Skip to content

Add root users query to GraphQL API

Max Woolf requested to merge 215658-root-users-query into master

What does this MR do?

Adds a root users query to the GraphQL API which allows for the following types of queries:

By list of usernames:

{
  users(usernames: ["user12298", "mwoolf"]) {
    nodes {
      id
    }
  }
}

By list of IDs:

{
  users(ids: ["gid://gitlab/User/12344", "gid://gitlab/User/12345"]) {
    nodes {
      id
    }
  }
}

All publicly available users:

{
  users {
    nodes {
      id
    }
  }
}

This is one of 3 MRs to allow for the generation of a report defined in #215658 (closed) but is mergeable independently.

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Database

Changes to UsersFinder have triggered a database review.

A sample of 100 random users generates the following query and plan:

Query

SELECT "users".* FROM "users" WHERE "users"."id" IN (XXXXXX) ORDER BY "users"."id" DESC

Plan

 Index Scan using users_pkey on public.users  (cost=0.43..338.40 rows=100 width=1244) (actual time=9.493..309.435 rows=94 loops=1)
   Index Cond: (users.id = ANY ('{XXXXXXX}'::integer[]))
   Buffers: shared hit=359 read=132 dirtied=3
   I/O Timings: read=306.287

Timings

Time: 309.955 ms
  - planning: 0.387 ms
  - execution: 309.568 ms
    - I/O read: 306.287 ms
    - I/O write: 0.000 ms

Shared buffers:
  - hits: 359 (~2.80 MiB) from the buffer pool
  - reads: 132 (~1.00 MiB) from the OS file cache, including disk I/O
  - dirtied: 3 (~24.00 KiB)
  - writes: 0

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team
Edited by Max Woolf

Merge request reports