Add global proxy setting

[arthurpassos]

Changelog category (leave one):

• Improvement

Changelog entry (a user-readable short description of the changes that goes to CHANGELOG.md):

Attempt to create a generic proxy resolver for CH while keeping backwards compatibility with existing S3 storage conf proxy resolver.

Adds a fallback proxy resolver which is based on the http_proxy and https_proxy environment variables.

Make S3 table functions respect it. URL functions as well.

Closes #14097

Documentation entry for user-facing changes

Adds new global proxy setting with new syntax. Adds fallback proxy resolver based on http_proxy and https_proxy environment variables.

• Documentation is written (mandatory for new features)

Information about CI checks: https://clickhouse.com/docs/en/development/continuous-integration/

[robot-ch-test-poll]

This is an automated comment for commit 2367434 with description of existing statuses. It's updated for the latest CI running
The full report is available here
The overall status of the commit is 🔴 failure

Check name	Description	Status
AST fuzzer	Runs randomly generated queries to catch program errors. The build type is optionally given in parenthesis. If it fails, ask a maintainer for help	🟢 success
CI running	A meta-check that indicates the running CI. Normally, it's in success or pending state. The failed status indicates some problems with the PR	🟢 success
ClickHouse build check	Builds ClickHouse in various configurations for use in further steps. You have to fix the builds that fail. Build logs often has enough information to fix the error, but you might have to reproduce the failure locally. The cmake options can be found in the build log, grepping for cmake. Use these options and follow the general build process	🟢 success
Compatibility check	Checks that clickhouse binary runs on distributions with old libc versions. If it fails, ask a maintainer for help	🟢 success
Docker image for servers	The check to build and optionally push the mentioned image to docker hub	🟢 success
Fast test	Normally this is the first check that is ran for a PR. It builds ClickHouse and runs most of stateless functional tests, omitting some. If it fails, further checks are not started until it is fixed. Look at the report to see which tests fail, then reproduce the failure locally as described here	🟢 success
Flaky tests	Checks if new added or modified tests are flaky by running them repeatedly, in parallel, with more randomization. Functional tests are run 100 times with address sanitizer, and additional randomization of thread scheduling. Integrational tests are run up to 10 times. If at least once a new test has failed, or was too long, this check will be red. We don't allow flaky tests, read the doc	🟢 success
Install packages	Checks that the built packages are installable in a clear environment	🟢 success
Integration tests	The integration tests report. In parenthesis the package type is given, and in square brackets are the optional part/total tests	🔴 failure
Mergeable Check	Checks if all other necessary checks are successful	🟢 success
Performance Comparison	Measure changes in query performance. The performance test report is described in detail here. In square brackets are the optional part/total tests	🟢 success
Push to Dockerhub	The check for building and pushing the CI related docker images to docker hub	🟢 success
SQLTest	There's no description for the check yet, please add it to tests/ci/ci_config.py:CHECK_DESCRIPTIONS	🟢 success
SQLancer	Fuzzing tests that detect logical bugs with SQLancer tool	🟢 success
Sqllogic	Run clickhouse on the sqllogic test set against sqlite and checks that all statements are passed	🟢 success
Stateful tests	Runs stateful functional tests for ClickHouse binaries built in various configurations -- release, debug, with sanitizers, etc	🟢 success
Stateless tests	Runs stateless functional tests for ClickHouse binaries built in various configurations -- release, debug, with sanitizers, etc	🟢 success
Stress test	Runs stateless functional tests concurrently from several clients to detect concurrency-related errors	🟢 success
Style Check	Runs a set of checks to keep the code style clean. If some of tests failed, see the related log from the report	🟢 success
Unit tests	Runs the unit tests for different release types	🟢 success
Upgrade check	Runs stress tests on server version from last release and then tries to upgrade it to the version from the PR. It checks if the new server can successfully startup without any errors, crashes or sanitizer asserts	🟢 success

[arthurpassos]

The downside of this approach is that everytime a HTTP request is created, one has to remember to grab & pass proxy config. I feel like this should be hardcoded within the HTTP request "creator". Maybe it can be done for the generic case (i.e the non-S3 specific configuration we are adding with this PR), but it will not work for the existing storage conf one.

One idea that could work is to indeed hardcode the proxy logic within the HTTP request creator which is applied if the proxy config argument hasn't been specified.

Not sure if these are feasible, will read the code and come back.

[arthurpassos]

@tavplubix kind ping

[tavplubix]

@arthurpassos, I'm reviewing it right now.

[tavplubix]

So the only difference from ClientConfigurationPerRequest is support for ANY, right? But does it really make sense if we handle ANY as HTTP?

[arthurpassos]

That's not the only difference. The main and most important difference is that ClientConfigurationPerRequest is a S3 specific structure and relies on Aws::Http::Scheme (a third party module enum).

ProxyConfiguration is a ClickHouse domain enum, meant to be used across ClickHouse source code. It removes this extra dependency and tight coupling.

For instance, URL functions also need proxy, but should not have a dependency on AWS stuff. There might be other parts of CH that depend on proxy stuff and will adhere to this implementation later, no dependency on AWS stuff.

[arthurpassos]

Not only that, but ProxyConfiguration::Protocol::ANY is not handled as HTTP. Both RemoteResolver and ListResolver will literally use ANY (HTTP or HTTPs) if ANY is specified. You can check that in ProxyConfigurationResolverProvider.cpp.

You might have been confused by the EnvironmentResolver, which is not currently handling ANY as ANY. I'll address that.

[tavplubix]

ClientConfigurationPerRequest is a S3 specific structure and relies on Aws::Http::Scheme (a third party module enum)

I don't mind using Aws::Http::Scheme in ClickHouse code (since we already do), but okay

You might have been confused by the EnvironmentResolver, which is not currently handling ANY as ANY

Yes, and also by

ClickHouse/src/IO/S3/ProxyConfigurationResolverAdapter.cpp

Lines 18 to 20 in 63c7ba5

	case DB::ProxyConfiguration::Protocol::ANY:
	// default to HTTP since there is no ANY in AWS::Scheme and we don't want an exception
	return Aws::Http::Scheme::HTTP;

[tavplubix]

However, if I'm not mistaken, ANY is used only as an argument of a factory (to get any proxy) and is never used as a part of an actual proxy configuration (each proxy is either HTTP or HTTPS). In other words, can ProxyConfiguration::protocol be ANY?

[arthurpassos]

Yes, ANY is only used to get any resolver, but ProxyConfiguration::protocol will never be ANY.

The only reason ANY exists is to keep backwards compatibility with the "old" behavior, where the user did not have the option to specify if the proxy was meant for HTTP or for HTTPs requests. ClickHouse would pick any.

So ANY is only used in the context of the S3 storage conf proxy.

[tavplubix]

Yes, ANY is only used to get any resolver, but ProxyConfiguration::protocol will never be ANY.

So there's no real difference between ClientConfigurationPerRequest and ProxyConfiguration (except for using a third party module enum)

[arthurpassos]

Yes, you are correct

[tavplubix]

Either I'm missing something or it should have failed to compile. The base class, ProxyConfiguration is a trivial struct with no virtual methods, and there are no other base classes. So there's nothing to override, these methods are not virtual

[tavplubix]

Also, can we get rid of ProxyConfigurationResolverAdapter at all? As far as I understood, ClientConfigurationPerRequest to ProxyConfiguration and vice versa (and the only difference between them is ANY, but there's another comment about this).

There are only two usages of ProxyConfigurationProvider with ProxyConfigurationResolverAdapter that look like

    auto proxy_configuration_resolver = S3::ProxyConfigurationProvider::get(protocol);
    auto per_request_configuration = [=] (const Aws::Http::HttpRequest & req) { return proxy_configuration_resolver->getConfiguration(req); };
    auto error_report = [=] (const ClientConfigurationPerRequest & req) { proxy_configuration_resolver->errorReport(req); };

Let's just add two simple methods like ProxyConfiguration::toClientConfiguration() and ProxyConfiguration::fromClientConfiguration(...). AFAIU, it will allow to replace the adapter with simple code like:

    auto proxy_configuration_resolver = S3::ProxyConfigurationResolverProvider::get(protocol);
    auto per_request_configuration = [=] (const Aws::Http::HttpRequest & req) { return proxy_configuration_resolver->resolve().toClientConfiguration(); };
    auto error_report = [=] (const ClientConfigurationPerRequest & req) { proxy_configuration_resolver->errorReport(ProxyConfiguration::fromClientConfiguration(req)); };

Or we can even override the implicit conversion operator...

[arthurpassos]

Either I'm missing something or it should have failed to compile. The base class, ProxyConfiguration is a trivial struct with no virtual methods, and there are no other base classes. So there's nothing to override, these methods are not virtual

This is confusing because of backwards compatibility. Previously, proxy support was added only to S3 storage. At that moment, the DB::S3::ProxyConfiguration class was introduced. See https://github.com/ClickHouse/ClickHouse/blob/master/src/Disks/ObjectStorages/S3/ProxyConfiguration.h. This is the base class that contains those methods.

For me, it's poorly named. It's named ProxyConfiguration, but it's not a configuration, it's a class that will provide / resolve / generate the configuration.

On the other hand, the DB::ProxyConfiguration, struct you are seeing on this PR, is an actual configuration class.

So, to summarize, DB::S3::ProxyConfiguration is a poorly named class and serves as a resolver for S3 proxy configuration. DB::ProxyConfiguration is an actual configuration class mean to be used across ClickHouse without any dependency (i.e, can be used for URL, S3, and whatever else).

[arthurpassos]

Also, can we get rid of ProxyConfigurationResolverAdapter at all? As far as I understood, ClientConfigurationPerRequest to ProxyConfiguration and vice versa (and the only difference between them is ANY, but there's another comment about this).

There are only two usages of ProxyConfigurationProvider with ProxyConfigurationResolverAdapter that look like

    auto proxy_configuration_resolver = S3::ProxyConfigurationProvider::get(protocol);
    auto per_request_configuration = [=] (const Aws::Http::HttpRequest & req) { return proxy_configuration_resolver->getConfiguration(req); };
    auto error_report = [=] (const ClientConfigurationPerRequest & req) { proxy_configuration_resolver->errorReport(req); };

Let's just add two simple methods like ProxyConfiguration::toClientConfiguration() and ProxyConfiguration::fromClientConfiguration(...). AFAIU, it will allow to replace the adapter with simple code like:

    auto proxy_configuration_resolver = S3::ProxyConfigurationResolverProvider::get(protocol);
    auto per_request_configuration = [=] (const Aws::Http::HttpRequest & req) { return proxy_configuration_resolver->resolve().toClientConfiguration(); };
    auto error_report = [=] (const ClientConfigurationPerRequest & req) { proxy_configuration_resolver->errorReport(ProxyConfiguration::fromClientConfiguration(req)); };

Or we can even override the implicit conversion operator...

I can do something along these lines for the sake of the PR, but I honestly prefer to avoid throwing the "burden" of converting stuff and "knowing implementation details" to the client. As of now, for the client, it's seamless. It does not know there are indirection layers, conversions and where the proxy configuration is coming from. If that changes, client code will not have to change.

I also don't like the idea of having a DB::ProxyConfiguration constructor that takes ClientConfiguration or the other way around. This adds extra dependencies.

I usually code with the notion of "the less a class knows, the better". If URL functions need to have access to DB::ProxyConfiguration, it should only see that. With those auxiliary methods or that constructor, it'll "see" DB::S3::ClientConfiguration, a useless dependency for URL functions (or anything outside the S3 scope).

I do understand though it's hard to keep track of a big number of classes and it might be confusing because of the similar names. Sometimes namespaces are not enough for us to keep track of that.

Let me know what you think.

[tavplubix]

"knowing implementation details" to the client. As of now, for the client, it's seamless

The client is basically 6 lines of code in 2 places (3 lines in each). Updating these 6 lines is much simpler than introducing some abstract adapters (about 100 lines of code).

If that changes, client code will not have to change.

If that changes, we can handle changing 6 lines of code.

This adds extra dependencies.

It's not a big problem (we have a monorepo and a static binary). Also, it's quite natural to have an easy way to convert "new" ProxyConfiguration to "old" ClientConfiguration and vice versa

I usually code with the notion of "the less a class knows, the better"

I understand this, and it's a really good principle sometimes. But I also like "less code is better" and "simpler is better". And in this particular case, all these abstractions look to me a bit overengineered (or maybe like "premature optimization", but in terms of abstractions)

With those auxiliary methods or that constructor, it'll "see" DB::S3::ClientConfiguration, a useless dependency for URL functions (or anything outside the S3 scope).

I don't think it's a big problem, especially if URL function will not explicitly use this stuff and will only include some headers containing it. But if you want to do it the right way, then the right way is probably different.

S3 is basically the same as URL with something extra on top of basic HTTP(S). S3 and URL should depend on some common http stuff. And proxies must be a part of that common http stuff, it's not something S3-specific. So the right way is to refactor the code in the S3 scope, and replace DB::S3::ClientConfiguration with something that can be used in both URL and S3

[arthurpassos]

ok, fair enough. I'll see what I can do about this refactor, worst case scenario I'll add the auxiliary functions

[arthurpassos]

Actually, it's not that simple. There is extra logic implemented in DB::S3::ProxyConfigurationProvider, this extra logic is required to keep backwards compatibility.

To integrate the old behavior / settings with the new behavior / settings, here's what's implemented:

1. Try to fetch from scoped settings (storage conf proxy specific).
2. If it can't find storage conf specific proxy settings, try to fetch from general settings.
3. If it can't find there, grab from env.

This is the job of DB::S3::ProxyConfigurationProvider.

If I manage to remove ClientConfigurationPerRequest and use DB::ProxyConfiguration only, then maybe it's ok to eliminate DB::S3::ProxyConfigurationResolverAdapter and DB::ProxyConfigurationProvider by adding a method a backwards compatible method in DB::ProxyConfigurationResolverProvider. Will look into it

[arthurpassos]

Removed ClientConfigurationPerRequest, DB::S3::ProxyConfigurationProvider, DB::S3::ProxyConfiguration and DB::S3::ProxyConfigurationResolverAdapter.

Can you double check it's ok now?

[tavplubix]

Thanks, will review it tomorrow

[tavplubix]

ClientConfigurationPerRequest is a S3 specific structure and relies on Aws::Http::Scheme (a third party module enum)

I don't mind using Aws::Http::Scheme in ClickHouse code (since we already do), but okay

You might have been confused by the EnvironmentResolver, which is not currently handling ANY as ANY

Yes, and also by

ClickHouse/src/IO/S3/ProxyConfigurationResolverAdapter.cpp

Lines 18 to 20 in 63c7ba5

	case DB::ProxyConfiguration::Protocol::ANY:
	// default to HTTP since there is no ANY in AWS::Scheme and we don't want an exception
	return Aws::Http::Scheme::HTTP;

[tavplubix]

Looks like it allows having two http (or two https) proxies configured, but doesn't allow, for example, 2 http + 1 https

[arthurpassos]

Hm.. indeed. Correct behavior should be: 1 HTTP and 1 HTTPs. Will fix that tomorrow

[arthurpassos]

@tavplubix what do you think about allowing the user to specify N HTTP remote resolvers and N HTTPs remote resolvers, but we only pick the first one of each and simply ignore the rest. It'll make code a lot simpler.

[arthurpassos]

Another thing that might be worth discussing is that these exceptions are not thrown at startup time, rather upon request.

In this case, the request will be aborted. Should we try the other proxy methods first (list and environment)?

[tavplubix]

allowing the user to specify N HTTP remote resolvers and N HTTPs remote resolvers, but we only pick the first one of each and simply ignore the rest.

It's okay

Another thing that might be worth discussing is that these exceptions are not thrown at startup time, rather upon request.

It's okay that requests will fail if the server is misconfigured (it would be better to check on startup, but it's not necessary)

Should we try the other proxy methods first (list and environment)?

No, we should not try to continue working if the server is misconfigured

[arthurpassos]

Allowing the user to specify N HTTP remote resolvers and N HTTPs remote resolvers, but we only pick the first one of each and simply ignore the rest.

It's okay

Ok, removed the hard check for only two resolvers. It now simply picks the first configuration that matches the protocol.

Should we try the other proxy methods first (list and environment)?

No, we should not try to continue working if the server is misconfigured

If it is misconfigured, it'll throw an exception. No fallthrough. The only caveat is "missing protocol". For instance, if the user configured a remote resolver (has precedence over other methods) for HTTP, but not for HTTPs. And there is a list resolver configured for HTTPs, it'll grab the list resolver. I believe that's acceptable, right? It's more permissive and less checks are present in the code

[arthurpassos]

@tavplubix I believe all comments have been addressed. I am considering to add support for no_proxy, but will most likely implement it in a different PR

[arthurpassos]

@tavplubix CI is green and you have approved it, can we merge it?

[tavplubix]

Integration tests (asan) [1/6] - #51464
Integration tests (asan, analyzer) [5/6] - #53323

[arthurpassos]

@tavplubix thanks for looking into this, really appreciate it

[alexey-milovidov]

Test has failed: https://s3.amazonaws.com/clickhouse-test-reports/54045/c25dd560c9a06312b8267906e4847560a8d29fd7/integration_tests__release__[2_4].html