Sync security policy rule schedules that may have been deleted by bug
What does this MR do and why?
For "schedule" type policies, only the last sch... (#393962 - closed) describes a bug where only the last schedule type scan execution policy runs. This was caused by a bug that deleted all rule schedules that were not defined in the last policy. The bug was fixed in Fix bug causing only the last schedule type pol... (!114021 - merged), which means that new/updated policies will have the correct behaviour. In order to completely fix the bug, we need to recreate the deleted rule schedules for policies that have not been updated since the bug was fixed. See #393962 (comment 1316151612) for more details.
This MR schedules a Security::SyncScanPoliciesWorker for all policy configurations that have a rule schedule with policy_index >= 1. This ensures that all rule schedules that may have been deleted by the bug are restored.
Related to #393962 (closed)
Screenshots or screen recordings
Two projects were created with identical policies. Each policy has one rule schedule.
The rule schedule with policy_index 0 for security_orchestration_policy_configuration_id 1 was deleted to simulate the bug.
security_orchestration_policy_rule_schedules before migration
| id | created_at | updated_at | next_run_at | security_orchestration_policy_configuration_id | user_id | policy_index | cron | rule_index |
|---|---|---|---|---|---|---|---|---|
| 60 | 2023-03-17 19:14:19.528451 +00:00 | 2023-03-17 19:15:04.995000 +00:00 | 2023-03-17 19:30:00.000000 +00:00 | 2 | 1 | 0 | * * * * * | 0 |
| 61 | 2023-03-17 19:14:19.536808 +00:00 | 2023-03-17 19:15:06.375741 +00:00 | 2023-03-17 19:30:00.000000 +00:00 | 2 | 1 | 1 | * * * * * | 0 |
| 63 | 2023-03-17 19:16:55.864192 +00:00 | 2023-03-17 19:16:55.864192 +00:00 | 2023-03-17 19:30:00.000000 +00:00 | 1 | 1 | 1 | * * * * * | 0 |
security_orchestration_policy_rule_schedules after migration
| id | created_at | updated_at | next_run_at | security_orchestration_policy_configuration_id | user_id | policy_index | cron | rule_index |
|---|---|---|---|---|---|---|---|---|
| 64 | 2023-03-17 19:20:58.480379 +00:00 | 2023-03-17 19:20:58.480379 +00:00 | 2023-03-17 19:30:00.000000 +00:00 | 2 | 1 | 0 | * * * * * | 0 |
| 65 | 2023-03-17 19:20:58.484560 +00:00 | 2023-03-17 19:20:58.484560 +00:00 | 2023-03-17 19:30:00.000000 +00:00 | 1 | 1 | 0 | * * * * * | 0 |
| 66 | 2023-03-17 19:20:58.549022 +00:00 | 2023-03-17 19:20:58.549022 +00:00 | 2023-03-17 19:30:00.000000 +00:00 | 1 | 1 | 1 | * * * * * | 0 |
| 67 | 2023-03-17 19:20:58.544343 +00:00 | 2023-03-17 19:20:58.544343 +00:00 | 2023-03-17 19:30:00.000000 +00:00 | 2 | 1 | 1 | * * * * * | 0 |
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.