jramonrod opened a new issue, #13758: URL: https://github.com/apache/iceberg/issues/13758
### Apache Iceberg version None ### Query engine None ### Please describe the bug 🐞 Greetings, # Problem I noticed that when we enabled the `iceberg.tables.auto-create-enabled` configuration that we were failing to create tables automatically, even when the Database exists already. I noticed in this part of the code there is an explicit catching and ignoring of `AlreadyExistsException` and `ForbiddenException` to check if the database already exists. https://github.com/apache/iceberg/blob/main/kafka-connect/kafka-connect/src/main/java/org/apache/iceberg/connect/data/IcebergWriterFactory.java Now, we are on aws and when we are missing the CreateDatabase permission using Glue, we get this error ``` Caused by: software.amazon.awssdk.services.glue.model.AccessDeniedException: User: XXXXX is not authorized to perform: glue:CreateDatabase on resource: XXXXXX because no identity-based policy allows the glue:CreateDatabase action (Service: Glue, Status Code: 400, Request ID: XXXX) ``` And this does not extend the `ForbiddenException`. https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/glue/model/AccessDeniedException.html # Expectation I would expect this access denied permission to also be a type of forbidden exception, even though it's wrapped around a 400 error instead of 403. # Proposal/Solution I would propose catching also AccessDeniedExceptions in this block. As our current workaround, for permission reasons, is to disable the flag altogether and create the tables manually. ### Willingness to contribute - [x] I can contribute a fix for this bug independently - [x] I would be willing to contribute a fix for this bug with guidance from the Iceberg community - [ ] I cannot contribute a fix for this bug at this time -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
