Add service to sync policy YAML into read model (!146504) · Merge requests · GitLab.org / GitLab

Dominic Bauer requested to merge 416262-add-service-to-create-and-sync-policy-yaml-into-read-model into master Mar 04, 2024

What does this MR do and why?

Adds database tables and a service to store security policies, as we're moving most reads off Gitaly and to Postgres. The service avoids recreating unchanged policies by checksumming them.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Database

DELETE FROM "security_policies" WHERE "security_policies"."id" = 379;

SELECT
	1 AS one
FROM
	"security_policies"
WHERE
	"security_policies"."security_orchestration_policy_configuration_id" = 34
	AND "security_policies"."type" = 0
	AND "security_policies"."policy_index" = 0
LIMIT 1;

SELECT
	"approval_policy_rules".*
FROM
	"approval_policy_rules"
WHERE
	"approval_policy_rules"."security_policy_id" = 380
	AND "approval_policy_rules"."rule_index" = 0
LIMIT 1;

UPDATE "security_policies" SET "updated_at" = '2024-03-06 15:00:15.389621', "policy_index" = -1 WHERE "security_policies"."id" = 103;

How to set up and validate locally

Create a new project
Navigate to Secure > Policies and create a Merge request approval policy
Enable the feature flag for the newly created security policy project:
```
Feature.enable(:security_policies_sync, Project.last)
```
Try adding/editing/deleting policies and verify the state of the security_policies and approval_policy_rules tables

Related to #416262

Edited Mar 06, 2024 by Dominic Bauer

Add service to sync policy YAML into read model

What does this MR do and why?

MR acceptance checklist

Database

How to set up and validate locally

Merge request reports