Added a logic to disconnect users from ServiceNow on change of the encryption secret.

[Nityanand13]

Summary

When an admin changes the encryption secret then all the users will be disconnected from ServiceNow and they have to reconnect their accounts to ServiceNow.

[ayusht2810]

@hanzei the below PR is ready for review. Can please assign the designated reviewer to it.

[mickmister]

Shouldn't we delete the users even if the oldEncryptionSecret is blank? As long as the secret changed

[hanzei]

Thanks for the PR 👍

I'm wondering how the code behaves in a HA environment. Are there issues that can arise when multiple servers race to delete the user list?

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 0% with 66 lines in your changes are missing coverage. Please review.

Project coverage is 63.85%. Comparing base (a5ca244) to head (30cad00).

Files	Patch %	Lines
server/plugin/kv.go	0.00%	62 Missing ⚠️
server/plugin/configuration.go	0.00%	4 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #171      +/-   ##
==========================================
- Coverage   65.40%   63.85%   -1.55%     
==========================================
  Files          17       17              
  Lines        2064     2114      +50     
==========================================
  Hits         1350     1350              
- Misses        674      724      +50     
  Partials       40       40              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[AayushChaudhary0001]

The PR above has been tested for the following scenario:-

• On changing the encryption secret in MM, the connected users are disconnected from Servicenow.

The PR was working fine for the above condition, LGTM. Approved.

[Kshitij-Katiyar]

Thanks for the PR 👍

I'm wondering how the code behaves in a HA environment. Are there issues that can arise when multiple servers race to delete the user list?

@hanzei #171 (review) QA tested this PR for the HA environment and its working perfectly fine.

[hanzei]

I'm leaving it to @mickmister to suggest next steps on this PR

[mickmister]

Right now we add to this wait group once per user. That seems a bit excessive. What if there are a very large amount of users? We should probably fan this out with at most 5-10 goroutines at a time. @hanzei Thoughts on this? Also, with the current strategy we would be slamming the database all at once, and on multiple nodes in an HA environment as @hanzei pointed out.

We definitely want to coordinate this so it only runs on one node. We can use cluster.Mutex to coordinate this. We did something similar (a "migration" of sorts) using this here mattermost/mattermost-plugin-gitlab#361.

This PR is a bit different though, since this will be run "on demand" when the secret changes. Here's how I see this working:

• We check if the secret changed as usual. If not changed, do normal stuff without any of the below steps
• We fetch a mutex for delete-all-users
• With the mutex, we check the kv store key delete-all-users-running (@hanzei wondering about race conditions here, where the database may not be "ready" to return the freshly set key on another node's database connection. We've run into these timing things before where the kvstore had not reflected the most recently updated state in real-time)
  • If the key does exist
    • Immediately release the mutex
    • Do not call DeleteAllUsers
  • If the key does not exist
    • Set the delete-all-users-running value to true
    • In a defer block right below that, remove the delete-all-users-running key
    • Immediately release the mutex
    • Call DeleteAllUsers

This can all be done in a goroutine in OnConfigurationChange so we don't block that function from returning

[hanzei]

We definitely want to coordinate this so it only runs on one node. We can use cluster.Mutex to coordinate this. We did something similar (a "migration" of sorts) using this here mattermost/mattermost-plugin-gitlab#361.

Strong 👍

[hanzei]

I wonder why we are fanning out the requests at all.

[mickmister]

Yeah I'm thinking the same now. I think we should do this synchronously here with no wait group or goroutines. @Kshitij-Katiyar What do you think?

[Kshitij-Katiyar]

yeah, I think we should do this synchronously as this is a very minor edge case as well. @mickmister

[ayusht2810]

@hanzei @mickmister fixed the review comments. Please re-review.

[ayusht2810]

@mickmister @hanzei Gentle reminder to re-review the PR

[mickmister]

There's no customer reported ticket associated with this, so I'm not sure if this is a priority that should require this complexity

[Kshitij-Katiyar]

There's no customer reported ticket associated with this, so I'm not sure if this is a priority that should require this complexity

This was a problem we faced while developing, that's why we have added this feature as an enhancement.
@mickmister

[mickmister]

The PR mostly LGTM. I think the goroutines used to fetch all users may be unnecessary. Otherwise looks good 👍

[mickmister]

Yeah I'm thinking the same now. I think we should do this synchronously here with no wait group or goroutines. @Kshitij-Katiyar What do you think?

[ayusht2810]

@mickmister fixed the review comments. Please re-review

[mickmister]

LGTM, just one suggestion to remove the lock since we're doing this synchronously now

[ayusht2810]

@mickmister fixed the review comments. Please re-review

OOO

[fmartingr]

Good work. I needed a few reads to understood what was going on, left my thought in comments but not blocking.

This would be fairly useful for other plugins as well @mickmister (mattermost/mattermost-plugin-google-calendar#61)

[ayusht2810]

@fmartingr Fixed the review fixes. Please re-review

[fmartingr]

Re-approved. Thanks for addressing my concerns!