feat: support accept_invalid_certificate in client's config

2024-11-22 07:31:57 +00:00 · 2024-06-14 00:40:44 +08:00 · 2024-06-14 00:40:44 +08:00 · 4489795502
commit 4489795502
parent 02a3049876
4 changed files with 138 additions and 20 deletions
--- a/programs/client/Client.cpp
+++ b/programs/client/Client.cpp
@ -178,6 +178,9 @@ void Client::parseConnectionsCredentials(Poco::Util::AbstractConfiguration & con
                history_file = home_path + "/" + history_file.substr(1);
            config.setString("history_file", history_file);
        }
+        if (config.has(prefix + "accept-invalid-certificate")) {
+            config.setString("accept-invalid-certificate", prefix + "accept-invalid-certificate");
+        }
    }

    if (!connection_name.empty() && !connection_found)
@ -721,7 +724,7 @@ bool Client::processWithFuzzing(const String & full_query)
    }
    if (auto *q = orig_ast->as<ASTSetQuery>())
    {
-        if (auto *setDialect = q->changes.tryGet("dialect"); setDialect && setDialect->safeGet<String>() == "kusto")
+        if (auto *set_dialect = q->changes.tryGet("dialect"); set_dialect && set_dialect->safeGet<String>() == "kusto")
            return true;
    }

@ -1102,7 +1105,7 @@ void Client::processOptions(const OptionsDescription & options_description,
        config().setBool("no-warnings", true);
    if (options.count("fake-drop"))
        config().setString("ignore_drop_queries_probability", "1");
-    if (options.count("accept-invalid-certificate"))
+    if (options.count("accept-invalid-certificate") || config().has("accept-invalid-certificate"))
    {
        config().setString("openSSL.client.invalidCertificateHandler.name", "AcceptCertificateHandler");
        config().setString("openSSL.client.verificationMode", "none");
--- a/tests/queries/0_stateless/01189_clickhouse_accept_invalid_certificate.sh
+++ b/tests/queries/0_stateless/01189_clickhouse_accept_invalid_certificate.sh
@ -0,0 +1,107 @@
+#!/usr/bin/env bash
+# Tags: no-fasttest, no-random-settings
+
+CUR_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
+# shellcheck source=../shell_config.sh
+. "$CUR_DIR"/../shell_config.sh
+
+# use $CLICKHOUSE_DATABASE so that clickhouse-test will replace it with default to match .reference
+config=$CLICKHOUSE_TMP/config_$CLICKHOUSE_DATABASE
+xml_config=$CLICKHOUSE_TMP/config_$CLICKHOUSE_DATABASE.xml
+XML_config=$CLICKHOUSE_TMP/config_$CLICKHOUSE_DATABASE.XML
+conf_config=$CLICKHOUSE_TMP/config_$CLICKHOUSE_DATABASE.conf
+yml_config=$CLICKHOUSE_TMP/config_$CLICKHOUSE_DATABASE.yml
+yaml_config=$CLICKHOUSE_TMP/config_$CLICKHOUSE_DATABASE.yaml
+ini_config=$CLICKHOUSE_TMP/config_$CLICKHOUSE_DATABASE.ini
+
+function cleanup() {
+	rm "${config:?}"
+	rm "${xml_config:?}"
+	rm "${XML_config:?}"
+	rm "${conf_config:?}"
+	rm "${yml_config:?}"
+	rm "${yaml_config:?}"
+	rm "${ini_config:?}"
+}
+trap cleanup EXIT
+
+cat >"$config" <<EOL
+<config>
+    <openSSL>
+        <client>
+            <invalidCertificateHandler>
+                <name>RejectCertificateHandler</name>
+            </invalidCertificateHandler>
+        </client>
+    </openSSL>
+</config>
+EOL
+cat >"$conf_config" <<EOL
+<config>
+    <openSSL>
+        <client>
+            <invalidCertificateHandler>
+                <name>RejectCertificateHandler</name>
+            </invalidCertificateHandler>
+        </client>
+    </openSSL>
+</config>
+EOL
+cat >"$xml_config" <<EOL
+<config>
+    <openSSL>
+        <client>
+            <invalidCertificateHandler>
+                <name>RejectCertificateHandler</name>
+            </invalidCertificateHandler>
+        </client>
+    </openSSL>
+</config>
+EOL
+cat >"$XML_config" <<EOL
+<config>
+    <openSSL>
+        <client>
+            <invalidCertificateHandler>
+                <name>RejectCertificateHandler</name>
+            </invalidCertificateHandler>
+        </client>
+    </openSSL>
+</config>
+EOL
+cat >"$yml_config" <<EOL
+openSSL:
+  client:
+    invalidCertificateHandler:
+      name: RejectCertificateHandler
+EOL
+cat >"$yaml_config" <<EOL
+openSSL:
+  client:
+    invalidCertificateHandler:
+      name: RejectCertificateHandler
+EOL
+cat >"$ini_config" <<EOL
+[openSSL.client.invalidCertificateHandler]
+name = RejectCertificateHandler
+EOL
+
+echo 'default'
+$CLICKHOUSE_CLIENT --config "$config" -q "select getSetting('invalidCertificateHandler')"
+echo 'xml'
+$CLICKHOUSE_CLIENT --config "$xml_config" -q "select getSetting('invalidCertificateHandler')"
+echo 'XML'
+$CLICKHOUSE_CLIENT --config "$XML_config" -q "select getSetting('invalidCertificateHandler')"
+echo 'conf'
+$CLICKHOUSE_CLIENT --config "$conf_config" -q "select getSetting('invalidCertificateHandler')"
+echo '/dev/fd/PIPE'
+# verify that /dev/fd/X parsed as XML (regardless it has .xml extension or not)
+# and that pipe does works
+$CLICKHOUSE_CLIENT --config <(echo '<config><invalidCertificateHandler><name>RejectCertificateHandler</name></invalidCertificateHandler></config>') -q "select getSetting('invalidCertificateHandler')"
+
+echo 'yml'
+$CLICKHOUSE_CLIENT --config "$yml_config" -q "select getSetting('invalidCertificateHandler')"
+echo 'yaml'
+$CLICKHOUSE_CLIENT --config "$yaml_config" -q "select getSetting('invalidCertificateHandler')"
+echo 'ini'
+$CLICKHOUSE_CLIENT --config "$ini_config" -q "select getSetting('invalidCertificateHandler')" 2>&1 |& sed -e "s#$CLICKHOUSE_TMP##" -e "s#DB::Exception: ##"
--- a/tests/queries/0_stateless/01889_clickhouse_client_config_format.sh
+++ b/tests/queries/0_stateless/01889_clickhouse_client_config_format.sh
@ -14,45 +14,44 @@ yml_config=$CLICKHOUSE_TMP/config_$CLICKHOUSE_DATABASE.yml
 yaml_config=$CLICKHOUSE_TMP/config_$CLICKHOUSE_DATABASE.yaml
 ini_config=$CLICKHOUSE_TMP/config_$CLICKHOUSE_DATABASE.ini

-function cleanup()
-{
-    rm "${config:?}"
-    rm "${xml_config:?}"
-    rm "${XML_config:?}"
-    rm "${conf_config:?}"
-    rm "${yml_config:?}"
-    rm "${yaml_config:?}"
-    rm "${ini_config:?}"
+function cleanup() {
+	rm "${config:?}"
+	rm "${xml_config:?}"
+	rm "${XML_config:?}"
+	rm "${conf_config:?}"
+	rm "${yml_config:?}"
+	rm "${yaml_config:?}"
+	rm "${ini_config:?}"
 }
 trap cleanup EXIT

-cat > "$config" <<EOL
+cat >"$config" <<EOL
 <config>
    <max_threads>2</max_threads>
 </config>
 EOL
-cat > "$conf_config" <<EOL
+cat >"$conf_config" <<EOL
 <config>
    <max_threads>2</max_threads>
 </config>
 EOL
-cat > "$xml_config" <<EOL
+cat >"$xml_config" <<EOL
 <config>
    <max_threads>2</max_threads>
 </config>
 EOL
-cat > "$XML_config" <<EOL
+cat >"$XML_config" <<EOL
 <config>
    <max_threads>2</max_threads>
 </config>
 EOL
-cat > "$yml_config" <<EOL
+cat >"$yml_config" <<EOL
 max_threads: 2
 EOL
-cat > "$yaml_config" <<EOL
+cat >"$yaml_config" <<EOL
 max_threads: 2
 EOL
-cat > "$ini_config" <<EOL
+cat >"$ini_config" <<EOL
 [config]
 max_threads=2
 EOL
--- a/tests/queries/0_stateless/02550_client_connections_credentials.sh
+++ b/tests/queries/0_stateless/02550_client_connections_credentials.sh
@ -14,7 +14,7 @@ CLICKHOUSE_PORT_TCP=""
 . "$CUR_DIR"/../shell_config.sh

 CONFIG=$CLICKHOUSE_TMP/client.xml
-cat > $CONFIG <<EOL
+cat >$CONFIG <<EOL
 <clickhouse>
    <host>$TEST_HOST</host>
    <port>$TEST_PORT</port>
@ -66,12 +66,21 @@ cat > $CONFIG <<EOL
            <hostname>$TEST_HOST</hostname>
            <history_file>/no/such/dir/.history</history_file>
        </connection>
+
+        <connection>
+          <name> test_accept_invalid_certificate </name>
+          <hostname> $TEST_HOST </hostname>
+          <database>$CLICKHOUSE_DATABASE</database>
+          <invalidCertificateHandler>
+              <name>RejectCertificateHandler</name>
+          </invalidCertificateHandler>
+        </connection>
    </connections_credentials>
 </clickhouse>
 EOL

 CONFIG_ROOT_OVERRIDES=$CLICKHOUSE_TMP/client_user_pass.xml
-cat > $CONFIG_ROOT_OVERRIDES <<EOL
+cat >$CONFIG_ROOT_OVERRIDES <<EOL
 <clickhouse>
    <host>$TEST_HOST</host>
    <port>$TEST_PORT</port>