Skip to content

Add validation for new_user_signups_cap enabling

Vijay Hawoldar requested to merge vij-usercap-availability into master

What does this MR do and why?

  • adds validation to NamespaceSetting to verify enabling of the new_user_signups_cap setting
  • moves some EE logic out of CE NamespaceSetting class

The NamespaceSetting attribute can only be enabled if:

  • the namespace is a group
  • the namespace itself has not been shared externally (outside of it's hierarchy)
  • the namespace has no subgroup that has been shared externally (outside of it's hierarchy)
  • the feature is enabled for the namespace
  • the environment is Gitlab.com

This reason for the externally shared requirement is that because once a group has been shared externally, the owner has no control over the users being added to those groups, but they'll count towards the billable user count.

This was discussed and agreed here.

Refs #342227 (closed)

Database/Queries

This MR introduces a new query to check if a group, or any groups in it's hierarchy have been shared with a group outside (externally) to the hierarchy.

Query plans from #database-lab:

Warm query https://postgres.ai/console/gitlab/gitlab-production-tunnel-pg12/sessions/7777/commands/27650

Summary:

Time: 10.728 ms
  - planning: 3.169 ms
  - execution: 7.559 ms
    - I/O read: 0.000 ms
    - I/O write: 0.000 ms

Shared buffers:
  - hits: 3003 (~23.50 MiB) from the buffer pool
  - reads: 0 from the OS file cache, including disk I/O
  - dirtied: 0
  - writes: 0

Cold query https://postgres.ai/console/gitlab/gitlab-production-tunnel-pg12/sessions/7777/commands/27653 (assuming reset makes this a cold query)

Summary:

Time: 1.335 s
  - planning: 6.987 ms
  - execution: 1.328 s
    - I/O read: 1.296 s
    - I/O write: 0.000 ms

Shared buffers:
  - hits: 2444 (~19.10 MiB) from the buffer pool
  - reads: 559 (~4.40 MiB) from the OS file cache, including disk I/O
  - dirtied: 18 (~144.00 KiB)
  - writes: 0

How to set up and validate locally

  1. Modify Gitlab.com? to return true

  2. Setup a root group, e.g. Group A

  3. Setup another root group, e.g. Group X

  4. Check the validation:

    settings = group_a.namespace_settings
settings.new_user_signups_cap = 10
settings.valid?

=> false

  5. Enable the feature flag for Group A and re-validate:

    Feature.enable(:saas_user_caps, group_a)
settings.valid?

=> true

  6. Invite Group X to Group A via Group Information > Members > Invite a group

  7. Check the validation:

    settings.valid?

=> false

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Vijay Hawoldar

Merge request reports