mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-11-21 23:21:59 +00:00
Merge pull request #22755 from kssenii/postgresql-protocol-with-row-policy
Allow row policy in postgresql protocol
This commit is contained in:
commit
786f340256
@ -367,6 +367,9 @@ function run_tests
|
|||||||
# JSON functions
|
# JSON functions
|
||||||
01666_blns
|
01666_blns
|
||||||
|
|
||||||
|
# Requires postgresql-client
|
||||||
|
01802_test_postgresql_protocol_with_row_policy
|
||||||
|
|
||||||
# Depends on AWS
|
# Depends on AWS
|
||||||
01801_s3_cluster
|
01801_s3_cluster
|
||||||
)
|
)
|
||||||
|
@ -21,14 +21,14 @@ function start()
|
|||||||
-- --path /var/lib/clickhouse1/ --logger.stderr /var/log/clickhouse-server/stderr1.log \
|
-- --path /var/lib/clickhouse1/ --logger.stderr /var/log/clickhouse-server/stderr1.log \
|
||||||
--logger.log /var/log/clickhouse-server/clickhouse-server1.log --logger.errorlog /var/log/clickhouse-server/clickhouse-server1.err.log \
|
--logger.log /var/log/clickhouse-server/clickhouse-server1.log --logger.errorlog /var/log/clickhouse-server/clickhouse-server1.err.log \
|
||||||
--tcp_port 19000 --tcp_port_secure 19440 --http_port 18123 --https_port 18443 --interserver_http_port 19009 --tcp_with_proxy_port 19010 \
|
--tcp_port 19000 --tcp_port_secure 19440 --http_port 18123 --https_port 18443 --interserver_http_port 19009 --tcp_with_proxy_port 19010 \
|
||||||
--mysql_port 19004 \
|
--mysql_port 19004 --postgresql_port 19005 \
|
||||||
--keeper_server.tcp_port 19181 --keeper_server.server_id 2
|
--keeper_server.tcp_port 19181 --keeper_server.server_id 2
|
||||||
|
|
||||||
sudo -E -u clickhouse /usr/bin/clickhouse server --config /etc/clickhouse-server2/config.xml --daemon \
|
sudo -E -u clickhouse /usr/bin/clickhouse server --config /etc/clickhouse-server2/config.xml --daemon \
|
||||||
-- --path /var/lib/clickhouse2/ --logger.stderr /var/log/clickhouse-server/stderr2.log \
|
-- --path /var/lib/clickhouse2/ --logger.stderr /var/log/clickhouse-server/stderr2.log \
|
||||||
--logger.log /var/log/clickhouse-server/clickhouse-server2.log --logger.errorlog /var/log/clickhouse-server/clickhouse-server2.err.log \
|
--logger.log /var/log/clickhouse-server/clickhouse-server2.log --logger.errorlog /var/log/clickhouse-server/clickhouse-server2.err.log \
|
||||||
--tcp_port 29000 --tcp_port_secure 29440 --http_port 28123 --https_port 28443 --interserver_http_port 29009 --tcp_with_proxy_port 29010 \
|
--tcp_port 29000 --tcp_port_secure 29440 --http_port 28123 --https_port 28443 --interserver_http_port 29009 --tcp_with_proxy_port 29010 \
|
||||||
--mysql_port 29004 \
|
--mysql_port 29004 --postgresql_port 29005 \
|
||||||
--keeper_server.tcp_port 29181 --keeper_server.server_id 3
|
--keeper_server.tcp_port 29181 --keeper_server.server_id 3
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -28,7 +28,8 @@ RUN apt-get update -y \
|
|||||||
tree \
|
tree \
|
||||||
unixodbc \
|
unixodbc \
|
||||||
wget \
|
wget \
|
||||||
mysql-client=5.7*
|
mysql-client=5.7* \
|
||||||
|
postgresql-client
|
||||||
|
|
||||||
RUN pip3 install numpy scipy pandas
|
RUN pip3 install numpy scipy pandas
|
||||||
|
|
||||||
|
@ -44,7 +44,7 @@ if [[ -n "$USE_DATABASE_REPLICATED" ]] && [[ "$USE_DATABASE_REPLICATED" -eq 1 ]]
|
|||||||
-- --path /var/lib/clickhouse1/ --logger.stderr /var/log/clickhouse-server/stderr1.log \
|
-- --path /var/lib/clickhouse1/ --logger.stderr /var/log/clickhouse-server/stderr1.log \
|
||||||
--logger.log /var/log/clickhouse-server/clickhouse-server1.log --logger.errorlog /var/log/clickhouse-server/clickhouse-server1.err.log \
|
--logger.log /var/log/clickhouse-server/clickhouse-server1.log --logger.errorlog /var/log/clickhouse-server/clickhouse-server1.err.log \
|
||||||
--tcp_port 19000 --tcp_port_secure 19440 --http_port 18123 --https_port 18443 --interserver_http_port 19009 --tcp_with_proxy_port 19010 \
|
--tcp_port 19000 --tcp_port_secure 19440 --http_port 18123 --https_port 18443 --interserver_http_port 19009 --tcp_with_proxy_port 19010 \
|
||||||
--mysql_port 19004 \
|
--mysql_port 19004 --postgresql_port 19005 \
|
||||||
--keeper_server.tcp_port 19181 --keeper_server.server_id 2 \
|
--keeper_server.tcp_port 19181 --keeper_server.server_id 2 \
|
||||||
--macros.replica r2 # It doesn't work :(
|
--macros.replica r2 # It doesn't work :(
|
||||||
|
|
||||||
@ -52,7 +52,7 @@ if [[ -n "$USE_DATABASE_REPLICATED" ]] && [[ "$USE_DATABASE_REPLICATED" -eq 1 ]]
|
|||||||
-- --path /var/lib/clickhouse2/ --logger.stderr /var/log/clickhouse-server/stderr2.log \
|
-- --path /var/lib/clickhouse2/ --logger.stderr /var/log/clickhouse-server/stderr2.log \
|
||||||
--logger.log /var/log/clickhouse-server/clickhouse-server2.log --logger.errorlog /var/log/clickhouse-server/clickhouse-server2.err.log \
|
--logger.log /var/log/clickhouse-server/clickhouse-server2.log --logger.errorlog /var/log/clickhouse-server/clickhouse-server2.err.log \
|
||||||
--tcp_port 29000 --tcp_port_secure 29440 --http_port 28123 --https_port 28443 --interserver_http_port 29009 --tcp_with_proxy_port 29010 \
|
--tcp_port 29000 --tcp_port_secure 29440 --http_port 28123 --https_port 28443 --interserver_http_port 29009 --tcp_with_proxy_port 29010 \
|
||||||
--mysql_port 29004 \
|
--mysql_port 29004 --postgresql_port 29005 \
|
||||||
--keeper_server.tcp_port 29181 --keeper_server.server_id 3 \
|
--keeper_server.tcp_port 29181 --keeper_server.server_id 3 \
|
||||||
--macros.shard s2 # It doesn't work :(
|
--macros.shard s2 # It doesn't work :(
|
||||||
|
|
||||||
|
@ -89,7 +89,7 @@
|
|||||||
<!-- Compatibility with PostgreSQL protocol.
|
<!-- Compatibility with PostgreSQL protocol.
|
||||||
ClickHouse will pretend to be PostgreSQL for applications connecting to this port.
|
ClickHouse will pretend to be PostgreSQL for applications connecting to this port.
|
||||||
-->
|
-->
|
||||||
<!-- <postgresql_port>9005</postgresql_port> -->
|
<postgresql_port>9005</postgresql_port>
|
||||||
|
|
||||||
<!-- HTTP API with TLS (HTTPS).
|
<!-- HTTP API with TLS (HTTPS).
|
||||||
You have to configure certificate to enable this interface.
|
You have to configure certificate to enable this interface.
|
||||||
|
@ -832,10 +832,13 @@ class NoPasswordAuth : public AuthenticationMethod
|
|||||||
{
|
{
|
||||||
public:
|
public:
|
||||||
void authenticate(
|
void authenticate(
|
||||||
const String & /* user_name */,
|
const String & user_name,
|
||||||
ContextPtr /* context */,
|
ContextPtr context,
|
||||||
Messaging::MessageTransport & /* mt */,
|
Messaging::MessageTransport & mt,
|
||||||
const Poco::Net::SocketAddress & /* address */) override {}
|
const Poco::Net::SocketAddress & address) override
|
||||||
|
{
|
||||||
|
setPassword(user_name, "", context, mt, address);
|
||||||
|
}
|
||||||
|
|
||||||
Authentication::Type getType() const override
|
Authentication::Type getType() const override
|
||||||
{
|
{
|
||||||
|
@ -0,0 +1,24 @@
|
|||||||
|
before row policy
|
||||||
|
0
|
||||||
|
1
|
||||||
|
2
|
||||||
|
3
|
||||||
|
4
|
||||||
|
5
|
||||||
|
6
|
||||||
|
7
|
||||||
|
8
|
||||||
|
9
|
||||||
|
|
||||||
|
after row policy with no password
|
||||||
|
val
|
||||||
|
-----
|
||||||
|
2
|
||||||
|
(1 row)
|
||||||
|
|
||||||
|
after row policy with plaintext_password
|
||||||
|
val
|
||||||
|
-----
|
||||||
|
2
|
||||||
|
(1 row)
|
||||||
|
|
43
tests/queries/0_stateless/01802_test_postgresql_protocol_with_row_policy.sh
Executable file
43
tests/queries/0_stateless/01802_test_postgresql_protocol_with_row_policy.sh
Executable file
@ -0,0 +1,43 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
CUR_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
|
||||||
|
# shellcheck source=../shell_config.sh
|
||||||
|
. "$CUR_DIR"/../shell_config.sh
|
||||||
|
|
||||||
|
echo "
|
||||||
|
CREATE DATABASE IF NOT EXISTS db01802;
|
||||||
|
DROP TABLE IF EXISTS db01802.postgresql;
|
||||||
|
DROP ROW POLICY IF EXISTS test_policy ON db01802.postgresql;
|
||||||
|
|
||||||
|
CREATE TABLE db01802.postgresql (val UInt32) ENGINE=MergeTree ORDER BY val;
|
||||||
|
INSERT INTO db01802.postgresql SELECT number FROM numbers(10);
|
||||||
|
|
||||||
|
SELECT 'before row policy';
|
||||||
|
SELECT * FROM db01802.postgresql;
|
||||||
|
" | $CLICKHOUSE_CLIENT -n
|
||||||
|
|
||||||
|
|
||||||
|
echo "
|
||||||
|
DROP USER IF EXISTS postgresql_user;
|
||||||
|
CREATE USER postgresql_user HOST IP '127.0.0.1' IDENTIFIED WITH no_password;
|
||||||
|
GRANT SELECT(val) ON db01802.postgresql TO postgresql_user;
|
||||||
|
CREATE ROW POLICY IF NOT EXISTS test_policy ON db01802.postgresql FOR SELECT USING val = 2 TO postgresql_user;
|
||||||
|
|
||||||
|
SELECT '';
|
||||||
|
SELECT 'after row policy with no password';
|
||||||
|
" | $CLICKHOUSE_CLIENT -n
|
||||||
|
|
||||||
|
psql --host localhost --port ${CLICKHOUSE_PORT_POSTGRESQL} db01802 --user postgresql_user -c "SELECT * FROM postgresql;"
|
||||||
|
|
||||||
|
echo "
|
||||||
|
DROP USER IF EXISTS postgresql_user;
|
||||||
|
DROP ROW POLICY IF EXISTS test_policy ON db01802.postgresql;
|
||||||
|
CREATE USER postgresql_user HOST IP '127.0.0.1' IDENTIFIED WITH plaintext_password BY 'qwerty';
|
||||||
|
GRANT SELECT(val) ON db01802.postgresql TO postgresql_user;
|
||||||
|
CREATE ROW POLICY IF NOT EXISTS test_policy ON db01802.postgresql FOR SELECT USING val = 2 TO postgresql_user;
|
||||||
|
|
||||||
|
SELECT 'after row policy with plaintext_password';
|
||||||
|
" | $CLICKHOUSE_CLIENT -n
|
||||||
|
|
||||||
|
psql "postgresql://postgresql_user:qwerty@localhost:${CLICKHOUSE_PORT_POSTGRESQL}/db01802" -c "SELECT * FROM postgresql;"
|
||||||
|
|
@ -70,6 +70,8 @@ export CLICKHOUSE_PORT_HTTPS=${CLICKHOUSE_PORT_HTTPS:="8443"}
|
|||||||
export CLICKHOUSE_PORT_HTTP_PROTO=${CLICKHOUSE_PORT_HTTP_PROTO:="http"}
|
export CLICKHOUSE_PORT_HTTP_PROTO=${CLICKHOUSE_PORT_HTTP_PROTO:="http"}
|
||||||
export CLICKHOUSE_PORT_MYSQL=${CLICKHOUSE_PORT_MYSQL:=$(${CLICKHOUSE_EXTRACT_CONFIG} --try --key=mysql_port 2>/dev/null)} 2>/dev/null
|
export CLICKHOUSE_PORT_MYSQL=${CLICKHOUSE_PORT_MYSQL:=$(${CLICKHOUSE_EXTRACT_CONFIG} --try --key=mysql_port 2>/dev/null)} 2>/dev/null
|
||||||
export CLICKHOUSE_PORT_MYSQL=${CLICKHOUSE_PORT_MYSQL:="9004"}
|
export CLICKHOUSE_PORT_MYSQL=${CLICKHOUSE_PORT_MYSQL:="9004"}
|
||||||
|
export CLICKHOUSE_PORT_POSTGRESQL=${CLICKHOUSE_PORT_POSTGRESQL:=$(${CLICKHOUSE_EXTRACT_CONFIG} --try --key=postgresql_port 2>/dev/null)} 2>/dev/null
|
||||||
|
export CLICKHOUSE_PORT_POSTGRESQL=${CLICKHOUSE_PORT_POSTGRESQL:="9005"}
|
||||||
|
|
||||||
# Add database and log comment to url params
|
# Add database and log comment to url params
|
||||||
if [ -v CLICKHOUSE_URL_PARAMS ]
|
if [ -v CLICKHOUSE_URL_PARAMS ]
|
||||||
|
@ -391,7 +391,8 @@
|
|||||||
"01655_plan_optimizations",
|
"01655_plan_optimizations",
|
||||||
"01475_read_subcolumns_storages",
|
"01475_read_subcolumns_storages",
|
||||||
"01674_clickhouse_client_query_param_cte",
|
"01674_clickhouse_client_query_param_cte",
|
||||||
"01666_merge_tree_max_query_limit"
|
"01666_merge_tree_max_query_limit",
|
||||||
|
"01802_test_postgresql_protocol_with_row_policy" /// It cannot parse DROP ROW POLICY
|
||||||
],
|
],
|
||||||
"parallel":
|
"parallel":
|
||||||
[
|
[
|
||||||
@ -705,6 +706,7 @@
|
|||||||
"01778_hierarchical_dictionaries",
|
"01778_hierarchical_dictionaries",
|
||||||
"01780_clickhouse_dictionary_source_loop",
|
"01780_clickhouse_dictionary_source_loop",
|
||||||
"01785_dictionary_element_count",
|
"01785_dictionary_element_count",
|
||||||
|
"01802_test_postgresql_protocol_with_row_policy", /// Creates database and users
|
||||||
"01804_dictionary_decimal256_type"
|
"01804_dictionary_decimal256_type"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user