TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-12-06 10:32:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
2dba5fa7fc2d422a12c6680642ba1f78afdcbbd7
zitadel/internal/command/action_v2_target_test.go
Tim Möhlmann 2727fa719d perf(actionsv2): execution target router (#10564) 
# Which Problems Are Solved

The event execution system currently uses a projection handler that
subscribes to and processes all events for all instances. This creates a
high static cost because the system over-fetches event data, handling
many events that are not needed by most instances. This inefficiency is
also reflected in high "rows returned" metrics in the database.

# How the Problems Are Solved

Eliminate the use of a project handler. Instead, events for which
"execution targets" are defined, are directly pushed to the queue by the
eventstore. A Router is populated in the Instance object in the authz
middleware.

- By joining the execution targets to the instance, no additional
queries are needed anymore.
- As part of the instance object, execution targets are now cached as
well.
- Events are queued within the same transaction, giving transactional
guarantees on delivery.
- Uses the "insert many fast` variant of River. Multiple jobs are queued
in a single round-trip to the database.
- Fix compatibility with PostgreSQL 15

# Additional Changes

- The signing key was stored as plain-text in the river job payload in
the DB. This violated our [Secrets
Storage](https://zitadel.com/docs/concepts/architecture/secrets#secrets-storage)
principle. This change removed the field and only uses the encrypted
version of the signing key.
- Fixed the target ordering from descending to ascending.
- Some minor linter warnings on the use of `io.WriteString()`.

# Additional Context

- Introduced in https://github.com/zitadel/zitadel/pull/9249
- Closes https://github.com/zitadel/zitadel/issues/10553
- Closes https://github.com/zitadel/zitadel/issues/9832
- Closes https://github.com/zitadel/zitadel/issues/10372
- Closes https://github.com/zitadel/zitadel/issues/10492

---------

Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
(cherry picked from commit a9ebc06c77)
2025-09-01 08:16:52 +02:00

670 lines
14 KiB
Go
Raw Blame History

package command
import (
"context"
"testing"
"time"
"github.com/muhlemmer/gu"
"github.com/stretchr/testify/assert"
"github.com/zitadel/zitadel/internal/crypto"
"github.com/zitadel/zitadel/internal/eventstore"
"github.com/zitadel/zitadel/internal/eventstore/v1/models"
target_domain "github.com/zitadel/zitadel/internal/execution/target"
"github.com/zitadel/zitadel/internal/id"
"github.com/zitadel/zitadel/internal/id/mock"
"github.com/zitadel/zitadel/internal/repository/target"
"github.com/zitadel/zitadel/internal/zerrors"
)
func TestCommands_AddTarget(t *testing.T) {
type fields struct {
eventstore func(t *testing.T) *eventstore.Eventstore
idGenerator id.Generator
newEncryptedCodeWithDefault encryptedCodeWithDefaultFunc
defaultSecretGenerators *SecretGenerators
}
type args struct {
ctx context.Context
add *AddTarget
resourceOwner string
}
type res struct {
id string
err func(error) bool
}
tests := []struct {
name string
fields fields
args args
res res
}{
{
"no resourceowner, error",
fields{
eventstore: expectEventstore(),
},
args{
ctx: context.Background(),
add: &AddTarget{},
resourceOwner: "",
},
res{
err: zerrors.IsErrorInvalidArgument,
},
},
{
"no name, error",
fields{
eventstore: expectEventstore(),
},
args{
ctx: context.Background(),
add: &AddTarget{},
resourceOwner: "instance",
},
res{
err: zerrors.IsErrorInvalidArgument,
},
},
{
"no timeout, error",
fields{
eventstore: expectEventstore(),
},
args{
ctx: context.Background(),
add: &AddTarget{
Name: "name",
},
resourceOwner: "instance",
},
res{
err: zerrors.IsErrorInvalidArgument,
},
},
{
"no Endpoint, error",
fields{
eventstore: expectEventstore(),
},
args{
ctx: context.Background(),
add: &AddTarget{
Name: "name",
Timeout: time.Second,
Endpoint: "",
},
resourceOwner: "instance",
},
res{
err: zerrors.IsErrorInvalidArgument,
},
},
{
"no parsable Endpoint, error",
fields{
eventstore: expectEventstore(),
},
args{
ctx: context.Background(),
add: &AddTarget{
Name: "name",
Timeout: time.Second,
Endpoint: "://",
},
resourceOwner: "instance",
},
res{
err: zerrors.IsErrorInvalidArgument,
},
},
{
"unique constraint failed, error",
fields{
eventstore: expectEventstore(
expectFilter(),
expectPushFailed(
zerrors.ThrowPreconditionFailed(nil, "id", "name already exists"),
target.NewAddedEvent(context.Background(),
target.NewAggregate("id1", "instance"),
"name",
target_domain.TargetTypeWebhook,
"https://example.com",
time.Second,
false,
&crypto.CryptoValue{
CryptoType: crypto.TypeEncryption,
Algorithm: "enc",
KeyID: "id",
Crypted: []byte("12345678"),
},
),
),
),
idGenerator: mock.ExpectID(t, "id1"),
newEncryptedCodeWithDefault: mockEncryptedCodeWithDefault("12345678", time.Hour),
defaultSecretGenerators: &SecretGenerators{},
},
args{
ctx: context.Background(),
add: &AddTarget{
Name: "name",
Endpoint: "https://example.com",
Timeout: time.Second,
TargetType: target_domain.TargetTypeWebhook,
},
resourceOwner: "instance",
},
res{
err: zerrors.IsPreconditionFailed,
},
},
{
"already existing",
fields{
eventstore: expectEventstore(
expectFilter(
eventFromEventPusher(
targetAddEvent("target", "instance"),
),
),
),
idGenerator: mock.ExpectID(t, "id1"),
},
args{
ctx: context.Background(),
add: &AddTarget{
Name: "name",
TargetType: target_domain.TargetTypeWebhook,
Timeout: time.Second,
Endpoint: "https://example.com",
},
resourceOwner: "instance",
},
res{
err: zerrors.IsErrorAlreadyExists,
},
},
{
"push ok",
fields{
eventstore: expectEventstore(
expectFilter(),
expectPush(
targetAddEvent("id1", "instance"),
),
),
idGenerator: mock.ExpectID(t, "id1"),
newEncryptedCodeWithDefault: mockEncryptedCodeWithDefault("12345678", time.Hour),
defaultSecretGenerators: &SecretGenerators{},
},
args{
ctx: context.Background(),
add: &AddTarget{
Name: "name",
TargetType: target_domain.TargetTypeWebhook,
Timeout: time.Second,
Endpoint: "https://example.com",
},
resourceOwner: "instance",
},
res{
id: "id1",
},
},
{
"push full ok",
fields{
eventstore: expectEventstore(
expectFilter(),
expectPush(
func() eventstore.Command {
event := targetAddEvent("id1", "instance")
event.InterruptOnError = true
return event
}(),
),
),
idGenerator: mock.ExpectID(t, "id1"),
newEncryptedCodeWithDefault: mockEncryptedCodeWithDefault("12345678", time.Hour),
defaultSecretGenerators: &SecretGenerators{},
},
args{
ctx: context.Background(),
add: &AddTarget{
Name: "name",
TargetType: target_domain.TargetTypeWebhook,
Endpoint: "https://example.com",
Timeout: time.Second,
InterruptOnError: true,
},
resourceOwner: "instance",
},
res{
id: "id1",
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
c := &Commands{
eventstore: tt.fields.eventstore(t),
idGenerator: tt.fields.idGenerator,
newEncryptedCodeWithDefault: tt.fields.newEncryptedCodeWithDefault,
defaultSecretGenerators: tt.fields.defaultSecretGenerators,
}
_, err := c.AddTarget(tt.args.ctx, tt.args.add, tt.args.resourceOwner)
if tt.res.err == nil {
assert.NoError(t, err)
}
if tt.res.err != nil && !tt.res.err(err) {
t.Errorf("got wrong err: %v ", err)
}
if tt.res.err == nil {
assert.Equal(t, tt.res.id, tt.args.add.AggregateID)
}
})
}
}
func TestCommands_ChangeTarget(t *testing.T) {
type fields struct {
eventstore func(t *testing.T) *eventstore.Eventstore
newEncryptedCodeWithDefault encryptedCodeWithDefaultFunc
defaultSecretGenerators *SecretGenerators
}
type args struct {
ctx context.Context
change *ChangeTarget
resourceOwner string
}
type res struct {
err func(error) bool
}
tests := []struct {
name string
fields fields
args args
res res
}{
{
"resourceowner missing, error",
fields{
eventstore: expectEventstore(),
},
args{
ctx: context.Background(),
change: &ChangeTarget{},
resourceOwner: "",
},
res{
err: zerrors.IsErrorInvalidArgument,
},
},
{
"id missing, error",
fields{
eventstore: expectEventstore(),
},
args{
ctx: context.Background(),
change: &ChangeTarget{},
resourceOwner: "instance",
},
res{
err: zerrors.IsErrorInvalidArgument,
},
},
{
"name empty, error",
fields{
eventstore: expectEventstore(),
},
args{
ctx: context.Background(),
change: &ChangeTarget{
Name: gu.Ptr(""),
},
resourceOwner: "instance",
},
res{
err: zerrors.IsErrorInvalidArgument,
},
},
{
"timeout empty, error",
fields{
eventstore: expectEventstore(),
},
args{
ctx: context.Background(),
change: &ChangeTarget{
Timeout: gu.Ptr(time.Duration(0)),
},
resourceOwner: "instance",
},
res{
err: zerrors.IsErrorInvalidArgument,
},
},
{
"Endpoint empty, error",
fields{
eventstore: expectEventstore(),
},
args{
ctx: context.Background(),
change: &ChangeTarget{
Endpoint: gu.Ptr(""),
},
resourceOwner: "instance",
},
res{
err: zerrors.IsErrorInvalidArgument,
},
},
{
"Endpoint not parsable, error",
fields{
eventstore: expectEventstore(),
},
args{
ctx: context.Background(),
change: &ChangeTarget{
Endpoint: gu.Ptr("://"),
},
resourceOwner: "instance",
},
res{
err: zerrors.IsErrorInvalidArgument,
},
},
{
"not found, error",
fields{
eventstore: expectEventstore(
expectFilter(),
),
},
args{
ctx: context.Background(),
change: &ChangeTarget{
ObjectRoot: models.ObjectRoot{
AggregateID: "id1",
},
Name: gu.Ptr("name"),
},
resourceOwner: "instance",
},
res{
err: zerrors.IsNotFound,
},
},
{
"no changes",
fields{
eventstore: expectEventstore(
expectFilter(
eventFromEventPusher(
targetAddEvent("target", "instance"),
),
),
),
},
args{
ctx: context.Background(),
change: &ChangeTarget{
ObjectRoot: models.ObjectRoot{
AggregateID: "id1",
},
TargetType: gu.Ptr(target_domain.TargetTypeWebhook),
},
resourceOwner: "instance",
},
res{},
},
{
"unique constraint failed, error",
fields{
eventstore: expectEventstore(
expectFilter(
eventFromEventPusher(
targetAddEvent("target", "instance"),
),
),
expectPushFailed(
zerrors.ThrowPreconditionFailed(nil, "id", "name already exists"),
target.NewChangedEvent(context.Background(),
target.NewAggregate("id1", "instance"),
[]target.Changes{
target.ChangeName("name", "name2"),
},
),
),
),
},
args{
ctx: context.Background(),
change: &ChangeTarget{
ObjectRoot: models.ObjectRoot{
AggregateID: "id1",
},
Name: gu.Ptr("name2"),
},
resourceOwner: "instance",
},
res{
err: zerrors.IsPreconditionFailed,
},
},
{
"push ok",
fields{
eventstore: expectEventstore(
expectFilter(
eventFromEventPusher(
targetAddEvent("id1", "instance"),
),
),
expectPush(
target.NewChangedEvent(context.Background(),
target.NewAggregate("id1", "instance"),
[]target.Changes{
target.ChangeName("name", "name2"),
},
),
),
),
},
args{
ctx: context.Background(),
change: &ChangeTarget{
ObjectRoot: models.ObjectRoot{
AggregateID: "id1",
},
Name: gu.Ptr("name2"),
},
resourceOwner: "instance",
},
res{},
},
{
"push full ok",
fields{
eventstore: expectEventstore(
expectFilter(
eventFromEventPusher(
targetAddEvent("id1", "instance"),
),
),
expectPush(
target.NewChangedEvent(context.Background(),
target.NewAggregate("id1", "instance"),
[]target.Changes{
target.ChangeName("name", "name2"),
target.ChangeEndpoint("https://example2.com"),
target.ChangeTargetType(target_domain.TargetTypeCall),
target.ChangeTimeout(10 * time.Second),
target.ChangeInterruptOnError(true),
target.ChangeSigningKey(&crypto.CryptoValue{
CryptoType: crypto.TypeEncryption,
Algorithm: "enc",
KeyID: "id",
Crypted: []byte("12345678"),
}),
},
),
),
),
newEncryptedCodeWithDefault: mockEncryptedCodeWithDefault("12345678", time.Hour),
defaultSecretGenerators: &SecretGenerators{},
},
args{
ctx: context.Background(),
change: &ChangeTarget{
ObjectRoot: models.ObjectRoot{
AggregateID: "id1",
},
Name: gu.Ptr("name2"),
Endpoint: gu.Ptr("https://example2.com"),
TargetType: gu.Ptr(target_domain.TargetTypeCall),
Timeout: gu.Ptr(10 * time.Second),
InterruptOnError: gu.Ptr(true),
ExpirationSigningKey: true,
},
resourceOwner: "instance",
},
res{},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
c := &Commands{
eventstore: tt.fields.eventstore(t),
newEncryptedCodeWithDefault: tt.fields.newEncryptedCodeWithDefault,
defaultSecretGenerators: tt.fields.defaultSecretGenerators,
}
_, err := c.ChangeTarget(tt.args.ctx, tt.args.change, tt.args.resourceOwner)
if tt.res.err == nil {
assert.NoError(t, err)
}
if tt.res.err != nil && !tt.res.err(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}
func TestCommands_DeleteTarget(t *testing.T) {
type fields struct {
eventstore func(t *testing.T) *eventstore.Eventstore
}
type args struct {
ctx context.Context
id string
resourceOwner string
}
type res struct {
err func(error) bool
}
tests := []struct {
name string
fields fields
args args
res res
}{
{
"id missing, error",
fields{
eventstore: expectEventstore(),
},
args{
ctx: context.Background(),
id: "",
resourceOwner: "instance",
},
res{
err: zerrors.IsErrorInvalidArgument,
},
},
{
"not found, error",
fields{
eventstore: expectEventstore(
expectFilter(),
),
},
args{
ctx: context.Background(),
id: "id1",
resourceOwner: "instance",
},
res{},
},
{
"remove ok",
fields{
eventstore: expectEventstore(
expectFilter(
eventFromEventPusher(
targetAddEvent("id1", "instance"),
),
),
expectPush(
target.NewRemovedEvent(context.Background(),
target.NewAggregate("id1", "instance"),
"name",
),
),
),
},
args{
ctx: context.Background(),
id: "id1",
resourceOwner: "instance",
},
res{},
},
{
"already removed",
fields{
eventstore: expectEventstore(
expectFilter(
eventFromEventPusher(
targetAddEvent("id1", "instance"),
),
eventFromEventPusher(
target.NewRemovedEvent(context.Background(),
target.NewAggregate("id1", "instance"),
"name",
),
),
),
),
},
args{
ctx: context.Background(),
id: "id1",
resourceOwner: "instance",
},
res{},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
c := &Commands{
eventstore: tt.fields.eventstore(t),
}
_, err := c.DeleteTarget(tt.args.ctx, tt.args.id, tt.args.resourceOwner)
if tt.res.err == nil {
assert.NoError(t, err)
}
if tt.res.err != nil && !tt.res.err(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}
Reference in New Issue View Git Blame Copy Permalink