Fix wrong role create db#285 #286
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
PR in close collaboration with @nicor88 :) |
nicor88
reviewed
Nov 20, 2023
dbt/adapters/glue/impl.py
Outdated
| @@ -78,21 +78,18 @@ def convert_datetime_type(cls, agate_table, col_idx): | |||
| def get_connection(self): | |||
There was a problem hiding this comment.
as written in slack the issue in the current implementation is that session is not used in case of use_interactive_session_role_for_api_calls. You can consider to use something like this:
def get_connection(self):
connection: GlueConnectionManager = self.connections.get_thread_connection()
glueSession: GlueConnection = connection.handle
if glueSession.credentials.role_arn is not None:
if glueSession.credentials.use_interactive_session_role_for_api_calls is True:
sts_client = boto3.client('sts')
assumed_role_object = sts_client.assume_role(
RoleArn=glueSession.credentials.role_arn,
RoleSessionName="dbt"
)
credentials = assumed_role_object['Credentials']
session = boto3.Session(
aws_access_key_id=credentials['AccessKeyId'],
aws_secret_access_key=credentials['SecretAccessKey'],
aws_session_token=credentials['SessionToken']
)
glue_client = boto3.client("glue", region_name=glueSession.credentials.region,
aws_access_key_id=credentials['AccessKeyId'],
aws_secret_access_key=credentials['SecretAccessKey'],
aws_session_token=credentials['SessionToken'])
return glueSession, glue_client
glue_client = boto3.client("glue", region_name=glueSession.credentials.region)
return glueSession, glue_client
to keep supporting use_interactive_session_role_for_api_calls parameter
There was a problem hiding this comment.
Can you pass use_interactive_session_role_for_api_calls in the profiles.yml ? Shouldn't it be default to True instead of False ?
There was a problem hiding this comment.
Yes can be put in the profiles as it's pick from credentials.
Imho I will make default to True, as imply that the user maintains only one role
menuetb
approved these changes
Dec 14, 2023
aajisaka
added a commit
to aajisaka/dbt-glue
that referenced
this pull request
Jan 23, 2024
This reverts commit 1416de8.
4 tasks
aajisaka
added a commit
to aajisaka/dbt-glue
that referenced
this pull request
Jan 23, 2024
This reverts commit 1416de8.
aajisaka
added a commit
to aajisaka/dbt-glue
that referenced
this pull request
Jan 23, 2024
This reverts commit 1416de8.
4 tasks
moomindani
pushed a commit
that referenced
this pull request
Jan 24, 2024
* Revert "Bump black from 23.11.0 to 23.12.0 (#303)" This reverts commit ee2aa88. * Revert "Update versions" This reverts commit f6a377e. * Revert "Adds minimal model contract enforcement for glue adapter (#297)" This reverts commit 4192346. * Revert "Fix wrong role create db#285 (#286)" This reverts commit 1416de8. * Revert "Glue session: enable users to fix their glue_session_id name and re-use it (#301)" This reverts commit d2d31f1. * Revert "Revert "Update versions"" This reverts commit 2b5e656. * Revert "Revert "Bump black from 23.11.0 to 23.12.0 (#303)"" This reverts commit 9a2b094. * Update CHANGELOG
moomindani
added a commit
to moomindani/dbt-glue
that referenced
this pull request
Jan 24, 2024
…ive_session_role_for_api_calls
Merged
4 tasks
moomindani
added a commit
that referenced
this pull request
Jan 24, 2024
…_role_for_api_calls (#320)
4 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
resolves #285
Description
The CreateDabase operation is performed with the caller role. We want it to be performed by the glue session role_arn provided in profiles.yml.
Checklist
CHANGELOG.mdand added information about my change to the "dbt-glue next" section.By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.