mirror of
https://github.com/zitadel/zitadel.git
synced 2025-01-09 17:03:40 +00:00
1d84635836
# Which Problems Are Solved To improve performance a new table and method is implemented on eventstore. The goal of this table is to index searchable fields on command side to use it on command and query side. The table allows to store one primitive value (numeric, text) per row. The eventstore framework is extended by the `Search`-method which allows to search for objects. The `Command`-interface is extended by the `SearchOperations()`-method which does manipulate the the `search`-table. # How the Problems Are Solved This PR adds the capability of improving performance for command and query side by using the `Search`-method of the eventstore instead of using one of the `Filter`-methods. # Open Tasks - [x] Add feature flag - [x] Unit tests - [ ] ~~Benchmarks if needed~~ - [x] Ensure no behavior change - [x] Add setup step to fill table with current data - [x] Add projection which ensures data added between setup and start of the new version are also added to the table # Additional Changes The `Search`-method is currently used by `ProjectGrant`-command side. # Additional Context - Closes https://github.com/zitadel/zitadel/issues/8094
333 lines
12 KiB
Go
333 lines
12 KiB
Go
package command
|
|
|
|
import (
|
|
"context"
|
|
"reflect"
|
|
|
|
"github.com/zitadel/logging"
|
|
|
|
"github.com/zitadel/zitadel/internal/api/authz"
|
|
"github.com/zitadel/zitadel/internal/domain"
|
|
"github.com/zitadel/zitadel/internal/eventstore"
|
|
"github.com/zitadel/zitadel/internal/feature"
|
|
"github.com/zitadel/zitadel/internal/repository/org"
|
|
"github.com/zitadel/zitadel/internal/repository/project"
|
|
"github.com/zitadel/zitadel/internal/telemetry/tracing"
|
|
"github.com/zitadel/zitadel/internal/zerrors"
|
|
)
|
|
|
|
func (c *Commands) AddProjectGrantWithID(ctx context.Context, grant *domain.ProjectGrant, grantID string, resourceOwner string) (_ *domain.ProjectGrant, err error) {
|
|
ctx, span := tracing.NewSpan(ctx)
|
|
defer func() { span.EndWithError(err) }()
|
|
|
|
return c.addProjectGrantWithID(ctx, grant, grantID, resourceOwner)
|
|
}
|
|
|
|
func (c *Commands) AddProjectGrant(ctx context.Context, grant *domain.ProjectGrant, resourceOwner string) (_ *domain.ProjectGrant, err error) {
|
|
if !grant.IsValid() {
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-3b8fs", "Errors.Project.Grant.Invalid")
|
|
}
|
|
err = c.checkProjectGrantPreCondition(ctx, grant)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
grantID, err := c.idGenerator.Next()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return c.addProjectGrantWithID(ctx, grant, grantID, resourceOwner)
|
|
}
|
|
|
|
func (c *Commands) addProjectGrantWithID(ctx context.Context, grant *domain.ProjectGrant, grantID string, resourceOwner string) (_ *domain.ProjectGrant, err error) {
|
|
grant.GrantID = grantID
|
|
|
|
addedGrant := NewProjectGrantWriteModel(grant.GrantID, grant.AggregateID, resourceOwner)
|
|
projectAgg := ProjectAggregateFromWriteModel(&addedGrant.WriteModel)
|
|
pushedEvents, err := c.eventstore.Push(
|
|
ctx,
|
|
project.NewGrantAddedEvent(ctx, projectAgg, grant.GrantID, grant.GrantedOrgID, grant.RoleKeys))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
err = AppendAndReduce(addedGrant, pushedEvents...)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return projectGrantWriteModelToProjectGrant(addedGrant), nil
|
|
}
|
|
|
|
func (c *Commands) ChangeProjectGrant(ctx context.Context, grant *domain.ProjectGrant, resourceOwner string, cascadeUserGrantIDs ...string) (_ *domain.ProjectGrant, err error) {
|
|
if grant.GrantID == "" {
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-1j83s", "Errors.IDMissing")
|
|
}
|
|
existingGrant, err := c.projectGrantWriteModelByID(ctx, grant.GrantID, grant.AggregateID, resourceOwner)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
grant.GrantedOrgID = existingGrant.GrantedOrgID
|
|
err = c.checkProjectGrantPreCondition(ctx, grant)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
projectAgg := ProjectAggregateFromWriteModel(&existingGrant.WriteModel)
|
|
|
|
if reflect.DeepEqual(existingGrant.RoleKeys, grant.RoleKeys) {
|
|
return nil, zerrors.ThrowPreconditionFailed(nil, "PROJECT-0o0pL", "Errors.NoChangesFoundc")
|
|
}
|
|
|
|
events := []eventstore.Command{
|
|
project.NewGrantChangedEvent(ctx, projectAgg, grant.GrantID, grant.RoleKeys),
|
|
}
|
|
|
|
removedRoles := domain.GetRemovedRoles(existingGrant.RoleKeys, grant.RoleKeys)
|
|
if len(removedRoles) == 0 {
|
|
pushedEvents, err := c.eventstore.Push(ctx, events...)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
err = AppendAndReduce(existingGrant, pushedEvents...)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return projectGrantWriteModelToProjectGrant(existingGrant), nil
|
|
}
|
|
|
|
for _, userGrantID := range cascadeUserGrantIDs {
|
|
event, err := c.removeRoleFromUserGrant(ctx, userGrantID, removedRoles, true)
|
|
if err != nil {
|
|
continue
|
|
}
|
|
events = append(events, event)
|
|
}
|
|
pushedEvents, err := c.eventstore.Push(ctx, events...)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
err = AppendAndReduce(existingGrant, pushedEvents...)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return projectGrantWriteModelToProjectGrant(existingGrant), nil
|
|
}
|
|
|
|
func (c *Commands) removeRoleFromProjectGrant(ctx context.Context, projectAgg *eventstore.Aggregate, projectID, projectGrantID, roleKey string, cascade bool) (_ eventstore.Command, _ *ProjectGrantWriteModel, err error) {
|
|
existingProjectGrant, err := c.projectGrantWriteModelByID(ctx, projectGrantID, projectID, "")
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
if existingProjectGrant.State == domain.ProjectGrantStateUnspecified || existingProjectGrant.State == domain.ProjectGrantStateRemoved {
|
|
return nil, nil, zerrors.ThrowNotFound(nil, "COMMAND-3M9sd", "Errors.Project.Grant.NotFound")
|
|
}
|
|
keyExists := false
|
|
for i, key := range existingProjectGrant.RoleKeys {
|
|
if key == roleKey {
|
|
keyExists = true
|
|
copy(existingProjectGrant.RoleKeys[i:], existingProjectGrant.RoleKeys[i+1:])
|
|
existingProjectGrant.RoleKeys[len(existingProjectGrant.RoleKeys)-1] = ""
|
|
existingProjectGrant.RoleKeys = existingProjectGrant.RoleKeys[:len(existingProjectGrant.RoleKeys)-1]
|
|
continue
|
|
}
|
|
}
|
|
if !keyExists {
|
|
return nil, nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-5m8g9", "Errors.Project.Grant.RoleKeyNotFound")
|
|
}
|
|
changedProjectGrant := NewProjectGrantWriteModel(projectGrantID, projectID, existingProjectGrant.ResourceOwner)
|
|
|
|
if cascade {
|
|
return project.NewGrantCascadeChangedEvent(ctx, projectAgg, projectGrantID, existingProjectGrant.RoleKeys), changedProjectGrant, nil
|
|
}
|
|
|
|
return project.NewGrantChangedEvent(ctx, projectAgg, projectGrantID, existingProjectGrant.RoleKeys), changedProjectGrant, nil
|
|
}
|
|
|
|
func (c *Commands) DeactivateProjectGrant(ctx context.Context, projectID, grantID, resourceOwner string) (details *domain.ObjectDetails, err error) {
|
|
if grantID == "" || projectID == "" {
|
|
return details, zerrors.ThrowInvalidArgument(nil, "PROJECT-p0s4V", "Errors.IDMissing")
|
|
}
|
|
|
|
err = c.checkProjectExists(ctx, projectID, resourceOwner)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
existingGrant, err := c.projectGrantWriteModelByID(ctx, grantID, projectID, resourceOwner)
|
|
if err != nil {
|
|
return details, err
|
|
}
|
|
if existingGrant.State != domain.ProjectGrantStateActive {
|
|
return details, zerrors.ThrowPreconditionFailed(nil, "PROJECT-47fu8", "Errors.Project.Grant.NotActive")
|
|
}
|
|
projectAgg := ProjectAggregateFromWriteModel(&existingGrant.WriteModel)
|
|
|
|
pushedEvents, err := c.eventstore.Push(ctx, project.NewGrantDeactivateEvent(ctx, projectAgg, grantID))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
err = AppendAndReduce(existingGrant, pushedEvents...)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return writeModelToObjectDetails(&existingGrant.WriteModel), nil
|
|
}
|
|
|
|
func (c *Commands) ReactivateProjectGrant(ctx context.Context, projectID, grantID, resourceOwner string) (details *domain.ObjectDetails, err error) {
|
|
if grantID == "" || projectID == "" {
|
|
return details, zerrors.ThrowInvalidArgument(nil, "PROJECT-p0s4V", "Errors.IDMissing")
|
|
}
|
|
|
|
err = c.checkProjectExists(ctx, projectID, resourceOwner)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
existingGrant, err := c.projectGrantWriteModelByID(ctx, grantID, projectID, resourceOwner)
|
|
if err != nil {
|
|
return details, err
|
|
}
|
|
if existingGrant.State != domain.ProjectGrantStateInactive {
|
|
return details, zerrors.ThrowPreconditionFailed(nil, "PROJECT-47fu8", "Errors.Project.Grant.NotInactive")
|
|
}
|
|
projectAgg := ProjectAggregateFromWriteModel(&existingGrant.WriteModel)
|
|
pushedEvents, err := c.eventstore.Push(ctx, project.NewGrantReactivatedEvent(ctx, projectAgg, grantID))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
err = AppendAndReduce(existingGrant, pushedEvents...)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return writeModelToObjectDetails(&existingGrant.WriteModel), nil
|
|
}
|
|
|
|
func (c *Commands) RemoveProjectGrant(ctx context.Context, projectID, grantID, resourceOwner string, cascadeUserGrantIDs ...string) (details *domain.ObjectDetails, err error) {
|
|
if grantID == "" || projectID == "" {
|
|
return details, zerrors.ThrowInvalidArgument(nil, "PROJECT-1m9fJ", "Errors.IDMissing")
|
|
}
|
|
|
|
err = c.checkProjectExists(ctx, projectID, resourceOwner)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
existingGrant, err := c.projectGrantWriteModelByID(ctx, grantID, projectID, resourceOwner)
|
|
if err != nil {
|
|
return details, err
|
|
}
|
|
events := make([]eventstore.Command, 0)
|
|
projectAgg := ProjectAggregateFromWriteModel(&existingGrant.WriteModel)
|
|
events = append(events, project.NewGrantRemovedEvent(ctx, projectAgg, grantID, existingGrant.GrantedOrgID))
|
|
|
|
for _, userGrantID := range cascadeUserGrantIDs {
|
|
event, _, err := c.removeUserGrant(ctx, userGrantID, "", true)
|
|
if err != nil {
|
|
logging.LogWithFields("COMMAND-3m8sG", "usergrantid", grantID).WithError(err).Warn("could not cascade remove user grant")
|
|
continue
|
|
}
|
|
events = append(events, event)
|
|
}
|
|
pushedEvents, err := c.eventstore.Push(ctx, events...)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
err = AppendAndReduce(existingGrant, pushedEvents...)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return writeModelToObjectDetails(&existingGrant.WriteModel), nil
|
|
}
|
|
|
|
func (c *Commands) projectGrantWriteModelByID(ctx context.Context, grantID, projectID, resourceOwner string) (member *ProjectGrantWriteModel, err error) {
|
|
ctx, span := tracing.NewSpan(ctx)
|
|
defer func() { span.EndWithError(err) }()
|
|
|
|
writeModel := NewProjectGrantWriteModel(grantID, projectID, resourceOwner)
|
|
err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if writeModel.State == domain.ProjectGrantStateUnspecified || writeModel.State == domain.ProjectGrantStateRemoved {
|
|
return nil, zerrors.ThrowNotFound(nil, "PROJECT-D8JxR", "Errors.Project.Grant.NotFound")
|
|
}
|
|
|
|
return writeModel, nil
|
|
}
|
|
|
|
func (c *Commands) checkProjectGrantPreCondition(ctx context.Context, projectGrant *domain.ProjectGrant) error {
|
|
if !authz.GetFeatures(ctx).ShouldUseImprovedPerformance(feature.ImprovedPerformanceTypeProjectGrant) {
|
|
return c.checkProjectGrantPreConditionOld(ctx, projectGrant)
|
|
}
|
|
results, err := c.eventstore.Search(
|
|
ctx,
|
|
// project state query
|
|
map[eventstore.FieldType]any{
|
|
eventstore.FieldTypeAggregateType: project.AggregateType,
|
|
eventstore.FieldTypeAggregateID: projectGrant.AggregateID,
|
|
eventstore.FieldTypeFieldName: project.ProjectStateSearchField,
|
|
eventstore.FieldTypeObjectType: project.ProjectSearchType,
|
|
},
|
|
// granted org query
|
|
map[eventstore.FieldType]any{
|
|
eventstore.FieldTypeAggregateType: org.AggregateType,
|
|
eventstore.FieldTypeAggregateID: projectGrant.GrantedOrgID,
|
|
eventstore.FieldTypeFieldName: org.OrgStateSearchField,
|
|
eventstore.FieldTypeObjectType: org.OrgSearchType,
|
|
},
|
|
// role query
|
|
map[eventstore.FieldType]any{
|
|
eventstore.FieldTypeAggregateType: project.AggregateType,
|
|
eventstore.FieldTypeAggregateID: projectGrant.AggregateID,
|
|
eventstore.FieldTypeFieldName: project.ProjectRoleKeySearchField,
|
|
eventstore.FieldTypeObjectType: project.ProjectRoleSearchType,
|
|
},
|
|
)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
var (
|
|
existsProject bool
|
|
existsGrantedOrg bool
|
|
existingRoleKeys []string
|
|
)
|
|
|
|
for _, result := range results {
|
|
switch result.Object.Type {
|
|
case project.ProjectRoleSearchType:
|
|
var role string
|
|
err := result.Value.Unmarshal(&role)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
existingRoleKeys = append(existingRoleKeys, role)
|
|
case org.OrgSearchType:
|
|
var state domain.OrgState
|
|
err := result.Value.Unmarshal(&state)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
existsGrantedOrg = state.Valid() && state != domain.OrgStateRemoved
|
|
case project.ProjectSearchType:
|
|
var state domain.ProjectState
|
|
err := result.Value.Unmarshal(&state)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
existsProject = state.Valid() && state != domain.ProjectStateRemoved
|
|
}
|
|
}
|
|
|
|
if !existsProject {
|
|
return zerrors.ThrowPreconditionFailed(err, "COMMAND-m9gsd", "Errors.Project.NotFound")
|
|
}
|
|
if !existsGrantedOrg {
|
|
return zerrors.ThrowPreconditionFailed(err, "COMMAND-3m9gg", "Errors.Org.NotFound")
|
|
}
|
|
if projectGrant.HasInvalidRoles(existingRoleKeys) {
|
|
return zerrors.ThrowPreconditionFailed(err, "COMMAND-6m9gd", "Errors.Project.Role.NotFound")
|
|
}
|
|
return nil
|
|
}
|