From 90321a903c27a55566ba70a4bde59b714295ee6d Mon Sep 17 00:00:00 2001 From: tars Date: Tue, 24 Mar 2026 17:55:28 +0900 Subject: [PATCH 1/2] fix: wrap S3 credentials with NewCredentialsCache to avoid redundant credential resolution --- pkg/storage/s3.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkg/storage/s3.go b/pkg/storage/s3.go index c3175a68..72718ad2 100644 --- a/pkg/storage/s3.go +++ b/pkg/storage/s3.go @@ -138,6 +138,7 @@ func (s *S3) Connect(ctx context.Context) error { ) // inherit IRSA and try assume role https://github.com/Altinity/clickhouse-backup/issues/1191 if s.Config.AssumeRoleARN != "" && s.Config.AssumeRoleARN != awsRoleARN { + awsConfig.Credentials = aws.NewCredentialsCache(awsConfig.Credentials) stsClient = sts.NewFromConfig(awsConfig) awsConfig.Credentials = stscreds.NewAssumeRoleProvider(stsClient, s.Config.AssumeRoleARN) } @@ -157,6 +158,10 @@ func (s *S3) Connect(ctx context.Context) error { } } + if awsConfig.Credentials != nil { + awsConfig.Credentials = aws.NewCredentialsCache(awsConfig.Credentials) + } + if s.Config.Debug { awsConfig.Logger = newS3Logger(log.Logger) awsConfig.ClientLogMode = aws.LogRetries | aws.LogRequest | aws.LogResponse From a8aeaf2cb9f1b30996af054822a8d11d0d8035de Mon Sep 17 00:00:00 2001 From: slach Date: Sat, 28 Mar 2026 13:44:19 +0400 Subject: [PATCH 2/2] improve restart via SYSTEM SHUTDOWN handler in TestKeeperTLS --- test/integration/keeperTLS_test.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/integration/keeperTLS_test.go b/test/integration/keeperTLS_test.go index 94e7fafb..d7b3bce5 100644 --- a/test/integration/keeperTLS_test.go +++ b/test/integration/keeperTLS_test.go @@ -51,10 +51,11 @@ func TestKeeperTLS(t *testing.T) { // clean and restore r.NoError(env.dropDatabase(dbName, false)) env.queryWithNoError(r, fmt.Sprintf("DROP USER IF EXISTS %s %s", rbacUser, onCluster)) + env.ch.Close() env.DockerExecNoError(r, "clickhouse-backup", "clickhouse-backup", "-c", "/etc/clickhouse-backup/config-s3.yml", "restore", "--rbac", backupName) // wait for restart after RBAC restore and check - env.connectWithWait(t, r, 500*time.Millisecond, 1*time.Second, 2*time.Minute) + env.connectWithWait(t, r, 5*time.Second, 1*time.Second, 2*time.Minute) var rowCount, userCount uint64 r.NoError(env.ch.SelectSingleRowNoCtx(&rowCount, fmt.Sprintf("SELECT count() FROM %s.%s", dbName, tableName))) r.Equal(uint64(100), rowCount)