From ef08a0032be5935561713d5fe9b9cfba1c406d6d Mon Sep 17 00:00:00 2001
From: Smriti Garg <sgarg@gitlab.com>
Date: Wed, 10 Apr 2024 16:12:08 +0000
Subject: [PATCH] Removed feature flag access_token_webhooks

This feature is set to true in production for sufficient amount of time
and can be removed

Changelog: removed

Fixed the spec issue
---
 app/models/projects/triggered_hooks.rb               |  1 -
 app/views/shared/web_hooks/_form.html.haml           | 11 +++++------
 .../personal_access_tokens/expiring_worker.rb        |  1 -
 .../gitlab_com_derisk/access_tokens_webhooks.yml     |  9 ---------
 doc/user/project/integrations/webhook_events.md      |  2 ++
 spec/models/projects/triggered_hooks_spec.rb         | 12 ------------
 .../personal_access_tokens/expiring_worker_spec.rb   | 12 ------------
 7 files changed, 7 insertions(+), 41 deletions(-)
 delete mode 100644 config/feature_flags/gitlab_com_derisk/access_tokens_webhooks.yml

diff --git a/app/models/projects/triggered_hooks.rb b/app/models/projects/triggered_hooks.rb
index acad37d5f462..1f51ced5b571 100644
--- a/app/models/projects/triggered_hooks.rb
+++ b/app/models/projects/triggered_hooks.rb
@@ -18,7 +18,6 @@ def execute
       @relations.each do |hooks|
         hooks.hooks_for(@scope).select_active(@scope, @data).each do |hook|
           next if @scope == :emoji_hooks && Feature.disabled?(:emoji_webhooks, hook.parent)
-          next if @scope == :resource_access_token_hooks && Feature.disabled?(:access_tokens_webhooks, hook.parent)
 
           hook.async_execute(@data, @scope.to_s)
         end
diff --git a/app/views/shared/web_hooks/_form.html.haml b/app/views/shared/web_hooks/_form.html.haml
index bbd6ec69ba57..8437ad99575e 100644
--- a/app/views/shared/web_hooks/_form.html.haml
+++ b/app/views/shared/web_hooks/_form.html.haml
@@ -76,12 +76,11 @@
         = form.gitlab_ui_checkbox_component :emoji_events,
             integration_webhook_event_human_name(:emoji_events),
             help_text: s_('Webhooks|An emoji is awarded or revoked. %{help_link}?').html_safe % { help_link: emoji_help_link }
-    - if Feature.enabled?(:access_tokens_webhooks, hook.parent)
-      %li.gl-pb-3
-        - access_token_help_link = link_to s_('Which project or group access token events trigger webhooks'), help_page_path('user/project/integrations/webhook_events', anchor: 'project-and-group-access-token-events')
-        = form.gitlab_ui_checkbox_component :resource_access_token_events,
-            integration_webhook_event_human_name(:resource_access_token_events),
-            help_text: s_('Webhooks|An access token is going to expire in the next 7 days. %{help_link}?').html_safe % { help_link: access_token_help_link }
+    %li.gl-pb-3
+      - access_token_help_link = link_to s_('Which project or group access token events trigger webhooks'), help_page_path('user/project/integrations/webhook_events', anchor: 'project-and-group-access-token-events')
+      = form.gitlab_ui_checkbox_component :resource_access_token_events,
+          integration_webhook_event_human_name(:resource_access_token_events),
+          help_text: s_('Webhooks|An access token is going to expire in the next 7 days. %{help_link}?').html_safe % { help_link: access_token_help_link }
 
 
 - if Feature.enabled?(:custom_webhook_template, hook.parent, type: :beta)
diff --git a/app/workers/personal_access_tokens/expiring_worker.rb b/app/workers/personal_access_tokens/expiring_worker.rb
index 620fffe088bf..f0bc256f7c2f 100644
--- a/app/workers/personal_access_tokens/expiring_worker.rb
+++ b/app/workers/personal_access_tokens/expiring_worker.rb
@@ -114,7 +114,6 @@ def deliver_user_notifications(token_names, user)
     def execute_web_hooks(token, bot_user)
       resource = bot_user.resource_bot_resource
 
-      return unless ::Feature.enabled?(:access_tokens_webhooks, resource)
       return if resource.is_a?(Project) && !resource.has_active_hooks?(:resource_access_token_hooks)
 
       hook_data = Gitlab::DataBuilder::ResourceAccessToken.build(token, :expiring, resource)
diff --git a/config/feature_flags/gitlab_com_derisk/access_tokens_webhooks.yml b/config/feature_flags/gitlab_com_derisk/access_tokens_webhooks.yml
deleted file mode 100644
index 39e65be7bd2f..000000000000
--- a/config/feature_flags/gitlab_com_derisk/access_tokens_webhooks.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-name: access_tokens_webhooks
-feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/426147
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/141907
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/439379
-milestone: '16.10'
-group: group::authentication
-type: gitlab_com_derisk
-default_enabled: false
diff --git a/doc/user/project/integrations/webhook_events.md b/doc/user/project/integrations/webhook_events.md
index 78209c551188..45ee44bbb0a9 100644
--- a/doc/user/project/integrations/webhook_events.md
+++ b/doc/user/project/integrations/webhook_events.md
@@ -2069,6 +2069,8 @@ Payload example:
 ## Project and group access token events
 
 [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/141907) in GitLab 16.10 [with a flag](../../../administration/feature_flags.md) named `access_token_webhooks`. Disabled by default.
+[Enabled on GitLab.com](https://gitlab.com/gitlab-org/gitlab/-/issues/439379) in GitLab 16.11.
+[Generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/454642) in GitLab 16.11. Feature flag `access_token_webhooks` removed.
 
 An access token event is triggered when a [project or group access token](../../../security/token_overview.md) will expire in seven days or less.
 
diff --git a/spec/models/projects/triggered_hooks_spec.rb b/spec/models/projects/triggered_hooks_spec.rb
index 7d48b11617e6..a3740942333c 100644
--- a/spec/models/projects/triggered_hooks_spec.rb
+++ b/spec/models/projects/triggered_hooks_spec.rb
@@ -49,18 +49,6 @@ def run_hooks(scope, data)
 
       run_hooks(:resource_access_token_hooks, data)
     end
-
-    context 'when access_tokens_webhooks feature flag is disabled' do
-      before do
-        stub_feature_flags(access_tokens_webhooks: false)
-      end
-
-      it 'does not execute the hook' do
-        expect(WebHookService).not_to receive(:new)
-
-        run_hooks(:resource_access_token_hooks, data)
-      end
-    end
   end
 
   context 'with emoji hooks' do
diff --git a/spec/workers/personal_access_tokens/expiring_worker_spec.rb b/spec/workers/personal_access_tokens/expiring_worker_spec.rb
index c546fb4b1c05..8276311112a5 100644
--- a/spec/workers/personal_access_tokens/expiring_worker_spec.rb
+++ b/spec/workers/personal_access_tokens/expiring_worker_spec.rb
@@ -126,18 +126,6 @@
 
         expect { worker.perform }.not_to exceed_all_query_limit(control)
       end
-
-      context 'when access_tokens_webhooks feature is disabled' do
-        before do
-          stub_feature_flags(access_tokens_webhooks: false)
-        end
-
-        it "does not execute access token webhook" do
-          expect(::Projects::TriggeredHooks).not_to receive(:execute)
-
-          worker.perform
-        end
-      end
     end
 
     context 'when a token is owned by a group bot' do
-- 
GitLab