Capture gitaly errors in Security Policies (!131353) · Merge requests · GitLab.org / GitLab

Alan (Maciej) Paruszewski requested to merge capture-git-errors into master Sep 11, 2023

What does this MR do and why?

This change adds capturing errors happening outside of the Security Policies scope (when the repository is inaccessible, during Postgres update, etc.). Currently, these errors are affecting the group's error budget, and there is no action that we can take to solve them.

How to test it locally?

Create a new project
Go to Secure -> Policies and create a new policy (ie. Scan Execution Policy)

Go to GraphQL Explorer (/-/graphql-explorer) and query policies for the created project (you should see this created policy there):

query {
  project(fullPath: "root/cis-test") {
    scanExecutionPolicies {
      nodes {
        name
      }
    }
  }
}

Now turn off gitaly locally gdk stop praefect praefect-gitaly-0
1. Go to GraphQL Explorer (/-/graphql-explorer) and query policies again for the created project (you should see an empty list), while before this change, you would get 500 errors.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Sep 14, 2023 by Alan (Maciej) Paruszewski

Capture gitaly errors in Security Policies

What does this MR do and why?

How to test it locally?

MR acceptance checklist

Merge request reports