Remove orphans for approval rules (!103659) · Merge requests · GitLab.org / GitLab

Zamir Martins requested to merge remove_orphans_for_approval_rules into master Nov 10, 2022

What does this MR do and why?

Trigger two background batched migrations for deleting orphans approval_merge_request_rules and approval_project_rules.

From a feature perspective these records were not applicable to the previous ran migration. Scan finding approval rules are created whenever a MR is created and when their related security policy project is updated.

Related issue: #381889 (closed)

Query ran in production:

gitlabhq_dblab=# delete from approval_project_rules where approval_project_rules.security_orchestration_policy_configuration_id IS NULL AND approval_project_rules.report_type = 4;
DELETE 8
Time: 520.728 ms

gitlabhq_dblab=# delete from approval_merge_request_rules where approval_merge_request_rules.security_orchestration_policy_configuration_id IS NULL AND approval_merge_request_rules.report_type = 4;
DELETE 904
Time: 1507.306 ms (00:01.507)

Migration/Rollback:

$ bundle exec rails db:rollback:main STEP=1
main: == 20221110152133 DeleteOrphansApprovalRules: reverting =======================
main: == 20221110152133 DeleteOrphansApprovalRules: reverted (0.0484s) ==============

$ bundle exec rails db:rollback:ci STEP=1
ci: == 20221110152133 DeleteOrphansApprovalRules: reverting =======================
ci: -- The migration is skipped since it modifies the schemas: [:gitlab_main].
ci: -- This database can only apply migrations in one of the following schemas: [:gitlab_ci, :gitlab_shared, :gitlab_internal].
ci: == 20221110152133 DeleteOrphansApprovalRules: reverted (0.0001s) ==============

$ bundle exec rails db:migrate
main: == 20221110152133 DeleteOrphansApprovalRules: migrating =======================
main: == 20221110152133 DeleteOrphansApprovalRules: migrated (0.1094s) ==============
ci: == 20221110152133 DeleteOrphansApprovalRules: migrating =======================
ci: -- The migration is skipped since it modifies the schemas: [:gitlab_main].
ci: -- This database can only apply migrations in one of the following schemas: [:gitlab_ci, :gitlab_shared, :gitlab_internal].
ci: == 20221110152133 DeleteOrphansApprovalRules: migrated (0.0001s) ==============

data-deletion

approval_merge_request_rules - 905 records to be deleted
approval_project_rules - 8 records to be deleted

What we want to achieve

The data deleted here is left over from scan result policies related rules which shouldn't be considered throughout the approval process. So removing these rules will make merge request approval rules aligned with the existing scan result policies (including the case where there is not one).

What happens records are deleted because of an error

Existing merge request rules will be deleted and their respective approvals won't be required.

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Nov 25, 2022 by Zamir Martins

Remove orphans for approval rules