Fix bug where destroying a namespace would not always destroy projects
Fix bug where destroying a namespace would not always destroy projects
There is a race condition in DestroyGroupService now that projects are deleted asynchronously:
- User attempts to delete group
- DestroyGroupService iterates through all projects and schedules a Sidekiq job to delete each Project
- DestroyGroupService destroys the Group, leaving all its projects without a namespace
- Projects::DestroyService runs later but the can?(current_user,
:remove_project) is
falsebecause the user no longer has permission to destroy projects with no namespace. - This leaves the project in pending_delete state with no namespace/group.
Projects without a namespace or group also adds another problem: it's not possible to destroy the container registry tags, since container_registry_path_with_namespace is the wrong value.
The fix is to destroy the group asynchronously and run execute directly on Projects::DestroyService.
Closes #17893 (closed)