Skip to content

Include scheduled when deduplicating ProcessScanResultPolicyWorker

Sashi Kumar Kumaresan requested to merge sk/fix-worker-schedule into master

What does this MR do and why?

This change adds including_scheduled option to deduplication strategy for Security::ProcessScanResultPolicyWorker as it can be executed in scheduled manner too.

The worker is called whenever a row in project_authorizations is created/destroyed. This is done through ProjectAuthorizations::AuthorizationsChangedEvent event and it is published from ProjectAuthorizations::Changes with a delay of 1 minute. Security::RefreshProjectPoliciesWorker calls Security::ScanResultPolicies::SyncProjectWorker inline which calls Security::ProcessScanResultPolicyWorker with a delay of 30 seconds. One major flaw in this sequence is that since Security::ProcessScanResultPolicyWorker is scheduled to execute in future, it will not be deduplicated until it starts executing because we don't have including_scheduled: true So if there are a huge number of ProjectAuthorizations::AuthorizationsChangedEvent events published continuously over a period of time, Security::ProcessScanResultPolicyWorker would be executed multiple times without enough deduplication

This is corrective action of incident: gitlab-com/gl-infra/production#17168 (closed)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Sashi Kumar Kumaresan

Merge request reports