Add multi-user licenses

[ezekg]

Renamed #768. Closes #534. TL;DR: licenses had-one user, now licenses have-many users.

Prerequisites

• Add API endpoints for assigning/unassigning users to licenses. (Should we use attach/detach?)
• Update user validation scope to look at License#users.
• Add owner validation scope? (May be too ambiguous with license vs machine owner.)
• Rename License#user to License#owner.
• Rename singular user relationship to owner in user serializer.
• Add plural users relationship to license serializer.
• Add migration to rename data.relationships.owner to data.relationship.user for licenses (with updated links).
• Bump API version to v1.6.
• Rename license.user.updated webhook event to license.owner.updated? Not needed with v1x5 module.
• Write integration tests for license owner vs license user authz.
• Set default API version to v1.5 until post-deploy checklist is complete. Workaround in 7a61cb0.
• Get a third-party audit and review of union_of.
• Write documentation for…
  • New API endpoints and parameters
  • New permissions
  • New events
• Update dashboard app? (Could launch this with Portal instead of doing the extra work…)
• Update changelog.

Pre-deploy

• Create license.users.attached, license.users.detached, license.owner.updated, machine.owner.updated event types.
• Create license.users.attach, license.users.detach, license.owner.update, machine.owner.update permissions.

Post-deploy

• Rename licenses.user_id to licenses.owner_id? (May want to do this during our next maintenance window?)
• Rename license.user.update permission to license.owner.update? Not needed with v1x5 module.
• Run the below Rake tasks.
• Set default API version to v1.6. Workaround in 7a61cb0.
• Extract union_of to a gem.

# Add new permissions and event types
rake db:seed

# Migrate existing role permissions
rake keygen:permissions:admins:add[license.users.attach,license.users.detach,license.owner.update,machine.owner.update]
rake keygen:permissions:environments:add[license.users.attach,license.users.detach,license.owner.update,machine.owner.update]
rake keygen:permissions:products:add[license.users.attach,license.users.detach,license.owner.update,machine.owner.update]

[ezekg]

When we roll this out, should we set the DEFAULT_API_VERSION to v1.5 so we have ample time to run the permission tasks? Then once things are ready and documentation has been updated, we can start putting new accounts into v1.6.

As long as docs are updated, the migrations shouldn't take too long. I doubt a new account is going to swoop in, fully onboarded, trying to utilize the new endpoints within the time we deploy and the time our migrations complete.

Skipping because this just adds an unnecessary step.

[ezekg]

CI is failing here and on master because a Ruby 3.2.3 image isn't available yet.

Will re-run later.

[sentry-io]

Suspect Issues

This pull request was deployed and Sentry observed the following issues:

• ‼️ Rack::Timeout::RequestTimeoutException: Request ran for longer than 25000ms , sending SIGTERM to process 2675 (Rack::Timeout::RequestTime... Api::V1::UsersController#show View Issue
• ‼️ Rack::Timeout::RequestTimeoutException: Request ran for longer than 25000ms , sending SIGTERM to process 2487 (Rack::Timeout::RequestTime... Api::V1::ProfilesController#me View Issue
• ‼️ Rack::Timeout::RequestTimeoutException: Request ran for longer than 25000ms , sending SIGTERM to process 1054 (Rack::Timeout::RequestTime... Api::V1::UsersController#index View Issue
• ‼️ ActiveRecord::ConnectionFailed: PQconsumeInput() FATAL: out of memory (ActiveRecord::ConnectionFailed) Api::V1::ProfilesController#me View Issue
• ‼️ ActiveRecord::ConnectionNotEstablished: PQsocket() can't get socket descriptor (ActiveRecord::ConnectionNotEstablished) Api::V1::Licenses::Actions::ValidationsControll... View Issue

_{Did you find this useful? React with a 👍 or 👎}