Write a RegoRule set for Trino (Sebastian already wrote something)

[fhennig]

Useful links

• The Trino OPA authorizer PR - Find more info about the input the authorizer provides. There are two examples of input in the README.
• A Rego ruleset by Sebastian - This can be used as a starting point

Tasks

Beta Give feedback

1. Create a ruleset with RegoRules for Trino, for a usage scenario. This should be done in pure Rego and commited into the operator repository. Tests should be used to simulate authorizer requests.
2. document findings about how the model works, what its quirks are etc. in the knowledge base: https://app.nuclino.com/Stackable/Engineering/Authorization-Mechanisms-across-platform-products-210a0804-4f2c-44de-afa8-5be65553967d

Acceptance criteria

• There is a branch in the operator repository with the ruleset and tests that simulate the authorizer requests
• There is a knowledge base article about how the Trino OPA authorizer works and what its authorization model is. The article should also show some edge case operations like renaming a table that requires two resource permissions (source and target)

[soenkeliebau]

When someone picks this up please reach out to me, we have a friendly customer who'd be intersted in providing feedback/being part of the design process for this.

[siegfriedweber]

The Rego rules are implemented in stackabletech/trino-operator#559. The description of the pull request contains the information, how these rules can be used. The integration of the rules into the operator and the documentation will be done in part 2 and 3 of #499.