Remove vulnerability approval rules for both projects and merge_requests (!96293) · Merge requests · GitLab.org / GitLab

Zamir Martins requested to merge remove_vulnerability_rules_for_projects_and_merge_requests into master Aug 25, 2022

What does this MR do and why?

Remove vulnerability approval rules for both projects and merge_requests. Prior to this change approval rules was only considering new merge request therefore the existing vulnerability rules weren't an issue. The time has come to get rid of them all.

This is one of the three part solution as described in: #370808 (closed)

Vulnerability approval rules (aka Vulnerability-Check) has been removed from the code base on %15.0.

Database

Queries

CREATE INDEX tmp_index_approval_merge_request_rules_on_report_type_equal_one ON approval_merge_request_rules USING btree (id) WHERE (report_type = 1);

DELETE FROM approval_project_rules WHERE report_type = 1")

DELETE FROM approval_merge_request_rules WHERE report_type = 1")

Migrate/Rollback

$ bundle exec rails db:migrate:down:main VERSION=20220831132802
main: == 20220831132802 DeleteApprovalRulesForVulnerability: reverting ==============
main: == 20220831132802 DeleteApprovalRulesForVulnerability: reverted (0.0338s) =====

$ bundle exec rails db:migrate:down:main VERSION=20220824114218
main: == 20220824114218 AddTmpIndexApprovalMergeRequestRules: reverting =============
main: -- transaction_open?()
main:    -> 0.0000s
main: -- indexes("approval_merge_request_rules")
main:    -> 0.0135s
main: -- execute("SET statement_timeout TO 0")
main:    -> 0.0004s
main: -- remove_index("approval_merge_request_rules", {:algorithm=>:concurrently, :name=>"tmp_index_approval_merge_request_rules_on_report_type_equal_one"})
main:    -> 0.0055s
main: -- execute("RESET statement_timeout")
main:    -> 0.0005s
main: == 20220824114218 AddTmpIndexApprovalMergeRequestRules: reverted (0.0347s) ====

$ bundle exec rails db:migrate
main: == 20220824114218 AddTmpIndexApprovalMergeRequestRules: migrating =============
main: -- transaction_open?()
main:    -> 0.0000s
main: -- index_exists?(:approval_merge_request_rules, :report_type, {:name=>"tmp_index_approval_merge_request_rules_on_report_type_equal_one", :where=>"report_type = 1", :algorithm=>:concurrently})
main:    -> 0.0182s
main: -- execute("SET statement_timeout TO 0")
main:    -> 0.0005s
main: -- add_index(:approval_merge_request_rules, :report_type, {:name=>"tmp_index_approval_merge_request_rules_on_report_type_equal_one", :where=>"report_type = 1", :algorithm=>:concurrently})
main:    -> 0.0071s
main: -- execute("RESET statement_timeout")
main:    -> 0.0005s
main: == 20220824114218 AddTmpIndexApprovalMergeRequestRules: migrated (0.0413s) ====

main: == 20220831132802 DeleteApprovalRulesForVulnerability: migrating ==============
main: == 20220831132802 DeleteApprovalRulesForVulnerability: migrated (0.1056s) =====

Query plan

DELETE FROM approval_project_rules WHERE report_type = 1: https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/11716/commands/41651 with approximately ~1 record in production.
DELETE FROM approval_merge_request_rules WHERE report_type = 1: https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/11716/commands/41652 with approximately ~75013 records in production.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Sep 05, 2022 by Zamir Martins

Remove vulnerability approval rules for both projects and merge_requests