Skip to content

Backport: add index for auth creds (#3562) to V5.4#4205

Merged
reinkrul merged 3 commits intoV5.4from
backport-auth-index-v5.4
Apr 17, 2026
Merged

Backport: add index for auth creds (#3562) to V5.4#4205
reinkrul merged 3 commits intoV5.4from
backport-auth-index-v5.4

Conversation

@reinkrul
Copy link
Copy Markdown
Member

@reinkrul reinkrul commented Apr 17, 2026
edited
Loading

Summary

Backports #3562 / #3564 ("add index for auth creds") to the V5.4 release branch.

  • Adds the compound index index_auth_subject_purpose_resources on credentialSubject.id + purposeOfUse + resources.path
  • Removes the now-redundant index_subject (its single part [credentialSubject] is a prefix of the new index)

Why

POST /internal/vcr/v2/search queries against NutsAuthorizationCredential currently fall back to index_issuer on V5.4, because V5.4's index set only has single-part indices that score 1 for this query — findIndex takes the first such match by yaml order, i.e. index_issuer. That forces go-leia to scan every credential issued by the requesting care organization.

Reporter case on v5.4.26 shows documents_scanned=730, documents_matched=2, leia_index_used=index_issuer for this exact query shape.

With the new compound index, the same query scores 3 on index_auth_subject_purpose_resources and wins — scan set collapses from "all issued VCs" to "issued VCs matching (subject, purposeOfUse, path)".

Test plan

  • Updated TestVCR_Start bucket assertions
  • Full go test ./vcr/... passes locally
  • On reporter deployment: confirm leia_index_used switches to index_auth_subject_purpose_resources and search latency drops

@reinkrul @claude
Backport: add index for auth creds (#3562/#3564) to V5.4
7d0cac3 
Adds the compound index `index_auth_subject_purpose_resources`
(credentialSubject.id + purposeOfUse + resources.path) so
POST /internal/vcr/v2/search queries for NutsAuthorizationCredential
stop falling back to `index_issuer` and scanning every credential issued
by the requesting care organization. Also removes the now-redundant
`index_subject` (its parts are a prefix of the new index).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@reinkrul reinkrul requested a review from stevenvegt April 17, 2026 07:36
@qltysh
Copy link
Copy Markdown

qltysh Bot commented Apr 17, 2026
edited
Loading

Qlty


Coverage Impact

This PR will not change total coverage.

🚦 See full report on Qlty Cloud »

🛟 Help

  • Diff Coverage: Coverage for added or modified lines of code (excludes deleted files). Learn more.

  • Total Coverage: Coverage for the whole repository, calculated as the sum of all File Coverage. Learn more.

  • File Coverage: Covered Lines divided by Covered Lines plus Missed Lines. (Excludes non-executable lines including blank lines and comments.)

    • Indirect Changes: Changes to File Coverage for files that were not modified in this PR. Learn more.

reinkrul and others added 2 commits April 17, 2026 11:38
@reinkrul @claude
Backport: fix Vault e2e test startup race (#4198) to V5.4
7bba730 
Cherry-picked 091684c. The Vault CI runner rejects setcap and the e2e
test racing against vault startup caused DID creation to hit a
context-deadline-exceeded against vault-adapter. Added service_healthy
dependencies and SKIP_SETCAP=true.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@reinkrul @claude
Add v5.4.32 release notes
a173213 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@reinkrul reinkrul merged commit 02dbe74 into V5.4 Apr 17, 2026
8 checks passed
@reinkrul reinkrul deleted the backport-auth-index-v5.4 branch April 17, 2026 10:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stevenvegt stevenvegt stevenvegt approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@reinkrul @stevenvegt