mirror of
https://github.com/zitadel/zitadel.git
synced 2025-11-02 03:38:46 +00:00
2727fa719d
# Which Problems Are Solved
The event execution system currently uses a projection handler that
subscribes to and processes all events for all instances. This creates a
high static cost because the system over-fetches event data, handling
many events that are not needed by most instances. This inefficiency is
also reflected in high "rows returned" metrics in the database.
# How the Problems Are Solved
Eliminate the use of a project handler. Instead, events for which
"execution targets" are defined, are directly pushed to the queue by the
eventstore. A Router is populated in the Instance object in the authz
middleware.
- By joining the execution targets to the instance, no additional
queries are needed anymore.
- As part of the instance object, execution targets are now cached as
well.
- Events are queued within the same transaction, giving transactional
guarantees on delivery.
- Uses the "insert many fast` variant of River. Multiple jobs are queued
in a single round-trip to the database.
- Fix compatibility with PostgreSQL 15
# Additional Changes
- The signing key was stored as plain-text in the river job payload in
the DB. This violated our [Secrets
Storage](https://zitadel.com/docs/concepts/architecture/secrets#secrets-storage)
principle. This change removed the field and only uses the encrypted
version of the signing key.
- Fixed the target ordering from descending to ascending.
- Some minor linter warnings on the use of `io.WriteString()`.
# Additional Context
- Introduced in https://github.com/zitadel/zitadel/pull/9249
- Closes https://github.com/zitadel/zitadel/issues/10553
- Closes https://github.com/zitadel/zitadel/issues/9832
- Closes https://github.com/zitadel/zitadel/issues/10372
- Closes https://github.com/zitadel/zitadel/issues/10492
---------
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
(cherry picked from commit a9ebc06c77)
92 lines
2.6 KiB
Go
92 lines
2.6 KiB
Go
package execution
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"errors"
|
|
"fmt"
|
|
"time"
|
|
|
|
"github.com/riverqueue/river"
|
|
|
|
"github.com/zitadel/zitadel/internal/crypto"
|
|
target_domain "github.com/zitadel/zitadel/internal/execution/target"
|
|
exec_repo "github.com/zitadel/zitadel/internal/repository/execution"
|
|
)
|
|
|
|
type Worker struct {
|
|
river.WorkerDefaults[*exec_repo.Request]
|
|
|
|
config WorkerConfig
|
|
now nowFunc
|
|
|
|
targetEncAlg crypto.EncryptionAlgorithm
|
|
}
|
|
|
|
// Timeout implements the Timeout-function of [river.Worker].
|
|
// Maximum time a job can run before the context gets cancelled.
|
|
// The time can be shorter than the sum of target timeouts, this is expected behavior to not block the request indefinitely.
|
|
func (w *Worker) Timeout(*river.Job[*exec_repo.Request]) time.Duration {
|
|
return w.config.TransactionDuration
|
|
}
|
|
|
|
// Work implements [river.Worker].
|
|
func (w *Worker) Work(ctx context.Context, job *river.Job[*exec_repo.Request]) error {
|
|
ctx = ContextWithExecuter(ctx, job.Args.Aggregate)
|
|
|
|
// if the event is too old, we can directly return as it will be removed anyway
|
|
if job.CreatedAt.Add(w.config.MaxTtl).Before(w.now()) {
|
|
return river.JobCancel(errors.New("event is too old"))
|
|
}
|
|
|
|
targets, err := TargetsFromRequest(job.Args)
|
|
if err != nil {
|
|
// If we are not able to get the targets from the request, we can cancel the job, as we have nothing to call
|
|
return river.JobCancel(fmt.Errorf("unable to unmarshal targets because %w", err))
|
|
}
|
|
|
|
_, err = CallTargets(ctx, targets, exec_repo.ContextInfoFromRequest(job.Args), w.targetEncAlg)
|
|
if err != nil {
|
|
// If there is an error returned from the targets, it means that the execution was interrupted
|
|
return river.JobCancel(fmt.Errorf("interruption during call of targets because %w", err))
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// nowFunc makes [time.Now] mockable
|
|
type nowFunc func() time.Time
|
|
|
|
type WorkerConfig struct {
|
|
Workers uint8
|
|
TransactionDuration time.Duration
|
|
MaxTtl time.Duration
|
|
}
|
|
|
|
func NewWorker(
|
|
config WorkerConfig,
|
|
targetEncAlg crypto.EncryptionAlgorithm,
|
|
) *Worker {
|
|
return &Worker{
|
|
config: config,
|
|
now: time.Now,
|
|
targetEncAlg: targetEncAlg,
|
|
}
|
|
}
|
|
|
|
var _ river.Worker[*exec_repo.Request] = (*Worker)(nil)
|
|
|
|
func (w *Worker) Register(workers *river.Workers, queues map[string]river.QueueConfig) {
|
|
river.AddWorker(workers, w)
|
|
queues[exec_repo.QueueName] = river.QueueConfig{
|
|
MaxWorkers: int(w.config.Workers),
|
|
}
|
|
}
|
|
|
|
func TargetsFromRequest(e *exec_repo.Request) ([]target_domain.Target, error) {
|
|
var targets []target_domain.Target
|
|
if err := json.Unmarshal(e.TargetsData, &targets); err != nil {
|
|
return nil, err
|
|
}
|
|
return targets, nil
|
|
}
|