Add firewall rules to workspaces
What does this MR do and why?
Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/411379+
Add firewall rules for ingress/egress traffic to/from a workspace.
Corresponding GA4K issue - Update remote development configuration protobu... (gitlab-org/cluster-integration/gitlab-agent!1043 - merged)
Data for Database Review
Migration output
➜ gitlab git:(vtak/network_policy) ✗ bin/rails db:migrate
main: == [advisory_lock_connection] object_id: 224180, pg_backend_pid: 52761
main: == 20230725085120 UpdateRemoteDevelopmentAgentConfigsForFirewallRules: migrating
main: -- transaction_open?()
main: -> 0.0000s
main: -- add_column(:remote_development_agent_configs, :network_policy_enabled, :boolean, {:default=>true, :null=>false})
main: -> 0.0052s
main: -- add_column(:remote_development_agent_configs, :gitlab_workspaces_proxy_namespace, :text, {:default=>"gitlab-workspaces", :null=>false})
main: -> 0.0027s
main: -- transaction_open?()
main: -> 0.0000s
main: -- transaction_open?()
main: -> 0.0000s
main: -- execute("ALTER TABLE remote_development_agent_configs\nADD CONSTRAINT check_72947a4495\nCHECK ( char_length(gitlab_workspaces_proxy_namespace) <= 63 )\nNOT VALID;\n")
main: -> 0.0014s
main: -- execute("SET statement_timeout TO 0")
main: -> 0.0002s
main: -- execute("ALTER TABLE remote_development_agent_configs VALIDATE CONSTRAINT check_72947a4495;")
main: -> 0.0009s
main: -- execute("RESET statement_timeout")
main: -> 0.0002s
main: == 20230725085120 UpdateRemoteDevelopmentAgentConfigsForFirewallRules: migrated (0.1263s)
main: == [advisory_lock_connection] object_id: 224180, pg_backend_pid: 52761
ci: == [advisory_lock_connection] object_id: 224540, pg_backend_pid: 52763
ci: == 20230725085120 UpdateRemoteDevelopmentAgentConfigsForFirewallRules: migrating
ci: -- transaction_open?()
ci: -> 0.0000s
ci: -- add_column(:remote_development_agent_configs, :network_policy_enabled, :boolean, {:default=>true, :null=>false})
ci: -> 0.0024s
ci: -- add_column(:remote_development_agent_configs, :gitlab_workspaces_proxy_namespace, :text, {:default=>"gitlab-workspaces", :null=>false})
ci: -> 0.0018s
ci: -- transaction_open?()
ci: -> 0.0000s
ci: -- transaction_open?()
ci: -> 0.0000s
ci: -- execute("ALTER TABLE remote_development_agent_configs\nADD CONSTRAINT check_72947a4495\nCHECK ( char_length(gitlab_workspaces_proxy_namespace) <= 63 )\nNOT VALID;\n")
ci: -> 0.0009s
ci: -- execute("SET statement_timeout TO 0")
ci: -> 0.0004s
ci: -- execute("ALTER TABLE remote_development_agent_configs VALIDATE CONSTRAINT check_72947a4495;")
ci: -> 0.0021s
ci: -- execute("RESET statement_timeout")
ci: -> 0.0004s
ci: == 20230725085120 UpdateRemoteDevelopmentAgentConfigsForFirewallRules: migrated (0.0354s)
ci: == [advisory_lock_connection] object_id: 224540, pg_backend_pid: 52763
Rollback output
Main DB
➜ gitlab git:(vtak/network_policy) ✗ bin/rails db:rollback:main STEP=1
main: == [advisory_lock_connection] object_id: 223900, pg_backend_pid: 53831
main: == 20230725085120 UpdateRemoteDevelopmentAgentConfigsForFirewallRules: reverting
main: -- transaction_open?()
main: -> 0.0000s
main: -- remove_column(:remote_development_agent_configs, :gitlab_workspaces_proxy_namespace, {:if_exists=>true})
main: -> 0.0905s
main: -- remove_column(:remote_development_agent_configs, :network_policy_enabled, {:if_exists=>true})
main: -> 0.0025s
main: == 20230725085120 UpdateRemoteDevelopmentAgentConfigsForFirewallRules: reverted (0.1194s)
main: == [advisory_lock_connection] object_id: 223900, pg_backend_pid: 53831
CI DB
➜ gitlab git:(vtak/network_policy) ✗ bin/rails db:rollback:ci STEP=1
ci: == [advisory_lock_connection] object_id: 223840, pg_backend_pid: 54384
ci: == 20230725085120 UpdateRemoteDevelopmentAgentConfigsForFirewallRules: reverting
ci: -- transaction_open?()
ci: -> 0.0000s
ci: -- remove_column(:remote_development_agent_configs, :gitlab_workspaces_proxy_namespace, {:if_exists=>true})
ci: -> 0.0892s
ci: -- remove_column(:remote_development_agent_configs, :network_policy_enabled, {:if_exists=>true})
ci: -> 0.0022s
ci: == 20230725085120 UpdateRemoteDevelopmentAgentConfigsForFirewallRules: reverted (0.1363s)
ci: == [advisory_lock_connection] object_id: 223840, pg_backend_pid: 54384
Queries
No new/existing queries are created/updated.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Vishal Tak