Add nullable scan_result_policies.rule_idx column and unique index
What does this MR do and why?
Second MR in a series that will eventually clean up all unused rows of the scan_result_policies
table. Continuation of !119763 (merged), where we started deleting rows.
- adds nullable
scan_result_policies.rule_idx
column - adds unique index over
security_orchestration_policy_configuration_id, project_id, orchestration_policy_idx, rule_index
- starts writing
rule_idx
for new rows
Database Index
CREATE UNIQUE INDEX index_scan_result_policies_on_position_in_configuration ON scan_result_policies USING btree (security_orchestration_policy_configuration_id, project_id, orchestration_policy_idx, rule_idx);
https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/20268/commands/66277
How to set up and validate locally
- Ensure the
delete_scan_result_policies_by_project_id
feature is enabled. Otherwise there will be uniqueness violations if rows are only written but not deleted. The flag is already enabled globally, but still present in the tree. - Create a new project with a scan result policy that contains two rules
- Verify the
rule_idx
values are0
and1
for both rows - Execute
Security::ProcessScanResultPolicyWorker
for the (project, configuration) combination - Verify the rows were recreated with correct
rule_idx
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #404073 (closed)
Edited by Dominic Bauer