in migration/bring-your-own-gdc-assets/bring_your_own_gdc_assets.py [0:0]
def _check_database_managed_by_iam_access_and_enable_opt_in(database_name, role_arn, lf_client):
'''
Checks if the database is managed by IAM access. If it is, then enables hybrid mode for the database to allow Lake Formation permissions to work.
'''
try:
db_access = lf_client.list_permissions(
Resource={
'Database': {
'Name': database_name
}
},
Principal={
'DataLakePrincipalIdentifier': 'IAM_ALLOWED_PRINCIPALS'
}
).get('PrincipalResourcePermissions', [])
if db_access:
print(f"Glue database: {database_name} is managed via IAM access")
db_opt_in = lf_client.list_lake_formation_opt_ins(
Principal={
'DataLakePrincipalIdentifier': role_arn
},
Resource={
'Database': {
'Name': database_name
}
}
).get('LakeFormationOptInsInfoList', [])
if db_opt_in:
print(f"Principal: {role_arn} is already opted-in to {database_name}")
else:
lf_client.create_lake_formation_opt_in(
Principal={
'DataLakePrincipalIdentifier': role_arn
},
Resource={
'Database': {
'Name': database_name
}
}
)
print(f"Successfully created Lake Formation opt-in for database: {database_name}")
else:
print(f"Glue database: {database_name} is already managed via LakeFormation")
except Exception as e:
print(f"Error checking whether glue database {database_name} is managed by IAM access and setting opt in : {str(e)}")
raise e