coder/coderPublic

NotificationsYou must be signed in to change notification settings
Fork1k
Star11.1k

Commita788e2f

kacpersaw

authored and

ethanndickson

committed

chore(coderd/database): optimize AuditLogs queries (#18600)

Closes#17689This PR optimizes the audit logs query performance by extracting thecount operation into a separate query and replacing the OR-basedworkspace_builds with conditional joins.## Query changes* Extracted count query to separate one* Replaced single `workspace_builds` join with OR conditions withseparate conditional joins* Added conditional joins* `wb_build` for workspace_build audit logs (which is a direct lookup) * `wb_workspace` for workspace create audit logs (via workspace)Optimized AuditLogsOffset query:https://explain.dalibo.com/plan/4g1hbedg4a564bg8New CountAuditLogs query:https://explain.dalibo.com/plan/ga2fbcecb9efbce3

1 parentbc502b5 commita788e2fCopy full SHA for a788e2f

File tree

15 files changed

+763

-244

lines changed

coderd
- audit.go
- database
  - dbauthz
  - dbmem
    - dbmem.go
  - dbmetrics
    - querymetrics.go
  - dbmock
    - dbmock.go
  - modelqueries.go
  - modelqueries_internal_test.go
  - querier.go
  - querier_test.go
  - queries.sql.go
  - queries
    - auditlogs.sql
- searchquery
  - search.go
  - search_test.go

15 files changed

+763

-244

lines changed

`‎coderd/audit.go‎`

Lines changed: 18 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -46,7 +46,7 @@ func (api API) auditLogs(rw http.ResponseWriter, r http.Request) {`
`46`	`46`	`}`
`47`	`47`
`48`	`48`	`queryStr:=r.URL.Query().Get("q")`
`49`		`-filter,errs:=searchquery.AuditLogs(ctx,api.Database,queryStr)`
	`49`	`+filter,countFilter,errs:=searchquery.AuditLogs(ctx,api.Database,queryStr)`
`50`	`50`	`iflen(errs)>0 {`
`51`	`51`	`httpapi.Write(ctx,rw,http.StatusBadRequest, codersdk.Response{`
`52`	`52`	`Message:"Invalid audit search query.",`
`@@ -62,9 +62,12 @@ func (api API) auditLogs(rw http.ResponseWriter, r http.Request) {`
`62`	`62`	`iffilter.Username=="me" {`
`63`	`63`	`filter.UserID=apiKey.UserID`
`64`	`64`	`filter.Username=""`
	`65`	`+countFilter.UserID=apiKey.UserID`
	`66`	`+countFilter.Username=""`
`65`	`67`	`}`
`66`	`68`
`67`		`-dblogs,err:=api.Database.GetAuditLogsOffset(ctx,filter)`
	`69`	`+// Use the same filters to count the number of audit logs`
	`70`	`+count,err:=api.Database.CountAuditLogs(ctx,countFilter)`
`68`	`71`	`ifdbauthz.IsNotAuthorizedError(err) {`
`69`	`72`	`httpapi.Forbidden(rw)`
`70`	`73`	`return`
`@@ -73,19 +76,28 @@ func (api API) auditLogs(rw http.ResponseWriter, r http.Request) {`
`73`	`76`	`httpapi.InternalServerError(rw,err)`
`74`	`77`	`return`
`75`	`78`	`}`
`76`		`-// GetAuditLogsOffset does not return ErrNoRows because it uses a window function to get the count.`
`77`		`-// So we need to check if the dblogs is empty and return an empty array if so.`
`78`		`-iflen(dblogs)==0 {`
	`79`	`+// If count is 0, then we don't need to query audit logs`
	`80`	`+ifcount==0 {`
`79`	`81`	`httpapi.Write(ctx,rw,http.StatusOK, codersdk.AuditLogResponse{`
`80`	`82`	`AuditLogs: []codersdk.AuditLog{},`
`81`	`83`	`Count:0,`
`82`	`84`	`})`
`83`	`85`	`return`
`84`	`86`	`}`
`85`	`87`
	`88`	`+dblogs,err:=api.Database.GetAuditLogsOffset(ctx,filter)`
	`89`	`+ifdbauthz.IsNotAuthorizedError(err) {`
	`90`	`+httpapi.Forbidden(rw)`
	`91`	`+return`
	`92`	`+}`
	`93`	`+iferr!=nil {`
	`94`	`+httpapi.InternalServerError(rw,err)`
	`95`	`+return`
	`96`	`+}`
	`97`	`+`
`86`	`98`	`httpapi.Write(ctx,rw,http.StatusOK, codersdk.AuditLogResponse{`
`87`	`99`	`AuditLogs:api.convertAuditLogs(ctx,dblogs),`
`88`		`-Count:dblogs[0].Count,`
	`100`	`+Count:count,`
`89`	`101`	`})`
`90`	`102`	`}`
`91`	`103`

`‎coderd/database/dbauthz/dbauthz.go‎`

Lines changed: 20 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1301,6 +1301,22 @@ func (q *querier) CleanTailnetTunnels(ctx context.Context) error {`
`1301`	`1301`	`returnq.db.CleanTailnetTunnels(ctx)`
`1302`	`1302`	`}`
`1303`	`1303`
	`1304`	`+func (q*querier)CountAuditLogs(ctx context.Context,arg database.CountAuditLogsParams) (int64,error) {`
	`1305`	`+// Shortcut if the user is an owner. The SQL filter is noticeable,`
	`1306`	`+// and this is an easy win for owners. Which is the common case.`
	`1307`	`+err:=q.authorizeContext(ctx,policy.ActionRead,rbac.ResourceAuditLog)`
	`1308`	`+iferr==nil {`
	`1309`	`+returnq.db.CountAuditLogs(ctx,arg)`
	`1310`	`+}`
	`1311`	`+`
	`1312`	`+prep,err:=prepareSQLFilter(ctx,q.auth,policy.ActionRead,rbac.ResourceAuditLog.Type)`
	`1313`	`+iferr!=nil {`
	`1314`	`+return0,xerrors.Errorf("(dev error) prepare sql filter: %w",err)`
	`1315`	`+}`
	`1316`	`+`
	`1317`	`+returnq.db.CountAuthorizedAuditLogs(ctx,arg,prep)`
	`1318`	`+}`
	`1319`	`+`
`1304`	`1320`	`func (q*querier)CountInProgressPrebuilds(ctx context.Context) ([]database.CountInProgressPrebuildsRow,error) {`
`1305`	`1321`	`iferr:=q.authorizeContext(ctx,policy.ActionRead,rbac.ResourceWorkspace.All());err!=nil {`
`1306`	`1322`	`returnnil,err`
`@@ -5256,3 +5272,7 @@ func (q *querier) GetAuthorizedUsers(ctx context.Context, arg database.GetUsersP`
`5256`	`5272`	`func (q*querier)GetAuthorizedAuditLogsOffset(ctx context.Context,arg database.GetAuditLogsOffsetParams,_ rbac.PreparedAuthorized) ([]database.GetAuditLogsOffsetRow,error) {`
`5257`	`5273`	`returnq.GetAuditLogsOffset(ctx,arg)`
`5258`	`5274`	`}`
	`5275`	`+`
	`5276`	`+func (q*querier)CountAuthorizedAuditLogs(ctx context.Context,arg database.CountAuditLogsParams,_ rbac.PreparedAuthorized) (int64,error) {`
	`5277`	`+returnq.CountAuditLogs(ctx,arg)`
	`5278`	`+}`

`‎coderd/database/dbauthz/dbauthz_test.go‎`

Lines changed: 10 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -327,6 +327,16 @@ func (s *MethodTestSuite) TestAuditLogs() {`
`327`	`327`	`LimitOpt:10,`
`328`	`328`	`},emptyPreparedAuthorized{}).Asserts(rbac.ResourceAuditLog,policy.ActionRead)`
`329`	`329`	`}))`
	`330`	`+s.Run("CountAuditLogs",s.Subtest(func(db database.Store,check*expects) {`
	`331`	`+_=dbgen.AuditLog(s.T(),db, database.AuditLog{})`
	`332`	`+_=dbgen.AuditLog(s.T(),db, database.AuditLog{})`
	`333`	`+check.Args(database.CountAuditLogsParams{}).Asserts(rbac.ResourceAuditLog,policy.ActionRead).WithNotAuthorized("nil")`
	`334`	`+}))`
	`335`	`+s.Run("CountAuthorizedAuditLogs",s.Subtest(func(db database.Store,check*expects) {`
	`336`	`+_=dbgen.AuditLog(s.T(),db, database.AuditLog{})`
	`337`	`+_=dbgen.AuditLog(s.T(),db, database.AuditLog{})`
	`338`	`+check.Args(database.CountAuditLogsParams{},emptyPreparedAuthorized{}).Asserts(rbac.ResourceAuditLog,policy.ActionRead)`
	`339`	`+}))`
`330`	`340`	`}`
`331`	`341`
`332`	`342`	`func (s*MethodTestSuite)TestFile() {`

`‎coderd/database/dbauthz/setup_test.go‎`

Lines changed: 11 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -271,7 +271,7 @@ func (s MethodTestSuite) NotAuthorizedErrorTest(ctx context.Context, az coderd`
`271`	`271`
`272`	`272`	// This is unfortunate, but if we are using `Filter` the error returned will be nil. So filter out
`273`	`273`	`// any case where the error is nil and the response is an empty slice.`
`274`		`-iferr!=nil\|\|!hasEmptySliceResponse(resp) {`
	`274`	`+iferr!=nil\|\|!hasEmptyResponse(resp) {`
`275`	`275`	`// Expect the default error`
`276`	`276`	`iftestCase.notAuthorizedExpect=="" {`
`277`	`277`	`s.ErrorContainsf(err,"unauthorized","error string should have a good message")`
`@@ -296,8 +296,8 @@ func (s MethodTestSuite) NotAuthorizedErrorTest(ctx context.Context, az coderd`
`296`	`296`	`resp,err:=callMethod(ctx)`
`297`	`297`
`298`	`298`	// This is unfortunate, but if we are using `Filter` the error returned will be nil. So filter out
`299`		`-// any case where the error is nil and the response is an empty slice.`
`300`		`-iferr!=nil\|\|!hasEmptySliceResponse(resp) {`
	`299`	`+// any case where the error is nil and the response is an empty slice or int64(0).`
	`300`	`+iferr!=nil\|\|!hasEmptyResponse(resp) {`
`301`	`301`	`iftestCase.cancelledCtxExpect=="" {`
`302`	`302`	`s.Errorf(err,"method should an error with cancellation")`
`303`	`303`	`s.ErrorIsf(err,context.Canceled,"error should match context.Canceled")`
`@@ -308,13 +308,20 @@ func (s MethodTestSuite) NotAuthorizedErrorTest(ctx context.Context, az coderd`
`308`	`308`	`})`
`309`	`309`	`}`
`310`	`310`
`311`		`-funchasEmptySliceResponse(values []reflect.Value)bool {`
	`311`	`+funchasEmptyResponse(values []reflect.Value)bool {`
`312`	`312`	`for_,r:=rangevalues {`
`313`	`313`	`ifr.Kind()==reflect.Slice\|\|r.Kind()==reflect.Array {`
`314`	`314`	`ifr.Len()==0 {`
`315`	`315`	`returntrue`
`316`	`316`	`}`
`317`	`317`	`}`
	`318`	`+`
	`319`	`+// Special case for int64, as it's the return type for count query.`
	`320`	`+ifr.Kind()==reflect.Int64 {`
	`321`	`+ifr.Int()==0 {`
	`322`	`+returntrue`
	`323`	`+}`
	`324`	`+}`
`318`	`325`	`}`
`319`	`326`	`returnfalse`
`320`	`327`	`}`

`‎coderd/database/dbmem/dbmem.go‎`

Lines changed: 80 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -1779,6 +1779,10 @@ func (*FakeQuerier) CleanTailnetTunnels(context.Context) error {`
`1779`	`1779`	`returnErrUnimplemented`
`1780`	`1780`	`}`
`1781`	`1781`
	`1782`	`+func (q*FakeQuerier)CountAuditLogs(ctx context.Context,arg database.CountAuditLogsParams) (int64,error) {`
	`1783`	`+returnq.CountAuthorizedAuditLogs(ctx,arg,nil)`
	`1784`	`+}`
	`1785`	`+`
`1782`	`1786`	`func (q*FakeQuerier)CountInProgressPrebuilds(ctx context.Context) ([]database.CountInProgressPrebuildsRow,error) {`
`1783`	`1787`	`returnnil,ErrUnimplemented`
`1784`	`1788`	`}`
`@@ -13930,18 +13934,89 @@ func (q *FakeQuerier) GetAuthorizedAuditLogsOffset(ctx context.Context, arg data`
`13930`	`13934`	`UserQuietHoursSchedule: sql.NullString{String:user.QuietHoursSchedule,Valid:userValid},`
`13931`	`13935`	`UserStatus: database.NullUserStatus{UserStatus:user.Status,Valid:userValid},`
`13932`	`13936`	`UserRoles:user.RBACRoles,`
`13933`		`-Count:0,`
`13934`	`13937`	`})`
`13935`	`13938`
`13936`	`13939`	`iflen(logs)>=int(arg.LimitOpt) {`
`13937`	`13940`	`break`
`13938`	`13941`	`}`
`13939`	`13942`	`}`
`13940`	`13943`
`13941`		`-count:=int64(len(logs))`
`13942`		`-fori:=rangelogs {`
`13943`		`-logs[i].Count=count`
	`13944`	`+returnlogs,nil`
	`13945`	`+}`
	`13946`	`+`
	`13947`	`+func (q*FakeQuerier)CountAuthorizedAuditLogs(ctx context.Context,arg database.CountAuditLogsParams,prepared rbac.PreparedAuthorized) (int64,error) {`
	`13948`	`+iferr:=validateDatabaseType(arg);err!=nil {`
	`13949`	`+return0,err`
`13944`	`13950`	`}`
`13945`	`13951`
`13946`		`-returnlogs,nil`
	`13952`	`+// Call this to match the same function calls as the SQL implementation.`
	`13953`	`+// It functionally does nothing for filtering.`
	`13954`	`+ifprepared!=nil {`
	`13955`	`+_,err:=prepared.CompileToSQL(ctx, regosql.ConvertConfig{`
	`13956`	`+VariableConverter:regosql.AuditLogConverter(),`
	`13957`	`+})`
	`13958`	`+iferr!=nil {`
	`13959`	`+return0,err`
	`13960`	`+}`
	`13961`	`+}`
	`13962`	`+`
	`13963`	`+q.mutex.RLock()`
	`13964`	`+deferq.mutex.RUnlock()`
	`13965`	`+`
	`13966`	`+varcountint64`
	`13967`	`+`
	`13968`	`+// q.auditLogs are already sorted by time DESC, so no need to sort after the fact.`
	`13969`	`+for_,alog:=rangeq.auditLogs {`
	`13970`	`+ifarg.RequestID!=uuid.Nil&&arg.RequestID!=alog.RequestID {`
	`13971`	`+continue`
	`13972`	`+}`
	`13973`	`+ifarg.OrganizationID!=uuid.Nil&&arg.OrganizationID!=alog.OrganizationID {`
	`13974`	`+continue`
	`13975`	`+}`
	`13976`	`+ifarg.Action!=""&&string(alog.Action)!=arg.Action {`
	`13977`	`+continue`
	`13978`	`+}`
	`13979`	`+ifarg.ResourceType!=""&&!strings.Contains(string(alog.ResourceType),arg.ResourceType) {`
	`13980`	`+continue`
	`13981`	`+}`
	`13982`	`+ifarg.ResourceID!=uuid.Nil&&alog.ResourceID!=arg.ResourceID {`
	`13983`	`+continue`
	`13984`	`+}`
	`13985`	`+ifarg.Username!="" {`
	`13986`	`+user,err:=q.getUserByIDNoLock(alog.UserID)`
	`13987`	`+iferr==nil&&!strings.EqualFold(arg.Username,user.Username) {`
	`13988`	`+continue`
	`13989`	`+}`
	`13990`	`+}`
	`13991`	`+ifarg.Email!="" {`
	`13992`	`+user,err:=q.getUserByIDNoLock(alog.UserID)`
	`13993`	`+iferr==nil&&!strings.EqualFold(arg.Email,user.Email) {`
	`13994`	`+continue`
	`13995`	`+}`
	`13996`	`+}`
	`13997`	`+if!arg.DateFrom.IsZero() {`
	`13998`	`+ifalog.Time.Before(arg.DateFrom) {`
	`13999`	`+continue`
	`14000`	`+}`
	`14001`	`+}`
	`14002`	`+if!arg.DateTo.IsZero() {`
	`14003`	`+ifalog.Time.After(arg.DateTo) {`
	`14004`	`+continue`
	`14005`	`+}`
	`14006`	`+}`
	`14007`	`+ifarg.BuildReason!="" {`
	`14008`	`+workspaceBuild,err:=q.getWorkspaceBuildByIDNoLock(context.Background(),alog.ResourceID)`
	`14009`	`+iferr==nil&&!strings.EqualFold(arg.BuildReason,string(workspaceBuild.Reason)) {`
	`14010`	`+continue`
	`14011`	`+}`
	`14012`	`+}`
	`14013`	`+// If the filter exists, ensure the object is authorized.`
	`14014`	`+ifprepared!=nil&&prepared.Authorize(ctx,alog.RBACObject())!=nil {`
	`14015`	`+continue`
	`14016`	`+}`
	`14017`	`+`
	`14018`	`+count++`
	`14019`	`+}`
	`14020`	`+`
	`14021`	`+returncount,nil`
`13947`	`14022`	`}`

Original file line number	Diff line number	Diff line change
`@@ -478,6 +478,7 @@ func (q *sqlQuerier) GetAuthorizedUsers(ctx context.Context, arg GetUsersParams,`
`478`	`478`
`479`	`479`	`typeauditLogQuerierinterface {`
`480`	`480`	`GetAuthorizedAuditLogsOffset(ctx context.Context,argGetAuditLogsOffsetParams,prepared rbac.PreparedAuthorized) ([]GetAuditLogsOffsetRow,error)`
	`481`	`+CountAuthorizedAuditLogs(ctx context.Context,argCountAuditLogsParams,prepared rbac.PreparedAuthorized) (int64,error)`
`481`	`482`	`}`
`482`	`483`
`483`	`484`	`func (q*sqlQuerier)GetAuthorizedAuditLogsOffset(ctx context.Context,argGetAuditLogsOffsetParams,prepared rbac.PreparedAuthorized) ([]GetAuditLogsOffsetRow,error) {`
`@@ -548,7 +549,6 @@ func (q *sqlQuerier) GetAuthorizedAuditLogsOffset(ctx context.Context, arg GetAu`
`548`	`549`	`&i.OrganizationName,`
`549`	`550`	`&i.OrganizationDisplayName,`
`550`	`551`	`&i.OrganizationIcon,`
`551`		`-&i.Count,`
`552`	`552`	`);err!=nil {`
`553`	`553`	`returnnil,err`
`554`	`554`	`}`
`@@ -563,6 +563,54 @@ func (q *sqlQuerier) GetAuthorizedAuditLogsOffset(ctx context.Context, arg GetAu`
`563`	`563`	`returnitems,nil`
`564`	`564`	`}`
`565`	`565`
	`566`	`+func (q*sqlQuerier)CountAuthorizedAuditLogs(ctx context.Context,argCountAuditLogsParams,prepared rbac.PreparedAuthorized) (int64,error) {`
	`567`	`+authorizedFilter,err:=prepared.CompileToSQL(ctx, regosql.ConvertConfig{`
	`568`	`+VariableConverter:regosql.AuditLogConverter(),`
	`569`	`+})`
	`570`	`+iferr!=nil {`
	`571`	`+return0,xerrors.Errorf("compile authorized filter: %w",err)`
	`572`	`+}`
	`573`	`+`
	`574`	`+filtered,err:=insertAuthorizedFilter(countAuditLogs,fmt.Sprintf(" AND %s",authorizedFilter))`
	`575`	`+iferr!=nil {`
	`576`	`+return0,xerrors.Errorf("insert authorized filter: %w",err)`
	`577`	`+}`
	`578`	`+`
	`579`	`+query:=fmt.Sprintf("-- name: CountAuthorizedAuditLogs :one\n%s",filtered)`
	`580`	`+`
	`581`	`+rows,err:=q.db.QueryContext(ctx,query,`
	`582`	`+arg.ResourceType,`
	`583`	`+arg.ResourceID,`
	`584`	`+arg.OrganizationID,`
	`585`	`+arg.ResourceTarget,`
	`586`	`+arg.Action,`
	`587`	`+arg.UserID,`
	`588`	`+arg.Username,`
	`589`	`+arg.Email,`
	`590`	`+arg.DateFrom,`
	`591`	`+arg.DateTo,`
	`592`	`+arg.BuildReason,`
	`593`	`+arg.RequestID,`
	`594`	`+)`
	`595`	`+iferr!=nil {`
	`596`	`+return0,err`
	`597`	`+}`
	`598`	`+deferrows.Close()`
	`599`	`+varcountint64`
	`600`	`+forrows.Next() {`
	`601`	`+iferr:=rows.Scan(&count);err!=nil {`
	`602`	`+return0,err`
	`603`	`+}`
	`604`	`+}`
	`605`	`+iferr:=rows.Close();err!=nil {`
	`606`	`+return0,err`
	`607`	`+}`
	`608`	`+iferr:=rows.Err();err!=nil {`
	`609`	`+return0,err`
	`610`	`+}`
	`611`	`+returncount,nil`
	`612`	`+}`
	`613`	`+`
`566`	`614`	`funcinsertAuthorizedFilter(querystring,replaceWithstring) (string,error) {`
`567`	`615`	`if!strings.Contains(query,authorizedQueryPlaceholder) {`
`568`	`616`	`return"",xerrors.Errorf("query does not contain authorized replace string, this is not an authorized query")`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commita788e2f

File tree

15 files changed

15 files changed

`‎coderd/audit.go‎`

`‎coderd/database/dbauthz/dbauthz.go‎`

`‎coderd/database/dbauthz/dbauthz_test.go‎`

`‎coderd/database/dbauthz/setup_test.go‎`

`‎coderd/database/dbmem/dbmem.go‎`

`‎coderd/database/dbmetrics/querymetrics.go‎`

`‎coderd/database/dbmock/dbmock.go‎`

`‎coderd/database/modelqueries.go‎`

0 commit comments