diff --git a/doc/api/groups.md b/doc/api/groups.md index 4b264c0ba0f38e4401f224b3d71ed4bc82be29e4..a697e3fb305e416536c40fb64a4183620bbe84ae 100644 --- a/doc/api/groups.md +++ b/doc/api/groups.md @@ -1546,17 +1546,11 @@ Parameters: {{< history >}} - `unique_project_download_limit`, `unique_project_download_limit_interval_in_seconds`, and `unique_project_download_limit_allowlist` [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/92970) in GitLab 15.3 [with a flag](../administration/feature_flags.md) named `limit_unique_project_downloads_per_namespace_user`. Disabled by default. +- [Enabled on GitLab.com](https://gitlab.com/gitlab-org/gitlab/-/issues/365724) in GitLab 15.6. +- [Generally available](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/183101) in GitLab 18.0. Feature flag `limit_unique_project_downloads_per_namespace_user` removed. {{< /history >}} -{{< alert type="flag" >}} - -On GitLab Self-Managed, by default `unique_project_download_limit`, `unique_project_download_limit_interval_in_seconds`, `unique_project_download_limit_allowlist` and `auto_ban_user_on_excessive_projects_download` are not available. -To make them available, an administrator can [enable the feature flag](../administration/feature_flags.md) -named `limit_unique_project_downloads_per_namespace_user`. - -{{< /alert >}} - Updates the project group. Only available to group owners and administrators. ```plaintext diff --git a/doc/user/group/moderate_users.md b/doc/user/group/moderate_users.md index 9d3d04de490968074f8d00a8f883c5ee925bf251..da1098a9f63c3e11b869e04a1b96bd5c4c24dfcb 100644 --- a/doc/user/group/moderate_users.md +++ b/doc/user/group/moderate_users.md @@ -25,6 +25,8 @@ This topic is specifically related to user moderation in groups. For information {{< history >}} - [Introduced](https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/155) in GitLab 15.8 [with a flag](../../administration/feature_flags.md) named `limit_unique_project_downloads_per_namespace_user`. Disabled by default. +- [Enabled on GitLab.com](https://gitlab.com/gitlab-org/gitlab/-/issues/365724) in GitLab 15.6. +- [Generally available](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/183101) in GitLab 18.0. Feature flag `limit_unique_project_downloads_per_namespace_user` removed. {{< /history >}} diff --git a/doc/user/group/reporting/git_abuse_rate_limit.md b/doc/user/group/reporting/git_abuse_rate_limit.md index 4f5bb5fc2672cdf7b24153f8684e34ffecb7112e..5ad2f7c436df18e462a528d0aa28526539ef2302 100644 --- a/doc/user/group/reporting/git_abuse_rate_limit.md +++ b/doc/user/group/reporting/git_abuse_rate_limit.md @@ -15,16 +15,11 @@ title: Git abuse rate limit {{< history >}} - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/8066) in GitLab 15.2 [with a flag](../../../administration/feature_flags.md) named `limit_unique_project_downloads_per_namespace_user`. Disabled by default. +- [Enabled on GitLab.com](https://gitlab.com/gitlab-org/gitlab/-/issues/365724) in GitLab 15.6. +- [Generally available](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/183101) in GitLab 18.0. Feature flag `limit_unique_project_downloads_per_namespace_user` removed. {{< /history >}} -{{< alert type="flag" >}} - -The availability of this feature is controlled by a feature flag. -For more information, see the history. - -{{< /alert >}} - This is the group-level documentation. For GitLab Self-Managed instances, see the [administration documentation](../../../administration/reporting/git_abuse_rate_limit.md). Git abuse rate limiting is a feature to automatically ban users who download, clone, pull, fetch, or fork more than a specified number of repositories of a group in a given time frame. Banned users cannot access the top-level group or any of its non-public subgroups through HTTP or SSH. The rate limit also applies to users who authenticate with [personal](../../profile/personal_access_tokens.md) or [group access tokens](../settings/group_access_tokens.md), as well as [CI/CD job tokens](../../../ci/jobs/ci_job_token.md). Access to unrelated groups is unaffected. @@ -37,7 +32,7 @@ GitLab team members can view more information in this confidential epic: ## Automatic ban notifications -If the `limit_unique_project_downloads_per_namespace_user` feature flag is enabled, selected users receive an email when a user is about to be banned. +Selected users receive an email notification when a user is banned. If automatic banning is disabled, a user is not banned automatically when they exceed the limit. However, notifications are still sent. You can use this setup to determine the correct values of the rate limit settings before enabling automatic banning. diff --git a/ee/app/assets/javascripts/members/constants.js b/ee/app/assets/javascripts/members/constants.js index 4a6b2ce73af9699432029d8ed7001779f25ac244..dafc4b3a39f02e499c3c6fafdf0523c55f39be39 100644 --- a/ee/app/assets/javascripts/members/constants.js +++ b/ee/app/assets/javascripts/members/constants.js @@ -76,9 +76,7 @@ const APP_OPTIONS_BASE = { [MEMBERS_TAB_TYPES.promotionRequest]: true, }; -const uniqueProjectDownloadLimitEnabled = - gon.features?.limitUniqueProjectDownloadsPerNamespaceUser && - gon.licensed_features?.uniqueProjectDownloadLimit; +const uniqueProjectDownloadLimitEnabled = gon.licensed_features?.uniqueProjectDownloadLimit; // eslint-disable-next-line import/export export const GROUPS_APP_OPTIONS = uniqueProjectDownloadLimitEnabled diff --git a/ee/app/controllers/ee/groups/group_members_controller.rb b/ee/app/controllers/ee/groups/group_members_controller.rb index b03f0c494e35574dfeb024285c4b8c248f4a4ae8..da901feb911ef21c0316a1303601e0a5becac230 100644 --- a/ee/app/controllers/ee/groups/group_members_controller.rb +++ b/ee/app/controllers/ee/groups/group_members_controller.rb @@ -25,7 +25,6 @@ def admin_not_required_endpoints before_action :authorize_update_group_member!, only: [:update, :override] before_action do - push_frontend_feature_flag(:limit_unique_project_downloads_per_namespace_user, @group) push_frontend_feature_flag(:show_overage_on_role_promotion) push_licensed_feature(:unique_project_download_limit, @group) push_frontend_feature_flag(:show_role_details_in_drawer, @group) diff --git a/ee/app/models/ee/group.rb b/ee/app/models/ee/group.rb index 0227040a5780cf84e5d9221176808fb34ae86268..16501131417e756279b5baddbb014a6498828968 100644 --- a/ee/app/models/ee/group.rb +++ b/ee/app/models/ee/group.rb @@ -271,9 +271,7 @@ def repository_read_only? end def unique_project_download_limit_enabled? - root? && - ::Feature.enabled?(:limit_unique_project_downloads_per_namespace_user, self) && - licensed_feature_available?(:unique_project_download_limit) + root? && licensed_feature_available?(:unique_project_download_limit) end def service_accounts diff --git a/ee/config/feature_flags/development/limit_unique_project_downloads_per_namespace_user.yml b/ee/config/feature_flags/development/limit_unique_project_downloads_per_namespace_user.yml deleted file mode 100644 index e8875897076454b1f80705dd4f57b10811261698..0000000000000000000000000000000000000000 --- a/ee/config/feature_flags/development/limit_unique_project_downloads_per_namespace_user.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -name: limit_unique_project_downloads_per_namespace_user -introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/89996 -rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/365724 -milestone: '15.2' -type: development -group: group::authorization -default_enabled: false diff --git a/ee/spec/features/groups/members/manage_members_spec.rb b/ee/spec/features/groups/members/manage_members_spec.rb index 452e474c95084e1f8163651caa9fa09173349882..ac3b33dff20c570ee430038728010f2144f1b596 100644 --- a/ee/spec/features/groups/members/manage_members_spec.rb +++ b/ee/spec/features/groups/members/manage_members_spec.rb @@ -317,18 +317,6 @@ def add_user_by_email(role, use_exact_text_match: true) expect(page).not_to have_content('Banned') end - context 'when feature flag is disabled' do - before do - stub_feature_flags(limit_unique_project_downloads_per_namespace_user: false) - end - - it 'owner cannot see banned users' do - visit group_group_members_path(group) - - expect(page).not_to have_content('Banned') - end - end - context 'when licensed feature is not available' do let(:licensed_feature_available) { false } @@ -386,14 +374,6 @@ def add_user_by_email(role, use_exact_text_match: true) it_behaves_like 'action is not available' end - context 'when feature flag is disabled' do - before do - stub_feature_flags(limit_unique_project_downloads_per_namespace_user: false) - end - - it_behaves_like 'action is not available' - end - context 'when licensed feature is not available' do let(:licensed_feature_available) { false } diff --git a/ee/spec/features/groups/settings/reporting_spec.rb b/ee/spec/features/groups/settings/reporting_spec.rb index 7acd3803a9a2871bd507f8c82de19e24f55583bb..cc00e3fc678b1398a42b7cc419e1588cae813947 100644 --- a/ee/spec/features/groups/settings/reporting_spec.rb +++ b/ee/spec/features/groups/settings/reporting_spec.rb @@ -6,13 +6,11 @@ let_it_be(:user) { create(:user) } let(:group) { create(:group) } - let(:feature_flag_enabled) { true } let(:licensed_feature_available) { true } let(:current_limit) { 1 } let(:current_interval) { 9 } before do - stub_feature_flags(limit_unique_project_downloads_per_namespace_user: feature_flag_enabled) stub_licensed_features(unique_project_download_limit: licensed_feature_available) sign_in(user) diff --git a/ee/spec/models/ee/group_spec.rb b/ee/spec/models/ee/group_spec.rb index 75b1ad043192d0b4b8587fce1e68232450d70499..334881b2c463de1ddfb18eb68f382c3de959e24c 100644 --- a/ee/spec/models/ee/group_spec.rb +++ b/ee/spec/models/ee/group_spec.rb @@ -3598,11 +3598,9 @@ def webhook_headers describe '#unique_project_download_limit_enabled?' do let_it_be(:group) { create(:group) } - let(:feature_flag_enabled) { true } let(:licensed_feature_available) { true } before do - stub_feature_flags(limit_unique_project_downloads_per_namespace_user: feature_flag_enabled) stub_licensed_features(unique_project_download_limit: licensed_feature_available) end @@ -3610,12 +3608,6 @@ def webhook_headers it { is_expected.to eq true } - context 'when feature flag is disabled' do - let(:feature_flag_enabled) { false } - - it { is_expected.to eq false } - end - context 'when licensed feature is not available' do let(:licensed_feature_available) { false } diff --git a/ee/spec/policies/group_policy_spec.rb b/ee/spec/policies/group_policy_spec.rb index 3af399274c79e529b363e0b51f13735fa6407e38..ca7f32556c072f16af98e040f3cc937e2d0c656f 100644 --- a/ee/spec/policies/group_policy_spec.rb +++ b/ee/spec/policies/group_policy_spec.rb @@ -3291,14 +3291,6 @@ def expect_private_group_permissions_as_if_non_member it { is_expected.to be_disallowed(:read_group) } end - context 'when the limit_unique_project_downloads_per_namespace_user feature flag is disabled' do - before do - stub_feature_flags(limit_unique_project_downloads_per_namespace_user: false) - end - - it { is_expected.to be_allowed(:read_group) } - end - context 'when licensed feature unique_project_download_limit is not available' do before do stub_licensed_features(unique_project_download_limit: false) diff --git a/ee/spec/policies/project_policy_spec.rb b/ee/spec/policies/project_policy_spec.rb index f0e6901838c12d9522249a929ff29c152d81bf2b..bb89092f3c625a900d469e033b61d907e3fce84a 100644 --- a/ee/spec/policies/project_policy_spec.rb +++ b/ee/spec/policies/project_policy_spec.rb @@ -2657,14 +2657,6 @@ def expect_private_project_permissions_as_if_non_member it { is_expected.to be_disallowed(:read_project) } end - context 'when the limit_unique_project_downloads_per_namespace_user feature flag is disabled' do - before do - stub_feature_flags(limit_unique_project_downloads_per_namespace_user: false) - end - - it { is_expected.to be_allowed(:read_project) } - end - context 'when licensed feature unique_project_download_limit is not available' do before do stub_licensed_features(unique_project_download_limit: false) diff --git a/ee/spec/requests/api/groups_spec.rb b/ee/spec/requests/api/groups_spec.rb index 31f0851ec7a536f422bca3c4463db19d5fa81354..5679d51fa03aa68f989c790a42e9eb084394cd7d 100644 --- a/ee/spec/requests/api/groups_spec.rb +++ b/ee/spec/requests/api/groups_spec.rb @@ -485,16 +485,12 @@ end before do - stub_feature_flags(limit_unique_project_downloads_per_namespace_user: flag_enabled) stub_licensed_features(unique_project_download_limit: feature_available) - group.add_owner(user) - subject end - context 'when feature flag enabled and feature available' do - let(:flag_enabled) { true } + context 'when feature is available' do let(:feature_available) { true } it 'updates the attributes as expected' do @@ -509,15 +505,9 @@ end end - using RSpec::Parameterized::TableSyntax - - where(:flag_enabled, :feature_available) do - true | false - false | true - false | false - end + context 'when feature is not available' do + let(:feature_available) { false } - with_them do it 'does not update the attributes' do settings = group.namespace_settings.reload diff --git a/ee/spec/requests/groups/group_members_controller_spec.rb b/ee/spec/requests/groups/group_members_controller_spec.rb index fd40f5105d78690963d8be44f87e5b5317bc13db..03dbef4abf94e5c593071adeaade58e98efe6105 100644 --- a/ee/spec/requests/groups/group_members_controller_spec.rb +++ b/ee/spec/requests/groups/group_members_controller_spec.rb @@ -30,12 +30,6 @@ create(:namespace_ban, namespace: group, user: banned_member.user) end - it 'pushes feature flag to frontend' do - get_group_members - - expect(response.body).to have_pushed_frontend_feature_flags(limitUniqueProjectDownloadsPerNamespaceUser: true) - end - it 'sets @banned to include banned group members' do get_group_members @@ -68,14 +62,6 @@ it_behaves_like 'assigns @banned and @members correctly' end - context 'when feature flag is disabled' do - before do - stub_feature_flags(limit_unique_project_downloads_per_namespace_user: false) - end - - it_behaves_like 'assigns @banned and @members correctly' - end - context 'when sub-group' do before do group.update!(parent: create(:group)) @@ -159,7 +145,6 @@ end before do - stub_feature_flags(limit_unique_project_downloads_per_namespace_user: true) stub_licensed_features(unique_project_download_limit: true) end diff --git a/ee/spec/requests/groups/settings/reporting_controller_spec.rb b/ee/spec/requests/groups/settings/reporting_controller_spec.rb index 145444595a5d49c7fe52370043eb2911005c78a2..0c5f9aa25aa8944cca50b92dfa4c3b4d1a220b0d 100644 --- a/ee/spec/requests/groups/settings/reporting_controller_spec.rb +++ b/ee/spec/requests/groups/settings/reporting_controller_spec.rb @@ -6,11 +6,9 @@ let_it_be(:user) { create(:user) } let(:group) { create(:group) } - let(:feature_flag_enabled) { true } let(:licensed_feature_available) { true } before do - stub_feature_flags(limit_unique_project_downloads_per_namespace_user: feature_flag_enabled) stub_licensed_features(unique_project_download_limit: licensed_feature_available) sign_in(user) @@ -27,12 +25,6 @@ subject end - context 'when feature flag is disabled' do - let(:feature_flag_enabled) { false } - - it_behaves_like 'renders 404' - end - context 'when licensed feature is not available' do let(:licensed_feature_available) { false } diff --git a/ee/spec/services/users/abuse/projects_download_ban_check_service_spec.rb b/ee/spec/services/users/abuse/projects_download_ban_check_service_spec.rb index f2e9ab11d34b2eaa6bbc8004e505a1409bcde418..6194614873bdefd750b667f3cee840f9bb1aa0ef 100644 --- a/ee/spec/services/users/abuse/projects_download_ban_check_service_spec.rb +++ b/ee/spec/services/users/abuse/projects_download_ban_check_service_spec.rb @@ -28,7 +28,6 @@ end context 'when application-level OR namespace-level projects download throttling is configured' do - let(:feature_flag_state) { true } let(:licensed_feature_state) { true } let(:service_response) { { banned: true } } @@ -77,7 +76,6 @@ context 'when namespace-level projects download throttling is configured' do before do - stub_feature_flags(limit_unique_project_downloads_per_namespace_user: feature_flag_state) stub_licensed_features(unique_project_download_limit: licensed_feature_state) allow_next_instance_of(Users::Abuse::GitAbuse::NamespaceThrottleService, project, user) do |service| @@ -85,12 +83,6 @@ end end - context 'when feature flag is disabled' do - let(:feature_flag_state) { false } - - it { is_expected.to be_success } - end - it_behaves_like 'uses the result of the configured projects download throttle service' context 'when project\'s root namespace is a User namespace' do