As @alexey-milovidov wrote.
P.S. I did not use ./utils/release/release_lib.sh (via ./release), since
it is pretty complex (it fetches tags and so on)
The following macros has been updated:
- VERSION_REVISION -- usually bumped with utils/release/release_lib.sh
(interesting that even if there were no changes)
- DBMS_MIN_REVISION_WITH_INTERSERVER_SECRET
- DBMS_TCP_PROTOCOL_VERSION -- does not affect anything, some internal
yandex stuff
@vitlibar:
"Yandex synchronization check says
src/Interpreters/Cluster.cpp:299:10: error: no member named 'erase' in namespace 'std'
std::erase(config_keys, "secret");
~~~~~^
1 error generated.
Please replace std::erase with boost::range::remove_erase."
"That's quite an unusual build which links ClickHouse with a lot of closed source code and which still can't use most of C++20 features."
Add inter-server cluster secret, it is used for Distributed queries
inside cluster, you can configure in the configuration file:
<remote_servers>
<logs>
<shard>
<secret>foobar</secret> <!-- empty -- works as before -->
...
</shard>
</logs>
</remote_servers>
And this will allow clickhouse to make sure that the query was not
faked, and was issued from the node that knows the secret. And since
trust appeared it can use initial_user for query execution, this will
apply correct *_for_user (since with inter-server secret enabled, the
query will be executed from the same user on the shards as on initator,
unlike "default" user w/o it).
v2: Change user to the initial_user for Distributed queries if secret match
v3: Add Protocol::Cluster package
v4: Drop Protocol::Cluster and use plain Protocol::Hello + user marker
v5: Do not use user from Hello for cluster-secure (superfluous)
