public grantDatabasePermission()

in lib/constructs/data-lake-enrollment.ts [383:454]

• 49 lines of code
• 9 McCabe index (conditional complexity)

    public grantDatabasePermission(principal: iam.IPrincipal, permissionGrant: DataLakeEnrollment.DatabasePermissionGrant, includeSourceDb: boolean = false){

        const databaseName = this.DataEnrollment.Dataset_DatalakeDatabaseName;
        var grantIdPrefix = ""
        var dataLakePrincipal : lakeformation.CfnPermissions.DataLakePrincipalProperty = {
            dataLakePrincipalIdentifier: ""
        };
        var databaseResourceProperty : lakeformation.CfnPermissions.ResourceProperty = {            
            databaseResource: {name: databaseName}
        };

        

        if(principal instanceof iam.Role) {
            const resolvedPrincipal = principal as  iam.Role;

            if(permissionGrant.GrantResourcePrefix){
                grantIdPrefix = `${permissionGrant.GrantResourcePrefix}-${this.DataSetName}`
            }else{
                grantIdPrefix = `${resolvedPrincipal.roleName}-${this.DataSetName}`
            }            
            dataLakePrincipal = { dataLakePrincipalIdentifier: resolvedPrincipal.roleArn };
		}

	    if(principal instanceof iam.User){
            const resolvedPrincipal = principal as  iam.User;
            grantIdPrefix = `${resolvedPrincipal.userName}-${this.DataSetName}`
            dataLakePrincipal = { dataLakePrincipalIdentifier: resolvedPrincipal.userArn };
		}
		
        if (principal instanceof iam.ArnPrincipal) {
          
            if(principal.arn.includes(":role/")){
                const resolvedPrincipal = iam.Role.fromRoleArn(this,'importedRoleTableWithColumnGrant',principal.arn);

                if(permissionGrant.GrantResourcePrefix){
                    grantIdPrefix = `${permissionGrant.GrantResourcePrefix}-${this.DataSetName}`
                }else{
                    grantIdPrefix = `${resolvedPrincipal.roleName}-${this.DataSetName}`
                }            
                dataLakePrincipal = { dataLakePrincipalIdentifier: resolvedPrincipal.roleArn };
                
            }
            
            if(principal.arn.includes(":user/")){
                const resolvedPrincipal = iam.User.fromUserArn(this,'importedUserTableWithColumnGrant',principal.arn);
                grantIdPrefix = `${resolvedPrincipal.userName}-${this.DataSetName}`
                dataLakePrincipal = { dataLakePrincipalIdentifier: resolvedPrincipal.userArn };
            }
          
      
        }		
		
		

        const dataLakeGrant = this.createLakeFormationPermission(`${grantIdPrefix}-databaseGrant`,dataLakePrincipal , databaseResourceProperty, permissionGrant.DatabasePermissions, permissionGrant.GrantableDatabasePermissions)
        
        dataLakeGrant.addDependsOn(this.DataEnrollment.Dataset_Datalake);

        if(includeSourceDb){

            databaseResourceProperty = {
                //dataLocationResource: {resourceArn: this.DataEnrollment.DataLakeBucketName},
                databaseResource: {name: databaseName}
            };

            const sourceGrant = this.createLakeFormationPermission(`${grantIdPrefix}-databaseSrcGrant`,dataLakePrincipal , databaseResourceProperty, permissionGrant.DatabasePermissions, permissionGrant.GrantableDatabasePermissions)
            sourceGrant.addDependsOn(this.DataEnrollment.Dataset_Source);
        }


    }