authz: Remove in-memory cache from Bitbucket Server permissions store
Created by: tsenart
This commit removes the in-memory caching layer from the permissions store used by the Bitbucket Server authz provider.
This reduces performance of authzFilter slightly. As indicated by the existing benchmarks, we go from single digit microseconds to single digit milliseconds, since now all authorization requests must incur the cost of a network roundtrip to Postgres and the correspondent serialization and deserialization.
However, this allows us to easily invalidate any user's cached
permissions by simply deleting a row in the user_permissions
table,
which is an operational requirement surfaced by one of our customers.
Eventually, such cache invalidation ought to be more easily triggered via our UI, but for now, we enable admins to do so with a simple playbook:
WITH batch AS (
SELECT id FROM users
WHERE username IN (
'foo',
'bar',
'baz'
)
)
DELETE FROM user_permissions USING batch
WHERE user_permissions.user_id = batch.id;
Part of #4812