Skip to content

authz: support configurable parallelism of perms syncing

Warren Gifford requested to merge jc/libgroup-perms-sync into main

Created by: unknwon

Up until now, we process one single permission sync request at a time, but there is an opportunity that user-centric syncing uses different OAuth tokens for each user, thus not subject to per-IP per-token throttling imposed by github-proxy and in general avoiding API abuse.

This PR adds a new site configuration option "permissions.syncUsersMaxConcurrency" (with default 1) to control the maximum number of user-centric permissions syncing jobs could be spawned concurrently. The repo-centric permissions syncing is still limited to 1.

The implementation made a tradeoff for simplicity over accuracy that it is not guaranteed that there are always X user-centric sync requests being processed, but up to when there happen to be >= X number of consecutive user-centric sync requests queued.

Example scenarios when the user max concurrency is set to 2:

Queue Sync spawned Remaining
[repo1, user1] [repo1] [user1]
[user1, repo1, user2] [user1, repo1] [user2]
[user1, user2, repo1] [user1, user2, repo1] []
[user1, user2, repo1, user3] [user1, user2, repo1] [user3]
[user1, user2, user3, repo1] [user1, user2] [user3, repo1]

Test plan

  1. Unit tests
  2. Manually tested by inspecting debug logging for perms syncer and observed sync jobs are completed successfully

Fix https://github.com/sourcegraph/sourcegraph/issues/37918

Merge request reports

Loading