Remove cross-join from EE::Group#vulnerabilities

Fabien Catteaurequested to merge
486216-remove-cross-join-from-ee-group-vulnerabilities into master

What does this MR do and why?

Remove cross-database join from EE::Group#vulnerabilities using vulnerability_reads.traversal_ids.

As a result of this change, the method now excludes archived projects but it includes marked for deletion. This behavior change is necessary to rely on the existing index on traversal_ids, which is limited to when archived is false.

References

Please include cross links to any resources that are relevant to this MR. This will give reviewers and future readers helpful context to give an efficient review of the changes introduced.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

SQL query

Query for gitlab-org and limited to 1000 records:

SELECT 
  "vulnerabilities"."id", 
  "vulnerabilities"."project_id", 
  "vulnerabilities"."author_id", 
  "vulnerabilities"."created_at", 
  "vulnerabilities"."updated_at", 
  "vulnerabilities"."title", 
  "vulnerabilities"."title_html", 
  "vulnerabilities"."description", 
  "vulnerabilities"."description_html", 
  "vulnerabilities"."state", 
  "vulnerabilities"."severity", 
  "vulnerabilities"."severity_overridden", 
  "vulnerabilities"."resolved_by_id", 
  "vulnerabilities"."resolved_at", 
  "vulnerabilities"."report_type", 
  "vulnerabilities"."cached_markdown_version", 
  "vulnerabilities"."confirmed_by_id", 
  "vulnerabilities"."confirmed_at", 
  "vulnerabilities"."dismissed_at", 
  "vulnerabilities"."dismissed_by_id", 
  "vulnerabilities"."resolved_on_default_branch", 
  "vulnerabilities"."present_on_default_branch", 
  "vulnerabilities"."detected_at", 
  "vulnerabilities"."finding_id", 
  "vulnerabilities"."cvss", 
  "vulnerabilities"."auto_resolved" 
FROM 
  "vulnerabilities" 
WHERE 
  "vulnerabilities"."id" IN (
    SELECT 
      "vulnerability_reads"."vulnerability_id" 
    FROM 
      "vulnerability_reads" 
    WHERE 
      "vulnerability_reads"."traversal_ids" >= '{9970}' 
      AND "vulnerability_reads"."traversal_ids" < '{9971}' 
      AND "vulnerability_reads"."archived" = FALSE
  )
LIMIT 1000

query plan: https://console.postgres.ai/gitlab/gitlab-production-main/sessions/35414/commands/109786

Related to #486216 (closed)

Edited by Fabien Catteau

Merge request reports