Presto and AWS Lake Formation Integration

[imjalpreet]

This issue will track all the issues and PRs for adding the support for AWS Lake Formation in Presto.

As I mentioned at last month's TSC meeting, I am sharing the detailed design for this implementation
https://docs.google.com/document/d/1fEdENgeY2pzdehQdNDULpRn0p7-0Mklj3twQCuzi15E/edit?usp=sharing

Below are some of the major components that are going to be introduced or modified as part of this integration:

• Introduction of AWS Security Mapping in Presto: Introduce AWS Security Mapping #21622
• Extend support of Metastore Impersonation when using Glue Metastore in Presto
• Add support for metadata restriction in Presto: Add support for authorization for SHOW COLUMNS, DESCRIBE and SHOW CREATE TABLE/VIEW queries
• Add new hive security module for Lake Formation: Implement ConnectorAccessControl for Lake Formation
• Implement custom DynamicConfigurationProvider for AWS Lake Formation
• Add support for allowing filtering of unauthorized columns from SELECT * queries

[imjalpreet]

Please feel free to comment in case you have any questions or suggestions on the design.

[imjalpreet]

One of the dependencies for adding Row Filtering Support via AWS Lake Formation is adding SPI support for Row Filtering in Presto #16955 #20572

[elharo]

The detailed design is very good. Thanks. Can/should this be ported to an RFC so it's in the git repo and doesn't rely on google docs accounts that might go away?

[imjalpreet]

Can/should this be ported to an RFC so it's in the git repo and doesn't rely on google docs accounts that might go away?

I don't mind porting it to a RFC if needed. Please let me know how we want to move forward.

[tdcmeehan]

Let's translate it into an RFC and we can merge it quickly. IMO we've already aligned on this (prior to RFCs existing) and it's more about documenting it for posterity.

[imjalpreet]

@elharo @tdcmeehan I have raised the PR prestodb/rfcs#17.