Impersonation in Managed Service for Trino
Impersonation in Managed Service for Trino is when an Trino cluster performs actions with user resources on behalf of a service account.
By default, an Trino cluster does not have permissions to access user resources. To provide access to such resources, create a service account with the required roles and link it to the Trino cluster when creating or updating the cluster. With that done, the coordinator and workers will be able to authenticate as this service account. For example, Hive, Iceberg, and Delta Lake connectors authenticate in Object Storage as the cluster service account.
Impersonation enables an Trino cluster to support integration with other Yandex Cloud services. These include Yandex Cloud Logging, Yandex Monitoring, and Yandex Connection Manager.
For a cluster to be able to interface with the services, assign the managed-trino.integrationProvider role to its service account. The role will allow the cluster to write logs to Cloud Logging or send metrics to Monitoring. To use connections from Connection Manager and their secrets, assign the additional connection-manager.user and lockbox.payloadViewer roles to the cluster service account.
Services available for integration
Connection Manager
Connection Manager is a service for managing parameters of connections to user database installations and secure password storage. If a Managed Service for Trino cluster folder indicates Connection Manager as connection type, the cluster service account gets connection parameters, such as network addresses, ports, encrypted username and password, by its ID in Connection Manager.
Cloud Logging
Cloud Logging stores and reads logs collected by Yandex Cloud services. If logging is enabled in a Managed Service for Trino cluster, the cluster logs will be saved to the default log group of the selected folder or to the custom log group in Cloud Logging.
You can enable logging when creating or updating a cluster.
Monitoring
Monitoring enables collecting and storing the metrics of Yandex Cloud services. Metrics are displayed as charts on the cluster page under Monitoring. They show the current state and health of the cluster. Metrics are available by default in all Managed Service for Trino clusters. For a list of available metrics, see the relevant reference.