Backport ClickHouse#89068 to 25.8: Fix clusterAllReplicas queries with external role when it was dropped

robot-clickhouse · robot-clickhouse · commit 870fd2b3658b · 2025-10-31T12:16:54.000Z
diff --git a/src/QueryPipeline/RemoteQueryExecutor.cpp b/src/QueryPipeline/RemoteQueryExecutor.cpp
@@ -425,7 +425,8 @@ void RemoteQueryExecutor::sendQueryUnlocked(ClientInfo::QueryKind query_kind, As
             const auto & access_control = context->getAccessControl();
             for (const auto & e : user->granted_roles.getElements())
             {
-                auto names = access_control.readNames(e.ids);
+                // `tryReadNames` instead of `readNames` because the original user might have a dropped role.
+                auto names = access_control.tryReadNames(e.ids);
                 granted_roles.insert(names.begin(), names.end());
             }
         }
diff --git a/tests/queries/0_stateless/03702_not_existing_role_on_cluster.reference b/tests/queries/0_stateless/03702_not_existing_role_on_cluster.reference
diff --git a/tests/queries/0_stateless/03702_not_existing_role_on_cluster.sh b/tests/queries/0_stateless/03702_not_existing_role_on_cluster.sh
@@ -0,0 +1,45 @@
+#!/usr/bin/env bash
+# Tags: no-replicated-database, no-parallel
+
+CUR_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
+# shellcheck source=../shell_config.sh
+. "$CUR_DIR"/../shell_config.sh
+
+user="user03702_${CLICKHOUSE_DATABASE}_$RANDOM"
+role="role03702_${CLICKHOUSE_DATABASE}_$RANDOM"
+db=${CLICKHOUSE_DATABASE}
+
+${CLICKHOUSE_CLIENT} <<EOF
+DROP DATABASE IF EXISTS shard_0;
+DROP DATABASE IF EXISTS shard_1;
+
+CREATE DATABASE IF NOT EXISTS shard_0;
+CREATE DATABASE IF NOT EXISTS shard_1;
+
+SET distributed_ddl_output_mode = 'none';
+DROP USER IF EXISTS $user ON CLUSTER test_cluster_two_shards_different_databases;
+CREATE USER $user ON CLUSTER test_cluster_two_shards_different_databases;
+
+DROP ROLE IF EXISTS $role ON CLUSTER test_cluster_two_shards_different_databases;
+CREATE ROLE $role ON CLUSTER test_cluster_two_shards_different_databases;
+
+GRANT REMOTE ON *.* TO $user ON CLUSTER test_cluster_two_shards_different_databases;
+GRANT SELECT ON *.* TO $role ON CLUSTER test_cluster_two_shards_different_databases;
+
+GRANT $role TO $user ON CLUSTER test_cluster_two_shards_different_databases;
+DROP ROLE $role ON CLUSTER test_cluster_two_shards_different_databases;
+EOF
+
+${CLICKHOUSE_CLIENT} --user $user <<EOF
+SELECT
+    hostName() AS h,
+    count()
+FROM clusterAllReplicas('test_cluster_two_shards_different_databases', system.one)
+GROUP BY h
+FORMAT Null;
+EOF
+
+${CLICKHOUSE_CLIENT} <<EOF
+SET distributed_ddl_output_mode = 'none';
+DROP USER IF EXISTS $user ON CLUSTER test_cluster_two_shards_different_databases;
+EOF

Original file line number	Diff line number	Diff line change
`@@ -425,7 +425,8 @@ void RemoteQueryExecutor::sendQueryUnlocked(ClientInfo::QueryKind query_kind, As`
`425`	`425`	`const auto & access_control = context->getAccessControl();`
`426`	`426`	`for (const auto & e : user->granted_roles.getElements())`
`427`	`427`	`{`
`428`		`- auto names = access_control.readNames(e.ids);`
	`428`	+ // `tryReadNames` instead of `readNames` because the original user might have a dropped role.
	`429`	`+ auto names = access_control.tryReadNames(e.ids);`
`429`	`430`	`granted_roles.insert(names.begin(), names.end());`
`430`	`431`	`}`
`431`	`432`	`}`