in src/lakeformation_automation/lambda_function.py [0:0]
def generate_db_perm(perm_record):
""" Creates a db perm json for granting discribe DB to cross account
Arguments:
perm_record {dict} -- a single perm records from incoming manifest file
Returns:
db_perm record -- {dict}
Sample db_perm record:
{
'AccountID': 'centralCatalogAccount #',
'Principal': 'consumptionAccount #',
'Table': {
'DatabaseName': 'dbname',
'TableWildcard': {}
},
'Permissions': ['SELECT', 'DESCRIBE'],
'PermissionsWithGrantOption': ['SELECT', 'DESCRIBE'],
'AccessType': 'grant'
}
"""
logger.info('Generating DB_Perm record for {}'.format(perm_record))
arn_pattern = '^arn:(?P<Partition>[^:\n]*):(?P<Service>[^:\n]*):(?P<Region>[^:\n]*):(?P<AccountID>[^:\n]*):(?P<Ignore>(?P<ResourceType>[^:\/\n]*)[:\/])?(?P<Resource>.*)$'
arn_regex = re.compile(arn_pattern)
regex_obj = arn_regex.match(perm_record['Principal'])
if regex_obj:
db_perm = {}
table_json = {}
table_wild_Card = {}
db_perm['AccountID'] = os.environ['ACCOUNT_ID']
db_perm['Principal'] = regex_obj.group(4)
if 'Table' in perm_record:
if 'DatabaseName' not in perm_record['Table']:
raise LFAttributeError
table_json['DatabaseName'] = perm_record['Table']['DatabaseName']
elif 'TableWithColumns' in perm_record:
if 'DatabaseName' not in perm_record['TableWithColumns']:
raise LFAttributeError
table_json['DatabaseName'] = perm_record['TableWithColumns']['DatabaseName']
else:
raise LFAttributeError
table_json['TableWildcard'] = table_wild_Card
db_perm['Table'] = table_json
db_perm['Permissions'] = ["SELECT", "DESCRIBE"]
db_perm['PermissionsWithGrantOption'] = ["SELECT", "DESCRIBE"]
db_perm['AccessType'] = "grant"
return db_perm
else:
logger.error('Permissions Principal is not valid raising LFAttributeError')
raise LFAttributeError