Add GPG Key Finder for display on admin credentials dashboard
What does this MR do?
- Adds a new finder:
GpgKeysFinder
. Allows finding of GPG keys by user. - Introduces a new development feature flag:
:credential_inventory_gpg_keys
. (Default off, will be set to default-on once frontend work for the issue is complete.) - Adds new filter to
Admin::CredentialsController
to filter results to GPG keys.
Does this MR meet the acceptance criteria?
Conformity
- [-] Changelog entry
- [-] Documentation (if required)
-
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. - [-] Tested in all supported browsers
- [-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec
- [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
- [-] Security reports checked/validated by a reviewer from the AppSec team
Database Review
gitlab-org
namespace
GpgKeysFinder with users from Query plan: https://explain.dalibo.com/plan/gAh
Query:
users = Group.find(9970).users
::GpgKeysFinder.new(users: users).execute.page(1).preload_users.explain
SELECT "gpg_keys".*
FROM "gpg_keys"
WHERE "gpg_keys"."user_id" IN (SELECT "users"."id"
FROM "users"
INNER JOIN "members"
ON "users"."id" =
"members"."user_id"
WHERE "members"."type" = 'GroupMember'
AND "members"."source_type" = 'Namespace'
AND "members"."source_id" = 9970
AND "members"."source_type" = 'Namespace'
AND "members"."requested_at" IS NULL
AND "members"."access_level" != 5)
LIMIT 20 offset 0
Time: 11.349 ms
- planning: 1.405 ms
- execution: 9.944 ms
- I/O read: 0.000 ms
- I/O write: 0.000 ms
Shared buffers:
- hits: 6513 (~50.90 MiB) from the buffer pool
- reads: 0 from the OS file cache, including disk I/O
- dirtied: 0
- writes: 0
Related to #282429 (closed)
Edited by Peter Leitzen