commit a71c3a4c0821bbd478a3527a320edbc39524f9ef
parent fe10a3096db42e47e2b71fa177a759ff722304fa
Author: Florian Dold <florian@dold.me>
Date: Thu, 11 Jun 2026 15:40:41 +0200
do not GC instances via validation_needed
The validation_needed column of the merchant.merchant_instances table is
effectively unused and an artifact of how self-provisioning worked in an
earler version of the merchant backend.
Since validation_needed is always true for self-provisioned instances
and validation_expiration is always zero, GC would just purge *all*
self-provisioned instances.
GCing instances with pending validation isn't needed in the first place,
since we require finished MFA before even creating the instance, thus
validation *cannot* be pending on an instance.
Diffstat:
1 file changed, 2 insertions(+), 10 deletions(-)
diff --git a/src/backenddb/gc.sql b/src/backenddb/gc.sql
@@ -22,14 +22,7 @@ DECLARE
rec RECORD;
s TEXT;
BEGIN
- -- Drop validation-pending instances that never confirmed in time. The
- -- AFTER DELETE trigger on merchant.merchant_instances will DROP the
- -- per-instance schema for each removed row.
- DELETE FROM merchant.merchant_instances
- WHERE validation_needed
- AND validation_expiration < in_now;
- COMMIT;
- -- Per-instance GC: loop over all surviving instances and run the
+ -- Per-instance GC: loop over all instances and run the
-- per-instance GC helpers + targeted DELETEs in each schema.
FOR rec IN SELECT merchant_serial FROM merchant.merchant_instances
LOOP
@@ -57,8 +50,7 @@ BEGIN
END $$;
COMMENT ON PROCEDURE merchant_do_gc
IS 'Calls per-instance garbage collection subroutines across every instance.'
- ' Removes expired pending-validation instances first (whose ON DELETE'
- ' trigger drops the entire per-instance schema), then for each surviving'
+ ' For each'
' instance runs merchant_statistic_*_gc and DELETEs expired tan_challenges'
' / merchant_unclaim_signatures.';
