Follow-up from "BE: Allow customers to extend or reactivate their trial on gitlab.com [RUN ALL RSPEC] [RUN AS-IF-FOSS]"
The following discussion from !56471 (merged) should be addressed:
-
@mikolaj_wawrzyniak started a discussion: (+4 comments) issue:
GitlabSubscriptions::ExtendReactivateTrialService.new.execute
is making synchronous call to external API, in case of connection issues this could lead to performance degradation. Synchronous request to 3rd party API can even introduce DDoS security vulnerability. In this case it is less likely, due to the fact that customer portal is managed by GitLab, however if some attacker will notice any kind of downtime of customers portal, this synchronous call could be abused.suggestion: Have you considered using https://docs.gitlab.com/ee/development/reactive_caching.html#methods-called-by-a-model-or-service or scheduling background job to process this call async
Per comment !56471 (comment 538567088), it is highly recommended to use async call to call CustomersDot API from Gitlab.