Add ES preloaders for vulnerability_reads index

Rushik Subbarequested to merge
srushik/modify_es_vuln_preloaders_to_index_by_occurrence_id into master

What does this MR do and why?

Create new preloader namespace VulnerabilityRead with preloaders that key data by vulnerability_occurrence_id instead of vulnerability_id, for use with the new vulnerability_reads Elasticsearch index. New preloaders:

  • EnhancedProxy: coordinator indexed by record[:id]
  • FalsePositive: queries findings by occurrence ID
  • PolicyAutoDismissed: keys results by occurrence ID
  • PolicyViolations: keys results by occurrence ID
  • Reachability: fetches via occurrence_id association
  • RiskScore: queries findings by occurrence ID
  • TokenStatus: queries findings by occurrence ID
  • UndetectedSince: queries findings by occurrence ID Also adds filter_by_vulnerability_occurrence_id scope to Sbom::Occurrence and updates the vulnerability_read factory to include a vulnerability_occurrence."

DB Review

The preloaders for the old reference class are located at https://gitlab.com/gitlab-org/gitlab/-/tree/master/ee/lib/search/elastic/preloaders/vulnerability. The new preloaders use vulnerability_occurrence_id directly. So not a lot of change w.r.t to DB queries. These have been tested on the old preloaders. But I've listed down all the queries and their plans if anything has changed in the new preloader

1. FalsePositive

::Vulnerabilities::Finding.by_vulnerability changed to ::Vulnerabilities::Finding.id_in

https://postgres.ai/console/gitlab/gitlab-production-sec/sessions/49845/commands/148283

2. PolicyAutoDismissed

No change.

3. PolicyViolations

No change.

4. Reachability

::Sbom::Occurrence.filter_by_vulnerability_id changed to ::Sbom::Occurrence.filter_by_vulnerability_occurrence_id

https://postgres.ai/console/gitlab/gitlab-production-sec/sessions/49845/commands/148285

5. RiskScore

::Vulnerabilities::Finding.by_vulnerability changed to ::Vulnerabilities::Finding.id_in

https://postgres.ai/console/gitlab/gitlab-production-sec/sessions/49845/commands/148286

6. TokenStatus

::Vulnerabilities::Finding.by_vulnerability changed to ::Vulnerabilities::Finding.id_in

https://postgres.ai/console/gitlab/gitlab-production-sec/sessions/49845/commands/148287

7. UndetectedSince

::Vulnerabilities::Finding.by_vulnerability changed to ::Vulnerabilities::Finding.id_in

https://postgres.ai/console/gitlab/gitlab-production-sec/sessions/49845/commands/148288

References

#591562 (closed)

Screenshots or screen recordings

Before After

How to set up and validate locally

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Rushik Subba

Merge request reports