2025-07-20 16:46:17 +00:00 · 2025-07-20 10:29:38 +00:00
parent 5d71d29811
commit 6a7c36ee92
5 changed files with 68 additions and 0 deletions
--- a/config/gitlab_loose_foreign_keys.yml
+++ b/config/gitlab_loose_foreign_keys.yml
@ -658,6 +658,10 @@ sbom_sources:
  - table: organizations
    column: organization_id
    on_delete: async_delete
+security_categories:
+  - table: namespaces
+    column: namespace_id
+    on_delete: async_delete
 security_scans:
  - table: p_ci_builds
    column: build_id
--- a/db/docs/security_categories.yml
+++ b/db/docs/security_categories.yml
@ -0,0 +1,12 @@
+---
+table_name: security_categories
+classes:
+- Security::Category
+feature_categories:
+- security_asset_inventories
+description: Stores security label categories for root namespaces
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/197798
+milestone: '18.3'
+gitlab_schema: gitlab_sec
+sharding_key:
+  namespace_id: namespaces
--- a/db/migrate/20250714103334_create_security_categories.rb
+++ b/db/migrate/20250714103334_create_security_categories.rb
@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+class CreateSecurityCategories < Gitlab::Database::Migration[2.3]
+  milestone '18.3'
+
+  SECURITY_CATEGORIES_NAME_NAMESPACE_INDEX = 'index_security_categories_namespace_name'
+
+  def change
+    create_table :security_categories do |t|
+      t.bigint :namespace_id, null: false
+      t.timestamps_with_timezone null: false
+      t.integer :editable_state, null: false, default: 0, limit: 2
+      t.integer :template_type, null: true, limit: 2
+      t.boolean :multiple_selection, null: false, default: false
+      t.text :name, null: false, limit: 255
+      t.text :description, default: nil, limit: 255
+
+      t.index [:namespace_id, :name], unique: true, name: SECURITY_CATEGORIES_NAME_NAMESPACE_INDEX
+    end
+  end
+end
--- a/db/schema_migrations/20250714103334
+++ b/db/schema_migrations/20250714103334
@ -0,0 +1 @@
+1c61b56bb5b90ed74a50fb337a0898621c4a66cc960a493b5cd9e07d75333e37
--- a/db/structure.sql
+++ b/db/structure.sql
@ -23329,6 +23329,29 @@ CREATE TABLE secret_detection_token_statuses (
    status smallint DEFAULT 0 NOT NULL
 );

+CREATE TABLE security_categories (
+    id bigint NOT NULL,
+    namespace_id bigint NOT NULL,
+    created_at timestamp with time zone NOT NULL,
+    updated_at timestamp with time zone NOT NULL,
+    editable_state smallint DEFAULT 0 NOT NULL,
+    template_type smallint,
+    multiple_selection boolean DEFAULT false NOT NULL,
+    name text NOT NULL,
+    description text,
+    CONSTRAINT check_6a761c4c9f CHECK ((char_length(name) <= 255)),
+    CONSTRAINT check_d643dfc44b CHECK ((char_length(description) <= 255))
+);
+
+CREATE SEQUENCE security_categories_id_seq
+    START WITH 1
+    INCREMENT BY 1
+    NO MINVALUE
+    NO MAXVALUE
+    CACHE 1;
+
+ALTER SEQUENCE security_categories_id_seq OWNED BY security_categories.id;
+
 CREATE SEQUENCE security_findings_id_seq
    START WITH 1
    INCREMENT BY 1
@ -28673,6 +28696,8 @@ ALTER TABLE ONLY scim_identities ALTER COLUMN id SET DEFAULT nextval('scim_ident

 ALTER TABLE ONLY scim_oauth_access_tokens ALTER COLUMN id SET DEFAULT nextval('scim_oauth_access_tokens_id_seq'::regclass);

+ALTER TABLE ONLY security_categories ALTER COLUMN id SET DEFAULT nextval('security_categories_id_seq'::regclass);
+
 ALTER TABLE ONLY security_findings ALTER COLUMN id SET DEFAULT nextval('security_findings_id_seq'::regclass);

 ALTER TABLE ONLY security_orchestration_policy_configurations ALTER COLUMN id SET DEFAULT nextval('security_orchestration_policy_configurations_id_seq'::regclass);
@ -31723,6 +31748,9 @@ ALTER TABLE ONLY scim_oauth_access_tokens
 ALTER TABLE ONLY secret_detection_token_statuses
    ADD CONSTRAINT secret_detection_token_statuses_pkey PRIMARY KEY (vulnerability_occurrence_id);

+ALTER TABLE ONLY security_categories
+    ADD CONSTRAINT security_categories_pkey PRIMARY KEY (id);
+
 ALTER TABLE ONLY security_findings
    ADD CONSTRAINT security_findings_pkey PRIMARY KEY (id, partition_number);

@ -38064,6 +38092,8 @@ CREATE UNIQUE INDEX index_scim_identities_on_user_id_and_group_id ON scim_identi

 CREATE UNIQUE INDEX index_scim_oauth_access_tokens_on_group_id_and_token_encrypted ON scim_oauth_access_tokens USING btree (group_id, token_encrypted);

+CREATE UNIQUE INDEX index_security_categories_namespace_name ON security_categories USING btree (namespace_id, name);
+
 CREATE INDEX index_security_orchestration_policy_rule_schedules_on_namespace ON security_orchestration_policy_rule_schedules USING btree (namespace_id);

 CREATE INDEX index_security_orchestration_policy_rule_schedules_on_project_i ON security_orchestration_policy_rule_schedules USING btree (project_id);
				`@ -0,0 +1 @@`
				`1c61b56bb5b90ed74a50fb337a0898621c4a66cc960a493b5cd9e07d75333e37`