Add service to sync policy YAML into read model
What does this MR do and why?
Adds database tables and a service to store security policies, as we're moving most reads off Gitaly and to Postgres. The service avoids recreating unchanged policies by checksumming them.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Database
DELETE FROM "security_policies" WHERE "security_policies"."id" = 379;
SELECT
1 AS one
FROM
"security_policies"
WHERE
"security_policies"."security_orchestration_policy_configuration_id" = 34
AND "security_policies"."type" = 0
AND "security_policies"."policy_index" = 0
LIMIT 1;
SELECT
"approval_policy_rules".*
FROM
"approval_policy_rules"
WHERE
"approval_policy_rules"."security_policy_id" = 380
AND "approval_policy_rules"."rule_index" = 0
LIMIT 1;
UPDATE "security_policies" SET "updated_at" = '2024-03-06 15:00:15.389621', "policy_index" = -1 WHERE "security_policies"."id" = 103;
How to set up and validate locally
-
Create a new project
-
Navigate to
Secure > Policies
and create a Merge request approval policy -
Enable the feature flag for the newly created security policy project:
Feature.enable(:security_policies_sync, Project.last)
-
Try adding/editing/deleting policies and verify the state of the
security_policies
andapproval_policy_rules
tables
Related to #416262
Edited by Dominic Bauer