diff --git a/config/feature_flags/development/code_suggestions_for_instance_admin_enabled.yml b/config/feature_flags/development/code_suggestions_for_instance_admin_enabled.yml
deleted file mode 100644
index 5df6440bd5b63daec0b191c8bc803887bb044215..0000000000000000000000000000000000000000
--- a/config/feature_flags/development/code_suggestions_for_instance_admin_enabled.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-name: code_suggestions_for_instance_admin_enabled
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/122645
-rollout_issue_url:
-milestone: '16.1'
-type: development
-group: group::cloud connector
-default_enabled: false
diff --git a/ee/lib/api/code_suggestions.rb b/ee/lib/api/code_suggestions.rb
index a33bd779e02984cf64eedbdebd8f17f185549d99..926ce0d68f9cc275f636b91db3a40e7527fd5dc5 100644
--- a/ee/lib/api/code_suggestions.rb
+++ b/ee/lib/api/code_suggestions.rb
@@ -20,14 +20,10 @@ class CodeSuggestions < ::API::Base
authenticate!
not_found! unless Feature.enabled?(:code_suggestions_tokens_api, type: :ops)
- unauthorized! unless user_allowed?
+ unauthorized! unless current_user.can?(:access_code_suggestions)
end
helpers do
- def user_allowed?
- current_user.can?(:access_code_suggestions) && access_code_suggestions_when_proxied_to_saas?
- end
-
def model_gateway_headers(headers, gateway_token)
telemetry_headers = headers.select { |k| /\Ax-gitlab-cs-/i.match?(k) }
@@ -51,32 +47,6 @@ def saas_headers
.join(',')
}
end
-
- # In case the request was proxied from the self-managed instance,
- # we have an extra check on Gitlab.com if FF is enabled for self-managed admin.
- # The FF is used for gradual rollout for handpicked self-managed customers interested to use code suggestions.
- #
- # NOTE: This code path is being phased out as part of working towards GA for code suggestions.
- # See https://gitlab.com/groups/gitlab-org/-/epics/11114
- def access_code_suggestions_when_proxied_to_saas?
- proxied = proxied?
-
- raise 'Proxying is only supported under .org or .com' if proxied && !Gitlab.org_or_com?
-
- !proxied || Feature.enabled?(:code_suggestions_for_instance_admin_enabled, current_user)
- end
-
- def proxied?
- !!request.headers['User-Agent']&.starts_with?('gitlab-workhorse')
- end
-
- def gitlab_realm
- # NOTE: This code path is being phased out as part of working towards GA for code suggestions.
- # See https://gitlab.com/groups/gitlab-org/-/epics/11114
- return Gitlab::CloudConnector::SelfIssuedToken::GITLAB_REALM_SELF_MANAGED if proxied?
-
- super
- end
end
namespace 'code_suggestions' do
diff --git a/ee/spec/requests/api/code_suggestions_spec.rb b/ee/spec/requests/api/code_suggestions_spec.rb
index 6ae596d79d4e5196e6f6f6b44ec6ae14f6ccbec9..787cf6f2b5a0a4c53dc7059e2591097de06684dd 100644
--- a/ee/spec/requests/api/code_suggestions_spec.rb
+++ b/ee/spec/requests/api/code_suggestions_spec.rb
@@ -177,30 +177,6 @@
post_api
end
-
- context 'when request was proxied from self managed instance' do
- let(:headers) { { 'User-Agent' => 'gitlab-workhorse' } }
-
- include_examples 'a successful response'
-
- context 'with instance admin feature flag is disabled' do
- before do
- stub_feature_flags(code_suggestions_for_instance_admin_enabled: false)
- end
-
- include_examples 'an unauthorized response'
- end
-
- it 'sets the access token realm to self-managed' do
- expect(Gitlab::CloudConnector::SelfIssuedToken).to receive(:new).with(
- current_user,
- scopes: [:code_suggestions],
- gitlab_realm: Gitlab::CloudConnector::SelfIssuedToken::GITLAB_REALM_SELF_MANAGED
- )
-
- post_api
- end
- end
end
context 'when not on .org and .com' do