From 38961468569106fe6c987c31c7cea22778c8f499 Mon Sep 17 00:00:00 2001
From: Gregory Havenga <11164960-ghavenga@users.noreply.gitlab.com>
Date: Fri, 1 Nov 2024 12:27:40 +0000
Subject: [PATCH] Configure Sec CI for MR's labelled sec-decomposition
Changelog: added
---
.gitlab-ci.yml | 1 +
.gitlab/ci/database.gitlab-ci.yml | 30 ++++
.gitlab/ci/rails.gitlab-ci.yml | 56 +++++++
.gitlab/ci/rails/shared.gitlab-ci.yml | 8 +
.gitlab/ci/rules.gitlab-ci.yml | 27 ++++
config/database.yml.decomposed-sec-postgresql | 152 ++++++++++++++++++
...backfill_finding_id_in_vulnerabilities3.rb | 4 +-
...has_remediations_of_vulnerability_reads.rb | 4 +-
...drop_vulnerabilities_without_finding_id.rb | 4 +-
...204800_drop_invalid_vulnerabilities_gdk.rb | 2 +-
...lnerability_feedback_pipeline_id_bigint.rb | 4 +-
...pted_scanner_ids_of_vulnerability_reads.rb | 4 +-
...nd_traversal_ids_to_vulnerability_reads.rb | 4 +-
lib/gitlab/database/query_analyzers/base.rb | 13 ++
scripts/utils.sh | 9 +-
...ifier_names_of_vulnerability_reads_spec.rb | 3 +-
16 files changed, 309 insertions(+), 16 deletions(-)
create mode 100644 config/database.yml.decomposed-sec-postgresql
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index f923fa7c88d53..cc52aec04ed3a 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -228,6 +228,7 @@ variables:
RETRY_FAILED_TESTS_IN_NEW_PROCESS: "true"
# Run with decomposed databases by default
DECOMPOSED_DB: "true"
+ SEC_DECOMPOSED_DB: "false"
DOCS_REVIEW_APPS_DOMAIN: "docs.gitlab-review.app"
DOCS_GITLAB_REPO_SUFFIX: "ee"
diff --git a/.gitlab/ci/database.gitlab-ci.yml b/.gitlab/ci/database.gitlab-ci.yml
index 632f0975111dc..f2c9093c967e1 100644
--- a/.gitlab/ci/database.gitlab-ci.yml
+++ b/.gitlab/ci/database.gitlab-ci.yml
@@ -31,6 +31,36 @@ db:backup_and_restore single-db-ci-connection:
- .single-db-ci-connection
- .rails:rules:db-backup
+db:rollback single-db-sec-connection:
+ extends:
+ - db:rollback
+ - .single-db-sec-connection
+ - .rails:rules:single-db-sec-connection
+
+db:migrate:reset single-db-sec-connection:
+ extends:
+ - db:migrate:reset
+ - .single-db-sec-connection
+ - .rails:rules:single-db-sec-connection
+
+db:check-schema-single-db-sec-connection:
+ extends:
+ - db:check-schema
+ - .single-db-sec-connection
+ - .rails:rules:single-db-sec-connection
+
+db:post_deployment_migrations_validator-single-db-sec-connection:
+ extends:
+ - db:post_deployment_migrations_validator
+ - .single-db-sec-connection
+ - .rails:rules:db:check-migrations-single-db-sec-connection
+
+db:backup_and_restore single-db-sec-connection:
+ extends:
+ - db:backup_and_restore
+ - .single-db-sec-connection
+ - .rails:rules:db-backup
+
db:rollback:
extends:
- .db-job-base
diff --git a/.gitlab/ci/rails.gitlab-ci.yml b/.gitlab/ci/rails.gitlab-ci.yml
index 24ced682434dd..94982b8acfef2 100644
--- a/.gitlab/ci/rails.gitlab-ci.yml
+++ b/.gitlab/ci/rails.gitlab-ci.yml
@@ -195,6 +195,13 @@ rspec unit pg14 single-db-ci-connection:
- .rspec-unit-parallel
- .rails:rules:single-db-ci-connection
+rspec unit pg14 single-db-sec-connection:
+ extends:
+ - rspec unit pg14
+ - .single-db-sec-connection-rspec
+ - .rspec-unit-parallel
+ - .rails:rules:single-db-sec-connection
+
rspec unit pg14 praefect:
extends:
- rspec unit pg14
@@ -229,6 +236,13 @@ rspec integration pg14 single-db-ci-connection:
- .rspec-integration-parallel
- .rails:rules:single-db-ci-connection
+rspec integration pg14 single-db-sec-connection:
+ extends:
+ - rspec integration pg14
+ - .single-db-sec-connection-rspec
+ - .rspec-integration-parallel
+ - .rails:rules:single-db-sec-connection
+
rspec integration pg14 praefect:
extends:
- rspec integration pg14
@@ -265,6 +279,15 @@ rspec system pg14 single-db-ci-connection:
- .rspec-system-parallel
- .rails:rules:single-db-ci-connection
+ - .rails:rules:single-db
+
+rspec system pg14 single-db-sec-connection:
+ extends:
+ - rspec system pg14
+ - .single-db-sec-connection-rspec
+ - .rspec-system-parallel
+ - .rails:rules:single-db-sec-connection
+
rspec system pg14 praefect:
extends:
- rspec system pg14
@@ -818,6 +841,18 @@ rspec-ee background_migration pg14 single-db-ci-connection:
- .single-db-ci-connection-rspec
- .rails:rules:single-db-ci-connection-ee
+rspec-ee migration pg14 single-db-sec-connection:
+ extends:
+ - rspec-ee migration pg14
+ - .single-db-sec-connection-rspec
+ - .rails:rules:single-db-sec-connection-ee
+
+rspec-ee background_migration pg14 single-db-sec-connection:
+ extends:
+ - rspec-ee background_migration pg14
+ - .single-db-sec-connection-rspec
+ - .rails:rules:single-db-sec-connection-ee
+
rspec-ee migration pg14 praefect:
extends:
- rspec migration pg14
@@ -864,6 +899,13 @@ rspec-ee unit pg14 single-db-ci-connection:
- .rspec-ee-unit-parallel
- .rails:rules:single-db-ci-connection-ee
+rspec-ee unit pg14 single-db-sec-connection:
+ extends:
+ - rspec-ee unit pg14
+ - .single-db-sec-connection-rspec
+ - .rspec-ee-unit-parallel
+ - .rails:rules:single-db-sec-connection-ee
+
rspec-ee integration pg14:
extends:
- .rspec-ee-base-pg14
@@ -896,6 +938,13 @@ rspec-ee integration pg14 single-db-ci-connection:
- .rspec-ee-integration-parallel
- .rails:rules:single-db-ci-connection-ee
+rspec-ee integration pg14 single-db-sec-connection:
+ extends:
+ - rspec-ee integration pg14
+ - .single-db-sec-connection-rspec
+ - .rspec-ee-integration-parallel
+ - .rails:rules:single-db-sec-connection-ee
+
.custom-models-variables:
variables:
AIGW_CUSTOM_MODELS__ENABLED: true
@@ -943,6 +992,13 @@ rspec-ee system pg14 single-db-ci-connection:
- .rspec-ee-system-parallel
- .rails:rules:single-db-ci-connection-ee
+rspec-ee system pg14 single-db-sec-connection:
+ extends:
+ - rspec-ee system pg14
+ - .single-db-sec-connection-rspec
+ - .rspec-ee-system-parallel
+ - .rails:rules:single-db-sec-connection-ee
+
# EE: default refs (MRs, default branch, schedules) jobs #
##################################################
diff --git a/.gitlab/ci/rails/shared.gitlab-ci.yml b/.gitlab/ci/rails/shared.gitlab-ci.yml
index a17f52f008dff..c8bf625f7f538 100644
--- a/.gitlab/ci/rails/shared.gitlab-ci.yml
+++ b/.gitlab/ci/rails/shared.gitlab-ci.yml
@@ -42,12 +42,20 @@ include:
variables:
CI_CONNECTION_DB: "true"
+.single-db-sec-connection:
+ extends: .single-db
+ variables:
+ SEC_CONNECTION_DB: "true"
+
.single-db-rspec:
extends: .single-db
.single-db-ci-connection-rspec:
extends: .single-db-ci-connection
+.single-db-sec-connection-rspec:
+ extends: .single-db-sec-connection
+
.praefect-with-db:
variables:
GITALY_PRAEFECT_WITH_DB: '1'
diff --git a/.gitlab/ci/rules.gitlab-ci.yml b/.gitlab/ci/rules.gitlab-ci.yml
index 5f82127d8021e..61032c3376422 100644
--- a/.gitlab/ci/rules.gitlab-ci.yml
+++ b/.gitlab/ci/rules.gitlab-ci.yml
@@ -111,6 +111,9 @@
.if-merge-request-labels-run-single-db: &if-merge-request-labels-run-single-db
if: '($CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_EVENT_TYPE != "merge_train") && $CI_MERGE_REQUEST_LABELS =~ /pipeline:run-single-db/'
+.if-merge-request-labels-sec-decomposition: &if-merge-request-labels-sec-decomposition
+ if: '($CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_EVENT_TYPE != "merge_train") && $CI_MERGE_REQUEST_LABELS =~ /sec-decomposition/'
+
.if-merge-request-labels-run-review-app: &if-merge-request-labels-run-review-app
if: '($CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_EVENT_TYPE != "merge_train") && $CI_MERGE_REQUEST_LABELS =~ /pipeline:run-review-app/'
@@ -1963,6 +1966,30 @@
- <<: *if-merge-request
changes: *decomposed-db-models-patterns
+.rails:rules:single-db-sec-connection:
+ rules:
+ - <<: *if-default-branch-schedule-nightly
+ - <<: *if-merge-request-labels-run-single-db
+ - <<: *if-merge-request-labels-sec-decomposition
+ - <<: *if-merge-request-labels-pipeline-expedite
+ when: never
+ - if: '$ENABLE_RSPEC_SINGLE_DB_SEC_CONNECTION == "true"'
+ - <<: *if-merge-request-not-approved
+ when: never
+
+.rails:rules:single-db-sec-connection-ee:
+ rules:
+ - <<: *if-not-ee
+ when: never
+ - !reference [".rails:rules:single-db-sec-connection", "rules"]
+
+.rails:rules:db:check-migrations-single-db-sec-connection:
+ rules:
+ - <<: *if-merge-request-labels-run-single-db
+ - <<: *if-merge-request-labels-sec-decomposition
+ - <<: *if-merge-request-labels-pipeline-expedite
+ when: never
+
.rails:rules:db:migrate:multi-version-upgrade:
rules:
- if: '$DISABLE_DB_MULTI_VERSION_UPGRADE =~ /true|yes|1/i'
diff --git a/config/database.yml.decomposed-sec-postgresql b/config/database.yml.decomposed-sec-postgresql
new file mode 100644
index 0000000000000..19660027023b2
--- /dev/null
+++ b/config/database.yml.decomposed-sec-postgresql
@@ -0,0 +1,152 @@
+#
+# PRODUCTION
+#
+production:
+ main:
+ adapter: postgresql
+ encoding: unicode
+ database: gitlabhq_production
+ username: git
+ password: "secure password"
+ host: localhost
+ # load_balancing:
+ # hosts:
+ # - host1.example.com
+ # - host2.example.com
+ # discover:
+ # nameserver: 1.2.3.4
+ # port: 8600
+ # record: secondary.postgresql.service.consul
+ # interval: 300
+ ci:
+ adapter: postgresql
+ encoding: unicode
+ database: gitlabhq_production_ci
+ username: git
+ password: "secure password"
+ host: localhost
+ # load_balancing:
+ # hosts:
+ # - host1.example.com
+ # - host2.example.com
+ # discover:
+ # nameserver: 1.2.3.4
+ # port: 8600
+ # record: secondary-ci.postgresql.service.consul
+ # interval: 300
+ sec:
+ adapter: postgresql
+ encoding: unicode
+ database: gitlabhq_production_sec
+ username: git
+ password: "secure password"
+ host: localhost
+ # load_balancing:
+ # hosts:
+ # - host1.example.com
+ # - host2.example.com
+ # discover:
+ # nameserver: 1.2.3.4
+ # port: 8600
+ # record: secondary-sec.postgresql.service.consul
+ # interval: 300
+ geo:
+ adapter: postgresql
+ encoding: unicode
+ database: gitlabhq_geo_production
+ username: git
+ password: "secure password"
+ host: localhost
+
+#
+# Development specific
+#
+development:
+ main:
+ adapter: postgresql
+ encoding: unicode
+ database: gitlabhq_development
+ username: postgres
+ password: "secure password"
+ host: localhost
+ variables:
+ statement_timeout: 15s
+ ci:
+ adapter: postgresql
+ encoding: unicode
+ database: gitlabhq_development_ci
+ username: postgres
+ password: "secure password"
+ host: localhost
+ variables:
+ statement_timeout: 15s
+ sec:
+ adapter: postgresql
+ encoding: unicode
+ database: gitlabhq_development_sec
+ username: postgres
+ password: "secure password"
+ host: localhost
+ variables:
+ statement_timeout: 15s
+ geo:
+ adapter: postgresql
+ encoding: unicode
+ database: gitlabhq_geo_development
+ username: postgres
+ password: "secure password"
+ host: localhost
+
+# Warning: The database defined as "test" will be erased and
+# re-generated from your development database when you run "rake".
+# Do not set this db to the same as development or production.
+test: &test
+ main:
+ adapter: postgresql
+ encoding: unicode
+ database: gitlabhq_test
+ username: postgres
+ password:
+ host: localhost
+ prepared_statements: false
+ reaping_frequency: nil
+ variables:
+ statement_timeout: 15s
+ ci:
+ adapter: postgresql
+ encoding: unicode
+ database: gitlabhq_test_ci
+ username: postgres
+ password:
+ host: localhost
+ prepared_statements: false
+ reaping_frequency: nil
+ variables:
+ statement_timeout: 15s
+ sec:
+ adapter: postgresql
+ encoding: unicode
+ database: gitlabhq_test_sec
+ username: postgres
+ password:
+ host: localhost
+ prepared_statements: false
+ reaping_frequency: nil
+ variables:
+ statement_timeout: 15s
+ geo:
+ adapter: postgresql
+ encoding: unicode
+ database: gitlabhq_geo_test
+ username: postgres
+ password:
+ host: localhost
+ reaping_frequency: nil
+ embedding:
+ adapter: postgresql
+ encoding: unicode
+ database: gitlabhq_embedding_test
+ username: postgres
+ password:
+ host: localhost
+ reaping_frequency: nil
diff --git a/db/post_migrate/20231129105945_requeue_backfill_finding_id_in_vulnerabilities3.rb b/db/post_migrate/20231129105945_requeue_backfill_finding_id_in_vulnerabilities3.rb
index da0e25de934b4..5eaf380f31e59 100644
--- a/db/post_migrate/20231129105945_requeue_backfill_finding_id_in_vulnerabilities3.rb
+++ b/db/post_migrate/20231129105945_requeue_backfill_finding_id_in_vulnerabilities3.rb
@@ -11,7 +11,7 @@ class RequeueBackfillFindingIdInVulnerabilities3 < Gitlab::Database::Migration[2
restrict_gitlab_migration gitlab_schema: :gitlab_main
def up
- Gitlab::Database::QueryAnalyzers::RestrictAllowedSchemas.with_suppressed do
+ Gitlab::Database::QueryAnalyzers::Base.suppress_schema_issues_for_decomposed_tables do
delete_batched_background_migration(
MIGRATION,
:vulnerabilities,
@@ -31,7 +31,7 @@ def up
end
def down
- Gitlab::Database::QueryAnalyzers::RestrictAllowedSchemas.with_suppressed do
+ Gitlab::Database::QueryAnalyzers::Base.suppress_schema_issues_for_decomposed_tables do
delete_batched_background_migration(MIGRATION, :vulnerabilities, :id, [])
end
end
diff --git a/db/post_migrate/20231201204712_requeue2_backfill_has_remediations_of_vulnerability_reads.rb b/db/post_migrate/20231201204712_requeue2_backfill_has_remediations_of_vulnerability_reads.rb
index 65e2394fa86b7..77b937b0ddabb 100644
--- a/db/post_migrate/20231201204712_requeue2_backfill_has_remediations_of_vulnerability_reads.rb
+++ b/db/post_migrate/20231201204712_requeue2_backfill_has_remediations_of_vulnerability_reads.rb
@@ -14,7 +14,7 @@ class Requeue2BackfillHasRemediationsOfVulnerabilityReads < Gitlab::Database::Mi
disable_ddl_transaction!
def up
- Gitlab::Database::QueryAnalyzers::RestrictAllowedSchemas.with_suppressed do
+ Gitlab::Database::QueryAnalyzers::Base.suppress_schema_issues_for_decomposed_tables do
# remove the original migration
delete_batched_background_migration(MIGRATION, :vulnerability_reads, :vulnerability_id, [])
@@ -30,7 +30,7 @@ def up
end
def down
- Gitlab::Database::QueryAnalyzers::RestrictAllowedSchemas.with_suppressed do
+ Gitlab::Database::QueryAnalyzers::Base.suppress_schema_issues_for_decomposed_tables do
delete_batched_background_migration(MIGRATION, :vulnerability_reads, :vulnerability_id, [])
end
end
diff --git a/db/post_migrate/20231221223259_queue_drop_vulnerabilities_without_finding_id.rb b/db/post_migrate/20231221223259_queue_drop_vulnerabilities_without_finding_id.rb
index 2a91f3bf47e44..958a12bb6bb35 100644
--- a/db/post_migrate/20231221223259_queue_drop_vulnerabilities_without_finding_id.rb
+++ b/db/post_migrate/20231221223259_queue_drop_vulnerabilities_without_finding_id.rb
@@ -11,7 +11,7 @@ class QueueDropVulnerabilitiesWithoutFindingId < Gitlab::Database::Migration[2.2
restrict_gitlab_migration gitlab_schema: :gitlab_main
def up
- Gitlab::Database::QueryAnalyzers::RestrictAllowedSchemas.with_suppressed do
+ Gitlab::Database::QueryAnalyzers::Base.suppress_schema_issues_for_decomposed_tables do
queue_batched_background_migration(
MIGRATION,
:vulnerabilities,
@@ -24,7 +24,7 @@ def up
end
def down
- Gitlab::Database::QueryAnalyzers::RestrictAllowedSchemas.with_suppressed do
+ Gitlab::Database::QueryAnalyzers::Base.suppress_schema_issues_for_decomposed_tables do
delete_batched_background_migration(MIGRATION, :vulnerabilities, :id, [])
end
end
diff --git a/db/post_migrate/20240214204800_drop_invalid_vulnerabilities_gdk.rb b/db/post_migrate/20240214204800_drop_invalid_vulnerabilities_gdk.rb
index 29e552a568498..229610e94f222 100644
--- a/db/post_migrate/20240214204800_drop_invalid_vulnerabilities_gdk.rb
+++ b/db/post_migrate/20240214204800_drop_invalid_vulnerabilities_gdk.rb
@@ -10,7 +10,7 @@ class Vulnerability < MigrationRecord
end
def up
- Gitlab::Database::QueryAnalyzers::RestrictAllowedSchemas.with_suppressed do
+ Gitlab::Database::QueryAnalyzers::Base.suppress_schema_issues_for_decomposed_tables do
Vulnerability.where(finding_id: nil).delete_all if Gitlab.dev_or_test_env?
end
end
diff --git a/db/post_migrate/20240404084304_backfill_vulnerability_feedback_pipeline_id_bigint.rb b/db/post_migrate/20240404084304_backfill_vulnerability_feedback_pipeline_id_bigint.rb
index 4c606920725f5..44e8aa827863f 100644
--- a/db/post_migrate/20240404084304_backfill_vulnerability_feedback_pipeline_id_bigint.rb
+++ b/db/post_migrate/20240404084304_backfill_vulnerability_feedback_pipeline_id_bigint.rb
@@ -8,13 +8,13 @@ class BackfillVulnerabilityFeedbackPipelineIdBigint < Gitlab::Database::Migratio
COLUMN = :pipeline_id
def up
- Gitlab::Database::QueryAnalyzers::RestrictAllowedSchemas.with_suppressed do
+ Gitlab::Database::QueryAnalyzers::Base.suppress_schema_issues_for_decomposed_tables do
backfill_conversion_of_integer_to_bigint(TABLE, COLUMN)
end
end
def down
- Gitlab::Database::QueryAnalyzers::RestrictAllowedSchemas.with_suppressed do
+ Gitlab::Database::QueryAnalyzers::Base.suppress_schema_issues_for_decomposed_tables do
revert_backfill_conversion_of_integer_to_bigint(TABLE, COLUMN)
end
end
diff --git a/db/post_migrate/20240409023046_queue_fix_corrupted_scanner_ids_of_vulnerability_reads.rb b/db/post_migrate/20240409023046_queue_fix_corrupted_scanner_ids_of_vulnerability_reads.rb
index 78887f3cb3651..a7809140b0bf8 100644
--- a/db/post_migrate/20240409023046_queue_fix_corrupted_scanner_ids_of_vulnerability_reads.rb
+++ b/db/post_migrate/20240409023046_queue_fix_corrupted_scanner_ids_of_vulnerability_reads.rb
@@ -12,7 +12,7 @@ class QueueFixCorruptedScannerIdsOfVulnerabilityReads < Gitlab::Database::Migrat
restrict_gitlab_migration gitlab_schema: :gitlab_main
def up
- Gitlab::Database::QueryAnalyzers::RestrictAllowedSchemas.with_suppressed do
+ Gitlab::Database::QueryAnalyzers::Base.suppress_schema_issues_for_decomposed_tables do
queue_batched_background_migration(
MIGRATION,
:vulnerability_reads,
@@ -25,7 +25,7 @@ def up
end
def down
- Gitlab::Database::QueryAnalyzers::RestrictAllowedSchemas.with_suppressed do
+ Gitlab::Database::QueryAnalyzers::Base.suppress_schema_issues_for_decomposed_tables do
delete_batched_background_migration(MIGRATION, :vulnerability_reads, :id, [])
end
end
diff --git a/db/post_migrate/20240409140739_requeue_backfill_archived_and_traversal_ids_to_vulnerability_reads.rb b/db/post_migrate/20240409140739_requeue_backfill_archived_and_traversal_ids_to_vulnerability_reads.rb
index cd80fb8e59dff..acb7604d185aa 100644
--- a/db/post_migrate/20240409140739_requeue_backfill_archived_and_traversal_ids_to_vulnerability_reads.rb
+++ b/db/post_migrate/20240409140739_requeue_backfill_archived_and_traversal_ids_to_vulnerability_reads.rb
@@ -11,7 +11,7 @@ class RequeueBackfillArchivedAndTraversalIdsToVulnerabilityReads < Gitlab::Datab
SUB_BATCH_SIZE = 100
def up
- Gitlab::Database::QueryAnalyzers::RestrictAllowedSchemas.with_suppressed do
+ Gitlab::Database::QueryAnalyzers::Base.suppress_schema_issues_for_decomposed_tables do
# Clear previous background migration execution from QueueBackfillArchivedAndTraversalIdsToVulnerabilityReads
delete_batched_background_migration(MIGRATION, :vulnerability_reads, :id, [])
@@ -27,7 +27,7 @@ def up
end
def down
- Gitlab::Database::QueryAnalyzers::RestrictAllowedSchemas.with_suppressed do
+ Gitlab::Database::QueryAnalyzers::Base.suppress_schema_issues_for_decomposed_tables do
delete_batched_background_migration(MIGRATION, :vulnerability_reads, :id, [])
end
end
diff --git a/lib/gitlab/database/query_analyzers/base.rb b/lib/gitlab/database/query_analyzers/base.rb
index 9a52a4f6e23a1..b1234b263548a 100644
--- a/lib/gitlab/database/query_analyzers/base.rb
+++ b/lib/gitlab/database/query_analyzers/base.rb
@@ -33,6 +33,19 @@ class << self
attr_writer :suppress_in_rspec
end
+ # During database decomposition, db migrations using tables that will be decomposed
+ # will begin to contravene their configuration for intended gitlab_schema and database connection.
+ # As these migrations already exist, ideally they should be finalized and removed prior to decomposition.
+ # In this situations, it's necessary to suppress warnings related to their incorrect connection and schema
+ # to progress our CI pipelines.
+ def self.suppress_schema_issues_for_decomposed_tables
+ Gitlab::Database::QueryAnalyzers::RestrictAllowedSchemas.with_suppressed do
+ Gitlab::Database::QueryAnalyzers::GitlabSchemasValidateConnection.with_suppressed do
+ yield
+ end
+ end
+ end
+
def self.with_suppressed(value = true, &blk)
previous = self.suppressed?
self.suppress = value
diff --git a/scripts/utils.sh b/scripts/utils.sh
index d011177552dae..fae5844e2b7f9 100644
--- a/scripts/utils.sh
+++ b/scripts/utils.sh
@@ -142,8 +142,13 @@ function assets_compile_script() {
function setup_database_yml() {
if [ "$DECOMPOSED_DB" == "true" ]; then
- echo "Using decomposed database config (config/database.yml.decomposed-postgresql)"
- cp config/database.yml.decomposed-postgresql config/database.yml
+ if [ "$SEC_DECOMPOSED_DB" == "true" ]; then
+ echo "Using SEC decomposed database config (config/database.yml.decomposed-sec-postgresql)"
+ cp config/database.yml.decomposed-sec-postgresql config/database.yml
+ else
+ echo "Using decomposed database config (config/database.yml.decomposed-postgresql)"
+ cp config/database.yml.decomposed-postgresql config/database.yml
+ fi
else
echo "Using two connections, single database config (config/database.yml.postgresql)"
cp config/database.yml.postgresql config/database.yml
diff --git a/spec/migrations/20241007115637_queue_backfill_identifier_names_of_vulnerability_reads_spec.rb b/spec/migrations/20241007115637_queue_backfill_identifier_names_of_vulnerability_reads_spec.rb
index 3a57400c104cc..cc37e86c8e943 100644
--- a/spec/migrations/20241007115637_queue_backfill_identifier_names_of_vulnerability_reads_spec.rb
+++ b/spec/migrations/20241007115637_queue_backfill_identifier_names_of_vulnerability_reads_spec.rb
@@ -19,7 +19,8 @@
column_name: :id,
interval: described_class::DELAY_INTERVAL,
batch_size: described_class::BATCH_SIZE,
- sub_batch_size: described_class::SUB_BATCH_SIZE
+ sub_batch_size: described_class::SUB_BATCH_SIZE,
+ gitlab_schema: :gitlab_sec
)
}
end
--
GitLab