Move policy bot removal into worker
requested to merge 427805-timeout-error-when-unassigning-security-policy-project-for-group into master
What does this MR do and why?
This change moves the policy bot removal into worker to prevent timeouts. This change makes it in line with how we create projects: https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/app/services/security/orchestration/assign_service.rb#L110
Fetching only project ids should perform better compared to pulling and instantiating all the projects:
- Previous query (
container.all_projects): https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/23907/commands/76451 - New query (
container.all_project_ids): https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/23907/commands/76450
How to set up and validate locally
- Create a project
- Go to Secure -> Policies, New policy, Scan execution policy
- Switch to .yaml mode and use the following YAML:
type: scan_execution_policy name: Test policy description: '' enabled: true rules: - type: pipeline branches: - '*' actions: - scan: container_scanning tags: [] - Configure with merge request & merge
- Under Members, observe that a policy bot has been created
- Go back to Policies, click "Edit policy project" and unlink the policy project by clicking the trash icon & save
- Go back to Members, the policy bot should get removed
- Repeat the same on group level with a group policy (create one or two projects within the group, the policy bot should get created / deleted in individual projects)
- Unlinking the policy on the group level should remove policy bots in all projects
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #427805 (closed)