Don't make extra queries for unused data when grabbing team config for conditional access (#35337)

For #35333. # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)
2026-05-24 09:28:54 +00:00 · 2025-11-06 22:39:10 -06:00 · 2025-11-06 22:39:10 -06:00 · 6b638189d4
commit 6b638189d4
parent cfb1480f19
2 changed files with 2 additions and 1 deletions
--- a/changes/35333-less-heavy-team-get-on-conditional-access
+++ b/changes/35333-less-heavy-team-get-on-conditional-access
@ -0,0 +1 @@
+* Use a lighter-weight query for checking if a team is enabled for conditional access.
--- a/server/service/osquery.go
+++ b/server/service/osquery.go
@ -2439,7 +2439,7 @@ func (svc *Service) conditionalAccessConfiguredAndEnabledForTeam(ctx context.Con
 	}

 	// Host belongs to a team, thus we load the team configuration.
-	team, err := svc.ds.Team(ctx, *hostTeamID)
+	team, err := svc.ds.TeamWithoutExtras(ctx, *hostTeamID)
 	if err != nil {
 		return false, false, ctxerr.Wrap(ctx, err, "failed to load team config")
 	}
				`@ -0,0 +1 @@`
				`* Use a lighter-weight query for checking if a team is enabled for conditional access.`