Project Access Tokens - Delete project bot after it's removed from project membership
Related to #220388 (closed)
Follow-up from "Remove project bot user membership when project access token expires"
In MR !43605 (merged), project bot user membership is removed when the project access token expires. We also want to fully delete the user to avoid pressurizing the Users table:
-
@shinya.maeda started a discussion: Removing the project membership doesn't cleanup a bot user itself. This design lets malicious users create many bot accounts (formatted by
project_{project_id}_bot
), which could be a threat model to pressurize the capacity ofusers
table.
Checking that the member is a bot, then converting them to a ghost, then destroying the user within RemoveExpiredMembersWorker
is unperformant:
-
@shinya.maeda started a discussion This [checking if member is bot then converting to ghost then destroying the user] causes N+1 problem that
SELECT * FROM users WHERE ...
query is executed for each expired member. If this is a desired process, at least we need to execute the process in batch-style.This doubles up the N+1 problem. Can we avoid this query by reusing the selected user above?
This also causes N+1 for
DELETE FROM users ...
. Can we use batch style like mentioned above?I'm not sure if this is a service supposed to be called. Can a domain expert from ~"group::access" can weigh in for double check?
Reverted that last change (destroying the project bot unperformantly) in favor of iterating on that with the guidance of a domain expert.