Skip to content

[CLOUD-80] authz: schedule background syncing for outdated permissions

Warren Gifford requested to merge jc/CLOUD-80 into main

Created by: unknwon

We're currently using external_service_repos table to be one of source truths for user permissions, but we don't have any existing mechanism to catch updates from this table, which sometimes resulted in inconsistent permissions state for a long time (e.g. after a user has removed a repository from personal code host connection).

This PR adds a background query to look for users who potentially have outdated permissions and schedule permissions syncs for those users.

Note: This is just part of the work to solve CLOUD-80, remaining work including:

  1. Adding metrics to track number of users with outdated permissions
  2. Update authzQuery to actually enforce what is the desired outcome for CLOUD-80

Jira: https://sourcegraph.atlassian.net/browse/CLOUD-80

Merge request reports

Loading