• Alex Kalderimis's avatar
    Deal with invalid caches · 56203843
    Alex Kalderimis authored
    We need to manage some subtle caching edge cases. These are dealt with
    by:
    
    - Allowing clients to request a non-forgetful store
    - Abstracting over throttling of actions per-period. A new method is
      introduced: `ExclusiveLease.throttle` that takes care of such needs.
    - Allow specific keys to be forgotten after running policies
    - Invalidating the `CurrentUserMode` cache for `admin_mode` if the
      session-bypass is active (which may change the value).
    
    This deals with a very subtle cache collision problem. When this block
    is run, it calls the users update-service, which computes, during
    permission checks, the `admin` condition for this user. This is normally
    fine, but this callback is executed _before_ the bypass-session admin ID
    is set, which means that the cached value is stale during the execution
    of the main action.
    
    To avoid this, we deliberately discard the cached value of the `admin`
    condition, leaving all other cache values intact.
    
    Thankfully, `admin` is a cheap condition to recompute, and this does not
    cause any additional I/O to be run.
    
    Separately, the `Gitlab::Auth::CurrentUserMode` caches the value of
    `admin_mode`, which may become invalidated due to the session-bypass
    used for sessionless requests. We invalidate the cache when the
    session-bypass setting is changed.
    This invalidates the cached value for admin_mode, rather than requiring
    the caller to know when to force recomputation.
    
    A necessary change is made to prevent duplicate user-detail records.
    See: https://gitlab.com/gitlab-org/gitlab/-/issues/333245
    
    Changelog: fixed
    56203843
base_policy.rb 2.3 KB