Skip to content

Beyond Identity: Review alert message for missing GPG keys

Javiera Tapia requested to merge 458769-beyond-identity-review-alert-message-for-missing-gpg-keys into master

What does this MR do and why?

We need to review the logic behind displaying the message for Beyond Identity as it follows:

Change the message to: "There is no valid GPG key issued by Beyond Identity associated with your profile. Please add a valid key to your profile."

  • If Beyond Identity integration is disabled for a project:
    • Do not display the message
  • If there is a GPG key that failed external validation, but there's also a key that was successfully validated externally
    • Do not display the message
  • If there are no GPG keys that are externally validated:
    • Display the message (on projects where the Beyond Identity Integration is not disabled)

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Database queries

  1. project.beyond_identity_integration&.active?
SELECT
    "integrations".*
FROM
    "integrations"
WHERE
    "integrations"."type_new" = 'Integrations::BeyondIdentity'
    AND "integrations"."project_id" = 7
LIMIT 1

Query plan: https://postgres.ai/console/gitlab/gitlab-production-main/sessions/28239/commands/88126

 Limit  (cost=0.43..3.45 rows=1 width=395) (actual time=1.350..1.351 rows=0 loops=1)
   Buffers: shared hit=1 read=2
   I/O Timings: read=1.327 write=0.000
   ->  Index Scan using index_integrations_on_project_id_and_type_new_unique on public.integrations  (cost=0.43..3.45 rows=1 width=395) (actual time=1.349..1.350 rows=0 loops=1)
         Index Cond: ((integrations.project_id = 278964) AND (integrations.type_new = 'Integrations::BeyondIdentity'::text))
         Buffers: shared hit=1 read=2
         I/O Timings: read=1.327 write=0.000
  1. current_user.gpg_keys.externally_valid.exists?
SELECT
    1 AS one
FROM
    "gpg_keys"
WHERE
    "gpg_keys"."user_id" = 1
    AND "gpg_keys"."externally_verified" = TRUE
LIMIT 1

Query plan: https://console.postgres.ai/gitlab/gitlab-production-main/sessions/28239/commands/88127 (without index)

 Limit  (cost=0.29..3.31 rows=1 width=4) (actual time=3.516..3.516 rows=0 loops=1)
   Buffers: shared read=3
   I/O Timings: read=3.479 write=0.000
   ->  Index Scan using index_gpg_keys_on_user_id on public.gpg_keys  (cost=0.29..3.31 rows=1 width=4) (actual time=3.514..3.514 rows=0 loops=1)
         Index Cond: (gpg_keys.user_id = 11164960)
         Filter: gpg_keys.externally_verified
         Rows Removed by Filter: 1
         Buffers: shared read=3
         I/O Timings: read=3.479 write=0.000

Query plan: https://console.postgres.ai/gitlab/gitlab-production-main/sessions/28246/commands/88150 (with index)

 Limit  (cost=0.12..2.77 rows=1 width=4) (actual time=0.034..0.034 rows=0 loops=1)
   Buffers: shared hit=2
   I/O Timings: read=0.000 write=0.000
   ->  Index Only Scan using idx_gpg_keys_on_user_externally_verified on public.gpg_keys  (cost=0.12..2.77 rows=1 width=4) (actual time=0.032..0.033 rows=0 loops=1)
         Index Cond: (gpg_keys.user_id = 11164960)
         Heap Fetches: 0
         Buffers: shared hit=2
         I/O Timings: read=0.000 write=0.000

Related to #458769 (closed)

Edited by Javiera Tapia

Merge request reports