Remove orphaned approval project rules after transfer
What does this MR do and why?
This MR removes orphaned approval rules for projects that had group-inherited policies and were transferred to another group. The affected approval rules have report type scan_finding
and license_scanning
and orchestration_security_policy_project_id
which is not assigned to any of the parent groups.
Query
All the queries are listed in !127767 (comment 1491489971).
The most important query is the deletion of the approval_project_rules
, for which I took an example from the local development:
DELETE FROM "approval_project_rules" WHERE "approval_project_rules"."security_orchestration_policy_configuration_id" = 88 AND "approval_project_rules"."report_type" IN (2, 4) AND "approval_project_rules"."project_id" = 183 AND "approval_project_rules"."id" >= 188
https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/20828/commands/68305
Note: This plan didn't find any rows, I'm not sure how to find approval_project_rules
IDs that would match existing rows, but the timings can be also seen in the queries listed below.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #415925 (closed)