John Zielke

12/06/2022, 3:57 PM
Hi, I am using lakefs together with DynamoDb. I want to create the dynamoDB table using terraform (or any other IaC [Infrastructure as Code] tool), so I have full control over the tags, parameters etc. But it seems that lakefs when starting tries to directly create a new table. If it finds one, it will catch this as an error, check if the error is that the resource already exists, and then use it. To force the use of IaS I would like to run lakefs without the CreateTable, DeleteTable and UpdateTable permissions). This unfortunately does not work with this setup. Is this intended? If IaC should be supported, it would be nice to do the following: • Check for existence of the table using DescribeTable or the appropriate command for that and check that it conforms with the keys and other required configured properties for lakefs • Document the settings lakefs needs for the table in the docs, so they can be easily found when configuring IaC. Apart from enforcing IaC, this could also be relevant if it's IT policy to not give these CreateTable permissions to teams that deploy Lakefs on their systems.
👀 1

Adi Polak

12/06/2022, 4:38 PM
Hi John. This is a great suggestion! Thanks for putting it together. as far as I know ( and I might be completely off here), you are able to grant permissions to an existing table following this doc. If this doesn't work well, would you be able to open an issue related to the docs/functionality? happy to do that for you, yet I will need more information like- the exception, of what you are trying to achieve and any related information that can assist in creating the solution for you.
hi @John Zielke, @Isan Rivkin created this issue following your great suggestion. Your vote will be highly appreciated and help us prioritize it!
:dancing_lakefs: 1

Isan Rivkin

12/18/2022, 10:12 AM
Hi @John Zielke your suggestion has been merged and will be available in the next release. (FYI @Adi Polak)
:mario_luigi_dance: 1

John Zielke

12/22/2022, 8:14 AM
That's great to see, thank you very much!