Add loose FK + model associations to vulnerability_occurrences cols

We want to drop the `vulnerability_occurrence_pipelines` table. In order to do this, we still need the first and latest pipeline ID stored somewhere to support the existing feature-set We added these columns, along with indexes, in previous commits. With that work done, we are now unblocked to add foreign keys and model associations, to prepare to actually backfill and use these columns Loose Foreign Keys ------------------------ As the pipelines table and the vulnerabilities table are in separate databases, we need to use [loose foreign keys][0]. As part of that process, I ran the script: ```sh scripts/decomposition/generate-loose-foreign-key -c vulnerability_occurrences ``` This generated specs that were not passing. To make these specs pass I needed to modify the factories from: ```ruby let_it_be(:model) { create(:vulnerability_occurrences, initial_pipeline: parent) } let_it_be(:model) { create(:vulnerability_occurrences, latest_pipeline: parent) } ``` to: ```ruby let_it_be(:model) { create(:vulnerabilities_finding, initial_pipeline_id: parent.id) } let_it_be(:model) { create(:vulnerabilities_finding, latest_pipeline_id: parent.id) } ``` [0]:https://docs.gitlab.com/ee/development/database/loose_foreign_keys.html related to: #422382 resolves: #443284 resolves: #443283 Changelog: changed

Add loose FK + model associations to vulnerability_occurrences cols
5051fa68 · Michael Becker · f8a3ee32 · 5051fa68 · 5051fa68 · 5051fa68
Unverified Commit 5051fa68 authored 1 year ago by Michael Becker
--- a/config/gitlab_loose_foreign_keys.yml
+++ b/config/gitlab_loose_foreign_keys.yml
@@ -382,6 +382,13 @@ vulnerability_occurrence_pipelines:
  - table: ci_pipelines
    column: pipeline_id
    on_delete: async_delete
+vulnerability_occurrences:
+  - table: ci_pipelines
+    column: initial_pipeline_id
+    on_delete: async_nullify
+  - table: ci_pipelines
+    column: latest_pipeline_id
+    on_delete: async_nullify
 vulnerability_state_transitions:
  - table: ci_pipelines
    column: state_changed_at_pipeline_id

--- a/ee/app/models/vulnerabilities/finding.rb
+++ b/ee/app/models/vulnerabilities/finding.rb
@@ -41,6 +41,11 @@ class Finding < ApplicationRecord

    has_many :finding_pipelines, class_name: 'Vulnerabilities::FindingPipeline', inverse_of: :finding, foreign_key: 'occurrence_id'

+    # rubocop: disable Rails/InverseOf -- these relations are not present on Ci::Pipeline
+    belongs_to :initial_finding_pipeline, class_name: '::Ci::Pipeline', foreign_key: 'initial_pipeline_id'
+    belongs_to :latest_finding_pipeline, class_name: '::Ci::Pipeline', foreign_key: 'latest_pipeline_id'
+    # rubocop:enable Rails/InverseOf
+
    has_many :signatures, class_name: 'Vulnerabilities::FindingSignature', inverse_of: :finding

    has_many :vulnerability_flags, class_name: 'Vulnerabilities::Flag', inverse_of: :finding, foreign_key: 'vulnerability_occurrence_id'

--- a/ee/spec/models/vulnerabilities/finding_spec.rb
+++ b/ee/spec/models/vulnerabilities/finding_spec.rb
@@ -7,7 +7,7 @@
  it { is_expected.to define_enum_for(:severity) }
  it { is_expected.to define_enum_for(:detection_method) }

-  it { is_expected.to have_locked_schema('458e3a0b44243892ff4b9e97142c71c0c8fbd37ba3f6d19817842950e36d6d64').reference('https://gitlab.com/gitlab-org/gitlab/-/issues/349315') }
+  it { is_expected.to have_locked_schema('296230dd197f05c9ba332783569454be1e973ff1da1a8a462a2a2330e67585fe').reference('https://gitlab.com/gitlab-org/gitlab/-/issues/349315') }

  where(vulnerability_finding_signatures: [true, false])
  with_them do
@@ -1243,4 +1243,18 @@
      end
    end
  end
+
+  context 'with loose foreign key on vulnerability_occurrences.initial_pipeline_id' do
+    it_behaves_like 'cleanup by a loose foreign key' do
+      let_it_be(:parent) { create(:ci_pipeline) }
+      let_it_be(:model) { create(:vulnerabilities_finding, initial_pipeline_id: parent.id) }
+    end
+  end
+
+  context 'with loose foreign key on vulnerability_occurrences.latest_pipeline_id' do
+    it_behaves_like 'cleanup by a loose foreign key' do
+      let_it_be(:parent) { create(:ci_pipeline) }
+      let_it_be(:model) { create(:vulnerabilities_finding, latest_pipeline_id: parent.id) }
+    end
+  end
 end
--- a/spec/db/schema_spec.rb
+++ b/spec/db/schema_spec.rb
@@ -130,7 +130,6 @@
    users_star_projects: %w[user_id],
    vulnerability_identifiers: %w[external_id],
    vulnerability_scanners: %w[external_id],
-    vulnerability_occurrences: %w[initial_pipeline_id latest_pipeline_id], # loose FK will be added in https://gitlab.com/gitlab-org/gitlab/-/work_items/44328f4
    security_scans: %w[pipeline_id], # foreign key is not added as ci_pipeline table will be moved into different db soon
    dependency_list_exports: %w[pipeline_id], # foreign key is not added as ci_pipeline table is in different db
    vulnerability_reads: %w[cluster_agent_id],