Adds table ai_namespace_accessible_entity_rules (!216915) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

Adds table ai_namespace_accessible_entity_rules

Counterpart to ai_instance_accessible_entity_rules, this table stores rules that top-level namespace admins can set for duo access on GitLab.com.

Right now, as described in https://gitlab.com/groups/gitlab-org/-/epics/20241, the accessible entities have high scope (classic duo, duo agents or duo flows), but the approach is flexible to new entities like foundational agents or other settings.

EE: true

Database

main: == [advisory_lock_connection] object_id: 242180, pg_backend_pid: 70413
main: == 20251215130035 CreateAiNamespaceAccessEntityRules: migrating ===============
main: -- create_table(:ai_namespace_accessible_entity_rules)
main: -- quote_column_name(:accessible_entity)
main:    -> 0.0000s
main:    -> 0.0348s
main: == 20251215130035 CreateAiNamespaceAccessEntityRules: migrated (0.0934s) ======

main: == [advisory_lock_connection] object_id: 242180, pg_backend_pid: 70413
ci: == [advisory_lock_connection] object_id: 242180, pg_backend_pid: 70414
ci: == 20251215130035 CreateAiNamespaceAccessEntityRules: migrating ===============
ci: -- create_table(:ai_namespace_accessible_entity_rules)
ci: -- quote_column_name(:accessible_entity)
ci:    -> 0.0000s
ci:    -> 0.0123s
I, [2025-12-17T23:06:44.541884 #70021]  INFO -- : Database: 'ci', Table: 'ai_namespace_accessible_entity_rules': Lock Writes
ci: == 20251215130035 CreateAiNamespaceAccessEntityRules: migrated (0.0219s) ======

ci: == [advisory_lock_connection] object_id: 242180, pg_backend_pid: 70414
main: == [advisory_lock_connection] object_id: 242180, pg_backend_pid: 70416
main: == 20251215130036 AddRootNamespaceFkToAiNamespaceAccessRules: migrating =======
main: -- transaction_open?(nil)
main:    -> 0.0000s
main: -- transaction_open?(nil)
main:    -> 0.0000s
main: -- execute("ALTER TABLE ai_namespace_accessible_entity_rules ADD CONSTRAINT fk_891ae02635 FOREIGN KEY (root_namespace_id) REFERENCES namespaces (id) ON DELETE CASCADE NOT VALID;")
main:    -> 0.0014s
main: -- execute("SET statement_timeout TO 0")
main:    -> 0.0003s
main: -- execute("ALTER TABLE ai_namespace_accessible_entity_rules VALIDATE CONSTRAINT fk_891ae02635;")
main:    -> 0.0020s
main: -- execute("RESET statement_timeout")
main:    -> 0.0003s
main: == 20251215130036 AddRootNamespaceFkToAiNamespaceAccessRules: migrated (0.0472s)

main: == [advisory_lock_connection] object_id: 242180, pg_backend_pid: 70416
ci: == [advisory_lock_connection] object_id: 242180, pg_backend_pid: 70417
ci: == 20251215130036 AddRootNamespaceFkToAiNamespaceAccessRules: migrating =======
ci: -- transaction_open?(nil)
ci:    -> 0.0000s
ci: -- transaction_open?(nil)
ci:    -> 0.0000s
ci: -- execute("ALTER TABLE ai_namespace_accessible_entity_rules ADD CONSTRAINT fk_891ae02635 FOREIGN KEY (root_namespace_id) REFERENCES namespaces (id) ON DELETE CASCADE NOT VALID;")
ci:    -> 0.0012s
ci: -- execute("SET statement_timeout TO 0")
ci:    -> 0.0002s
ci: -- execute("ALTER TABLE ai_namespace_accessible_entity_rules VALIDATE CONSTRAINT fk_891ae02635;")
ci:    -> 0.0022s
ci: -- execute("RESET statement_timeout")
ci:    -> 0.0004s
ci: == 20251215130036 AddRootNamespaceFkToAiNamespaceAccessRules: migrated (0.0221s)

ci: == [advisory_lock_connection] object_id: 242180, pg_backend_pid: 7041

Down

❯ bundle exec rails db:migrate:down:main RAILS_ENV=development VERSION=20251215130036
DEPRECATION WARNING: `config.active_record.warn_on_records_fetched_greater_than` is deprecated and will be removed in Rails 8.0. Please subscribe to `sql.active_record` notifications and access the row count field to detect large result set sizes. (called from <main> at /Users/eduardobonet/git_tree/gdk/gitlab/config/environment.rb:7)
main: == [advisory_lock_connection] object_id: 131580, pg_backend_pid: 73261
main: == 20251215130036 AddRootNamespaceFkToAiNamespaceAccessRules: reverting =======
main: -- transaction_open?(nil)
main:    -> 0.0000s
main: -- remove_foreign_key(:ai_namespace_accessible_entity_rules, {:column=>:root_namespace_id})
main:    -> 0.0023s
main: == 20251215130036 AddRootNamespaceFkToAiNamespaceAccessRules: reverted (0.0859s)

main: == [advisory_lock_connection] object_id: 131580, pg_backend_pid: 73261
❯ bundle exec rails db:migrate:down:main RAILS_ENV=development VERSION=20251215130035
DEPRECATION WARNING: `config.active_record.warn_on_records_fetched_greater_than` is deprecated and will be removed in Rails 8.0. Please subscribe to `sql.active_record` notifications and access the row count field to detect large result set sizes. (called from <main> at /Users/eduardobonet/git_tree/gdk/gitlab/config/environment.rb:7)
main: == [advisory_lock_connection] object_id: 131600, pg_backend_pid: 73440
main: == 20251215130035 CreateAiNamespaceAccessEntityRules: reverting ===============
main: -- drop_table(:ai_namespace_accessible_entity_rules)
main:    -> 0.0348s
main: == 20251215130035 CreateAiNamespaceAccessEntityRules: reverted (0.2238s) ======

main: == [advisory_lock_connection] object_id: 131600, pg_backend_pid: 73440

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #583896

Edited Dec 17, 2025 by Eduardo Bonet

Adds table ai_namespace_accessible_entity_rules

What does this MR do and why?

Database

MR acceptance checklist

Merge request reports