feat(eventstore): increase parallel write capabilities (#5940)

This implementation increases parallel write capabilities of the eventstore. Please have a look at the technical advisories: [05](https://zitadel.com/docs/support/advisory/a10005) and [06](https://zitadel.com/docs/support/advisory/a10006). The implementation of eventstore.push is rewritten and stored events are migrated to a new table `eventstore.events2`. If you are using cockroach: make sure that the database user of ZITADEL has `VIEWACTIVITY` grant. This is used to query events.
2025-08-12 03:57:32 +00:00 · 2023-10-19 12:19:10 +02:00
parent 259faba3f0
commit b5564572bc
791 changed files with 30326 additions and 43202 deletions
--- a/internal/authz/repository/eventsourcing/eventstore/token_verifier.go
+++ b/internal/authz/repository/eventsourcing/eventstore/token_verifier.go
@@ -19,8 +19,7 @@ import (
 	"github.com/zitadel/zitadel/internal/crypto"
 	"github.com/zitadel/zitadel/internal/domain"
 	caos_errs "github.com/zitadel/zitadel/internal/errors"
-	v1 "github.com/zitadel/zitadel/internal/eventstore/v1"
-	"github.com/zitadel/zitadel/internal/eventstore/v1/models"
+	"github.com/zitadel/zitadel/internal/eventstore"
 	"github.com/zitadel/zitadel/internal/query"
 	"github.com/zitadel/zitadel/internal/telemetry/tracing"
 	usr_model "github.com/zitadel/zitadel/internal/user/model"
@@ -30,7 +29,7 @@ import (

 type TokenVerifierRepo struct {
 	TokenVerificationKey crypto.EncryptionAlgorithm
-	Eventstore           v1.Eventstore
+	Eventstore           *eventstore.Eventstore
 	View                 *view.View
 	Query                *query.Queries
 	ExternalSecure       bool
@@ -48,7 +47,7 @@ func (repo *TokenVerifierRepo) tokenByID(ctx context.Context, tokenID, userID st

 	// always load the latest sequence first, so in case the token was not found by id,
 	// the sequence will be equal or lower than the actual projection and no events are lost
-	sequence, err := repo.View.GetLatestTokenSequence(ctx, instanceID)
+	sequence, err := repo.View.GetLatestState(ctx)
 	logging.WithFields("instanceID", instanceID, "userID", userID, "tokenID", tokenID).
 		OnError(err).
 		Errorf("could not get current sequence for token check")
@@ -62,7 +61,7 @@ func (repo *TokenVerifierRepo) tokenByID(ctx context.Context, tokenID, userID st
 		token.ID = tokenID
 		token.UserID = userID
 		if sequence != nil {
-			token.Sequence = sequence.CurrentSequence
+			token.Sequence = sequence.Sequence
 		}
 	}

@@ -245,14 +244,14 @@ func (repo *TokenVerifierRepo) VerifierClientID(ctx context.Context, appName str
 	return clientID, app.ProjectID, nil
 }

-func (repo *TokenVerifierRepo) getUserEvents(ctx context.Context, userID, instanceID string, sequence uint64, eventTypes []models.EventType) (_ []*models.Event, err error) {
+func (repo *TokenVerifierRepo) getUserEvents(ctx context.Context, userID, instanceID string, sequence uint64, eventTypes []eventstore.EventType) (_ []eventstore.Event, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
 	query, err := usr_view.UserByIDQuery(userID, instanceID, sequence, eventTypes)
 	if err != nil {
 		return nil, err
 	}
-	return repo.Eventstore.FilterEvents(ctx, query)
+	return repo.Eventstore.Filter(ctx, query)
 }

 // getTokenIDAndSubject returns the TokenID and Subject of both opaque tokens and JWTs
--- a/internal/authz/repository/eventsourcing/eventstore/user_membership.go
+++ b/internal/authz/repository/eventsourcing/eventstore/user_membership.go
@@ -12,17 +12,18 @@ type UserMembershipRepo struct {
 	Queries *query.Queries
 }

-func (repo *UserMembershipRepo) SearchMyMemberships(ctx context.Context, orgID string) (_ []*authz.Membership, err error) {
+func (repo *UserMembershipRepo) SearchMyMemberships(ctx context.Context, orgID string, shouldTriggerBulk bool) (_ []*authz.Membership, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
-	memberships, err := repo.searchUserMemberships(ctx, orgID)
+
+	memberships, err := repo.searchUserMemberships(ctx, orgID, shouldTriggerBulk)
 	if err != nil {
 		return nil, err
 	}
 	return userMembershipsToMemberships(memberships), nil
 }

-func (repo *UserMembershipRepo) searchUserMemberships(ctx context.Context, orgID string) (_ []*query.Membership, err error) {
+func (repo *UserMembershipRepo) searchUserMemberships(ctx context.Context, orgID string, shouldTriggerBulk bool) (_ []*query.Membership, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
 	ctxData := authz.GetCtxData(ctx)
@@ -40,7 +41,7 @@ func (repo *UserMembershipRepo) searchUserMemberships(ctx context.Context, orgID
 	}
 	memberships, err := repo.Queries.Memberships(ctx, &query.MembershipSearchQuery{
 		Queries: []query.SearchQuery{userIDQuery, query.Or(orgIDsQuery, grantedIDQuery)},
-	}, false)
+	}, false, shouldTriggerBulk)
 	if err != nil {
 		return nil, err
 	}