Skip to content

Enable Dynamic Trino

Audience: System Administrators

Content Summary: This page details how to install the Native Dynamic Trino (previously PrestoSQL) access pattern. Native Trino is only available with certain licenses, please see your Immuta representative for more information. Native Dynamic Trino in Immuta is only compatible with Trino (previously PrestoSQL); PrestoDB is not supported.

1 - Enable Native Trino

  1. Click the App Settings icon in the left sidebar.
  2. Click Enable in the Presto/Trino SQL Integration section.

    Dynamic Trino Enable

  3. Click Save.

The catalog configuration displayed in this section will need to be written out on all Trino nodes (/etc/trino/config/catalog/immuta.properties).

2 - Install Dynamic Trino Plugin

Best Practice: Immuta Archives Access Required

A user with access to Immuta's Archives site is required to conduct the download in this step. Credentials to access the site can be obtained by visiting the Immuta Download Site and logging in with your Immuta Accounts credentials. At the very bottom of the page is an All Archives section with a here link that will take you directly to the archives site with your account credentials already applied.

  1. Download the Trino plugin (immuta-trino.zip) from Immuta's Archives site. Select a tab below for links to specific plugin files:

    PrestoSQL Plugin

    If you use PrestoSQL, download this plugin: Immuta v2021.1.x

    Trino Plugin

    If you use Trino, download the plugin that corresponds to the version of Immuta you have installed:

  2. Follow Trino's documentation to install the plugin:

    • Create this directory: /usr/lib/trino/plugin/immuta.
    • Upload immuta-trino.zip to the directory.
  3. Install the Immuta Trino plugin on all Trino nodes within your cluster.

3 - Create an Immuta Catalog

  1. Follow Trino's documentation to create this catalog directory: /etc/trino/config/catalog.

  2. To configure the Immuta connector, mount the Immuta connector as the Immuta catalog: Create an immuta.properties file with the following contents, replacing the connection properties with your Trino Cluster Configuration displayed on the App Settings page:

    connector.name=immuta
    immuta.endpoint=https://your-immuta-url.com/
    immuta.apikey=<your-api-key>
    

Best Practice: Trino Database Structure

The top level is set based on the name of the catalog properties files in the /etc/trino/catalog directory. Use the name immuta.properties for this file, which will result in a Trino catalog named “immuta.”

4 - Configure Event Listener on Your Cluster

  1. Create an event-listener.properties file in this directory: /etc/trino/. For more details, see Trino's Event Listener documentation.
  2. Copy the Event Listener Configuration items from the App Settings page and paste it in the event-listener.properties file:

    Dynamic Trino Event Listener

5 - Configure Trino to Block Access

Best Practice: Give Users read-only Access to Immuta Catalog

Give users read-only access to the Immuta catalog. This will prevent users from describing the views, which in turn prevents them from seeing secrets involved in some masking policies.

Follow Trino's System Access Control documentation to configure Trino to block access to any catalog that is not Immuta so that all user access has policies enacted on it.