fix s3 endpoint specific configuration priorities by bharatnc · Pull Request #109251 · ClickHouse/ClickHouse · GitHub
Skip to content

fix s3 endpoint specific configuration priorities#109251

Open
bharatnc wants to merge 1 commit into
masterfrom
ncb/fix-s3-setting-priority
Open

fix s3 endpoint specific configuration priorities#109251
bharatnc wants to merge 1 commit into
masterfrom
ncb/fix-s3-setting-priority

Conversation

@bharatnc

@bharatnc bharatnc commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Fix S3 settings priority so a URL-scoped <s3> endpoint block overrides the top-level <s3> defaults.

The <s3> section has two layers: top-level defaults, and URL-scoped endpoint blocks that are more specific and should win. This is done at table creation (fromAST).

<s3>
    <!-- top-level defaults: apply to all S3 access -->
    <use_environment_credentials>false</use_environment_credentials>

    <!-- URL-scoped endpoint block: applies only to matching URLs, more specific -->
    <my_endpoint>
        <endpoint>http://localhost:11111/test/my-bucket</endpoint>
        <use_environment_credentials>true</use_environment_credentials>
    </my_endpoint>
</s3>

After #100975 was merged, S3ObjectStorage::applyNewSettings applied the config_prefix settings last. For disks that is correct, since config_prefix is the disk's own <storage_configuration> section, which is more specific than <s3>. But the same path also runs for tables not using a <storage_configuration> (S3, S3Queue, etc.), where config_prefix is the top-level <s3> itself, so the generic defaults ended up overriding the endpoint block. For example, this turned use_environment_credentials off for specific endpoints on the object-storage refresh, resulting in ACCESS_DENIED errors on flush.

After this fix:

  • Disks keep the current behavior where a disk's own config wins.
  • Engine tables restore the behavior where the endpoint-specific config wins over the top-level <s3> defaults, matching how the same settings are already resolved at table creation.

The disk and query/profile priority changes from #100975 are left untouched.

Changelog category (leave one):

  • Bug Fix (user-visible misbehavior in an official stable release)

Changelog entry (a user-readable short description of the changes that goes into CHANGELOG.md):

Fix S3 settings priority so a URL-scoped <s3> endpoint block takes precedence over the top-level <s3> defaults.

@clickhouse-gh

clickhouse-gh Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

@clickhouse-gh clickhouse-gh Bot added the pr-bugfix Pull request with bugfix, not backported by default label Jul 3, 2026
/// top-level `<s3>` section, which is less specific than the URL-scoped endpoint settings.
/// Apply it first so the endpoint settings win, matching the resolution order used at table
/// creation in `S3StorageParsedArguments::fromAST` (global `<s3>` first, endpoint on top).
apply_config_settings();

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

StorageObjectStorage::update calls applyNewSettings on every non-table-function query, so this branch is the live S3 table path, not only SYSTEM RELOAD CONFIG. The new ordering fixes global <s3> vs endpoint precedence, but it still skips the final request_settings.updateFromSettings(...) that fromAST does in src/Storages/ObjectStorage/S3/Configuration.cpp:667-671. Because S3SettingsByEndpoint::loadFromConfig seeds each endpoint entry from S3RequestSettings(config, settings, "s3") and then applies the endpoint block on top, a query-level read setting like s3_max_single_read_retries or s3_max_get_rps is still overwritten here by the matching <s3><endpoint> config, and readObject later consumes s3_settings->request_settings directly. Can we re-apply context->getSettingsRef() after apply_endpoint_settings() in the non-disk case as well, so the priority order for ordinary S3 table reads remains global <s3> < endpoint block < query/profile`?

@clickhouse-gh

clickhouse-gh Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

LLVM Coverage Report

Metric Baseline Current Δ
Lines 85.50% 85.60% +0.10%
Functions 92.70% 92.70% +0.00%
Branches 77.70% 77.70% +0.00%

Changed lines: Changed C/C++ lines covered: 15/15 (100.00%) · Uncovered code

Full report · Diff report

@bharatnc bharatnc requested a review from azat July 3, 2026 13:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

pr-bugfix Pull request with bugfix, not backported by default

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant