ZITADEL - Identity infrastructure, simplified for you.
Go to file
Tim Möhlmann ff70ede7c7
feat(eventstore): exclude aggregate IDs when event_type occurred (#8940)
# Which Problems Are Solved

For truly event-based notification handler, we need to be able to filter
out events of aggregates which are already handled. For example when an
event like `notify.success` or `notify.failed` was created on an
aggregate, we no longer require events from that aggregate ID.

# How the Problems Are Solved

Extend the query builder to use a `NOT IN` clause which excludes
aggregate IDs when they have certain events for a certain aggregate
type. For optimization and proper index usages, certain filters are
inherited from the parent query, such as:

- Instance ID
- Instance IDs
- Position offset

This is a prettified query as used by the unit tests:

```sql
SELECT created_at, event_type, "sequence", "position", payload, creator, "owner", instance_id, aggregate_type, aggregate_id, revision
FROM eventstore.events2
WHERE instance_id = $1
    AND aggregate_type = $2 
    AND event_type = $3
    AND "position" > $4
    AND aggregate_id NOT IN (
        SELECT aggregate_id
        FROM eventstore.events2
        WHERE aggregate_type = $5
        AND event_type = ANY($6)
        AND instance_id = $7
        AND "position" > $8
    )
ORDER BY "position" DESC, in_tx_order DESC
LIMIT $9
```

I used this query to run it against the `oidc_session` aggregate looking
for added events, excluding aggregates where a token was revoked,
against a recent position. It fully used index scans:

<details>

```json
[
  {
    "Plan": {
      "Node Type": "Index Scan",
      "Parallel Aware": false,
      "Async Capable": false,
      "Scan Direction": "Forward",
      "Index Name": "es_projection",
      "Relation Name": "events2",
      "Alias": "events2",
      "Actual Rows": 2,
      "Actual Loops": 1,
      "Index Cond": "((instance_id = '286399006995644420'::text) AND (aggregate_type = 'oidc_session'::text) AND (event_type = 'oidc_session.added'::text) AND (\"position\" > 1731582100.784168))",
      "Rows Removed by Index Recheck": 0,
      "Filter": "(NOT (hashed SubPlan 1))",
      "Rows Removed by Filter": 1,
      "Plans": [
        {
          "Node Type": "Index Scan",
          "Parent Relationship": "SubPlan",
          "Subplan Name": "SubPlan 1",
          "Parallel Aware": false,
          "Async Capable": false,
          "Scan Direction": "Forward",
          "Index Name": "es_projection",
          "Relation Name": "events2",
          "Alias": "events2_1",
          "Actual Rows": 1,
          "Actual Loops": 1,
          "Index Cond": "((instance_id = '286399006995644420'::text) AND (aggregate_type = 'oidc_session'::text) AND (event_type = 'oidc_session.access_token.revoked'::text) AND (\"position\" > 1731582100.784168))",
          "Rows Removed by Index Recheck": 0
        }
      ]
    },
    "Triggers": [
    ]
  }
]
```

</details>

# Additional Changes

- None

# Additional Context

- Related to https://github.com/zitadel/zitadel/issues/8931

---------

Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
2024-11-25 15:25:11 +00:00
.codecov chore(codecov): make codecov configurable in repo (#40) 2020-04-08 07:37:24 +02:00
.devcontainer docs: fix and harmonize docker compose files (#8839) 2024-10-29 20:02:04 +01:00
.github feat(cache): redis cache (#8822) 2024-11-04 10:44:51 +00:00
build chore(deps): bump node from 18-buster to 20-buster in /build (#6258) 2023-10-12 16:51:50 +00:00
cmd fix: typo in defaults.yaml where ExternalPort should be ExternalDomain (#8923) 2024-11-22 10:25:25 +01:00
console chore(deps): bump cross-spawn from 7.0.3 to 7.0.6 in /console (#8941) 2024-11-25 09:04:30 +01:00
deploy/knative docs: fix knative docs (#7752) 2024-04-18 13:45:15 +00:00
docs chore(deps): bump cross-spawn from 7.0.3 to 7.0.6 in /docs (#8925) 2024-11-25 08:30:09 +00:00
e2e chore: fix crdb version on v24.2.1 (#8607) 2024-09-12 09:30:56 +02:00
internal feat(eventstore): exclude aggregate IDs when event_type occurred (#8940) 2024-11-25 15:25:11 +00:00
load-test chore(load-test): disable userinfo after JWT profile (#8927) 2024-11-19 09:53:07 +01:00
openapi ci: improve performance (#5953) 2023-07-17 10:08:20 +02:00
pkg/grpc perf(query): remove transactions for queries (#8614) 2024-11-04 10:06:14 +01:00
proto docs(user): change some deprecated links (#8913) 2024-11-21 13:26:39 +00:00
statik feat: api v2beta to api v2 (#8283) 2024-07-26 22:39:55 +02:00
.dockerignore ci: improve performance (#5953) 2023-07-17 10:08:20 +02:00
.gitattributes chore(devcontainer): improve devcontainer to work on windows and linux (#8194) 2024-06-25 14:40:34 +00:00
.gitignore chore(load-test): add csv output (#8783) 2024-10-17 22:15:55 +03:00
.golangci.yaml chore(deps): update all go deps (#7773) 2024-04-15 09:17:36 +00:00
.releaserc.js perf(query): remove transactions for queries (#8614) 2024-11-04 10:06:14 +01:00
ADOPTERS.md chore: adding an adopters file for our community (#8909) 2024-11-15 15:48:11 +00:00
buf.gen.yaml ci: improve performance (#5953) 2023-07-17 10:08:20 +02:00
buf.work.yaml chore(console): buf stub build (#5215) 2023-02-17 14:09:11 +00:00
changelog.config.js feat: Merge master (#1260) 2021-02-08 16:48:41 +01:00
CODE_OF_CONDUCT.md chore: rename docs links (#3668) 2022-05-20 14:32:06 +00:00
CONTRIBUTING.md chore(tests): use a coverage server binary (#8407) 2024-09-06 14:47:57 +02:00
go.mod feat(cache): redis circuit breaker (#8890) 2024-11-13 19:11:48 +01:00
go.sum feat(cache): redis circuit breaker (#8890) 2024-11-13 19:11:48 +01:00
LICENSE chore: Update LICENSE (#1087) 2020-12-14 09:40:09 +01:00
main.go chore: test server for direct resource access 2023-04-24 20:40:31 +03:00
Makefile feat(cache): redis cache (#8822) 2024-11-04 10:44:51 +00:00
MEETING_SCHEDULE.md docs: add next office hours (#8922) 2024-11-19 12:00:58 +00:00
README.md chore: adding an adopters file for our community (#8909) 2024-11-15 15:48:11 +00:00
release-channels.yaml chore(stable): update to v2.54.8 (#8457) 2024-08-19 11:31:28 +02:00
SECURITY.md docs: rename instance settings to default settings (#7484) 2024-03-06 10:36:04 +00:00

Zitadel Logo Zitadel Logo

GitHub Workflow Status (with event) Dynamic YAML Badge GitHub contributors

Community Meeting
ZITADEL holds bi-weekly community calls. To join the community calls or to watch previous meeting notes and recordings, please visit the meeting schedule.

Are you searching for a user management tool that is quickly set up like Auth0 and open source like Keycloak?

Do you have a project that requires multi-tenant user management with self-service for your customers?

Look no further — ZITADEL is the identity infrastructure, simplified for you.

We provide you with a wide range of out-of-the-box features to accelerate your project, including:

Multi-tenancy with team management
Secure login
Self-service
OpenID Connect
OAuth2.x
SAML2
LDAP
Passkeys / FIDO2
OTP
and an unlimited audit trail is there for you, ready to use.

With ZITADEL, you are assured of a robust and customizable turnkey solution for all your authentication and authorization needs.


🏡 Website 💬 Chat 📋 Docs 🧑‍💻 Blog 📞 Contact

Get started

👉 Quick Start Guide

Deploy ZITADEL (Self-Hosted)

Deploying ZITADEL locally takes less than 3 minutes. Go ahead and give it a try!

See all guides here

If you are interested to get professional support for your self-hosted ZITADEL please reach out to us!

Setup ZITADEL Cloud (SaaS)

If you want to experience a hands-free ZITADEL, you should use ZITADEL Cloud. Available data regions are:

  • 🇺🇸 United States
  • 🇪🇺 European Union
  • 🇦🇺 Australia
  • 🇨🇭 Switzerland

ZITADEL Cloud comes with a free tier, providing you with all the same features as the open-source version. Learn more about the pay-as-you-go pricing.

Adopters

We are grateful to the organizations and individuals who are using ZITADEL. If you are using ZITADEL, please consider adding your name to our Adopters list by submitting a pull request.

Example applications

Clone one of our example applications or deploy them directly to Vercel.

SDKs

Use our SDKs for your favorite language and framework.

Why choose ZITADEL

We built ZITADEL with a complex multi-tenancy architecture in mind and provide the best solution to handle B2B customers and partners. Yet it offers everything you need for a customer identity (CIAM) use case.

Features

Authentication

Multi-Tenancy

Integration

Self-Service

Deployment

Track upcoming features on our roadmap and follow our changelog for recent updates.

How To Contribute

Find details about how you can contribute in our Contribution Guide. Join our Discord Chat to get help.

Contributors

Made with contrib.rocks.

Showcase

Quick Start Guide

Secure a React Application using OpenID Connect Authorization Code with PKCE

Quick Start Guide

Login with Passkeys

Use our login widget to allow easy and secure access to your applications and enjoy all the benefits of Passkeys (FIDO 2 / WebAuthN):

Passkeys

Admin Console

Use Console or our APIs to setup organizations, projects and applications.

Console Showcase

Security

You can find our security policy here.

Technical Advisories are published regarding major issues with the ZITADEL platform that could potentially impact security or stability in production environments.

License

here are our exact licensing terms.

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See our license for detailed information governing permissions and limitations on use.