Skip to content

Add support for user_id, group_id and group_path

Zamir Martins requested to merge add_support_for_group_and_user_id into master

What does this MR do and why?

Add support for user_id, group_id and group_path extending how it has been done for vulnerability-check.

Related issue: #342171 (closed)

Example of YAML:

scan_result_policy:
- name: critical vulnerability CS approvals
  description: critical severity level only for container scanning
  enabled: true
  rules:
  - type: scan_finding
    branches:
    - master
    scanners:
    - container_scanning
    vulnerabilities_allowed: 1
    severity_levels:
    - critical
  actions:
  - type: require_approval
    approvals_required: 1
    user_approvers:
    - o.lecia.conner
    group_approvers:
    - gitlab-org
    group_approvers_ids:
    - 23
    user_approvers_ids:
    - 11

Database

explain SELECT "namespaces"."id" FROM "namespaces" WHERE "namespaces"."type" = 'Group' AND "namespaces"."visibility_level" IN (0, 10, 20) AND (path = 'gitlab-org/protect/demos' OR id = 11805471)

Session: 7608 Plan with execution:

 Bitmap Heap Scan on public.namespaces  (cost=4.02..8.60 rows=1 width=4) (actual time=7.780..7.783 rows=1 loops=1)
   Filter: (((namespaces.type)::text = 'Group'::text) AND (namespaces.visibility_level = ANY ('{0,10,20}'::integer[])))
   Rows Removed by Filter: 0
   Buffers: shared read=8
   I/O Timings: read=7.646 write=0.000
   ->  BitmapOr  (cost=4.02..4.02 rows=3 width=0) (actual
[...SKIP...]

Full execution plan (The text in the preview above has been cut).
Other artifacts are provided in the thread.
Recommendations:
Looks good.
Summary:

Time: 10.493 ms
  - planning: 2.663 ms
  - execution: 7.830 ms
    - I/O read: 7.646 ms
    - I/O write: 0.000 ms

Shared buffers:

  - hits: 0 from the buffer pool
  - reads: 8 (~64.00 KiB) from the OS file cache, including disk I/O
  - dirtied: 0
  - writes: 0

Details and visualization: https://postgres.ai/console/gitlab/gitlab-production-tunnel-pg12/sessions/7608/commands/26999.

explain SELECT "users"."id" FROM "users" INNER JOIN "project_authorizations" ON "users"."id" = "project_authorizations"."user_id" WHERE "project_authorizations"."project_id" = 480804 AND (username = 'thiagocsf' OR id = 480804)

Session: 7608 Plan with execution:

 Nested Loop  (cost=4.46..12.64 rows=1 width=4) (actual time=9.919..9.922 rows=0 loops=1)
   Buffers: shared hit=1 read=10
   I/O Timings: read=9.764 write=0.000
   ->  Bitmap Heap Scan on public.users  (cost=3.89..6.93 rows=2 width=4) (actual time=3.974..3.978 rows=1 loops=1)
         Buffers: shared hit=1 read=6
         I/O Timings: read=3.875 write=0.000
         ->  BitmapOr  (c
[...SKIP...]

Full execution plan (The text in the preview above has been cut).
Other artifacts are provided in the thread.
Recommendations:
Looks good.
Summary:

Time: 12.856 ms
  - planning: 2.874 ms
  - execution: 9.982 ms
    - I/O read: 9.764 ms
    - I/O write: 0.000 ms

Shared buffers:

  - hits: 1 (~8.00 KiB) from the buffer pool
  - reads: 10 (~80.00 KiB) from the OS file cache, including disk I/O
  - dirtied: 0
  - writes: 0

Details and visualization: https://postgres.ai/console/gitlab/gitlab-production-tunnel-pg12/sessions/7608/commands/27000.

Screenshots or screen recordings

These are strongly recommended to assist reviewers and reduce the time to merge your change.

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Zamir Martins

Merge request reports