Remove default value for `organization_id` from SBOM tables

Why are we doing this work

As part of (size: L) Govern: Threat Insights - Cells Support (&13087 - closed), we have to remove the default value for organization_id columns of tables owned by groupthreat insights (vulnerability_management and dependency_management tables).

Default value for organization_id should be removed from the following tables:

  • sbom_sources
  • sbom_source_packages
  • sbom_components
  • sbom_component_versions1
  • vulnerability_exports
  • vulnerability_export_parts
  • dependency_list_exports2
  • dependency_list_export_parts

See #480423 (comment 2086030998)

Removing the default value can only be done after doing the following:

  • Backfill the column, and add a NOT NULL constraint to it.
  • Change the application to always set the corresponding attribute (in the ingestion tasks).

This has been covered in previous issues.

Implementation plan

Remove default value for organization_id column/sharding key.

  • sbom_sources
  • sbom_source_packages
  • sbom_components
  • sbom_component_versions1
  • vulnerability_exports
  • vulnerability_export_parts
  • dependency_list_exports2
  • dependency_list_export_parts

See https://docs.gitlab.com/ee/development/database/avoiding_downtime_in_migrations.html#changing-column-defaults

  1. sbom_component_versions.organization_id was introduced in Add sharding key to `sbom_component_versions` (#469435 - closed). 2

  2. dependency_list_exports.organization_id doesn't have a NOT NULL constraint. Composite sharding key will be added as part of Backfill `project_id` for `dependency_list_expo... (#454947 - closed). See #480423 (comment 2086027629) 2

Edited by Fabien Catteau