TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-12-06 16:12:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

perf(actionsv2): execution target router (#10564)

Browse Source 
# Which Problems Are Solved

The event execution system currently uses a projection handler that
subscribes to and processes all events for all instances. This creates a
high static cost because the system over-fetches event data, handling
many events that are not needed by most instances. This inefficiency is
also reflected in high "rows returned" metrics in the database.

# How the Problems Are Solved

Eliminate the use of a project handler. Instead, events for which
"execution targets" are defined, are directly pushed to the queue by the
eventstore. A Router is populated in the Instance object in the authz
middleware.

- By joining the execution targets to the instance, no additional
queries are needed anymore.
- As part of the instance object, execution targets are now cached as
well.
- Events are queued within the same transaction, giving transactional
guarantees on delivery.
- Uses the "insert many fast` variant of River. Multiple jobs are queued
in a single round-trip to the database.
- Fix compatibility with PostgreSQL 15

# Additional Changes

- The signing key was stored as plain-text in the river job payload in
the DB. This violated our [Secrets
Storage](https://zitadel.com/docs/concepts/architecture/secrets#secrets-storage)
principle. This change removed the field and only uses the encrypted
version of the signing key.
- Fixed the target ordering from descending to ascending.
- Some minor linter warnings on the use of `io.WriteString()`.

# Additional Context

- Introduced in https://github.com/zitadel/zitadel/pull/9249
- Closes https://github.com/zitadel/zitadel/issues/10553
- Closes https://github.com/zitadel/zitadel/issues/9832
- Closes https://github.com/zitadel/zitadel/issues/10372
- Closes https://github.com/zitadel/zitadel/issues/10492

---------

Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
(cherry picked from commit a9ebc06c77)
This commit is contained in:
Tim Möhlmann
2025-09-01 08:21:10 +03:00
committed by Livio Spring
parent d0d8e904c4
commit 2727fa719d
76 changed files with 1316 additions and 1815 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
internal/command/action_v2_execution_test.go
View File

@@ -10,6 +10,7 @@ import (
"github.com/zitadel/zitadel/internal/crypto"
"github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/eventstore"
target_domain "github.com/zitadel/zitadel/internal/execution/target"
"github.com/zitadel/zitadel/internal/repository/execution"
"github.com/zitadel/zitadel/internal/repository/target"
"github.com/zitadel/zitadel/internal/zerrors"
@@ -170,7 +171,7 @@ func TestCommands_SetExecutionRequest(t *testing.T) {
target.NewAddedEvent(context.Background(),
target.NewAggregate("target", "instance"),
"name",
domain.TargetTypeWebhook,
target_domain.TargetTypeWebhook,
"https://example.com",
time.Second,
true,
@@ -225,7 +226,7 @@ func TestCommands_SetExecutionRequest(t *testing.T) {
target.NewAddedEvent(context.Background(),
target.NewAggregate("target", "instance"),
"name",
domain.TargetTypeWebhook,
target_domain.TargetTypeWebhook,
"https://example.com",
time.Second,
true,
@@ -280,7 +281,7 @@ func TestCommands_SetExecutionRequest(t *testing.T) {
target.NewAddedEvent(context.Background(),
target.NewAggregate("target", "instance"),
"name",
domain.TargetTypeWebhook,
target_domain.TargetTypeWebhook,
"https://example.com",
time.Second,
true,
@@ -852,7 +853,7 @@ func TestCommands_SetExecutionResponse(t *testing.T) {
target.NewAddedEvent(context.Background(),
target.NewAggregate("target", "instance"),
"name",
domain.TargetTypeWebhook,
target_domain.TargetTypeWebhook,
"https://example.com",
time.Second,
true,
@@ -952,7 +953,7 @@ func TestCommands_SetExecutionResponse(t *testing.T) {
target.NewAddedEvent(context.Background(),
target.NewAggregate("target", "instance"),
"name",
domain.TargetTypeWebhook,
target_domain.TargetTypeWebhook,
"https://example.com",
time.Second,
true,

5
internal/command/action_v2_target.go
View File

@@ -9,6 +9,7 @@ import (
"github.com/zitadel/zitadel/internal/crypto"
"github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/eventstore/v1/models"
target_domain "github.com/zitadel/zitadel/internal/execution/target"
"github.com/zitadel/zitadel/internal/repository/target"
"github.com/zitadel/zitadel/internal/zerrors"
)
@@ -17,7 +18,7 @@ type AddTarget struct {
models.ObjectRoot
Name string
TargetType domain.TargetType
TargetType target_domain.TargetType
Endpoint string
Timeout time.Duration
InterruptOnError bool
@@ -90,7 +91,7 @@ type ChangeTarget struct {
models.ObjectRoot
Name *string
TargetType *domain.TargetType
TargetType *target_domain.TargetType
Endpoint *string
Timeout *time.Duration
InterruptOnError *bool

5
internal/command/action_v2_target_model.go
View File

@@ -8,6 +8,7 @@ import (
"github.com/zitadel/zitadel/internal/crypto"
"github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/eventstore"
target_domain "github.com/zitadel/zitadel/internal/execution/target"
"github.com/zitadel/zitadel/internal/repository/target"
)
@@ -15,7 +16,7 @@ type TargetWriteModel struct {
eventstore.WriteModel
Name string
TargetType domain.TargetType
TargetType target_domain.TargetType
Endpoint string
Timeout time.Duration
InterruptOnError bool
@@ -86,7 +87,7 @@ func (wm *TargetWriteModel) NewChangedEvent(
ctx context.Context,
agg *eventstore.Aggregate,
name *string,
targetType *domain.TargetType,
targetType *target_domain.TargetType,
endpoint *string,
timeout *time.Duration,
interruptOnError *bool,

4
internal/command/action_v2_target_model_test.go
View File

@@ -8,8 +8,8 @@ import (
"github.com/stretchr/testify/assert"
"github.com/zitadel/zitadel/internal/crypto"
"github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/eventstore"
target_domain "github.com/zitadel/zitadel/internal/execution/target"
"github.com/zitadel/zitadel/internal/repository/target"
)
@@ -17,7 +17,7 @@ func targetAddEvent(aggID, resourceOwner string) *target.AddedEvent {
return target.NewAddedEvent(context.Background(),
target.NewAggregate(aggID, resourceOwner),
"name",
domain.TargetTypeWebhook,
target_domain.TargetTypeWebhook,
"https://example.com",
time.Second,
false,

18
internal/command/action_v2_target_test.go
View File

@@ -9,9 +9,9 @@ import (
"github.com/stretchr/testify/assert"
"github.com/zitadel/zitadel/internal/crypto"
"github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/eventstore"
"github.com/zitadel/zitadel/internal/eventstore/v1/models"
target_domain "github.com/zitadel/zitadel/internal/execution/target"
"github.com/zitadel/zitadel/internal/id"
"github.com/zitadel/zitadel/internal/id/mock"
"github.com/zitadel/zitadel/internal/repository/target"
@@ -130,7 +130,7 @@ func TestCommands_AddTarget(t *testing.T) {
target.NewAddedEvent(context.Background(),
target.NewAggregate("id1", "instance"),
"name",
domain.TargetTypeWebhook,
target_domain.TargetTypeWebhook,
"https://example.com",
time.Second,
false,
@@ -153,7 +153,7 @@ func TestCommands_AddTarget(t *testing.T) {
Name: "name",
Endpoint: "https://example.com",
Timeout: time.Second,
TargetType: domain.TargetTypeWebhook,
TargetType: target_domain.TargetTypeWebhook,
},
resourceOwner: "instance",
},
@@ -177,7 +177,7 @@ func TestCommands_AddTarget(t *testing.T) {
ctx: context.Background(),
add: &AddTarget{
Name: "name",
TargetType: domain.TargetTypeWebhook,
TargetType: target_domain.TargetTypeWebhook,
Timeout: time.Second,
Endpoint: "https://example.com",
},
@@ -204,7 +204,7 @@ func TestCommands_AddTarget(t *testing.T) {
ctx: context.Background(),
add: &AddTarget{
Name: "name",
TargetType: domain.TargetTypeWebhook,
TargetType: target_domain.TargetTypeWebhook,
Timeout: time.Second,
Endpoint: "https://example.com",
},
@@ -235,7 +235,7 @@ func TestCommands_AddTarget(t *testing.T) {
ctx: context.Background(),
add: &AddTarget{
Name: "name",
TargetType: domain.TargetTypeWebhook,
TargetType: target_domain.TargetTypeWebhook,
Endpoint: "https://example.com",
Timeout: time.Second,
InterruptOnError: true,
@@ -419,7 +419,7 @@ func TestCommands_ChangeTarget(t *testing.T) {
ObjectRoot: models.ObjectRoot{
AggregateID: "id1",
},
TargetType: gu.Ptr(domain.TargetTypeWebhook),
TargetType: gu.Ptr(target_domain.TargetTypeWebhook),
},
resourceOwner: "instance",
},
@@ -505,7 +505,7 @@ func TestCommands_ChangeTarget(t *testing.T) {
[]target.Changes{
target.ChangeName("name", "name2"),
target.ChangeEndpoint("https://example2.com"),
target.ChangeTargetType(domain.TargetTypeCall),
target.ChangeTargetType(target_domain.TargetTypeCall),
target.ChangeTimeout(10 * time.Second),
target.ChangeInterruptOnError(true),
target.ChangeSigningKey(&crypto.CryptoValue{
@@ -529,7 +529,7 @@ func TestCommands_ChangeTarget(t *testing.T) {
},
Name: gu.Ptr("name2"),
Endpoint: gu.Ptr("https://example2.com"),
TargetType: gu.Ptr(domain.TargetTypeCall),
TargetType: gu.Ptr(target_domain.TargetTypeCall),
Timeout: gu.Ptr(10 * time.Second),
InterruptOnError: gu.Ptr(true),
ExpirationSigningKey: true,

5
internal/command/main_test.go
View File

@@ -17,6 +17,7 @@ import (
"github.com/zitadel/zitadel/internal/eventstore"
"github.com/zitadel/zitadel/internal/eventstore/repository"
"github.com/zitadel/zitadel/internal/eventstore/repository/mock"
"github.com/zitadel/zitadel/internal/execution/target"
"github.com/zitadel/zitadel/internal/feature"
"github.com/zitadel/zitadel/internal/zerrors"
)
@@ -220,6 +221,10 @@ func (m *mockInstance) Features() feature.Features {
return feature.Features{}
}
func (m *mockInstance) ExecutionRouter() target.Router {
return target.NewRouter(nil)
}
func newMockPermissionCheckAllowed() domain.PermissionCheck {
return func(ctx context.Context, permission, orgID, resourceID string) (err error) {
return nil