in src/lakeformation_permissions/consumption/lambda_function.py [0:0]
def grant_db_describe(principal, database):
""" Grants 'DESCRIBE' on database to the Principal
Arguments:
principal {str} -- Principal to which DB describe is needed
database {str} -- Database Name
Returns:
response {dict} -- response from Lakeformation API call
"""
consumption_acct = acc_id
Name = database
permissions = ['DESCRIBE']
database_json = {}
if 'foundation_' not in database:
database='foundation_'+database
glue_client = boto3.client('glue')
db_exist = check_db_exist(glue_client,database)
if not db_exist:
# Resource link creation on Consumption account
foundations_catalog = f_acc_id
logger.info("{} database doesn't exist, creating Resource Link(DB)".format(database))
response = glue_client.create_database(
DatabaseInput= {
'Name': database,
'TargetDatabase': {
'CatalogId': foundations_catalog,
'DatabaseName': database.split('foundation_')[1]
}
}
)
if response['ResponseMetadata']['HTTPStatusCode'] == 200:
logger.info('Successfully create Resource Link --> {}'.format(database.split('foundation_')[1]))
Database = {
'CatalogId': consumption_acct,
'Name': database
}
database_json['Database'] = Database
client = boto3.client('lakeformation', config=Config(connect_timeout=5, read_timeout=60, retries={'max_attempts': 20}))
logger.info('Granting DB Describe on resource {} for Principal {} with Consumption ACC ID {}'
.format(principal, database, consumption_acct ))
response= client.grant_permissions(Principal=principal,
Resource=database_json,
Permissions=permissions)
logger.info('DB DESCRIBE Grant Response {}'.format(response))
return response