Dictionary password handling issue on cluster rescale #1603
Description
Description
In ClickHouse Operator version 0.24.2, after adding shards or replicas (rescaling), the dictionaries created in the cluster have their password field replaced with [HIDDEN] string. This behavior results in authentication errors when the dictionary relies on specific credentials, disrupting its functionality.
Steps to reproduce
yaml file:
apiVersion: "clickhouse.altinity.com/v1"
kind: "ClickHouseInstallation"
metadata:
name: "simple"
spec:
configuration:
clusters:
- name: "test"
layout:
shardsCount: 1
replicasCount: 1
Create DDL:
CREATE USER test IDENTIFIED WITH plaintext_password BY 'test';
CREATE TABLE default.dates
(
`id` UInt64,
`date` Date
)
ENGINE = MergeTree
ORDER BY id
SETTINGS index_granularity = 8192;
CREATE DICTIONARY default.dates_dict
(
`id` UInt64,
`date` DATE
)
PRIMARY KEY id
SOURCE(CLICKHOUSE(TABLE 'dates' USER 'test' PASSWORD 'test'))
LIFETIME(MIN 0 MAX 43200)
LAYOUT(COMPLEX_KEY_HASHED)
Increase shard/replica count in yaml file and apply it. New nodes will have created sql dictionary files with content:
-- cat /var/lib/clickhouse/metadata/default/dates_dict.sql
CREATE DICTIONARY default.dates_dict
(
`id` UInt64,
`date` DATE
)
PRIMARY KEY id
SOURCE(CLICKHOUSE(TABLE 'dates' USER 'test' PASSWORD '[HIDDEN]')) -- this is wrong
LIFETIME(MIN 0 MAX 43200)
LAYOUT(COMPLEX_KEY_HASHED)
Probably same will happen to named collections.
Proposed workaround
clickhouse_operator user by default needs to have:
show_named_collections_secrets
format_display_secrets_in_show_and_select
also, server setting needs to be enabled by default:
display_secrets_in_show_and_select
Should be fine from security side - only users with format_display_secrets_in_show_and_select enabled will see passwords in SHOW statements.