Merge pull request #51724 from arenadata/ADQM-939

Added max_sessions_for_user setting
ClickHouse · Jul 31, 2023 · 7359a81 · 7359a81
2 parents 985b2a0 + 7e9e0ac
commit 7359a81
Show file tree

Hide file tree

Showing 37 changed files with 851 additions and 85 deletions.
diff --git a/docs/en/operations/settings/query-complexity.md b/docs/en/operations/settings/query-complexity.md
@@ -327,3 +327,39 @@ The maximum amount of data consumed by temporary files on disk in bytes for all
 Zero means unlimited.
 
 Default value: 0.
+
+## max_sessions_for_user {#max-sessions-per-user}
+
+Maximum number of simultaneous sessions per authenticated user to the ClickHouse server.
+
+Example:
+
+``` xml
+<profiles>
+    <single_session_profile>
+        <max_sessions_for_user>1</max_sessions_for_user>
+    </single_session_profile>
+    <two_sessions_profile>
+        <max_sessions_for_user>2</max_sessions_for_user>
+    </two_sessions_profile>
+    <unlimited_sessions_profile>
+        <max_sessions_for_user>0</max_sessions_for_user>
+    </unlimited_sessions_profile>
+</profiles>
+<users>
+     <!-- User Alice can connect to a ClickHouse server no more than once at a time. -->
+    <Alice>
+        <profile>single_session_user</profile>
+    </Alice>
+    <!-- User Bob can use 2 simultaneous sessions. -->
+    <Bob>
+        <profile>two_sessions_profile</profile>
+    </Bob>
+    <!-- User Charles can use arbitrarily many of simultaneous sessions. -->
+    <Charles>
+       <profile>unlimited_sessions_profile</profile>
+    </Charles>
+</users>
+```
+
+Default value: 0 (Infinite count of simultaneous sessions).
diff --git a/docs/en/operations/settings/settings-profiles.md b/docs/en/operations/settings/settings-profiles.md
@@ -39,7 +39,7 @@ Example:
         <max_threads>8</max_threads>
     </default>
 
-    <!-- Settings for quries from the user interface -->
+    <!-- Settings for queries from the user interface -->
     <web>
         <max_rows_to_read>1000000000</max_rows_to_read>
         <max_bytes_to_read>100000000000</max_bytes_to_read>
@@ -67,6 +67,8 @@ Example:
         <max_ast_depth>50</max_ast_depth>
         <max_ast_elements>100</max_ast_elements>
 
+        <max_sessions_for_user>4</max_sessions_for_user>
+
         <readonly>1</readonly>
     </web>
 </profiles>

diff --git a/docs/ru/operations/settings/query-complexity.md b/docs/ru/operations/settings/query-complexity.md
@@ -314,3 +314,40 @@ FORMAT Null;
 При вставке данных, ClickHouse вычисляет количество партиций во вставленном блоке. Если число партиций больше, чем `max_partitions_per_insert_block`, ClickHouse генерирует исключение со следующим текстом:
 
 > «Too many partitions for single INSERT block (more than» + toString(max_parts) + «). The limit is controlled by ‘max_partitions_per_insert_block’ setting. Large number of partitions is a common misconception. It will lead to severe negative performance impact, including slow server startup, slow INSERT queries and slow SELECT queries. Recommended total number of partitions for a table is under 1000..10000. Please note, that partitioning is not intended to speed up SELECT queries (ORDER BY key is sufficient to make range queries fast). Partitions are intended for data manipulation (DROP PARTITION, etc).»
+
+## max_sessions_for_user {#max-sessions-per-user}
+
+Максимальное количество одновременных сессий на одного аутентифицированного пользователя.
+
+Пример:
+
+``` xml
+<profiles>
+    <single_session_profile>
+        <max_sessions_for_user>1</max_sessions_for_user>
+    </single_session_profile>
+    <two_sessions_profile>
+        <max_sessions_for_user>2</max_sessions_for_user>
+    </two_sessions_profile>
+    <unlimited_sessions_profile>
+        <max_sessions_for_user>0</max_sessions_for_user>
+    </unlimited_sessions_profile>
+</profiles>
+<users>
+     <!-- Пользователь Alice может одновременно подключаться не
+          более одного раза к серверу ClickHouse. -->
+    <Alice>
+        <profile>single_session_profile</profile>
+    </Alice>
+    <!-- Пользователь Bob может использовать 2 одновременных сессии. -->
+    <Bob>
+        <profile>two_sessions_profile</profile>
+    </Bob>
+    <!-- Пользователь Charles может иметь любое количество одновременных сессий. -->
+    <Charles>
+       <profile>unlimited_sessions_profile</profile>
+    </Charles>
+</users>
+```
+
+Значение по умолчанию: 0 (неограниченное количество сессий).
diff --git a/docs/ru/operations/settings/settings-profiles.md b/docs/ru/operations/settings/settings-profiles.md
@@ -39,7 +39,7 @@ SET profile = 'web'
         <max_threads>8</max_threads>
     </default>
 
-    <!-- Settings for quries from the user interface -->
+    <!-- Settings for queries from the user interface -->
     <web>
         <max_rows_to_read>1000000000</max_rows_to_read>
         <max_bytes_to_read>100000000000</max_bytes_to_read>
@@ -67,6 +67,7 @@ SET profile = 'web'
         <max_ast_depth>50</max_ast_depth>
         <max_ast_elements>100</max_ast_elements>
 
+        <max_sessions_for_user>4</max_sessions_for_user>
         <readonly>1</readonly>
     </web>
 </profiles>

diff --git a/src/Access/ContextAccess.cpp b/src/Access/ContextAccess.cpp
@@ -328,9 +328,6 @@ void ContextAccess::setRolesInfo(const std::shared_ptr<const EnabledRolesInfo> &
 
     enabled_row_policies = access_control->getEnabledRowPolicies(*params.user_id, roles_info->enabled_roles);
 
-    enabled_quota = access_control->getEnabledQuota(
-        *params.user_id, user_name, roles_info->enabled_roles, params.address, params.forwarded_address, params.quota_key);
-
     enabled_settings = access_control->getEnabledSettings(
         *params.user_id, user->settings, roles_info->enabled_roles, roles_info->settings_from_enabled_roles);
 
@@ -416,19 +413,32 @@ RowPolicyFilterPtr ContextAccess::getRowPolicyFilter(const String & database, co
 std::shared_ptr<const EnabledQuota> ContextAccess::getQuota() const
 {
     std::lock_guard lock{mutex};
-    if (enabled_quota)
-        return enabled_quota;
-    static const auto unlimited_quota = EnabledQuota::getUnlimitedQuota();
-    return unlimited_quota;
+
+    if (!enabled_quota)
+    {
+        if (roles_info)
+        {
+            enabled_quota = access_control->getEnabledQuota(*params.user_id,
+                                                            user_name,
+                                                            roles_info->enabled_roles,
+                                                            params.address,
+                                                            params.forwarded_address,
+                                                            params.quota_key);
+        }
+        else
+        {
+            static const auto unlimited_quota = EnabledQuota::getUnlimitedQuota();
+            return unlimited_quota;
+        }
+    }
+
+    return enabled_quota;
 }
 
 
 std::optional<QuotaUsage> ContextAccess::getQuotaUsage() const
 {
-    std::lock_guard lock{mutex};
-    if (enabled_quota)
-        return enabled_quota->getUsage();
-    return {};
+    return getQuota()->getUsage();
 }
 
 

diff --git a/src/Access/SettingsConstraints.cpp b/src/Access/SettingsConstraints.cpp
@@ -1,11 +1,13 @@
 #include <string_view>
+#include <unordered_map>
 #include <Access/SettingsConstraints.h>
 #include <Access/resolveSetting.h>
 #include <Access/AccessControl.h>
 #include <Core/Settings.h>
 #include <Storages/MergeTree/MergeTreeSettings.h>
 #include <Common/FieldVisitorToString.h>
 #include <Common/FieldVisitorsAccurateComparison.h>
+#include <Common/SettingSource.h>
 #include <IO/WriteHelpers.h>
 #include <Poco/Util/AbstractConfiguration.h>
 #include <boost/range/algorithm_ext/erase.hpp>
@@ -20,6 +22,39 @@ namespace ErrorCodes
     extern const int UNKNOWN_SETTING;
 }
 
+namespace
+{
+struct SettingSourceRestrictions
+{
+    constexpr SettingSourceRestrictions() { allowed_sources.set(); }
+
+    constexpr SettingSourceRestrictions(std::initializer_list<SettingSource> allowed_sources_)
+    {
+        for (auto allowed_source : allowed_sources_)
+            setSourceAllowed(allowed_source, true);
+    }
+
+    constexpr bool isSourceAllowed(SettingSource source) { return allowed_sources[source]; }
+    constexpr void setSourceAllowed(SettingSource source, bool allowed) { allowed_sources[source] = allowed; }
+
+    std::bitset<SettingSource::COUNT> allowed_sources;
+};
+
+const std::unordered_map<std::string_view, SettingSourceRestrictions> SETTINGS_SOURCE_RESTRICTIONS = {
+    {"max_sessions_for_user", {SettingSource::PROFILE}},
+};
+
+SettingSourceRestrictions getSettingSourceRestrictions(std::string_view name)
+{
+    auto settingConstraintIter = SETTINGS_SOURCE_RESTRICTIONS.find(name);
+    if (settingConstraintIter != SETTINGS_SOURCE_RESTRICTIONS.end())
+        return settingConstraintIter->second;
+    else
+        return SettingSourceRestrictions(); // allows everything
+}
+
+}
+
 SettingsConstraints::SettingsConstraints(const AccessControl & access_control_) : access_control(&access_control_)
 {
 }
@@ -98,7 +133,7 @@ void SettingsConstraints::merge(const SettingsConstraints & other)
 }
 
 
-void SettingsConstraints::check(const Settings & current_settings, const SettingsProfileElements & profile_elements) const
+void SettingsConstraints::check(const Settings & current_settings, const SettingsProfileElements & profile_elements, SettingSource source) const
 {
     for (const auto & element : profile_elements)
     {
@@ -108,19 +143,19 @@ void SettingsConstraints::check(const Settings & current_settings, const Setting
         if (element.value)
         {
             SettingChange value(element.setting_name, *element.value);
-            check(current_settings, value);
+            check(current_settings, value, source);
         }
 
         if (element.min_value)
         {
             SettingChange value(element.setting_name, *element.min_value);
-            check(current_settings, value);
+            check(current_settings, value, source);
         }
 
         if (element.max_value)
         {
             SettingChange value(element.setting_name, *element.max_value);
-            check(current_settings, value);
+            check(current_settings, value, source);
         }
 
         SettingConstraintWritability new_value = SettingConstraintWritability::WRITABLE;
@@ -142,24 +177,24 @@ void SettingsConstraints::check(const Settings & current_settings, const Setting
     }
 }
 
-void SettingsConstraints::check(const Settings & current_settings, const SettingChange & change) const
+void SettingsConstraints::check(const Settings & current_settings, const SettingChange & change, SettingSource source) const
 {
-    checkImpl(current_settings, const_cast<SettingChange &>(change), THROW_ON_VIOLATION);
+    checkImpl(current_settings, const_cast<SettingChange &>(change), THROW_ON_VIOLATION, source);
 }
 
-void SettingsConstraints::check(const Settings & current_settings, const SettingsChanges & changes) const
+void SettingsConstraints::check(const Settings & current_settings, const SettingsChanges & changes, SettingSource source) const
 {
     for (const auto & change : changes)
-        check(current_settings, change);
+        check(current_settings, change, source);
 }
 
-void SettingsConstraints::check(const Settings & current_settings, SettingsChanges & changes) const
+void SettingsConstraints::check(const Settings & current_settings, SettingsChanges & changes, SettingSource source) const
 {
     boost::range::remove_erase_if(
         changes,
         [&](SettingChange & change) -> bool
         {
-            return !checkImpl(current_settings, const_cast<SettingChange &>(change), THROW_ON_VIOLATION);
+            return !checkImpl(current_settings, const_cast<SettingChange &>(change), THROW_ON_VIOLATION, source);
         });
 }
 
@@ -174,13 +209,13 @@ void SettingsConstraints::check(const MergeTreeSettings & current_settings, cons
         check(current_settings, change);
 }
 
-void SettingsConstraints::clamp(const Settings & current_settings, SettingsChanges & changes) const
+void SettingsConstraints::clamp(const Settings & current_settings, SettingsChanges & changes, SettingSource source) const
 {
     boost::range::remove_erase_if(
         changes,
         [&](SettingChange & change) -> bool
         {
-            return !checkImpl(current_settings, change, CLAMP_ON_VIOLATION);
+            return !checkImpl(current_settings, change, CLAMP_ON_VIOLATION, source);
         });
 }
 
@@ -215,7 +250,10 @@ bool getNewValueToCheck(const T & current_settings, SettingChange & change, Fiel
     return true;
 }
 
-bool SettingsConstraints::checkImpl(const Settings & current_settings, SettingChange & change, ReactionOnViolation reaction) const
+bool SettingsConstraints::checkImpl(const Settings & current_settings,
+                                    SettingChange & change,
+                                    ReactionOnViolation reaction,
+                                    SettingSource source) const
 {
     std::string_view setting_name = Settings::Traits::resolveName(change.name);
 
@@ -247,18 +285,21 @@ bool SettingsConstraints::checkImpl(const Settings & current_settings, SettingCh
     if (!getNewValueToCheck(current_settings, change, new_value, reaction == THROW_ON_VIOLATION))
         return false;
 
-    return getChecker(current_settings, setting_name).check(change, new_value, reaction);
+    return getChecker(current_settings, setting_name).check(change, new_value, reaction, source);
 }
 
 bool SettingsConstraints::checkImpl(const MergeTreeSettings & current_settings, SettingChange & change, ReactionOnViolation reaction) const
 {
     Field new_value;
     if (!getNewValueToCheck(current_settings, change, new_value, reaction == THROW_ON_VIOLATION))
         return false;
-    return getMergeTreeChecker(change.name).check(change, new_value, reaction);
+    return getMergeTreeChecker(change.name).check(change, new_value, reaction, SettingSource::QUERY);
 }
 
-bool SettingsConstraints::Checker::check(SettingChange & change, const Field & new_value, ReactionOnViolation reaction) const
+bool SettingsConstraints::Checker::check(SettingChange & change,
+                                         const Field & new_value,
+                                         ReactionOnViolation reaction,
+                                         SettingSource source) const
 {
     if (!explain.empty())
     {
@@ -326,6 +367,14 @@ bool SettingsConstraints::Checker::check(SettingChange & change, const Field & n
             change.value = max_value;
     }
 
+    if (!getSettingSourceRestrictions(setting_name).isSourceAllowed(source))
+    {
+        if (reaction == THROW_ON_VIOLATION)
+            throw Exception(ErrorCodes::READONLY, "Setting {} is not allowed to be set by {}", setting_name, toString(source));
+        else
+            return false;
+    }
+
     return true;
 }