Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix athena database read #18141

Closed
wants to merge 1 commit into from
Closed

Fix athena database read #18141

wants to merge 1 commit into from

Conversation

harsimranmaan
Copy link
Contributor

The current athena database implements a query on read. This means that the terraform plan needs
the permission to execute queries against athena as well as permission to write to the
s3 bucket where the execution results are stored. This makes it hard to run plan in an
environment where we don't want it to modify any aws resources. The StartQueryExecution
also does not have a way to restrict the queries. This means that it is possible to use
the permissions set up for a terraform plan to run any queries against athena.

The fix here is to read the database name from the AwsDataCatalog. In the future, this can
be extended to include other catalogs as the support for creating athena catalogs is added to
the provider

Community Note

  • Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request

Relates OR Closes #0000

Output from acceptance testing:

$ make testacc TESTARGS='-run=TestAccXXX'

...

@harsimranmaan harsimranmaan requested a review from a team as a code owner March 17, 2021 19:24
@ghost ghost added size/XS Managed by automation to categorize the size of a PR. service/athena Issues and PRs that pertain to the athena service. labels Mar 17, 2021
@github-actions github-actions bot added the needs-triage Waiting for first response or review from a maintainer. label Mar 17, 2021
github-actions[bot]
github-actions bot reviewed Mar 17, 2021
View reviewed changes
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Welcome @harsimranmaan 👋

It looks like this is your first Pull Request submission to the Terraform AWS Provider! If you haven’t already done so please make sure you have checked out our CONTRIBUTING guide and FAQ to make sure your contribution is adhering to best practice and has all the necessary elements in place for a successful approval.

Also take a look at our FAQ which details how we prioritize Pull Requests for inclusion.

Thanks again, and welcome to the community! 😃

@harsimranmaan
Fix athena db reader
55d4d26 
The current athena database implements a query on read. This means that the terraform plan needs
the permission to execute queries against athena as well as permission to write to the
s3 bucket where the execution results are stored. This makes it hard to run plan in an
environment where we don't want it to modify any aws resources. The StartQueryExecution
also does not have a way to restrict the queries. This means that it is possible to use
the permissions set up for a terraform plan to run any queries against athena.

The fix here is to read the database name from the AwsDataCatalog. In the future, this can
be extended to include other catalogs as the support for creating athena catalogs is added to
the provider
@ghost ghost added size/S Managed by automation to categorize the size of a PR. and removed size/XS Managed by automation to categorize the size of a PR. labels Mar 19, 2021
@harsimranmaan
Copy link
Contributor Author

Hi @bflad, Can you take a look when you get a chance. Thanks

@splkforrest splkforrest mentioned this pull request Apr 23, 2021
Closed
@ewbankkit ewbankkit removed the needs-triage Waiting for first response or review from a maintainer. label Aug 28, 2021
@ewbankkit
Copy link
Contributor

Replaced by #19765.

@ewbankkit ewbankkit closed this Aug 28, 2021
@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 24, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@github-actions GitHub Actions GitHub Actions left review comments

Assignees
No one assigned
Labels
service/athena Issues and PRs that pertain to the athena service. size/S Managed by automation to categorize the size of a PR.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@harsimranmaan @ewbankkit