pomerium / pomerium / 22148878381

45%

Build Type

push

github

Committed by web-flow

Commit Message

databroker: add first-class record auto-expiry via Options TTL (#6121)

## Summary

The databroker has no mechanism for automatically expiring records based
on time. Records accumulate indefinitely unless explicitly cleaned up by
application code. This adds a `ttl` field (`google.protobuf.Duration`)
to the `Options` proto message, enabling per-type automatic record
expiry as a first-class databroker feature.

Records whose `modified_at` timestamp is older than the configured TTL
are automatically deleted during the existing periodic cleanup cycle (~1
minute). Both storage backends (Pebble/file and Postgres) enforce TTL
and create proper tombstone entries so sync clients are notified of
deletions.

Key design decisions:
- **`modified_at`-based** — uses the existing timestamp on every Record;
updating a record resets its TTL clock
- **Periodic sweep** — runs in the 1-minute cleaner, not inline on
Put/Patch
- **Per-type, not per-record** — TTL is set on Options, matching how
`capacity` works

The first use is a 15-minute TTL on `SessionBindingRequest` records.

## Related issues

-
[ENG-3600](https://linear.app/pomerium/issue/ENG-3600/databroker-add-first-class-record-auto-expiry-via-options-ttl)

## User Explanation

No user-facing changes. This is an internal databroker infrastructure
improvement that prevents unbounded accumulation of temporary records.

## Checklist

- [x] reference any related issues
- [x] updated unit tests
- [x] add appropriate label (`enhancement`, `bug`, `breaking`,
`dependencies`, `ci`)
- [ ] ready for review

---------

Co-authored-by: Caleb Doxsey <caleb@doxsey.net>

Run Details

98 of 334 new or added lines in 6 files covered. (29.34%)

18 existing lines in 4 files now uncovered.

32560 of 73491 relevant lines covered (44.3%)

116.64 hits per line