Populate missing dismissal information for vulnerabilities
What does this MR do?
This MR introduces a new background migration to populate missing dismissed_at and dismissed_by_id attributes for vulnerability records.
Related to #262112 (closed).
Database review
Currently, we have ~13k vulnerability records in Gitlab.com database which have to be updated by this migration.
EXPLAIN ANALYZE SELECT id FROM vulnerabilities WHERE state = 2 AND (dismissed_at IS NULL OR dismissed_by_id IS NULL) Seq Scan on public.vulnerabilities (cost=0.00..443253.65 rows=141849 width=8) (actual time=1.485..6296.326 rows=13279 loops=1)
Filter: (((vulnerabilities.dismissed_at IS NULL) OR (vulnerabilities.dismissed_by_id IS NULL)) AND (vulnerabilities.state = 2))
Rows Removed by Filter: 4035176
Buffers: shared read=98162 dirtied=9209 written=7603
I/O Timings: read=4434.349 write=188.032Since the batch size is 1k this means we will schedule 14 background jobs each of which will finish in 1 minute which makes it 14 minutes in total.
rake db:migrate
== 20201028160832 SchedulePopulateMissingDismissalInformationForVulnerabilities: migrating
== 20201028160832 SchedulePopulateMissingDismissalInformationForVulnerabilities: migrated (0.0642s)== 20201102231721 AddTemporaryIndexToVulnerabilitiesTable: migrating ==========
-- transaction_open?()
-> 0.0000s
-- index_exists?(:vulnerabilities, :id, {:where=>"state = 2 AND (dismissed_at IS NULL OR dismissed_by_id IS NULL)", :name=>"temporary_index_vulnerabilities_on_id", :algorithm=>:concurrently})
-> 0.0054s
-- add_index(:vulnerabilities, :id, {:where=>"state = 2 AND (dismissed_at IS NULL OR dismissed_by_id IS NULL)", :name=>"temporary_index_vulnerabilities_on_id", :algorithm=>:concurrently})
-> 0.0132s
== 20201102231721 AddTemporaryIndexToVulnerabilitiesTable: migrated (0.0191s) =rake db:migrate:down
== 20201028160832 SchedulePopulateMissingDismissalInformationForVulnerabilities: reverting
== 20201028160832 SchedulePopulateMissingDismissalInformationForVulnerabilities: reverted (0.0000s)== 20201102231721 AddTemporaryIndexToVulnerabilitiesTable: reverting ==========
-- transaction_open?()
-> 0.0000s
-- indexes(:vulnerabilities)
-> 0.0056s
-- remove_index(:vulnerabilities, {:algorithm=>:concurrently, :name=>"temporary_index_vulnerabilities_on_id"})
-> 0.0019s
== 20201102231721 AddTemporaryIndexToVulnerabilitiesTable: reverted (0.0079s) =Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry - [-] Documentation (if required)
-
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides - [-] Separation of EE specific content
Availability and Testing
- [-] Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
- [-] Tested in all supported browsers
- [-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
- [-] Label as security and @ mention
@gitlab-com/gl-security/appsec - [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
- [-] Security reports checked/validated by a reviewer from the AppSec team
Edited by Mehmet Emin INAC