fix: Increase Scan count and move Scan outside of mutex lock to avoid slow calls timing out (#17645)

[sethgupton-mastery]

Closes #17645

Simply moving the Scan outside of the mutex lock would cause the temporary loss of what tokens are revoked because it clears the storage.revokedTokens variable before starting the scan. Moving the wipe until afterwards would cause any tokens that had been revoked during the scan to be lost.

So I've added a second variable storage.recentRevokedTokens that keeps track of all revoked tokens since the last time it did a loadRevokedTokens call. This then gets merged into storage.revokedTokens and wiped at the end of loadRevokedTokens to avoid the loss of any revoked tokens.

Checklist:

• Either (a) I've created an enhancement proposal and discussed it with the community, (b) this is a bug fix, or (c) this does not need to be in the release notes.
• The title of the PR states what changed and the related issues number (used for the release note).
• The title of the PR conforms to the Toolchain Guide
• I've included "Closes [ISSUE #]" or "Fixes [ISSUE #]" in the description to automatically close the associated issue.
• I've updated both the CLI and UI to expose my feature, or I plan to submit a second PR with them.
• Does this PR require documentation updates? No.
• I've updated documentation as required by this PR.
• I have signed off all my commits as required by DCO
• I have written unit and/or e2e tests for my change. PRs without these are unlikely to be merged.
• My build is green (troubleshooting builds).
• My new feature complies with the feature status guidelines.
• I have added a brief description of why this PR is necessary and/or what this PR solves.
• Optional. My organization is added to USERS.md.
• Optional. For bug fixes, I've indicated what older releases this fix should be cherry-picked into (this may or may not happen depending on risk/complexity).

[bunnyshell]

❌ Preview Environment deleted from Bunnyshell

Available commands (reply to this comment):

• 🚀 /bns:deploy to deploy the environment

[codecov]

Codecov Report

Attention: Patch coverage is 77.77778% with 4 lines in your changes missing coverage. Please review.

Project coverage is 55.80%. Comparing base (2bcaa19) to head (8f7c7f6).
Report is 631 commits behind head on master.

Files with missing lines	Patch %	Lines
util/session/state.go	77.77%	3 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #21926      +/-   ##
==========================================
- Coverage   55.80%   55.80%   -0.01%     
==========================================
  Files         342      342              
  Lines       57159    57168       +9     
==========================================
+ Hits        31898    31902       +4     
- Misses      22623    22627       +4     
- Partials     2638     2639       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[sethgupton-mastery]

Went to contributor meeting today.
Happy with the changes to the mutex lock pattern @alexmt said he would review the PR.

They did wonder if the default count could be changed in redis. Which would mean the Scan can be configured in Redis without needing to add more configurations to Argo. I am going to look into that.

[sethgupton-mastery]

Well dangit. Initial Google results were promising but incorrect. There is no way to set the default scan count on the server.

I don't see it in their example config; https://redis.io/docs/latest/operate/oss_and_stack/management/config-file/
I don't see it when I searched with CONFIG GET; https://redis.io/docs/latest/commands/config-get/
And I don't see it when I dug into the redis code itself; https://github.com/redis/redis/blob/unstable/src/db.c#L1198-L1230

I'm sad because that would have been a really nice solution.

[alexmt]

Thank you for PR @sethgupton-mastery

I looked through Argo CD code and looks like this is the only redis scan call we have. Everywhere else Argo CD have exact key and only token related logic require scanning the list.

Given how we use Redis it was a mistake to introduce scan and we will avoid doing it in a future.

So it makes sense to me to have hardcoded page size in the only scan request we have.

LGTM

[reggie-k]

/cherry-pick release-3.0

[reggie-k]

/cherry-pick release-3.0