Skip to content

feat: add index on group_membership(identity_zone_id, origin) #3679

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
tack-sap merged 2 commits into from
Nov 24, 2025
Merged

feat: add index on group_membership(identity_zone_id, origin) #3679

tack-sap merged 2 commits into from
Nov 24, 2025

Conversation

@tack-sap
Copy link
Contributor

@tack-sap tack-sap commented Nov 20, 2025

This PR introduces an index on group_membership(identity_zone_id, origin) for PostgreSQL

We experienced an issue with deleting an identity provider when the group_membership table had a very large number of entries in a single zone, where we ran into our configured timeouts on DB side while trying to delete the group_memberships. The delete was triggered by this statement during idp deletion: https://github.com/cloudfoundry/uaa/blob/develop/server/src/main/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioning.java#L521

Even when there was not a single entry with the same origin, the deletion failed as the DB needed to perform a sequential scan on the complete zone just to find that there is nothing to delete.

With this index this issue disappeared.

We saw that this index also took a long time to create, but it resolved our problem and we did not see negative impact on the DB performance so far.

@adrianhoelzl-sap adrianhoelzl-sap requested a review from a team November 20, 2025 15:36
@duanemay
Copy link
Member

duanemay commented Nov 21, 2025

I have done some testing with the mysql equivalent, and will add to this PR

@github-project-automation github-project-automation bot moved this from Inbox to Pending Merge | Prioritized in Foundational Infrastructure Working Group Nov 24, 2025
@tack-sap tack-sap merged commit afc96e5 into develop Nov 24, 2025
32 of 33 checks passed
@tack-sap tack-sap deleted the feat/group_membership_idz_origin_idx branch November 24, 2025 08:40
@github-project-automation github-project-automation bot moved this from Pending Merge | Prioritized to Done in Foundational Infrastructure Working Group Nov 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@duanemay duanemay duanemay approved these changes

Assignees

No one assigned

Labels

None yet

Projects

Foundational Infrastructure Working Group
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tack-sap @duanemay