Skip to content

G
gitlab-ce
Commit 58b4b540 authored by Jonathan Schafer's avatar Jonathan Schafer Committed by Adam Hegyi
Browse files
Options

Truncate before vulnerability link index creation 

Changelog: other
parent 220bfe2c
Hide whitespace changes
Inline Side-by-side
Showing with 19 additions and 110 deletions
db/post_migrate/20210811193033_add_unique_index_to_vulnerability_finding_links.rb 0 → 100644
View file @ 58b4b540
# frozen_string_literal: true
class AddUniqueIndexToVulnerabilityFindingLinks < Gitlab::Database::Migration[1.0]
def up
# no op
end
def down
# no op
end
end
db/post_migrate/20211104165220_remove_vulnerability_finding_links.rb
View file @ 58b4b540
# frozen_string_literal: true
class RemoveVulnerabilityFindingLinks < Gitlab::Database::Migration[1.0]
BATCH_SIZE = 50_000
MIGRATION = 'RemoveVulnerabilityFindingLinks'
disable_ddl_transaction!
def up
queue_background_migration_jobs_by_range_at_intervals(
define_batchable_model('vulnerability_finding_links'),
MIGRATION,
2.minutes,
batch_size: BATCH_SIZE
)
# no op
end
def down
# no ops
# no op
end
end
db/post_migrate/20211210173137_remove_vulnerability_finding_links_again.rb
View file @ 58b4b540
# frozen_string_literal: true
class RemoveVulnerabilityFindingLinksAgain < Gitlab::Database::Migration[1.0]
BATCH_SIZE = 50_000
MIGRATION = 'RemoveVulnerabilityFindingLinks'
disable_ddl_transaction!
def up
queue_background_migration_jobs_by_range_at_intervals(
define_batchable_model('vulnerability_finding_links'),
MIGRATION,
2.minutes,
batch_size: BATCH_SIZE
)
# no op
end
def down
# no ops
# no op
end
end
db/migrate/20210811193033_add_unique_index_to_vulnerability_finding_links.rb db/post_migrate/20220201193033_add_unique_index_to_vulnerability_finding_links_with_truncate.rb
View file @ 58b4b540
# frozen_string_literal: true
class AddUniqueIndexToVulnerabilityFindingLinks < Gitlab::Database::Migration[1.0]
class AddUniqueIndexToVulnerabilityFindingLinksWithTruncate < Gitlab::Database::Migration[1.0]
disable_ddl_transaction!
NAME_URL_INDEX_NAME = 'finding_link_name_url_idx'
URL_INDEX_NAME = 'finding_link_url_idx'
def up
execute('TRUNCATE TABLE vulnerability_finding_links')
add_concurrent_index :vulnerability_finding_links, [:vulnerability_occurrence_id, :name, :url], unique: true, name: NAME_URL_INDEX_NAME
add_concurrent_index :vulnerability_finding_links, [:vulnerability_occurrence_id, :url], unique: true, where: 'name is null', name: URL_INDEX_NAME
end
......
db/schema_migrations/20220201193033 0 → 100644
View file @ 58b4b540
92bbe74c6c3627dd26f709acd2a20f442212eab933f719be815701a3bc429539
\ No newline at end of file
lib/gitlab/background_migration/remove_vulnerability_finding_links.rb deleted 100644 → 0
View file @ 220bfe2c
# frozen_string_literal: true
module Gitlab
module BackgroundMigration
# Remove vulnerability finding link records
# The records will be repopulated from the `raw_metadata`
# column of `vulnerability_occurrences` once the unique
# index is in place.
class RemoveVulnerabilityFindingLinks
include Gitlab::Database::DynamicModelHelpers
def perform(start_id, stop_id)
define_batchable_model('vulnerability_finding_links', connection: ActiveRecord::Base.connection)
.where(id: start_id..stop_id)
.delete_all
end
end
end
end
spec/lib/gitlab/background_migration/remove_vulnerability_finding_links_spec.rb deleted 100644 → 0
View file @ 220bfe2c
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Gitlab::BackgroundMigration::RemoveVulnerabilityFindingLinks, :migration, schema: 20211104165220 do
let(:vulnerability_findings) { table(:vulnerability_occurrences) }
let(:finding_links) { table(:vulnerability_finding_links) }
let(:namespace) { table(:namespaces).create!(name: 'user', path: 'user', type: Namespaces::UserNamespace.sti_name) }
let(:project) { table(:projects).create!(namespace_id: namespace.id) }
let(:scanner) { table(:vulnerability_scanners).create!(project_id: project.id, external_id: 'scanner', name: 'scanner') }
let(:vulnerability_identifier) do
table(:vulnerability_identifiers).create!(
project_id: project.id,
external_type: 'vulnerability-identifier',
external_id: 'vulnerability-identifier',
fingerprint: '7e394d1b1eb461a7406d7b1e08f057a1cf11287a',
name: 'vulnerability identifier')
end
# vulnerability findings
let!(:findings) do
Array.new(2) do |id|
vulnerability_findings.create!(
project_id: project.id,
name: 'Vulnerability Name',
severity: 7,
confidence: 7,
report_type: 0,
project_fingerprint: '123qweasdzxc',
scanner_id: scanner.id,
primary_identifier_id: vulnerability_identifier.id,
location_fingerprint: "location_fingerprint_#{id}",
metadata_version: 'metadata_version',
raw_metadata: 'raw_metadata',
uuid: "uuid_#{id}"
)
end
end
# vulnerability finding links
let!(:links) do
{
findings.first => Array.new(5) { |id| finding_links.create!(vulnerability_occurrence_id: findings.first.id, name: "Link Name 1", url: "link_url1_#{id}.example") },
findings.second => Array.new(5) { |id| finding_links.create!(vulnerability_occurrence_id: findings.second.id, name: "Link Name 2", url: "link_url2_#{id}.example") }
}
end
it 'removes vulnerability links' do
expect do
subject.perform(links[findings.first].first.id, links[findings.second].last.id)
end.to change { finding_links.count }.from(10).to(0)
expect(finding_links.all).to be_empty
end
it 'only deletes vulnerability links for the current batch' do
expected_links = [finding_links.where(vulnerability_occurrence_id: findings.second.id)].flatten
expect do
subject.perform(links[findings.first].first.id, links[findings.first].last.id)
end.to change { finding_links.count }.from(10).to(5)
expect(finding_links.all).to match_array(expected_links)
end
end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7