* Add a codec Encrypted() for encrypting columns on disk
While this is implemented as a compression codec, it does not actually compress data. It instead encrypts data on disk. The key is obtained by executing a user-specified command at the server startup, or if it's not specified the codec refuses to process any data. For now the only supported cipher is 'AES-128-GCM-SIV'.
- Uses a small assembly file to include binary resources, rather than
objcopy
- Updates `base/common/getResource.cpp` for this new method of inclusion
- Removes linux-only guards in CMake files, as this solution is
cross-platform.
The resulting binary resources are available in the ClickHouse server
binary on Linux, macOS, and illumos platforms. FreeBSD has not been
tested, but will likely work as well.
TODO (suggested by Nikolai)
1. Build query plan fro current query (inside storage::read) up to WithMergableState
2. Check, that plan is simple enough: Aggregating - Expression - Filter - ReadFromStorage (or simplier)
3. Check, that filter is the same as filter in projection, and also expression calculates the same aggregation keys as in projection
4. Return WithMergableState if projection applies
3 will be easier to do with ActionsDAG, cause it sees all functions, and dependencies are direct (but it is possible with ExpressionActions also)
Also need to figure out how prewhere works for projections, and
row_filter_policies.
wip
* master: (694 commits)
Fix integration test test_storage_kafka failed error
Fix test 00163_column_oriented_formats failed error
Read ORC file by stripe to reduce memory cost
Function toDateTime decimal overflow ubsan fix
Revert "[RFC] Fix memory tracking with min_bytes_to_use_mmap_io"
Zlib use attribute constructor for functable initialization
Translate to Russian (clickhouse-client documentation)
Simple key dictionary primary key wrong order fix
Disable hedged requests
Added integration test
Revert "Function `arrayFold` for folding over array with accumulator"
Fix documentation for the GRANT command.
Added system query reload model
Make function `unhex` case insensitive for compatibility
Improve documentation for CREATE ROW POLICY command #2.
Add exception message
Fix tidy
Fix waiting for all connections closed on shutdown.
Disable postgresql_port in perf tests
Mark 01605_adaptive_granularity_block_borders as long
...
* master: (860 commits)
Update version_date.tsv after release 21.2.8.31
Update version_date.tsv after release 21.3.5.42
Fixed typos
Add metric to track how much time is spend during waiting for Buffer layer lock
Safer SCOPE_EXIT
Add SCOPE_EXIT_SAFE/SCOPE_EXIT_MEMORY_SAFE helpers
Lock MEMORY_LIMIT_EXCEEDED in ThreadStatus::detachQuery()
Update CHANGELOG.md
Reset timeouts to default
Add Third party service info
Disable table function view in expression (#21465)
fix test 01702_system_query_log
Remove strange fsync on coordination logs rotation
add test
MemoryStorage sync comments and code
Fix typos
Support alter setting
Handle not plain where tree in StorageMerge modifySelect
Updated test
Change Aggregatingmergetree to AggregatingMergeTree in docs
...
Refactor some config parsing code
Rename some arguments to better reflect their meaning
Add documentation for user_dn_detection section and user_dn placeholder in config.xml and in docs
* Refactoring: part 1
* Refactoring: part 2
* Handle request using ReadBuffer interface
* Struggles with ReadBuffer's
* Fix URI parsing
* Implement parsing of multipart/form-data
* Check HTTP_LENGTH_REQUIRED before eof() or will hang
* Fix HTTPChunkedReadBuffer
* Fix build and style
* Fix test
* Resist double-eof
* Fix arcadian build
If you push data via Buffer engine then all your queries will be done
from one user, however this is not always desired behavior, since this
will not allow to limit queries with max_concurrent_queries_for_user and
similar.
* master: (605 commits)
DOCSUP-4710: Added support numeric parameters in number and string data types (#18696)
DOCSUP-5604: Edit and translate to Russian (#18929)
Update version_date.tsv after release 21.1.2.15
Usability improvement of clickhouse-test
Update jit_large_requests.xml
Update README.md
Update images.json
Make symbolizers available in fuzzer Docker image
Update Dragonbox
Speed up aggregate function sum
Fix MSan report in Kerberos library
Fix MSan error in rocksdb #19213
Add more Fuzzer tasks
Fixes
Update comment for curl dependency for aws
Disable curl for mariadb-connector-c (it is not required)
Fix TSan
Skip test for ANTLR
DistributedBlockOutputStream: add more comments
DistributedBlockOutputStream: Remove superfluous brackets for string construction
...
* master: (620 commits)
Add test for some possible ambiguities in syntax
Update PushingToViewsBlockOutputStream.h
[For #18707] MySQL compatibility: support DIV and MOD operators
Mark another flaky test
Remove some headers
Mark some TestFlows as flaky
Fix error
Fix errors
One more test
Arcadia does not support distributed queries
Add a test for #14974
Added a test from #15641
More robust stateful test
Update tests
Remove bad code in HashJoin
Update test
Don't allow conversion between UUID and numeric types
Remove pink screen with confusing questions about Kerberos
Do not throw from Parser
Fix the unexpected behaviour of show tables when antlr parser enabled (#18431)
...
# Conflicts:
# programs/server/config.xml
# src/Access/Authentication.cpp
# src/Access/Authentication.h
Restarting a server instance to change the interserver password results
in many replicas being out of sync until all clusters are using the new
credential.
This commit adds dynamic credential loading for both the client
(Replicated* tables) and server (InterserverIOHTTPHandler).
This commit also adds the ability to rotate credentials, i.e. accept more
than one credential during a credential change.
state0 (no auth):
<interserver_http_credentials />
state1 (auth+allow_empty migration):
<interserver_http_credentials>
<user>admin</user>
<password>222</password>
<allow_empty>true</allow_empty>
</interserver_http_credentials>
state2 (auth+new admin password migration):
<interserver_http_credentials>
<user>admin</user>
<password>333</password>
<users>
<admin>222</admin>
</users>
</interserver_http_credentials>