public grantDataLocationPermissions()

in lib/constructs/data-lake-enrollment.ts [255:327]

• 53 lines of code
• 11 McCabe index (conditional complexity)

    public grantDataLocationPermissions(principal: iam.IPrincipal, permissionGrant: DataLakeEnrollment.DataLocationGrant , sourceLakeFormationLocation?: lakeformation.CfnResource ){
        
        
        
        var grantIdPrefix = ""
        var dataLakePrincipal : lakeformation.CfnPermissions.DataLakePrincipalProperty = {
            dataLakePrincipalIdentifier: ""
        };
        
        
        var s3Arn = `arn:aws:s3:::${permissionGrant.Location}${permissionGrant.LocationPrefix}` ;
        
        var dataLocationProperty : lakeformation.CfnPermissions.ResourceProperty = {
            dataLocationResource: {
                s3Resource: s3Arn            
            }            
        };

        if(principal instanceof iam.Role) {
            const resolvedPrincipal = principal as  iam.Role;

            if(permissionGrant.GrantResourcePrefix){
                grantIdPrefix = `${permissionGrant.GrantResourcePrefix}-${this.DataSetName}`
            }else{
                grantIdPrefix = `${resolvedPrincipal.roleName}-${this.DataSetName}`
            }            
            dataLakePrincipal = { dataLakePrincipalIdentifier: resolvedPrincipal.roleArn };
		}

	    if(principal instanceof iam.User){
            const resolvedPrincipal = principal as  iam.User;
            grantIdPrefix = `${resolvedPrincipal.userName}-${this.DataSetName}`
            dataLakePrincipal = { dataLakePrincipalIdentifier: resolvedPrincipal.userArn };
		}

        if (principal instanceof iam.ArnPrincipal) {
          
            if(principal.arn.includes(":role/")){
                const resolvedPrincipal = iam.Role.fromRoleArn(this,'importedRoleLFLocationGrant',principal.arn);

                if(permissionGrant.GrantResourcePrefix){
                    grantIdPrefix = `${permissionGrant.GrantResourcePrefix}-${this.DataSetName}`
                }else{
                    grantIdPrefix = `${resolvedPrincipal.roleName}-${this.DataSetName}`
                }            
                dataLakePrincipal = { dataLakePrincipalIdentifier: resolvedPrincipal.roleArn };
                
 
            }
            if(principal.arn.includes(":user/")){
                const resolvedPrincipal = iam.User.fromUserArn(this,'importedUserLFLocationGrant',principal.arn);
                grantIdPrefix = `${resolvedPrincipal.userName}-${this.DataSetName}`
                dataLakePrincipal = { dataLakePrincipalIdentifier: resolvedPrincipal.userArn };                
            }
        }


        if(permissionGrant.Grantable){
            const locationPermission = this.createLakeFormationPermission(`${grantIdPrefix}-locationGrant`,dataLakePrincipal , dataLocationProperty, ['DATA_LOCATION_ACCESS'], ['DATA_LOCATION_ACCESS']);
            
            if (sourceLakeFormationLocation != null ) {
                locationPermission.addDependsOn(sourceLakeFormationLocation);
            }
            
        }else {
            const locationPermission = this.createLakeFormationPermission(`${grantIdPrefix}-locationGrant`,dataLakePrincipal , dataLocationProperty, ['DATA_LOCATION_ACCESS'], ['']);
            if (sourceLakeFormationLocation != null ) {
                locationPermission.addDependsOn(sourceLakeFormationLocation);
            }
        }                


    }