Fixed exception when user tries to log in #42641
Conversation
- Using profiles_with_implicit for profile IDs, since it seems to be better synchronized with names - Trying harder: attempting to get name from AccessControl if it is missing from local cached names - Throwing Exception if everything else fails
robot-ch-test-poll
added
the
pr-bugfix
tavplubix
added
the
can be tested
|
@Enmk I am not really familiar with the code and its constraints and I will certainly not oppose your fix. But, to be honest, it feels like a bandaid for an issue that should never have happened in the first place. I agree with your section "bug analysis", in particular that the member variables of
Even if there is no repro (which is okay, perhaps the issue occurs really super sporadically), my preference would be to make the settings profile creating code more robust. |
…lesInfo::profiles_with_implicit That means SettingsProfilesInfo::profiles now: - has default_profile_id (if enabled) - doesn't have profiles that are not matching for current user/roles
From what I see, graph TD
mergeSettingsAndConstraints --> mergeSettingsAndConstraintsFor --> substituteProfiles
getSettingsProfileInfo --> |locks mutex | substituteProfiles
getEnabledSettings --> |locks mutex | mergeSettingsAndConstraintsFor
profileRemoved --> |locks mutex | mergeSettingsAndConstraints
profileAddedOrChanged --> |locks mutex | mergeSettingsAndConstraints
Took another look, and probably fixed the most probable cause in @rschu1ze ^^ |
|
Thanks for the analysis, I agree with it, and sorry for the delay (just got back from vacation) Please find one smaller comment attached. Functional test |
|
test_function_current_profiles unfortunately still fails. |
Errors analysis for 2684fc5bClickHouse Integration Tests (asan) [1/6]
/usr/local/lib/python3.8/dist-packages/kazoo/client.py:635: KazooTimeoutErrorClickHouse Integration Tests (asan) [5/6]
ClickHouse Integration Tests (release) [3/4]
ClickHouse Integration Tests (tsan)ClickHouse Integration Tests (tsan) [5/6]
ClickHouse Stress Test (asan)
ClickHouse Stress Test (debug)Looks like unrelated OOM ConclusionNeed to modify |
| const auto p = names_of_profiles.find(profile_id); | ||
| if (p != names_of_profiles.end()) | ||
| result.push_back(p->second); | ||
| else | ||
| { | ||
| if (const auto name = access_control.tryReadName(profile_id)) | ||
| // We could've updated cache here, but it is a very rare case, so don't bother. | ||
| result.push_back(*name); | ||
| else | ||
| throw Exception(ErrorCodes::LOGICAL_ERROR, "Unable to get profile name for {}", toString(profile_id)); | ||
| } | ||
| } |
There was a problem hiding this comment.
@Enmk, what does it fix and how? Looks like it simply replaces std::out_of_range with LOGICAL_ERROR without fixing the root casue
There was a problem hiding this comment.
yep, I think there should be profiles_with_implicit instead of profiles in:
for (const auto & profile_id : profiles)good catch! Is there a new related crash or bug?
There was a problem hiding this comment.
@Enmk SettingsProfilesInfo must be internally consistent, so I think if we fix that consistency in #57263 then we only need here a logical error:
for (const auto & profile_id : profiles)
{
const auto p = names_of_profiles.find(profile_id);
if (p != names_of_profiles.end())
result.push_back(p->second);
else
throw Exception(ErrorCodes::LOGICAL_ERROR, "Unable to get profile name for {}", toString(profile_id));
}
`SettingsProfilesInfo::profiles` is not updated in bg if any of the profiles assigned to the user change, but `SettingsProfilesInfo::profiles_with_implicit` is. Update of ClickHouse#42641 kudos @tavplubix https://github.com/ClickHouse/ClickHouse/pull/42641/files/3d0c07ac5b8f18917f2314474030910176ec7940#r1406196201
Changelog category (leave one):
Changelog entry (a user-readable short description of the changes that goes to CHANGELOG.md):
Fixed unable to log in (because of failure to create session_log entry) in rare case of messed up setting profiles.
...
Closes: #35952
Fixed
SettingsProfilesInfo::getProfileNames()throwingstd::exceptionAccessControlif it is missing from local cached namesFix is based on a stack trace of #35952 and some notes in bug description.
There are no tests added since I wasn't able to reproduce bug on my side, however same code path must be checked by existing tests.
Bug analysis
SettingsProfilesInfo::profiles_with_implicitandSettingsProfilesInfo::names_of_profiles,SettingsProfilesCache::substituteProfilescan't find a profile by UUID inSettingsProfilesCache::all_profiles.SettingsProfilesInfo::profiles_with_implicitandSettingsProfilesInfo::names_of_profilesdo not have an entry for a profile fromSettingsProfilesInfo::profiles.SettingsProfilesCache::all_profilesupdated asynchronously, but it is protected by mutex.So just to be safe
SettingsProfilesInfo::getProfileNamesuses profileUIDs fromSettingsProfilesInfo::profiles_with_implicitinstead ofSettingsProfilesInfo::profiles, sinceSettingsProfilesInfo::profiles_with_implicitandSettingsProfilesInfo::names_of_profilesare explicitly synchronized bySettingsProfilesCache::substituteProfiles.