Replace add-on purchase look-ups for Direct Access setting

Matthias Käpplerrequested to merge
542422-replace-app-setting into master

What does this MR do and why?

This is part of Replace methods that check for AddOnPurchases (#542422 - closed)

Replaces the purchased? look-up for the disabled_direct_code_suggestions application setting to use a new Fulfillment API: AddOnPurchase.find_for_unit_primitive. We are phasing out AvailableServices and its utility methods in favor of more explicit interfaces that operate on Unit Primitives.

While this is primarily a refactor, a notable change is that the for_active_add_ons scope, which existed before, now accepts an additional resource argument: :instance. This type of resource designates an instance-wide query should be run, which has two benefits:

  1. It covers use cases where a Duo add-on must be present even on gitlab.com without being tied to a particular tenant namespace. This is the case when changing application settings (instead of group settings) on (staging.)gitlab.com.
  2. It makes the intention of the caller more explicit: instead of passing a nil namespace, :instance clarifies that this should be the lookup scope.

References

Screenshots or screen recordings

Affected setting

before

Without a Duo sub, the entire screen becomes inaccessible, so we cannot test the change on this screen. This is just for context.

API call

With a Duo sub, the setting is returned:

curl -s -H "PRIVATE-TOKEN: $(op read 'op://Employee/API access tokens/local')" "http://gitlab.local:3000/api/v4/application/settings" | jq '.disabled_direct_code_suggestions'
true

Without a Duo sub, the setting is hidden:

curl -s -H "PRIVATE-TOKEN: $(op read 'op://Employee/API access tokens/local')" "http://gitlab.local:3000/api/v4/application/settings" | jq '.disabled_direct_code_suggestions'
null

How to set up and validate locally

  1. Without a Duo sub, run the curl above; it should exclude the setting.
  2. Add a Duo sub, run the curl above; it should include the setting.
  3. With a Duo sub, you can also test toggling it on and off in /admin/gitlab_duo/configuration

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #542422 (closed)

Edited by Matthias Käppler

Merge request reports