You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi,
I have setup Trino running in AWS EMR and Open Policy Agent (OPA) in separate instance.
Configured Trino with openldap for authentication and it works fine.
Configured 'column-masking' in OPA and it works fine too, now I want to add logic in this policy based on users group, for that I created 'group-provider.properties' file under '/etc/trino/' with my ldap details.
On Trino service startup I see the plugin getting loaded but when I run query from 'trino-cli' in the log I only see the 'user' information in the 'context.identity' when it makes call to OPA.
2024-11-08T17:12:56.352Z DEBUG dispatcher-query-4 io.trino.security.AccessControl Invocation of checkCanSetUser(principal=Optional[admin2], userName='admin2') succeeded in 30.14us
2024-11-08T17:12:56.355Z DEBUG dispatcher-query-4 io.trino.security.AccessControl Invocation of checkCanExecuteQuery(identity=Identity{user='admin2', principal=admin2}) succeeded in 2.50ms
2024-11-08T17:12:56.390Z DEBUG Query-20241108_171256_00002_iyddz-224 io.trino.security.AccessControl Invocation of getColumnMask(context=SecurityContext{identity=Identity{user='admin2', principal=admin2}, queryId=20241108_171256_00002_iyddz}, tableName=iceberg.information_schema.tables, columnName='table_catalog', type=varchar) succeeded in 7.40ms
Also, tried by creating 'custom-plugin' with print statements, I see it getting loaded on Trino service startup but don't see any trace of that plugin getting called either when I login or run query from 'trino-cli'
I tried specifying the location of 'group-provider.properties' in the Trino 'config.properties' like below but it threw exception on trino service restart
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hi,
I have setup Trino running in AWS EMR and Open Policy Agent (OPA) in separate instance.
Configured Trino with openldap for authentication and it works fine.
Configured 'column-masking' in OPA and it works fine too, now I want to add logic in this policy based on users group, for that I created 'group-provider.properties' file under '/etc/trino/' with my ldap details.
On Trino service startup I see the plugin getting loaded but when I run query from 'trino-cli' in the log I only see the 'user' information in the 'context.identity' when it makes call to OPA.
2024-11-08T17:12:56.352Z DEBUG dispatcher-query-4 io.trino.security.AccessControl Invocation of checkCanSetUser(principal=Optional[admin2], userName='admin2') succeeded in 30.14us
2024-11-08T17:12:56.355Z DEBUG dispatcher-query-4 io.trino.security.AccessControl Invocation of checkCanExecuteQuery(identity=Identity{user='admin2', principal=admin2}) succeeded in 2.50ms
2024-11-08T17:12:56.390Z DEBUG Query-20241108_171256_00002_iyddz-224 io.trino.security.AccessControl Invocation of getColumnMask(context=SecurityContext{identity=Identity{user='admin2', principal=admin2}, queryId=20241108_171256_00002_iyddz}, tableName=iceberg.information_schema.tables, columnName='table_catalog', type=varchar) succeeded in 7.40ms
Also, tried by creating 'custom-plugin' with print statements, I see it getting loaded on Trino service startup but don't see any trace of that plugin getting called either when I login or run query from 'trino-cli'
I tried specifying the location of 'group-provider.properties' in the Trino 'config.properties' like below but it threw exception on trino service restart
group-provider.config-files=/etc/trino/group-provider.properties
Thanks in advance!
Beta Was this translation helpful? Give feedback.
All reactions