Is your feature request related to a problem? Please describe.
We maintain tight IAM permissions around Athena, and we'd like to avoid List kind of permissions that would expose other workgroups and databases to the role. We have multiple databases that are accessed independently, there is no reason one should 'see' the other.
Describe the solution you'd like
Allow entering custom values for database and workgroup. We know the values, but the current UI requires that the values come from the API call.
Describe alternatives you've considered
Our workaround is to grant athena:ListWorkGroups and glue:GetDatabases temporarily, only to create the datasource and then revoke that policy.
Additional context
The change might be as simple as setting allowCustomValue [1] on ConfigSelects [2] for Workgroup and Database
1: https://github.com/grafana/grafana-aws-sdk-react/blob/main/src/sql/ConfigEditor/ConfigSelect.tsx#L20
2: https://github.com/grafana/athena-datasource/blob/main/src/ConfigEditor.tsx#L138
Is your feature request related to a problem? Please describe.
We maintain tight IAM permissions around Athena, and we'd like to avoid
Listkind of permissions that would expose other workgroups and databases to the role. We have multiple databases that are accessed independently, there is no reason one should 'see' the other.Describe the solution you'd like
Allow entering custom values for database and workgroup. We know the values, but the current UI requires that the values come from the API call.
Describe alternatives you've considered
Our workaround is to grant
athena:ListWorkGroupsandglue:GetDatabasestemporarily, only to create the datasource and then revoke that policy.Additional context
The change might be as simple as setting
allowCustomValue[1] onConfigSelects [2] for Workgroup and Database1: https://github.com/grafana/grafana-aws-sdk-react/blob/main/src/sql/ConfigEditor/ConfigSelect.tsx#L20
2: https://github.com/grafana/athena-datasource/blob/main/src/ConfigEditor.tsx#L138