feat/enterprise-portal: DB layer for {Get/List}CodyGatewayAccess

[bobheadxi]

Part of CORE-112. We need to implement the CodyAccess service proposed in https://github.com/sourcegraph/sourcegraph/pull/62263, so that Cody Gateway can depend on it as we start a transition over to Enterprise Portal as the source-or-truth for Cody Gateway access; see the Linear project. This PR implements the data layer by reading directly from the Sourcegraph.com Cloud SQL database, and a subsequent PR https://github.com/sourcegraph/sourcegraph/pull/62771 will expose this via the API and also implement auth; nothing in this PR is used yet.

Most things in this PR will be undone by the end of a follow-up project tentatively slated for completion by end-of-August.

Query

I've opted to write a new query specifically to fetch the data required to fulfill the proposed CodyAccess RPCs; the existing queries fetch a lot more than is strictly needed, and often make multiple round trips to the database. The new query fetches everything it needs for get/list in a single round trip.

EXPLAIN ANALYZE of the new list-all query against the Sourcegraph.com production database indicates this is likely performant enough for our internal-only use cases, especially as this will only be around for a few months.

                                                                                QUERY PLAN                                                                                 
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 HashAggregate  (cost=1610.56..1629.45 rows=1511 width=121) (actual time=23.358..24.921 rows=1512 loops=1)
   Group Key: ps.id
   ->  Hash Left Join  (cost=958.18..1585.58 rows=1999 width=1094) (actual time=8.258..12.255 rows=2748 loops=1)
         Hash Cond: (ps.id = active_license.product_subscription_id)
         ->  Hash Right Join  (cost=67.00..689.14 rows=1999 width=956) (actual time=1.098..3.970 rows=2748 loops=1)
               Hash Cond: (product_licenses.product_subscription_id = ps.id)
               ->  Seq Scan on product_licenses  (cost=0.00..616.88 rows=1999 width=919) (actual time=0.015..1.769 rows=2002 loops=1)
                     Filter: (access_token_enabled IS TRUE)
                     Rows Removed by Filter: 1789
               ->  Hash  (cost=48.11..48.11 rows=1511 width=53) (actual time=1.055..1.056 rows=1512 loops=1)
                     Buckets: 2048  Batches: 1  Memory Usage: 93kB
                     ->  Seq Scan on product_subscriptions ps  (cost=0.00..48.11 rows=1511 width=53) (actual time=0.016..0.552 rows=1512 loops=1)
         ->  Hash  (cost=874.39..874.39 rows=1343 width=154) (actual time=7.123..7.125 rows=1343 loops=1)
               Buckets: 2048  Batches: 1  Memory Usage: 248kB
               ->  Subquery Scan on active_license  (cost=842.02..874.39 rows=1343 width=154) (actual time=5.425..6.461 rows=1343 loops=1)
                     ->  Unique  (cost=842.02..860.96 rows=1343 width=162) (actual time=5.422..6.268 rows=1343 loops=1)
                           ->  Sort  (cost=842.02..851.49 rows=3788 width=162) (actual time=5.421..5.719 rows=3791 loops=1)
                                 Sort Key: product_licenses_1.product_subscription_id, product_licenses_1.created_at DESC
                                 Sort Method: quicksort  Memory: 1059kB
                                 ->  Seq Scan on product_licenses product_licenses_1  (cost=0.00..616.88 rows=3788 width=162) (actual time=0.003..1.872 rows=3791 loops=1)
 Planning Time: 2.266 ms
 Execution Time: 28.568 ms

We noted the lack of index on product_livenses.subscription_id, but it doesn't seem to be an issue at this scale, so I've left it as is.

Pagination

After discussing with Erik, we decided there is no need to implement pagination for the list-all RPC yet; a rough upper bound of 1kb per subscription * 1511 rows (see EXPLAIN ANALYZE above) is 1.5MB, which is well below the per-message limits we have set for Sourcegraph-internal traffic (40MB), and below the default 4MB limit as well. In https://github.com/sourcegraph/sourcegraph/pull/62771 providing pagination parameters will result in a CodeUnimplemented error.

We can figure out how we want to implement pagination as part of the follow-up project to migrate the data to an Enterprise-Portal-owned database.

Testing

A good chunk of this PR's changes are exposing a small set of cmd/frontend internals for testing via the new cmd/frontend/dotcomproductsubscriptiontest:

• seeding test databases with subscriptions and licenses
• for "regression testing" the new read queries by validating what the new read queries get, against what the existing GraphQL resolvers resolve to. This is important because the GraphQL resolvers has a lot of the override logic

See TestGetCodyGatewayAccessAttributes for how all this is used.

There is also some hackery involved in setting up a pgx/v5 connection used in MSP from the sql.DB + pgx/v4 stuff used by dbtest; see newTestDotcomReader docstrings for details.

Test plan

go test -v ./cmd/enterprise-portal/internal/dotcomdb

[bobheadxi]

• feat/enterprise-portal: subscriptions.ListEnterpriseSubscriptionLicenses #62932
• feat/enterprise-portal: ConnectRPC layer for {Get/List}CodyGatewayAccess  #62771
• feat/enterprise-portal: DB layer for {Get/List}CodyGatewayAccess  #62706 👈
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

Join @bobheadxi and the rest of your teammates on Graphite

[eseliger]

LGTM, seems reasonable enough to me to temporarily do this slightly hacky thing of reaching across cmds to ensure a smooth migration :)

Thanks also for the query plan, always good to know people think about their load on a shared system 🚀

Also - we do a migration. Finally. Yay!

[eseliger]

let's hope the short lived will be true 😆

[bobheadxi]

We're committed, I pinky-promise 😁

[eseliger]

totally off topic:

I wonder what our stance on using linear links vs github issue links is, I assume these links aren't publicly accessible and will mean that no outside people can click on them?

[bobheadxi]

Core Services doesn't maintain public versions of our issues so Linear links are the only thing we have, as our work is generally internal-facing, even though we do prefer to be source-available per Sourcegraph tradition 😄

[chrsmith]

Some minor nitpicks but overall this looks good to me.

That query does give me pause... I'm guessing that because it needed to scan 1k - 2k rows, it's doing a full table scan. (And it just so happens that we don't have a ton of enterprise licenses floating around.) That isn't great, but definitely not a deal breaker.

But it may be enough to consider adding a logging statement or a trace span to the various queries we run. Just so that if something goes break down, it will be easier to pinpoint that as the problem.

(But as far as trying to "do more with one epic query" vs. a more chatty series of queries, PostgreSQL can probably handle both situations just fine.)

[chrsmith]

Just to confirm my understanding, the GraphQL types/schema are already defined. We are just re-implementing the same resolver so that we can verify the implementation is correct?

[bobheadxi]

Not quite re-implementing, this just exposes a constructor for the same existing implementation and logic for us to verify the new implementation is correct (and remains correct for the time being)

[chrsmith]

What are the ramifications of adding this to the sg.config.yaml file? Will all new local sg clusters include the enterprise-portal binary now? Should they?

It seems like we would want a one-off micro service to steer clear of the larger "Sourcegraph Enterprise Cluster Config" machinery?

[bobheadxi]

This file is pretty bad for reading but this is created under a single "service", so that you can do sg run <service>, and is the closest equivalent we have of "microservice" for local development.

For running larger sets of services, i.e. local sg clusters, that's the kinda poorly named sg start <runset>, which runs a group of services. This PR doesn't touch any of the existing groups, so anyone starting up a local sg cluster with sg start default will not get Enterprise Portal (yet; maybe we'll want to add it to the default set later)

Hope that makes sense? sg start -h and sg run -h has a bit more docs; we used to have dev docs but that site has left us for the time being, pending a soon(tm) migration to Notion

[unknwon]

😂

[bobheadxi]

Yeah, 190 comments on https://github.com/sourcegraph/sourcegraph/pull/62263 and I still missed this 😆

[bobheadxi]

But it may be enough to consider adding a logging statement or a trace span to the various queries we run. Just so that if something goes break down, it will be easier to pinpoint that as the problem.

I've added query and connect tracing hooks to the underlying MSP -> Cloud SQL connector util (side effect: after I land this PR, if you update lib/managedservicesplatform in SSC you'll get it too!)

[bobheadxi]

Thank you for the feedback everyone! Merging for now; this code is still unused, so happy to address any post-merge feedback 😁