in src/pkg/qs_asset_gov.py [0:0]
def reset_dataset_permissions(asset, dataset_id):
"""
Revoke all permissions assigned to a specific dataset.
"""
response = QS_CLIENT.describe_data_set_permissions(
AwsAccountId=asset.account_id, DataSetId=dataset_id
)
permissions = response['Permissions']
for permission in permissions:
principal = permission['Principal']
actions = permission['Actions']
if "group" in principal:
try:
QS_CLIENT.update_data_set_permissions(
AwsAccountId=asset.account_id,
DataSetId=dataset_id,
RevokePermissions=[
{'Principal': principal, 'Actions': actions},
],
)
except ClientError as err:
if err.response['Error']['Code'] == 'InvalidParameterValueException':
LOGGER.info(
"Failed to apply permissions. Please validate that "
f"[{asset.category}] [{asset.name}], namespace "
f"[{asset.namespace}], and principal [{principal}] all exist in "
"QuickSight."
)
LOGGER.info(f"Permissions reset for [{asset.category}] [{asset.name}]")