From 6b638189d43c60860a5067bfd32ca99692c9452b Mon Sep 17 00:00:00 2001 From: Ian Littman Date: Thu, 6 Nov 2025 22:39:10 -0600 Subject: [PATCH] Don't make extra queries for unused data when grabbing team config for conditional access (#35337) For #35333. # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) --- changes/35333-less-heavy-team-get-on-conditional-access | 1 + server/service/osquery.go | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) create mode 100644 changes/35333-less-heavy-team-get-on-conditional-access diff --git a/changes/35333-less-heavy-team-get-on-conditional-access b/changes/35333-less-heavy-team-get-on-conditional-access new file mode 100644 index 0000000000..6d94d46ebb --- /dev/null +++ b/changes/35333-less-heavy-team-get-on-conditional-access @@ -0,0 +1 @@ +* Use a lighter-weight query for checking if a team is enabled for conditional access. diff --git a/server/service/osquery.go b/server/service/osquery.go index e045a67449..e7d25b0841 100644 --- a/server/service/osquery.go +++ b/server/service/osquery.go @@ -2439,7 +2439,7 @@ func (svc *Service) conditionalAccessConfiguredAndEnabledForTeam(ctx context.Con } // Host belongs to a team, thus we load the team configuration. - team, err := svc.ds.Team(ctx, *hostTeamID) + team, err := svc.ds.TeamWithoutExtras(ctx, *hostTeamID) if err != nil { return false, false, ctxerr.Wrap(ctx, err, "failed to load team config") }