flag: :first_class_vulnerabilities
      end
    end
  end

--- a/ee/app/graphql/ee/types/project_type.rb
+++ b/ee/app/graphql/ee/types/project_type.rb
@@ -16,12 +16,10 @@ module EE
              ::Types::VulnerabilityType.connection_type,
              null: true,
              description: 'Vulnerabilities reported on the project',
-              resolver: Resolvers::VulnerabilitiesResolver,
+              resolver: Resolvers::VulnerabilitiesResolver
-              feature_flag: :first_class_vulnerabilities
        field :vulnerability_severities_count, ::Types::VulnerabilitySeveritiesCountType, null: true,
               description: 'Counts for each severity of vulnerability of the project',
-               feature_flag: :first_class_vulnerabilities,
               resolve: -> (obj, _args, ctx) do
                 Hash.new(0).merge(
                   obj.vulnerabilities.with_states([:detected, :confirmed]).counts_by_severity

--- a/ee/changelogs/unreleased/215568-remove-vuln-gql-ff.yml
+++ b/ee/changelogs/unreleased/215568-remove-vuln-gql-ff.yml
+---
+title: Add vulnerability fields to GraphQL project, group, and global scope
+merge_request: 30663
+author:
+type: added
--- a/ee/spec/graphql/ee/types/group_type_spec.rb
+++ b/ee/spec/graphql/ee/types/group_type_spec.rb
@@ -49,29 +49,13 @@ describe GitlabSchema.types['Group'] do
    end
    before do
+      stub_licensed_features(security_dashboard: true)
      group.add_developer(user)
    end
    subject { GitlabSchema.execute(query, context: { current_user: user }).as_json }
-    context 'when first_class_vulnerabilities is disabled' do
-      before do
-        stub_feature_flags(first_class_vulnerabilities: false)
-      end
-      it 'is null' do
-        vulnerabilities = subject.dig('data', 'group', 'vulnerabilities')
-        expect(vulnerabilities).to be_nil
-      end
-    end
-    context 'when first_class_vulnerabilities is enabled' do
-      before do
-        stub_feature_flags(first_class_vulnerabilities: true)
-        stub_licensed_features(security_dashboard: true)
-      end
    it "returns the vulnerabilities for all projects in the group and its subgroups" do
      vulnerabilities = subject.dig('data', 'group', 'vulnerabilities', 'nodes')
@@ -81,5 +65,4 @@ describe GitlabSchema.types['Group'] do
      expect(vulnerabilities.first['severity']).to eq('CRITICAL')
    end
  end
-  end
 end
--- a/ee/spec/graphql/types/project_type_spec.rb
+++ b/ee/spec/graphql/types/project_type_spec.rb
@@ -8,6 +8,8 @@ describe GitlabSchema.types['Project'] do
  let_it_be(:vulnerability) { create(:vulnerability, project: project, severity: :high) }
  before do
+    stub_licensed_features(security_dashboard: true)
    project.add_developer(user)
  end
@@ -45,24 +47,6 @@ describe GitlabSchema.types['Project'] do
    subject { GitlabSchema.execute(query, context: { current_user: user }).as_json }
-    context 'when first_class_vulnerabilities is disabled' do
-      before do
-        stub_feature_flags(first_class_vulnerabilities: false)
-      end
-      it 'is null' do
-        vulnerabilities = subject.dig('data', 'project', 'vulnerabilities')
-        expect(vulnerabilities).to be_nil
-      end
-    end
-    context 'when first_class_vulnerabilities is enabled' do
-      before do
-        stub_feature_flags(first_class_vulnerabilities: true)
-        stub_licensed_features(security_dashboard: true)
-      end
    it "returns the project's vulnerabilities" do
      vulnerabilities = subject.dig('data', 'project', 'vulnerabilities', 'nodes')
@@ -72,5 +56,4 @@ describe GitlabSchema.types['Project'] do
      expect(vulnerabilities.first['severity']).to eq('CRITICAL')
    end
  end
-  end
 end
--- a/ee/spec/requests/api/graphql/project/vulnerability_severities_count_spec.rb
+++ b/ee/spec/requests/api/graphql/project/vulnerability_severities_count_spec.rb
@@ -23,33 +23,16 @@ describe 'Query.project(fullPath).vulnerabilitySeveritiesCount' do
  end
  before do
+    stub_licensed_features(security_dashboard: true)
    project.add_developer(user)
  end
  subject { GitlabSchema.execute(query, context: { current_user: user }).as_json }
-  context 'when first_class_vulnerabilities is disabled' do
-    before do
-      stub_feature_flags(first_class_vulnerabilities: false)
-    end
-    it 'is null' do
-      vulnerabilities = subject.dig('data', 'project', 'vulnerabilitySeveritiesCount')
-      expect(vulnerabilities).to be_nil
-    end
-  end
-  context 'when first_class_vulnerabilities is enabled' do
-    before do
-      stub_feature_flags(first_class_vulnerabilities: true)
-      stub_licensed_features(security_dashboard: true)
-    end
  it "returns counts for each severity of the project's detected or confirmed vulnerabilities" do
    high_count = subject.dig('data', 'project', 'vulnerabilitySeveritiesCount', 'high')
    expect(high_count).to be(2)
  end
-  end
 end