Skip to content

Commit 5098e02

Browse files
Emyrkgeokat
Emyrk
and
geokat
authored
perf: optimize migration 371 to run faster on large deployments (#20906) (#21041)
Backport of #20906 (cherry picked from commit a926157) Co-authored-by: George K <george.katsitadze@gmail.com>
1 parent 06c6abb commit 5098e02

File tree

2 files changed

+65
-2
lines changed

2 files changed

+65
-2
lines changed

coderd/database/migrations/000371_api_key_scopes_array_allow_list.up.sql

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -141,13 +141,19 @@ ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'workspace_proxy:read';
141141
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'workspace_proxy:update';
142142
-- End enum extensions
143143

144+
-- Purge old API keys to speed up the migration for large deployments.
145+
-- Note: that problem should be solved in coderd once PR 20863 is released:
146+
-- https://github.com/coder/coder/blob/main/coderd/database/dbpurge/dbpurge.go#L85
147+
DELETE FROM api_keys WHERE expires_at < NOW() - INTERVAL '7 days';
148+
144149
-- Add new columns without defaults; backfill; then enforce NOT NULL
145150
ALTER TABLE api_keys ADD COLUMN scopes api_key_scope[];
146151
ALTER TABLE api_keys ADD COLUMN allow_list text[];
147152

148153
-- Backfill existing rows for compatibility
149-
UPDATE api_keys SET scopes = ARRAY[scope::api_key_scope];
150-
UPDATE api_keys SET allow_list = ARRAY['*:*'];
154+
UPDATE api_keys SET
155+
scopes = ARRAY[scope::api_key_scope],
156+
allow_list = ARRAY['*:*'];
151157

152158
-- Enforce NOT NULL
153159
ALTER TABLE api_keys ALTER COLUMN scopes SET NOT NULL;

coderd/database/migrations/testdata/fixtures/000371_add_api_key_and_oauth2_provider_app_token.up.sql

Lines changed: 57 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,57 @@
1+
-- Ensure api_keys and oauth2_provider_app_tokens have live data after
2+
-- migration 000371 deletes expired rows.
3+
INSERT INTO api_keys (
4+
id,
5+
hashed_secret,
6+
user_id,
7+
last_used,
8+
expires_at,
9+
created_at,
10+
updated_at,
11+
login_type,
12+
lifetime_seconds,
13+
ip_address,
14+
token_name,
15+
scopes,
16+
allow_list
17+
)
18+
VALUES (
19+
'fixture-api-key',
20+
'\xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa',
21+
'30095c71-380b-457a-8995-97b8ee6e5307',
22+
NOW() - INTERVAL '1 hour',
23+
NOW() + INTERVAL '30 days',
24+
NOW() - INTERVAL '1 day',
25+
NOW() - INTERVAL '1 day',
26+
'password',
27+
86400,
28+
'0.0.0.0',
29+
'fixture-api-key',
30+
ARRAY['workspace:read']::api_key_scope[],
31+
ARRAY['*:*']
32+
)
33+
ON CONFLICT (id) DO NOTHING;
34+
35+
INSERT INTO oauth2_provider_app_tokens (
36+
id,
37+
created_at,
38+
expires_at,
39+
hash_prefix,
40+
refresh_hash,
41+
app_secret_id,
42+
api_key_id,
43+
audience,
44+
user_id
45+
)
46+
VALUES (
47+
'9f92f3c9-811f-4f6f-9a1c-3f2eed1f9f15',
48+
NOW() - INTERVAL '30 minutes',
49+
NOW() + INTERVAL '30 days',
50+
CAST('fixture-hash-prefix' AS bytea),
51+
CAST('fixture-refresh-hash' AS bytea),
52+
'b0eebc99-9c0b-4ef8-bb6d-6bb9bd380a11',
53+
'fixture-api-key',
54+
'https://coder.example.com',
55+
'30095c71-380b-457a-8995-97b8ee6e5307'
56+
)
57+
ON CONFLICT (id) DO NOTHING;

0 commit comments

Comments
 (0)