Backfill leftover records in scim_oauth_access_tokens

Paulo Barrosrequested to merge
pb/553107/backfill-records-with-group-id into master

This is part of Add sharding key for `scim_oauth_access_tokens` (#553107) and a follow-up to Backfill `organization_id` in `scim_oauth_acces... (!213936 - merged).

What does this MR do and why?

This MR backfills organization_id for group-level SCIM tokens that still exist in the scim_oauth_access_tokens table.

As discussed here, when the SCIM tables were split (!170565 (merged)), group-level tokens were migrated to the new group_scim_auth_access_tokens table. However, those records still remain in the original table and were not affected by the previous backfill.

This backfill sets their organization_id based on their group's organization, preparing them for the NOT NULL constraint that will be added in a follow-up MR.

NOTE: These records aren't used by Gitlab.com since the table split. We're exercising caution by not removing them, which should happen as the group_id column is not applicable to this table anymore.

Database review

Q: How many records are we dealing with here? A: About 4k. See !214586 (comment 2940430843).

References

How to set up and validate locally

  1. Run the migration:
bundle exec rails db:migrate
  1. Check that group-level tokens now have organization_id:
ScimOauthAccessToken.where.not(group_id: nil).where(organization_id: nil).count
# Should return 0

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Paulo Barros

Merge request reports