Skip to content

Add nullable scan_result_policies.rule_idx column and unique index

What does this MR do and why?

Second MR in a series that will eventually clean up all unused rows of the scan_result_policies table. Continuation of !119763 (merged), where we started deleting rows.

  • adds nullable scan_result_policies.rule_idx column
  • adds unique index over security_orchestration_policy_configuration_id, project_id, orchestration_policy_idx, rule_index
  • starts writing rule_idx for new rows

Database Index

CREATE UNIQUE INDEX index_scan_result_policies_on_position_in_configuration ON scan_result_policies USING btree (security_orchestration_policy_configuration_id, project_id, orchestration_policy_idx, rule_idx);

https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/20268/commands/66277

How to set up and validate locally

  • Ensure the delete_scan_result_policies_by_project_id feature is enabled. Otherwise there will be uniqueness violations if rows are only written but not deleted. The flag is already enabled globally, but still present in the tree.
  • Create a new project with a scan result policy that contains two rules
  • Verify the rule_idx values are 0 and 1 for both rows
  • Execute Security::ProcessScanResultPolicyWorker for the (project, configuration) combination
  • Verify the rows were recreated with correct rule_idx

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #404073 (closed)

Edited by Dominic Bauer

Merge request reports

Loading