Process security policies only when they are changed

Sashi Kumar Kumaresanrequested to merge
sk/check-read-model into master

What does this MR do and why?

This MR checks if any of the security policies are created/updated/deleted before processing the policy changes to reduce the expensive policy synchronisation.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

  • Enable security_policies_sync and security_policies_sync_group feature flags
  • Create a security policy for a group or a project from Secure -> Policies
  • After the policy changes MR is merged, go to the security policy project and update README and create an MR
  • Before merging the MR note these 2 things:
    • In rails console: Security::OrchestrationPolicyConfiguration.last.configured_at
    • Tail sidekiq logs: gdk tail rails-background-jobs | grep 'ProcessScanResultPolicyWorker'
  • After merging the MR notice that the configured_at timestamp is not updated and ProcessScanResultPolicyWorker is called.

Addresses #416262 (closed)

Edited by Sashi Kumar Kumaresan

Merge request reports