fix: high db cpu utilisation

[arjprd]

While performing load test on new release of hydra found that on the DB side there is CPU crunch (100% for load of 30 tps on AWS RDS db.t3.xlarge) and from logs figured out this was caused by specific query
SELECT hydra_oauth2_flow.acr, hydra_oauth2_flow.amr, hydra_oauth2_flow.client_id, hydra_oauth2_flow.consent_challenge_id, hydra_oauth2_flow.consent_csrf, hydra_oauth2_flow.consent_error, hydra_oauth2_flow.consent_handled_at, hydra_oauth2_flow.consent_remember, hydra_oauth2_flow.consent_remember_for, hydra_oauth2_flow.consent_skip, hydra_oauth2_flow.consent_verifier, hydra_oauth2_flow.consent_was_used, hydra_oauth2_flow.context, hydra_oauth2_flow.forced_subject_identifier, hydra_oauth2_flow.granted_at_audience, hydra_oauth2_flow.granted_scope, hydra_oauth2_flow.login_authenticated_at, hydra_oauth2_flow.login_challenge, hydra_oauth2_flow.login_csrf, hydra_oauth2_flow.login_error, hydra_oauth2_flow.login_initialized_at, hydra_oauth2_flow.login_remember, hydra_oauth2_flow.login_remember_for, hydra_oauth2_flow.login_session_id, hydra_oauth2_flow.login_skip, hydra_oauth2_flow.login_verifier, hydra_oauth2_flow.login_was_used, hydra_oauth2_flow.nid, hydra_oauth2_flow.oidc_context, hydra_oauth2_flow.request_url, hydra_oauth2_flow.requested_at, hydra_oauth2_flow.requested_at_audience, hydra_oauth2_flow.requested_scope, hydra_oauth2_flow.session_access_token, hydra_oauth2_flow.session_id_token, hydra_oauth2_flow.state, hydra_oauth2_flow.subject FROM hydra_oauth2_flow AS hydra_oauth2_flow WHERE (state = 6 OR state = 5) AND subject = $1 AND client_id = $2 AND consent_skip=FALSE AND consent_error='{}' AND consent_remember=TRUE AND nid = $3 ORDER BY requested_at DESC LIMIT 1

So created a new composite index with all columns involved in the query lookup. The CPU utilization post introduction of index never exceeded 50% for load of 50+ tps

Related issue(s)

Checklist

• I have read the contributing guidelines.
• I have referenced an issue containing the design document if my change
  introduces a new feature.
• I am following the
  contributing code guidelines.
• I have read the security policy.
• I confirm that this pull request does not address a security
  vulnerability. If this pull request addresses a security. vulnerability, I
  confirm that I got green light (please contact
  security@ory.sh) from the maintainers to push
  the changes.
• I have added tests that prove my fix is effective or that my feature
  works.
• I have added or changed the documentation.

Further Comments

[CLAassistant]

All committers have signed the CLA.

[codecov]

Codecov Report

Merging #3260 (8b77f5a) into master (8b77f5a) will not change coverage.
The diff coverage is n/a.

❗ Current head 8b77f5a differs from pull request most recent head b069c0d. Consider uploading reports for the commit b069c0d to get more accurate results

@@           Coverage Diff           @@
##           master    #3260   +/-   ##
=======================================
  Coverage   76.84%   76.84%           
=======================================
  Files         123      123           
  Lines        8912     8912           
=======================================
  Hits         6848     6848           
  Misses       1636     1636           
  Partials      428      428           

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[aeneasr]

Great stuff, thank you! Could you please add migrations for the other SQL languages as well? :)

[vinckr]

Hello @arjprd
Congrats on merging your first PR in Ory 🎉 !
Your contribution will soon be helping secure millions of identities around the globe 🌏.
As a small token of appreciation we send all our first time contributors a gift package to welcome them to the community.
Please drop me an email and I will forward you the form to claim your Ory swag!