[CLOUD-80] authz: schedule background syncing for outdated permissions (!26081) · Merge requests · Administrator / sourcegraph

Administrator requested to merge jc/CLOUD-80 into main Oct 14, 2021

Created by: unknwon

We're currently using external_service_repos table to be one of source truths for user permissions, but we don't have any existing mechanism to catch updates from this table, which sometimes resulted in inconsistent permissions state for a long time (e.g. after a user has removed a repository from personal code host connection).

This PR adds a background query to look for users who potentially have outdated permissions and schedule permissions syncs for those users.

Note: This is just part of the work to solve CLOUD-80, remaining work including:

Adding metrics to track number of users with outdated permissions
Update authzQuery to actually enforce what is the desired outcome for CLOUD-80

Jira: https://sourcegraph.atlassian.net/browse/CLOUD-80

[CLOUD-80] authz: schedule background syncing for outdated permissions

Merge request reports