scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-01 02:57:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

VAULT-5827 Don't prepare SQL queries before executing them (#15166)

Browse Source 
VAULT-5827 Don't prepare SQL queries before executing them

We don't support proper prepared statements, i.e., preparing once and
executing many times since we do our own templating. So preparing our
queries does not really accomplish anything, and can have severe
performance impacts (see
https://github.com/hashicorp/vault-plugin-database-snowflake/issues/13
for example).

This behavior seems to have been copy-pasted for many years but not for
any particular reason that we have been able to find. First use was in
https://github.com/hashicorp/vault/pull/15

So here we switch to new methods suffixed with `Direct` to indicate
that they don't `Prepare` before running `Exec`, and switch everything
here to use those. We maintain the older methods with the existing
behavior (with `Prepare`) for backwards compatibility.
This commit is contained in:
Christopher Swenson
2022-04-26 12:47:06 -07:00
committed by GitHub
parent 6d1ddf36a8
commit f8e907e0de
14 changed files with 56 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
plugins/database/postgresql/postgresql.go
View File

@@ -180,7 +180,7 @@ func (p *PostgreSQL) changeUserPassword(ctx context.Context, username string, ch
"username": username,
"password": password,
}
if err := dbtxn.ExecuteTxQuery(ctx, tx, m, query); err != nil {
if err := dbtxn.ExecuteTxQueryDirect(ctx, tx, m, query); err != nil {
return fmt.Errorf("failed to execute query: %w", err)
}
}
@@ -229,7 +229,7 @@ func (p *PostgreSQL) changeUserExpiration(ctx context.Context, username string,
"username": username,
"expiration": expirationStr,
}
if err := dbtxn.ExecuteTxQuery(ctx, tx, m, query); err != nil {
if err := dbtxn.ExecuteTxQueryDirect(ctx, tx, m, query); err != nil {
return err
}
}
@@ -273,7 +273,7 @@ func (p *PostgreSQL) NewUser(ctx context.Context, req dbplugin.NewUserRequest) (
"password": req.Password,
"expiration": expirationStr,
}
if err := dbtxn.ExecuteTxQuery(ctx, tx, m, stmt); err != nil {
if err := dbtxn.ExecuteTxQueryDirect(ctx, tx, m, stmt); err != nil {
return dbplugin.NewUserResponse{}, fmt.Errorf("failed to execute query: %w", err)
}
continue
@@ -291,7 +291,7 @@ func (p *PostgreSQL) NewUser(ctx context.Context, req dbplugin.NewUserRequest) (
"password": req.Password,
"expiration": expirationStr,
}
if err := dbtxn.ExecuteTxQuery(ctx, tx, m, query); err != nil {
if err := dbtxn.ExecuteTxQueryDirect(ctx, tx, m, query); err != nil {
return dbplugin.NewUserResponse{}, fmt.Errorf("failed to execute query: %w", err)
}
}
@@ -343,7 +343,7 @@ func (p *PostgreSQL) customDeleteUser(ctx context.Context, username string, revo
"name": username,
"username": username,
}
if err := dbtxn.ExecuteTxQuery(ctx, tx, m, query); err != nil {
if err := dbtxn.ExecuteTxQueryDirect(ctx, tx, m, query); err != nil {
return err
}
}
@@ -436,7 +436,7 @@ func (p *PostgreSQL) defaultDeleteUser(ctx context.Context, username string) err
// many permissions as possible right now
var lastStmtError error
for _, query := range revocationStmts {
if err := dbtxn.ExecuteDBQuery(ctx, db, nil, query); err != nil {
if err := dbtxn.ExecuteDBQueryDirect(ctx, db, nil, query); err != nil {
lastStmtError = err
}
}