Add nullable scan_result_policies.rule_idx column and unique index (!120322) · Merge requests · GitLab.org / GitLab

Dominic Bauer requested to merge 404073-add-rule-index-column-to-scan-result-policies into master May 10, 2023

What does this MR do and why?

Second MR in a series that will eventually clean up all unused rows of the scan_result_policies table. Continuation of !119763 (merged), where we started deleting rows.

adds nullable scan_result_policies.rule_idx column
adds unique index over security_orchestration_policy_configuration_id, project_id, orchestration_policy_idx, rule_index
starts writing rule_idx for new rows

Database Index

CREATE UNIQUE INDEX index_scan_result_policies_on_position_in_configuration ON scan_result_policies USING btree (security_orchestration_policy_configuration_id, project_id, orchestration_policy_idx, rule_idx);

https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/20268/commands/66277

How to set up and validate locally

Ensure the delete_scan_result_policies_by_project_id feature is enabled. Otherwise there will be uniqueness violations if rows are only written but not deleted. The flag is already enabled globally, but still present in the tree.
Create a new project with a scan result policy that contains two rules
Verify the rule_idx values are 0 and 1 for both rows
Execute Security::ProcessScanResultPolicyWorker for the (project, configuration) combination
Verify the rows were recreated with correct rule_idx

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #404073 (closed)

Edited Jul 11, 2023 by Dominic Bauer

Add nullable scan_result_policies.rule_idx column and unique index

What does this MR do and why?

Database Index

How to set up and validate locally

MR acceptance checklist

Merge request reports