Add table to store Security Orchestration Policy Schedules (!59842) · Merge requests · GitLab.org / GitLab

Alan (Maciej) Paruszewski requested to merge 327584-security-orchestration-policy-schedule-tables into master Apr 21, 2021

What does this MR do?

To support scheduled scans configured in Security Orchestration Policies we need to add new table to database to store them and we need to extend current table with Security Orchestration Policy Configuration with new field that will indicate when given we have updated background jobs configuration for given Policy Project.

This change adds new model to store and manage scheduled security scans defined in Security Policies.

Migrations

⋊> env VERBOSE=true bundle exec rake db:migrate:down VERSION=20210412111213
== 20210412111213 CreateSecurityOrchestrationPolicyRuleSchedule: reverting ====
-- drop_table(:security_orchestration_policy_rule_schedules)
   -> 0.0193s
== 20210412111213 CreateSecurityOrchestrationPolicyRuleSchedule: reverted (0.0383s)

⋊> env VERBOSE=true bundle exec rake db:migrate:down VERSION=20210412172030
== 20210412172030 AddConfiguredAtToSecurityOrchestrationPolicy: reverting =====
-- remove_column(:security_orchestration_policy_configurations, :configured_at, :datetime_with_timezone, {:null=>true})
   -> 0.0033s
== 20210412172030 AddConfiguredAtToSecurityOrchestrationPolicy: reverted (0.0090s)

⋊> env VERBOSE=true bundle exec rake db:migrate:up VERSION=20210412111213
== 20210412111213 CreateSecurityOrchestrationPolicyRuleSchedule: migrating ====
-- create_table(:security_orchestration_policy_rule_schedules, {:comment=>"{\"owner\":\"group::container security\",\"description\":\"Schedules used to store relationship between project and security policy repository\"}"})
   -> 0.0274s
-- transaction_open?()
   -> 0.0000s
-- current_schema()
   -> 0.0002s
-- execute("ALTER TABLE security_orchestration_policy_rule_schedules\nADD CONSTRAINT check_915825a76e\nCHECK ( char_length(cron) <= 255 )\nNOT VALID;\n")
   -> 0.0012s
-- current_schema()
   -> 0.0002s
-- execute("SET statement_timeout TO 0")
   -> 0.0007s
-- execute("ALTER TABLE security_orchestration_policy_rule_schedules VALIDATE CONSTRAINT check_915825a76e;")
   -> 0.0011s
-- execute("RESET ALL")
   -> 0.0009s
== 20210412111213 CreateSecurityOrchestrationPolicyRuleSchedule: migrated (0.0469s)

⋊> env VERBOSE=true bundle exec rake db:migrate:up VERSION=20210412172030
== 20210412172030 AddConfiguredAtToSecurityOrchestrationPolicy: migrating =====
-- add_column(:security_orchestration_policy_configurations, :configured_at, :datetime_with_timezone, {:null=>true})
   -> 0.0029s
== 20210412172030 AddConfiguredAtToSecurityOrchestrationPolicy: migrated (0.0029s)

Does this MR meet the acceptance criteria?

Conformity

📋 Does this MR need a changelog?
- I have included a changelog entry.
- [-] I have not included a changelog entry because _____.
Documentation (if required)
Code review guidelines
Merge request performance guidelines
Style guides
Database guides
Separation of EE specific content

Availability and Testing

Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
[-] Tested in all supported browsers
[-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

[-] Label as security and @ mention @gitlab-com/gl-security/appsec
[-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
[-] Security reports checked/validated by a reviewer from the AppSec team

Related to #327584 (closed)

Edited Apr 21, 2021 by Alan (Maciej) Paruszewski

Add table to store Security Orchestration Policy Schedules