This November, we decided to open source one of our internal libraries to the world: the driver we use for data persistence.
This November, we decided to open source one of our internal libraries to the world: the driver we use for data persistence (but not only!).
This library has been a core component of our software stack, and after using successfully the package internally for the last 18+ months, we think the API has stabilized enough, that many of the initial bugs have been sorted out, and we are happy to share the code more widely.
This not-so-short post tries to provide a high-level overview of the library, and maybe see if those ideas would help you in your project.
SQLite provides a rock-solid engine for data storage: not only is it the most commonly used database in the world, new community extensions such as Litestream have turbocharged its abilities to serve as a fully functional engine in all cases.
Inspired by D.Crawshaw’s talk, we wanted to explore a different, lighter approach to persistence than the sql package of the standard library.
Persistence is the part of the code you can’t fix after the fact, so stability over anything else is pervasive through the code base.
At the bottom layer, we heavily rely on the built-in durability mechanisms of the engine (so much so that Close was a late addition to the library). We also chose a set of compile-time options to focus on modern good practices (multi-core CPU, pooling built-in, only accept standard SQL), and prevent API misuse – at a small runtime cost.
At the driver layer, we chose to restrict mapping between Go and SQLite types to a minimum, as to avoid surprises (e.g. time.Time is converted to the expected string format, time.Duration is not).
Go is often derided for verbose error management. This can be alleviated by storing computation state in structures (and maybe in the stack in the future!!), and threading it through methods. In this library, querying a record needs only a single error check, as in:
SQLite offers a powerful savepoint capability that offers nested transaction abilities. The library leverages by mapping it to (nested) contexts that can be passed between queries, and naturally work with the language stack:
Functions that access the database with Exec method can then naturally be reused and composed in multiple transactions – the context will take care of assigning them to the right timeline.
SecurityHub provides a captive shell available over SSH (more on this in the third part of this post), and in development mode this grants direct access to the database. With a live connection to the system, one gets an experience similar to what is provided by client-server databases; including detailed performance plans and counters to peek at.
Our application storage is based on a key-value model: each entity in the system is serialized (in our case using cbor), and stored as bytes in a two-column table (aptly named key and value). This setting means fetching an entity is a short invocation (FindOne is a small wrapper to execute a query and scan the result).
The convenience offered by this model is undeniable for programmers but comes with risks: a change to a data structure used in code could indeed prevent us from reading older values. We use a simple build-time script (included in cmd/stability) to alert developers early if the data structure they marked as serialized (see examples in the sqlite/stability package) changed, and therefore could trigger backward-compatibility issues.
We are also using SQLite as a document format for data interchange, and even in internal projects when we need a rich cache layer! Each of those projects uses a dedicated storage layer, probably a topic for a later installment (this post is already rather long).
SQLite can call arbitrary user-level code, either through functions, or even virtual tables. Using a sprinkle of runtime reflection, this package provides high-level wrappers for both; usually making creating a virtual table a ~50 lines affaire.
Lowering the cost of exposing Go code as SQL constructs has dramatically improved our code practices:
The code behind this feature is itself a testament to the expressivity you get with Go: when a new structure (or function) is registered, a virtual machine is built based on static information. Then the machine performs all bridging operations with C – and the benchmarks look good.
Maintaining a public package is a high commitment (especially for small companies): accept responsibility for fixing bugs quickly, provide a quick and friendly response to feature requests, and maintain API stability, … This explains why we are careful in the pace at which we share technology from our internal code base.
We think this package could provide a data point to think about designing storage layers (with, or without virtual tables) in a post-ORM world, and we are looking forward to seeing how other projects approach those problems.
The monitoring of operational technology (OT) systems is emerging as an important pillar of contemporary industrial management.
Learn about the Four-Step Security Incident Response Process and detect, analyze, contain, and eradicate security incidents.
Increase security and value in industrial environments with OT micro-segmentation.