Add application and DB layer validations for flag_type uniqueness

Introducing a compound unique index on `vulnerability_occurrence_id`,
`flag_type`, and `origin` columns will help us utilizing PostgreSQL's
upsert functionality and will prevent inserting the same flag twice.

Changelog: added
EE: true

db/migrate/20210803110920_add_unique_index_to_vulnerability_flags_table.rb

+# frozen_string_literal: true
+
+class AddUniqueIndexToVulnerabilityFlagsTable < ActiveRecord::Migration[6.1]
+  include Gitlab::Database::MigrationHelpers
+
+  INDEX_NAME = 'index_vulnerability_flags_on_unique_columns'
+
+  disable_ddl_transaction!
+
+  def up
+    add_concurrent_index :vulnerability_flags, [:vulnerability_occurrence_id, :flag_type, :origin], name: INDEX_NAME, unique: true
+  end
+
+  def down
+    remove_concurrent_index_by_name :vulnerability_flags, INDEX_NAME
+  end
+end

db/schema_migrations/20210803110920

+529cf86e09b5aa9015b604e73827cb21e92ced401f30dfb281115a506596bd4e
\ No newline at end of file

db/structure.sql

@@ -25441,6 +25441,8 @@ CREATE INDEX index_vulnerability_findings_remediations_on_remediation_id ON vuln
 
 CREATE UNIQUE INDEX index_vulnerability_findings_remediations_on_unique_keys ON vulnerability_findings_remediations USING btree (vulnerability_occurrence_id, vulnerability_remediation_id);
 
+CREATE UNIQUE INDEX index_vulnerability_flags_on_unique_columns ON vulnerability_flags USING btree (vulnerability_occurrence_id, flag_type, origin);
+
 CREATE INDEX index_vulnerability_flags_on_vulnerability_occurrence_id ON vulnerability_flags USING btree (vulnerability_occurrence_id);
 
 CREATE INDEX index_vulnerability_historical_statistics_on_date_and_id ON vulnerability_historical_statistics USING btree (date, id);

ee/app/models/vulnerabilities/flag.rb

@@ -4,11 +4,11 @@ module Vulnerabilities
   class Flag < ApplicationRecord
     self.table_name = 'vulnerability_flags'
 
-    belongs_to :finding, class_name: 'Vulnerabilities::Finding', foreign_key: 'vulnerability_occurrence_id', inverse_of: :vulnerability_flags
+    belongs_to :finding, class_name: 'Vulnerabilities::Finding', foreign_key: 'vulnerability_occurrence_id', inverse_of: :vulnerability_flags, optional: false
 
     validates :origin, length: { maximum: 255 }
     validates :description, length: { maximum: 1024 }
-    validates :flag_type, presence: true
+    validates :flag_type, presence: true, uniqueness: { scope: [:vulnerability_occurrence_id, :origin] }
 
     enum flag_type: {
       false_positive: 0

ee/spec/models/vulnerabilities/flag_spec.rb

@@ -4,13 +4,16 @@ require 'spec_helper'
 
 RSpec.describe Vulnerabilities::Flag do
   describe 'associations' do
-    it { is_expected.to belong_to(:finding).class_name('Vulnerabilities::Finding').with_foreign_key('vulnerability_occurrence_id') }
+    it { is_expected.to belong_to(:finding).class_name('Vulnerabilities::Finding').with_foreign_key('vulnerability_occurrence_id').required }
   end
 
   describe 'validations' do
+    subject { build(:vulnerabilities_flag) }
+
     it { is_expected.to validate_length_of(:origin).is_at_most(255) }
     it { is_expected.to validate_length_of(:description).is_at_most(1024) }
     it { is_expected.to validate_presence_of(:flag_type) }
+    it { is_expected.to validate_uniqueness_of(:flag_type).scoped_to(:vulnerability_occurrence_id, :origin).ignoring_case_sensitivity }
     it { is_expected.to define_enum_for(:flag_type).with_values(false_positive: 0) }
   end
 end