{"id":13788068,"url":"https://github.com/stackabletech/trino-opa-authorizer","last_synced_at":"2025-05-12T02:32:51.065Z","repository":{"id":39599056,"uuid":"414633085","full_name":"stackabletech/trino-opa-authorizer","owner":"stackabletech","description":null,"archived":true,"fork":false,"pushed_at":"2024-01-31T08:32:15.000Z","size":51,"stargazers_count":13,"open_issues_count":3,"forks_count":4,"subscribers_count":7,"default_branch":"main","last_synced_at":"2025-02-21T07:02:15.076Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/stackabletech.png","metadata":{"files":{"readme":"README.adoc","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-10-07T14:24:51.000Z","updated_at":"2024-01-31T08:32:46.000Z","dependencies_parsed_at":"2024-08-03T21:01:45.394Z","dependency_job_id":"bc7139da-83f0-4b83-a8c0-33e60050903e","html_url":"https://github.com/stackabletech/trino-opa-authorizer","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stackabletech%2Ftrino-opa-authorizer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stackabletech%2Ftrino-opa-authorizer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stackabletech%2Ftrino-opa-authorizer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stackabletech%2Ftrino-opa-authorizer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/stackabletech","download_url":"https://codeload.github.com/stackabletech/trino-opa-authorizer/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253662755,"owners_count":21944125,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-03T21:00:35.991Z","updated_at":"2025-05-12T02:32:50.799Z","avatar_url":"https://github.com/stackabletech.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"= trino-opa-authorizer\n\nIMPORTANT: This repository has been archived and is not being maintained any more.\nDevelopment of this authorizer has been moved into the Trino project itself:\nhttps://github.com/trinodb/trino/pull/19532\n\n== Usage\n\n\n=== OPA\n\nCurrently expects that Open Policy Agent is listening on http://localhost:8181. Run `opa run --log-level debug --server example.rego` in the repo folder to test an initial example.\n\n=== Trino plugin\n\nAssuming that you already have a Trino server set up.\n\n1. Run `mvn package`\n2. Copy (or symlink) `target/out` to `$TRINO_DIR/plugins/trino-opa-authorizer`\n3. Copy (or symlink) `access-control.properties` to `$TRINO_DIR/etc/access-control.properties`\n4. Start Trino\n\n=== Tests\n\nThe tests assume that OPA is available on your path as `opa`, and can then be executed by running `mvn test`.\n\n=== Example\n\nThe example `example.rego` allows the `admin` user to do everything. User `bob` is limited to run queries and access catalogs.\n\n----\ninclude::example.rego[]\n----\n\nThis can be tested via the Trino CLI for the `admin` user:\n----\n./trino-cli-403-executable.jar --server http://localhost:8080 --user=admin\n----\nand for the user `bob`:\n----\n./trino-cli-403-executable.jar --server http://localhost:8080 --user=bob\n----\n\nWhen logged in as `bob` you should be able to run:\n----\ntrino\u003e SHOW CATALOGS;\n Catalog\n---------\n system\n(1 row)\n\nQuery 20220419_161711_00047_bu682, FINISHED, 1 node\nSplits: 1 total, 1 done (100.00%)\n0.22 [0 rows, 0B] [0 rows/s, 0B/s]\n\n----\nbut should get an `Access Denied` failure when e.g. showing schemas:\n----\ntrino\u003e SHOW SCHEMAS From system;\nQuery 20220419_161650_00046_bu682 failed: Access Denied: Cannot show schemas\n----\n\n=== Building\nTo build the maven project invoke\n\n```\nmvn clean package\n```\n\nAfterwards you find the produced binaries in `/home/sbernauer/stackabletech/trino-opa-authorizer/target/out/`, especially out of interest is\n```\n-rw-rw-r-- 1 sbernauer sbernauer 33K Sep 15 09:53 /home/sbernauer/stackabletech/trino-opa-authorizer/target/out/trino-opa-authorizer-403-stackable0.1.0.jar\n```\nThe small size is normal.\nWe have to bundle all the produced jars to put them into a Trino setup.\nTo achieve this run\n\n```\nln -s target/out/ trino-opa-authorizer\n```\n\nand (you need to replace your version!)\n\n```\ntar -czvf trino-opa-authorizer-403-stackable0.1.0.tar.gz ./trino-opa-authorizer/*\n```\n\nResulting file size should be in the neighborhood of 80 MB:\n```\n$ ls -lah trino-opa-authorizer-*.gz\n-rw-rw-r-- 1 sbernauer sbernauer 86M Sep 15 09:58 trino-opa-authorizer-403-stackable0.1.0.tar.gz\n```\n\n=== Releasing\nReleasing here is done by uploading the `trino-opa-authorizer-*-stackable0.1.0.tar.gz` into Nexus.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstackabletech%2Ftrino-opa-authorizer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstackabletech%2Ftrino-opa-authorizer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstackabletech%2Ftrino-opa-authorizer/lists"}