Skip to content

test: EQL v3 fixtures and benchmark schema (gated on eql-mapper v3)#411

Open
freshtonic wants to merge 5 commits into
chore/eql-v3-install-plumbingfrom
feat/eql-v3-fixtures
Open

test: EQL v3 fixtures and benchmark schema (gated on eql-mapper v3)#411
freshtonic wants to merge 5 commits into
chore/eql-v3-install-plumbingfrom
feat/eql-v3-fixtures

Conversation

@freshtonic

Copy link
Copy Markdown
Contributor

Summary

Ports the EQL v2 test fixtures and benchmark schema to EQL v3, landing everything gated — the eql-mapper cannot speak v3 yet (separate project), so CI behavior is unchanged by construction (625 insertions, 0 deletions).

  • tests/sql/schema-v3.sql (+uninstall) — v3 twins of all fixture tables reusing the v2 table names, so the 263-test integration suite rides unchanged when the mapper lands. Column→domain mapping derived from each column's v2 add_search_config: text→eql_v3.text_search, int/float/date→*_ord_ore, ope tables→*_ord_ope, jsonb→eql_v3.json, bool→storage-only eql_v3.bool. All add_search_config/add_encrypted_constraint calls dropped (v3 domains self-validate; config is client-side). Guarded eql_v2_configuration truncate prevents stale v2 config pointing at v3 columns.
  • tests/benchmark/sql/benchmark-schema-v3.sql + benchmark:setup:v3 (email→eql_v3.text_eq); pgbench transaction scripts are version-agnostic and untouched.
  • 5 payload-coupled tests ported under src/eql_v3/, all #[ignore = "blocked on eql-mapper v3"]. LIKE/ILIKE deliberately not ported (v3 has no pattern matching) — bloom-containment placeholder documents the replacement.
  • New opt-in task postgres:setup:v3.

Verification

  • Fail-closed domains verified live: hand-built v3 payloads accepted (text_search, int4_ord_ore, int4_ord_ope, json, text_eq); v2 k-payloads and missing-term payloads rejected with check_violation
  • Default cargo nextest list: zero eql_v3 tests (they appear only under --run-ignored all); full v2 integration suite 348 passed / 0 failed — identical to pre-change
  • Gated tests run manually fail exactly at the mapper boundary (correct RED until mapper-v3)

Notes

  • Stacked on chore(eql): mise tasks to install a local EQL v3 build #410 (retarget to v3 after it merges)
  • ⚠️ Re-run benchmark:setup:v3 after any postgres:eql:v3:setup/teardown — the CASCADE teardown drops v3-typed columns from tables not recreated by the fixture (documented in DEVELOPMENT.md)
  • Un-gating the 5 ignored tests is blocked on the eql-mapper v3 redesign

Linear: CIP-3343 (parent CIP-3299).

Port tests/benchmark/sql/benchmark-schema.sql to EQL v3 as
benchmark-schema-v3.sql. The equality-only encrypted benchmark column
becomes eql_v3.text_eq (hm term); the eql_v2.add_column call is dropped
because EQL v3 has no database-side configuration (the proxy-side
Encrypt config replaces it).

Applied via the new (opt-in) benchmark:setup:v3 task. The pgbench
transaction scripts are version-agnostic and remain shared with v2.

GATED: the eql-mapper cannot speak EQL v3 yet, so this schema is not
used by the default benchmark tasks.
Port tests/sql/schema.sql to EQL v3 as schema-v3.sql (with matching
schema-v3-uninstall.sql), applied by the new opt-in postgres:setup:v3
task after postgres:eql:v3:setup.

Column domains are derived from each column's v2 add_search_config
calls:

  encrypted_text            unique+match+ore  -> eql_v3.text_search
  encrypted_bool            unique+ore        -> eql_v3.bool (storage-only)
  encrypted_int2/4/8        unique+ore        -> eql_v3.int{2,4,8}_ord_ore
  encrypted_float8          unique+ore        -> eql_v3.float8_ord_ore
  encrypted_date            unique+ore        -> eql_v3.date_ord_ore
  encrypted_jsonb(_filtered) ste_vec          -> eql_v3.json
  encrypted_unconfigured    (none)            -> eql_v3.text (storage-only)

The per-test ORE/OPE fixture tables get the matching *_ord_ore /
*_ord_ope domains (ORE text keeps its match term via eql_v3.text_search;
OPE text uses eql_v3.text_ord_ope).

All add_search_config / add_encrypted_constraint calls are dropped: v3
has no database-side configuration, and the fail-closed domain CHECKs
replace the encrypted constraint.

The fixture reuses the v2 table names so the existing integration suite
can ride on it unchanged once the mapper speaks v3; applying it replaces
the v2 fixture (restore with postgres:setup).

GATED: not applied by postgres:setup while the eql-mapper cannot speak
EQL v3.
Add an eql_v3 module with #[ignore = "blocked on eql-mapper v3"]
variants for the tests whose SQL/payload surface changes shape between
EQL v2 and v3:

  - disable_mapping: raw column values are v3 envelopes
    ({v: 3, i: {t,c}, c, <terms>}, no k discriminator)
  - indexing: on-column eql_v2.encrypted_operator_class is replaced by
    functional btree indexes on term extractors (eql_v3.ord_term)
  - jsonb_containment: eql_v2.jsonb_contains() has no v3 function;
    containment is the @> / <@ operators on eql_v3.json
  - match_index: LIKE/ILIKE has no v3 equivalent; the match (bloom)
    index only supports containment. Deliberately no port of the LIKE
    tests - the placeholder documents the replacement surface
  - regression_cast: the single ::eql_v2_encrypted cast becomes a
    per-domain cast (::text::jsonb::eql_v3.text_search; the leading
    ::text keeps the bound parameter described as text)

The rest of the integration suite intentionally has no v3 duplicates:
it rides on the fixture and the mapper, and will be enabled wholesale
by the eql-mapper v3 project.

The gated tests never run by default (cargo nextest run is unchanged);
run them with --run-ignored all after mise run postgres:setup:v3.
…SCADE footgun

Review feedback:

- benchmark-schema-v3.sql now carries the same guarded
  eql_v2_configuration truncate as schema-v3.sql, so a stale
  eql_v2.add_column row from a prior v2 benchmark:setup never survives
  into a v3 setup pointing at a v3-domain column.

- Document that benchmark:setup:v3 must be re-run after any
  postgres:eql:v3:setup/teardown: the CASCADE uninstall silently drops
  eql_v3-typed columns from tables it doesn't recreate, and
  benchmark_encrypted is not recreated by postgres:setup:v3.
Review feedback:

- regression_cast: reuse common::get_database_port instead of a local
  panicky re-declaration
- disable_mapping, jsonb_containment, match_index: scope queries to the
  inserted ids so the tests are parallel-safe on the shared encrypted
  table when they are un-ignored (mirrors the id-range scoping the v2
  jsonb containment test uses)
- indexing: stop discarding CREATE INDEX errors and assert the EXPLAIN
  ANALYZE result is non-empty instead of only logging it
@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: ee9b5f62-d615-4a90-ba22-7ea013cc7fba

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat/eql-v3-fixtures

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant