Merge branch 'if-log_authorized_projects_refresh_details' into 'master'

Log details of authorized projects refresh

See merge request gitlab-org/gitlab!52519

app/models/user.rb

@@ -960,8 +960,8 @@ class User < ApplicationRecord
   end
 
   # rubocop: disable CodeReuse/ServiceClass
-  def refresh_authorized_projects
-    Users::RefreshAuthorizedProjectsService.new(self).execute
+  def refresh_authorized_projects(source: nil)
+    Users::RefreshAuthorizedProjectsService.new(self, source: source).execute
   end
   # rubocop: enable CodeReuse/ServiceClass
 

app/services/authorized_project_update/recalculate_for_user_range_service.rb

@@ -9,7 +9,7 @@ module AuthorizedProjectUpdate
 
     def execute
       User.where(id: start_user_id..end_user_id).select(:id).find_each do |user| # rubocop: disable CodeReuse/ActiveRecord
-        Users::RefreshAuthorizedProjectsService.new(user).execute
+        Users::RefreshAuthorizedProjectsService.new(user, source: self.class.name).execute
       end
     end
 

app/services/users/refresh_authorized_projects_service.rb

@@ -14,13 +14,14 @@ module Users
   #     service = Users::RefreshAuthorizedProjectsService.new(some_user)
   #     service.execute
   class RefreshAuthorizedProjectsService
-    attr_reader :user
+    attr_reader :user, :source
 
     LEASE_TIMEOUT = 1.minute.to_i
 
     # user - The User for which to refresh the authorized projects.
-    def initialize(user, incorrect_auth_found_callback: nil, missing_auth_found_callback: nil)
+    def initialize(user, source: nil, incorrect_auth_found_callback: nil, missing_auth_found_callback: nil)
       @user = user
+      @source = source
       @incorrect_auth_found_callback = incorrect_auth_found_callback
       @missing_auth_found_callback = missing_auth_found_callback
 
@@ -91,6 +92,8 @@ module Users
     # remove - The IDs of the authorization rows to remove.
     # add - Rows to insert in the form `[user id, project id, access level]`
     def update_authorizations(remove = [], add = [])
+      log_refresh_details(remove.length, add.length)
+
       User.transaction do
         user.remove_project_authorizations(remove) unless remove.empty?
         ProjectAuthorization.insert_authorizations(add) unless add.empty?
@@ -101,6 +104,13 @@ module Users
       user.reset
     end
 
+    def log_refresh_details(rows_deleted, rows_added)
+      Gitlab::AppJsonLogger.info(event: 'authorized_projects_refresh',
+                                 'authorized_projects_refresh.source': source,
+                                 'authorized_projects_refresh.rows_deleted': rows_deleted,
+                                 'authorized_projects_refresh.rows_added': rows_added)
+    end
+
     def fresh_access_levels_per_project
       fresh_authorizations.each_with_object({}) do |row, hash|
         hash[row.project_id] = row.access_level

app/workers/authorized_projects_worker.rb

@@ -25,7 +25,7 @@ class AuthorizedProjectsWorker
   def perform(user_id)
     user = User.find_by(id: user_id)
 
-    user&.refresh_authorized_projects
+    user&.refresh_authorized_projects(source: self.class.name)
   end
   # rubocop: enable CodeReuse/ActiveRecord
 end

spec/services/authorized_project_update/recalculate_for_user_range_service_spec.rb

@@ -9,7 +9,7 @@ RSpec.describe AuthorizedProjectUpdate::RecalculateForUserRangeService do
     it 'calls Users::RefreshAuthorizedProjectsService' do
       users.each do |user|
         expect(Users::RefreshAuthorizedProjectsService).to(
-          receive(:new).with(user).and_call_original)
+          receive(:new).with(user, source: described_class.name).and_call_original)
       end
 
       range = users.map(&:id).minmax

spec/services/users/refresh_authorized_projects_service_spec.rb

@@ -143,6 +143,21 @@ RSpec.describe Users::RefreshAuthorizedProjectsService do
       expect(authorizations[0].project_id).to eq(project.id)
       expect(authorizations[0].access_level).to eq(Gitlab::Access::MAINTAINER)
     end
+
+    it 'logs the details of the refresh' do
+      source = :foo
+      service = described_class.new(user, source: source)
+      user.project_authorizations.delete_all
+
+      expect(Gitlab::AppJsonLogger).to(
+        receive(:info)
+          .with(event: 'authorized_projects_refresh',
+                'authorized_projects_refresh.source': source,
+                'authorized_projects_refresh.rows_deleted': 0,
+                'authorized_projects_refresh.rows_added': 1))
+
+      service.update_authorizations([], [[user.id, project.id, Gitlab::Access::MAINTAINER]])
+    end
   end
 
   describe '#fresh_access_levels_per_project' do