def apply_dataset_governance()

in src/pkg/qs_asset_gov.py [0:0]

• 28 lines of code
• 5 McCabe index (conditional complexity)

def apply_dataset_governance(asset, dataset_id):
    """
    Use governed asset information to update the permissions of a QuickSight
    Dataset. Give permissions to all groups in that asset entry.
    """

    actions = ''
    if asset.permission == "READ":
        actions = READ_ACTIONS

    for group in asset.groups:
        principal = (
            f"arn:aws:quicksight:{REGION}:{asset.account_id}:group/" f"{asset.namespace}/{group}"
        )

        try:
            QS_CLIENT.update_data_set_permissions(
                AwsAccountId=asset.account_id,
                DataSetId=dataset_id,
                GrantPermissions=[
                    {'Principal': principal, 'Actions': actions},
                ],
            )

            LOGGER.info(
                f"Dataset [{asset.name}] permissions given to group [{group}] in "
                f"namespace [{asset.namespace}]"
            )
        except ClientError as err:
            if err.response['Error']['Code'] == 'InvalidParameterValueException':
                LOGGER.info(
                    "Failed to apply permissions. Please validate that "
                    f"[{asset.category}] [{asset.name}], namespace "
                    f"[{asset.namespace}], and group [{group}] all exist in "
                    "QuickSight."
                )