Skip to content

Commit f6804a8

Browse files
Backport #72759 to 24.11: Fix #72756 (exception in RemoteQueryExecutor when user does not exist locally)
1 parent cad0cf9 commit f6804a8

File tree

3 files changed

+23
-2
lines changed

3 files changed

+23
-2
lines changed

src/Core/SettingsChangesHistory.cpp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -88,7 +88,7 @@ static std::initializer_list<std::pair<ClickHouseVersion, SettingsChangesHistory
8888
{"read_in_order_use_virtual_row", false, false, "Use virtual row while reading in order of primary key or its monotonic function fashion. It is useful when searching over multiple parts as only relevant ones are touched."},
8989
{"s3_skip_empty_files", false, true, "We hope it will provide better UX"},
9090
{"filesystem_cache_boundary_alignment", 0, 0, "New setting"},
91-
{"push_external_roles_in_interserver_queries", false, false, "New setting."},
91+
{"push_external_roles_in_interserver_queries", false, true, "New setting."},
9292
{"enable_variant_type", false, false, "Add alias to allow_experimental_variant_type"},
9393
{"enable_dynamic_type", false, false, "Add alias to allow_experimental_dynamic_type"},
9494
{"enable_json_type", false, false, "Add alias to allow_experimental_json_type"},

src/QueryPipeline/RemoteQueryExecutor.cpp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -407,7 +407,7 @@ void RemoteQueryExecutor::sendQueryUnlocked(ClientInfo::QueryKind query_kind, As
407407
std::vector<String> local_granted_roles;
408408
if (context->getSettingsRef()[Setting::push_external_roles_in_interserver_queries] && !modified_client_info.initial_user.empty())
409409
{
410-
auto user = context->getAccessControl().read<User>(modified_client_info.initial_user, true);
410+
auto user = context->getAccessControl().read<User>(modified_client_info.initial_user, false);
411411
boost::container::flat_set<String> granted_roles;
412412
if (user)
413413
{

tests/integration/test_ldap_external_user_directory/test.py

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -183,3 +183,24 @@ def test_push_role_to_other_nodes(ldap_cluster):
183183
instance2.query("DROP ROLE IF EXISTS role_read")
184184

185185
delete_ldap_group(ldap_cluster, group_cn="clickhouse-role_read")
186+
187+
188+
def test_remote_query_user_does_not_exist_locally(ldap_cluster):
189+
"""
190+
Check that even if user does not exist locally, using it to execute remote queries is still possible
191+
"""
192+
instance2.query("DROP USER IF EXISTS non_local")
193+
instance2.query("DROP TABLE IF EXISTS test_table sync")
194+
195+
instance2.query("CREATE USER non_local")
196+
instance2.query("CREATE TABLE test_table (id Int16) ENGINE=Memory")
197+
instance2.query("INSERT INTO test_table VALUES (123)")
198+
instance2.query("GRANT SELECT ON default.test_table TO non_local")
199+
200+
result = instance1.query(
201+
"SELECT * FROM remote('instance2', 'default.test_table', 'non_local')"
202+
)
203+
assert result.strip() == "123"
204+
205+
instance2.query("DROP USER IF EXISTS non_local")
206+
instance2.query("DROP TABLE IF EXISTS test_table SYNC")

0 commit comments

Comments
 (0)