Remove orphaned approval project rules after transfer (!127767) · Merge requests · GitLab.org / GitLab

Martin Čavoj requested to merge 415925-batch-migration-approval-rule-transferred-projects into master Jul 27, 2023

What does this MR do and why?

This MR removes orphaned approval rules for projects that had group-inherited policies and were transferred to another group. The affected approval rules have report type scan_finding and license_scanning and orchestration_security_policy_project_id which is not assigned to any of the parent groups.

Query

All the queries are listed in !127767 (comment 1491489971).

The most important query is the deletion of the approval_project_rules, for which I took an example from the local development:

DELETE FROM "approval_project_rules" WHERE "approval_project_rules"."security_orchestration_policy_configuration_id" = 88 AND "approval_project_rules"."report_type" IN (2, 4) AND "approval_project_rules"."project_id" = 183 AND "approval_project_rules"."id" >= 188

https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/20828/commands/68305

Note: This plan didn't find any rows, I'm not sure how to find approval_project_rules IDs that would match existing rows, but the timings can be also seen in the queries listed below.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #415925 (closed)

Edited Jul 28, 2023 by Martin Čavoj

Remove orphaned approval project rules after transfer

What does this MR do and why?

Query

MR acceptance checklist

Merge request reports