Add read_dependency column to member_roles table

What does this MR do and why?

This change adds a new column to the member_roles table for the read_dependency ability. This column is used to enable the read_dependencies permission when member_roles.read_dependency is enabled on a custom member role.

#415255 (closed)

Add read_dependency column to member_roles table

This change adds a new column to the member_roles table to allow custom roles to enable the read_dependency ability.

Changelog: added EE: true

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.

changed milestone to %16.3

added featureaddition groupthreat insights labels

assigned to @mokhax

added typefeature label

added devopsgovern sectionsec labels

added database databasereview pending labels

	1 Warning
	featureaddition and featureenhancement merge requests normally have a documentation change. Consider adding a documentation update or confirming the documentation plan with the Technical Writer counterpart. For more information, see: The Handbook page on merge request types. The definition of done documentation.

Reviewer roulette

Changes that require review have been detected!

Please refer to the table below for assigning reviewers and maintainers suggested by Danger in the specified category:

Category	Reviewer	Maintainer
backend	Rad Batnag (@radbatnag) (UTC+8)	Rajendra Kadam (@rkadam3) (UTC+5.5)
database	Mehmet Emin Inac (@minac) (UTC+2)	Matt Kasa (@mattkasa) (UTC-7)
~"migration"	No reviewer available	No maintainer available

To spread load more evenly across eligible reviewers, Danger has picked a candidate for each review slot, based on their timezone. Feel free to override these selections if you think someone else would be better-suited or use the GitLab Review Workload Dashboard to find other available reviewers.

To read more on how to use the reviewer roulette, please take a look at the Engineering workflow and code review guidelines. Please consider assigning a reviewer or maintainer who is a domain expert in the area of the merge request.

Once you've decided who will review this merge request, assign them as a reviewer! Danger does not automatically notify them for you.

If needed, you can retry the danger-review job that generated this comment.

Generated by Danger

added Data WarehouseImpact Check label

Allure report

allure-report-publisher generated test report!

e2e-test-on-gdk: test report for da60e762

expand test summary

+------------------------------------------------------------------+
|                          suites summary                          |
+-------------+--------+--------+---------+-------+-------+--------+
|             | passed | failed | skipped | flaky | total | result |
+-------------+--------+--------+---------+-------+-------+--------+
| Plan        | 47     | 0      | 0       | 41    | 47    | ❗     |
| Govern      | 21     | 0      | 0       | 18    | 21    | ❗     |
| Data Stores | 20     | 0      | 0       | 15    | 20    | ❗     |
| Create      | 19     | 0      | 0       | 18    | 19    | ❗     |
| Verify      | 8      | 0      | 0       | 8     | 8     | ❗     |
| Manage      | 12     | 0      | 1       | 12    | 13    | ❗     |
+-------------+--------+--------+---------+-------+-------+--------+
| Total       | 127    | 0      | 1       | 112   | 128   | ❗     |
+-------------+--------+--------+---------+-------+-------+--------+

e2e-review-qa: test report for be875854

expand test summary

+-----------------------------------------------------------------------+
|                            suites summary                             |
+------------------+--------+--------+---------+-------+-------+--------+
|                  | passed | failed | skipped | flaky | total | result |
+------------------+--------+--------+---------+-------+-------+--------+
| Create           | 8      | 0      | 1       | 0     | 9     | ✅     |
| Govern           | 21     | 0      | 0       | 0     | 21    | ✅     |
| Framework sanity | 0      | 0      | 1       | 0     | 1     | ➖     |
| Monitor          | 4      | 0      | 0       | 0     | 4     | ✅     |
| Plan             | 3      | 0      | 1       | 0     | 4     | ✅     |
| Data Stores      | 2      | 0      | 0       | 0     | 2     | ✅     |
| Manage           | 1      | 0      | 0       | 0     | 1     | ✅     |
+------------------+--------+--------+---------+-------+-------+--------+
| Total            | 39     | 0      | 3       | 0     | 42    | ✅     |
+------------------+--------+--------+---------+-------+-------+--------+

added 1 commit

• 9432e4e2 - Add policy to enable read_dependeny via custom roles

Compare with previous version

changed the description

added backend label

added 1 commit

• 69f847df - Ensure dependency_scanning is enabled

Compare with previous version

Database migrations (on the main database)

Migrations included in this change have been executed on gitlab.com data for testing purposes. For details, please see the migration testing pipeline (limited access).

Migration	Type	Total runtime	Result	DB size change
20230712214613 - AddReadDependencyToMemberRoles	Regular	2.1 s		+0.00 B

Runtime Histogram for all migrations

Query Runtime	Count
0 seconds - 0.01 seconds	0
0.01 seconds - 0.1 seconds	4
0.1 seconds - 1 second	0
1 second - 5 seconds	0
5 seconds - 15 seconds	0
15 seconds - 5 minutes	0
5 minutes +	0

Migration: 20230712214613 - AddReadDependencyToMemberRoles

• Type: Regular
• Duration: 2.1 s
• Database size change: +0.00 B

Calls	Total Time	Max Time	Mean Time	Rows	Query
1	9.1 ms	9.1 ms	9.1 ms	0	ALTER TABLE "member_roles" ADD "read_dependency" boolean DEFAULT FALSE NOT NULL
2	0.0 ms	0.0 ms	0.0 ms	2	SELECT pg_backend_pid()
1	0.0 ms	0.0 ms	0.0 ms	1	SELECT $1::regtype::oid

Histogram for AddReadDependencyToMemberRoles

Query Runtime	Count
0 seconds - 0.01 seconds	0
0.01 seconds - 0.1 seconds	4
0.1 seconds - 1 second	0
1 second - 5 seconds	0
5 seconds - 15 seconds	0
15 seconds - 5 minutes	0
5 minutes +	0

Other information

Other migrations pending on GitLab.com

Migration	Type	Total runtime	Result	DB size change
20230704050739 - PrepareRemovalIndexDeploymentsOnEnvironmentIdAndIidAndProjectId	Post deploy	3.1 s		+0.00 B
20230705141703 - RollbackVulnerabilityAdvisoriesForeignKeyOnVulnerableComponentVersions	Post deploy	1.5 s		+0.00 B
20230705141733 - RollbackComponentVersionForeignKeyOnVulnerableComponentVersions	Post deploy	2.3 s		+0.00 B
20230705142241 - DropVulnerableComponentVersions	Post deploy	1.9 s		-32.00 KiB
20230705142334 - DropVulnerabilitiesAdvisories	Post deploy	1.8 s		-24.00 KiB
20230707220646 - AddIndexToVulnerabilityFindingsOnUuidAgain	Post deploy	2.3 s		+0.00 B
20230711093010 - DropDefaultPartitionIdValueForCiTables	Post deploy	4.3 s		+0.00 B
20230712020407 - RemoveTemporaryIndexFromSystemNoteMetadata	Post deploy	2.2 s		-7.05 MiB
20230712064637 - ReplaceOldFkPCiBuildsMetadataToBuildsV2	Post deploy	2.0 s		+0.00 B
20230712064655 - ReplaceOldFkPCiRunnerMachineBuildsToBuildsV2	Post deploy	1.7 s		+0.00 B
20230712145323 - DropCiJobArtifactsPartitionIdDefault	Post deploy	1.8 s		+0.00 B
20230712145821 - DropCiStagesPartitionIdDefault	Post deploy	1.8 s		+0.00 B
20230712145926 - DropCiBuildTraceMetadataPartitionIdDefault	Post deploy	1.8 s		+0.00 B
20230713100100 - DropCiPipelineVariablePartitionIdDefault	Post deploy	1.8 s		+0.00 B

Clone details

Clone ID	Clone Created At	Clone Data Timestamp	Expected Removal Time
database-testing-2111817-10591323-main	2023-07-13T21:59:55Z	2023-07-13T16:39:26Z	2023-07-14 10:04:50 +0000
database-testing-2111817-10591323-ci	2023-07-13T21:59:55Z	2023-07-13T20:45:31Z	2023-07-14 10:04:50 +0000

Job artifacts

Database migrations (on the ci database)

Migrations included in this change have been executed on gitlab.com data for testing purposes. For details, please see the migration testing pipeline (limited access).

Migration	Type	Total runtime	Result	DB size change
20230712214613 - AddReadDependencyToMemberRoles	Regular	3.5 s		+0.00 B

Runtime Histogram for all migrations

Query Runtime	Count
0 seconds - 0.01 seconds	0
0.01 seconds - 0.1 seconds	4
0.1 seconds - 1 second	0
1 second - 5 seconds	0
5 seconds - 15 seconds	0
15 seconds - 5 minutes	0
5 minutes +	0

Migration: 20230712214613 - AddReadDependencyToMemberRoles

• Type: Regular
• Duration: 3.5 s
• Database size change: +0.00 B

Calls	Total Time	Max Time	Mean Time	Rows	Query
1	12.6 ms	12.6 ms	12.6 ms	0	ALTER TABLE "member_roles" ADD "read_dependency" boolean DEFAULT FALSE NOT NULL
1	0.0 ms	0.0 ms	0.0 ms	1	SELECT $1::regtype::oid
2	0.0 ms	0.0 ms	0.0 ms	2	SELECT pg_backend_pid()

Histogram for AddReadDependencyToMemberRoles

Query Runtime	Count
0 seconds - 0.01 seconds	0
0.01 seconds - 0.1 seconds	4
0.1 seconds - 1 second	0
1 second - 5 seconds	0
5 seconds - 15 seconds	0
15 seconds - 5 minutes	0
5 minutes +	0

Other information

Other migrations pending on GitLab.com

Migration	Type	Total runtime	Result	DB size change
20230704050739 - PrepareRemovalIndexDeploymentsOnEnvironmentIdAndIidAndProjectId	Post deploy	3.8 s		+0.00 B
20230705141703 - RollbackVulnerabilityAdvisoriesForeignKeyOnVulnerableComponentVersions	Post deploy	2.4 s		+0.00 B
20230705141733 - RollbackComponentVersionForeignKeyOnVulnerableComponentVersions	Post deploy	2.4 s		+0.00 B
20230705142241 - DropVulnerableComponentVersions	Post deploy	2.5 s		-32.00 KiB
20230705142334 - DropVulnerabilitiesAdvisories	Post deploy	2.5 s		-24.00 KiB
20230707220646 - AddIndexToVulnerabilityFindingsOnUuidAgain	Post deploy	2.5 s		+0.00 B
20230711093010 - DropDefaultPartitionIdValueForCiTables	Post deploy	5.4 s		+0.00 B
20230712020407 - RemoveTemporaryIndexFromSystemNoteMetadata	Post deploy	3.1 s		-8.00 KiB
20230712064637 - ReplaceOldFkPCiBuildsMetadataToBuildsV2	Post deploy	3.6 s		+0.00 B
20230712064655 - ReplaceOldFkPCiRunnerMachineBuildsToBuildsV2	Post deploy	3.2 s		+0.00 B
20230712145323 - DropCiJobArtifactsPartitionIdDefault	Post deploy	2.7 s		+0.00 B
20230712145821 - DropCiStagesPartitionIdDefault	Post deploy	2.7 s		+0.00 B
20230712145926 - DropCiBuildTraceMetadataPartitionIdDefault	Post deploy	2.7 s		+0.00 B
20230713100100 - DropCiPipelineVariablePartitionIdDefault	Post deploy	2.7 s		+0.00 B

Clone details

Clone ID	Clone Created At	Clone Data Timestamp	Expected Removal Time
database-testing-2111817-10591323-main	2023-07-13T21:59:55Z	2023-07-13T16:39:26Z	2023-07-14 10:04:50 +0000
database-testing-2111817-10591323-ci	2023-07-13T21:59:55Z	2023-07-13T20:45:31Z	2023-07-14 10:04:50 +0000

Job artifacts

---

Brought to you by gitlab-org/database-team/gitlab-com-database-testing. Epic

added 1 commit

• 96e5bb75 - Update assertion to include read_dependency ability

Compare with previous version

marked this merge request as ready

added database-testing-automation label

mentioned in issue #415255 (closed)