FF use_sync_service_token_worker enabled by default
What does this MR do and why?
Enables the use_sync_service_token_worker
feature flag by default.
This is part of Cloud Connector functionality.
It has the following effect:
-
Before:
- As part of the daily seat links sync with CustomersDot, a service token was synced to be used with Cloud Connector services such as the AI gateway
- This was using the
SyncSeatLinkWorker
- The worker was hitting the
/seat_links
REST endpoint on CDot, which contained an embedded token
-
After:
- Token sync is now decoupled from seat link syncs and also runs on a new cron schedule
- This now uses the dedicated
SyncServiceTokenWorker
- The worker now uses a GraphQL query against CDot instead
Note that we cannot test this on SaaS because it's specific to self-managed, so we perform manual testing instead. This needs to be part of the 16.9 self-managed release.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
See below; this is not a user-facing change.
How to set up and validate locally
- Set up CustomersDot locally and set up a subscription in Zuora. Refer to the https://gitlab.com/gitlab-org/customers-gitlab-com docs for how to do that.
- In your GDK/GCK, make sure
CUSTOMER_PORTAL_URL
is targeting the local instance - Make sure
GITLAB_SIMULATE_SAAS
is not set - Go to http://localhost:3000/admin/subscription and trigger a
Sync
via🔃 - In CDot logs, you should see a GraphQL request for
cloudConnectorAccess
:rails_1 | Processing by GraphqlController#execute as JSON rails_1 | Parameters: {"query"=>"query cloudConnectorAccess($licenseKey: String!) {\n cloudConnectorAccess(licenseKey: $licenseKey) {\n serviceToken {\n token\n expiresAt\n }\n availableServices {\n name\n serviceStartTime\n }\n }\n}\n", "variables"=>{"licenseKey"=>"eyJkYXRh...
- In sidekiq logs, you should see a completion event for the new worker:
sidekiq_1 | {"severity":"INFO","time":"2024-01-24T15:05:40.749Z","retry":3,"queue":"default","backtrace":true,"version":0,"queue_namespace":"cronjob","args":[],"class":"Ai::SyncServiceTokenWorker","jid":"a496f87b8c097af70b5cb5ca","created_at":"2024-01-24T15:05:38.854Z","correlation_id":"01HMY02KN6XEARX6WPQMEABQ3S","meta.caller_id":"SyncSeatLinkRequestWorker","meta.remote_ip":"192.168.80.1","meta.feature_category":"cloud_connector", ...
- Open a Rails console for GitLab and check:
-
CloudConnector::Access.last
should return a JSON object withavailable_services
data -
CloudConnector::ServiceAccessToken.last
should return the refreshed token
-
Related to #431608
Edited by Matthias Käppler