Help Secure with DB record cleanup 2020 August

Production Change

Change Summary

Per gitlab-org/gitlab#235894 (closed) effort to better dogfood our Security Dashboard in Q3 we want to start with a blank slate. This means we are looking to clear all existing vulnerability records on production within the gitlab-org/security-products/analyzers namespace. As part of the aforementioned issue we have compiled a script to clear vulnerabilities and the related records.

• See script and log of testing on staging

Change Details

1. Services Impacted - Postgresql
2. Change Technician - @igorwwwwwwwwwwwwwwwwwwww
3. Change Criticality - C3
4. Change Type - changescheduled
5. Change Reviewer - @igorwwwwwwwwwwwwwwwwwwww
6. Due Date - 2020-08-25
7. Time tracking - 5 minutes
8. Downtime Component - N/A

Detailed steps for the change

Pre-Change Steps - steps to be completed before execution of the change

Estimated Time to Complete (mins) - N/A

• No pre-change steps needed

Change Steps - steps to take to execute the change

Estimated Time to Complete (mins) - 5 minutes

• Execution of cleanup script: #2541 (comment 399069462)

Post-Change Steps - steps to take to verify the change

Estimated Time to Complete (mins) - N/A

• See execution script verifying affected rows are zero'd out

Rollback

Rollback steps - steps to be taken in the event of a need to rollback this change

Estimated Time to Complete (mins) - M/A

• Rollback cannot be performed without database restoration

Monitoring

Key metrics to observe

• Metric: Metric Name
  • Location: Dashboard URL
  • What changes to this metric should prompt a rollback: Describe Changes

Summary of infrastructure changes

• Does this change introduce new compute instances?
• Does this change re-size any existing compute instances?
• Does this change introduce any additional usage of tooling like Elastic Search, CDNs, Cloudflare, etc?

No changes to infrastructure

Changes checklist

• This issue has a criticality label (e.g. C1, C2, C3, C4) and a change-type label (e.g. changeunscheduled, changescheduled).
• This issue has the change technician as the assignee.
• Pre-Change, Change, Post-Change, and Rollback steps and have been filled out and reviewed.
• Necessary approvals have been completed based on the Change Management Workflow.
• Change has been tested in staging and resultes noted in a comment on this issue.
• A dry-run has been conducted and results noted in a comment on this issue.
• SRE on-call has been informed prior to change being rolled out. (In #production channel, mention @sre-oncall and this issue.)
• There are currently no active incidents.