Resolve cross DB issues in ee/app/models/instance_security_dashboard.rb

Summary

The instances security dashboard retrieves a bunch of information by their relationship to a project subset. Likely a variety of these will need to be fixed here.

Further details

See https://gitlab.com/gitlab-org/gitlab/-/blob/efca8216da456678a28c4601626955534f7a9b26/ee/app/models/instance_security_dashboard.rb#L30-40

  def projects
    Project.where(id: visible_users_security_dashboard_projects)
           .with_feature_available_for_user(:security_and_compliance, user)
           .allow_cross_joins_across_databases(url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/485658')
  end

  def vulnerabilities
    return Vulnerability.none if projects.empty?

    Vulnerability.for_projects(projects).allow_cross_joins_across_databases(url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/485658')
  end

Proposal

Update InstanceSecurityDashboard methods that query vulnerability tables, and make them pluck project IDs to avoid a cross-join.
Other methods that query tables of the main schema can still rely on the #projects method, which return a relation.
Remove allow_cross_joins_across_databases from #projects.

Edited Jan 20, 2025 by Fabien Catteau