Populating secret ownership via join rather than subquery #1169
Conversation
Update: I intentionally did not merge this because, while I believe it to be safe, it is also invasive, and I prioritized other more critical performance fixes over this one. It should still be merged eventually as I believe it to be a significant performance improvement. |
SelectQuery<Record> query = dslContext.select(SECRETS.fields()) | ||
.from(SECRETS) | ||
.join(ACCESSGRANTS).on(SECRETS.ID.eq(ACCESSGRANTS.SECRETID)) | ||
.join(MEMBERSHIPS).on(ACCESSGRANTS.GROUPID.eq(MEMBERSHIPS.GROUPID)) | ||
.join(CLIENTS).on(CLIENTS.ID.eq(MEMBERSHIPS.CLIENTID)) | ||
.join(SECRETS_CONTENT).on(SECRETS_CONTENT.ID.eq(SECRETS.CURRENT)) | ||
.where(CLIENTS.NAME.eq(client.getName()).and(SECRETS.CURRENT.isNotNull())) | ||
.getQuery(); | ||
SecretSeriesDAO secretSeriesDAO = secretSeriesDAOFactory.using(dslContext.configuration()); | ||
|
||
SelectQuery<Record> query = secretSeriesDAO.baseSelectQuery(); | ||
query.addJoin(ACCESSGRANTS, SECRETS.ID.eq(ACCESSGRANTS.SECRETID)); | ||
query.addJoin(MEMBERSHIPS, ACCESSGRANTS.GROUPID.eq(MEMBERSHIPS.GROUPID)); | ||
query.addJoin(CLIENTS, CLIENTS.ID.eq(MEMBERSHIPS.CLIENTID)); | ||
query.addJoin(SECRETS_CONTENT, SECRETS_CONTENT.ID.eq(SECRETS.CURRENT)); | ||
query.addConditions(CLIENTS.NAME.eq(client.getName()).and(SECRETS.CURRENT.isNotNull())); | ||
query.addSelect(SECRETS_CONTENT.CONTENT_HMAC); | ||
query.addSelect(SECRETS_CONTENT.CREATEDAT); | ||
query.addSelect(SECRETS_CONTENT.CREATEDBY); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In a violation of encapsulation, AclDAO replicates a bunch of queries for selecting various objects rather than leaning on the respective DAOs. What we've done here is move the base query into the secrets DAO but then allow AclDAO to customize it as needed.
query.fetch() | ||
.map(row -> processSanitizedSecretRow(row, client)) | ||
.map(row -> processSanitizedSecretRow(row, client, secretSeriesDAO)) | ||
.forEach(sanitizedSet::add); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Because we defer to the SecretSeriesDAO when it comes to mapping records to SecretSeries, we need to pass that class into the helper function.
1e66f42
to
1c53df3
Compare
No description provided.