-
Notifications
You must be signed in to change notification settings - Fork 217
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve RBAC backup / restore behavior #793
Comments
… not present in backup, but it should log warnings/errors, look #793 for details
Is there a rough timeline on this release? In the meantime is there a easy way to patch rbac into the existing release? Looks like we could just throw something into the k8s cronjob |
@jalavoy just add to cronjob command |
@Slach
|
|
that didn't work but I got it, need to add it into all the SELECTS too Thank you for your help! |
decided to don't restore RBAC,only when --rbac excplicitly, to avoid overwrite exists users passwords or some other unexpected errors |
Expected behavior
clickhouse-backup
should not fail if it can not restore rbac, but it should log warnings/errors.Actual notes
this behavior is dangerous
restore
rbac
requires restart of clickhouse-serverand if
clickhouse-server
already contains RBAC object with the same name and different uuid, server will not startmaybe it requires develop some sql parser
to get name+type+uuid from .sql and .jsonl files
need time to researh for this task
maybe, we can use system.users system.roles, system.role_granst came in modern versions of clickhouse
need to check when these tables is become
conflict resolution rules
restore
without --rmshow error about RBAC object names conflict
restore --rm
show warning about RBAC object names conflict
delete old object
restore new object
The text was updated successfully, but these errors were encountered: