mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-11-21 23:21:59 +00:00
CLICKHOUSE-4257 remoteSecure
This commit is contained in:
parent
178302cc5d
commit
f2bbac6523
@ -67,12 +67,13 @@ Cluster::Address::Address(const Poco::Util::AbstractConfiguration & config, cons
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
Cluster::Address::Address(const String & host_port_, const String & user_, const String & password_, UInt16 clickhouse_port)
|
Cluster::Address::Address(const String & host_port_, const String & user_, const String & password_, UInt16 clickhouse_port, bool secure_)
|
||||||
: user(user_), password(password_)
|
: user(user_), password(password_)
|
||||||
{
|
{
|
||||||
auto parsed_host_port = parseAddress(host_port_, clickhouse_port);
|
auto parsed_host_port = parseAddress(host_port_, clickhouse_port);
|
||||||
host_name = parsed_host_port.first;
|
host_name = parsed_host_port.first;
|
||||||
port = parsed_host_port.second;
|
port = parsed_host_port.second;
|
||||||
|
secure = secure_ ? Protocol::Secure::Enable : Protocol::Secure::Disable;
|
||||||
|
|
||||||
initially_resolved_address = DNSResolver::instance().resolveAddress(parsed_host_port.first, parsed_host_port.second);
|
initially_resolved_address = DNSResolver::instance().resolveAddress(parsed_host_port.first, parsed_host_port.second);
|
||||||
is_local = isLocal(*this, initially_resolved_address, clickhouse_port);
|
is_local = isLocal(*this, initially_resolved_address, clickhouse_port);
|
||||||
@ -319,7 +320,7 @@ Cluster::Cluster(const Poco::Util::AbstractConfiguration & config, const Setting
|
|||||||
|
|
||||||
|
|
||||||
Cluster::Cluster(const Settings & settings, const std::vector<std::vector<String>> & names,
|
Cluster::Cluster(const Settings & settings, const std::vector<std::vector<String>> & names,
|
||||||
const String & username, const String & password, UInt16 clickhouse_port, bool treat_local_as_remote)
|
const String & username, const String & password, UInt16 clickhouse_port, bool treat_local_as_remote, bool secure)
|
||||||
{
|
{
|
||||||
UInt32 current_shard_num = 1;
|
UInt32 current_shard_num = 1;
|
||||||
|
|
||||||
@ -327,7 +328,7 @@ Cluster::Cluster(const Settings & settings, const std::vector<std::vector<String
|
|||||||
{
|
{
|
||||||
Addresses current;
|
Addresses current;
|
||||||
for (auto & replica : shard)
|
for (auto & replica : shard)
|
||||||
current.emplace_back(replica, username, password, clickhouse_port);
|
current.emplace_back(replica, username, password, clickhouse_port, secure);
|
||||||
|
|
||||||
addresses_with_failover.emplace_back(current);
|
addresses_with_failover.emplace_back(current);
|
||||||
|
|
||||||
|
@ -24,7 +24,7 @@ public:
|
|||||||
/// This parameter is needed only to check that some address is local (points to ourself).
|
/// This parameter is needed only to check that some address is local (points to ourself).
|
||||||
Cluster(const Settings & settings, const std::vector<std::vector<String>> & names,
|
Cluster(const Settings & settings, const std::vector<std::vector<String>> & names,
|
||||||
const String & username, const String & password,
|
const String & username, const String & password,
|
||||||
UInt16 clickhouse_port, bool treat_local_as_remote);
|
UInt16 clickhouse_port, bool treat_local_as_remote, bool secure = false);
|
||||||
|
|
||||||
Cluster(const Cluster &) = delete;
|
Cluster(const Cluster &) = delete;
|
||||||
Cluster & operator=(const Cluster &) = delete;
|
Cluster & operator=(const Cluster &) = delete;
|
||||||
@ -69,7 +69,7 @@ public:
|
|||||||
|
|
||||||
Address() = default;
|
Address() = default;
|
||||||
Address(const Poco::Util::AbstractConfiguration & config, const String & config_prefix);
|
Address(const Poco::Util::AbstractConfiguration & config, const String & config_prefix);
|
||||||
Address(const String & host_port_, const String & user_, const String & password_, UInt16 clickhouse_port);
|
Address(const String & host_port_, const String & user_, const String & password_, UInt16 clickhouse_port, bool secure_ = false);
|
||||||
|
|
||||||
/// Returns 'escaped_host_name:port'
|
/// Returns 'escaped_host_name:port'
|
||||||
String toString() const;
|
String toString() const;
|
||||||
|
@ -152,7 +152,8 @@ StoragePtr TableFunctionRemote::executeImpl(const ASTPtr & ast_function, const C
|
|||||||
if (names.empty())
|
if (names.empty())
|
||||||
throw Exception("Shard list is empty after parsing first argument", ErrorCodes::BAD_ARGUMENTS);
|
throw Exception("Shard list is empty after parsing first argument", ErrorCodes::BAD_ARGUMENTS);
|
||||||
|
|
||||||
cluster = std::make_shared<Cluster>(context.getSettings(), names, username, password, context.getTCPPort(), false);
|
auto maybe_secure_port = context.getTCPPortSecure();
|
||||||
|
cluster = std::make_shared<Cluster>(context.getSettings(), names, username, password, (secure && maybe_secure_port) ? *maybe_secure_port : context.getTCPPort(), false, secure);
|
||||||
}
|
}
|
||||||
|
|
||||||
auto structure_remote_table = getStructureOfRemoteTable(*cluster, remote_database, remote_table, context, remote_table_function_ptr);
|
auto structure_remote_table = getStructureOfRemoteTable(*cluster, remote_database, remote_table, context, remote_table_function_ptr);
|
||||||
@ -177,8 +178,8 @@ StoragePtr TableFunctionRemote::executeImpl(const ASTPtr & ast_function, const C
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
TableFunctionRemote::TableFunctionRemote(const std::string & name_)
|
TableFunctionRemote::TableFunctionRemote(const std::string & name_, bool secure)
|
||||||
: name(name_)
|
: name{name_}, secure{secure}
|
||||||
{
|
{
|
||||||
is_cluster_function = name == "cluster";
|
is_cluster_function = name == "cluster";
|
||||||
|
|
||||||
@ -193,6 +194,7 @@ TableFunctionRemote::TableFunctionRemote(const std::string & name_)
|
|||||||
void registerTableFunctionRemote(TableFunctionFactory & factory)
|
void registerTableFunctionRemote(TableFunctionFactory & factory)
|
||||||
{
|
{
|
||||||
factory.registerFunction("remote", [] () -> TableFunctionPtr { return std::make_shared<TableFunctionRemote>("remote"); });
|
factory.registerFunction("remote", [] () -> TableFunctionPtr { return std::make_shared<TableFunctionRemote>("remote"); });
|
||||||
|
factory.registerFunction("remoteSecure", [] () -> TableFunctionPtr { return std::make_shared<TableFunctionRemote>("remote", /* secure = */ true); });
|
||||||
factory.registerFunction("cluster", [] () -> TableFunctionPtr { return std::make_shared<TableFunctionRemote>("cluster"); });
|
factory.registerFunction("cluster", [] () -> TableFunctionPtr { return std::make_shared<TableFunctionRemote>("cluster"); });
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -16,7 +16,7 @@ namespace DB
|
|||||||
class TableFunctionRemote : public ITableFunction
|
class TableFunctionRemote : public ITableFunction
|
||||||
{
|
{
|
||||||
public:
|
public:
|
||||||
explicit TableFunctionRemote(const std::string & name_ = "remote");
|
explicit TableFunctionRemote(const std::string & name_ = "remote", bool secure = false);
|
||||||
|
|
||||||
std::string getName() const override { return name; }
|
std::string getName() const override { return name; }
|
||||||
|
|
||||||
@ -26,6 +26,7 @@ private:
|
|||||||
std::string name;
|
std::string name;
|
||||||
bool is_cluster_function;
|
bool is_cluster_function;
|
||||||
std::string help_message;
|
std::string help_message;
|
||||||
|
bool secure;
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
10
dbms/tests/queries/0_stateless/00505_shard_secure.reference
Normal file
10
dbms/tests/queries/0_stateless/00505_shard_secure.reference
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
0
|
||||||
|
0
|
||||||
|
0
|
||||||
|
0
|
||||||
|
0
|
||||||
|
0
|
||||||
|
0
|
||||||
|
0
|
||||||
|
0
|
||||||
|
0
|
24
dbms/tests/queries/0_stateless/00505_shard_secure.sh
Executable file
24
dbms/tests/queries/0_stateless/00505_shard_secure.sh
Executable file
@ -0,0 +1,24 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
# set -x
|
||||||
|
|
||||||
|
CURDIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
|
||||||
|
. $CURDIR/../shell_config.sh
|
||||||
|
|
||||||
|
# Not default server config needed
|
||||||
|
|
||||||
|
tcp_port_secure=`$CLICKHOUSE_EXTRACT_CONFIG -k tcp_port_secure 2>/dev/null`
|
||||||
|
if [ -z $tcp_port_secure ]; then
|
||||||
|
# Secure port disabled. Fake result
|
||||||
|
cat $CURDIR/00505_shard_secure.reference
|
||||||
|
else
|
||||||
|
|
||||||
|
$CLICKHOUSE_CLIENT -q "SELECT * FROM remoteSecure('127.0.0.{1,2}', system.one);"
|
||||||
|
$CLICKHOUSE_CLIENT -q "SELECT * FROM remoteSecure('127.0.0.{1,2}:$CLICKHOUSE_PORT_TCP_SECURE', system.one);"
|
||||||
|
$CLICKHOUSE_CLIENT -q "SELECT * FROM remoteSecure('127.0.0.{1,2}', system.one);"
|
||||||
|
$CLICKHOUSE_CLIENT -q "SELECT * FROM remoteSecure(test_shard_localhost_secure, system.one);"
|
||||||
|
$CLICKHOUSE_CLIENT -q "SELECT * FROM remote(test_shard_localhost_secure, system.one);"
|
||||||
|
$CLICKHOUSE_CLIENT -q "SELECT * FROM remoteSecure(test_shard_localhost, system.one);"
|
||||||
|
$CLICKHOUSE_CLIENT -q "SELECT * FROM remote(test_shard_localhost, system.one);"
|
||||||
|
|
||||||
|
fi
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
# remote
|
# remote, remoteSecure
|
||||||
|
|
||||||
Allows you to access remote servers without creating a `Distributed` table.
|
Allows you to access remote servers without creating a `Distributed` table.
|
||||||
|
|
||||||
@ -72,5 +72,6 @@ The `remote` table function can be useful in the following cases:
|
|||||||
If the user is not specified, `default` is used.
|
If the user is not specified, `default` is used.
|
||||||
If the password is not specified, an empty password is used.
|
If the password is not specified, an empty password is used.
|
||||||
|
|
||||||
|
`remoteSecure` - same as `remote` but with secured connection. Default port - `tcp_port_secure` from config or 9440.
|
||||||
|
|
||||||
[Original article](https://clickhouse.yandex/docs/en/query_language/table_functions/remote/) <!--hide-->
|
[Original article](https://clickhouse.yandex/docs/en/query_language/table_functions/remote/) <!--hide-->
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
# remote
|
# remote, remoteSecure
|
||||||
|
|
||||||
Позволяет обратиться к удалённым серверам без создания таблицы типа `Distributed`.
|
Позволяет обратиться к удалённым серверам без создания таблицы типа `Distributed`.
|
||||||
|
|
||||||
@ -72,4 +72,6 @@ example01-{01..02}-{1|2}
|
|||||||
Если пользователь не задан,то используется `default`.
|
Если пользователь не задан,то используется `default`.
|
||||||
Если пароль не задан, то используется пустой пароль.
|
Если пароль не задан, то используется пустой пароль.
|
||||||
|
|
||||||
|
`remoteSecure` - аналогично функции `remote` но с соединением по шифрованому каналу. Порт по умолчанию - `tcp_port_secure` из конфига или 9440.
|
||||||
|
|
||||||
[Оригинальная статья](https://clickhouse.yandex/docs/ru/query_language/table_functions/remote/) <!--hide-->
|
[Оригинальная статья](https://clickhouse.yandex/docs/ru/query_language/table_functions/remote/) <!--hide-->
|
||||||
|
Loading…
Reference in New Issue
Block a user