Prevent username collisions when creating AI Catalog flow service accounts

Keeyan Nejadrequested to merge
579435-be-handle-duplicate-username-in-service-account-creation-for-group-level-flows into master

What does this MR do and why?

When generating a service account for a top-level group, avoid any username collisions by appending a short string to the end of the name if needed.

For example, if the username ai-my-flow-my-group already exists, it will create the username ai-my-flow-my-group_39a8d1 instead. Previously this would cause an exception.

This can happen under the following circumstances:

  • The username was manually created (soon this will no longer be possible once we stop allowing ai- as a prefix, however, existing records may already be grandfathered in.
  • The flow was already enabled in the group previously (or another with the same name) but the service account wasn't deleted yet, since it was disabled
  • If a group a-group has flow flow and a group group has flow flow-a they would both create the ai-flow-a-group service account.

References

Screenshots or screen recordings

Before After

How to set up and validate locally

  1. Go to http://gdk.test:8080/gitlab-duo/test/-/automate/flows and create a flow with the name "Simple Name"
  2. Go to http://gdk.test:3000/groups/alligator/-/settings/service_accounts and create a service account with the name that would have been used ai-simple-name-gitlab-duo
  3. Go to http://gdk.test:8080/explore/ai-catalog/flows/ and enable the flow in the gitlab-duo group
  4. Instead of failing, you should see that a unique username was generated in http://gdk.test:8080/groups/alligator/-/settings/service_accounts

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #579435 (closed)

Edited by Keeyan Nejad

Merge request reports