mirror of
https://github.com/zitadel/zitadel.git
synced 2025-12-06 10:52:17 +00:00
2727fa719d
# Which Problems Are Solved
The event execution system currently uses a projection handler that
subscribes to and processes all events for all instances. This creates a
high static cost because the system over-fetches event data, handling
many events that are not needed by most instances. This inefficiency is
also reflected in high "rows returned" metrics in the database.
# How the Problems Are Solved
Eliminate the use of a project handler. Instead, events for which
"execution targets" are defined, are directly pushed to the queue by the
eventstore. A Router is populated in the Instance object in the authz
middleware.
- By joining the execution targets to the instance, no additional
queries are needed anymore.
- As part of the instance object, execution targets are now cached as
well.
- Events are queued within the same transaction, giving transactional
guarantees on delivery.
- Uses the "insert many fast` variant of River. Multiple jobs are queued
in a single round-trip to the database.
- Fix compatibility with PostgreSQL 15
# Additional Changes
- The signing key was stored as plain-text in the river job payload in
the DB. This violated our [Secrets
Storage](https://zitadel.com/docs/concepts/architecture/secrets#secrets-storage)
principle. This change removed the field and only uses the encrypted
version of the signing key.
- Fixed the target ordering from descending to ascending.
- Some minor linter warnings on the use of `io.WriteString()`.
# Additional Context
- Introduced in https://github.com/zitadel/zitadel/pull/9249
- Closes https://github.com/zitadel/zitadel/issues/10553
- Closes https://github.com/zitadel/zitadel/issues/9832
- Closes https://github.com/zitadel/zitadel/issues/10372
- Closes https://github.com/zitadel/zitadel/issues/10492
---------
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
(cherry picked from commit a9ebc06c77)
137 lines
2.5 KiB
Go
137 lines
2.5 KiB
Go
package authz
|
|
|
|
import (
|
|
"context"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
"golang.org/x/text/language"
|
|
|
|
"github.com/zitadel/zitadel/internal/execution/target"
|
|
"github.com/zitadel/zitadel/internal/feature"
|
|
)
|
|
|
|
func Test_Instance(t *testing.T) {
|
|
type args struct {
|
|
ctx context.Context
|
|
}
|
|
type res struct {
|
|
instanceID string
|
|
projectID string
|
|
consoleID string
|
|
features feature.Features
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
args args
|
|
res res
|
|
}{
|
|
{
|
|
"empty context",
|
|
args{
|
|
context.Background(),
|
|
},
|
|
res{
|
|
instanceID: "",
|
|
projectID: "",
|
|
consoleID: "",
|
|
},
|
|
},
|
|
{
|
|
"WithInstanceID",
|
|
args{
|
|
WithInstanceID(context.Background(), "id"),
|
|
},
|
|
res{
|
|
instanceID: "id",
|
|
projectID: "",
|
|
consoleID: "",
|
|
},
|
|
},
|
|
{
|
|
"WithInstance",
|
|
args{
|
|
WithInstance(context.Background(), &mockInstance{}),
|
|
},
|
|
res{
|
|
instanceID: "instanceID",
|
|
projectID: "projectID",
|
|
consoleID: "consoleID",
|
|
},
|
|
},
|
|
{
|
|
"WithFeatures",
|
|
args{
|
|
WithFeatures(context.Background(), feature.Features{
|
|
LoginDefaultOrg: true,
|
|
}),
|
|
},
|
|
res{
|
|
features: feature.Features{
|
|
LoginDefaultOrg: true,
|
|
},
|
|
},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
got := GetInstance(tt.args.ctx)
|
|
assert.Equal(t, tt.res.instanceID, got.InstanceID())
|
|
assert.Equal(t, tt.res.projectID, got.ProjectID())
|
|
assert.Equal(t, tt.res.consoleID, got.ConsoleClientID())
|
|
assert.Equal(t, tt.res.features, got.Features())
|
|
})
|
|
}
|
|
}
|
|
|
|
type mockInstance struct{}
|
|
|
|
func (m *mockInstance) Block() *bool {
|
|
panic("shouldn't be called here")
|
|
}
|
|
|
|
func (m *mockInstance) AuditLogRetention() *time.Duration {
|
|
panic("shouldn't be called here")
|
|
}
|
|
|
|
func (m *mockInstance) InstanceID() string {
|
|
return "instanceID"
|
|
}
|
|
|
|
func (m *mockInstance) ProjectID() string {
|
|
return "projectID"
|
|
}
|
|
|
|
func (m *mockInstance) ConsoleClientID() string {
|
|
return "consoleID"
|
|
}
|
|
|
|
func (m *mockInstance) ConsoleApplicationID() string {
|
|
return "appID"
|
|
}
|
|
|
|
func (m *mockInstance) DefaultLanguage() language.Tag {
|
|
return language.English
|
|
}
|
|
|
|
func (m *mockInstance) DefaultOrganisationID() string {
|
|
return "orgID"
|
|
}
|
|
|
|
func (m *mockInstance) SecurityPolicyAllowedOrigins() []string {
|
|
return nil
|
|
}
|
|
|
|
func (m *mockInstance) EnableImpersonation() bool {
|
|
return false
|
|
}
|
|
|
|
func (m *mockInstance) Features() feature.Features {
|
|
return feature.Features{}
|
|
}
|
|
|
|
func (m *mockInstance) ExecutionRouter() target.Router {
|
|
return target.NewRouter(nil)
|
|
}
|