Commit fa1d31ee authored by Manoj M J's avatar Manoj M J Committed by Douglas Barbosa Alexandre

Use specialized worker to refresh authorizations on group-share update

With this change, we will be using a specialized
worker to refresh authorizations whenever a
project-group share is updated.

Changelog: performance
parent afdec687
......@@ -20,19 +20,15 @@ module Projects
attr_reader :group_link
def refresh_authorizations
if Feature.enabled?(:specialized_worker_for_project_share_update_auth_recalculation)
AuthorizedProjectUpdate::ProjectRecalculateWorker.perform_async(project.id)
# Until we compare the inconsistency rates of the new specialized worker and
# the old approach, we still run AuthorizedProjectsWorker
# but with some delay and lower urgency as a safety net.
group_link.group.refresh_members_authorized_projects(
blocking: false,
priority: UserProjectAccessChangedService::LOW_PRIORITY
)
else
group_link.group.refresh_members_authorized_projects
end
AuthorizedProjectUpdate::ProjectRecalculateWorker.perform_async(project.id)
# Until we compare the inconsistency rates of the new specialized worker and
# the old approach, we still run AuthorizedProjectsWorker
# but with some delay and lower urgency as a safety net.
group_link.group.refresh_members_authorized_projects(
blocking: false,
priority: UserProjectAccessChangedService::LOW_PRIORITY
)
end
def requires_authorization_refresh?(params)
......
---
name: specialized_worker_for_project_share_update_auth_recalculation
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/61964
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/334234
milestone: '14.1'
type: development
group: group::access
default_enabled: false
......@@ -34,86 +34,40 @@ RSpec.describe Projects::GroupLinks::UpdateService, '#execute' do
end
context 'project authorizations update' do
context 'when the feature flag `specialized_worker_for_project_share_update_auth_recalculation` is enabled' do
before do
stub_feature_flags(specialized_worker_for_project_share_update_auth_recalculation: true)
end
it 'calls AuthorizedProjectUpdate::ProjectRecalculateWorker to update project authorizations' do
expect(AuthorizedProjectUpdate::ProjectRecalculateWorker)
.to receive(:perform_async).with(link.project.id)
subject
end
it 'calls AuthorizedProjectUpdate::UserRefreshFromReplicaWorker with a delay to update project authorizations' do
expect(AuthorizedProjectUpdate::UserRefreshFromReplicaWorker).to(
receive(:bulk_perform_in)
.with(1.hour,
[[user.id]],
batch_delay: 30.seconds, batch_size: 100)
)
subject
end
it 'updates project authorizations of users who had access to the project via the group share', :sidekiq_inline do
group.add_maintainer(user)
expect { subject }.to(
change { Ability.allowed?(user, :create_release, project) }
.from(true).to(false))
end
end
it 'calls AuthorizedProjectUpdate::ProjectRecalculateWorker to update project authorizations' do
expect(AuthorizedProjectUpdate::ProjectRecalculateWorker)
.to receive(:perform_async).with(link.project.id)
context 'when the feature flag `specialized_worker_for_project_share_update_auth_recalculation` is disabled' do
before do
stub_feature_flags(specialized_worker_for_project_share_update_auth_recalculation: false)
end
subject
end
it 'calls UserProjectAccessChangedService to update project authorizations' do
expect_next_instance_of(UserProjectAccessChangedService, [user.id]) do |service|
expect(service).to receive(:execute)
end
it 'calls AuthorizedProjectUpdate::UserRefreshFromReplicaWorker with a delay to update project authorizations' do
expect(AuthorizedProjectUpdate::UserRefreshFromReplicaWorker).to(
receive(:bulk_perform_in)
.with(1.hour,
[[user.id]],
batch_delay: 30.seconds, batch_size: 100)
)
subject
end
subject
end
it 'updates project authorizations of users who had access to the project via the group share' do
group.add_maintainer(user)
it 'updates project authorizations of users who had access to the project via the group share', :sidekiq_inline do
group.add_maintainer(user)
expect { subject }.to(
change { Ability.allowed?(user, :create_release, project) }
.from(true).to(false))
end
expect { subject }.to(
change { Ability.allowed?(user, :create_release, project) }
.from(true).to(false))
end
end
context 'with only param not requiring authorization refresh' do
let(:group_link_params) { { expires_at: Date.tomorrow } }
context 'when the feature flag `specialized_worker_for_project_share_update_auth_recalculation` is enabled' do
before do
stub_feature_flags(specialized_worker_for_project_share_update_auth_recalculation: true)
end
it 'does not perform any project authorizations update using `AuthorizedProjectUpdate::ProjectRecalculateWorker`' do
expect(AuthorizedProjectUpdate::ProjectRecalculateWorker).not_to receive(:perform_async)
subject
end
end
context 'when the feature flag `specialized_worker_for_project_share_update_auth_recalculation` is disabled' do
before do
stub_feature_flags(specialized_worker_for_project_share_update_auth_recalculation: false)
end
it 'does not perform any project authorizations update using `UserProjectAccessChangedService`' do
expect(UserProjectAccessChangedService).not_to receive(:new)
it 'does not perform any project authorizations update using `AuthorizedProjectUpdate::ProjectRecalculateWorker`' do
expect(AuthorizedProjectUpdate::ProjectRecalculateWorker).not_to receive(:perform_async)
subject
end
subject
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment