Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow pinning Glue credentials provider to StsWebIdentityTokenFileCredentialsProvider #22425

Merged

Conversation

rohanag12
Copy link
Contributor

@rohanag12 rohanag12 commented Jun 18, 2024

Description

Allow users to only use the StsWebIdentityTokenFileCredentialsProvider instead of the default credentials provider chain for Glue v2.

The Glue v1 implementation supported specifying a custom credential provider, but that ability was removed in the Glue v2 implementation. This commit provides similar functionality to the flags added for S3 in #22162 and #22163.

Additional context and related issues

Ref #20657 (comment).

Fixes #15267

Release notes

( ) This is not user-visible or is docs only, and no release notes are required.
(x) Release notes are required. Please propose a release note for me.
( ) Release notes are required, with the following suggested text:

# Section
* Fix some things. ({issue}`issuenumber`)

@cla-bot cla-bot bot added the cla-signed label Jun 18, 2024
@github-actions github-actions bot added the hive Hive connector label Jun 18, 2024
@rohanag12 rohanag12 mentioned this pull request Jun 18, 2024
@rohanag12
Copy link
Contributor Author

The CI failure seem unrelated to this change, I see similar failures on master. Please let me know if I need to do anything to resolve it.

@findepi
Copy link
Member

findepi commented Jun 19, 2024

/test-with-secrets sha=6a006276b0810c087fdde5885d5825a20c42bbb6

@findepi findepi requested a review from nineinchnick June 19, 2024 07:29
Copy link

github-actions bot commented Jun 19, 2024

The CI workflow run with tests that require additional secrets finished as failure: https://github.com/trinodb/trino/actions/runs/9577963913

Copy link
Member

@nineinchnick nineinchnick left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@rohanag12 how did you test this? Are there any docs around Glue that would need to be updated to mention this new property?

@rohanag12
Copy link
Contributor Author

@rohanag12 how did you test this? Are there any docs around Glue that would need to be updated to mention this new property?

Apologies for delayed response, I finally got time to work on this again. I tested this by doing the following:

  • Build trino by running ./mvnw clean install -DskipTests
  • Build the docker image by running ./core/docker/build.sh
  • Push the image to an ECR registry.
  • Deploy Trino using the helm chart from https://github.com/trinodb/charts.
In the logs, I can see the following stack trace when the first query is executed and the glue client is initialized (click to expand):
2024-07-10T01:38:52.858Z	DEBUG	Query-20240710_013852_00001_huepb-218	software.amazon.awssdk.core.interceptor.ExecutionInterceptorChain	Creating an interceptor chain that will apply interceptors in the following order: [software.amazon.awssdk.core.internal.interceptor.HttpChecksumValidationInterceptor@6b4e1353, software.amazon.awssdk.awscore.interceptor.HelpfulUnknownHostExceptionInterceptor@2de81153, software.amazon.awssdk.awscore.eventstream.EventStreamInitialRequestInterceptor@4c96d51c, software.amazon.awssdk.awscore.interceptor.TraceIdExecutionInterceptor@351dc2f6, software.amazon.awssdk.services.glue.auth.scheme.internal.GlueAuthSchemeInterceptor@6cd38ce8, software.amazon.awssdk.services.glue.endpoints.internal.GlueResolveEndpointInterceptor@1dd961da, software.amazon.awssdk.services.glue.endpoints.internal.GlueRequestSetEndpointInterceptor@4131338e, io.opentelemetry.instrumentation.awssdk.v2_2.TracingExecutionInterceptor@3b753081]
2024-07-10T01:38:52.858Z	DEBUG	Query-20240710_013852_00000_huepb-215	software.amazon.awssdk.core.interceptor.ExecutionInterceptorChain	Creating an interceptor chain that will apply interceptors in the following order: [software.amazon.awssdk.core.internal.interceptor.HttpChecksumValidationInterceptor@6b4e1353, software.amazon.awssdk.awscore.interceptor.HelpfulUnknownHostExceptionInterceptor@2de81153, software.amazon.awssdk.awscore.eventstream.EventStreamInitialRequestInterceptor@4c96d51c, software.amazon.awssdk.awscore.interceptor.TraceIdExecutionInterceptor@351dc2f6, software.amazon.awssdk.services.glue.auth.scheme.internal.GlueAuthSchemeInterceptor@6cd38ce8, software.amazon.awssdk.services.glue.endpoints.internal.GlueResolveEndpointInterceptor@1dd961da, software.amazon.awssdk.services.glue.endpoints.internal.GlueRequestSetEndpointInterceptor@4131338e, io.opentelemetry.instrumentation.awssdk.v2_2.TracingExecutionInterceptor@3b753081]
2024-07-10T01:38:52.864Z	DEBUG	Query-20240710_013852_00001_huepb-218	software.amazon.awssdk.utils.cache.CachedSupplier	(StsAssumeRoleWithWebIdentityCredentialsProvider()) Cached value is stale and will be refreshed.
2024-07-10T01:38:52.864Z	DEBUG	Query-20240710_013852_00000_huepb-215	software.amazon.awssdk.utils.cache.CachedSupplier	(StsAssumeRoleWithWebIdentityCredentialsProvider()) Cached value is stale and will be refreshed.
2024-07-10T01:38:52.864Z	DEBUG	Query-20240710_013852_00000_huepb-215	software.amazon.awssdk.utils.cache.CachedSupplier	(StsAssumeRoleWithWebIdentityCredentialsProvider()) Refreshing cached value.
2024-07-10T01:38:52.869Z	DEBUG	Query-20240710_013852_00000_huepb-215	software.amazon.awssdk.core.interceptor.ExecutionInterceptorChain	Creating an interceptor chain that will apply interceptors in the following order: [software.amazon.awssdk.core.internal.interceptor.HttpChecksumValidationInterceptor@62d07177, software.amazon.awssdk.awscore.interceptor.HelpfulUnknownHostExceptionInterceptor@ae41c17, software.amazon.awssdk.awscore.eventstream.EventStreamInitialRequestInterceptor@77b921ab, software.amazon.awssdk.awscore.interceptor.TraceIdExecutionInterceptor@134cc6ff, software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor@72f64628, software.amazon.awssdk.services.sts.endpoints.internal.StsResolveEndpointInterceptor@58d8e8c5, software.amazon.awssdk.services.sts.endpoints.internal.StsRequestSetEndpointInterceptor@66d22e0c]
2024-07-10T01:38:52.888Z	DEBUG	Query-20240710_013852_00000_huepb-215	software.amazon.awssdk.auth.credentials.AwsCredentialsProviderChain	Unable to load credentials from SystemPropertyCredentialsProvider(): Unable to load credentials from system settings. Access key must be specified either via environment variable (AWS_ACCESS_KEY_ID) or system property (aws.accessKeyId).
software.amazon.awssdk.core.exception.SdkClientException: Unable to load credentials from system settings. Access key must be specified either via environment variable (AWS_ACCESS_KEY_ID) or system property (aws.accessKeyId).
	at software.amazon.awssdk.core.exception.SdkClientException$BuilderImpl.build(SdkClientException.java:111)
	at software.amazon.awssdk.auth.credentials.internal.SystemSettingsCredentialsProvider.resolveCredentials(SystemSettingsCredentialsProvider.java:60)
	at software.amazon.awssdk.auth.credentials.AwsCredentialsProvider.resolveIdentity(AwsCredentialsProvider.java:54)
	at software.amazon.awssdk.identity.spi.IdentityProvider.resolveIdentity(IdentityProvider.java:60)
	at software.amazon.awssdk.auth.credentials.AwsCredentialsProviderChain.resolveCredentials(AwsCredentialsProviderChain.java:109)
	at software.amazon.awssdk.auth.credentials.internal.LazyAwsCredentialsProvider.resolveCredentials(LazyAwsCredentialsProvider.java:45)
	at software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider.resolveCredentials(DefaultCredentialsProvider.java:129)
	at software.amazon.awssdk.auth.credentials.AwsCredentialsProvider.resolveIdentity(AwsCredentialsProvider.java:54)
	at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.lambda$trySelectAuthScheme$4(StsAuthSchemeInterceptor.java:132)
	at software.amazon.awssdk.core.internal.util.MetricUtils.reportDuration(MetricUtils.java:77)
	at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.trySelectAuthScheme(StsAuthSchemeInterceptor.java:132)
	at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.selectAuthScheme(StsAuthSchemeInterceptor.java:81)
	at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.beforeExecution(StsAuthSchemeInterceptor.java:61)
	at software.amazon.awssdk.core.interceptor.ExecutionInterceptorChain.lambda$beforeExecution$1(ExecutionInterceptorChain.java:59)
	at java.base/java.util.ArrayList.forEach(ArrayList.java:1597)
	at software.amazon.awssdk.core.interceptor.ExecutionInterceptorChain.beforeExecution(ExecutionInterceptorChain.java:59)
	at software.amazon.awssdk.awscore.internal.AwsExecutionContextBuilder.runInitialInterceptors(AwsExecutionContextBuilder.java:241)
	at software.amazon.awssdk.awscore.internal.AwsExecutionContextBuilder.invokeInterceptorsAndCreateExecutionContext(AwsExecutionContextBuilder.java:132)
	at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.invokeInterceptorsAndCreateExecutionContext(AwsSyncClientHandler.java:67)
	at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.lambda$execute$1(BaseSyncClientHandler.java:76)
	at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.measureApiCallSuccess(BaseSyncClientHandler.java:182)
	at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.execute(BaseSyncClientHandler.java:74)
	at software.amazon.awssdk.core.client.handler.SdkSyncClientHandler.execute(SdkSyncClientHandler.java:45)
	at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.execute(AwsSyncClientHandler.java:53)
	at software.amazon.awssdk.services.sts.DefaultStsClient.assumeRoleWithWebIdentity(DefaultStsClient.java:772)
	at software.amazon.awssdk.services.sts.auth.StsAssumeRoleWithWebIdentityCredentialsProvider.getUpdatedCredentials(StsAssumeRoleWithWebIdentityCredentialsProvider.java:76)
	at software.amazon.awssdk.services.sts.auth.StsCredentialsProvider.updateSessionCredentials(StsCredentialsProvider.java:93)
	at software.amazon.awssdk.utils.cache.CachedSupplier.lambda$jitteredPrefetchValueSupplier$8(CachedSupplier.java:300)
	at software.amazon.awssdk.utils.cache.CachedSupplier$PrefetchStrategy.fetch(CachedSupplier.java:448)
	at software.amazon.awssdk.utils.cache.CachedSupplier.refreshCache(CachedSupplier.java:208)
	at software.amazon.awssdk.utils.cache.CachedSupplier.get(CachedSupplier.java:135)
	at software.amazon.awssdk.services.sts.auth.StsCredentialsProvider.resolveCredentials(StsCredentialsProvider.java:106)
	at software.amazon.awssdk.services.sts.auth.StsWebIdentityTokenFileCredentialsProvider.resolveCredentials(StsWebIdentityTokenFileCredentialsProvider.java:135)
	at software.amazon.awssdk.auth.credentials.AwsCredentialsProvider.resolveIdentity(AwsCredentialsProvider.java:54)
	at software.amazon.awssdk.services.glue.auth.scheme.internal.GlueAuthSchemeInterceptor.lambda$trySelectAuthScheme$4(GlueAuthSchemeInterceptor.java:132)
	at software.amazon.awssdk.core.internal.util.MetricUtils.reportDuration(MetricUtils.java:77)
	at software.amazon.awssdk.services.glue.auth.scheme.internal.GlueAuthSchemeInterceptor.trySelectAuthScheme(GlueAuthSchemeInterceptor.java:132)
	at software.amazon.awssdk.services.glue.auth.scheme.internal.GlueAuthSchemeInterceptor.selectAuthScheme(GlueAuthSchemeInterceptor.java:81)
	at software.amazon.awssdk.services.glue.auth.scheme.internal.GlueAuthSchemeInterceptor.beforeExecution(GlueAuthSchemeInterceptor.java:61)
	at software.amazon.awssdk.core.interceptor.ExecutionInterceptorChain.lambda$beforeExecution$1(ExecutionInterceptorChain.java:59)
	at java.base/java.util.ArrayList.forEach(ArrayList.java:1597)
	at software.amazon.awssdk.core.interceptor.ExecutionInterceptorChain.beforeExecution(ExecutionInterceptorChain.java:59)
	at software.amazon.awssdk.awscore.internal.AwsExecutionContextBuilder.runInitialInterceptors(AwsExecutionContextBuilder.java:241)
	at software.amazon.awssdk.awscore.internal.AwsExecutionContextBuilder.invokeInterceptorsAndCreateExecutionContext(AwsExecutionContextBuilder.java:132)
	at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.invokeInterceptorsAndCreateExecutionContext(AwsSyncClientHandler.java:67)
	at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.lambda$execute$1(BaseSyncClientHandler.java:76)
	at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.measureApiCallSuccess(BaseSyncClientHandler.java:182)
	at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.execute(BaseSyncClientHandler.java:74)
	at software.amazon.awssdk.core.client.handler.SdkSyncClientHandler.execute(SdkSyncClientHandler.java:45)
	at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.execute(AwsSyncClientHandler.java:53)
	at software.amazon.awssdk.services.glue.DefaultGlueClient.getTable(DefaultGlueClient.java:8349)
	at software.amazon.awssdk.services.glue.GlueClient.getTable(GlueClient.java:12812)
	at io.trino.plugin.hive.metastore.glue.GlueHiveMetastore.lambda$getTableInternal$22(GlueHiveMetastore.java:456)
	at io.trino.plugin.hive.metastore.glue.AwsApiCallStats.call(AwsApiCallStats.java:36)
	at io.trino.plugin.hive.metastore.glue.GlueHiveMetastore.getTableInternal(GlueHiveMetastore.java:456)
	at io.trino.plugin.hive.metastore.glue.GlueHiveMetastore.lambda$getTable$20(GlueHiveMetastore.java:450)
	at io.trino.plugin.hive.metastore.glue.InMemoryGlueCache$ValueHolder.getValue(InMemoryGlueCache.java:429)
	at io.trino.plugin.hive.metastore.glue.InMemoryGlueCache.getTable(InMemoryGlueCache.java:166)
	at io.trino.plugin.hive.metastore.glue.GlueHiveMetastore.getTable(GlueHiveMetastore.java:450)
	at io.trino.plugin.hive.metastore.tracing.TracingHiveMetastore.lambda$getTable$2(TracingHiveMetastore.java:101)
	at io.trino.plugin.hive.metastore.tracing.Tracing.withTracing(Tracing.java:39)
	at io.trino.plugin.hive.metastore.tracing.TracingHiveMetastore.getTable(TracingHiveMetastore.java:101)
	at io.trino.plugin.hive.metastore.cache.CachingHiveMetastore.loadTable(CachingHiveMetastore.java:436)
	at com.google.common.cache.CacheLoader$FunctionToCacheLoader.load(CacheLoader.java:169)
	at io.trino.cache.EvictableCache$TokenCacheLoader.load(EvictableCache.java:466)
	at io.trino.cache.EvictableCache$TokenCacheLoader.load(EvictableCache.java:452)
	at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3576)
	at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2318)
	at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2191)
	at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2081)
	at com.google.common.cache.LocalCache.get(LocalCache.java:4019)
	at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:4042)
	at com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:5024)
	at io.trino.cache.EvictableCache.get(EvictableCache.java:147)
	at com.google.common.cache.AbstractLoadingCache.getUnchecked(AbstractLoadingCache.java:53)
	at io.trino.plugin.hive.metastore.cache.CachingHiveMetastore.getOptional(CachingHiveMetastore.java:286)
	at io.trino.plugin.hive.metastore.cache.CachingHiveMetastore.getTable(CachingHiveMetastore.java:431)
	at io.trino.plugin.hive.HiveMetastoreClosure.getTable(HiveMetastoreClosure.java:89)
	at io.trino.plugin.hive.metastore.SemiTransactionalHiveMetastore.getTable(SemiTransactionalHiveMetastore.java:253)
	at io.trino.plugin.hive.HiveMetadata.getView(HiveMetadata.java:2887)
	at io.trino.plugin.base.classloader.ClassLoaderSafeConnectorMetadata.getView(ClassLoaderSafeConnectorMetadata.java:744)
	at io.trino.tracing.TracingConnectorMetadata.getView(TracingConnectorMetadata.java:888)
	at io.trino.metadata.MetadataManager.getViewInternal(MetadataManager.java:1562)
	at io.trino.metadata.MetadataManager.getView(MetadataManager.java:1500)
	at io.trino.tracing.TracingMetadata.getView(TracingMetadata.java:895)
	at io.trino.sql.analyzer.StatementAnalyzer$Visitor.visitTable(StatementAnalyzer.java:2290)
	at io.trino.sql.analyzer.StatementAnalyzer$Visitor.visitTable(StatementAnalyzer.java:520)
	at io.trino.sql.tree.Table.accept(Table.java:60)
	at io.trino.sql.tree.AstVisitor.process(AstVisitor.java:27)
	at io.trino.sql.analyzer.StatementAnalyzer$Visitor.process(StatementAnalyzer.java:539)
	at io.trino.sql.analyzer.StatementAnalyzer$Visitor.analyzeFrom(StatementAnalyzer.java:4893)
	at io.trino.sql.analyzer.StatementAnalyzer$Visitor.visitQuerySpecification(StatementAnalyzer.java:3087)
	at io.trino.sql.analyzer.StatementAnalyzer$Visitor.visitQuerySpecification(StatementAnalyzer.java:520)
	at io.trino.sql.tree.QuerySpecification.accept(QuerySpecification.java:155)
	at io.trino.sql.tree.AstVisitor.process(AstVisitor.java:27)
	at io.trino.sql.analyzer.StatementAnalyzer$Visitor.process(StatementAnalyzer.java:539)
	at io.trino.sql.analyzer.StatementAnalyzer$Visitor.process(StatementAnalyzer.java:547)
	at io.trino.sql.analyzer.StatementAnalyzer$Visitor.visitQuery(StatementAnalyzer.java:1568)
	at io.trino.sql.analyzer.StatementAnalyzer$Visitor.visitQuery(StatementAnalyzer.java:520)
	at io.trino.sql.tree.Query.accept(Query.java:118)
	at io.trino.sql.tree.AstVisitor.process(AstVisitor.java:27)
	at io.trino.sql.analyzer.StatementAnalyzer$Visitor.process(StatementAnalyzer.java:539)
	at io.trino.sql.analyzer.StatementAnalyzer.analyze(StatementAnalyzer.java:499)
	at io.trino.sql.analyzer.StatementAnalyzer.analyze(StatementAnalyzer.java:488)
	at io.trino.sql.analyzer.Analyzer.analyze(Analyzer.java:97)
	at io.trino.sql.analyzer.Analyzer.analyze(Analyzer.java:86)
	at io.trino.execution.SqlQueryExecution.analyze(SqlQueryExecution.java:285)
	at io.trino.execution.SqlQueryExecution.<init>(SqlQueryExecution.java:218)
	at io.trino.execution.SqlQueryExecution$SqlQueryExecutionFactory.createQueryExecution(SqlQueryExecution.java:884)
	at io.trino.dispatcher.LocalDispatchQueryFactory.lambda$createDispatchQuery$0(LocalDispatchQueryFactory.java:153)
	at io.trino.$gen.Trino_449_422_g6190641____20240710_013818_2.call(Unknown Source)
	at com.google.common.util.concurrent.TrustedListenableFutureTask$TrustedFutureInterruptibleTask.runInterruptibly(TrustedListenableFutureTask.java:131)
	at com.google.common.util.concurrent.InterruptibleTask.run(InterruptibleTask.java:76)
	at com.google.common.util.concurrent.TrustedListenableFutureTask.run(TrustedListenableFutureTask.java:82)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
	at java.base/java.lang.Thread.run(Thread.java:1570)

The stack trace indicates that the glue client is directly using the StsWebIdentityTokenFileCredentialsProvider and not the credential provider chain. Somewhere at the top of the stack trace, you also see stuff related to a credential provider chain, but that seems to coming from elsewhere - specifically the Glue execution interceptor that is added to the glue client automatically, I couldn't find a way to remove/disable it.

@rohanag12 rohanag12 force-pushed the hive-glue-metastore-web-identity-token-auth branch from 6a00627 to a48d6f3 Compare July 10, 2024 01:52
@rohanag12 rohanag12 requested a review from nineinchnick July 11, 2024 16:31
Copy link
Member

@nineinchnick nineinchnick left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, please also update docs to mention the new property.

@rohanag12 rohanag12 force-pushed the hive-glue-metastore-web-identity-token-auth branch from a48d6f3 to 956c8a4 Compare July 15, 2024 19:19
@github-actions github-actions bot added the docs label Jul 15, 2024
@rohanag12
Copy link
Contributor Author

LGTM, please also update docs to mention the new property.

Updated docs.

@rohanag12
Copy link
Contributor Author

@findepi could you please take a look and review/merge when you get a chance?

@nineinchnick
Copy link
Member

@ebyhr can you run tests with secrets?

@ebyhr
Copy link
Member

ebyhr commented Jul 16, 2024

/test-with-secrets sha=956c8a4ae8cb5c6f6f0ed962094e42fe3bc34cff

Copy link

github-actions bot commented Jul 16, 2024

The CI workflow run with tests that require additional secrets finished as failure: https://github.com/trinodb/trino/actions/runs/9952007596

@rohanag12
Copy link
Contributor Author

Is there something I need to do to fix the test failure? I don't really understand why it's failing.

@nineinchnick
Copy link
Member

It might be an intermittent failure. Maybe someone with write access could retry that single job.

@rohanag12
Copy link
Contributor Author

@ebyhr can you please trigger test with secrets again (or merge if it looks good 😄)

…dentialsProvider

Allow users to only use the StsWebIdentityTokenFileCredentialsProvider instead of
the default credentials provider chain for Glue v2.
@rohanag12 rohanag12 force-pushed the hive-glue-metastore-web-identity-token-auth branch from 956c8a4 to 4c72db1 Compare July 18, 2024 01:20
@ebyhr ebyhr merged commit 70d172d into trinodb:master Jul 18, 2024
58 of 60 checks passed
@github-actions github-actions bot added this to the 453 milestone Jul 18, 2024
@rohanag12 rohanag12 deleted the hive-glue-metastore-web-identity-token-auth branch July 18, 2024 17:30
@kar0t
Copy link

kar0t commented Sep 21, 2024

Hi ALL. The option is only for Hive Connector? Can't set hive.metastore.glue.use-web-identity-token-credentials-provider in Iceberg catalog (Version 458)

releated discussion on slack: https://trinodb.slack.com/archives/CGB0QHWSW/p1724690300929519

@kar0t
Copy link

kar0t commented Sep 21, 2024

For someone who want to set Glue's AWS WebIdentity Credential for Hive, Iceberg Connectors

Glue (Recent) Module Config

hive.metastore.glue.use-web-identity-token-credentials-provider # use for hive, Trino 458

Glue V1 (Legacy) Module Config

hive.metastore.glue.aws-credentials-provider # use for iceberg, Trino 458

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

Successfully merging this pull request may close these issues.

Trino intermittently fails to pick up IRSA
5 participants