Commit 5f3e41b3 authored by Alan (Maciej) Paruszewski's avatar Alan (Maciej) Paruszewski Committed by Toon Claes

Add table to store Security Orchestration Policy Schedules

This change adds new model to store and manage scheduled security scans
defined in Security Policies.

Changelog: added
parent 91ce444c
---
title: Add table to store Security Orchestration Policy Schedules
merge_request: 59842
author:
type: added
# frozen_string_literal: true
class CreateSecurityOrchestrationPolicyRuleSchedule < ActiveRecord::Migration[6.0]
include Gitlab::Database::MigrationHelpers
DOWNTIME = false
INDEX_PREFIX = 'index_sop_schedules_'
disable_ddl_transaction!
def up
table_comment = { owner: 'group::container security', description: 'Schedules used to store relationship between project and security policy repository' }
create_table_with_constraints :security_orchestration_policy_rule_schedules, comment: table_comment.to_json do |t|
t.timestamps_with_timezone
t.datetime_with_timezone :next_run_at, null: true
t.references :security_orchestration_policy_configuration, null: false, foreign_key: { to_table: :security_orchestration_policy_configurations, on_delete: :cascade }, index: { name: INDEX_PREFIX + 'on_sop_configuration_id' }
t.references :user, null: false, foreign_key: { on_delete: :cascade }, index: { name: INDEX_PREFIX + 'on_user_id' }
t.integer :policy_index, null: false
t.text :cron, null: false
t.text_limit :cron, 255
end
end
def down
with_lock_retries do
drop_table :security_orchestration_policy_rule_schedules
end
end
end
# frozen_string_literal: true
class AddConfiguredAtToSecurityOrchestrationPolicy < ActiveRecord::Migration[6.0]
DOWNTIME = false
def change
add_column :security_orchestration_policy_configurations, :configured_at, :datetime_with_timezone, null: true
end
end
c75ab8ef4d6a4ff20109e1c5d054521bd8cd79680f96f4d9e55331d69bac73d6
\ No newline at end of file
063cfa0d8a4b9d3947aaf55f0587f6a2a9521866b6e10fc307c5cc82ca3a0623
\ No newline at end of file
......@@ -17400,7 +17400,8 @@ CREATE TABLE security_orchestration_policy_configurations (
project_id bigint NOT NULL,
security_policy_management_project_id bigint NOT NULL,
created_at timestamp with time zone NOT NULL,
updated_at timestamp with time zone NOT NULL
updated_at timestamp with time zone NOT NULL,
configured_at timestamp with time zone
);
COMMENT ON TABLE security_orchestration_policy_configurations IS '{"owner":"group::container security","description":"Configuration used to store relationship between project and security policy repository"}';
......@@ -17414,6 +17415,29 @@ CREATE SEQUENCE security_orchestration_policy_configurations_id_seq
ALTER SEQUENCE security_orchestration_policy_configurations_id_seq OWNED BY security_orchestration_policy_configurations.id;
CREATE TABLE security_orchestration_policy_rule_schedules (
id bigint NOT NULL,
created_at timestamp with time zone NOT NULL,
updated_at timestamp with time zone NOT NULL,
next_run_at timestamp with time zone,
security_orchestration_policy_configuration_id bigint NOT NULL,
user_id bigint NOT NULL,
policy_index integer NOT NULL,
cron text NOT NULL,
CONSTRAINT check_915825a76e CHECK ((char_length(cron) <= 255))
);
COMMENT ON TABLE security_orchestration_policy_rule_schedules IS '{"owner":"group::container security","description":"Schedules used to store relationship between project and security policy repository"}';
CREATE SEQUENCE security_orchestration_policy_rule_schedules_id_seq
START WITH 1
INCREMENT BY 1
NO MINVALUE
NO MAXVALUE
CACHE 1;
ALTER SEQUENCE security_orchestration_policy_rule_schedules_id_seq OWNED BY security_orchestration_policy_rule_schedules.id;
CREATE TABLE security_scans (
id bigint NOT NULL,
created_at timestamp with time zone NOT NULL,
......@@ -19830,6 +19854,8 @@ ALTER TABLE ONLY security_findings ALTER COLUMN id SET DEFAULT nextval('security
ALTER TABLE ONLY security_orchestration_policy_configurations ALTER COLUMN id SET DEFAULT nextval('security_orchestration_policy_configurations_id_seq'::regclass);
ALTER TABLE ONLY security_orchestration_policy_rule_schedules ALTER COLUMN id SET DEFAULT nextval('security_orchestration_policy_rule_schedules_id_seq'::regclass);
ALTER TABLE ONLY security_scans ALTER COLUMN id SET DEFAULT nextval('security_scans_id_seq'::regclass);
ALTER TABLE ONLY self_managed_prometheus_alert_events ALTER COLUMN id SET DEFAULT nextval('self_managed_prometheus_alert_events_id_seq'::regclass);
......@@ -21392,6 +21418,9 @@ ALTER TABLE ONLY security_findings
ALTER TABLE ONLY security_orchestration_policy_configurations
ADD CONSTRAINT security_orchestration_policy_configurations_pkey PRIMARY KEY (id);
ALTER TABLE ONLY security_orchestration_policy_rule_schedules
ADD CONSTRAINT security_orchestration_policy_rule_schedules_pkey PRIMARY KEY (id);
ALTER TABLE ONLY security_scans
ADD CONSTRAINT security_scans_pkey PRIMARY KEY (id);
......@@ -24054,6 +24083,10 @@ CREATE UNIQUE INDEX index_sop_configs_on_project_id ON security_orchestration_po
CREATE INDEX index_sop_configurations_project_id_policy_project_id ON security_orchestration_policy_configurations USING btree (security_policy_management_project_id, project_id);
CREATE INDEX index_sop_schedules_on_sop_configuration_id ON security_orchestration_policy_rule_schedules USING btree (security_orchestration_policy_configuration_id);
CREATE INDEX index_sop_schedules_on_user_id ON security_orchestration_policy_rule_schedules USING btree (user_id);
CREATE INDEX index_spam_logs_on_user_id ON spam_logs USING btree (user_id);
CREATE INDEX index_sprints_iterations_cadence_id ON sprints USING btree (iterations_cadence_id);
......@@ -25642,6 +25675,9 @@ ALTER TABLE ONLY analytics_cycle_analytics_project_stages
ALTER TABLE ONLY packages_build_infos
ADD CONSTRAINT fk_rails_17a9a0dffc FOREIGN KEY (pipeline_id) REFERENCES ci_pipelines(id) ON DELETE SET NULL;
ALTER TABLE ONLY security_orchestration_policy_rule_schedules
ADD CONSTRAINT fk_rails_17ade83f17 FOREIGN KEY (security_orchestration_policy_configuration_id) REFERENCES security_orchestration_policy_configurations(id) ON DELETE CASCADE;
ALTER TABLE ONLY clusters_applications_jupyter
ADD CONSTRAINT fk_rails_17df21c98c FOREIGN KEY (cluster_id) REFERENCES clusters(id) ON DELETE CASCADE;
......@@ -26881,6 +26917,9 @@ ALTER TABLE ONLY label_priorities
ALTER TABLE ONLY fork_network_members
ADD CONSTRAINT fk_rails_efccadc4ec FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE;
ALTER TABLE ONLY security_orchestration_policy_rule_schedules
ADD CONSTRAINT fk_rails_efe1d9b133 FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE;
ALTER TABLE ONLY prometheus_alerts
ADD CONSTRAINT fk_rails_f0e8db86aa FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE;
......@@ -14,6 +14,11 @@ module Security
belongs_to :project, inverse_of: :security_orchestration_policy_configuration
belongs_to :security_policy_management_project, class_name: 'Project', foreign_key: 'security_policy_management_project_id'
has_many :rule_schedules,
class_name: 'Security::OrchestrationPolicyRuleSchedule',
foreign_key: :security_orchestration_policy_configuration_id,
inverse_of: :security_orchestration_policy_configuration
validates :project, presence: true, uniqueness: true
validates :security_policy_management_project, presence: true
......
# frozen_string_literal: true
module Security
class OrchestrationPolicyRuleSchedule < ApplicationRecord
self.table_name = 'security_orchestration_policy_rule_schedules'
belongs_to :owner, class_name: 'User', foreign_key: 'user_id'
belongs_to :security_orchestration_policy_configuration,
class_name: 'Security::OrchestrationPolicyConfiguration',
foreign_key: 'security_orchestration_policy_configuration_id'
validates :owner, presence: true
validates :security_orchestration_policy_configuration, presence: true
validates :cron, presence: true
validates :policy_index, presence: true
end
end
# frozen_string_literal: true
FactoryBot.define do
factory :security_orchestration_policy_rule_schedule, class: 'Security::OrchestrationPolicyRuleSchedule' do
owner { association(:user) }
security_orchestration_policy_configuration
policy_index { 0 }
cron { '*/10 * * * *' }
end
end
......@@ -14,6 +14,7 @@ RSpec.describe Security::OrchestrationPolicyConfiguration do
describe 'associations' do
it { is_expected.to belong_to(:project).inverse_of(:security_orchestration_policy_configuration) }
it { is_expected.to belong_to(:security_policy_management_project).class_name('Project') }
it { is_expected.to have_many(:rule_schedules).class_name('Security::OrchestrationPolicyRuleSchedule').inverse_of(:security_orchestration_policy_configuration) }
end
describe 'validations' do
......
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Security::OrchestrationPolicyRuleSchedule do
describe 'associations' do
it { is_expected.to belong_to(:owner).class_name('User') }
it { is_expected.to belong_to(:security_orchestration_policy_configuration).class_name('Security::OrchestrationPolicyConfiguration') }
end
describe 'validations' do
subject { create(:security_orchestration_policy_rule_schedule) }
it { is_expected.to validate_presence_of(:owner) }
it { is_expected.to validate_presence_of(:security_orchestration_policy_configuration) }
it { is_expected.to validate_presence_of(:cron) }
it { is_expected.to validate_presence_of(:policy_index) }
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment