authz: support configurable parallelism of perms syncing
Created by: unknwon
Up until now, we process one single permission sync request at a time, but there is an opportunity that user-centric syncing uses different OAuth tokens for each user, thus not subject to per-IP per-token throttling imposed by github-proxy and in general avoiding API abuse.
This PR adds a new site configuration option "permissions.syncUsersMaxConcurrency" (with default 1) to control the maximum number of user-centric permissions syncing jobs could be spawned concurrently. The repo-centric permissions syncing is still limited to 1.
The implementation made a tradeoff for simplicity over accuracy that it is not guaranteed that there are always X user-centric sync requests being processed, but up to when there happen to be >= X number of consecutive user-centric sync requests queued.
Example scenarios when the user max concurrency is set to 2:
| Queue | Sync spawned | Remaining |
|---|---|---|
| [repo1, user1] | [repo1] | [user1] |
| [user1, repo1, user2] | [user1, repo1] | [user2] |
| [user1, user2, repo1] | [user1, user2, repo1] | [] |
| [user1, user2, repo1, user3] | [user1, user2, repo1] | [user3] |
| [user1, user2, user3, repo1] | [user1, user2] | [user3, repo1] |
Test plan
- Unit tests
- Manually tested by inspecting debug logging for perms syncer and observed sync jobs are completed successfully