feat: allow listing identities by organization ID

[jonas-jonas]

Related issue(s)

Checklist

• I have read the contributing guidelines.
• I have referenced an issue containing the design document if my change
  introduces a new feature.
• I am following the
  contributing code guidelines.
• I have read the security policy.
• I confirm that this pull request does not address a security
  vulnerability. If this pull request addresses a security vulnerability, I
  confirm that I got the approval (please contact
  [email protected]) from the maintainers to push
  the changes.
• I have added tests that prove my fix is effective or that my feature
  works.
• I have added or changed the documentation.

Further Comments

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 78.59%. Comparing base (629d867) to head (1795a7a).
Report is 17 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #4115      +/-   ##
==========================================
- Coverage   78.61%   78.59%   -0.03%     
==========================================
  Files         378      379       +1     
  Lines       26936    27043     +107     
==========================================
+ Hits        21177    21254      +77     
- Misses       4147     4177      +30     
  Partials     1612     1612              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[hperl]

This makes a lot of sense. I just have one comment regarding parsing the org UUID; and some tests are still missing:

• Org ID set to a valid UUID: filters
• Org ID set to an invalid UUID: 400 Bad Request

Not sure what we want to do if the Org ID points to an org that does not exist; but I think the default behaviour (just an empty list of identitites) is fine.

[aeneasr]

Please add an index if you make this queryable

[jonas-jonas]

@aeneasr added.

[aeneasr]

Index name is conflicting: https://github.com/ory/kratos/actions/runs/10992644668/job/30524759829?pr=4115#step:14:7531

[jonas-jonas]

I checked, and the new index doesn't exist yet, so don't think that's the problem

The error also seems unrelated? Any ideas?

   	       ERROR: transaction committed but schema change aborted with error: (23505): failed to ingest index entries during backfill: duplicate key value violates unique constraint "identity_credential_identifiers_identifier_nid_uq_idx" (SQLSTATE XXA00)

[alnr]

This should be ... identities (organization_id,created_at);

organization_id is sharded by NID anyway, so we can reduce index size here.

[alnr]

Maybe (organization_id,id). I thought we sort by created date?

[alnr]

We might need an index hint here, too.

[jonas-jonas]

We don't sort identities by created_at, but the ID string, AFAIK.

[jonas-jonas]

The underlying query is getting pretty convoluted, and has a bunch of variations through go if statements. How can we manage that? And make sure that there is an index available for each variation?

[aeneasr]

indices sort their keys anyways, so no need to add id for sorting to the index