[Backend] Introduce database tables for storing exclusions
Overview
This issue tracks the effort to introduce two new database tables under gitlab_sec
database. The two database tables will be used for storing exclusions data on the project and group levels. Below is a list of provisional structure of each table (minus the conventional columns).
-
scanner
: Anenum
used to determine which scanner this exclusion is for. -
description
: Atext
used to provide context on what this exclusion is for. -
type
: Anenum
used to determine the type of exclusion, e.g.path
,pattern
, orvalue
. -
value
: Astring
used to store the value of exclusion, e.g. a path likespec/**/*.rb
. -
active
: Aboolean
used to determine if an exclusion is active or disabled.
This sort of structure can be described as the two ERD diagrams below.
ProjectSecurityExclusion
erDiagram
PROJECT_SECURITY_EXCLUSION {
integer id PK
smallint scanner
text description
smallint type
string value
boolean active
integer project_id FK
datetime created_at
datetime updated_at
}
PROJECT ||--o{ PROJECT_SECURITY_EXCLUSION : has
GroupSecurityExclusion
erDiagram
GROUP_SECURITY_EXCLUSION {
integer id PK
smallint scanner
text description
smallint type
string value
boolean active
integer group_id FK
datetime created_at
datetime updated_at
}
GROUP ||--o{ GROUP_SECURITY_EXCLUSION : has
Implementation Plan
Below is a list of tasks to achieve the desired outcome of this issue.
-
Introduce a new database table, e.g. project_security_exclusions
, undergitlab_sec
database:-
Create a regular schema migration to create the new table. -
Define a sharding key for the table based on whether table entries belong to project or namespace. -
Create a corresponding model project_security_exclusion
and add appropriate relationship withproject
model.
-
-
Introduce a new database table, e.g. group_security_exclusions
, undergitlab_sec
database:-
Create a regular schema migration to create the new table. -
Define a sharding key for the table based on whether table entries belong to project or namespace. -
Create a corresponding model group_security_exclusion
and add appropriate relationship withgroup
model.
-
Edited by Ahmed Hemdan