Don't rollback update history after migration

[ci]

fixes https://github.com/DACH-NY/canton-network-internal/issues/1490

This essentially reverts
DACH-NY/canton-network-node#11483 which we can
do because we switched to pausing through mediator timeout = 0.

Signed-off-by: Moritz Kiefer <moritz.kiefer@purelyfunctional.org>

Author: cocreature

apps/common/src/main/scala/org/lfdecentralizedtrust/splice/migration/DomainMigrationInfo.scala

@@ -19,10 +19,12 @@ import scala.concurrent.{ExecutionContext, Future}
   * @param acsRecordTime       The record time at which the ACS snapshot was taken on the previous
   *                            incarnation of the global domain.
   *                            None if this is the first incarnation of the global domain.
+  * @param synchronizerWasPaused True when we ran through a proper migration, false for disaster recovery
   */
 final case class DomainMigrationInfo(
     currentMigrationId: Long,
     acsRecordTime: Option[CantonTimestamp],
+    synchronizerWasPaused: Boolean,
 )
 
 object DomainMigrationInfo {
@@ -37,6 +39,7 @@ object DomainMigrationInfo {
         BaseLedgerConnection.DOMAIN_MIGRATION_ACS_RECORD_TIME_METADATA_KEY -> info.acsRecordTime
           .fold("*")(_.toProtoPrimitive.toString),
         BaseLedgerConnection.DOMAIN_MIGRATION_CURRENT_MIGRATION_ID_METADATA_KEY -> info.currentMigrationId.toString,
+        BaseLedgerConnection.DOMAIN_MIGRATION_DOMAIN_WAS_PAUSED_KEY -> info.synchronizerWasPaused.toString,
       ),
       RetryFor.WaitingOnInitDependency,
     )
@@ -68,9 +71,16 @@ object DomainMigrationInfo {
           BaseLedgerConnection.DOMAIN_MIGRATION_CURRENT_MIGRATION_ID_METADATA_KEY,
         )
         .map(_.toLong)
+      synchronizerWasPaused <- connection
+        .waitForUserMetadata(
+          user,
+          BaseLedgerConnection.DOMAIN_MIGRATION_DOMAIN_WAS_PAUSED_KEY,
+        )
+        .map(_.toBoolean)
     } yield DomainMigrationInfo(
       currentMigrationId = currentMigrationId,
       acsRecordTime = acsRecordTime,
+      synchronizerWasPaused = synchronizerWasPaused,
     )
   }
 }

apps/common/src/main/scala/org/lfdecentralizedtrust/splice/store/UpdateHistory.scala

@@ -746,15 +746,75 @@ class UpdateHistory(
     domainMigrationInfo.acsRecordTime match {
       case Some(acsRecordTime) =>
         for {
+          // FIXME
           _ <- deleteAcsSnapshotsAfter(historyId, previousMigrationId, acsRecordTime)
-          _ <- deleteRolledBackUpdateHistory(historyId, previousMigrationId, acsRecordTime)
+          _ <-
+            if (domainMigrationInfo.synchronizerWasPaused) {
+              verifyNoRolledBackData(historyId, previousMigrationId, acsRecordTime)
+            } else {
+              deleteRolledBackUpdateHistory(historyId, previousMigrationId, acsRecordTime)
+            }
         } yield ()
       case _ =>
         logger.debug("No previous domain migration, not checking or deleting updates")
         Future.unit
     }
   }
 
+  private[this] def verifyNoRolledBackData(
+      historyId: Long, // Not using the storeId from the state, as the state might not be updated yet
+      migrationId: Long,
+      recordTime: CantonTimestamp,
+  )(implicit tc: TraceContext): Future[Unit] = {
+    val action = DBIO
+      .sequence(
+        Seq(
+          sql"""
+            select count(*) from update_history_creates
+            where update_row_id in (
+              select row_id
+              from update_history_transactions
+              where history_id = $historyId and migration_id = $migrationId and record_time > $recordTime
+            )
+          """.as[Long].head,
+          sql"""
+            select count(*) from update_history_exercises
+            where update_row_id in (
+              select row_id
+              from update_history_transactions
+              where history_id = $historyId and migration_id = $migrationId and record_time > $recordTime
+            )
+          """.as[Long].head,
+          sql"""
+            select count(*) from update_history_transactions
+            where history_id = $historyId and migration_id = $migrationId and record_time > $recordTime
+          """.as[Long].head,
+          sql"""
+            select count(*) from update_history_assignments
+            where history_id = $historyId and migration_id = $migrationId and record_time > $recordTime
+          """.as[Long].head,
+          sql"""
+            select count(*) from update_history_unassignments
+            where history_id = $historyId and migration_id = $migrationId and record_time > $recordTime
+          """.as[Long].head,
+        )
+      )
+      .map(rows =>
+        if (rows.sum > 0) {
+          logger.error(
+            s"Found $rows rows for $updateStreamParty where migration_id = $migrationId and record_time > $recordTime, " +
+              "but the configuration says the domain was paused during the migration. " +
+              "Check the domain migration configuration and the content of the update history database."
+          )
+        } else {
+          logger.debug(
+            s"No updates found for $updateStreamParty where migration_id = $migrationId and record_time > $recordTime"
+          )
+        }
+      )
+    storage.query(action, "deleteRolledBackUpdateHistory")
+  }
+
   private[this] def deleteRolledBackUpdateHistory(
       historyId: Long, // Not using the storeId from the state, as the state might not be updated yet
       migrationId: Long,

apps/common/src/main/scala/org/lfdecentralizedtrust/splice/store/db/DbMultiDomainAcsStore.scala

@@ -1911,14 +1911,47 @@ final class DbMultiDomainAcsStore[TXE](
       val previousMigrationId = domainMigrationInfo.currentMigrationId - 1
       domainMigrationInfo.acsRecordTime match {
         case Some(acsRecordTime) =>
-          deleteRolledBackTxLogEntries(txLogStoreId, previousMigrationId, acsRecordTime)
+          if (domainMigrationInfo.synchronizerWasPaused) {
+            verifyNoRolledBackData(txLogStoreId, previousMigrationId, acsRecordTime)
+          } else {
+            deleteRolledBackTxLogEntries(txLogStoreId, previousMigrationId, acsRecordTime)
+          }
         case _ =>
           logger.debug("No previous domain migration, not checking or deleting txlog entries")
           Future.unit
       }
     }
   }
 
+  private[this] def verifyNoRolledBackData(
+      txLogStoreId: TxLogStoreId, // Not using the storeId from the state, as the state might not be updated yet
+      migrationId: Long,
+      recordTime: CantonTimestamp,
+  )(implicit tc: TraceContext) = {
+    val action =
+      sql"""
+            select count(*) from #$txLogTableName
+            where store_id = $txLogStoreId and migration_id = $migrationId and record_time > $recordTime
+          """
+        .as[Long]
+        .head
+        .map(rows =>
+          if (rows > 0) {
+            logger.error(
+              s"Found $rows rows for $txLogStoreDescriptor where migration_id = $migrationId and record_time > $recordTime, " +
+                "but the configuration says the domain was paused during the migration. " +
+                "Check the domain migration configuration and the content of the txlog database."
+            )
+            throw new RuntimeException("FIXME")
+          } else {
+            logger.debug(
+              s"No txlog entries found for $txLogStoreDescriptor where migration_id = $migrationId and record_time > $recordTime"
+            )
+          }
+        )
+    storage.query(action, "deleteRolledBackTxLogEntries")
+  }
+
   private[this] def deleteRolledBackTxLogEntries(
       txLogStoreId: TxLogStoreId, // Not using the storeId from the state, as the state might not be updated yet
       migrationId: Long,

apps/common/src/test/scala/org/lfdecentralizedtrust/splice/store/TxLogBackfillingStoreTest.scala

@@ -551,6 +551,8 @@ class TxLogBackfillingStoreTest
       DomainMigrationInfo(
         migrationId,
         None,
+        // FIXME
+        synchronizerWasPaused = true,
       ),
       "TxLogBackfillingStoreTest",
       participantId,
@@ -589,6 +591,8 @@ class TxLogBackfillingStoreTest
       DomainMigrationInfo(
         migrationId,
         None,
+        // FIXME
+        synchronizerWasPaused = true,
       ),
       participantId,
       RetryProvider(loggerFactory, timeouts, FutureSupervisor.Noop, NoOpMetricsFactory),

apps/common/src/test/scala/org/lfdecentralizedtrust/splice/store/UpdateHistoryTestBase.scala

@@ -245,6 +245,8 @@ abstract class UpdateHistoryTestBase
       DomainMigrationInfo(
         domainMigrationId,
         None,
+        // FIXME
+        synchronizerWasPaused = true,
       ),
       storeName,
       participantId,

apps/common/src/test/scala/org/lfdecentralizedtrust/splice/store/db/DbMultiDomainAcsStoreTest.scala

@@ -650,6 +650,8 @@ class DbMultiDomainAcsStoreTest
       DomainMigrationInfo(
         migrationId,
         None,
+        // FIXME
+        synchronizerWasPaused = true,
       ),
       participantId,
       RetryProvider(loggerFactory, timeouts, FutureSupervisor.Noop, NoOpMetricsFactory),

apps/scan/src/test/scala/org/lfdecentralizedtrust/splice/scan/store/ScanEventStoreTest.scala

@@ -747,7 +747,8 @@ class ScanEventStoreTest extends StoreTest with HasExecutionContext with SpliceP
     val participantId = mkParticipantId("ScanEventStoreTest")
     val uh = new UpdateHistory(
       storage.underlying,
-      new DomainMigrationInfo(migrationId, None),
+      // FIXME
+      new DomainMigrationInfo(migrationId, None, synchronizerWasPaused = true),
       "scan_event_store_test",
       participantId,
       dsoParty,

apps/scan/src/test/scala/org/lfdecentralizedtrust/splice/store/db/AcsSnapshotStoreTest.scala

@@ -1018,7 +1018,8 @@ class AcsSnapshotStoreTest
   ): Future[UpdateHistory] = {
     val updateHistory = new UpdateHistory(
       storage.underlying, // not under test
-      new DomainMigrationInfo(migrationId, None),
+      // FIXME
+      new DomainMigrationInfo(migrationId, None, synchronizerWasPaused = true),
       "update_history_acs_snapshot_test",
       mkParticipantId(participantId),
       dsoParty,

apps/scan/src/test/scala/org/lfdecentralizedtrust/splice/store/db/ScanAggregatorTest.scala

@@ -975,6 +975,8 @@ class ScanAggregatorTest
       DomainMigrationInfo(
         0,
         None,
+        // FIXME
+        synchronizerWasPaused = true,
       ),
       participantId = mkParticipantId("ScanAggregatorTest"),
       enableImportUpdateBackfill = true,

apps/scan/src/test/scala/org/lfdecentralizedtrust/splice/store/db/ScanStoreTest.scala

@@ -2351,6 +2351,8 @@ class DbScanStoreTest
       DomainMigrationInfo(
         domainMigrationId,
         None,
+        // FIXME
+        synchronizerWasPaused = true,
       ),
       participantId = mkParticipantId("ScanStoreTest"),
       enableImportUpdateBackfill = true,