Make organization_id NOT NULL on oauth_applications table

Summary

Add a NOT NULL constraint to the organization_id column on the oauth_applications table after backfill and application code changes are complete.

Context

This is the final step in adding the sharding key to oauth_applications. After the column is added, backfilled, and application code is updated, we need to enforce the constraint.

Prerequisites

All of the following must be completed before this issue:

  • organization_id column added to table
  • Background migration to backfill existing records is complete
  • Application code updated to set organization_id on creation
  • Verification that all records have organization_id set

Implementation Steps

  1. Validate Data Completeness

    • Query to confirm no NULL values exist: 
      SELECT COUNT(*) FROM oauth_applications WHERE organization_id IS NULL;
    • Should return 0

  2. Add NOT NULL Constraint

    • Create migration to add constraint
    • Use add_not_null_constraint helper for zero-downtime deployment
    • Validate constraint before finalizing

  3. Update Schema Documentation

    • Update db/docs/oauth_applications.yml
    • Mark organization_id as required
    • Update sharding key documentation

  4. Update Model Validations

    • Add validates :organization_id, presence: true to model
    • Ensure validation aligns with database constraint

Migration Example

class AddNotNullConstraintToOauthApplicationsOrganizationId < Gitlab::Database::Migration[2.2]
  disable_ddl_transaction!

  def up
    add_not_null_constraint :oauth_applications, :organization_id
  end

  def down
    remove_not_null_constraint :oauth_applications, :organization_id
  end
end

Validation

  • Constraint successfully added in development
  • Constraint successfully added in staging
  • No errors in production deployment
  • Model validations working correctly
  • Cannot create application without organization_id

Rollback Plan

If issues are discovered:

  1. Remove NOT NULL constraint
  2. Investigate missing organization_id cases
  3. Fix application code or backfill issues
  4. Re-attempt constraint addition

Dependencies

  • Blocked by: All previous oauth_applications organization_id issues
  • Related: #553465 (closed)

References

Edited by 🤖 GitLab Bot 🤖