It's a bit late, but I'm not clear here what you're trying to do? Datomic Analytics (as of today) still runs presto 348, which is a pre-trino version.

ok, the same config should work there… trino is just a name change

I’m trying to expose an analytics endpoint via load balancer to our customer, and need to configure options for the connector

the datomic-cli analytics sync seems to only copy the catalog and metaschema and doesn’t have a way to do other config changes for presto/trino

Trust me, it's more than just a name change 🙂 Is "our customer" a 3rd party? What options exactly are you trying to configure for the connector?

the username/password authentication and tls proxy config

customer is 3rd party

How many databases will your system have?

2 that need analytics access

I'm going to have to sleep on this one.

Let's reconnect tomorrow?

sure, I think we will try just ssh’ing and modifying the config.properties in our dev test environment and see that happens

Something more useful for me would be a sample configuration / project showing that you can expose a secure presto/trino server with the config you need to your customer, taking datomic cloud out of the picture entirely (just for the sample project).

I'm sure ssh'ing will get it to work once, but it will probably not continue to work upon access gateway restart.

added 2 lines to /opt/presto-config/config.properties.template

http-server.authentication.type=PASSWORD
http-server.process-forwarded=true

Try typehinting that first, it may not be able to find the right method without it.

@U06FTAZV3 I have a ^long and a ^double hint in my query, and I'm seeing the same exception.

paste it again with these new hints?

Can't type hint a primitive local… I thought that might be a problem.

Show me the query with the hints

'[:find (sum ?va)
  :with ?e
  :where
  [?e :transfer/amount ?v]
  [(.doubleValue ?v) ?vd]
  [(Math/abs ^double ?vd) ?va]]

I get a result when I ditch the use of Math/abs and sum the ?vd.

Can you show that query as well

'[:find (sum ?vd)
  :with ?e
  :where
  [?e :transfer/amount ?v]
  [(.doubleValue ?v) ?vd]]

That gives me back a negative double.

clj-kondo is warning me about reflection. That's a great library!

Now go for the minimal repro.

'[:find ?va
  :where
  [(ground 42.0) ?vd]
  [(Math/abs ^double ?vd) ?va]]

Same exception with your minimal repro.

1. Caused by clojure.lang.ExceptionInfo
   Unable to load namespace for Math/abs
   #:cognitect.anomalies{:category :cognitect.anomalies/not-found,
                         :message "Unable to load namespace for Math/abs"}
               require.clj:   53  datomic.core.require/anomaly!
               require.clj:   51  datomic.core.require/anomaly!

A call to Math/abs works outside of the query, which is what made me wonder if I need to whitelist the Math namespace, but I think everything in java.lang is available by default.

'[:find ?va
  :where
  [(ground 42.0) ?vd]
  [(java.lang.Math/abs ^double ?vd) ?va]]

Adding java.lang doesn't help.

Hmm.. Can you open a support case for this so I can look into it?

Where's the place to open support cases these days? http://support.datomic.com?

Yep, same as always

We've also got this handy format that prevents roundtrips https://docs.datomic.com/cloud/tech-notes/writing-a-problem-report.html

@U0CJ19XAM want me to log an issue for this Zendesk error too? I can't create a password because of some janky iframe stuff from the looks of it.

Yes, that's weird.

Please include your browser details

and if possible a .har file network recording (or the firefox equivalent) of the network requests made.

The support email that gets sent out links to a different doc on what info to provide with support requests, and it's from 2016: https://support.cognitect.com/hc/en-us/articles/215581538-Information-to-provide-with-a-support-request

It doesn't mention providing version numbers, which is probably more helpful with a problem on top of an in-memory database. 🙂

Quick fix for the Zendesk iframe jank is to open the iframe in a new tab, and then submit the form.

I've logged the support request. Thanks, @U0CJ19XAM! 🙇

Thank you @U06FTAZV3!

So my Datomic user was set up according to instructions here: https://docs.datomic.com/cloud/getting-started/configure-access.html#authorize-user Is there a reason that setup doesn’t have the necessary S3 creds baked in?

Yea, I figured I don’t need full access, but I don’t know what specifically I do need? Still confused as to why giving access to MY S3 account would affect access to a bucket outside of my account.

The issue that you haven't given your user access to read ANY S3 buckets, even public ones.

Say I were to grant universal read access via an AmazonS3ReadOnlyAccess policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:Get*",
                "s3:List*"
            ],
            "Resource": "*"
        }
    ]
}

You should restrict the resource arn I believe.

Tried this:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:Get*",
                "s3:List*"
            ],
            "Resource": "arn:aws:s3:::datomic-releases-1fc2183a/maven/releases/*"
        }
    ]
}

Thanks this helps.

Check out http://www.learndatalogtoday.org/