[BE] Remove dormant members
Background
In [Gitlab.com] Automatic removal of dormant members (&7533) we intend to add a feature to identify and remove dormant users from Namespaces for GitLab.com
This is similar to the existing SM feature ( &5519 (closed)), but rather than deactivating users, we will remove members.
To achieve this, we will be adding a way to track member’s last activity timestamp within a namespace, so that we can identify dormant members and remove them if they've been dormant for greater than a predefined time period (e.g. 90 days).
Purpose
The purpose of this issue is to:
Remove dormant members
We should remove dormant members from groups that:
- root group has enabled the remove dormant members feature
- members have not been active in the last N period of time (defined by a group setting)
- members that have never been active and were created more than 7 days ago
Considerations
As we'll need to check all applicable namespaces/groups every day, to find new dormant members, we should consider:
- a limited capacity worker (docs)
- the outcome of [SPIKE] Investigate dormant member query (#461337 - closed)
- This should be feature flagged
- Any deleted dormant members should be attributed to the Admin Bot
Outcome of spike
Please read the threads in !153100 (closed) for discussions on best approach in terms of performance for the namespace/dormant member lookups.
In short:
- use batched queries for namespace queries
- use a loop to delete dormant members
- limited capacity worker to ensure we don't have jobs running > 5 minutes (and negate error budget impact)
- use a low traffic table for namespace lookup, e.g. namespace settings
- use an index on
👆🏽 e.g.(last_dormant_member_review_at, id) WHERE dormant_feature_enabled IS true
Update 2024-10-03
As discussed in #461340 (comment 2140928867), we need to use the Members::DestroyService to remove members, rather than directly destroying the records as initially explored in the spike.