feat(eventstore): increase parallel write capabilities (#5940)

This implementation increases parallel write capabilities of the eventstore. Please have a look at the technical advisories: [05](https://zitadel.com/docs/support/advisory/a10005) and [06](https://zitadel.com/docs/support/advisory/a10006). The implementation of eventstore.push is rewritten and stored events are migrated to a new table `eventstore.events2`. If you are using cockroach: make sure that the database user of ZITADEL has `VIEWACTIVITY` grant. This is used to query events.
2025-08-11 20:57:31 +00:00 · 2023-10-19 12:19:10 +02:00
parent 259faba3f0
commit b5564572bc
791 changed files with 30326 additions and 43202 deletions
--- a/internal/command/user_human_password_test.go
+++ b/internal/command/user_human_password_test.go
@@ -16,7 +16,6 @@ import (
 	"github.com/zitadel/zitadel/internal/domain"
 	caos_errs "github.com/zitadel/zitadel/internal/errors"
 	"github.com/zitadel/zitadel/internal/eventstore"
-	"github.com/zitadel/zitadel/internal/eventstore/repository"
 	"github.com/zitadel/zitadel/internal/repository/org"
 	"github.com/zitadel/zitadel/internal/repository/user"
 )
@@ -158,16 +157,12 @@ func TestCommandSide_SetOneTimePassword(t *testing.T) {
 						),
 					),
 					expectPush(
-						[]*repository.Event{
-							eventFromEventPusher(
-								user.NewHumanPasswordChangedEvent(context.Background(),
-									&user.NewAggregate("user1", "org1").Aggregate,
-									"$plain$x$password",
-									true,
-									"",
-								),
-							),
-						},
+						user.NewHumanPasswordChangedEvent(context.Background(),
+							&user.NewAggregate("user1", "org1").Aggregate,
+							"$plain$x$password",
+							true,
+							"",
+						),
 					),
 				),
 				userPasswordHasher: mockPasswordHasher("x"),
@@ -225,16 +220,12 @@ func TestCommandSide_SetOneTimePassword(t *testing.T) {
 						),
 					),
 					expectPush(
-						[]*repository.Event{
-							eventFromEventPusher(
-								user.NewHumanPasswordChangedEvent(context.Background(),
-									&user.NewAggregate("user1", "org1").Aggregate,
-									"$plain$x$password",
-									false,
-									"",
-								),
-							),
-						},
+						user.NewHumanPasswordChangedEvent(context.Background(),
+							&user.NewAggregate("user1", "org1").Aggregate,
+							"$plain$x$password",
+							false,
+							"",
+						),
 					),
 				),
 				userPasswordHasher: mockPasswordHasher("x"),
@@ -482,16 +473,12 @@ func TestCommandSide_SetPasswordWithVerifyCode(t *testing.T) {
 						),
 					),
 					expectPush(
-						[]*repository.Event{
-							eventFromEventPusher(
-								user.NewHumanPasswordChangedEvent(context.Background(),
-									&user.NewAggregate("user1", "org1").Aggregate,
-									"$plain$x$password",
-									false,
-									"",
-								),
-							),
-						},
+						user.NewHumanPasswordChangedEvent(context.Background(),
+							&user.NewAggregate("user1", "org1").Aggregate,
+							"$plain$x$password",
+							false,
+							"",
+						),
 					),
 				),
 				userPasswordHasher: mockPasswordHasher("x"),
@@ -758,16 +745,12 @@ func TestCommandSide_ChangePassword(t *testing.T) {
 					),
 				),
 				expectPush(
-					[]*repository.Event{
-						eventFromEventPusher(
-							user.NewHumanPasswordChangedEvent(context.Background(),
-								&user.NewAggregate("user1", "org1").Aggregate,
-								"$plain$x$password1",
-								false,
-								"",
-							),
-						),
-					},
+					user.NewHumanPasswordChangedEvent(context.Background(),
+						&user.NewAggregate("user1", "org1").Aggregate,
+						"$plain$x$password1",
+						false,
+						"",
+					),
 				),
 			},
 			res: res{
@@ -929,21 +912,17 @@ func TestCommandSide_RequestSetPassword(t *testing.T) {
 								&user.NewAggregate("user1", "org1").Aggregate)),
 					),
 					expectPush(
-						[]*repository.Event{
-							eventFromEventPusher(
-								user.NewHumanPasswordCodeAddedEvent(context.Background(),
-									&user.NewAggregate("user1", "org1").Aggregate,
-									&crypto.CryptoValue{
-										CryptoType: crypto.TypeEncryption,
-										Algorithm:  "enc",
-										KeyID:      "id",
-										Crypted:    []byte("a"),
-									},
-									time.Hour*1,
-									domain.NotificationTypeEmail,
-								),
-							),
-						},
+						user.NewHumanPasswordCodeAddedEvent(context.Background(),
+							&user.NewAggregate("user1", "org1").Aggregate,
+							&crypto.CryptoValue{
+								CryptoType: crypto.TypeEncryption,
+								Algorithm:  "enc",
+								KeyID:      "id",
+								Crypted:    []byte("a"),
+							},
+							time.Hour*1,
+							domain.NotificationTypeEmail,
+						),
 					),
 				),
 			},
@@ -1057,13 +1036,9 @@ func TestCommandSide_PasswordCodeSent(t *testing.T) {
 						),
 					),
 					expectPush(
-						[]*repository.Event{
-							eventFromEventPusher(
-								user.NewHumanPasswordCodeSentEvent(context.Background(),
-									&user.NewAggregate("user1", "org1").Aggregate,
-								),
-							),
-						},
+						user.NewHumanPasswordCodeSentEvent(context.Background(),
+							&user.NewAggregate("user1", "org1").Aggregate,
+						),
 					),
 				),
 			},
@@ -1362,17 +1337,13 @@ func TestCommandSide_CheckPassword(t *testing.T) {
 								"")),
 					),
 					expectPush(
-						[]*repository.Event{
-							eventFromEventPusher(
-								user.NewHumanPasswordCheckFailedEvent(context.Background(),
-									&user.NewAggregate("user1", "org1").Aggregate,
-									&user.AuthRequestInfo{
-										ID:          "request1",
-										UserAgentID: "agent1",
-									},
-								),
-							),
-						},
+						user.NewHumanPasswordCheckFailedEvent(context.Background(),
+							&user.NewAggregate("user1", "org1").Aggregate,
+							&user.AuthRequestInfo{
+								ID:          "request1",
+								UserAgentID: "agent1",
+							},
+						),
 					),
 				),
 				userPasswordHasher: mockPasswordHasher("x"),
@@ -1449,22 +1420,16 @@ func TestCommandSide_CheckPassword(t *testing.T) {
 								"")),
 					),
 					expectPush(
-						[]*repository.Event{
-							eventFromEventPusher(
-								user.NewHumanPasswordCheckFailedEvent(context.Background(),
-									&user.NewAggregate("user1", "org1").Aggregate,
-									&user.AuthRequestInfo{
-										ID:          "request1",
-										UserAgentID: "agent1",
-									},
-								),
-							),
-							eventFromEventPusher(
-								user.NewUserLockedEvent(context.Background(),
-									&user.NewAggregate("user1", "org1").Aggregate,
-								),
-							),
-						},
+						user.NewHumanPasswordCheckFailedEvent(context.Background(),
+							&user.NewAggregate("user1", "org1").Aggregate,
+							&user.AuthRequestInfo{
+								ID:          "request1",
+								UserAgentID: "agent1",
+							},
+						),
+						user.NewUserLockedEvent(context.Background(),
+							&user.NewAggregate("user1", "org1").Aggregate,
+						),
 					),
 				),
 				userPasswordHasher: mockPasswordHasher("x"),
@@ -1543,17 +1508,13 @@ func TestCommandSide_CheckPassword(t *testing.T) {
 								"")),
 					),
 					expectPush(
-						[]*repository.Event{
-							eventFromEventPusher(
-								user.NewHumanPasswordCheckSucceededEvent(context.Background(),
-									&user.NewAggregate("user1", "org1").Aggregate,
-									&user.AuthRequestInfo{
-										ID:          "request1",
-										UserAgentID: "agent1",
-									},
-								),
-							),
-						},
+						user.NewHumanPasswordCheckSucceededEvent(context.Background(),
+							&user.NewAggregate("user1", "org1").Aggregate,
+							&user.AuthRequestInfo{
+								ID:          "request1",
+								UserAgentID: "agent1",
+							},
+						),
 					),
 				),
 				userPasswordHasher: mockPasswordHasher("x"),
@@ -1627,23 +1588,18 @@ func TestCommandSide_CheckPassword(t *testing.T) {
 								"")),
 					),
 					expectPush(
-						[]*repository.Event{
-							eventFromEventPusher(
-								user.NewHumanPasswordCheckSucceededEvent(context.Background(),
-									&user.NewAggregate("user1", "org1").Aggregate,
-									&user.AuthRequestInfo{
-										ID:          "request1",
-										UserAgentID: "agent1",
-									},
-								),
-							),
-							eventFromEventPusher(
-								user.NewHumanPasswordHashUpdatedEvent(context.Background(),
-									&user.NewAggregate("user1", "org1").Aggregate,
-									"$plain$x$password",
-								),
-							),
-						},
+						user.NewHumanPasswordCheckSucceededEvent(
+							context.Background(),
+							&user.NewAggregate("user1", "org1").Aggregate,
+							&user.AuthRequestInfo{
+								ID:          "request1",
+								UserAgentID: "agent1",
+							},
+						),
+						user.NewHumanPasswordHashUpdatedEvent(context.Background(),
+							&user.NewAggregate("user1", "org1").Aggregate,
+							"$plain$x$password",
+						),
 					),
 				),
 				userPasswordHasher: mockPasswordHasher("x"),
@@ -1727,23 +1683,17 @@ func TestCommandSide_CheckPassword(t *testing.T) {
 						),
 					),
 					expectPush(
-						[]*repository.Event{
-							eventFromEventPusher(
-								user.NewHumanPasswordCheckSucceededEvent(context.Background(),
-									&user.NewAggregate("user1", "org1").Aggregate,
-									&user.AuthRequestInfo{
-										ID:          "request1",
-										UserAgentID: "agent1",
-									},
-								),
-							),
-							eventFromEventPusher(
-								user.NewHumanPasswordHashUpdatedEvent(context.Background(),
-									&user.NewAggregate("user1", "org1").Aggregate,
-									"$plain$x$password",
-								),
-							),
-						},
+						user.NewHumanPasswordCheckSucceededEvent(context.Background(),
+							&user.NewAggregate("user1", "org1").Aggregate,
+							&user.AuthRequestInfo{
+								ID:          "request1",
+								UserAgentID: "agent1",
+							},
+						),
+						user.NewHumanPasswordHashUpdatedEvent(context.Background(),
+							&user.NewAggregate("user1", "org1").Aggregate,
+							"$plain$x$password",
+						),
 					),
 				),
 				userPasswordHasher: mockPasswordHasher("x"),