thevar1able/ClickHouse
1
0
Fork 0
mirror of https://github.com/ClickHouse/ClickHouse.git synced 2024-12-11 17:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
134,501 Commits 9,299 Branches 1,782 Tags 2.1 GiB
afa7a95c8c
Commit Graph

996 Commits

Author SHA1 Message Date
Alexey Milovidov
114d77d8e8 Revert "Update AccessControl.cpp" 
This reverts commit ae335e9c22.
 2022-11-26 02:42:14 +01:00
Nikolay Degterinsky
3fd10e0011 Better solution 2022-11-25 22:38:28 +00:00
Nikolay Degterinsky
6825d85daa Add complexity rules for passwords 2022-11-25 22:38:05 +00:00
Alexey Milovidov
d45e49ead5 Merge branch 'password-reset-message' of github.com:ClickHouse/ClickHouse into password-reset-message 2022-11-25 23:05:03 +01:00
Alexey Milovidov
f0a3196fa8 xMerge branch 'master' into password-reset-message 2022-11-25 22:26:23 +01:00
Vasily Nemkov
d7fc4fee5e
Update SettingsProfilesInfo.cpp 2022-11-23 22:07:11 +04:00
Vasily Nemkov
ccfe0e26b4
Merge branch 'master' into fix_profile_names_mismatch 2022-11-23 21:49:46 +04:00
Vasily Nemkov
246c6ff320 Cleanup 2022-11-23 17:29:38 +04:00
Vasily Nemkov
aa78f1c842 Made sure SettingsProfilesInfo::profiles is a subset of SettingsProfilesInfo::profiles_with_implicit 
That means SettingsProfilesInfo::profiles now:
- has default_profile_id (if enabled)
- doesn't have profiles that are not matching for current user/roles
 2022-11-23 17:29:38 +04:00
kssenii
6044a9257c Merge remote-tracking branch 'upstream/master' into named-collections-sql-commands 2022-11-23 12:00:55 +01:00
Alexey Milovidov
8cb34913a1
Merge pull request #42461 from Enmk/ldap_fix_search_limit 
fix LDAP in case of many roles on user
 2022-11-22 20:05:14 +01:00
Alexey Milovidov
ae335e9c22
Update AccessControl.cpp 2022-11-22 21:58:30 +03:00
Alexey Milovidov
c816ed4f0e Move password reset message from client to server 2022-11-22 19:36:52 +01:00
Alexey Milovidov
c20dbb7770 Move password reset message from client to server 2022-11-22 19:34:38 +01:00
kssenii
ae25a90f09 Fix show access command 2022-11-19 13:21:35 +01:00
kssenii
98f5cc10bb Merge remote-tracking branch 'upstream/master' into named-collections-access-fix 2022-11-18 19:51:28 +01:00
kssenii
5323c51176 Restrict access to system.named_collections 2022-11-17 13:40:03 +01:00
kssenii
f0ce28349d Better 2022-11-16 17:58:21 +01:00
Alexey Milovidov
923f2dd562
Merge branch 'master' into ldap_fix_search_limit 2022-11-16 06:13:07 +01:00
kssenii
234f6ee54d Add commands CREATE/ALTER/DROP NAMED COLLECTION 2022-11-15 15:51:56 +01:00
Vitaly Baranov
21e7d843da
Merge pull request #43097 from vitlibar/correct-error-message-after-dropping-current-user 
Make error message after dropping current user more correct.
 2022-11-14 21:13:58 +01:00
Kseniia Sumarokova
79206c6eb0
Merge pull request #43147 from kssenii/named-collections-refactoring 
Add generic implementation for arbitrary structured named collections, access type and system.named_collections
 2022-11-14 11:57:17 +01:00
Maksim Kita
e220906c9e Analyzer added identifier typo corrections 2022-11-10 19:21:51 +01:00
kssenii
bed7ac9442 Support arbitrary structure collections 2022-11-10 17:05:24 +01:00
Vitaly Baranov
6bc8b544ce
Merge branch 'master' into correct-error-message-after-dropping-current-user 2022-11-10 13:36:52 +01:00
Vitaly Baranov
675507594a Make error message after dropping current user more correct. 2022-11-09 21:01:05 +01:00
Vasily Nemkov
c16c06eaba
Removed declaration of unused LOGICAL_ERROR 2022-11-02 20:28:40 +04:00
Vasily Nemkov
e95d2c30e9
Removed debug code 2022-11-02 18:52:38 +04:00
Vasily Nemkov
c994dabb75 Fixed build on CI/CD 
Making type conversions for search_limit explicit
 2022-11-02 17:40:40 +04:00
Vladimir Chebotaryov
d17b7387f9 Reworked changes to std::shared_ptr<const RowPolicyFilter>. 2022-10-27 10:42:55 +03:00
Vladimir Chebotaryov
c28e439c33 Review fixes. 2022-10-27 10:42:22 +03:00
Vladimir Chebotaryov
4cabe1f57c Added applied row-level policies to system.query_log. 2022-10-27 10:41:47 +03:00
Vasily Nemkov
c569adfaf6 Minor fixes: typo and missing forward declaration 2022-10-25 13:42:54 +04:00
Vasily Nemkov
659a097631 Fixed SettingsProfilesInfo::getProfileNames() throwing std::exception 
- Using profiles_with_implicit for profile IDs, since it seems to be better synchronized with names
- Trying harder: attempting to get name from AccessControl if it is missing from local cached names
- Throwing Exception if everything else fails
 2022-10-25 09:35:10 +04:00
Alexey Milovidov
98f5f27947
Merge branch 'master' into ldap_fix_search_limit 2022-10-24 10:44:45 +02:00
Azat Khuzhin
4e76629aaf Fixes for -Wshorten-64-to-32 
- lots of static_cast
- add safe_cast
- types adjustments
  - config
  - IStorage::read/watch
  - ...
- some TODO's (to convert types in future)

P.S. That was quite a journey...

v2: fixes after rebase
v3: fix conflicts after #42308 merged
Signed-off-by: Azat Khuzhin <a.khuzhin@semrush.com>
 2022-10-21 13:25:19 +02:00
Vasily Nemkov
05cde705b0 Addressed issues mentioned in PR 
Stronger hashing for LDAP parameters
Fixed SipHash double finalize()
Simplified checks on search_limit
 2022-10-20 16:38:41 +04:00
Alexey Milovidov
1fd6a56845 Update LDAPClient.h 2022-10-20 16:38:40 +04:00
Alexey Milovidov
08c1e8dc2d Update ExternalAuthenticators.cpp 2022-10-20 16:38:39 +04:00
Vasily Nemkov
1ed7ad57d9 fix LDAP in case of many roles on user 
- Raised default value of search_limit to 256
- Added option to change that to arbitrary value
- using SipHash for computing hash of LDAP server parameters
- other minor changes
 2022-10-20 16:38:38 +04:00
Alexander Tokmakov
4175f8cde6 abort instead of __builtin_unreachable in debug builds 2022-10-07 21:49:08 +02:00
Robert Schulze
fd86829824
Consolidate config_core.h into config.h 
Less duplication, less confusion ...
 2022-09-28 13:31:57 +00:00
Nikolay Degterinsky
a7f3c7086c
Merge pull request #41341 from evillique/mandatory-identification 
Add a setting requiring no_password to be explicitly specified when creating a user
 2022-09-22 15:19:43 +02:00
Nikolay Degterinsky
7292d47923
Merge branch 'master' into mandatory-identification 2022-09-21 12:18:17 +02:00
kssenii
b8079e4577 Merge remote-tracking branch 'upstream/master' into rename-some-cache-commands 2022-09-20 13:02:18 +02:00
Sergei Trifonov
cf2db48c29
Merge pull request #40631 from ClickHouse/readonly-settings-allow 
Allow to modify constrained settings in readonly mode
 2022-09-20 02:18:14 +02:00
kssenii
e3cd3686af Rename 2022-09-19 14:02:51 +02:00
serxa
a0bfa801e5 explicit ctor 2022-09-19 10:52:08 +00:00
Vitaly Baranov
e7e51ab2d9 Add comments. 2022-09-18 12:44:05 +02:00
Vitaly Baranov
69996c960c Add retries for the initialization of ReplicatedAccessStorage. 2022-09-18 12:44:05 +02:00
Vitaly Baranov
5365b105cc Add SYSTEM RELOAD USERS command. 2022-09-18 12:44:00 +02:00
Vitaly Baranov
1b40f94c6b Move common code from MemoryAccessStorage and DiskAccessStorage to IAccessStorage. 2022-09-18 12:17:15 +02:00
Vitaly Baranov
391507b4b6 Update src/Access/DiskAccessStorage.cpp 
Co-authored-by: Antonio Andelic <antonio2368@users.noreply.github.com>
 2022-09-16 19:02:06 +02:00
Vitaly Baranov
2ec6ef497d Make DiskAccessStorage::insertWithID() more consistent with MemoryAccessStorage::insertWithID(). 2022-09-16 19:02:06 +02:00
Vitaly Baranov
7e716d14cd Make ReplicatedAccessStorage::insertWithID() more consistent with MemoryAccessStorage::insertWithID(). 2022-09-16 19:02:06 +02:00
Vitaly Baranov
646cd55690 Improve recovery of ReplicatedAccessStorage after errors. 2022-09-16 19:02:06 +02:00
Vitaly Baranov
8f9f5c69da Use MemoryAccessStorage to simplify ReplicatedAccessStorage. 2022-09-16 19:02:06 +02:00
serxa
4971c1f04d review fixes 2022-09-15 11:34:14 +00:00
Nikolay Degterinsky
72d8a04ee6 Add setting 'allow_implicit_no_password' 2022-09-15 08:07:42 +00:00
Sergei Trifonov
cad3a6b764 fix style 2022-09-12 22:01:45 +02:00
Sergei Trifonov
c31818260f renames and refactoring 2022-09-12 21:03:06 +02:00
Sergei Trifonov
62541ab764 fix more tests and clang tidy build 2022-09-08 17:43:09 +02:00
Sergei Trifonov
77ee4c04aa fix stateless tests 2022-09-06 20:28:50 +02:00
Sergei Trifonov
7a2d750f7f fix typo 2022-09-02 18:59:16 +02:00
Sergei Trifonov
a6a95e38ca fix style 2022-09-02 18:20:47 +02:00
Sergei Trifonov
005b2588d8
Merge branch 'master' into readonly-settings-allow 2022-09-02 16:37:43 +02:00
Sergei Trifonov
014d109175 fix build, fix docs, fix comments, logical fixes, test are still to be fixed and new test are to be added 2022-09-02 16:20:09 +02:00
Sergei Trifonov
7fec55eea4 work in progress 2022-09-02 04:12:05 +02:00
Robert Schulze
5ff0ecb867
Merge branch 'master' into remove-unnecessary-context-access-method 2022-08-31 10:14:27 +02:00
Alexander Tokmakov
022f440ad0
Merge pull request #40769 from arthurpassos/caresptrresolver-hosts-patch 
Fix CaresPTRResolver not reading hosts file
 2022-08-30 14:35:10 +03:00
Robert Schulze
c185353bf0
Minor: remove unnecessary ContextAccess::make() method 2022-08-30 08:06:42 +00:00
Arthur Passos
961365c7a4 Fix CaresPTRResolver not reading hosts file 2022-08-29 15:11:39 -03:00
Konstantin Morozov
d185b7a332 refactoring: public ctors 2022-08-29 20:19:20 +03:00
Sergei Trifonov
f8cfb2e53a fix style, typos and tests 2022-08-29 14:33:48 +02:00
Konstantin Morozov
6636bdec2a refactoring: fix format 2022-08-29 07:44:40 +03:00
Konstantin Morozov
38a85ade27 refactoring: small up 2022-08-28 22:33:12 +03:00
Konstantin Morozov
b4de735a90 refactoring: fix space 2022-08-28 20:55:08 +03:00
Konstantin Morozov
08e9e799d0 refactoring: fix 2022-08-28 20:53:00 +03:00
Konstantin Morozov
75bd61fad5 Merge remote-tracking branch 'origin/ref/remove-unnecessary-allocation' into ref/remove-unnecessary-allocation 
# Conflicts:
#	src/Access/ContextAccess.cpp
#	src/Access/ContextAccess.h
 2022-08-28 20:50:29 +03:00
Konstantin Morozov
7cd2821aed refactoring: template make helper 2022-08-28 20:42:55 +03:00
Konstantin Morozov
4050ab819e refactoring: remove unnecessary allocation 2022-08-28 17:23:17 +03:00
Konstantin Morozov
d4d80dd3c1 refactoring: remove unnecessary allocation 2022-08-28 17:09:13 +03:00
Sergei Trifonov
c5d1bbf680 reimplement with <allow> tag 2022-08-26 21:20:00 +02:00
Sergei Trifonov
856a2f5956 Allow to modify constrained settings in readonly mode 2022-08-25 17:24:24 +02:00
avogar
8dd54c043d Merge branch 'master' of github.com:ClickHouse/ClickHouse into schema-inference-cache 2022-08-17 11:47:40 +00:00
alexX512
6bf29cb610 Change class LRUCache to class CachBase. Check running CacheBase with default pcahce policy SLRU 2022-08-07 19:59:30 +00:00
avogar
9b1a267203 Refactor, remove TTL, add size limit, add system table and system query 2022-08-05 16:20:15 +00:00
Azat Khuzhin
498c8b3c52 Fix clang-tidy in utils/examples 
Signed-off-by: Azat Khuzhin <a.khuzhin@semrush.com>
 2022-07-29 11:36:51 +03:00
Alexander Tokmakov
bed2206ae9
Merge pull request #39460 from ClickHouse/remove_some_dead_and_commented_code 
Remove some dead and commented code
 2022-07-22 13:24:34 +03:00
Alexander Tokmakov
9e9969cea7
Merge pull request #37827 from arthurpassos/host_regexp_multiple_domains 
Test host_regexp against all PTR records instead of only one
 2022-07-21 16:43:05 +03:00
Alexander Tokmakov
a8da5d96fc remove some dead and commented code 2022-07-21 15:05:48 +02:00
Nikolai Kochetov
91043351aa Fixing build. 2022-07-20 20:30:16 +00:00
Vitaly Baranov
6bf7bffbeb Correct the list of always accessible system tables. 2022-07-15 15:44:29 +02:00
Vitaly Baranov
de34d173ba Remove excessive log messages. 2022-07-15 15:44:29 +02:00
Vitaly Baranov
c85b2b5732 Add option enabling that SELECT from the system database requires grant. 2022-07-15 15:44:25 +02:00
avogar
9291d33080 Pass const std::string_view & by value, not by reference 2022-07-14 16:11:57 +00:00
Arthur Passos
395dada988 minor style adjustments 2022-07-13 09:40:56 -03:00
Arthur Passos
cb349c05c5 minor adjustments 2022-07-12 19:27:44 -03:00
Arthur Passos
d48690d455 Make CaresPTRResolver a singleton through DNSPTRResolverProvider, add comments and address minor comments 2022-07-12 14:21:10 -03:00
Robert Schulze
1a7727a254
Prefix overridden add_executable() command with "clickhouse_" 
A simple HelloWorld program with zero includes except iostream triggers
a build of ca. 2000 source files. The reason is that ClickHouse's
top-level CMakeLists.txt overrides "add_executable()" to link all
binaries against "clickhouse_new_delete". This links against
"clickhouse_common_io", which in turn has lots of 3rd party library
dependencies ... Without linking "clickhouse_new_delete", the number of
compiled files for "HelloWorld" goes down to ca. 70.

As an example, the self-extracting-executable needs none of its current
dependencies but other programs may also benefit.

In order to restore access to the original "add_executable()", the
overriding version is now prefixed. There is precedence for a
"clickhouse_" prefix (as opposed to "ch_"), for example
"clickhouse_split_debug_symbols". In general prefixing makes sense also
because overriding CMake commands relies on undocumented behavior and is
considered not-so-great practice (*).

(*) https://crascit.com/2018/09/14/do-not-redefine-cmake-commands/
 2022-07-11 19:36:18 +02:00
Vitaly Baranov
ed27987646
Merge pull request #38861 from vitlibar/backup-improvements-9 
Backup Improvements 9
 2022-07-07 02:24:47 +02:00
Vitaly Baranov
1ac46c5e48 Fix making backups containing multiple ACL tables. 2022-07-05 20:57:01 +02:00
Vitaly Baranov
43d35eec1b Write unfinished mutations to backup. 2022-07-05 14:51:09 +02:00
Arthur Passos
d66154e697 Test host_regexp against all PTR records instead of only one 2022-07-04 10:05:28 -03:00
Vitaly Baranov
b4103c1a0e
Merge pull request #38674 from vitlibar/fix-crash-when-grant-all-on-cluster 
Fix crash when granting ALL on cluster.
 2022-07-04 10:13:56 +02:00
Vitaly Baranov
92e0ee0b6f More detailed error messages. 2022-07-03 14:20:19 +02:00
Vitaly Baranov
1a71e44b28
Merge pull request #38024 from nvartolomei/nv/error-if-profile-does-not-exist 
Throw exception when xml user profile does not exist
 2022-07-03 11:26:08 +02:00
mergify[bot]
dfac2ca2fc
Merge branch 'master' into fix-crash-when-grant-all-on-cluster 2022-07-02 17:38:45 +00:00
Vitaly Baranov
8195aa768b Move checking if parent profile is allowed to UsersConfigAccessStorage. 2022-07-01 14:46:35 +02:00
Vitaly Baranov
ae2f586170 Fix crash when granting ALL on cluster. 2022-07-01 12:19:56 +02:00
Vitaly Baranov
e367d96964 Fix style. 2022-06-30 15:10:33 +02:00
Vitaly Baranov
5456bde4a2 Improve gathering metadata for storing ACL in backups. 2022-06-30 09:46:37 +02:00
Vitaly Baranov
031ca28fdc Add test for partition clause. More checks for data compatibility on restore. 2022-06-30 08:37:18 +02:00
Vitaly Baranov
11b51d2878 Implement storing UDF in backups. 2022-06-30 08:37:17 +02:00
Vitaly Baranov
44db346fea Improve gathering metadata for backup - part 3. 2022-06-30 08:37:17 +02:00
Robert Schulze
f692ead6ad
Don't use std::unique_lock unless we have to 
Replace where possible by std::lock_guard which is more light-weight.
 2022-06-28 19:19:06 +00:00
Yakov Olkhovskiy
d5f65ece9b
Merge pull request #38105 from arenadata/ADQM-419 
Add kerberosInit function as a replacement for kinit executable calls in Kafka and HDFS
 2022-06-27 14:19:24 -04:00
mergify[bot]
f63c959679
Merge branch 'master' into cleanup_garbage_in_store_dir 2022-06-26 13:35:10 +00:00
Alexander Tokmakov
74f38710a8 Merge branch 'master' into cleanup_garbage_in_store_dir 2022-06-23 21:43:28 +02:00
kssenii
6fbd49f554 Merge master 2022-06-23 21:40:01 +02:00
kssenii
468c98ff42 Better 2022-06-23 17:46:27 +02:00
Roman Vasin
cb748cd8ec Fix code style in KerberosInit 2022-06-23 16:11:48 +03:00
Roman Vasin
4bf1fc4718 Add error code and message displaying in exceptions of KerberosInit; Correct code style in KerberosInit 2022-06-23 10:28:31 +03:00
kssenii
dce1c76270 Fix 2022-06-22 18:00:25 +02:00
Roman Vasin
7bd65c8c24 Add comments to KerberosInit; Remove input cache and flags from KerberosInit 2022-06-22 16:31:48 +03:00
Roman Vasin
f281199588 Fix code style in KerberosInit; Add anonymous namespace; Add comment about using kerberos_init 2022-06-22 11:28:00 +03:00
Roman Vasin
1d6eea6cfa Replace LOG_DEBUG by LOG_TRACE in KerberosInit; Correct exception message; Prohibit making a copy of KerberosInit 2022-06-21 18:55:17 +03:00
Alexander Tokmakov
ba0fcec993 add background cleanup of store/ subdirs 2022-06-21 12:35:47 +02:00
Robert Schulze
55b39e709d
Merge remote-tracking branch 'origin/master' into clang-tsa 2022-06-20 16:39:32 +02:00
Robert Schulze
5a4f21c50f
Support for Clang Thread Safety Analysis (TSA) 
- TSA is a static analyzer build by Google which finds race conditions
  and deadlocks at compile time.

- It works by associating a shared member variable with a
  synchronization primitive that protects it. The compiler can then
  check at each access if proper locking happened before. A good
  introduction are [0] and [1].

- TSA requires some help by the programmer via annotations. Luckily,
  LLVM's libcxx already has annotations for std::mutex, std::lock_guard,
  std::shared_mutex and std::scoped_lock. This commit enables them
  (--> contrib/libcxx-cmake/CMakeLists.txt).

- Further, this commit adds convenience macros for the low-level
  annotations for use in ClickHouse (--> base/defines.h). For
  demonstration, they are leveraged in a few places.

- As we compile with "-Wall -Wextra -Weverything", the required compiler
  flag "-Wthread-safety-analysis" was already enabled. Negative checks
  are an experimental feature of TSA and disabled
  (--> cmake/warnings.cmake). Compile times did not increase noticeably.

- TSA is used in a few places with simple locking. I tried TSA also
  where locking is more complex. The problem was usually that it is
  unclear which data is protected by which lock :-(. But there was
  definitely some weird code where locking looked broken. So there is
  some potential to find bugs.

*** Limitations of TSA besides the ones listed in [1]:

- The programmer needs to know which lock protects which piece of shared
  data. This is not always easy for large classes.

- Two synchronization primitives used in ClickHouse are not annotated in
  libcxx:
  (1) std::unique_lock: A releaseable lock handle often together with
      std::condition_variable, e.g. in solve producer-consumer problems.
  (2) std::recursive_mutex: A re-entrant mutex variant. Its usage can be
      considered a design flaw + typically it is slower than a standard
      mutex. In this commit, one std::recursive_mutex was converted to
      std::mutex and annotated with TSA.

- For free-standing functions (e.g. helper functions) which are passed
  shared data members, it can be tricky to specify the associated lock.
  This is because the annotations use the normal C++ rules for symbol
  resolution.

[0] https://clang.llvm.org/docs/ThreadSafetyAnalysis.html
[1] https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/42958.pdf
 2022-06-20 16:13:25 +02:00
Vitaly Baranov
a6fc0dea4e Fix clang-tidy more. 2022-06-20 11:04:37 +02:00
Vitaly Baranov
2c8788266c Fix tests. 2022-06-20 03:44:49 +02:00
Vitaly Baranov
8a7c970ce0 Fix style. 2022-06-19 15:58:26 +02:00
Vitaly Baranov
115be82440 DiskAccessStorage is now allowed to backup by default. 2022-06-19 13:16:36 +02:00
Vitaly Baranov
9f197defda Add support for setting 'allow_backup' to skip access entities from putting to backup. 2022-06-19 12:49:50 +02:00
Vitaly Baranov
01aaaf7395 More accurate access checking for RESTORE. 2022-06-19 11:26:41 +02:00
Vitaly Baranov
a0c558a17e Implement backup/restore for ACL system tables (system.users, system.roles, etc.) 2022-06-17 18:14:31 +02:00
Roman Vasin
d93fd3bd2d Add complilation support for case when krb5 is not used 2022-06-16 09:30:40 +00:00
Vitaly Baranov
c0f06c5e16 Require new privilige 'BACKUP' to make a backup. 2022-06-15 20:32:35 +02:00
Roman Vasin
344fbe8de4 Fix code style 2022-06-15 20:26:42 +03:00
Roman Vasin
89a659e738 Move krb header files from KerberosInit.h to KerberosInit.cpp 2022-06-15 20:08:16 +03:00
Roman Vasin
1c26424371 Change message in StorageKafka; Code style correction 2022-06-15 19:35:21 +03:00
Roman Vasin
dd5b0ee065 Add kerberosInit() function to call KeberosInit 2022-06-15 17:02:53 +03:00
Antonio Andelic
dded528d13
Merge pull request #36424 from PolyProgrammist/r1unfreeze 
SYSTEM UNFREEZE query that deletes the whole backup
 2022-06-14 08:44:45 +02:00
Nikita Mikhaylov
fc626b2897
Update SettingsProfilesCache.cpp 2022-06-14 00:16:28 +02:00
Vitaly Baranov
241b51c7d4
Add implicit grants with grant option too. (#38017) 2022-06-14 00:09:51 +02:00
Nicolae Vartolomei
9555153f95 Throw exception when xml user profile does not exist 
Closes #26086
 2022-06-13 13:29:08 +00:00
Roman Vasin
4c560584c7 Code cleanup in KerberosInit and kafka integration tests 2022-06-10 12:38:39 +03:00
Roman Vasin
d1d6d87432 Cleanup code in KerberosInit 2022-06-09 11:51:15 +03:00
Roman Vasin
3cfea6e76f Cleanup code in KerberosInit, HDFSCommon and StorageKafka; update English and Russian documentation. 2022-06-08 17:57:45 +03:00
Vadim Volodin
637d293fbd Add SYSTEM UNFREEZE query 2022-06-08 15:21:14 +03:00
Roman Vasin
2b76d0c6a9 Add new integration test for kerberized Kafka; remove old kinit code from HDFSCommon 2022-06-08 12:26:35 +03:00
Roman Vasin
a156a77890 Add KerberosInit into StorageKafka 2022-06-07 14:59:46 +03:00
Vitaly Baranov
d199478169
Merge pull request #37303 from ClickHouse/fix_trash 
Try to fix some trash
 2022-06-07 10:17:39 +02:00
Roman Vasin
323835f51d Add renew/init logic in KerberosInit 2022-06-06 11:34:10 +03:00
Roman Vasin
8b5bf02927 Add support of cache commands in KerberosInit 2022-06-03 18:07:18 +03:00
Roman Vasin
82ce2d76c3 Add KerberosInit class; add kerberos_init console example; modify HDFSCommon.cpp 2022-06-03 12:06:31 +03:00
Alexander Tokmakov
cce9057eef fix style check 2022-06-02 15:27:32 +02:00
Alexander Tokmakov
3d346c766a better code 2022-06-01 16:49:26 +02:00
Maksim Kita
d1a4550b4f Fix create or drop of sql user defined functions in readonly mode 2022-05-31 17:23:41 +02:00
Alexander Tokmakov
4e52f45695 Merge branch 'master' into fix_trash 2022-05-28 19:43:19 +02:00
Alexander Tokmakov
eb71dd4c78
Merge pull request #37547 from ClickHouse/followup_37398 
Follow-up to #37398
 2022-05-26 20:29:41 +03:00
Alexander Tokmakov
e8f33fb0d9 fix flaky tests 2022-05-26 14:17:05 +02:00
Alexander Tokmakov
779e6ea0b9 make it better, fix on cluster queries 2022-05-25 20:17:49 +02:00
Alexander Tokmakov
4618429201 fixes 2022-05-24 18:53:52 +02:00
Alexander Tokmakov
dbde63d275 fixes 2022-05-24 14:24:03 +02:00
Alexander Tokmakov
d0f998fb88 Merge branch 'master' into fix_trash 2022-05-23 21:25:56 +02:00
Vitaly Baranov
9ec3b35cf2 Use AccessExpireCache instead of ExpireCache. 2022-05-21 10:15:44 +02:00
Vitaly Baranov
58f4a86ec7 Rework notifications used in access management. 2022-05-21 10:15:39 +02:00
Alexander Tokmakov
c48410b574 fix trash in my code 2022-05-21 02:05:02 +02:00
Alexander Tokmakov
9772924d06 Merge branch 'master' into fix_trash 2022-05-18 17:27:54 +02:00
Alexander Tokmakov
dea39d8175 fix some trash 2022-05-17 18:22:52 +02:00
Vitaly Baranov
f34a5cdee2
Merge branch 'master' into ON_CLUSTER-grant 2022-05-17 13:21:20 +02:00
Kseniia Sumarokova
94683786dc
Merge branch 'master' into MeiliSearch 2022-05-16 22:42:09 +02:00
Azat Khuzhin
01e1c5345a Add separate CLUSTER grant 
In case you have different roles for the same user on multiple clusters,
ON CLUSTER query can help to overcome some limitations.

Consider the following example:
- cluster_with_data, dev_user (readonly=2)
- stage_cluster, dev_user (readonly=0)

So when you will execute the following query from stage_cluster, it will
be successfully executed, since ON CLUSTER queries has different system
profile:

    DROP DATABASE default ON CLUSTER cluster_with_data

This is not 100% safe, but at least something.

Note, that right now only ON CLUSTER query it self is supported, but
separate clusters are not (i.e. GRANT CLUSTER some_cluster_name TO
default), since right now grants sticked to database+.

v2: on_cluster_queries_require_cluster_grant
v3: fix test and process flags as bit mask
Signed-off-by: Azat Khuzhin <a.khuzhin@semrush.com>
 2022-05-16 13:57:45 +03:00
Robert Schulze
e3cfec5b09
Merge remote-tracking branch 'origin/master' into clangtidies 2022-05-16 10:12:50 +02:00
Marcelo Rodriguez
3b733ec8eb Update Exception Message for allowed auth types 
update error message per this commit:
cb66a63aa4

the xml tag changed from `<certificates>` to `<ssl_certificates>`

will also submit a correction to the following doc page:
https://clickhouse.com/docs/en/operations/external-authenticators/ssl-x509
 2022-05-11 10:56:12 -06:00
mergify[bot]
0e2a86dcee
Merge branch 'master' into MeiliSearch 2022-05-11 08:49:19 +00:00
Kruglov Pavel
23bd9390a6
Merge pull request #36997 from vitlibar/users-without-assigned-policies-can-view-rows 
Users without assigned row policies can view rows
 2022-05-09 12:04:50 +02:00
Robert Schulze
1b81bb49b4
Enable clang-tidy modernize-deprecated-headers & hicpp-deprecated-headers 
Official docs:

  Some headers from C library were deprecated in C++ and are no longer
  welcome in C++ codebases. Some have no effect in C++. For more details
  refer to the C++ 14 Standard [depr.c.headers] section. This check
  replaces C standard library headers with their C++ alternatives and
  removes redundant ones.
 2022-05-09 08:23:33 +02:00
Vitaly Baranov
69bec2f377 Users without assigned row policies can view rows now. 2022-05-07 14:50:24 +02:00
Robert Schulze
330212e0f4
Remove inherited create() method + disallow copying 
The original motivation for this commit was that shared_ptr_helper used
std::shared_ptr<>() which does two heap allocations instead of
make_shared<>() which does a single allocation. Turned out that
1. the affected code (--> Storages/) is not on a hot path (rendering the
performance argument moot ...)
2. yet copying Storage objects is potentially dangerous and was
   previously allowed.

Hence, this change

- removes shared_ptr_helper and as a result all inherited create() methods,

- instead, Storage objects are now created using make_shared<>() by the
  caller (for that to work, many constructors had to be made public), and

- all Storage classes were marked as noncopyable using boost::noncopyable.

In sum, we are (likely) not making things faster but the code becomes
cleaner and harder to misuse.
 2022-05-02 08:46:52 +02:00
Mikhail Artemenko
cf48390cb9
Merge branch 'master' into MeiliSearch 2022-05-02 00:28:42 +03:00
Nikita Mikhaylov
93a65463d0
Added SYSTEM SYNC DATABASE query (#35944) 2022-05-01 15:40:18 +02:00
Mikhail Artemenko
41f657d8ed
Merge branch 'master' into MeiliSearch 2022-05-01 10:01:56 +03:00
Alexey Milovidov
1ddb04b992
Merge pull request #36715 from amosbird/refactorbase 
Reorganize source files so that base won't depend on Common
 2022-04-30 09:40:58 +03:00
mergify[bot]
288b68c86e
Merge branch 'master' into followup_password_hash_salt 2022-04-29 08:17:05 +00:00
Amos Bird
4a5e4274f0
base should not depend on Common 2022-04-29 10:26:35 +08:00
Yakov Olkhovskiy
f966d69791 error processing for RAND_bytes, style issue 2022-04-21 13:07:44 -04:00
Yakov Olkhovskiy
85df222f15 refactoring ParserAttachAccessEntity 2022-04-20 22:57:44 -04:00
larryluogit
46a9226bf6
Merge branch 'ClickHouse:master' into feature-password 2022-04-20 07:57:21 -04:00
Rajkumar
419970cc1c moved class definition to header 2022-04-20 04:05:23 -07:00
Robert Schulze
118e94523c
Activate clang-tidy warning "readability-container-contains" 
This check suggests replacing <Container>.count() by
<Container>.contains() which is more speaking and in case of
multimaps/multisets also faster.
 2022-04-18 23:53:11 +02:00
larryluogit
393fd88d95
Merge branch 'ClickHouse:master' into feature-password 2022-04-18 11:39:40 -04:00
Alexey Milovidov
294efeccfe Fix clang-tidy-14 (part 1) 2022-04-16 04:54:04 +02:00
Mikhail Artemenko
2fd86cc564
Merge branch 'master' into MeiliSearch 2022-04-13 12:05:46 +03:00
Rajkumar
c711e42b62 argument changed to const ref 2022-04-12 09:31:32 -07:00
Rajkumar
14cb87e3ef password hash salt feature 2022-04-12 07:30:09 -07:00
Mikhail Artemenko
151eeb1a27
Merge branch 'master' into MeiliSearch 2022-04-06 17:07:55 +03:00
Alexander Tokmakov
a2167f12b8 Merge branch 'master' into mvcc_prototype 2022-04-04 14:24:23 +02:00
Alexey Milovidov
5a47958744
Merge pull request #35736 from CurtizJ/quota-written-bytes 
Add quota for written bytes
 2022-04-03 05:26:49 +03:00
Anton Popov
687942ce70 more strict quota for written bytes 2022-04-01 15:02:49 +00:00
Alexander Tokmakov
6591d1ceb7 Merge branch 'master' into mvcc_prototype 2022-04-01 15:38:46 +02:00
Anton Popov
caacc7d385 add quota for written bytes 2022-03-29 18:21:29 +00:00
taiyang-li
67c3c0be3d Merge branch 'master' into improve_access_type 2022-03-29 20:42:57 +08:00
Alexander Tokmakov
208b242188 Merge branch 'master' into mvcc_prototype 2022-03-28 19:58:06 +02:00
Alexey Milovidov
bb35184da1 Add metric about size of async INSERTs 2022-03-28 02:04:19 +02:00
Alexander Tokmakov
3c762f566d Merge branch 'master' into mvcc_prototype 2022-03-21 20:16:29 +01:00
Alexey Milovidov
0ce4696c49
Revert "[WIP] New row policies" 2022-03-21 08:41:33 +03:00
taiyang-li
7d50bd1eb3 add access type hive 2022-03-21 11:19:45 +08:00
Alexander Tokmakov
9e05b12d2c Merge branch 'master' into mvcc_prototype 2022-03-20 22:42:26 +01:00
Vitaly Baranov
afe6a1003a Add new row policy kind: simple 2022-03-20 17:34:59 +01:00
Vitaly Baranov
3e950d79b3 Add new setting rbac_version. 2022-03-17 15:28:51 +01:00
Vitaly Baranov
470582e262 Change type of RowPolicyKind: bool -> enum. 2022-03-17 15:28:05 +01:00
Alexander Tokmakov
4b3e13a4fe Merge branch 'master' into mvcc_prototype 2022-03-16 21:06:19 +01:00
Vitaly Baranov
39614e6e15
Merge pull request #35276 from vitlibar/fix-code-style-and-minor-corrections-after-allow-no-password 
Fix code style and other minor corrections after implementing allow_no_password.
 2022-03-16 18:55:05 +01:00
Vitaly Baranov
e690d28fef Update src/Access/AccessControl.cpp 
Co-authored-by: Antonio Andelic <antonio2368@users.noreply.github.com>
 2022-03-16 12:03:09 +01:00
Alexander Tokmakov
9702b5177d Merge branch 'master' into mvcc_prototype 2022-03-14 21:45:38 +01:00
Vitaly Baranov
1eb2e8693e Fix code style and other minor corrections after implementing allow_no_password. 2022-03-14 20:55:34 +01:00
Maksim Kita
e14cfd5dcd Fix clang-tidy warnings in Access folder 2022-03-14 18:17:35 +00:00
Vitaly Baranov
4af61fb9d3
Merge pull request #34738 from DevTeamBK/Issue-33953 
New setting in Server Configuration to on/off AuthType Plaintext_password and No_password
 2022-03-14 17:09:46 +01:00
HeenaBansal2009
3f031df225 Code refactoring 2022-03-10 22:22:51 -08:00
Alexander Tokmakov
7f47f20aba add kill transaction query 2022-03-10 22:29:58 +01:00
HeenaBansal2009
3ce9397246 Added Suggestions from Code review 2022-03-09 20:35:01 -08:00
Vitaly Baranov
115c0c2aba
Merge pull request #34855 from vitlibar/ignore-obsolete-grants-in-attach-grants 
Ignore obsolete grants in ATTACH GRANT statements
 2022-03-04 12:50:09 +01:00
Maksim Kita
1f5837359e clang-tidy check performance-noexcept-move-constructor fix 2022-03-02 18:15:27 +00:00
HeenaBansal2009
c14c60f1d3 Merge branch 'master' into Issue-33953 2022-02-28 11:12:54 -08:00
HeenaBansal2009
aa8494a808 Fix: System Reload Config Failure 2022-02-28 10:51:49 -08:00
Vitaly Baranov
b7817b4cea Ignore obsolete grants in ATTACH GRANT statements. 2022-02-24 07:30:40 +03:00
Vitaly Baranov
aee67a6693
Merge pull request #31484 from eungenue/Implement-SSL-X509-certificate-authentication 
Implement ssl x509 certificate authentication
 2022-02-21 11:30:52 +03:00
Vitaly Baranov
cb66a63aa4 Rename header and config setting for consistency. 2022-02-21 07:41:06 +03:00
Vitaly Baranov
765d136d2a A few improvements in the implementation of SSL certificate authentication. 2022-02-21 07:41:02 +03:00
Vitaly Baranov
0d377de5f0 Support syntax CREATE USER IDENTIFIED WITH ssl_certificate CN ... 2022-02-21 07:01:00 +03:00
Vitaly Baranov
7b97c986cb
Revert "Allow restrictive row policies without permissive" 2022-02-21 06:54:28 +03:00
HeenaBansal2009
1b263f0c15 Added FT testcase 2022-02-18 12:58:46 -08:00
HeenaBansal2009
d16cae53b4 Initial Commit for Plaintext password feature 2022-02-17 21:25:18 -08:00
Vitaly Baranov
a4ef274aa1 Improve restrictive policies without permissive ones: in this case the result filter won't be calculated as False always anymore. 2022-02-17 14:18:15 +07:00
Vitaly Baranov
2de6e8e575 Change type of RowPolicyKind: bool -> enum. 2022-02-17 14:18:10 +07:00
Vitaly Baranov
e148b43a29 Privileges CREATE/ALTER/DROP ROW POLICY now can be granted on a table or on database.* as well as globally *.* 2022-02-11 12:35:52 +07:00
Maksim Kita
47412c9619 Fixed unit tests 2022-02-10 19:31:02 +00:00
Maksim Kita
3e21ebeb02 For SQLUserDefinedFunctions change access type from DATABASE to GLOBAL 2022-02-10 10:27:11 +00:00
cmsxbc
a33bd4c623
Merge branch 'master' into addressToLineWithInlines 2022-02-08 08:54:15 +08:00
Maksim Kita
bc6328e573 Fixed tests 2022-02-04 20:56:49 +00:00
cmsxbc
9f9fce07e2 Merge branch 'master' into addressToLineWithInlines 2022-02-04 20:43:00 +08:00
Vitaly Baranov
30557aebfb Add helper class to cache the result of checking access. 2022-02-02 22:22:41 +07:00
mergify[bot]
61ac72ca32
Merge branch 'master' into addressToLineWithInlines 2022-01-27 12:02:56 +00:00
Vitaly Baranov
cc38fe3fb6 Fix checking access for the SYSTEM command. 2022-01-25 18:54:59 +07:00
cmsxbc
58dd1a2d5c
add function addressToLineWithInlines 2022-01-25 19:13:47 +08:00
alexey-milovidov
3a196a118f
Merge pull request #33689 from traceon/fix-ldap-krb-config-handling 
Fix LDAP and Kerberos config handling
 2022-01-21 01:39:25 +03:00
Eugene Galkin
f46dca4793 support x509 ssl certificate authentication 2022-01-17 15:01:38 +03:00
Vitaly Baranov
bb620a93af
Merge pull request #33574 from vitlibar/fix-multiple-ldap-storages-in-same-config 
Fix using multiple LDAP storages in the same config.
 2022-01-17 13:58:12 +07:00
Vitaly Baranov
f707eb5531
Merge pull request #33401 from IlyaTsoi/master 
Fixed crash of the LDAP authorization process if there are parentheses in the user_dn variable
 2022-01-17 13:53:45 +07:00
Denis Glazachev
28bc286d8b Do not allow ldap servers with the same name 
Reset the set of ldap servers when config is re-read
 2022-01-17 00:31:10 +04:00
Denis Glazachev
0288967538 Disable kerberos if parsing the config failed 2022-01-17 00:30:03 +04:00
IlyaTsoi
7a08e1c0c4
Update LDAPClient.cpp 
Change volume of reserved memory for variable
 2022-01-14 15:29:57 +03:00
Vitaly Baranov
f818baf8f3
Update src/Access/LDAPClient.cpp 
Co-authored-by: Denis Glazachev <traceon@users.noreply.github.com>
 2022-01-14 19:17:14 +07:00
Vitaly Baranov
7084099958
Update src/Access/LDAPAccessStorage.cpp 
Co-authored-by: Denis Glazachev <traceon@users.noreply.github.com>
 2022-01-14 19:16:10 +07:00
huzhichengdd
1e0f867961
Update ContextAccess.cpp 2022-01-14 18:16:19 +08:00
huzhichengdd
71871c16db
Update ContextAccess.cpp 2022-01-14 18:04:55 +08:00
huzhichengdd
106f2fea86
Update ContextAccess.cpp 2022-01-14 18:04:26 +08:00
huzhichengdd
4a02d96af4
Update ContextAccess.cpp 2022-01-14 09:46:51 +08:00
IlyaTsoi
83f360c808
Update LDAPClient.cpp 
rename function escapeForLDAP to escapeForDN
 2022-01-13 22:28:19 +03:00
IlyaTsoi
dea356e3db
Update LDAPClient.cpp 
use escapeForFilter when assigning value to const final_search_filter
 2022-01-13 21:33:04 +03:00
IlyaTsoi
b3c4073aae
Update src/Access/LDAPClient.cpp 
Co-authored-by: Denis Glazachev <traceon@users.noreply.github.com>
 2022-01-13 21:15:07 +03:00
IlyaTsoi
6a26eccc5b
Update src/Access/LDAPClient.cpp 
rename function

Co-authored-by: Denis Glazachev <traceon@users.noreply.github.com>
 2022-01-13 21:14:07 +03:00
IlyaTsoi
f4af86b39e
Update src/Access/LDAPClient.cpp 
Remove trailing spaces:

Co-authored-by: Denis Glazachev <traceon@users.noreply.github.com>
 2022-01-13 21:11:59 +03:00
IlyaTsoi
900d5af9aa
Update src/Access/LDAPClient.cpp 
rename function

Co-authored-by: Denis Glazachev <traceon@users.noreply.github.com>
 2022-01-13 21:11:00 +03:00
IlyaTsoi
f11d2b7188
Update src/Access/LDAPClient.cpp 
escape all special chars

Co-authored-by: Denis Glazachev <traceon@users.noreply.github.com>
 2022-01-13 21:10:12 +03:00
Vitaly Baranov
80cdfa5ec6 Fix using multiple LDAP storages in the same config. 2022-01-13 20:01:50 +07:00
huzhichengdd
33348454e2
Update ContextAccess.h 2022-01-13 15:21:09 +08:00
IlyaTsoi
e302cf5fdc Revert "Update LDAPClient.cpp" 
This reverts commit 30ef16ab58.
 2022-01-12 22:55:58 +03:00
IlyaTsoi
8be5e25239 Revert "The most minimalistic solution" 
This reverts commit 9472669dd5.
 2022-01-12 22:55:35 +03:00
huzhichengdd
d06486584b
Update ContextAccess.cpp 2022-01-12 17:03:55 +08:00
huzhichengdd
430bb12a35
Update ContextAccess.cpp 2022-01-12 17:01:58 +08:00
huzhichengdd
929c1a10b5
Apply suggestions from code review 
Co-authored-by: Vitaly Baranov <vitbar@yandex-team.ru>
 2022-01-12 17:00:54 +08:00
huzhichengdd
5be2ecd27b
Update ContextAccess.cpp 2022-01-12 16:46:39 +08:00
huzhichengdd
4e94b1a2cb
Update ContextAccess.cpp 2022-01-12 16:44:37 +08:00
huzhichengdd
11a3a7889b
Update ContextAccess.h 2022-01-12 16:44:02 +08:00
huzhichengdd
4bff38a3bd
Update ContextAccess.cpp 2022-01-12 16:43:28 +08:00
huzhichengdd
f5eada7ec7
Update AccessControl.cpp 2022-01-12 16:42:33 +08:00
huzhichengdd
9cbb3586c6
Update ContextAccess.cpp 2022-01-12 16:28:41 +08:00
huzhichengdd
4ffc898063
Update ContextAccess.h 2022-01-12 15:37:16 +08:00
huzhichengdd
0864549c4c
Update ContextAccess.cpp 2022-01-12 15:35:40 +08:00
huzhichengdd
3111ce3e71
Update AccessControl.cpp 2022-01-12 15:34:05 +08:00
Vitaly Baranov
5528ddc545
Update AccessControl.cpp 
Tabs are not allowed, replaced with spaces
 2022-01-10 23:31:11 +07:00
huzhichengdd
a59354b820
Update AccessControl.cpp 2022-01-10 10:42:58 +08:00
huzhichengdd
5ffa16a8a6 fix ContextAccess constructor to avoid coredump 2022-01-10 02:31:55 +00:00
IlyaTsoi
9472669dd5
The most minimalistic solution 
You can simply add parentheses to the switch statement to escapeForLDAP function and apply it when assigning a value to the final_user_dn variable. This fixes the error, I checked
 2022-01-07 23:59:36 +03:00
IlyaTsoi
30ef16ab58
Update LDAPClient.cpp 
refactoring of escapeForLDAPFilter function
 2022-01-07 12:02:48 +03:00
IlyaTsoi
a116495471
Update LDAPClient.cpp 
Create a function escapeForLDAPFilter and use it to escape characters '(' and ')' in a variable that we receive from the LDAP server. This is necessary if these characters are present in the user's DN. Otherwise, the entire LDAP authorization process crashes with the error "Bad serach filter"
 2022-01-05 01:09:36 +03:00
Alexey Milovidov
d547fddf22 Add missing access control to some system commands 2021-12-30 21:37:21 +03:00
Mikhail Artemenko
c9d63454a5 add select implementation for MeiliSearch 2021-12-26 12:00:58 +03:00
alesapin
df0af75864 Fix clang tidy 2021-12-24 10:36:39 +03:00
Vitaly Baranov
b9090029e6
Merge pull request #32662 from vitlibar/improve-exceptions-usage-in-access-control 
Improve exceptions usage in access control
 2021-12-23 06:48:28 +03:00
Vitaly Baranov
c9b9c90615 Don't throw in unexceptional cases: authenticate(). 2021-12-23 01:17:50 +03:00
Vitaly Baranov
61bfe930db When trying to update readonly and non-readonly access storages in one query, throw after updating non-readonly ones. 2021-12-23 01:17:45 +03:00
alexey-milovidov
04fb8aeaa5
Merge pull request #32946 from antonio2368/feature/hints-for-settings 
Hints for invalid settings in query and HTTP requests
 2021-12-21 00:52:42 +03:00
Vitaly Baranov
be44743ebe Don't throw in unexceptional cases: update(). 2021-12-20 23:10:46 +03:00
Vitaly Baranov
ed94c640fa Don't throw in unexceptional cases: remove(). 2021-12-20 23:10:43 +03:00
Vitaly Baranov
551fcc55e8 Don't throw in unexceptional cases: insert(). 2021-12-20 23:09:55 +03:00
Vitaly Baranov
8c4e689da3 Don't throw in unexceptional cases: read() & readName() 2021-12-20 21:26:35 +03:00
Vitaly Baranov
a87f0b483e Replace function IAccessStorage::canInsert() with isReadOnly(). 2021-12-20 21:26:35 +03:00
Vitaly Baranov
6721060649 Rename function IAccessStorage::login() -> IAccessStorage::authenticate(). 
Remove functions IAccessStorage::hasSubscriptionImpl() and IAccessStorage::existsImpl().
 2021-12-20 21:26:27 +03:00
Vitaly Baranov
c01d0f95c3 Remove the function IAccessStorage::getIDOfLoggedUser() and move its functionality to login(AlwaysAllowCredentials). 2021-12-20 21:24:38 +03:00
Antonio Andelic
25f88356e4 Add hints for SET query and HTTP request param settings 2021-12-20 16:57:09 +01:00
Maksim Kita
51477adf1b Updated additional cases 2021-12-20 15:55:07 +03:00
Vitaly Baranov
eea269a829 Improve quota's end-of-interval calculations. 2021-12-11 13:56:38 +03:00
Vitaly Baranov
bf80b04e43
Merge branch 'master' into fix-use-quota-bug 2021-12-10 16:08:13 +03:00
Vitaly Baranov
84320f7ba9 Fix first time calculations of the ends of quota intervals. 2021-12-10 12:54:33 +03:00
liyang830
ff01b97fb5 feat: modify need_reset_counters simple method 2021-12-06 15:32:12 +08:00
Raúl Marín
ac6ccf7d9a Reduce IParser.h dependencies and dependents 
533 -> 500 objects on change
Less direct dependencies
 2021-11-26 17:19:47 +01:00
liyang830
a18b031376 fix quota fist used bug 2021-11-23 14:33:32 +08:00
Vitaly Baranov
2f8c829395 Stop all periodic reloading of all the configuration files on shutdown earlier. 2021-11-22 12:26:05 +03:00
Vitaly Baranov
57ac39f99e Add more information to exceptions raised by UsersConfigAccessStorage. 2021-11-20 12:10:45 +03:00
Alexey Milovidov
9ca5c960b7 Remove useless code 2021-11-20 10:06:28 +03:00
Alexey Milovidov
334535a4c4 Better exception message when users.xml cannot be loaded due to bad password hash 2021-11-20 10:06:20 +03:00
Vitaly Baranov
940b5edbd7
Merge pull request #31509 from vitlibar/split-row-policy-and-quota-headers 
Split row policy and quota headers
 2021-11-20 10:01:18 +03:00
Vitaly Baranov
0684b28377
Merge pull request #31337 from sunny19930321/fix-use-quota-bug 
fix: quota limit was not reached, but the limit was exceeded
 2021-11-20 09:52:24 +03:00
Vitaly Baranov
af56b20da7 Rename IAccessEntity::Type -> AccessEntityType and move it to Access/Common. 2021-11-19 02:48:00 +03:00
Vitaly Baranov
06077a2952 Rename Quota::KeyType -> QuotaKeyType and move it to Access/Common. 2021-11-19 00:14:23 +03:00
Vitaly Baranov
6634fcbac7 Rename Quota::ResourceType -> QuotaType and move it to Access/Common. 2021-11-19 00:14:23 +03:00
Vitaly Baranov
33ea7a7262 Rename RowPolicy::ConditionType -> RowPolicyFilterType and move it to Access/Common. 2021-11-19 00:14:23 +03:00
Vitaly Baranov
2883ca012e Rename RowPolicy::NameParts -> RowPolicyName and move it to Access/Common. 2021-11-19 00:14:23 +03:00
Vitaly Baranov
f4b5d5a0d7
Update src/Access/EnabledQuota.cpp 2021-11-18 21:49:36 +03:00
liyang830
8fbd46f958 change need_reset_counters method 2021-11-17 15:44:03 +08:00
Kruglov Pavel
051a9e7c69
Merge pull request #31249 from vitlibar/fix-show-grants 
Fix SHOW GRANTS when partial revokes are used.
 2021-11-12 15:49:12 +03:00
liyang830
7b88c956c8 fix: quota limit was not reached, but the limit was exceeded 2021-11-12 18:22:55 +08:00
Vitaly Baranov
db5ac1ed06 Initial user's roles are used now to find row policies. 2021-11-10 22:21:50 +03:00
Vitaly Baranov
b74999b6bd Fix SHOW GRANTS when partial revokes are used. 2021-11-10 17:03:02 +03:00
Vitaly Baranov
cb05c0504e Move more implementations from headers to cpp. 2021-11-02 22:38:32 +03:00
Vitaly Baranov
afe2c9c040 Rename AccessControlManager -> AccessControl. 2021-11-02 14:06:20 +03:00
Vitaly Baranov
a0c38a3dfd Rename AuthenticationType::MAX_TYPE. 2021-11-02 12:02:22 +03:00
Vitaly Baranov
ab01b9afc8 Split Authentication.h to common and main parts. 2021-11-01 19:13:49 +03:00
Vitaly Baranov
3ed7f8f0b3 Move access-rights' source files needed for parser to a separate target. 2021-11-01 19:13:49 +03:00
Alexey Milovidov
8b4a6a2416 Remove cruft 2021-10-28 02:10:39 +03:00
mergify[bot]
ce88a84e88
Merge branch 'master' into nv/parts-uuid-move-shard-kill 2021-10-26 11:09:19 +00:00
Maksim Kita
04047f76c7 Fixed tests 2021-10-14 00:33:18 +03:00
Maksim Kita
c9b6c2661b Refactor ConcurrentBoundedQueue 2021-10-14 00:33:18 +03:00
mergify[bot]
3b1f49aac7
Merge branch 'master' into nv/parts-uuid-move-shard-kill 2021-10-05 12:36:02 +00:00
Vitaly Baranov
17fe76709f
Merge pull request #28331 from vitlibar/mysql-authentication-cleanup 
Clean up MySQL authentication.
 2021-10-04 11:11:45 +03:00
Vitaly Baranov
30b9b8fd58 Clean up MySQL authentication. 2021-10-03 23:40:08 +03:00
Mike Kot
57e2744264 Fixing other imports 2021-10-02 21:47:35 +02:00
Mike Kot
65e6e211b4 Merge remote-tracking branch 'upstream/master' into improvement/fn-traits 2021-10-02 21:37:50 +02:00
Alexey Milovidov
fe6b7c77c7 Rename "common" to "base" 2021-10-02 10:13:14 +03:00
Mike Kot
38b02b121a Merge remote-tracking branch 'upstream/master' into improvement/fn-traits 2021-10-01 16:55:28 +02:00
Mike Kot
7670ea50c1 Replacing std::function to Fn in some places 
to avoid dynamic allocating while keeping desired function signature
clear.
Simplifying SimpleCache (CachedFn) using C++20
 2021-09-29 13:09:39 +02:00
Nikolai Kochetov
236d71ea94
Merge pull request #28582 from ClickHouse/rewrite-pushing-to-views 
Rewrite PushingToViews
 2021-09-27 21:19:11 +03:00
alesapin
ddd80c8e72
Merge pull request #29264 from Enmk/governance/table_comment_update 
Implemented modifying table comments with `ALTER TABLE t MODIFY COMMENT 'value'`
 2021-09-27 18:02:14 +03:00
Vladimir C
70dc43a72d
Merge pull request #29388 from aiven/kmichel-fix-replicated-storage-reload 2021-09-27 12:41:24 +03:00
Nikolai Kochetov
78a7665f43 Merge branch 'master' into rewrite-pushing-to-views 2021-09-27 10:56:50 +03:00