Release "allow anyone to pull" feature for terraform modules

Enabling "allow anyone to pull" for a terraform module registry will make anyone on the internet able to pull modules regardless its group or project visibility. We now release this feature for terraform module namespace-level endpoint. Changelog: added

Release "allow anyone to pull" feature for terraform modules
0df09a77 · moaz-khalifa · 7253836e · 7253836e · 0df09a77 · 0df09a77
--- a/config/feature_flags/gitlab_com_derisk/allow_anyone_to_pull_public_terraform_modules_on_group_level.yml
+++ b/config/feature_flags/gitlab_com_derisk/allow_anyone_to_pull_public_terraform_modules_on_group_level.yml
---
-name: allow_anyone_to_pull_public_terraform_modules_on_group_level
-feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/468062
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/166334
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/490331
-milestone: '17.5'
-group: group::package registry
-type: gitlab_com_derisk
-default_enabled: false
--- a/doc/user/packages/package_registry/index.md
+++ b/doc/user/packages/package_registry/index.md
@@ -153,6 +153,7 @@ Registry disables all package registry operations.
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/385994) in GitLab 15.7.
 > - [Changed](https://gitlab.com/gitlab-org/gitlab/-/issues/468058) in GitLab 17.4 to support NuGet group endpoints.
 > - [Changed](https://gitlab.com/gitlab-org/gitlab/-/issues/468059) in GitLab 17.5 to support Maven group endpoint.
+> - [Changed](https://gitlab.com/gitlab-org/gitlab/-/issues/468062) in GitLab 17.5 to support Terraform module namespace endpoints.
 To allow anyone to pull from the package registry, regardless of project visibility:
@@ -181,6 +182,7 @@ Several known issues exist when you allow anyone to pull from the package regist
 - Endpoints for projects are supported.
 - NuGet registry endpoints for groups are supported. However, because of how NuGet clients send the authentication credentials, anonymous downloads are not allowed. Only GitLab users can pull from the package registry, even if this feature is enabled.
 - Maven registry endpoint for groups are supported.
+- Terraform module registry endpoints for namespaces are supported.
 - Other group and instance endpoints are not fully supported. Support for group endpoints is proposed in [epic 14234](https://gitlab.com/groups/gitlab-org/-/epics/14234).
 - It does not work with the [Composer](../composer_repository/index.md#install-a-composer-package), because Composer only has a group endpoint.
 - It works with Conan, but using [`conan search`](../conan_repository/index.md#search-for-conan-packages-in-the-package-registry) does not work.

--- a/lib/api/terraform/modules/v1/namespace_packages.rb
+++ b/lib/api/terraform/modules/v1/namespace_packages.rb
@@ -52,8 +52,7 @@ def finder_params
                exact_name: true
              }.tap do |finder_params|
                finder_params[:package_version] = params[:module_version] if params.has_key?(:module_version)
-                finder_params[:within_public_package_registry] =
+                finder_params[:within_public_package_registry] = true
-                  ::Feature.enabled?(:allow_anyone_to_pull_public_terraform_modules_on_group_level, module_namespace)
              end
            end

--- a/spec/support/shared_examples/requests/api/terraform/modules/v1/packages_shared_examples.rb
+++ b/spec/support/shared_examples/requests/api/terraform/modules/v1/packages_shared_examples.rb
@@ -484,12 +484,4 @@ def basic_auth_headers(username = user.username, password = personal_access_toke
  end
  it_behaves_like 'returning response status', status
-  context 'when allow_anyone_to_pull_public_terraform_modules_on_group_level FF is disabled' do
-    before do
-      stub_feature_flags(allow_anyone_to_pull_public_terraform_modules_on_group_level: false)
-    end
-    it_behaves_like 'rejects terraform module packages access', :anonymous, :unauthorized
-  end
 end