Add API Fuzzing usage data
What does this MR do?
Adds a user_api_fuzzing_jobs and user_api_fuzzing_dnd_jobs event to the secure stage pings.
-
Event dictionary updated
Addresses #210345 (closed)
Related MR updating index for performance !47692 (merged)
Queries
Numerous queries are performed, the following are the ones related to the new events.
SELECT
COUNT(DISTINCT "ci_builds"."user_id")
FROM
"ci_builds"
WHERE
"ci_builds"."type" = 'Ci::Build'
AND "ci_builds"."name" = 'apifuzzer_fuzz'
AND "ci_builds"."user_id" >= 1
AND "ci_builds"."user_id" < 10001Cold Query:
Aggregate (cost=766.17..766.18 rows=1 width=8) (actual time=6.128..6.129 rows=1 loops=1)
Buffers: shared hit=186
-> Index Only Scan using index_secure_ci_builds_on_user_id_name_created_at on public.ci_builds (cost=0.56..766.10 rows=27 width=4) (actual time=5.998..5.998 rows=0 loops=1)
Index Cond: ((ci_builds.user_id >= 1) AND (ci_builds.user_id < 10001) AND (ci_builds.name = 'apifuzzer_fuzz'::text))
Heap Fetches: 0
Buffers: shared hit=177SELECT
COUNT(DISTINCT "ci_builds"."user_id")
FROM
"ci_builds"
WHERE
"ci_builds"."type" = 'Ci::Build'
AND "ci_builds"."name" = 'apifuzzer_fuzz'
AND "ci_builds"."created_at" BETWEEN '2020-10-16 02:28:58.590164' AND '2020-11-13 02:28:58.590362'
AND "ci_builds"."user_id" >= 1
AND "ci_builds"."user_id" < 10001Aggregate (cost=947.17..947.18 rows=1 width=8) (actual time=2.791..2.793 rows=1 loops=1)
Buffers: shared hit=177
-> Index Only Scan using index_secure_ci_builds_on_user_id_name_created_at on public.ci_builds (cost=0.56..947.16 rows=2 width=4) (actual time=2.770..2.771 rows=0 loops=1)
Index Cond: ((ci_builds.user_id >= 1) AND (ci_builds.user_id < 10001) AND (ci_builds.name = 'apifuzzer_fuzz'::text) AND (ci_builds.created_at >= '2020-10-16 02:28:58.590164'::timestamp without time zone) AND (ci_builds.created_at <= '2020-11-13 02:28:58.590362'::timestamp without time zone))
Heap Fetches: 0
Buffers: shared hit=177SELECT
COUNT(DISTINCT "ci_builds"."user_id")
FROM
"ci_builds"
WHERE
"ci_builds"."type" = 'Ci::Build'
AND "ci_builds"."name" = 'apifuzzer_fuzz_dnd'
AND "ci_builds"."user_id" >= 1
AND "ci_builds"."user_id" < 10001Aggregate (cost=766.17..766.18 rows=1 width=8) (actual time=2.715..2.716 rows=1 loops=1)
Buffers: shared hit=177
-> Index Only Scan using index_secure_ci_builds_on_user_id_name_created_at on public.ci_builds (cost=0.56..766.10 rows=27 width=4) (actual time=2.698..2.698 rows=0 loops=1)
Index Cond: ((ci_builds.user_id >= 1) AND (ci_builds.user_id < 10001) AND (ci_builds.name = 'apifuzzer_fuzz_dnd'::text))
Heap Fetches: 0
Buffers: shared hit=177SELECT
COUNT(DISTINCT "ci_builds"."user_id")
FROM
"ci_builds"
WHERE
"ci_builds"."type" = 'Ci::Build'
AND "ci_builds"."name" = 'apifuzzer_fuzz'
AND "ci_builds"."created_at" BETWEEN '2020-10-16 02:28:58.590164' AND '2020-11-13 02:28:58.590362'
AND "ci_builds"."user_id" >= 1
AND "ci_builds"."user_id" < 10001Aggregate (cost=947.17..947.18 rows=1 width=8) (actual time=2.961..2.963 rows=1 loops=1)
Buffers: shared hit=177
-> Index Only Scan using index_secure_ci_builds_on_user_id_name_created_at on public.ci_builds (cost=0.56..947.16 rows=2 width=4) (actual time=2.935..2.935 rows=0 loops=1)
Index Cond: ((ci_builds.user_id >= 1) AND (ci_builds.user_id < 10001) AND (ci_builds.name = 'apifuzzer_fuzz_dnd'::text) AND (ci_builds.created_at >= '2020-10-16 02:28:58.590164'::timestamp without time zone) AND (ci_builds.created_at <= '2020-11-13 02:28:58.590362'::timestamp without time zone))
Heap Fetches: 0
Buffers: shared hit=177SELECT
MIN("ci_builds"."user_id")
FROM
"ci_builds"
WHERE
"ci_builds"."type" = 'Ci::Builds'
AND "ci_builds"."name" IN
(
'container_scanning',
'dast',
'dependency_scanning',
'license_management',
'license_scanning',
'sast',
'secret_detection',
'coverage_fuzzing',
'apifuzzer_fuzz',
'apifuzzer_fuzz_dnd'
)
AND "ci_builds"."created_at" BETWEEN '2020-10-16 02:28:58.590164' AND '2020-11-13 02:28:58.590362'Aggregate (cost=13669478.06..13669478.07 rows=1 width=4) (actual time=267263.917..267263.919 rows=1 loops=1)
Buffers: shared read=5059270
I/O Timings: read=224760.045
-> Index Scan using index_ci_builds_on_status_and_type_and_runner_id on public.ci_builds (cost=0.70..13669478.05 rows=1 width=4) (actual time=267263.909..267263.909 rows=0 loops=1)
Index Cond: ((ci_builds.type)::text = 'Ci::Builds'::text)
Filter: ((ci_builds.created_at >= '2020-10-16 02:28:58.590164'::timestamp without time zone) AND (ci_builds.created_at <= '2020-11-13 02:28:58.590362'::timestamp without time zone) AND ((ci_builds.name)::text = ANY ('{container_scanning,dast,dependency_scanning,license_management,license_scanning,sast,secret_detection,coverage_fuzzing,apifuzzer_fuzz,apifuzzer_fuzz_dnd}'::text[])))
Rows Removed by Filter: 0
Buffers: shared read=5059270
I/O Timings: read=224760.045Screenshots (strongly suggested)
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers -
Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec -
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team
Related to #210345 (closed)
Merge request reports
Activity
changed milestone to %13.6
added AST Leadership Category:Fuzz Testing GitLab Ultimate backend devopssecure missed:13.4 missed:13.5 sectionsec workflowscheduling + 1 deleted label
2 Warnings 
For the following files, a review from the Data team and Product Analytics team is recommended
Please check the ~"product analytics" guide and reach out to @gitlab-org/growth/product_analytics/engineers group for a review.ee/lib/ee/gitlab/usage_data.rbee/spec/lib/ee/gitlab/usage_data_spec.rb
When adding, changing, or updating metrics, please update the Event dictionary Usage Ping table. Reviewer roulette
Changes that require review have been detected! A merge request is normally reviewed by both a reviewer and a maintainer in its primary category (e.g. frontend or backend), and by a maintainer in all other categories.
To spread load more evenly across eligible reviewers, Danger has picked a candidate for each review slot, based on their timezone. Feel free to override these selections if you think someone else would be better-suited, or the chosen person is unavailable.
To read more on how to use the reviewer roulette, please take a look at the Engineering workflow and code review guidelines. Please consider assigning a reviewer or maintainer who is a domain expert in the area of the merge request.
Once you've decided who will review this merge request, mention them as you normally would! Danger does not automatically notify them for you.
Category Reviewer Maintainer backend Dmitry Gruzd ( @dgruzd) (UTC+3)Dylan Griffith ( @DylanGriffith) (UTC+11)If needed, you can retry the
danger-reviewjob that generated this comment.Generated by
Edited by 🤖 GitLab Bot 🤖added product intelligence product intelligencereview pending labels
added 2 commits
removed workflowscheduling label
removed missed:13.5 label
removed missed:13.4 label
marked the checklist item Changelog entry as completed
marked the checklist item Documentation (if required) as completed
marked the checklist item Database guides as completed
marked the checklist item Database guides as incomplete
marked the checklist item Code review guidelines as completed
marked the checklist item Merge request performance guidelines as completed
marked the checklist item Style guides as completed
marked the checklist item Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. as completed
mentioned in merge request !47692 (merged)
@mikeeddington got it! This needs to be reviewed by the Product Analytics Engineering team. FYI @gitlab-org/growth/product_analytics/engineers
Resolved by Jan Provaznik@gitlab-org/growth/product_analytics/engineers
- Last reply by Terri Chu
unassigned @mikeeddington
assigned to @a_akgun
added product intelligenceapproved label and removed product intelligencereview pending label
assigned to @mikeeddington and unassigned @a_akgun
added product intelligencereview pending typefeature labels and removed product intelligenceapproved label
changed milestone to %13.7
assigned to @a_akgun
unassigned @mikeeddington
added product intelligenceapproved label and removed product intelligencereview pending label
assigned to @mikeeddington and unassigned @a_akgun
assigned to @terrichu and unassigned @mikeeddington
assigned to @mikeeddington and unassigned @terrichu
assigned to @terrichu and unassigned @mikeeddington
assigned to @jprovaznik and unassigned @terrichu
Thanks @mikeeddington, LGTM
enabled an automatic merge when the pipeline for 048a569e succeeds
mentioned in commit 651e8d4b
added workflowstaging label
added workflowcanary label and removed workflowstaging label
added workflowproduction label and removed workflowcanary label
added releasedcandidate label
added releasedpublished label and removed releasedcandidate label
added groupdynamic analysis label and removed 1 deleted label
