perf: query data AS OF SYSTEM TIME (#5231)

Queries the data in the storage layser at the timestamp when the call hit the API layer
2025-08-11 21:37:32 +00:00 · 2023-02-27 22:36:43 +01:00
parent 80003939ad
commit e38abdcdf3
170 changed files with 3101 additions and 3169 deletions
--- a/cmd/initialise/init.go
+++ b/cmd/initialise/init.go
@@ -59,8 +59,8 @@ The user provided by flags needs privileges to
 func InitAll(config *Config) {
 	err := initialise(config.Database,
 		VerifyUser(config.Database.Username(), config.Database.Password()),
-		VerifyDatabase(config.Database.Database()),
-		VerifyGrant(config.Database.Database(), config.Database.Username()),
+		VerifyDatabase(config.Database.DatabaseName()),
+		VerifyGrant(config.Database.DatabaseName(), config.Database.Username()),
 	)
 	logging.OnError(err).Fatal("unable to initialize the database")

@@ -82,7 +82,7 @@ func initialise(config database.Config, steps ...func(*sql.DB) error) error {
 	}
 	defer db.Close()

-	return Init(db, steps...)
+	return Init(db.DB, steps...)
 }

 func Init(db *sql.DB, steps ...func(*sql.DB) error) error {
--- a/cmd/initialise/verify_database.go
+++ b/cmd/initialise/verify_database.go
@@ -27,7 +27,7 @@ The user provided by flags needs priviledge to
 		Run: func(cmd *cobra.Command, args []string) {
 			config := MustNewConfig(viper.GetViper())

-			err := initialise(config.Database, VerifyDatabase(config.Database.Database()))
+			err := initialise(config.Database, VerifyDatabase(config.Database.DatabaseName()))
 			logging.OnError(err).Fatal("unable to initialize the database")
 		},
 	}
--- a/cmd/initialise/verify_grant.go
+++ b/cmd/initialise/verify_grant.go
@@ -22,7 +22,7 @@ Prereqesits:
 		Run: func(cmd *cobra.Command, args []string) {
 			config := MustNewConfig(viper.GetViper())

-			err := initialise(config.Database, VerifyGrant(config.Database.Database(), config.Database.Username()))
+			err := initialise(config.Database, VerifyGrant(config.Database.DatabaseName(), config.Database.Username()))
 			logging.OnError(err).Fatal("unable to set grant")
 		},
 	}
--- a/cmd/initialise/verify_zitadel.go
+++ b/cmd/initialise/verify_zitadel.go
@@ -66,14 +66,14 @@ func VerifyZitadel(db *sql.DB, config database.Config) error {
 }

 func verifyZitadel(config database.Config) error {
-	logging.WithFields("database", config.Database()).Info("verify zitadel")
+	logging.WithFields("database", config.DatabaseName()).Info("verify zitadel")

 	db, err := database.Connect(config, false)
 	if err != nil {
 		return err
 	}

-	if err := VerifyZitadel(db, config); err != nil {
+	if err := VerifyZitadel(db.DB, config); err != nil {
 		return err
 	}

--- a/cmd/key/key.go
+++ b/cmd/key/key.go
@@ -128,5 +128,5 @@ func keyStorage(config database.Config, masterKey string) (crypto.KeyStorage, er
 	if err != nil {
 		return nil, err
 	}
-	return cryptoDB.NewKeyStorage(db, masterKey)
+	return cryptoDB.NewKeyStorage(db.DB, masterKey)
 }
--- a/cmd/setup/setup.go
+++ b/cmd/setup/setup.go
@@ -66,14 +66,14 @@ func Setup(config *Config, steps *Steps, masterKey string) {
 	logging.OnError(err).Fatal("unable to start eventstore")
 	migration.RegisterMappers(eventstoreClient)

-	steps.s1ProjectionTable = &ProjectionTable{dbClient: dbClient}
-	steps.s2AssetsTable = &AssetTable{dbClient: dbClient}
+	steps.s1ProjectionTable = &ProjectionTable{dbClient: dbClient.DB}
+	steps.s2AssetsTable = &AssetTable{dbClient: dbClient.DB}

 	steps.FirstInstance.instanceSetup = config.DefaultInstance
 	steps.FirstInstance.userEncryptionKey = config.EncryptionKeys.User
 	steps.FirstInstance.smtpEncryptionKey = config.EncryptionKeys.SMTP
 	steps.FirstInstance.masterKey = masterKey
-	steps.FirstInstance.db = dbClient
+	steps.FirstInstance.db = dbClient.DB
 	steps.FirstInstance.es = eventstoreClient
 	steps.FirstInstance.defaults = config.SystemDefaults
 	steps.FirstInstance.zitadelRoles = config.InternalAuthZ.RolePermissionMappings
@@ -81,11 +81,11 @@ func Setup(config *Config, steps *Steps, masterKey string) {
 	steps.FirstInstance.externalSecure = config.ExternalSecure
 	steps.FirstInstance.externalPort = config.ExternalPort

-	steps.s4EventstoreIndexes = &EventstoreIndexes{dbClient: dbClient, dbType: config.Database.Type()}
-	steps.s5LastFailed = &LastFailed{dbClient: dbClient}
-	steps.s6OwnerRemoveColumns = &OwnerRemoveColumns{dbClient: dbClient}
-	steps.s7LogstoreTables = &LogstoreTables{dbClient: dbClient, username: config.Database.Username(), dbType: config.Database.Type()}
-	steps.s8AuthTokens = &AuthTokenIndexes{dbClient: dbClient}
+	steps.s4EventstoreIndexes = &EventstoreIndexes{dbClient: dbClient.DB, dbType: config.Database.Type()}
+	steps.s5LastFailed = &LastFailed{dbClient: dbClient.DB}
+	steps.s6OwnerRemoveColumns = &OwnerRemoveColumns{dbClient: dbClient.DB}
+	steps.s7LogstoreTables = &LogstoreTables{dbClient: dbClient.DB, username: config.Database.Username(), dbType: config.Database.Type()}
+	steps.s8AuthTokens = &AuthTokenIndexes{dbClient: dbClient.DB}

 	err = projection.Create(ctx, dbClient, eventstoreClient, config.Projections, nil, nil)
 	logging.OnError(err).Fatal("unable to start projections")
--- a/cmd/start/start.go
+++ b/cmd/start/start.go
@@ -3,7 +3,6 @@ package start
 import (
 	"context"
 	"crypto/tls"
-	"database/sql"
 	_ "embed"
 	"fmt"
 	"net"
@@ -95,7 +94,7 @@ func startZitadel(config *Config, masterKey string) error {
 		return fmt.Errorf("cannot start client for projection: %w", err)
 	}

-	keyStorage, err := cryptoDB.NewKeyStorage(dbClient, masterKey)
+	keyStorage, err := cryptoDB.NewKeyStorage(dbClient.DB, masterKey)
 	if err != nil {
 		return fmt.Errorf("cannot start key storage: %w", err)
 	}
@@ -120,7 +119,7 @@ func startZitadel(config *Config, masterKey string) error {
 		return fmt.Errorf("error starting authz repo: %w", err)
 	}

-	storage, err := config.AssetStorage.NewStorage(dbClient)
+	storage, err := config.AssetStorage.NewStorage(dbClient.DB)
 	if err != nil {
 		return fmt.Errorf("cannot start asset storage client: %w", err)
 	}
@@ -162,7 +161,7 @@ func startZitadel(config *Config, masterKey string) error {
 	}

 	usageReporter := logstore.UsageReporterFunc(commands.ReportUsage)
-	actionsLogstoreSvc := logstore.New(commands, usageReporter, actionsExecutionDBEmitter, actionsExecutionStdoutEmitter)
+	actionsLogstoreSvc := logstore.New(queries, usageReporter, actionsExecutionDBEmitter, actionsExecutionStdoutEmitter)
 	if actionsLogstoreSvc.Enabled() {
 		logging.Warn("execution logs are currently in beta")
 	}
@@ -175,7 +174,7 @@ func startZitadel(config *Config, masterKey string) error {
 	if err != nil {
 		return err
 	}
-	err = startAPIs(ctx, clock, router, commands, queries, eventstoreClient, dbClient, config, storage, authZRepo, keys, commands, usageReporter)
+	err = startAPIs(ctx, clock, router, commands, queries, eventstoreClient, dbClient, config, storage, authZRepo, keys, queries, usageReporter)
 	if err != nil {
 		return err
 	}
@@ -189,7 +188,7 @@ func startAPIs(
 	commands *command.Commands,
 	queries *query.Queries,
 	eventstore *eventstore.Eventstore,
-	dbClient *sql.DB,
+	dbClient *database.DB,
 	config *Config,
 	store static.Storage,
 	authZRepo authz_repo.Repository,
@@ -233,10 +232,10 @@ func startAPIs(
 	if err != nil {
 		return fmt.Errorf("error starting admin repo: %w", err)
 	}
-	if err := apis.RegisterServer(ctx, system.CreateServer(commands, queries, adminRepo, config.Database.Database(), config.DefaultInstance, config.ExternalDomain)); err != nil {
+	if err := apis.RegisterServer(ctx, system.CreateServer(commands, queries, adminRepo, config.Database.DatabaseName(), config.DefaultInstance, config.ExternalDomain)); err != nil {
 		return err
 	}
-	if err := apis.RegisterServer(ctx, admin.CreateServer(config.Database.Database(), commands, queries, config.SystemDefaults, adminRepo, config.ExternalSecure, keys.User)); err != nil {
+	if err := apis.RegisterServer(ctx, admin.CreateServer(config.Database.DatabaseName(), commands, queries, config.SystemDefaults, adminRepo, config.ExternalSecure, keys.User)); err != nil {
 		return err
 	}
 	if err := apis.RegisterServer(ctx, management.CreateServer(commands, queries, config.SystemDefaults, keys.User, config.ExternalSecure, config.AuditLogRetention)); err != nil {
@@ -247,7 +246,7 @@ func startAPIs(
 	}
 	instanceInterceptor := middleware.InstanceInterceptor(queries, config.HTTP1HostHeader, login.IgnoreInstanceEndpoints...)
 	assetsCache := middleware.AssetsCacheInterceptor(config.AssetStorage.Cache.MaxAge, config.AssetStorage.Cache.SharedMaxAge)
-	apis.RegisterHandler(assets.HandlerPrefix, assets.NewHandler(commands, verifier, config.InternalAuthZ, id.SonyFlakeGenerator(), store, queries, instanceInterceptor.Handler, assetsCache.Handler, accessInterceptor.Handle))
+	apis.RegisterHandler(assets.HandlerPrefix, assets.NewHandler(commands, verifier, config.InternalAuthZ, id.SonyFlakeGenerator(), store, queries, middleware.CallDurationHandler, instanceInterceptor.Handler, assetsCache.Handler, accessInterceptor.Handle))

 	userAgentInterceptor, err := middleware.NewUserAgentHandler(config.UserAgentCookie, keys.UserAgentCookieKey, id.SonyFlakeGenerator(), config.ExternalSecure, login.EndpointResources)
 	if err != nil {
@@ -272,7 +271,7 @@ func startAPIs(
 	}
 	apis.RegisterHandler(saml.HandlerPrefix, samlProvider.HttpHandler())

-	c, err := console.Start(config.Console, config.ExternalSecure, oidcProvider.IssuerFromRequest, instanceInterceptor.Handler, accessInterceptor.Handle, config.CustomerPortal)
+	c, err := console.Start(config.Console, config.ExternalSecure, oidcProvider.IssuerFromRequest, middleware.CallDurationHandler, instanceInterceptor.Handler, accessInterceptor.Handle, config.CustomerPortal)
 	if err != nil {
 		return fmt.Errorf("unable to start console: %w", err)
 	}