Fix performance issue with unassign policies worker

Alan (Maciej) Paruszewskirequested to merge
517389-use-project-ids-in-unassign-worker into master

What does this MR do and why?

This merge request addresses a performance issue with the unassign policies worker. The main changes are:

  1. In the Security::Orchestration::UnassignService, we now use security_orchestration_policy_configuration.all_project_ids instead of container.all_project_ids.pluck_primary_key. This change prevents query timeouts for large namespaces.

  2. We've modified the remove_bot method to accept security_orchestration_policy_configuration as a parameter, allowing us to use the optimized all_project_ids method.

These changes aim to improve the performance and reliability of the unassign operation, especially for large namespaces.

References

MR acceptance checklist

  • The code follows GitLab's code review guidelines
  • The changes address the performance issue described in the related issue
  • [-] Appropriate tests have been added or updated
  • [-] Documentation has been updated if necessary

Screenshots or screen recordings

N/A - This is a backend performance improvement with no UI changes.

How to set up and validate locally

  1. Checkout this branch
  2. Run the relevant specs for the Security::Orchestration::UnassignService
  3. To test manually, you can try unassigning security policies from a large namespace and verify that the operation completes without timeouts

Additional notes

  • We may want to consider creating a new catch-all worker to handle the deletion process, which would further improve the reliability of the unassign operation.
  • A similar optimization might be beneficial for the Security::Orchestration::AssignService as well.
  • We should monitor the performance of this change in production to ensure it resolves the timeout issues for large namespaces.
Edited by Alan (Maciej) Paruszewski

Merge request reports