Sync analyzer_project_statuses into security_inventory_filters

Yuval Sievrequested to merge
554136-sync-analyzer-project-statuses-into-security-inventory-filters into master

What does this MR do and why?

Syncs analyzer_project_status changes to security_inventory_filters table

Changelog: added EE: true

Query plans

There are two options for updates with Security::InventoryFilter.upsert_all(records, unique_by: :project_id):

  • Single project with some analyzer statuses
  • Multiple projects with up to two fields (setting based analyzer statuses)

Single project:

Raw SQL 
INSERT INTO "security_inventory_filters" ("project_id", "project_name", "traversal_ids", "archived", "container_scanning_for_registry")
    VALUES (2, 'Project-2 Name', '{1}', FALSE, 1)
ON CONFLICT ("project_id")
    DO UPDATE SET
        "project_name" = excluded."project_name",
        "traversal_ids" = excluded."traversal_ids",
        "archived" = excluded."archived",
        "container_scanning_for_registry" = excluded."container_scanning_for_registry"
    RETURNING
        "id"
Plan

See full plan here.

  ModifyTable on public.security_inventory_filters  (cost=0.00..0.01 rows=1 width=137) (actual time=8.358..8.360 rows=1 loops=1)
   Buffers: shared hit=31 read=7 dirtied=9 written=3
   WAL: records=11 fpi=3 bytes=19266
   I/O Timings: read=7.545 write=0.116
   ->  Result  (cost=0.00..0.01 rows=1 width=137) (actual time=7.761..7.762 rows=1 loops=1)
         Buffers: shared hit=11 read=6 dirtied=4
         WAL: records=5 fpi=3 bytes=18731
         I/O Timings: read=7.520 write=0.000
Settings: work_mem = '100MB', effective_cache_size = '338688MB', random_page_cost = '1.5', jit = 'off', seq_page_cost = '4'

For Multiple projects, up to two queries with different columns:

Raw SQL 
INSERT INTO "security_inventory_filters" ("project_id", "project_name", "traversal_ids", "archived", "secret_detection_secret_push_protection", "secret_detection")
    VALUES (4, 'Project-1 Name', '{5}', FALSE, 1, 2),
    (5, 'Project-2 Name', '{5}', FALSE, 2, 1)
ON CONFLICT ("project_id")
    DO UPDATE SET
        "project_name" = excluded."project_name",
        "traversal_ids" = excluded."traversal_ids",
        "archived" = excluded."archived",
        "secret_detection_secret_push_protection" = excluded."secret_detection_secret_push_protection",
        "secret_detection" = excluded."secret_detection"
    RETURNING
        "id"
Plan

See full plan here.

 ModifyTable on public.security_inventory_filters  (cost=0.00..0.03 rows=2 width=137) (actual time=0.218..0.242 rows=2 loops=1)
   Buffers: shared hit=42 dirtied=4
   WAL: records=9 fpi=3 bytes=1158
   I/O Timings: read=0.000 write=0.000
   ->  Values Scan on "*VALUES*"  (cost=0.00..0.03 rows=2 width=137) (actual time=0.079..0.083 rows=2 loops=1)
         Buffers: shared hit=16 dirtied=1
         WAL: records=1 fpi=0 bytes=99
         I/O Timings: read=0.000 write=0.000
Settings: jit = 'off', seq_page_cost = '4', work_mem = '100MB', effective_cache_size = '338688MB', random_page_cost = '1.5'

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #554136 (closed)

Edited by Gal Katz

Merge request reports