[Backend] Introduce database tables for storing exclusions

Overview

This issue tracks the effort to introduce two new database tables under gitlab_sec database. The two database tables will be used for storing exclusions data on the project and group levels. Below is a list of provisional structure of each table (minus the conventional columns).

  • scanner: An enum used to determine which scanner this exclusion is for.
  • description: A text used to provide context on what this exclusion is for.
  • type: An enum used to determine the type of exclusion, e.g. path, pattern, or value.
  • value: A string used to store the value of exclusion, e.g. a path like spec/**/*.rb.
  • active: A boolean used to determine if an exclusion is active or disabled.

This sort of structure can be described as the two ERD diagrams below.

ProjectSecurityExclusion

erDiagram
PROJECT_SECURITY_EXCLUSION {
  integer id PK
  smallint scanner
  text description
  smallint type
  string value
  boolean active
  integer project_id FK
  datetime created_at
  datetime updated_at
}

PROJECT ||--o{ PROJECT_SECURITY_EXCLUSION : has

GroupSecurityExclusion

erDiagram
GROUP_SECURITY_EXCLUSION {
  integer id PK
  smallint scanner
  text description
  smallint type
  string value
  boolean active
  integer group_id FK
  datetime created_at
  datetime updated_at
}

GROUP ||--o{ GROUP_SECURITY_EXCLUSION : has

Implementation Plan

Below is a list of tasks to achieve the desired outcome of this issue.

  • Introduce a new database table, e.g. project_security_exclusions, under gitlab_sec database:
    • Create a regular schema migration to create the new table.
    • Define a sharding key for the table based on whether table entries belong to project or namespace.
    • Create a corresponding model project_security_exclusion and add appropriate relationship with project model.
  • Introduce a new database table, e.g. group_security_exclusions, under gitlab_sec database:
    • Create a regular schema migration to create the new table.
    • Define a sharding key for the table based on whether table entries belong to project or namespace.
    • Create a corresponding model group_security_exclusion and add appropriate relationship with group model.
Edited by Ahmed Hemdan