Use specialized worker to refresh authorizations on group-share update

With this change, we will be using a specialized worker to refresh authorizations whenever a project-group share is updated. Changelog: performance

Use specialized worker to refresh authorizations on group-share update
With this change, we will be using a specialized worker to refresh authorizations whenever a project-group share is updated. Changelog: performance
fa1d31ee · Manoj M J · Douglas Barbosa Alexandre · afdec687 · fa1d31ee · afdec687
Commit fa1d31ee authored Sep 15, 2021 by Manoj M J Committed by Douglas Barbosa Alexandre Oct 01, 2021
3 changed files
--- a/app/services/projects/group_links/update_service.rb
+++ b/app/services/projects/group_links/update_service.rb
@@ -20,19 +20,15 @@ module Projects
      attr_reader :group_link
      def refresh_authorizations
-        if Feature.enabled?(:specialized_worker_for_project_share_update_auth_recalculation)
+        AuthorizedProjectUpdate::ProjectRecalculateWorker.perform_async(project.id)
-          AuthorizedProjectUpdate::ProjectRecalculateWorker.perform_async(project.id)
+        # Until we compare the inconsistency rates of the new specialized worker and
-          # Until we compare the inconsistency rates of the new specialized worker and
+        # the old approach, we still run AuthorizedProjectsWorker
-          # the old approach, we still run AuthorizedProjectsWorker
+        # but with some delay and lower urgency as a safety net.
-          # but with some delay and lower urgency as a safety net.
+        group_link.group.refresh_members_authorized_projects(
-          group_link.group.refresh_members_authorized_projects(
+          blocking: false,
-            blocking: false,
+          priority: UserProjectAccessChangedService::LOW_PRIORITY
-            priority: UserProjectAccessChangedService::LOW_PRIORITY
+        )
-          )
-        else
-          group_link.group.refresh_members_authorized_projects
-        end
      end
      def requires_authorization_refresh?(params)

--- a/config/feature_flags/development/specialized_worker_for_project_share_update_auth_recalculation.yml
+++ b/config/feature_flags/development/specialized_worker_for_project_share_update_auth_recalculation.yml
---
-name: specialized_worker_for_project_share_update_auth_recalculation
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/61964
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/334234
-milestone: '14.1'
-type: development
-group: group::access
-default_enabled: false
--- a/spec/services/projects/group_links/update_service_spec.rb
+++ b/spec/services/projects/group_links/update_service_spec.rb
@@ -34,86 +34,40 @@ RSpec.describe Projects::GroupLinks::UpdateService, '#execute' do
  end
  context 'project authorizations update' do
-    context 'when the feature flag `specialized_worker_for_project_share_update_auth_recalculation` is enabled' do
+    it 'calls AuthorizedProjectUpdate::ProjectRecalculateWorker to update project authorizations' do
-      before do
+      expect(AuthorizedProjectUpdate::ProjectRecalculateWorker)
-        stub_feature_flags(specialized_worker_for_project_share_update_auth_recalculation: true)
+        .to receive(:perform_async).with(link.project.id)
-      end
-      it 'calls AuthorizedProjectUpdate::ProjectRecalculateWorker to update project authorizations' do
-        expect(AuthorizedProjectUpdate::ProjectRecalculateWorker)
-          .to receive(:perform_async).with(link.project.id)
-        subject
-      end
-      it 'calls AuthorizedProjectUpdate::UserRefreshFromReplicaWorker with a delay to update project authorizations' do
-        expect(AuthorizedProjectUpdate::UserRefreshFromReplicaWorker).to(
-          receive(:bulk_perform_in)
-            .with(1.hour,
-                  [[user.id]],
-                  batch_delay: 30.seconds, batch_size: 100)
-        )
-        subject
-      end
-      it 'updates project authorizations of users who had access to the project via the group share', :sidekiq_inline do
-        group.add_maintainer(user)
-        expect { subject }.to(
-          change { Ability.allowed?(user, :create_release, project) }
-            .from(true).to(false))
-      end
-    end
-    context 'when the feature flag `specialized_worker_for_project_share_update_auth_recalculation` is disabled' do
+      subject
-      before do
+    end
-        stub_feature_flags(specialized_worker_for_project_share_update_auth_recalculation: false)
-      end
-      it 'calls UserProjectAccessChangedService to update project authorizations' do
+    it 'calls AuthorizedProjectUpdate::UserRefreshFromReplicaWorker with a delay to update project authorizations' do
-        expect_next_instance_of(UserProjectAccessChangedService, [user.id]) do |service|
+      expect(AuthorizedProjectUpdate::UserRefreshFromReplicaWorker).to(
-          expect(service).to receive(:execute)
+        receive(:bulk_perform_in)
-        end
+          .with(1.hour,
+                [[user.id]],
+                batch_delay: 30.seconds, batch_size: 100)
+      )
-        subject
+      subject
-      end
+    end
-      it 'updates project authorizations of users who had access to the project via the group share' do
+    it 'updates project authorizations of users who had access to the project via the group share', :sidekiq_inline do
-        group.add_maintainer(user)
+      group.add_maintainer(user)
-        expect { subject }.to(
+      expect { subject }.to(
-          change { Ability.allowed?(user, :create_release, project) }
+        change { Ability.allowed?(user, :create_release, project) }
-            .from(true).to(false))
+          .from(true).to(false))
-      end
    end
  end
  context 'with only param not requiring authorization refresh' do
    let(:group_link_params) { { expires_at: Date.tomorrow } }
-    context 'when the feature flag `specialized_worker_for_project_share_update_auth_recalculation` is enabled' do
+    it 'does not perform any project authorizations update using `AuthorizedProjectUpdate::ProjectRecalculateWorker`' do
-      before do
+      expect(AuthorizedProjectUpdate::ProjectRecalculateWorker).not_to receive(:perform_async)
-        stub_feature_flags(specialized_worker_for_project_share_update_auth_recalculation: true)
-      end
-      it 'does not perform any project authorizations update using `AuthorizedProjectUpdate::ProjectRecalculateWorker`' do
-        expect(AuthorizedProjectUpdate::ProjectRecalculateWorker).not_to receive(:perform_async)
-        subject
-      end
-    end
-    context 'when the feature flag `specialized_worker_for_project_share_update_auth_recalculation` is disabled' do
-      before do
-        stub_feature_flags(specialized_worker_for_project_share_update_auth_recalculation: false)
-      end
-      it 'does not perform any project authorizations update using `UserProjectAccessChangedService`' do
-        expect(UserProjectAccessChangedService).not_to receive(:new)
-        subject
+      subject
-      end
    end
  end
 end