mirror of
https://github.com/zitadel/zitadel.git
synced 2025-01-07 22:37:40 +00:00
2243306ef6
# Which Problems Are Solved Adds the possibility to mirror an existing database to a new one. For that a new command was added `zitadel mirror`. Including it's subcommands for a more fine grained mirror of the data. Sub commands: * `zitadel mirror eventstore`: copies only events and their unique constraints * `zitadel mirror system`: mirrors the data of the `system`-schema * `zitadel mirror projections`: runs all projections * `zitadel mirror auth`: copies auth requests * `zitadel mirror verify`: counts the amount of rows in the source and destination database and prints the diff. The command requires one of the following flags: * `--system`: copies all instances of the system * `--instance <instance-id>`, `--instance <comma separated list of instance ids>`: copies only the defined instances The command is save to execute multiple times by adding the `--replace`-flag. This replaces currently existing data except of the `events`-table # Additional Changes A `--for-mirror`-flag was added to `zitadel setup` to prepare the new database. The flag skips the creation of the first instances and initial run of projections. It is now possible to skip the creation of the first instance during setup by setting `FirstInstance.Skip` to true in the steps configuration. # Additional info It is currently not possible to merge multiple databases. See https://github.com/zitadel/zitadel/issues/7964 for more details. It is currently not possible to use files. See https://github.com/zitadel/zitadel/issues/7966 for more information. closes https://github.com/zitadel/zitadel/issues/7586 closes https://github.com/zitadel/zitadel/issues/7486 ### Definition of Ready - [x] I am happy with the code - [x] Short description of the feature/issue is added in the pr description - [x] PR is linked to the corresponding user story - [x] Acceptance criteria are met - [x] All open todos and follow ups are defined in a new ticket and justified - [x] Deviations from the acceptance criteria and design are agreed with the PO and documented. - [x] No debug or dead code - [x] My code has no repetitions - [x] Critical parts are tested automatically - [ ] Where possible E2E tests are implemented - [x] Documentation/examples are up-to-date - [x] All non-functional requirements are met - [x] Functionality of the acceptance criteria is checked manually on the dev system. --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
182 lines
4.0 KiB
Go
182 lines
4.0 KiB
Go
package cockroach
|
|
|
|
import (
|
|
"database/sql"
|
|
"strconv"
|
|
"strings"
|
|
"time"
|
|
|
|
_ "github.com/jackc/pgx/v5/stdlib"
|
|
"github.com/mitchellh/mapstructure"
|
|
"github.com/zitadel/logging"
|
|
|
|
"github.com/zitadel/zitadel/internal/database/dialect"
|
|
)
|
|
|
|
func init() {
|
|
config := new(Config)
|
|
dialect.Register(config, config, true)
|
|
}
|
|
|
|
const (
|
|
sslDisabledMode = "disable"
|
|
sslRequireMode = "require"
|
|
sslAllowMode = "allow"
|
|
sslPreferMode = "prefer"
|
|
)
|
|
|
|
type Config struct {
|
|
Host string
|
|
Port uint16
|
|
Database string
|
|
MaxOpenConns uint32
|
|
MaxIdleConns uint32
|
|
MaxConnLifetime time.Duration
|
|
MaxConnIdleTime time.Duration
|
|
User User
|
|
Admin User
|
|
// Additional options to be appended as options=<Options>
|
|
// The value will be taken as is. Multiple options are space separated.
|
|
Options string
|
|
}
|
|
|
|
func (c *Config) MatchName(name string) bool {
|
|
for _, key := range []string{"crdb", "cockroach"} {
|
|
if strings.TrimSpace(strings.ToLower(name)) == key {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
func (_ *Config) Decode(configs []interface{}) (dialect.Connector, error) {
|
|
connector := new(Config)
|
|
decoder, err := mapstructure.NewDecoder(&mapstructure.DecoderConfig{
|
|
DecodeHook: mapstructure.StringToTimeDurationHookFunc(),
|
|
WeaklyTypedInput: true,
|
|
Result: connector,
|
|
})
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
for _, config := range configs {
|
|
if err = decoder.Decode(config); err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
|
|
return connector, nil
|
|
}
|
|
|
|
func (c *Config) Connect(useAdmin bool, pusherRatio, spoolerRatio float64, purpose dialect.DBPurpose) (*sql.DB, error) {
|
|
client, err := sql.Open("pgx", c.String(useAdmin, purpose.AppName()))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
connConfig, err := dialect.NewConnectionConfig(c.MaxOpenConns, c.MaxIdleConns, spoolerRatio, pusherRatio, purpose)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
client.SetMaxOpenConns(int(connConfig.MaxOpenConns))
|
|
client.SetMaxIdleConns(int(connConfig.MaxIdleConns))
|
|
client.SetConnMaxLifetime(c.MaxConnLifetime)
|
|
client.SetConnMaxIdleTime(c.MaxConnIdleTime)
|
|
|
|
return client, nil
|
|
}
|
|
|
|
func (c *Config) DatabaseName() string {
|
|
return c.Database
|
|
}
|
|
|
|
func (c *Config) Username() string {
|
|
return c.User.Username
|
|
}
|
|
|
|
func (c *Config) Password() string {
|
|
return c.User.Password
|
|
}
|
|
|
|
func (c *Config) Type() string {
|
|
return "cockroach"
|
|
}
|
|
|
|
func (c *Config) Timetravel(d time.Duration) string {
|
|
return ""
|
|
}
|
|
|
|
type User struct {
|
|
Username string
|
|
Password string
|
|
SSL SSL
|
|
}
|
|
|
|
type SSL struct {
|
|
// type of connection security
|
|
Mode string
|
|
// RootCert Path to the CA certificate
|
|
RootCert string
|
|
// Cert Path to the client certificate
|
|
Cert string
|
|
// Key Path to the client private key
|
|
Key string
|
|
}
|
|
|
|
func (c *Config) checkSSL(user User) {
|
|
if user.SSL.Mode == sslDisabledMode || user.SSL.Mode == "" {
|
|
user.SSL = SSL{Mode: sslDisabledMode}
|
|
return
|
|
}
|
|
|
|
if user.SSL.Mode == sslRequireMode || user.SSL.Mode == sslAllowMode || user.SSL.Mode == sslPreferMode {
|
|
return
|
|
}
|
|
|
|
if user.SSL.RootCert == "" {
|
|
logging.WithFields(
|
|
"cert set", user.SSL.Cert != "",
|
|
"key set", user.SSL.Key != "",
|
|
"rootCert set", user.SSL.RootCert != "",
|
|
).Fatal("at least ssl root cert has to be set")
|
|
}
|
|
}
|
|
|
|
func (c Config) String(useAdmin bool, appName string) string {
|
|
user := c.User
|
|
if useAdmin {
|
|
user = c.Admin
|
|
}
|
|
c.checkSSL(user)
|
|
fields := []string{
|
|
"host=" + c.Host,
|
|
"port=" + strconv.Itoa(int(c.Port)),
|
|
"user=" + user.Username,
|
|
"dbname=" + c.Database,
|
|
"application_name=" + appName,
|
|
"sslmode=" + user.SSL.Mode,
|
|
}
|
|
if c.Options != "" {
|
|
fields = append(fields, "options="+c.Options)
|
|
}
|
|
if !useAdmin {
|
|
fields = append(fields, "dbname="+c.Database)
|
|
}
|
|
if user.Password != "" {
|
|
fields = append(fields, "password="+user.Password)
|
|
}
|
|
if user.SSL.Mode != sslDisabledMode {
|
|
fields = append(fields, "sslrootcert="+user.SSL.RootCert)
|
|
if user.SSL.Cert != "" {
|
|
fields = append(fields, "sslcert="+user.SSL.Cert)
|
|
}
|
|
if user.SSL.Key != "" {
|
|
fields = append(fields, "sslkey="+user.SSL.Key)
|
|
}
|
|
}
|
|
|
|
return strings.Join(fields, " ")
|
|
}
|