Fix ES sync with deleted vulnerabilities

Rushik Subbarequested to merge
srushik/fix_es_sync_bug_in_remove_from_project_service into master

What does this MR do and why?

By the time we call sync_elasticsearch method in Vulnerabilities::Removal::RemoveFromProjectService, the vulnerabilities have already been deleted. So when we try to sync with elasticsearch we end up passing an empty array to the BulkEsOperationService. This MR fixes that by loading the records in memory before syncing.

References

Relates to - #558722 (closed)

Screenshots or screen recordings

Before After

How to set up and validate locally

  1. Select a project with vulnerabilities.
  2. Go to Vulnerability report and group by Owasp Top 10 2021. Notice the counts of vulnerabilities and also try and see vulns by expanding groups.
  3. NOTE - Next step will delete all vulnerabilities in the project.
  4. On the rails terminal find the project and run - Vulnerabilities::Removal::RemoveFromProjectService.new(p, {}).execute.
  5. Give the es sync some time (1-2 mins usually) and check the Vulnerability report again with grouped by Owasp Top 10 2021. The counts and also the group by counts should be 0.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Rushik Subba

Merge request reports