Moves seat count defaults from api to database
What does this MR do?
There's a bug where when not providing "optional" attributes for the gitlab_subscriptions api endpoint, the data that's currently in the database can be overwritten by the default values for those attributes. This seems like the exact opposite of what you'd want to do for updates and it caused a data loss that's outlined in (confidential) https://gitlab.com/gitlab-org/gitlab/-/issues/220010.
This also uncovers a slightly unrelated long running issue that wasn't identified until recently, whereby any update published from the customer portal always cleared out max_seats_used because it's not the maintainer of that count.
Screenshots
Does this MR meet the acceptance criteria?
Conformity
-
[-] Changelog entry
-
[-] Documentation (if required)
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team
Related to #225610 (closed)