Add logging for read_namespace usages

8e9d5273 · Niklas · Jessie Young · e02bf66e · 8e9d5273 · 8e9d5273
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -78,6 +78,15 @@ def allowed?(user, ability, subject = :global, opts = {})

      policy = policy_for(user, subject)

+      # https://gitlab.com/gitlab-org/gitlab/-/issues/421150#note_1638311666
+      if ability == :read_namespace && Feature.enabled?(:log_read_namespace_usages, Feature.current_request)
+        Gitlab::AppLogger.info(
+          message: 'Ability is in use',
+          ability: ability,
+          caller_locations: caller_locations(1, 5).map(&:to_s)
+        )
+      end
+
      before_check(policy, ability.to_sym, user, subject, opts)

      case opts[:scope]

--- a/config/feature_flags/development/log_read_namespace_usages.yml
+++ b/config/feature_flags/development/log_read_namespace_usages.yml
+---
+name: log_read_namespace_usages
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/136617
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/421150
+milestone: '16.7'
+type: development
+group: group::tenant scale
+default_enabled: false
--- a/spec/models/ability_spec.rb
+++ b/spec/models/ability_spec.rb
@@ -483,4 +483,38 @@ def check_ability
      end
    end
  end
+
+  describe '.allowed?' do
+    context 'when used with :read_namespace' do
+      subject(:allowed?) { described_class.allowed?(nil, :read_namespace) }
+
+      before do
+        allow(Gitlab::AppLogger).to receive(:info)
+      end
+
+      it 'logs the usage', :aggregate_failures do
+        allowed?
+
+        expect(Gitlab::AppLogger).to have_received(:info) do |args|
+          expect(args[:message]).to eq('Ability is in use')
+          expect(args[:ability]).to eq(:read_namespace)
+          expect(args[:caller_locations].first)
+            .to include('/spec/models/ability_spec.rb:489:in `block (4 levels) in <top (required)>')
+          expect(args[:caller_locations].length).to eq(5)
+        end
+      end
+
+      context 'when :log_read_namespace_usages feature flag is disabled' do
+        before do
+          stub_feature_flags(log_read_namespace_usages: false)
+        end
+
+        it 'does not log the usage' do
+          allowed?
+
+          expect(Gitlab::AppLogger).not_to have_received(:info)
+        end
+      end
+    end
+  end
 end