Mark Organization as "not isolated"
What does this MR do and why?
Most data in the database belongs to an organization. If we want to migrate an organization to a cell, all the data in that organization does not cross organization boundaries.
We expect that the logic will work like this:
- A crawler will establish that a group is isolated
- The logic in this MR will check if the organization is still isolated
Implementation
after_update_commit, we check if anybelongs_toassociations have been updated- If so, a
Organizations::CheckOrganizationIsolationStatusWorkeris scheduled. Arguments: model name, record id, changed fields - The worker returns if the record is not found or the state of the record has been changed
- The worker will call
Gitlab::Organizations::IsolationStatus.new(record, changed_associations).verify! - This class will check if the record and the updated
belongs_torecord belong to the same organization. - If they don't match, the isolation state of the Organization and (if exist) the Namespace will be changed to false
References
Related to #577780 (closed)
How to set up and validate locally
Assign an issue to a user outside of the Default Organization
Use rails console to create a user in another user:
Feature.enable(:isolation_status_check)
my_org = Organizations::Organization.find_or_create_by!(path: 'my-org') { |org| org.name = 'My Org' }
# Mark organizations as isolated
Organizations::Organization.all.each{|o| o.mark_as_isolated! }
root = User.find_by(username: 'root')
other_user = User.find_by(username: 'user-in-my-org') || ::Users::AuthorizedCreateService.new(root, {name: 'User In MyOrg', username: 'user-in-my-org', organization_id: my_org.id, email: 'test@example.org', password: 'r234234cc#'}).execute[:user]
# this is true
Organizations::Organization.find_by(path: 'default').isolated?
# Assign user from different organization:
Issue.first.update!(author: other_user)
# A background worker changes this now to false, this can take some time on development
Organizations::Organization.find_by(path: 'default').isolated?
# Remove member
other_user.destroyMR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Edited by Rutger Wessels