Skip to content

Add has_vulnerabilities to cluster_agents

Alan (Maciej) Paruszewski requested to merge 358763-add-has-vulnerabilities-to-cluster-agents into master

What does this MR do and why?

This MR adds new column has_vulnerabilities to cluster_agents table to quickly determine which for which cluster_agents we have identified vulnerabilities. Otherwise we would need to perform query with join on large vulnerability_reads table to determine which cluster_agents has vulnerabilities. This is needed to render dropdown with cluster agents in Vulnerability Report (especially for Group or Instance Security Dashboard).

Queries

explain SELECT cluster_agents.* FROM cluster_agents WHERE cluster_agents.project_id IN (SELECT projects.id FROM projects WHERE projects.namespace_id IN (WITH RECURSIVE base_and_descendants AS ((SELECT namespaces.id FROM namespaces WHERE namespaces.type = Group AND namespaces.id = 9970)
UNION
(SELECT namespaces.id FROM namespaces, base_and_descendants WHERE namespaces.type = Group AND namespaces.parent_id = base_and_descendants.id)) SELECT namespaces.id FROM base_and_descendants AS namespaces)) AND cluster_agents.has_vulnerabilities = TRUE;

Before

Summary:
Time: 208.796 ms
  - planning: 8.705 ms
  - execution: 200.091 ms
    - I/O read: 191.910 ms
    - I/O write: 0.000 ms

Shared buffers:
  - hits: 6651 (~52.00 MiB) from the buffer pool
  - reads: 110 (~880.00 KiB) from the OS file cache, including disk I/O
  - dirtied: 9 (~72.00 KiB)
  - writes: 0

Details and visualization: https://postgres.ai/console/gitlab/gitlab-production-tunnel-pg12/sessions/10592/commands/38078.

Creating Index

exec CREATE INDEX index_cluster_agents_on_project_id_and_has_vulnerabilities ON cluster_agents USING btree (project_id, has_vulnerabilities);

The query has been executed. Duration: 20.136 ms

After

Summary:
Time: 9.588 ms
  - planning: 8.451 ms
  - execution: 1.137 ms
    - I/O read: 0.616 ms
    - I/O write: 0.000 ms

Shared buffers:
  - hits: 3 (~24.00 KiB) from the buffer pool
  - reads: 29 (~232.00 KiB) from the OS file cache, including disk I/O
  - dirtied: 0
  - writes: 0

Details and visualization: https://postgres.ai/console/gitlab/gitlab-production-tunnel-pg12/sessions/10592/commands/38082.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to GraphQL filter for vulnerabilities by container... (#358763 - closed)

Edited by Alan (Maciej) Paruszewski

Merge request reports