Cache policy.yml in security policy project

Why are we doing this work

As a part of Refine Policy Application Limits (&8084), we want to increase the limit in number of policies that can be created for a group/project. As a first step for that, we want to reduce the time it takes to read the yaml file from gitaly. Since we already have cache for files/methods from gitaly, we could cache .gitlab/security-policies/policy.yml to reduce the time to read from gitaly everytime.

Relevant links

• Epic

Non-functional requirements

• Documentation:
• Feature flag:
• Performance:
• Testing:

Implementation plan

• backend Update app/models/repository.rb to cache security policy yaml file.

Verification steps

• Verify in this dashboard if the duration is reduced

added to epic &8084

added Category:Security Policy Management backend devopsgovern featureenhancement groupsecurity policies sectionsec typefeature workflowready for development labels

changed the description

mentioned in epic &8084

This issue has been sent back to workflowrefinement because it's missing the weight. Please add a weight and then send it back to workflowready for development. If indeed this issue does not need a weight, then it must be either (labelled as a spike or typebug), or (unlabelled as frontend and backend).

Bot policy.

added workflowrefinement label and removed workflowready for development label

changed milestone to %16.2

@sashi_kumar, could you please refine this issue?

Bot policy.

assigned to @sashi_kumar

added Stretch label

mentioned in issue #415515 (closed)

marked #418775 (closed) as a duplicate of this issue

marked this issue as related to #418775 (closed)

changed milestone to %16.3

mentioned in issue #418842 (closed)

changed milestone to %16.4

mentioned in issue #422580 (closed)

added Error Budget Improvement label

added workflowin review label and removed workflowrefinement label

mentioned in merge request !131384 (merged)

added workflowverification label and removed workflowin review label

mentioned in issue #424725 (closed)

Verified in production:

• Enabled the feature flag in group: https://gitlab.com/gitlab-org/govern/security-policies/sashis-test-group/
• Execute a pipeline in MR and verify gitaly_duration from logs of Security::ScanResultPolicies::SyncFindingsToApprovalRulesWorker

gitaly_duration is 0.209 without feature flag and 0.02 with feature flag

source

unassigned @sashi_kumar

This issue is ready to be verified and according to our verification process we need your help with this activity.

@ali-gitlab, would you mind taking a look if this issue can be verified on production and close this issue?

assigned to @ali-gitlab

unassigned @ali-gitlab

This issue is ready to be verified and according to our verification process we need your help with this activity.

@bauerdominic, would you mind taking a look if this issue can be verified on production and close this issue?

assigned to @bauerdominic

This FF has been globally enabled on .com since Sep 22nd, I'm taking that as a successful verification in production.

closed

added workflowcomplete label and removed workflowverification label

mentioned in issue #407761 (closed)

mentioned in issue #436546 (closed)