Deleting access rules in Managed Service for Trino

If you do not have the Yandex Cloud CLI yet, install and initialize it.

The folder used by default is the one specified when creating the CLI profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id options.

1. Open the access_control.yaml file and remove the description of the rule you want to delete.

2. Run this command:

   yc managed-trino cluster set-access-control <cluster_name_or_ID> \
     --from-file access_control.yaml
   

   You can get the cluster ID and name with the list of clusters in the folder.

1. Open the current Terraform configuration file describing your infrastructure.

   To learn how to create this file, see Creating a cluster.

2. Delete the rule from the yandex_trino_access_control resource description.

3. Make sure the settings are correct.

   1. In the command line, navigate to the directory that contains the current Terraform configuration files defining the infrastructure.

   2. Run this command:

      terraform validate
      

      Terraform will show any errors found in your configuration files.

4. Confirm updating the resources.

   1. Run this command to view the planned changes:

      terraform plan
      

      If you described the configuration correctly, the terminal will display a list of the resources to update and their parameters. This is a verification step that does not apply changes to your resources.

   2. If everything looks correct, apply the changes:

      1. Run this command:

         terraform apply
         

      2. Confirm updating the resources.

      3. Wait for the operation to complete.

For more information, see this Terraform provider guide.

1. Get an IAM token for API authentication and place it in an environment variable:

   export IAM_TOKEN="<IAM_token>"
   

2. Clone the cloudapi repository:

   cd ~/ && git clone --depth=1 https://github.com/yandex-cloud/cloudapi
   

   Below, we assume that the repository contents reside in the ~/cloudapi/ directory.

3. Open the existing body.json rule file and delete the rule.

4. Call the ClusterService.Update method, e.g., via the following gRPCurl request:

   grpcurl \
     -format json \
     -import-path ~/cloudapi/ \
     -import-path ~/cloudapi/third_party/googleapis/ \
     -proto ~/cloudapi/yandex/cloud/trino/v1/cluster_service.proto \
     -rpc-header "Authorization: Bearer $IAM_TOKEN" \
     -d @ \
     trino.api.cloud.yandex.net:443 \
     yandex.cloud.trino.v1.ClusterService.Update \
     < body.json
   

5. Check the server response to make sure your request was successful.

1. Open the current Terraform configuration file describing your infrastructure.

   To learn how to create this file, see Creating a cluster.

2. Delete the yandex_trino_access_control resource from the configuration file.

3. Make sure the settings are correct.

   1. In the command line, navigate to the directory that contains the current Terraform configuration files defining the infrastructure.

   2. Run this command:

      terraform validate
      

      Terraform will show any errors found in your configuration files.

4. Confirm updating the resources.

   1. Run this command to view the planned changes:

      terraform plan
      

      If you described the configuration correctly, the terminal will display a list of the resources to update and their parameters. This is a verification step that does not apply changes to your resources.

   2. If everything looks correct, apply the changes:

      1. Run this command:

         terraform apply
         

      2. Confirm updating the resources.

      3. Wait for the operation to complete.

For more information, see this Terraform provider guide.

1. Get an IAM token for API authentication and put it in an environment variable:

   export IAM_TOKEN="<IAM_token>"
   

2. Clone the cloudapi repository:

   cd ~/ && git clone --depth=1 https://github.com/yandex-cloud/cloudapi
   

   Below, we assume that the repository contents reside in the ~/cloudapi/ directory.

3. Create a file named body.json and paste the following code into it:

   {
     "cluster_id": "<cluster_ID>",
     "update_mask": {
       "paths": [
         "trino.access_control"
       ]
     },
     "trino": {
         "access_control": {}
     }
   }
   

   Where:

   • cluster_id: Cluster ID.

     You can get the cluster ID with the list of clusters in the folder.

   • update_mask: List of parameters to update as an array of strings (paths[]).

     Format for listing settings

     "update_mask": {
       "paths": [
         "<setting_1>",
         "<setting_2>",
         ...
         "<setting_N>"
       ]
     }
     

     Warning

     When you update a cluster, all parameters of the object you are modifying will take their defaults unless explicitly provided in the request. To avoid this, list the settings you want to change in the update_mask parameter.

   • access_control: Access rule configuration in the cluster.

4. Call the ClusterService.Update method, e.g., via the following gRPCurl request:

   grpcurl \
     -format json \
     -import-path ~/cloudapi/ \
     -import-path ~/cloudapi/third_party/googleapis/ \
     -proto ~/cloudapi/yandex/cloud/trino/v1/cluster_service.proto \
     -rpc-header "Authorization: Bearer $IAM_TOKEN" \
     -d @ \
     trino.api.cloud.yandex.net:443 \
     yandex.cloud.trino.v1.ClusterService.Update \
     < body.json
   

5. Check the server response to make sure your request was successful.