Add has_vulnerabilities to cluster_agents
What does this MR do and why?
This MR adds new column has_vulnerabilities
to cluster_agents
table to quickly determine which for which cluster_agents
we have identified vulnerabilities. Otherwise we would need to perform query with join on large vulnerability_reads
table to determine which cluster_agents
has vulnerabilities. This is needed to render dropdown with cluster agents in Vulnerability Report (especially for Group or Instance Security Dashboard).
Queries
explain SELECT “cluster_agents”.* FROM “cluster_agents” WHERE “cluster_agents”.“project_id” IN (SELECT “projects”.“id” FROM “projects” WHERE “projects”.“namespace_id” IN (WITH RECURSIVE “base_and_descendants” AS ((SELECT “namespaces”.“id” FROM “namespaces” WHERE “namespaces”.“type” = ‘Group’ AND “namespaces”.“id” = 9970)
UNION
(SELECT “namespaces”.“id” FROM “namespaces”, “base_and_descendants” WHERE “namespaces”.“type” = ‘Group’ AND “namespaces”.“parent_id” = “base_and_descendants”.“id”)) SELECT “namespaces”.“id” FROM “base_and_descendants” AS “namespaces”)) AND “cluster_agents”.“has_vulnerabilities” = TRUE;
Before
Summary:
Time: 208.796 ms
- planning: 8.705 ms
- execution: 200.091 ms
- I/O read: 191.910 ms
- I/O write: 0.000 ms
Shared buffers:
- hits: 6651 (~52.00 MiB) from the buffer pool
- reads: 110 (~880.00 KiB) from the OS file cache, including disk I/O
- dirtied: 9 (~72.00 KiB)
- writes: 0
Details and visualization: https://postgres.ai/console/gitlab/gitlab-production-tunnel-pg12/sessions/10592/commands/38078.
Creating Index
exec CREATE INDEX index_cluster_agents_on_project_id_and_has_vulnerabilities ON cluster_agents USING btree (project_id, has_vulnerabilities);
The query has been executed. Duration: 20.136 ms
After
Summary:
Time: 9.588 ms
- planning: 8.451 ms
- execution: 1.137 ms
- I/O read: 0.616 ms
- I/O write: 0.000 ms
Shared buffers:
- hits: 3 (~24.00 KiB) from the buffer pool
- reads: 29 (~232.00 KiB) from the OS file cache, including disk I/O
- dirtied: 0
- writes: 0
Details and visualization: https://postgres.ai/console/gitlab/gitlab-production-tunnel-pg12/sessions/10592/commands/38082.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to GraphQL filter for vulnerabilities by container... (#358763 - closed)