我正在使用excel文件添加一些数据,用于授予和撤销湖泊形成的许可。此函数将使用参数撤销或授予权限
def apply_lake_formation_permissions(profile="default", _database=None):
lake_formation = boto3.session.Session(profile_name=profile).client('lakeformation')
df = pd.read_excel(File,engine='openpyxl')
df.fillna("", inplace=True)
for index, _df in df.iterrows():
_Resource = {}
z = {}
for column_name in _df.keys():
if "_" in column_name and _df[column_name] != "" :
column_name_split_list = column_name.split("_")
k = column_name_split_list[0]
k = {column_name_split_list[1] : str(_df[column_name])}
z.update(k)
if "TableWithColumns" in column_name:
if 'Name' in z.keys() and z['Name'] == "ALL_TABLES":
z['Name'] = "ALL_TABLES.*"
_Resource['Table'] = {"DatabaseName": _df["TableWithColumns_DatabaseName"], 'TableWildcard': {}}
z['ColumnWildcard'] = {}
_Resource['TableWithColumns'] = z
elif "table" == column_name_split_list[0].lower():
if 'Name' in z.keys() and z['Name'] == "ALL_TABLES":
del z['Name']
z['TableWildcard'] = {}
_Resource['Table'] = z
#_Resource['Table'] = {}
elif "database" == column_name_split_list[0].lower():
_Resource['Database'] = z
check_empty = not _Resource
if check_empty:
_Resource['Catalog'] = {}
if _df['Principal'] != 'IAM_ALLOWED_PRINCIPALS':
_Principal = {"DataLakePrincipalIdentifier": "arn:aws:iam::" + account_number + ":" +_df['Principal']}
else:
_Principal = {"DataLakePrincipalIdentifier": _df['Principal']}
_Permissions = [j for j in _df['Permissions'].split(',')]
if _df['PermissionsWithGrantOption'] == "" or 'TableWildcard' in z.keys() :
_PermissionsWithGrantOption = []
else:
_PermissionsWithGrantOption = [m for m in _df['PermissionsWithGrantOption'].split(',')]
if _df['Action'].lower() == "revoke":
print(f"Revoking.. {_Principal}, {_Resource}, {_Permissions}, {_PermissionsWithGrantOption}")
print(_Principal.get('DataLakePrincipalIdentifier'))
response = lake_formation.batch_revoke_permissions(
Entries=
[
{
'Id': str(uuid.uuid4()),
'Principal': _Principal,
'Resource': _Resource,
'Permissions': _Permissions,
'PermissionsWithGrantOption': _PermissionsWithGrantOption
}
])
print(f"Access Revoked {response}")
elif _df['Action'].lower() == "grant":
cprint(f"Granting... {_Principal}, {_Resource}, {_Permissions}, {_PermissionsWithGrantOption}", "green")
response = lake_formation.batch_grant_permissions(
Entries=
[
{
'Id': str(uuid.uuid4()),
'Principal': _Principal,
'Resource': _Resource,
'Permissions': _Permissions,
'PermissionsWithGrantOption': _PermissionsWithGrantOption
}
])
cprint(f"Access Granted {response}", "blue")
else:
pass
以下是一个请求参数的示例:
response = lake_formation.batch_revoke_permissions(
Entries=
[
{
'Id': str(uuid.uuid4()),
'Principal': {'DataLakePrincipalIdentifier': 'xxxxxxxxx'},
'Resource': {'Table': {'CatalogId': 'xxxxxxxxxxx', 'DatabaseName': 'xxxxxxx','Name': 'xxxxxxxxx'},
'Permissions': ['ALL'],
'PermissionsWithGrantOption': []
}
])
对于上述请求,我得到以下错误
Access Revoked {'Failures': [{'RequestEntry': {'Id': 'xxxxxxxxxxxxxx', 'Principal': {'DataLakePrincipalIdentifier': 'xxxxxxxxxx'}, 'Resource': {'Table': {'CatalogId': 'xxxxxxxxxx', 'DatabaseName': 'xxxxxxxxxx', 'Name': 'xxxxxxxxxxxxxxx'}}, 'Permissions': ['ALL'], 'PermissionsWithGrantOption': []}, 'Error': {'ErrorCode': 'AccessDeniedException', 'ErrorMessage': 'Insufficient Glue permissions to access table xxxxxxxxxxxx'}}], 'ResponseMetadata': {'RequestId': 'xxxxxxxxxxx', 'HTTPStatusCode': 200, 'HTTPHeaders': {'date': 'Tue, 29 Dec 2020 13:36:35 GMT', 'content-type': 'application/x-amz-json-1.1', 'content-length': '494', 'connection': 'keep-alive', 'x-amzn-requestid': 'xxxxxxxxxxxxxxx', 'cache-control': 'no-cache'}, 'RetryAttempts': 0}}
目前没有回答
相关问题 更多 >
编程相关推荐