feat: handle instanceID in projections (#3442)

* feat: handle instanceID in projections

* rename functions

* fix key lock

* fix import

cmd/admin/initialise/sql/09_events_table.sql

@@ -17,7 +17,7 @@ CREATE TABLE eventstore.events (
 	, PRIMARY KEY (event_sequence DESC, instance_id) USING HASH WITH BUCKET_COUNT = 10
 	, INDEX agg_type_agg_id (aggregate_type, aggregate_id, instance_id)
 	, INDEX agg_type (aggregate_type, instance_id)
-	, INDEX agg_type_seq (aggregate_type, event_sequence DESC, instance_id) 
+	, INDEX agg_type_seq (aggregate_type, event_sequence DESC, instance_id)
 		STORING (id, event_type, aggregate_id, aggregate_version, previous_aggregate_sequence, creation_date, event_data, editor_user, editor_service, resource_owner, previous_aggregate_type_sequence)
 	, INDEX max_sequence (aggregate_type, aggregate_id, event_sequence DESC, instance_id)
 	, CONSTRAINT previous_sequence_unique UNIQUE (previous_aggregate_sequence DESC, instance_id)

cmd/admin/setup/01_sql/adminapi.sql

@@ -4,8 +4,9 @@ CREATE TABLE adminapi.locks (
     locker_id TEXT,
     locked_until TIMESTAMPTZ(3),
     view_name TEXT,
+    instance_id TEXT NOT NULL,
 
-    PRIMARY KEY (view_name)
+    PRIMARY KEY (view_name, instance_id)
 );
 
 CREATE TABLE adminapi.current_sequences (
@@ -13,8 +14,9 @@ CREATE TABLE adminapi.current_sequences (
     current_sequence BIGINT,
     event_timestamp TIMESTAMPTZ,
     last_successful_spooler_run TIMESTAMPTZ,
+    instance_id TEXT NOT NULL,
 
-    PRIMARY KEY (view_name)
+    PRIMARY KEY (view_name, instance_id)
 );
 
 CREATE TABLE adminapi.failed_events (
@@ -22,8 +24,9 @@ CREATE TABLE adminapi.failed_events (
     failed_sequence BIGINT,
     failure_count SMALLINT,
     err_msg TEXT,
+    instance_id TEXT NOT NULL,
 
-    PRIMARY KEY (view_name, failed_sequence)
+    PRIMARY KEY (view_name, failed_sequence, instance_id)
 );
 
 CREATE TABLE adminapi.styling (
@@ -50,5 +53,5 @@ CREATE TABLE adminapi.styling (
     hide_login_name_suffix BOOL NULL,
     instance_id STRING NOT NULL,
 
-    PRIMARY KEY (aggregate_id, label_policy_state)
+    PRIMARY KEY (aggregate_id, label_policy_state, instance_id)
 );

cmd/admin/setup/01_sql/auth.sql

@@ -4,8 +4,9 @@ CREATE TABLE auth.locks (
     locker_id TEXT,
     locked_until TIMESTAMPTZ(3),
     view_name TEXT,
+    instance_id TEXT NOT NULL,
 
-    PRIMARY KEY (view_name)
+    PRIMARY KEY (view_name, instance_id)
 );
 
 CREATE TABLE auth.current_sequences (
@@ -13,8 +14,9 @@ CREATE TABLE auth.current_sequences (
     current_sequence BIGINT,
     event_timestamp TIMESTAMPTZ,
     last_successful_spooler_run TIMESTAMPTZ,
+    instance_id TEXT NOT NULL,
 
-    PRIMARY KEY (view_name)
+    PRIMARY KEY (view_name, instance_id)
 );
 
 CREATE TABLE auth.failed_events (
@@ -22,8 +24,9 @@ CREATE TABLE auth.failed_events (
     failed_sequence BIGINT,
     failure_count SMALLINT,
     err_msg TEXT,
+    instance_id TEXT NOT NULL,
 
-    PRIMARY KEY (view_name, failed_sequence)
+    PRIMARY KEY (view_name, failed_sequence, instance_id)
 );
 
 CREATE TABLE auth.users (
@@ -68,9 +71,9 @@ CREATE TABLE auth.users (
     avatar_key STRING NULL,
     passwordless_init_required BOOL NULL,
     password_init_required BOOL NULL,
-    instance_id STRING NULL,
+    instance_id STRING NOT NULL,
 
-    PRIMARY KEY (id)
+    PRIMARY KEY (id, instance_id)
 );
 
 CREATE TABLE auth.user_sessions (
@@ -93,9 +96,9 @@ CREATE TABLE auth.user_sessions (
     selected_idp_config_id STRING NULL,
     passwordless_verification TIMESTAMPTZ NULL,
     avatar_key STRING NULL,
-    instance_id STRING NULL,
+    instance_id STRING NOT NULL,
 
-    PRIMARY KEY (user_agent_id, user_id)
+    PRIMARY KEY (user_agent_id, user_id, instance_id)
 );
 
 CREATE TABLE auth.user_external_idps (
@@ -108,9 +111,9 @@ CREATE TABLE auth.user_external_idps (
     change_date TIMESTAMPTZ NULL,
     sequence INT8 NULL,
     resource_owner STRING NULL,
-    instance_id STRING NULL,
+    instance_id STRING NOT NULL,
 
-    PRIMARY KEY (external_user_id, idp_config_id)
+    PRIMARY KEY (external_user_id, idp_config_id, instance_id)
 );
 
 CREATE TABLE auth.tokens (
@@ -128,9 +131,9 @@ CREATE TABLE auth.tokens (
     preferred_language STRING NULL,
     refresh_token_id STRING NULL,
     is_pat BOOL NOT NULL DEFAULT false,
-    instance_id STRING NULL,
+    instance_id STRING NOT NULL,
 
-    PRIMARY KEY (id),
+    PRIMARY KEY (id, instance_id),
     INDEX user_user_agent_idx (user_id, user_agent_id)
 );
 
@@ -150,19 +153,19 @@ CREATE TABLE auth.refresh_tokens (
     scopes STRING[] NULL,
     audience STRING[] NULL,
     amr STRING[] NULL,
-    instance_id STRING NULL,
+    instance_id STRING NOT NULL,
 
-    PRIMARY KEY (id),
-    UNIQUE INDEX unique_client_user_index (client_id ASC, user_agent_id ASC, user_id ASC)
+    PRIMARY KEY (id, instance_id),
+    UNIQUE INDEX unique_client_user_index (client_id ASC, user_agent_id ASC, user_id ASC, instance_id)
 );
 
 CREATE TABLE auth.org_project_mapping (
     org_id STRING NOT NULL,
     project_id STRING NOT NULL,
     project_grant_id STRING NULL,
-    instance_id STRING NULL,
+    instance_id STRING NOT NULL,
 
-    PRIMARY KEY (org_id, project_id)
+    PRIMARY KEY (org_id, project_id, instance_id)
 );
 
 CREATE TABLE auth.idp_providers (
@@ -176,9 +179,9 @@ CREATE TABLE auth.idp_providers (
     idp_provider_type INT2 NULL,
     idp_state INT2 NULL,
     styling_type INT2 NULL,
-    instance_id STRING NULL,
+    instance_id STRING NOT NULL,
 
-    PRIMARY KEY (aggregate_id, idp_config_id)
+    PRIMARY KEY (aggregate_id, idp_config_id, instance_id)
 );
 
 CREATE TABLE auth.idp_configs (
@@ -204,9 +207,9 @@ CREATE TABLE auth.idp_configs (
     jwt_endpoint STRING NULL,
     jwt_keys_endpoint STRING NULL,
     jwt_header_name STRING NULL,
-    instance_id STRING NULL,
+    instance_id STRING NOT NULL,
 
-    PRIMARY KEY (idp_config_id)
+    PRIMARY KEY (idp_config_id, instance_id)
 );
 
 CREATE TABLE auth.auth_requests (
@@ -216,8 +219,8 @@ CREATE TABLE auth.auth_requests (
     request_type INT2 NULL,
     creation_date TIMESTAMPTZ NULL,
     change_date TIMESTAMPTZ NULL,
-    instance_id STRING NULL,
+    instance_id STRING NOT NULL,
 
-    PRIMARY KEY (id),
+    PRIMARY KEY (id, instance_id),
     INDEX auth_code_idx (code)
 );

cmd/admin/setup/01_sql/authz.sql

@@ -4,8 +4,9 @@ CREATE TABLE authz.locks (
     locker_id TEXT,
     locked_until TIMESTAMPTZ(3),
     view_name TEXT,
+    instance_id TEXT NOT NULL,
 
-    PRIMARY KEY (view_name)
+    PRIMARY KEY (view_name, instance_id)
 );
 
 CREATE TABLE authz.current_sequences (
@@ -13,8 +14,9 @@ CREATE TABLE authz.current_sequences (
     current_sequence BIGINT,
     event_timestamp TIMESTAMPTZ,
     last_successful_spooler_run TIMESTAMPTZ,
+    instance_id TEXT NOT NULL,
 
-    PRIMARY KEY (view_name)
+    PRIMARY KEY (view_name, instance_id)
 );
 
 CREATE TABLE authz.failed_events (
@@ -22,8 +24,9 @@ CREATE TABLE authz.failed_events (
     failed_sequence BIGINT,
     failure_count SMALLINT,
     err_msg TEXT,
+    instance_id TEXT NOT NULL,
 
-    PRIMARY KEY (view_name, failed_sequence)
+    PRIMARY KEY (view_name, failed_sequence, instance_id)
 );
 
 CREATE TABLE authz.user_memberships (

cmd/admin/setup/01_sql/notification.sql

@@ -4,8 +4,9 @@ CREATE TABLE notification.locks (
     locker_id TEXT,
     locked_until TIMESTAMPTZ(3),
     view_name TEXT,
+    instance_id TEXT NOT NULL,
 
-    PRIMARY KEY (view_name)
+    PRIMARY KEY (view_name, instance_id)
 );
 
 CREATE TABLE notification.current_sequences (
@@ -13,8 +14,9 @@ CREATE TABLE notification.current_sequences (
     current_sequence BIGINT,
     event_timestamp TIMESTAMPTZ,
     last_successful_spooler_run TIMESTAMPTZ,
+    instance_id TEXT NOT NULL,
 
-    PRIMARY KEY (view_name)
+    PRIMARY KEY (view_name, instance_id)
 );
 
 CREATE TABLE notification.failed_events (
@@ -22,8 +24,9 @@ CREATE TABLE notification.failed_events (
     failed_sequence BIGINT,
     failure_count SMALLINT,
     err_msg TEXT,
+    instance_id TEXT NOT NULL,
 
-    PRIMARY KEY (view_name, failed_sequence)
+    PRIMARY KEY (view_name, failed_sequence, instance_id)
 );
 
 CREATE TABLE notification.notify_users (

cmd/admin/setup/01_sql/projections.sql

@@ -2,17 +2,19 @@ CREATE TABLE projections.locks (
     locker_id TEXT,
     locked_until TIMESTAMPTZ(3),
     projection_name TEXT,
+    instance_id TEXT NOT NULL,
 
-    PRIMARY KEY (projection_name)
+    PRIMARY KEY (projection_name, instance_id)
 );
 
 CREATE TABLE projections.current_sequences (
     projection_name TEXT,
     aggregate_type TEXT,
     current_sequence BIGINT,
+    instance_id TEXT NOT NULL,
     timestamp TIMESTAMPTZ,
 
-    PRIMARY KEY (projection_name, aggregate_type)
+    PRIMARY KEY (projection_name, aggregate_type, instance_id)
 );
 
 CREATE TABLE projections.failed_events (
@@ -20,7 +22,7 @@ CREATE TABLE projections.failed_events (
     failed_sequence BIGINT,
     failure_count SMALLINT,
     error TEXT,
-    instance_id TEXT,
+    instance_id TEXT NOT NULL,
 
     PRIMARY KEY (projection_name, failed_sequence, instance_id)
 );

cmd/admin/setup/setup.go

@@ -60,7 +60,7 @@ func Setup(config *Config, steps *Steps, masterKey string) {
 	steps.S3DefaultInstance.db = dbClient
 	steps.S3DefaultInstance.defaults = config.SystemDefaults
 	steps.S3DefaultInstance.masterKey = masterKey
-	steps.S3DefaultInstance.domain = config.SystemDefaults.Domain
+	steps.S3DefaultInstance.domain = config.ExternalDomain
 	steps.S3DefaultInstance.zitadelRoles = config.InternalAuthZ.RolePermissionMappings
 	steps.S3DefaultInstance.userEncryptionKey = config.EncryptionKeys.User
 	steps.S3DefaultInstance.InstanceSetup.Zitadel.IsDevMode = !config.ExternalSecure