From 6f6320565c04151ff8ef393b0c07aaa6e1c34431 Mon Sep 17 00:00:00 2001
From: Michael Hoennig <michael@hoennig.de>
Date: Wed, 27 Jul 2022 13:05:19 +0200
Subject: [PATCH] the _rv query with WHERE IN was faster after all, removing
the JOIN variant
---
sql/00-util.sql | 14 ++++++++++++++
sql/21-hs-customer.sql | 15 +--------------
sql/22-hs-packages.sql | 16 +---------------
sql/23-hs-unixuser.sql | 16 ++--------------
sql/24-hs-domain.sql | 14 +-------------
sql/25-hs-emailaddress.sql | 14 +-------------
sql/28--hs-tests.sql | 13 ++-----------
7 files changed, 22 insertions(+), 80 deletions(-)
diff --git a/sql/00-util.sql b/sql/00-util.sql
index 06755f11..7f39452e 100644
--- a/sql/00-util.sql
+++ b/sql/00-util.sql
@@ -47,3 +47,17 @@ BEGIN
END; $$;
select * from randomInRange(0, 4);
+
+
+-- ========================================================
+-- Test helpers
+-- --------------------------------------------------------
+
+-- there are some random ractors in test data generation, thus a range has to be accepted
+CREATE OR REPLACE PROCEDURE expectBetween(actualCount integer, expectedFrom integer, expectedTo integer)
+ LANGUAGE plpgsql AS $$
+BEGIN
+ IF NOT actualCount BETWEEN expectedFrom AND expectedTo THEN
+ RAISE EXCEPTION 'count expected to be between % and %, but got %', expectedFrom, expectedTo, actualCount;
+ END IF;
+END; $$;
diff --git a/sql/21-hs-customer.sql b/sql/21-hs-customer.sql
index 0c77dea6..83612e9b 100644
--- a/sql/21-hs-customer.sql
+++ b/sql/21-hs-customer.sql
@@ -107,26 +107,13 @@ CREATE TRIGGER deleteRbacRulesForCustomer_Trigger
-- create RBAC restricted view
-
--- automatically updatable, but slow with WHERE IN
SET SESSION SESSION AUTHORIZATION DEFAULT;
ALTER TABLE customer ENABLE ROW LEVEL SECURITY;
DROP VIEW IF EXISTS customer_rv;
CREATE OR REPLACE VIEW customer_rv AS
SELECT DISTINCT target.*
FROM customer AS target
- WHERE target.uuid IN (SELECT uuid FROM queryAccessibleObjectUuidsOfSubjectIds( 'view', 'customer', currentSubjectIds()));
-GRANT ALL PRIVILEGES ON customer_rv TO restricted;
-
--- not automatically updatable, but fast with JOIN
-SET SESSION SESSION AUTHORIZATION DEFAULT;
-ALTER TABLE customer ENABLE ROW LEVEL SECURITY;
-DROP VIEW IF EXISTS customer_rv;
-CREATE OR REPLACE VIEW customer_rv AS
- SELECT DISTINCT target.*
- FROM customer AS target
- JOIN queryAccessibleObjectUuidsOfSubjectIds( 'view', 'customer', currentSubjectIds()) AS allowedObjId
- ON target.uuid = allowedObjId;
+ WHERE target.uuid IN (SELECT queryAccessibleObjectUuidsOfSubjectIds( 'view', 'customer', currentSubjectIds()));
GRANT ALL PRIVILEGES ON customer_rv TO restricted;
diff --git a/sql/22-hs-packages.sql b/sql/22-hs-packages.sql
index 483725b4..3f21ae45 100644
--- a/sql/22-hs-packages.sql
+++ b/sql/22-hs-packages.sql
@@ -99,29 +99,15 @@ CREATE TRIGGER deleteRbacRulesForPackage_Trigger
FOR EACH ROW EXECUTE PROCEDURE deleteRbacRulesForPackage();
-- create RBAC-restricted view
-
--- automatically updatable, but slow with WHERE IN
SET SESSION SESSION AUTHORIZATION DEFAULT;
ALTER TABLE package ENABLE ROW LEVEL SECURITY;
DROP VIEW IF EXISTS package_rv;
CREATE OR REPLACE VIEW package_rv AS
SELECT DISTINCT target.*
FROM package AS target
- WHERE target.uuid IN (SELECT uuid FROM queryAccessibleObjectUuidsOfSubjectIds( 'view', 'package', currentSubjectIds()));
+ WHERE target.uuid IN (SELECT queryAccessibleObjectUuidsOfSubjectIds( 'view', 'package', currentSubjectIds()));
GRANT ALL PRIVILEGES ON package_rv TO restricted;
--- not automatically updatable, but fast with JOIN
-SET SESSION SESSION AUTHORIZATION DEFAULT;
-ALTER TABLE package ENABLE ROW LEVEL SECURITY;
-DROP VIEW IF EXISTS package_rv;
-CREATE OR REPLACE VIEW package_rv AS
- SELECT DISTINCT target.*
- FROM package AS target
- JOIN queryAccessibleObjectUuidsOfSubjectIds( 'view', 'package', currentSubjectIds()) AS allowedObjId
- ON target.uuid = allowedObjId;
-GRANT ALL PRIVILEGES ON package_rv TO restricted;
-
-
-- generate Package test data
diff --git a/sql/23-hs-unixuser.sql b/sql/23-hs-unixuser.sql
index cfeccfb0..44392104 100644
--- a/sql/23-hs-unixuser.sql
+++ b/sql/23-hs-unixuser.sql
@@ -8,6 +8,7 @@ SET SESSION SESSION AUTHORIZATION DEFAULT ;
CREATE TABLE IF NOT EXISTS UnixUser (
uuid uuid UNIQUE REFERENCES RbacObject(uuid),
name character varying(32),
+ comment character varying(96),
packageUuid uuid REFERENCES package(uuid)
);
@@ -102,26 +103,13 @@ CREATE TRIGGER createRbacRulesForUnixUser_Trigger
-- create RBAC-restricted view
-
--- automatically updatable, but slow with WHERE IN
SET SESSION SESSION AUTHORIZATION DEFAULT;
ALTER TABLE unixuser ENABLE ROW LEVEL SECURITY;
DROP VIEW IF EXISTS unixuser_rv;
CREATE OR REPLACE VIEW unixuser_rv AS
SELECT DISTINCT target.*
FROM unixuser AS target
- WHERE target.uuid IN (SELECT uuid FROM queryAccessibleObjectUuidsOfSubjectIds( 'view', 'unixuser', currentSubjectIds()));
-GRANT ALL PRIVILEGES ON unixuser_rv TO restricted;
-
--- not automatically updatable, but fast with JOIN
-SET SESSION SESSION AUTHORIZATION DEFAULT;
-ALTER TABLE unixuser ENABLE ROW LEVEL SECURITY;
-DROP VIEW IF EXISTS unixuser_rv;
-CREATE OR REPLACE VIEW unixuser_rv AS
- SELECT DISTINCT target.*
- FROM unixuser AS target
- JOIN queryAccessibleObjectUuidsOfSubjectIds( 'view', 'unixuser', currentSubjectIds()) AS allowedObjId
- ON target.uuid = allowedObjId;
+ WHERE target.uuid IN (SELECT queryAccessibleObjectUuidsOfSubjectIds( 'view', 'unixuser', currentSubjectIds()));
GRANT ALL PRIVILEGES ON unixuser_rv TO restricted;
diff --git a/sql/24-hs-domain.sql b/sql/24-hs-domain.sql
index 856d55f6..e9fbc142 100644
--- a/sql/24-hs-domain.sql
+++ b/sql/24-hs-domain.sql
@@ -86,27 +86,15 @@ CREATE TRIGGER createRbacRulesForDomain_Trigger
-- create RBAC-restricted view
-
--- automatically updatable, but slow with WHERE IN
SET SESSION SESSION AUTHORIZATION DEFAULT;
ALTER TABLE Domain ENABLE ROW LEVEL SECURITY;
DROP VIEW IF EXISTS domain_rv;
CREATE OR REPLACE VIEW domain_rv AS
SELECT DISTINCT target.*
FROM Domain AS target
- WHERE target.uuid IN (SELECT uuid FROM queryAccessibleObjectUuidsOfSubjectIds( 'view', 'domain', currentSubjectIds()));
+ WHERE target.uuid IN (SELECT queryAccessibleObjectUuidsOfSubjectIds( 'view', 'domain', currentSubjectIds()));
GRANT ALL PRIVILEGES ON domain_rv TO restricted;
--- not automatically updatable, but fast with JOIN
-SET SESSION SESSION AUTHORIZATION DEFAULT;
-ALTER TABLE Domain ENABLE ROW LEVEL SECURITY;
-DROP VIEW IF EXISTS domain_rv;
-CREATE OR REPLACE VIEW domain_rv AS
- SELECT DISTINCT target.*
- FROM Domain AS target
- JOIN queryAccessibleObjectUuidsOfSubjectIds( 'view', 'domain', currentSubjectIds()) AS allowedObjId
- ON target.uuid = allowedObjId;
-GRANT ALL PRIVILEGES ON domain_rv TO restricted;
-- generate Domain test data
diff --git a/sql/25-hs-emailaddress.sql b/sql/25-hs-emailaddress.sql
index df9d575c..7ff46b5a 100644
--- a/sql/25-hs-emailaddress.sql
+++ b/sql/25-hs-emailaddress.sql
@@ -74,25 +74,13 @@ CREATE TRIGGER createRbacRulesForEMailAddress_Trigger
-- create RBAC-restricted view
-
--- automatically updatable, but slow with WHERE IN
SET SESSION SESSION AUTHORIZATION DEFAULT;
ALTER TABLE EMailAddress ENABLE ROW LEVEL SECURITY;
DROP VIEW IF EXISTS EMailAddress_rv;
CREATE OR REPLACE VIEW EMailAddress_rv AS
SELECT DISTINCT target.*
FROM EMailAddress AS target
- WHERE target.uuid IN (SELECT DISTINCT uuid FROM queryAccessibleObjectUuidsOfSubjectIds( 'view', 'emailaddress', currentSubjectIds()));
-GRANT ALL PRIVILEGES ON EMailAddress_rv TO restricted;
-
--- not automatically updatable, but fast with JOIN
-SET SESSION SESSION AUTHORIZATION DEFAULT;
-ALTER TABLE EMailAddress ENABLE ROW LEVEL SECURITY;
-DROP VIEW IF EXISTS EMailAddress_rv;
-CREATE OR REPLACE VIEW EMailAddress_rv AS
- SELECT target.*
- FROM EMailAddress AS target
- WHERE target.uuid IN (SELECT DISTINCT uuid FROM queryAccessibleObjectUuidsOfSubjectIds( 'view', 'emailaddress', currentSubjectIds()));
+ WHERE target.uuid IN (SELECT queryAccessibleObjectUuidsOfSubjectIds( 'view', 'emailaddress', currentSubjectIds()));
GRANT ALL PRIVILEGES ON EMailAddress_rv TO restricted;
-- generate EMailAddress test data
diff --git a/sql/28--hs-tests.sql b/sql/28--hs-tests.sql
index 6b095349..e52a2ca3 100644
--- a/sql/28--hs-tests.sql
+++ b/sql/28--hs-tests.sql
@@ -1,15 +1,6 @@
ABORT;
SET SESSION SESSION AUTHORIZATION DEFAULT;
--- there are some random ractors in test data generation, thus a range has to be accepted
-CREATE OR REPLACE PROCEDURE expectBetween(actualCount integer, expectedFrom integer, expectedTo integer)
- LANGUAGE plpgsql AS $$
-BEGIN
- IF NOT actualCount BETWEEN expectedFrom AND expectedTo THEN
- RAISE EXCEPTION 'count expected to be between % and %, but got %', expectedFrom, expectedTo, actualCount;
- END IF;
-END; $$;
-
DO LANGUAGE plpgsql $$
DECLARE
resultCount integer;
@@ -90,8 +81,8 @@ BEGIN
SET SESSION SESSION AUTHORIZATION restricted;
SET LOCAL hsadminng.currentUser = 'mike@hostsharing.net';
SET LOCAL hsadminng.assumedRoles = 'customer#aae.admin;customer#aaf.admin';
- SELECT c.prefix, p.name as "package", ema.localPart || '@' || dom.name as "email-address"
- -- SELECT count(*) INTO resultCount
+ -- SELECT c.prefix, p.name as "package", ema.localPart || '@' || dom.name as "email-address"
+ SELECT count(*) INTO resultCount
FROM emailaddress_rv ema
JOIN domain_rv dom ON dom.uuid = ema.domainuuid
JOIN unixuser_rv uu ON uu.uuid = dom.unixuseruuid