Merge pull request #22755 from kssenii/postgresql-protocol-with-row-policy

Allow row policy in postgresql protocol

docker/test/fasttest/run.sh

@@ -367,6 +367,9 @@ function run_tests
         # JSON functions
         01666_blns
 
+        # Requires postgresql-client
+        01802_test_postgresql_protocol_with_row_policy
+
         # Depends on AWS
         01801_s3_cluster
     )

docker/test/stateful/run.sh

@@ -21,14 +21,14 @@ function start()
         -- --path /var/lib/clickhouse1/ --logger.stderr /var/log/clickhouse-server/stderr1.log \
         --logger.log /var/log/clickhouse-server/clickhouse-server1.log --logger.errorlog /var/log/clickhouse-server/clickhouse-server1.err.log \
         --tcp_port 19000 --tcp_port_secure 19440 --http_port 18123 --https_port 18443 --interserver_http_port 19009 --tcp_with_proxy_port 19010 \
-        --mysql_port 19004 \
+        --mysql_port 19004 --postgresql_port 19005 \
         --keeper_server.tcp_port 19181 --keeper_server.server_id 2
 
         sudo -E -u clickhouse /usr/bin/clickhouse server --config /etc/clickhouse-server2/config.xml --daemon \
         -- --path /var/lib/clickhouse2/ --logger.stderr /var/log/clickhouse-server/stderr2.log \
         --logger.log /var/log/clickhouse-server/clickhouse-server2.log --logger.errorlog /var/log/clickhouse-server/clickhouse-server2.err.log \
         --tcp_port 29000 --tcp_port_secure 29440 --http_port 28123 --https_port 28443 --interserver_http_port 29009 --tcp_with_proxy_port 29010 \
-        --mysql_port 29004 \
+        --mysql_port 29004 --postgresql_port 29005 \
         --keeper_server.tcp_port 29181 --keeper_server.server_id 3
     fi
 

docker/test/stateless/Dockerfile

@@ -28,7 +28,8 @@ RUN apt-get update -y \
             tree \
             unixodbc \
             wget \
-            mysql-client=5.7*
+            mysql-client=5.7* \
+            postgresql-client
 
 RUN pip3 install numpy scipy pandas
 

docker/test/stateless/run.sh

@@ -44,7 +44,7 @@ if [[ -n "$USE_DATABASE_REPLICATED" ]] && [[ "$USE_DATABASE_REPLICATED" -eq 1 ]]
     -- --path /var/lib/clickhouse1/ --logger.stderr /var/log/clickhouse-server/stderr1.log \
     --logger.log /var/log/clickhouse-server/clickhouse-server1.log --logger.errorlog /var/log/clickhouse-server/clickhouse-server1.err.log \
     --tcp_port 19000 --tcp_port_secure 19440 --http_port 18123 --https_port 18443 --interserver_http_port 19009 --tcp_with_proxy_port 19010 \
-    --mysql_port 19004 \
+    --mysql_port 19004 --postgresql_port 19005 \
     --keeper_server.tcp_port 19181 --keeper_server.server_id 2 \
     --macros.replica r2   # It doesn't work :(
 
@@ -52,7 +52,7 @@ if [[ -n "$USE_DATABASE_REPLICATED" ]] && [[ "$USE_DATABASE_REPLICATED" -eq 1 ]]
     -- --path /var/lib/clickhouse2/ --logger.stderr /var/log/clickhouse-server/stderr2.log \
     --logger.log /var/log/clickhouse-server/clickhouse-server2.log --logger.errorlog /var/log/clickhouse-server/clickhouse-server2.err.log \
     --tcp_port 29000 --tcp_port_secure 29440 --http_port 28123 --https_port 28443 --interserver_http_port 29009 --tcp_with_proxy_port 29010 \
-    --mysql_port 29004 \
+    --mysql_port 29004 --postgresql_port 29005 \
     --keeper_server.tcp_port 29181 --keeper_server.server_id 3 \
     --macros.shard s2   # It doesn't work :(
 

programs/server/config.xml

@@ -89,7 +89,7 @@
     <!-- Compatibility with PostgreSQL protocol.
          ClickHouse will pretend to be PostgreSQL for applications connecting to this port.
     -->
-    <!-- <postgresql_port>9005</postgresql_port> -->
+    <postgresql_port>9005</postgresql_port>
 
     <!-- HTTP API with TLS (HTTPS).
          You have to configure certificate to enable this interface.

src/Core/PostgreSQLProtocol.h

@@ -832,10 +832,13 @@ class NoPasswordAuth : public AuthenticationMethod
 {
 public:
     void authenticate(
-        const String & /* user_name */,
+        const String & user_name,
-        ContextPtr /* context */,
+        ContextPtr context,
-        Messaging::MessageTransport & /* mt */,
+        Messaging::MessageTransport & mt,
-        const Poco::Net::SocketAddress & /* address */) override {}
+        const Poco::Net::SocketAddress & address) override
+    {
+        setPassword(user_name, "", context, mt, address);
+    }
 
     Authentication::Type getType() const override
     {

tests/queries/0_stateless/01802_test_postgresql_protocol_with_row_policy.reference

@@ -0,0 +1,24 @@
+before row policy
+0
+1
+2
+3
+4
+5
+6
+7
+8
+9
+
+after row policy with no password
+ val 
+-----
+   2
+(1 row)
+
+after row policy with plaintext_password
+ val 
+-----
+   2
+(1 row)
+

tests/queries/0_stateless/01802_test_postgresql_protocol_with_row_policy.sh

@@ -0,0 +1,43 @@
+#!/usr/bin/env bash
+
+CUR_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
+# shellcheck source=../shell_config.sh
+. "$CUR_DIR"/../shell_config.sh
+
+echo "
+CREATE DATABASE IF NOT EXISTS db01802;
+DROP TABLE IF EXISTS db01802.postgresql;
+DROP ROW POLICY IF EXISTS test_policy ON db01802.postgresql;
+
+CREATE TABLE db01802.postgresql (val UInt32) ENGINE=MergeTree ORDER BY val;
+INSERT INTO db01802.postgresql SELECT number FROM numbers(10);
+
+SELECT 'before row policy';
+SELECT * FROM db01802.postgresql;
+" | $CLICKHOUSE_CLIENT -n
+
+
+echo "
+DROP USER IF EXISTS postgresql_user;
+CREATE USER postgresql_user HOST IP '127.0.0.1' IDENTIFIED WITH no_password;
+GRANT SELECT(val) ON db01802.postgresql TO postgresql_user;
+CREATE ROW POLICY IF NOT EXISTS test_policy ON db01802.postgresql FOR SELECT USING val = 2 TO postgresql_user;
+
+SELECT '';
+SELECT 'after row policy with no password';
+" | $CLICKHOUSE_CLIENT -n
+
+psql --host localhost --port ${CLICKHOUSE_PORT_POSTGRESQL} db01802 --user postgresql_user -c "SELECT * FROM postgresql;"
+
+echo "
+DROP USER IF EXISTS postgresql_user;
+DROP ROW POLICY IF EXISTS test_policy ON db01802.postgresql;
+CREATE USER postgresql_user HOST IP '127.0.0.1' IDENTIFIED WITH plaintext_password BY 'qwerty';
+GRANT SELECT(val) ON db01802.postgresql TO postgresql_user;
+CREATE ROW POLICY IF NOT EXISTS test_policy ON db01802.postgresql FOR SELECT USING val = 2 TO postgresql_user;
+
+SELECT 'after row policy with plaintext_password';
+" | $CLICKHOUSE_CLIENT -n
+
+psql "postgresql://postgresql_user:qwerty@localhost:${CLICKHOUSE_PORT_POSTGRESQL}/db01802" -c "SELECT * FROM postgresql;"
+

tests/queries/shell_config.sh

@@ -70,6 +70,8 @@ export CLICKHOUSE_PORT_HTTPS=${CLICKHOUSE_PORT_HTTPS:="8443"}
 export CLICKHOUSE_PORT_HTTP_PROTO=${CLICKHOUSE_PORT_HTTP_PROTO:="http"}
 export CLICKHOUSE_PORT_MYSQL=${CLICKHOUSE_PORT_MYSQL:=$(${CLICKHOUSE_EXTRACT_CONFIG} --try --key=mysql_port 2>/dev/null)} 2>/dev/null
 export CLICKHOUSE_PORT_MYSQL=${CLICKHOUSE_PORT_MYSQL:="9004"}
+export CLICKHOUSE_PORT_POSTGRESQL=${CLICKHOUSE_PORT_POSTGRESQL:=$(${CLICKHOUSE_EXTRACT_CONFIG} --try --key=postgresql_port 2>/dev/null)} 2>/dev/null
+export CLICKHOUSE_PORT_POSTGRESQL=${CLICKHOUSE_PORT_POSTGRESQL:="9005"}
 
 # Add database and log comment to url params
 if [ -v CLICKHOUSE_URL_PARAMS ]

tests/queries/skip_list.json

@@ -391,7 +391,8 @@
         "01655_plan_optimizations",
         "01475_read_subcolumns_storages",
         "01674_clickhouse_client_query_param_cte",
-        "01666_merge_tree_max_query_limit"
+        "01666_merge_tree_max_query_limit",
+        "01802_test_postgresql_protocol_with_row_policy" /// It cannot parse DROP ROW POLICY
     ],
     "parallel":
     [
@@ -705,6 +706,7 @@
         "01778_hierarchical_dictionaries",
         "01780_clickhouse_dictionary_source_loop",
         "01785_dictionary_element_count",
+        "01802_test_postgresql_protocol_with_row_policy", /// Creates database and users
         "01804_dictionary_decimal256_type"
     ]
 }