Add GraphQL aggregate to prevent N+1 query on DAST profiles
What does this MR do?
This change adds new aggregate to prevent N+1 query when fetching
referencedInSecurityPolicies
in GraphQL API for DAST profiles.
We had N+1 query to gitaly because:
- we were calling
referenced_in_security_policies
method for for each DAST Site Profile/DAST Scanner Profile in GraphQL response, -
referenced_in_security_policies
method was callingproject.security_orchestration_policy_configuration.active_policy_names_with_dast_site_profile
method, -
security_orchestration_policy_configuration.active_policy_names_with_dast_site_profile
was callinggitally
(blob_data_at
method) to fetch YAML policy from the Repository in Security Policies Project, - so we were asking for same file, multiple times, and each method call caused call to
gitaly
To fix that we had to change the way we ask for referenced_in_security_policies
, as we can do it only once for the project, get all referenced DAST Profile names by Policy and then return that information in GraphQL response. So we have changed N queries, to 1 query to gitaly to load profile names defined in policy.
Screenshots (strongly suggested)
Does this MR meet the acceptance criteria?
Conformity
-
📋 Does this MR need a changelog?-
I have included a changelog entry. -
I have not included a changelog entry because _____.
-
-
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. - [-] Tested in all supported browsers
- [-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
- [-] Label as security and @ mention
@gitlab-com/gl-security/appsec
- [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
- [-] Security reports checked/validated by a reviewer from the AppSec team
Related to #324382 (closed)
Edited by Alan (Maciej) Paruszewski