[go: up one dir, main page]
Skip to content

Unassign policies for expired Ultimate licenses

Imam Hossainrequested to merge
431229-cleanup-policy-configurations-for-expired-licenses into master

What does this MR do and why?

Introduces a cron worker to automatically unassign security policy configurations when an Ultimate license or plan expires. This worker identifies namespaces with expired Ultimate subscriptions (SaaS) or expired Ultimate licenses (self-managed) and schedules a dedicated worker to remove their associated policy configurations. This ensures that security policies are only active with a valid Ultimate plan.

References

This is part 2 of fixing #431229

Part 1 MR : !208917 (merged)

Database Query Plans

SELECT 
    gsh.*
FROM 
    gitlab_subscription_histories gsh
INNER JOIN 
    plans hosted_plan 
    ON hosted_plan.id = gsh.hosted_plan_id
WHERE 
    gsh.end_date = '2025-10-20'
    AND hosted_plan.name IN ('ultimate', 'ultimate_trial', 'ultimate_trial_paid_customer');

explain: https://console.postgres.ai/gitlab/gitlab-production-main/sessions/44794/commands/137546

Screenshots or screen recordings

Before After

How to set up and validate locally

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #431229

Edited by Imam Hossain

Merge request reports