Skip to content

FF use_sync_service_token_worker enabled by default

Matthias Käppler requested to merge 431608-default-enable-ff into master

What does this MR do and why?

Enables the use_sync_service_token_worker feature flag by default. This is part of Cloud Connector functionality.

It has the following effect:

  • Before:
    • As part of the daily seat links sync with CustomersDot, a service token was synced to be used with Cloud Connector services such as the AI gateway
    • This was using the SyncSeatLinkWorker
    • The worker was hitting the /seat_links REST endpoint on CDot, which contained an embedded token
  • After:
    • Token sync is now decoupled from seat link syncs and also runs on a new cron schedule
    • This now uses the dedicated SyncServiceTokenWorker
    • The worker now uses a GraphQL query against CDot instead

Note that we cannot test this on SaaS because it's specific to self-managed, so we perform manual testing instead. This needs to be part of the 16.9 self-managed release.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

See below; this is not a user-facing change.

How to set up and validate locally

  1. Set up CustomersDot locally and set up a subscription in Zuora. Refer to the https://gitlab.com/gitlab-org/customers-gitlab-com docs for how to do that.
  2. In your GDK/GCK, make sure CUSTOMER_PORTAL_URL is targeting the local instance
  3. Make sure GITLAB_SIMULATE_SAAS is not set
  4. Go to http://localhost:3000/admin/subscription and trigger a Sync via 🔃
  5. In CDot logs, you should see a GraphQL request for cloudConnectorAccess: 
    rails_1      | Processing by GraphqlController#execute as JSON
rails_1      |   Parameters: {"query"=>"query cloudConnectorAccess($licenseKey: String!) {\n  cloudConnectorAccess(licenseKey: $licenseKey) {\n    serviceToken {\n      token\n      expiresAt\n    }\n    availableServices {\n      name\n      serviceStartTime\n    }\n  }\n}\n", "variables"=>{"licenseKey"=>"eyJkYXRh...
  6. In sidekiq logs, you should see a completion event for the new worker: 
    sidekiq_1           | {"severity":"INFO","time":"2024-01-24T15:05:40.749Z","retry":3,"queue":"default","backtrace":true,"version":0,"queue_namespace":"cronjob","args":[],"class":"Ai::SyncServiceTokenWorker","jid":"a496f87b8c097af70b5cb5ca","created_at":"2024-01-24T15:05:38.854Z","correlation_id":"01HMY02KN6XEARX6WPQMEABQ3S","meta.caller_id":"SyncSeatLinkRequestWorker","meta.remote_ip":"192.168.80.1","meta.feature_category":"cloud_connector", ...
  7. Open a Rails console for GitLab and check:
    1. CloudConnector::Access.last should return a JSON object with available_services data
    2. CloudConnector::ServiceAccessToken.last should return the refreshed token

Related to #431608

Edited by Matthias Käppler

Merge request reports