Skip to content

Commit 007a7fd

Browse files
ianton-ruianton-ru
authored
Merge branch 'antalya-25.8' into backport/antalya-25.8/88273
2 parents ea45c25 + 801ee9e commit 007a7fd

File tree

19 files changed

+245
-137
lines changed

19 files changed

+245
-137
lines changed

.github/workflows/regression-reusable-suite.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -74,6 +74,7 @@ jobs:
7474
SUITE_EXECUTABLE: ${{ inputs.suite_executable }}
7575
STORAGE: ${{ inputs.storage_path }}
7676
PART: ${{ inputs.part }}
77+
REPORT_JOB_NAME: ${{ format('{0}{1}', inputs.job_name != '' && inputs.job_name || inputs.suite_name, inputs.part != '' && format('_{0}', inputs.part) || '') }}
7778
# AWS credentials
7879
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
7980
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -98,7 +99,7 @@ jobs:
9899
--local
99100
--collect-service-logs
100101
--output ${{ inputs.output_format }}
101-
--attr project="${GITHUB_REPOSITORY}" project.id="${GITHUB_REPOSITORY_ID}" user.name="${GITHUB_ACTOR}" version="${{ fromJson(inputs.workflow_config).custom_data.version.string }}" package="$clickhouse_path" repository="https://github.com/Altinity/clickhouse-regression" commit.hash="$(git rev-parse HEAD)" job.name=$GITHUB_JOB job.retry=$GITHUB_RUN_ATTEMPT job.url="${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}" arch="$(uname -i)"
102+
--attr project="${GITHUB_REPOSITORY}" project.id="${GITHUB_REPOSITORY_ID}" user.name="${GITHUB_ACTOR}" version="${{ fromJson(inputs.workflow_config).custom_data.version.string }}" package="$clickhouse_path" repository="https://github.com/Altinity/clickhouse-regression" commit.hash="$(git rev-parse HEAD)" job.name="$REPORT_JOB_NAME" job.retry=$GITHUB_RUN_ATTEMPT job.url="${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}" arch="$(uname -i)"
102103
--cicd
103104
--log raw.log
104105
${{ inputs.flags != 'none' && inputs.flags || ''}}

contrib/curl-cmake/CMakeLists.txt

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -109,6 +109,7 @@ set (SRCS
109109
"${LIBRARY_DIR}/lib/sendf.c"
110110
"${LIBRARY_DIR}/lib/setopt.c"
111111
"${LIBRARY_DIR}/lib/sha256.c"
112+
"${LIBRARY_DIR}/lib/curl_share.c"
112113
"${LIBRARY_DIR}/lib/slist.c"
113114
"${LIBRARY_DIR}/lib/smb.c"
114115
"${LIBRARY_DIR}/lib/smtp.c"
@@ -169,6 +170,7 @@ set (SRCS
169170
"${LIBRARY_DIR}/lib/curlx/dynbuf.c"
170171
"${LIBRARY_DIR}/lib/curlx/fopen.c"
171172
"${LIBRARY_DIR}/lib/curlx/inet_ntop.c"
173+
"${LIBRARY_DIR}/lib/curlx/strcopy.c"
172174
"${LIBRARY_DIR}/lib/curlx/inet_pton.c"
173175
"${LIBRARY_DIR}/lib/curlx/multibyte.c"
174176
"${LIBRARY_DIR}/lib/curlx/nonblock.c"

docker/keeper/Dockerfile

Lines changed: 3 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -35,11 +35,8 @@ RUN arch=${TARGETARCH:-amd64} \
3535
arm64) ln -sf /lib/ld-2.35.so /lib/ld-linux-aarch64.so.1 ;; \
3636
esac
3737

38-
# lts / testing / prestable / etc
39-
ARG REPO_CHANNEL="stable"
40-
ARG REPOSITORY="https://packages.clickhouse.com/tgz/${REPO_CHANNEL}"
41-
ARG VERSION="25.7.4.11"
42-
ARG PACKAGES="clickhouse-keeper"
38+
# NOTE (strtgbb): Removed install methods other than direct URL install to tidy the Dockerfile
39+
4340
ARG DIRECT_DOWNLOAD_URLS=""
4441

4542
# user/group precreated explicitly with fixed uid/gid on purpose.
@@ -63,12 +60,7 @@ RUN arch=${TARGETARCH:-amd64} \
6360
&& wget -c -q "$url" \
6461
; done \
6562
else \
66-
for package in ${PACKAGES}; do \
67-
cd /tmp \
68-
&& echo "Get ${REPOSITORY}/${package}-${VERSION}-${arch}.tgz" \
69-
&& wget -c -q "${REPOSITORY}/${package}-${VERSION}-${arch}.tgz" \
70-
&& wget -c -q "${REPOSITORY}/${package}-${VERSION}-${arch}.tgz.sha512" \
71-
; done \
63+
exit 1; \
7264
fi \
7365
&& cat *.tgz.sha512 | sha512sum -c \
7466
&& for file in *.tgz; do \

docker/server/Dockerfile.alpine

Lines changed: 5 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -32,11 +32,10 @@ RUN arch=${TARGETARCH:-amd64} \
3232
arm64) ln -sf /lib/ld-2.35.so /lib/ld-linux-aarch64.so.1 ;; \
3333
esac
3434

35-
# lts / testing / prestable / etc
36-
ARG REPO_CHANNEL="stable"
37-
ARG REPOSITORY="https://packages.clickhouse.com/tgz/${REPO_CHANNEL}"
38-
ARG VERSION="25.7.4.11"
39-
ARG PACKAGES="clickhouse-client clickhouse-server clickhouse-common-static"
35+
36+
37+
# NOTE (strtgbb): Removed install methods other than direct URL install to tidy the Dockerfile
38+
4039
ARG DIRECT_DOWNLOAD_URLS=""
4140

4241
# user/group precreated explicitly with fixed uid/gid on purpose.
@@ -59,11 +58,7 @@ RUN arch=${TARGETARCH:-amd64} \
5958
&& wget -c -q "$url" \
6059
; done \
6160
else \
62-
for package in ${PACKAGES}; do \
63-
echo "Get ${REPOSITORY}/${package}-${VERSION}-${arch}.tgz" \
64-
&& wget -c -q "${REPOSITORY}/${package}-${VERSION}-${arch}.tgz" \
65-
&& wget -c -q "${REPOSITORY}/${package}-${VERSION}-${arch}.tgz.sha512" \
66-
; done \
61+
exit 1; \
6762
fi \
6863
&& cat *.tgz.sha512 | sed 's:/output/:/tmp/:' | sha512sum -c \
6964
&& for file in *.tgz; do \

docker/server/Dockerfile.ubuntu

Lines changed: 3 additions & 71 deletions
Original file line numberDiff line numberDiff line change
@@ -30,23 +30,12 @@ RUN sed -i "s|http://archive.ubuntu.com|${apt_archive}|g" /etc/apt/sources.list
3030
&& busybox --install -s \
3131
&& rm -rf /var/lib/apt/lists/* /var/cache/debconf /tmp/*
3232

33-
ARG REPO_CHANNEL="stable"
34-
ARG REPOSITORY="deb [signed-by=/usr/share/keyrings/clickhouse-keyring.gpg] https://packages.clickhouse.com/deb ${REPO_CHANNEL} main"
35-
ARG VERSION="25.7.4.11"
36-
ARG PACKAGES="clickhouse-client clickhouse-server clickhouse-common-static"
37-
3833
#docker-official-library:off
3934
# The part between `docker-official-library` tags is related to our builds
4035

41-
# set non-empty deb_location_url url to create a docker image
42-
# from debs created by CI build, for example:
43-
# docker build . --network host --build-arg version="21.4.1.6282" --build-arg deb_location_url="https://..." -t ...
44-
ARG deb_location_url=""
45-
ARG DIRECT_DOWNLOAD_URLS=""
36+
# NOTE (strtgbb): Removed install methods other than direct URL install to tidy the Dockerfile
4637

47-
# set non-empty single_binary_location_url to create docker image
48-
# from a single binary url (useful for non-standard builds - with sanitizers, for arm64).
49-
ARG single_binary_location_url=""
38+
ARG DIRECT_DOWNLOAD_URLS=""
5039

5140
ARG TARGETARCH
5241

@@ -62,64 +51,7 @@ RUN if [ -n "${DIRECT_DOWNLOAD_URLS}" ]; then \
6251
&& rm -rf /tmp/* ; \
6352
fi
6453

65-
# install from a web location with deb packages
66-
RUN arch="${TARGETARCH:-amd64}" \
67-
&& if [ -n "${deb_location_url}" ]; then \
68-
echo "installing from custom url with deb packages: ${deb_location_url}" \
69-
&& rm -rf /tmp/clickhouse_debs \
70-
&& mkdir -p /tmp/clickhouse_debs \
71-
&& for package in ${PACKAGES}; do \
72-
{ wget --progress=bar:force:noscroll "${deb_location_url}/${package}_${VERSION}_${arch}.deb" -P /tmp/clickhouse_debs || \
73-
wget --progress=bar:force:noscroll "${deb_location_url}/${package}_${VERSION}_all.deb" -P /tmp/clickhouse_debs ; } \
74-
|| exit 1 \
75-
; done \
76-
&& dpkg -i /tmp/clickhouse_debs/*.deb \
77-
&& rm -rf /tmp/* ; \
78-
fi
79-
80-
# install from a single binary
81-
RUN if [ -n "${single_binary_location_url}" ]; then \
82-
echo "installing from single binary url: ${single_binary_location_url}" \
83-
&& rm -rf /tmp/clickhouse_binary \
84-
&& mkdir -p /tmp/clickhouse_binary \
85-
&& wget --progress=bar:force:noscroll "${single_binary_location_url}" -O /tmp/clickhouse_binary/clickhouse \
86-
&& chmod +x /tmp/clickhouse_binary/clickhouse \
87-
&& /tmp/clickhouse_binary/clickhouse install --user "clickhouse" --group "clickhouse" \
88-
&& rm -rf /tmp/* ; \
89-
fi
90-
91-
# The rest is the same in the official docker and in our build system
92-
#docker-official-library:on
93-
94-
# A fallback to installation from ClickHouse repository
95-
# It works unless the clickhouse binary already exists
96-
RUN clickhouse local -q 'SELECT 1' >/dev/null 2>&1 && exit 0 || : \
97-
; apt-get update \
98-
&& apt-get install --yes --no-install-recommends \
99-
dirmngr \
100-
gnupg2 \
101-
&& mkdir -p /etc/apt/sources.list.d \
102-
&& GNUPGHOME=$(mktemp -d) \
103-
&& GNUPGHOME="$GNUPGHOME" gpg --batch --no-default-keyring \
104-
--keyring /usr/share/keyrings/clickhouse-keyring.gpg \
105-
--keyserver hkp://keyserver.ubuntu.com:80 \
106-
--recv-keys 3a9ea1193a97b548be1457d48919f6bd2b48d754 \
107-
&& rm -rf "$GNUPGHOME" \
108-
&& chmod +r /usr/share/keyrings/clickhouse-keyring.gpg \
109-
&& echo "${REPOSITORY}" > /etc/apt/sources.list.d/clickhouse.list \
110-
&& echo "installing from repository: ${REPOSITORY}" \
111-
&& apt-get update \
112-
&& for package in ${PACKAGES}; do \
113-
packages="${packages} ${package}=${VERSION}" \
114-
; done \
115-
&& apt-get install --yes --no-install-recommends ${packages} || exit 1 \
116-
&& rm -rf \
117-
/var/lib/apt/lists/* \
118-
/var/cache/debconf \
119-
/tmp/* \
120-
&& apt-get autoremove --purge -yq dirmngr gnupg2 \
121-
&& chmod ugo+Xrw -R /etc/clickhouse-server /etc/clickhouse-client
122-
# The last chmod is here to make the next one is No-op in docker official library Dockerfile
54+
# NOTE (strtgbb): Removed install methods other than direct URL install to tidy the Dockerfile
12355

12456
# post install
12557
# we need to allow "others" access to clickhouse folder, because docker container

src/Daemon/CrashWriter.cpp

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,8 @@ std::unique_ptr<CrashWriter> CrashWriter::instance;
2424

2525
void CrashWriter::initialize(Poco::Util::LayeredConfiguration & config)
2626
{
27-
instance.reset(new CrashWriter(config));
27+
if (config.getBool("send_crash_reports.enabled", false))
28+
instance.reset(new CrashWriter(config));
2829
}
2930

3031
bool CrashWriter::initialized()

src/Databases/DataLake/DatabaseDataLake.cpp

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -52,6 +52,8 @@ namespace DatabaseDataLakeSetting
5252
extern const DatabaseDataLakeSettingsString aws_access_key_id;
5353
extern const DatabaseDataLakeSettingsString aws_secret_access_key;
5454
extern const DatabaseDataLakeSettingsString region;
55+
extern const DatabaseDataLakeSettingsString aws_role_arn;
56+
extern const DatabaseDataLakeSettingsString aws_role_session_name;
5557
}
5658

5759
namespace Setting
@@ -124,6 +126,8 @@ std::shared_ptr<DataLake::ICatalog> DatabaseDataLake::getCatalog() const
124126
.aws_access_key_id = settings[DatabaseDataLakeSetting::aws_access_key_id].value,
125127
.aws_secret_access_key = settings[DatabaseDataLakeSetting::aws_secret_access_key].value,
126128
.region = settings[DatabaseDataLakeSetting::region].value,
129+
.aws_role_arn = settings[DatabaseDataLakeSetting::aws_role_arn].value,
130+
.aws_role_session_name = settings[DatabaseDataLakeSetting::aws_role_session_name].value,
127131
};
128132

129133
switch (settings[DatabaseDataLakeSetting::catalog_type].value)

src/Databases/DataLake/DatabaseDataLakeSettings.cpp

Lines changed: 12 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -18,16 +18,18 @@ namespace ErrorCodes
1818

1919
#define DATABASE_ICEBERG_RELATED_SETTINGS(DECLARE, ALIAS) \
2020
DECLARE(DatabaseDataLakeCatalogType, catalog_type, DatabaseDataLakeCatalogType::NONE, "Catalog type", 0) \
21-
DECLARE(String, catalog_credential, "", "", 0) \
22-
DECLARE(Bool, vended_credentials, true, "Use vended credentials (storage credentials) from catalog", 0) \
23-
DECLARE(String, auth_scope, "PRINCIPAL_ROLE:ALL", "Authorization scope for client credentials or token exchange", 0) \
24-
DECLARE(String, oauth_server_uri, "", "OAuth server uri", 0) \
25-
DECLARE(Bool, oauth_server_use_request_body, true, "Put parameters into request body or query params", 0) \
26-
DECLARE(String, warehouse, "", "Warehouse name inside the catalog", 0) \
27-
DECLARE(String, auth_header, "", "Authorization header of format 'Authorization: <scheme> <auth_info>'", 0) \
28-
DECLARE(String, aws_access_key_id, "", "Key for AWS connection for Glue catalog", 0) \
29-
DECLARE(String, aws_secret_access_key, "", "Key for AWS connection for Glue Catalog'", 0) \
30-
DECLARE(String, region, "", "Region for Glue catalog", 0) \
21+
DECLARE(String, catalog_credential, "", "", 0) \
22+
DECLARE(Bool, vended_credentials, true, "Use vended credentials (storage credentials) from catalog", 0) \
23+
DECLARE(String, auth_scope, "PRINCIPAL_ROLE:ALL", "Authorization scope for client credentials or token exchange", 0) \
24+
DECLARE(String, oauth_server_uri, "", "OAuth server uri", 0) \
25+
DECLARE(Bool, oauth_server_use_request_body, true, "Put parameters into request body or query params", 0) \
26+
DECLARE(String, warehouse, "", "Warehouse name inside the catalog", 0) \
27+
DECLARE(String, auth_header, "", "Authorization header of format 'Authorization: <scheme> <auth_info>'", 0) \
28+
DECLARE(String, aws_access_key_id, "", "Key for AWS connection for Glue catalog", 0) \
29+
DECLARE(String, aws_secret_access_key, "", "Key for AWS connection for Glue Catalog'", 0) \
30+
DECLARE(String, region, "", "Region for Glue catalog", 0) \
31+
DECLARE(String, aws_role_arn, "", "Role arn for AWS connection for Glue catalog", 0) \
32+
DECLARE(String, aws_role_session_name, "", "Role session name for AWS connection for Glue catalog", 0) \
3133
DECLARE(String, storage_endpoint, "", "Object storage endpoint", 0) \
3234

3335
#define LIST_OF_DATABASE_ICEBERG_SETTINGS(M, ALIAS) \

src/Databases/DataLake/GlueCatalog.cpp

Lines changed: 40 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -66,11 +66,6 @@ namespace DB::Setting
6666
extern const SettingsUInt64 s3_request_timeout_ms;
6767
}
6868

69-
namespace DB::StorageObjectStorageSetting
70-
{
71-
extern const StorageObjectStorageSettingsString iceberg_metadata_file_path;
72-
}
73-
7469
namespace DB::DatabaseDataLakeSetting
7570
{
7671
extern const DatabaseDataLakeSettingsString storage_endpoint;
@@ -96,14 +91,15 @@ GlueCatalog::GlueCatalog(
9691
: ICatalog("")
9792
, DB::WithContext(context_)
9893
, log(getLogger("GlueCatalog(" + settings_.region + ")"))
99-
, credentials(settings_.aws_access_key_id, settings_.aws_secret_access_key)
10094
, region(settings_.region)
10195
, settings(settings_)
10296
, table_engine_definition(table_engine_definition_)
10397
, metadata_objects(CurrentMetrics::MarkCacheBytes, CurrentMetrics::MarkCacheFiles, 1024)
10498
{
10599
DB::S3::CredentialsConfiguration creds_config;
106100
creds_config.use_environment_credentials = true;
101+
creds_config.role_arn = settings.aws_role_arn;
102+
creds_config.role_session_name = settings.aws_role_session_name;
107103

108104
const DB::Settings & global_settings = getContext()->getGlobalContext()->getSettingsRef();
109105

@@ -126,38 +122,48 @@ GlueCatalog::GlueCatalog(
126122
/* get_request_throttler = */ nullptr,
127123
/* put_request_throttler = */ nullptr);
128124

125+
129126
Aws::Glue::GlueClientConfiguration client_configuration;
130127
client_configuration.maxConnections = static_cast<unsigned>(global_settings[DB::Setting::s3_max_connections]);
131128
client_configuration.connectTimeoutMs = static_cast<unsigned>(global_settings[DB::Setting::s3_connect_timeout_ms]);
132129
client_configuration.requestTimeoutMs = static_cast<unsigned>(global_settings[DB::Setting::s3_request_timeout_ms]);
133130
client_configuration.region = region;
134131
auto endpoint_provider = std::make_shared<Aws::Glue::GlueEndpointProvider>();
135132

133+
Aws::Auth::AWSCredentials credentials(settings_.aws_access_key_id, settings_.aws_secret_access_key);
136134
/// Only for testing when we are mocking glue
137135
if (!endpoint.empty())
138136
{
139137
client_configuration.endpointOverride = endpoint;
140138
endpoint_provider->OverrideEndpoint(endpoint);
141-
Aws::Auth::AWSCredentials fake_credentials_for_fake_catalog;
139+
142140
if (credentials.IsEmpty())
143141
{
144142
/// You can specify any key for fake moto glue, it's just important
145143
/// for it not to be empty.
146-
fake_credentials_for_fake_catalog.SetAWSAccessKeyId("testing");
147-
fake_credentials_for_fake_catalog.SetAWSSecretKey("testing");
144+
credentials.SetAWSAccessKeyId("testing");
145+
credentials.SetAWSSecretKey("testing");
148146
}
149-
else
150-
fake_credentials_for_fake_catalog = credentials;
151147

152-
glue_client = std::make_unique<Aws::Glue::GlueClient>(fake_credentials_for_fake_catalog, endpoint_provider, client_configuration);
148+
Poco::URI uri(endpoint);
149+
if (uri.getScheme() == "http")
150+
poco_config.scheme = Aws::Http::Scheme::HTTP;
153151
}
154152
else
155153
{
156154
LOG_TRACE(log, "Creating AWS glue client with credentials empty {}, region '{}', endpoint '{}'", credentials.IsEmpty(), region, endpoint);
157-
std::shared_ptr<DB::S3::S3CredentialsProviderChain> chain = std::make_shared<DB::S3::S3CredentialsProviderChain>(poco_config, credentials, creds_config);
158-
glue_client = std::make_unique<Aws::Glue::GlueClient>(chain, endpoint_provider, client_configuration);
159155
}
160156

157+
credentials_provider = std::make_shared<DB::S3::S3CredentialsProviderChain>(poco_config, credentials, creds_config);
158+
if (!creds_config.role_arn.empty())
159+
credentials_provider = std::make_shared<DB::S3::AwsAuthSTSAssumeRoleCredentialsProvider>(
160+
creds_config.role_arn,
161+
creds_config.role_session_name,
162+
creds_config.expiration_window_seconds,
163+
std::move(credentials_provider),
164+
poco_config,
165+
creds_config.sts_endpoint_override);
166+
glue_client = std::make_unique<Aws::Glue::GlueClient>(credentials_provider, endpoint_provider, client_configuration);
161167
}
162168

163169
GlueCatalog::~GlueCatalog() = default;
@@ -282,7 +288,6 @@ bool GlueCatalog::tryGetTableMetadata(
282288
request.SetDatabaseName(database_name);
283289
request.SetName(table_name);
284290

285-
286291
auto outcome = glue_client->GetTable(request);
287292
if (outcome.IsSuccess())
288293
{
@@ -412,8 +417,9 @@ void GlueCatalog::setCredentials(TableMetadata & metadata) const
412417

413418
if (storage_type == StorageType::S3)
414419
{
415-
auto creds = std::make_shared<S3Credentials>(credentials.GetAWSAccessKeyId(), credentials.GetAWSSecretKey(), credentials.GetSessionToken());
416-
metadata.setStorageCredentials(creds);
420+
auto credentials = credentials_provider->GetAWSCredentials();
421+
auto s3_creds = std::make_shared<S3Credentials>(credentials.GetAWSAccessKeyId(), credentials.GetAWSSecretKey(), credentials.GetSessionToken());
422+
metadata.setStorageCredentials(s3_creds);
417423
}
418424
else
419425
{
@@ -459,7 +465,7 @@ bool GlueCatalog::classifyTimestampTZ(const String & column_name, const TableMet
459465
DB::ASTs args = storage->engine->arguments->children;
460466

461467
String storage_endpoint = !settings.storage_endpoint.empty() ? settings.storage_endpoint : metadata_uri;
462-
468+
463469
if (args.empty())
464470
args.emplace_back(std::make_shared<DB::ASTLiteral>(storage_endpoint));
465471
else
@@ -469,8 +475,12 @@ bool GlueCatalog::classifyTimestampTZ(const String & column_name, const TableMet
469475
{
470476
if (table_metadata.hasStorageCredentials())
471477
table_metadata.getStorageCredentials()->addCredentialsToEngineArgs(args);
472-
else if (!credentials.IsExpiredOrEmpty())
473-
DataLake::S3Credentials(credentials.GetAWSAccessKeyId(), credentials.GetAWSSecretKey(), credentials.GetSessionToken()).addCredentialsToEngineArgs(args);
478+
else
479+
{
480+
auto credentials = credentials_provider->GetAWSCredentials();
481+
if (!credentials.IsExpiredOrEmpty())
482+
DataLake::S3Credentials(credentials.GetAWSAccessKeyId(), credentials.GetAWSSecretKey(), credentials.GetSessionToken()).addCredentialsToEngineArgs(args);
483+
}
474484
}
475485

476486
auto storage_settings = std::make_shared<DB::DataLakeStorageSettings>();
@@ -529,11 +539,17 @@ String GlueCatalog::resolveMetadataPathFromTableLocation(const String & table_lo
529539
else
530540
args[0] = std::make_shared<DB::ASTLiteral>(storage_endpoint);
531541

532-
if (args.size() == 1 && table_metadata.hasStorageCredentials())
542+
if (args.size() == 1)
533543
{
534-
auto storage_credentials = table_metadata.getStorageCredentials();
535-
if (storage_credentials)
536-
storage_credentials->addCredentialsToEngineArgs(args);
544+
if (table_metadata.hasStorageCredentials())
545+
{
546+
table_metadata.getStorageCredentials()->addCredentialsToEngineArgs(args);
547+
}
548+
else
549+
{
550+
auto credentials = credentials_provider->GetAWSCredentials();
551+
DataLake::S3Credentials(credentials.GetAWSAccessKeyId(), credentials.GetAWSSecretKey(), credentials.GetSessionToken()).addCredentialsToEngineArgs(args);
552+
}
537553
}
538554

539555
auto storage_settings = std::make_shared<DB::DataLakeStorageSettings>();

0 commit comments

Comments
 (0)