feat(database): support for postgres (#3998)

* beginning with postgres statements

* try pgx

* use pgx

* database

* init works for postgres

* arrays working

* init for cockroach

* init

* start tests

* tests

* TESTS

* ch

* ch

* chore: use go 1.18

* read stmts

* fix typo

* tests

* connection string

* add missing error handler

* cleanup

* start all apis

* go mod tidy

* old update

* switch back to minute

* on conflict

* replace string slice with `database.StringArray` in db models

* fix tests and start

* update go version in dockerfile

* setup go

* clean up

* remove notification migration

* update

* docs: add deploy guide for postgres

* fix: revert sonyflake

* use `database.StringArray` for daos

* use `database.StringArray` every where

* new tables

* index naming,
metadata primary key,
project grant role key type

* docs(postgres): change to beta

* chore: correct compose

* fix(defaults): add empty postgres config

* refactor: remove unused code

* docs: add postgres to self hosted

* fix broken link

* so?

* change title

* add mdx to link

* fix stmt

* update goreleaser in test-code

* docs: improve postgres example

* update more projections

* fix: add beta log for postgres

* revert index name change

* prerelease

* fix: add sequence to v1 "reduce paniced"

* log if nil

* add logging

* fix: log output

* fix(import): check if org exists and user

* refactor: imports

* fix(user): ignore malformed events

* refactor: method naming

* fix: test

* refactor: correct errors.Is call

* ci: don't build dev binaries on main

* fix(go releaser): update version to 1.11.0

* fix(user): projection should not break

* fix(user): handle error properly

* docs: correct config example

* Update .releaserc.js

* Update .releaserc.js

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: Elio Bischof <eliobischof@gmail.com>

cmd/initialise/helper.go

@@ -2,27 +2,20 @@ package initialise
 
 import (
 	"database/sql"
+	"errors"
+
+	"github.com/jackc/pgconn"
 )
 
-func exists(query string, args ...interface{}) func(*sql.DB) (exists bool, err error) {
-	return func(db *sql.DB) (exists bool, err error) {
-		row := db.QueryRow("SELECT EXISTS("+query+")", args...)
-		err = row.Scan(&exists)
-		return exists, err
+func exec(db *sql.DB, stmt string, possibleErrCodes []string, args ...interface{}) error {
+	_, err := db.Exec(stmt, args...)
+	pgErr := new(pgconn.PgError)
+	if errors.As(err, &pgErr) {
+		for _, possibleCode := range possibleErrCodes {
+			if possibleCode == pgErr.Code {
+				return nil
+			}
+		}
 	}
-}
-
-func exec(stmt string, args ...interface{}) func(*sql.DB) error {
-	return func(db *sql.DB) error {
-		_, err := db.Exec(stmt, args...)
-		return err
-	}
-}
-
-func verify(db *sql.DB, checkExists func(*sql.DB) (bool, error), create func(*sql.DB) error) error {
-	exists, err := checkExists(db)
-	if exists || err != nil {
-		return err
-	}
-	return create(db)
+	return err
 }

cmd/initialise/init.go

@@ -2,7 +2,7 @@ package initialise
 
 import (
 	"database/sql"
-	_ "embed"
+	"embed"
 
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
@@ -12,6 +12,26 @@ import (
 	"github.com/zitadel/zitadel/internal/id"
 )
 
+var (
+	//go:embed sql/cockroach/*
+	//go:embed sql/postgres/*
+	stmts embed.FS
+
+	createUserStmt           string
+	grantStmt                string
+	databaseStmt             string
+	createEventstoreStmt     string
+	createProjectionsStmt    string
+	createSystemStmt         string
+	createEncryptionKeysStmt string
+	createEventsStmt         string
+	createSystemSequenceStmt string
+	createUniqueConstraints  string
+
+	roleAlreadyExistsCode = "42710"
+	dbAlreadyExistsCode   = "42P04"
+)
+
 func New() *cobra.Command {
 	cmd := &cobra.Command{
 		Use:   "init",
@@ -39,6 +59,7 @@ The user provided by flags needs privileges to
 
 func InitAll(config *Config) {
 	id.Configure(config.Machine)
+
 	err := initialise(config.Database,
 		VerifyUser(config.Database.Username(), config.Database.Password()),
 		VerifyDatabase(config.Database.Database()),
@@ -53,22 +74,85 @@ func InitAll(config *Config) {
 func initialise(config database.Config, steps ...func(*sql.DB) error) error {
 	logging.Info("initialization started")
 
+	err := ReadStmts(config.Type())
+	if err != nil {
+		return err
+	}
+
 	db, err := database.Connect(config, true)
 	if err != nil {
 		return err
 	}
-	err = Initialise(db, steps...)
-	if err != nil {
-		return err
-	}
-	return db.Close()
+	defer db.Close()
+
+	return Init(db, steps...)
 }
 
-func Initialise(db *sql.DB, steps ...func(*sql.DB) error) error {
+func Init(db *sql.DB, steps ...func(*sql.DB) error) error {
 	for _, step := range steps {
 		if err := step(db); err != nil {
 			return err
 		}
 	}
+
 	return nil
 }
+
+func ReadStmts(typ string) (err error) {
+	createUserStmt, err = readStmt(typ, "01_user")
+	if err != nil {
+		return err
+	}
+
+	databaseStmt, err = readStmt(typ, "02_database")
+	if err != nil {
+		return err
+	}
+
+	grantStmt, err = readStmt(typ, "03_grant_user")
+	if err != nil {
+		return err
+	}
+
+	createEventstoreStmt, err = readStmt(typ, "04_eventstore")
+	if err != nil {
+		return err
+	}
+
+	createProjectionsStmt, err = readStmt(typ, "05_projections")
+	if err != nil {
+		return err
+	}
+
+	createSystemStmt, err = readStmt(typ, "06_system")
+	if err != nil {
+		return err
+	}
+
+	createEncryptionKeysStmt, err = readStmt(typ, "07_encryption_keys_table")
+	if err != nil {
+		return err
+	}
+
+	createEventsStmt, err = readStmt(typ, "08_events_table")
+	if err != nil {
+		return err
+	}
+
+	createSystemSequenceStmt, err = readStmt(typ, "09_system_sequence")
+	if err != nil {
+		return err
+	}
+
+	createUniqueConstraints, err = readStmt(typ, "10_unique_constraints_table")
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func readStmt(typ, step string) (string, error) {
+	stmt, err := stmts.ReadFile("sql/" + typ + "/" + step + ".sql")
+	return string(stmt), err
+}

cmd/initialise/init_test.go

@@ -31,18 +31,6 @@ func prepareDB(t *testing.T, expectations ...expectation) db {
 
 type expectation func(m sqlmock.Sqlmock)
 
-func expectExists(query string, value bool, args ...driver.Value) expectation {
-	return func(m sqlmock.Sqlmock) {
-		m.ExpectQuery(regexp.QuoteMeta(query)).WithArgs(args...).WillReturnRows(sqlmock.NewRows([]string{"exists"}).AddRow(value))
-	}
-}
-
-func expectQueryErr(query string, err error, args ...driver.Value) expectation {
-	return func(m sqlmock.Sqlmock) {
-		m.ExpectQuery(regexp.QuoteMeta(query)).WithArgs(args...).WillReturnError(err)
-	}
-}
-
 func expectExec(stmt string, err error, args ...driver.Value) expectation {
 	return func(m sqlmock.Sqlmock) {
 		query := m.ExpectExec(regexp.QuoteMeta(stmt)).WithArgs(args...)

cmd/initialise/sql/04_eventstore.sql

@@ -1 +0,0 @@
-CREATE SCHEMA eventstore

cmd/initialise/sql/05_projections.sql

@@ -1 +0,0 @@
-CREATE SCHEMA projections

cmd/initialise/sql/06_system.sql

@@ -1 +0,0 @@
-CREATE SCHEMA system;

cmd/initialise/sql/08_enable_hash_sharded_indexes.sql

@@ -1 +0,0 @@
-SET experimental_enable_hash_sharded_indexes = on

cmd/initialise/sql/10_system_sequence.sql

@@ -1 +0,0 @@
-CREATE SEQUENCE eventstore.system_seq

cmd/initialise/sql/cockroach/01_user.sql

@@ -1,2 +1,2 @@
 -- replace %[1]s with the name of the user
-CREATE USER %[1]s WITH PASSWORD $1
+CREATE USER IF NOT EXISTS %[1]s

cmd/initialise/sql/cockroach/02_database.sql

@@ -1,2 +1,2 @@
 -- replace %[1]s with the name of the database
-CREATE DATABASE %[1]s
+CREATE DATABASE IF NOT EXISTS %[1]s

cmd/initialise/sql/cockroach/04_eventstore.sql

@@ -0,0 +1,3 @@
+CREATE SCHEMA IF NOT EXISTS eventstore;
+
+GRANT ALL ON ALL TABLES IN SCHEMA eventstore TO %[1]s;

cmd/initialise/sql/cockroach/05_projections.sql

@@ -0,0 +1,3 @@
+CREATE SCHEMA IF NOT EXISTS projections;
+
+GRANT ALL ON ALL TABLES IN SCHEMA projections TO %[1]s;

cmd/initialise/sql/cockroach/06_system.sql

@@ -0,0 +1,3 @@
+CREATE SCHEMA IF NOT EXISTS system;
+
+GRANT ALL ON ALL TABLES IN SCHEMA system TO %[1]s;

cmd/initialise/sql/cockroach/07_encryption_keys_table.sql

@@ -1,4 +1,4 @@
-CREATE TABLE system.encryption_keys (
+CREATE TABLE IF NOT EXISTS system.encryption_keys (
 	id TEXT NOT NULL
 	, key TEXT NOT NULL
 

cmd/initialise/sql/cockroach/08_events_table.sql

@@ -1,4 +1,6 @@
-CREATE TABLE eventstore.events (
+SET experimental_enable_hash_sharded_indexes = on;
+
+CREATE TABLE IF NOT EXISTS eventstore.events (
 	id UUID DEFAULT gen_random_uuid()
 	, event_type TEXT NOT NULL
 	, aggregate_type TEXT NOT NULL
@@ -22,4 +24,4 @@ CREATE TABLE eventstore.events (
 	, INDEX max_sequence (aggregate_type, aggregate_id, event_sequence DESC, instance_id)
 	, CONSTRAINT previous_sequence_unique UNIQUE (previous_aggregate_sequence DESC, instance_id)
 	, CONSTRAINT prev_agg_type_seq_unique UNIQUE(previous_aggregate_type_sequence, instance_id)
-)
+);

cmd/initialise/sql/cockroach/09_system_sequence.sql

@@ -0,0 +1 @@
+CREATE SEQUENCE IF NOT EXISTS eventstore.system_seq

cmd/initialise/sql/cockroach/10_unique_constraints_table.sql

@@ -1,4 +1,4 @@
-CREATE TABLE eventstore.unique_constraints (
+CREATE TABLE IF NOT EXISTS eventstore.unique_constraints (
     instance_id TEXT,
     unique_type TEXT,
     unique_field TEXT,

cmd/initialise/sql/postgres/01_user.sql

@@ -0,0 +1 @@
+CREATE USER %[1]s

cmd/initialise/sql/postgres/02_database.sql

@@ -0,0 +1 @@
+CREATE DATABASE %[1]s

cmd/initialise/sql/postgres/03_grant_user.sql

@@ -0,0 +1,3 @@
+-- replace the first %[1]s with the database
+-- replace the second \%[2]s with the user
+GRANT ALL ON DATABASE %[1]s TO %[2]s;

cmd/initialise/sql/postgres/04_eventstore.sql

@@ -0,0 +1,3 @@
+CREATE SCHEMA IF NOT EXISTS eventstore;
+
+GRANT ALL ON ALL TABLES IN SCHEMA eventstore TO %[1]s;

cmd/initialise/sql/postgres/05_projections.sql

@@ -0,0 +1,3 @@
+CREATE SCHEMA IF NOT EXISTS projections;
+
+GRANT ALL ON ALL TABLES IN SCHEMA projections TO %[1]s;

cmd/initialise/sql/postgres/06_system.sql

@@ -0,0 +1,3 @@
+CREATE SCHEMA IF NOT EXISTS system;
+
+GRANT ALL ON ALL TABLES IN SCHEMA system TO %[1]s;

cmd/initialise/sql/postgres/07_encryption_keys_table.sql

@@ -0,0 +1,6 @@
+CREATE TABLE IF NOT EXISTS system.encryption_keys (
+	id TEXT NOT NULL
+	, key TEXT NOT NULL
+
+	, PRIMARY KEY (id)
+);

cmd/initialise/sql/postgres/08_events_table.sql

@@ -0,0 +1,25 @@
+CREATE TABLE IF NOT EXISTS eventstore.events (
+	id UUID DEFAULT gen_random_uuid()
+	, event_type TEXT NOT NULL
+	, aggregate_type TEXT NOT NULL
+	, aggregate_id TEXT NOT NULL
+	, aggregate_version TEXT NOT NULL
+	, event_sequence BIGINT NOT NULL
+	, previous_aggregate_sequence BIGINT
+	, previous_aggregate_type_sequence INT8
+	, creation_date TIMESTAMPTZ NOT NULL DEFAULT now()
+	, event_data JSONB
+	, editor_user TEXT NOT NULL 
+	, editor_service TEXT NOT NULL
+	, resource_owner TEXT NOT NULL
+	, instance_id TEXT NOT NULL
+
+	, PRIMARY KEY (event_sequence, instance_id)
+	, CONSTRAINT previous_sequence_unique UNIQUE(previous_aggregate_sequence, instance_id)
+	, CONSTRAINT prev_agg_type_seq_unique UNIQUE(previous_aggregate_type_sequence, instance_id)
+);
+
+CREATE INDEX IF NOT EXISTS agg_type_agg_id ON eventstore.events (aggregate_type, aggregate_id, instance_id);
+CREATE INDEX IF NOT EXISTS agg_type ON eventstore.events (aggregate_type, instance_id);
+CREATE INDEX IF NOT EXISTS agg_type_seq ON eventstore.events (aggregate_type, event_sequence DESC, instance_id);
+CREATE INDEX IF NOT EXISTS max_sequence ON eventstore.events (aggregate_type, aggregate_id, event_sequence DESC, instance_id);

cmd/initialise/sql/postgres/09_system_sequence.sql

@@ -0,0 +1 @@
+CREATE SEQUENCE IF NOT EXISTS eventstore.system_seq;

cmd/initialise/sql/postgres/10_unique_constraints_table.sql

@@ -0,0 +1,6 @@
+CREATE TABLE IF NOT EXISTS eventstore.unique_constraints (
+    instance_id TEXT,
+    unique_type TEXT,
+    unique_field TEXT,
+    PRIMARY KEY (instance_id, unique_type, unique_field)
+);

cmd/initialise/verify_database.go

@@ -10,13 +10,6 @@ import (
 	"github.com/zitadel/logging"
 )
 
-var (
-	searchDatabase = "SELECT database_name FROM [show databases] WHERE database_name = $1"
-
-	//go:embed sql/02_database.sql
-	databaseStmt string
-)
-
 func newDatabase() *cobra.Command {
 	return &cobra.Command{
 		Use:   "database",
@@ -40,11 +33,10 @@ The user provided by flags needs priviledge to
 	}
 }
 
-func VerifyDatabase(database string) func(*sql.DB) error {
+func VerifyDatabase(databaseName string) func(*sql.DB) error {
 	return func(db *sql.DB) error {
-		return verify(db,
-			exists(searchDatabase, database),
-			exec(fmt.Sprintf(databaseStmt, database)),
-		)
+		logging.WithFields("database", databaseName).Info("verify database")
+
+		return exec(db, fmt.Sprintf(string(databaseStmt), databaseName), []string{dbAlreadyExistsCode})
 	}
 }

cmd/initialise/verify_database_test.go

@@ -7,6 +7,12 @@ import (
 )
 
 func Test_verifyDB(t *testing.T) {
+	err := ReadStmts("cockroach") //TODO: check all dialects
+	if err != nil {
+		t.Errorf("unable to read stmts: %v", err)
+		t.FailNow()
+	}
+
 	type args struct {
 		db       db
 		database string
@@ -16,20 +22,11 @@ func Test_verifyDB(t *testing.T) {
 		args      args
 		targetErr error
 	}{
-		{
-			name: "exists fails",
-			args: args{
-				db:       prepareDB(t, expectQueryErr("SELECT EXISTS(SELECT database_name FROM [show databases] WHERE database_name = $1)", sql.ErrConnDone, "zitadel")),
-				database: "zitadel",
-			},
-			targetErr: sql.ErrConnDone,
-		},
 		{
 			name: "doesn't exists, create fails",
 			args: args{
 				db: prepareDB(t,
-					expectExists("SELECT EXISTS(SELECT database_name FROM [show databases] WHERE database_name = $1)", false, "zitadel"),
-					expectExec("CREATE DATABASE zitadel", sql.ErrTxDone),
+					expectExec("-- replace zitadel with the name of the database\nCREATE DATABASE IF NOT EXISTS zitadel", sql.ErrTxDone),
 				),
 				database: "zitadel",
 			},
@@ -39,8 +36,7 @@ func Test_verifyDB(t *testing.T) {
 			name: "doesn't exists, create successful",
 			args: args{
 				db: prepareDB(t,
-					expectExists("SELECT EXISTS(SELECT database_name FROM [show databases] WHERE database_name = $1)", false, "zitadel"),
-					expectExec("CREATE DATABASE zitadel", nil),
+					expectExec("-- replace zitadel with the name of the database\nCREATE DATABASE IF NOT EXISTS zitadel", nil),
 				),
 				database: "zitadel",
 			},
@@ -50,7 +46,7 @@ func Test_verifyDB(t *testing.T) {
 			name: "already exists",
 			args: args{
 				db: prepareDB(t,
-					expectExists("SELECT EXISTS(SELECT database_name FROM [show databases] WHERE database_name = $1)", true, "zitadel"),
+					expectExec("-- replace zitadel with the name of the database\nCREATE DATABASE IF NOT EXISTS zitadel", nil),
 				),
 				database: "zitadel",
 			},

cmd/initialise/verify_grant.go

@@ -10,12 +10,6 @@ import (
 	"github.com/zitadel/logging"
 )
 
-var (
-	searchGrant = "SELECT * FROM [SHOW GRANTS ON DATABASE %s] where grantee = $1 AND privilege_type = 'ALL'"
-	//go:embed sql/03_grant_user.sql
-	grantStmt string
-)
-
 func newGrant() *cobra.Command {
 	return &cobra.Command{
 		Use:   "grant",
@@ -34,12 +28,10 @@ Prereqesits:
 	}
 }
 
-func VerifyGrant(database, username string) func(*sql.DB) error {
+func VerifyGrant(databaseName, username string) func(*sql.DB) error {
 	return func(db *sql.DB) error {
-		logging.WithFields("user", username, "database", database).Info("verify grant")
-		return verify(db,
-			exists(fmt.Sprintf(searchGrant, database), username),
-			exec(fmt.Sprintf(grantStmt, database, username)),
-		)
+		logging.WithFields("user", username, "database", databaseName).Info("verify grant")
+
+		return exec(db, fmt.Sprintf(grantStmt, databaseName, username), nil)
 	}
 }

cmd/initialise/verify_grant_test.go

@@ -17,20 +17,10 @@ func Test_verifyGrant(t *testing.T) {
 		args      args
 		targetErr error
 	}{
-		{
-			name: "exists fails",
-			args: args{
-				db:       prepareDB(t, expectQueryErr("SELECT EXISTS(SELECT * FROM [SHOW GRANTS ON DATABASE zitadel] where grantee = $1 AND privilege_type = 'ALL'", sql.ErrConnDone, "zitadel-user")),
-				database: "zitadel",
-				username: "zitadel-user",
-			},
-			targetErr: sql.ErrConnDone,
-		},
 		{
 			name: "doesn't exists, create fails",
 			args: args{
 				db: prepareDB(t,
-					expectExists("SELECT EXISTS(SELECT * FROM [SHOW GRANTS ON DATABASE zitadel] where grantee = $1 AND privilege_type = 'ALL'", false, "zitadel-user"),
 					expectExec("GRANT ALL ON DATABASE zitadel TO zitadel-user", sql.ErrTxDone),
 				),
 				database: "zitadel",
@@ -42,7 +32,6 @@ func Test_verifyGrant(t *testing.T) {
 			name: "correct",
 			args: args{
 				db: prepareDB(t,
-					expectExists("SELECT EXISTS(SELECT * FROM [SHOW GRANTS ON DATABASE zitadel] where grantee = $1 AND privilege_type = 'ALL'", false, "zitadel-user"),
 					expectExec("GRANT ALL ON DATABASE zitadel TO zitadel-user", nil),
 				),
 				database: "zitadel",
@@ -54,7 +43,7 @@ func Test_verifyGrant(t *testing.T) {
 			name: "already exists",
 			args: args{
 				db: prepareDB(t,
-					expectExists("SELECT EXISTS(SELECT * FROM [SHOW GRANTS ON DATABASE zitadel] where grantee = $1 AND privilege_type = 'ALL'", true, "zitadel-user"),
+					expectExec("GRANT ALL ON DATABASE zitadel TO zitadel-user", nil),
 				),
 				database: "zitadel",
 				username: "zitadel-user",

cmd/initialise/verify_user.go

@@ -10,12 +10,6 @@ import (
 	"github.com/zitadel/logging"
 )
 
-var (
-	searchUser = "SELECT username FROM [show roles] WHERE username = $1"
-	//go:embed sql/01_user.sql
-	createUserStmt string
-)
-
 func newUser() *cobra.Command {
 	return &cobra.Command{
 		Use:   "user",
@@ -42,9 +36,11 @@ The user provided by flags needs priviledge to
 func VerifyUser(username, password string) func(*sql.DB) error {
 	return func(db *sql.DB) error {
 		logging.WithFields("username", username).Info("verify user")
-		return verify(db,
-			exists(searchUser, username),
-			exec(fmt.Sprintf(createUserStmt, username), &sql.NullString{String: password, Valid: password != ""}),
-		)
+
+		if password != "" {
+			createUserStmt += " WITH PASSWORD '" + password + "'"
+		}
+
+		return exec(db, fmt.Sprintf(createUserStmt, username), []string{roleAlreadyExistsCode})
 	}
 }

cmd/initialise/verify_user_test.go

@@ -7,6 +7,12 @@ import (
 )
 
 func Test_verifyUser(t *testing.T) {
+	err := ReadStmts("cockroach") //TODO: check all dialects
+	if err != nil {
+		t.Errorf("unable to read stmts: %v", err)
+		t.FailNow()
+	}
+
 	type args struct {
 		db       db
 		username string
@@ -17,21 +23,11 @@ func Test_verifyUser(t *testing.T) {
 		args      args
 		targetErr error
 	}{
-		{
-			name: "exists fails",
-			args: args{
-				db:       prepareDB(t, expectQueryErr("SELECT EXISTS(SELECT username FROM [show roles] WHERE username = $1)", sql.ErrConnDone, "zitadel-user")),
-				username: "zitadel-user",
-				password: "",
-			},
-			targetErr: sql.ErrConnDone,
-		},
 		{
 			name: "doesn't exists, create fails",
 			args: args{
 				db: prepareDB(t,
-					expectExists("SELECT EXISTS(SELECT username FROM [show roles] WHERE username = $1)", false, "zitadel-user"),
-					expectExec("CREATE USER zitadel-user WITH PASSWORD $1", sql.ErrTxDone, nil),
+					expectExec("-- replace zitadel-user with the name of the user\nCREATE USER IF NOT EXISTS zitadel-user", sql.ErrTxDone),
 				),
 				username: "zitadel-user",
 				password: "",
@@ -42,8 +38,7 @@ func Test_verifyUser(t *testing.T) {
 			name: "correct without password",
 			args: args{
 				db: prepareDB(t,
-					expectExists("SELECT EXISTS(SELECT username FROM [show roles] WHERE username = $1)", false, "zitadel-user"),
-					expectExec("CREATE USER zitadel-user WITH PASSWORD $1", nil, nil),
+					expectExec("-- replace zitadel-user with the name of the user\nCREATE USER IF NOT EXISTS zitadel-user", nil),
 				),
 				username: "zitadel-user",
 				password: "",
@@ -54,8 +49,7 @@ func Test_verifyUser(t *testing.T) {
 			name: "correct with password",
 			args: args{
 				db: prepareDB(t,
-					expectExists("SELECT EXISTS(SELECT username FROM [show roles] WHERE username = $1)", false, "zitadel-user"),
-					expectExec("CREATE USER zitadel-user WITH PASSWORD $1", nil, "password"),
+					expectExec("-- replace zitadel-user with the name of the user\nCREATE USER IF NOT EXISTS zitadel-user WITH PASSWORD 'password'", nil),
 				),
 				username: "zitadel-user",
 				password: "password",
@@ -66,7 +60,7 @@ func Test_verifyUser(t *testing.T) {
 			name: "already exists",
 			args: args{
 				db: prepareDB(t,
-					expectExists("SELECT EXISTS(SELECT username FROM [show roles] WHERE username = $1)", true, "zitadel-user"),
+					expectExec("-- replace zitadel-user with the name of the user\nCREATE USER IF NOT EXISTS zitadel-user WITH PASSWORD 'password'", nil),
 				),
 				username: "zitadel-user",
 				password: "",

cmd/initialise/verify_zitadel.go

@@ -3,11 +3,12 @@ package initialise
 import (
 	"database/sql"
 	_ "embed"
+	"fmt"
 
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
-	"github.com/zitadel/logging"
 
+	"github.com/zitadel/logging"
 	"github.com/zitadel/zitadel/internal/database"
 )
 
@@ -20,29 +21,6 @@ const (
 	encryptionKeysTable    = "encryption_keys"
 )
 
-var (
-	searchSchema         = "SELECT schema_name FROM [SHOW SCHEMAS] WHERE schema_name = $1"
-	searchTable          = "SELECT table_name FROM [SHOW TABLES] WHERE table_name = $1"
-	searchSystemSequence = "SELECT sequence_name FROM [SHOW SEQUENCES] WHERE sequence_name = 'system_seq'"
-
-	//go:embed sql/04_eventstore.sql
-	createEventstoreStmt string
-	//go:embed sql/05_projections.sql
-	createProjectionsStmt string
-	//go:embed sql/06_system.sql
-	createSystemStmt string
-	//go:embed sql/07_encryption_keys_table.sql
-	createEncryptionKeysStmt string
-	//go:embed sql/08_enable_hash_sharded_indexes.sql
-	enableHashShardedIdx string
-	//go:embed sql/09_events_table.sql
-	createEventsStmt string
-	//go:embed sql/10_system_sequence.sql
-	createSystemSequenceStmt string
-	//go:embed sql/11_unique_constraints_table.sql
-	createUniqueConstraints string
-)
-
 func newZitadel() *cobra.Command {
 	return &cobra.Command{
 		Use:   "zitadel",
@@ -62,44 +40,44 @@ Prereqesits:
 	}
 }
 
-func VerifyZitadel(db *sql.DB) error {
-	if err := verify(db, exists(searchSchema, systemSchema), exec(createSystemStmt)); err != nil {
+func VerifyZitadel(db *sql.DB, config database.Config) error {
+	if err := exec(db, fmt.Sprintf(createSystemStmt, config.Username()), nil); err != nil {
 		return err
 	}
 
-	if err := verify(db, exists(searchTable, encryptionKeysTable), createEncryptionKeys); err != nil {
+	if err := createEncryptionKeys(db); err != nil {
 		return err
 	}
 
-	if err := verify(db, exists(searchSchema, projectionsSchema), exec(createProjectionsStmt)); err != nil {
+	if err := exec(db, fmt.Sprintf(createProjectionsStmt, config.Username()), nil); err != nil {
 		return err
 	}
 
-	if err := verify(db, exists(searchSchema, eventstoreSchema), exec(createEventstoreStmt)); err != nil {
+	if err := exec(db, fmt.Sprintf(createEventstoreStmt, config.Username()), nil); err != nil {
 		return err
 	}
 
-	if err := verify(db, exists(searchTable, eventsTable), createEvents); err != nil {
+	if err := createEvents(db); err != nil {
 		return err
 	}
 
-	if err := verify(db, exists(searchSystemSequence), exec(createSystemSequenceStmt)); err != nil {
+	if err := exec(db, createSystemSequenceStmt, nil); err != nil {
 		return err
 	}
 
-	if err := verify(db, exists(searchTable, uniqueConstraintsTable), exec(createUniqueConstraints)); err != nil {
+	if err := exec(db, createUniqueConstraints, nil); err != nil {
 		return err
 	}
 	return nil
 }
 
 func verifyZitadel(config database.Config) error {
-	logging.WithFields("database", config.Database).Info("verify zitadel")
+	logging.WithFields("database", config.Database()).Info("verify zitadel")
 	db, err := database.Connect(config, false)
 	if err != nil {
 		return err
 	}
-	if err := VerifyZitadel(db); err != nil {
+	if err := VerifyZitadel(db, config); err != nil {
 		return nil
 	}
 
@@ -124,10 +102,6 @@ func createEvents(db *sql.DB) error {
 	if err != nil {
 		return err
 	}
-	if _, err = tx.Exec(enableHashShardedIdx); err != nil {
-		tx.Rollback()
-		return err
-	}
 
 	if _, err = tx.Exec(createEventsStmt); err != nil {
 		tx.Rollback()

cmd/initialise/verify_zitadel_test.go

@@ -7,6 +7,12 @@ import (
 )
 
 func Test_verifyEvents(t *testing.T) {
+	err := ReadStmts("cockroach") //TODO: check all dialects
+	if err != nil {
+		t.Errorf("unable to read stmts: %v", err)
+		t.FailNow()
+	}
+
 	type args struct {
 		db db
 	}
@@ -24,23 +30,11 @@ func Test_verifyEvents(t *testing.T) {
 			},
 			targetErr: sql.ErrConnDone,
 		},
-		{
-			name: "hash sharded indexes fails",
-			args: args{
-				db: prepareDB(t,
-					expectBegin(nil),
-					expectExec("SET experimental_enable_hash_sharded_indexes = on", sql.ErrNoRows),
-					expectRollback(nil),
-				),
-			},
-			targetErr: sql.ErrNoRows,
-		},
 		{
 			name: "create table fails",
 			args: args{
 				db: prepareDB(t,
 					expectBegin(nil),
-					expectExec("SET experimental_enable_hash_sharded_indexes = on", nil),
 					expectExec(createEventsStmt, sql.ErrNoRows),
 					expectRollback(nil),
 				),
@@ -52,7 +46,6 @@ func Test_verifyEvents(t *testing.T) {
 			args: args{
 				db: prepareDB(t,
 					expectBegin(nil),
-					expectExec("SET experimental_enable_hash_sharded_indexes = on", nil),
 					expectExec(createEventsStmt, nil),
 					expectCommit(nil),
 				),
@@ -60,6 +53,7 @@ func Test_verifyEvents(t *testing.T) {
 			targetErr: nil,
 		},
 	}
+
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			if err := createEvents(tt.args.db.db); !errors.Is(err, tt.targetErr) {