You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When we execute dbt docs generate on sources that are located in different schemas - we should be able to access them from the different schemas with no permission issue.
Actual behavior
Filing this on behalf of the dbt team - for a customer who is reporting of the error. To add more context, customer has their datalake in AWS and they use a Trino server to connect to the S3 buckets with the hive connector(glue) for reading and the glacier connector (also glue) for writing.
Executing dbt docs generate on sources located in different schemas, produces an error that seems to suggest that we are not allowed to access the tables.
However, when we run dbt docs generate separately based on the sources from the same schema - everything works as expected.
Steps To Reproduce
in dbt Cloud IDE
Run dbt docs generate on sources that are all in 1 schema -> there should be no error
Run dbt docs generate on sources that are in more than 1 schema -> the error will show up
Run dbt docs generate just on that individual source that was added in second step -> there should be no error
Looking into the logs, we can see the difference is in the where clause of the SQL statement that is being sent to Trino.
Example:
First scenario - I run it leaving only references to dbt_foo:
[16777216] Queryfailed (#20240409_040702_00007_egzve): Error listing tables for catalog awsdatacatalog: User: arn:aws:sts::686806083451:assumed-role/oftcloudcheck_quality_role/i-0d805c3bcb8fd3aa3 is not authorized to perform: glue:GetTable on resource: arn:aws:glue:us-east-1:419887539293:catalog because no resource-based policy allows the glue:GetTable action (Service: AWSGlue; Status Code: 400; Error Code: AccessDeniedException; Request ID: 240601db-f2a4-489b-951f-a9ae4ecc8321; Proxy: null) com.amazonaws.services.glue.model.AccessDeniedException: User: arn:aws:sts::686806083451:assumed-role/oftcloudcheck_quality_role/i-0d805c3bcb8fd3aa3 is not authorized to perform: glue:GetTable on resource: arn:aws:glue:us-east-1:419887539293:catalog because no resource-based policy allows the glue:GetTable action (Service: AWSGlue; Status Code: 400; Error Code: AccessDeniedException; Request ID: 240601db-f2a4-489b-951f-a9ae4ecc8321; Proxy: null)
Last scenario - I query the added mention specifically to dbt_bar the query runs OK:
Could you provide the exact dbt-trino version that you use? If possible, please provide the output of the dbt debug command; it will give us all the basic information.
Expected behavior
When we execute
dbt docs generate
on sources that are located in different schemas - we should be able to access them from the different schemas with no permission issue.Actual behavior
Filing this on behalf of the dbt team - for a customer who is reporting of the error.
To add more context, customer has their datalake in AWS and they use a Trino server to connect to the S3 buckets with the hive connector(glue) for reading and the glacier connector (also glue) for writing.
Executing
dbt docs generate
on sources located in different schemas, produces an error that seems to suggest that we are not allowed to access the tables.However, when we run
dbt docs generate
separately based on the sources from the same schema - everything works as expected.Steps To Reproduce
in dbt Cloud IDE
dbt docs generate
on sources that are all in 1 schema -> there should be no errordbt docs generate
on sources that are in more than 1 schema -> the error will show updbt docs generate
just on that individual source that was added in second step -> there should be no errorLooking into the logs, we can see the difference is in the
where
clause of the SQL statement that is being sent to Trino.Example:
First scenario - I run it leaving only references to
dbt_foo
:The query runs without a problem.
Second scenario - if we include just one mention to a different schema (
dbt_bar
,table_5
) the error appears:Error message
Last scenario - I query the added mention specifically to
dbt_bar
the query runs OK:If it was indeed a permission error, querying to
dbt_bar
would produce the same error.We tested querying both schemas with a
union
:This worked as expected.
Log output/Screenshots
No response
Operating System
Ubuntu 22.04.3 LTS
dbt version
1.7
Trino Server version
441
Python version
Python 3.10.12
Are you willing to submit PR?
The text was updated successfully, but these errors were encountered: