Press n or j to go to the next uncovered block, b, p or k for the previous block.
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 | 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 8x 8x 8x 8x 8x 8x 8x 8x 8x 1x 1x 1x 1x 1x 1x 1x 1x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 1x 1x 1x 1x 1x 1x 1x 1x 4x 4x 4x 4x 4x 4x 4x 3x 3x 3x 4x 1x 1x 1x 2x 2x 2x 4x 1x 1x 1x 4x 1x 1x 1x 1x 1x 1x 1x 1x 4x 4x 4x 4x 4x 4x 4x 3x 3x 3x 4x 2x 2x 2x 1x 1x 1x 1x 1x 1x 1x 4x | // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
import {
GetDataLakeSettingsCommand,
LakeFormationClient,
PutDataLakeSettingsCommand,
DataLakePrincipal,
GetDataLakeSettingsCommandOutput,
} from "@aws-sdk/client-lakeformation";
/**
* Retrieves current Lake Formation settings and admin principals
*
* @param lakeformationClient - Lake Formation client instance
* @returns Current admins list and settings object
*/
async function getDataLakeSettings(lakeformationClient: LakeFormationClient): Promise<{
admins: DataLakePrincipal[];
settings: GetDataLakeSettingsCommandOutput;
}> {
const settings = await lakeformationClient.send(new GetDataLakeSettingsCommand({}));
const admins = settings.DataLakeSettings?.DataLakeAdmins || [];
return { admins, settings };
}
/**
* Updates Lake Formation admin principals while preserving other settings
*
* @param lakeformationClient - Lake Formation client instance
* @param updatedAdmins - New list of admin principals to set
* @param settings - Existing settings to preserve previous configurations
*/
async function updateDataLakeSettings(
lakeformationClient: LakeFormationClient,
updatedAdmins: DataLakePrincipal[],
settings: GetDataLakeSettingsCommandOutput,
): Promise<void> {
await lakeformationClient.send(
new PutDataLakeSettingsCommand({
DataLakeSettings: {
...settings.DataLakeSettings,
DataLakeAdmins: updatedAdmins,
},
}),
);
}
/**
* Sets up Lake Formation admin permissions for the specified role
*
* @param roleArn - ARN of the role to grant permissions to
* @param lakeformationClient - Lake Formation client instance
*/
export async function setupLakeFormationPermissions(
roleArn: string,
lakeformationClient: LakeFormationClient,
): Promise<void> {
console.info(`Setting up Lake Formation permissions for role: ${roleArn}`);
try {
const { admins, settings } = await getDataLakeSettings(lakeformationClient);
const hasRole = admins.some((admin) => admin.DataLakePrincipalIdentifier === roleArn);
if (hasRole) {
console.info(`Role ${roleArn} already has Lake Formation admin permissions`);
return;
}
const updatedAdmins = [...admins, { DataLakePrincipalIdentifier: roleArn }];
await updateDataLakeSettings(lakeformationClient, updatedAdmins, settings);
} catch (error) {
console.error(error);
throw new Error(`Failed to setup Lake Formation permissions: ${(error as Error).message}`);
}
}
/**
* Removes specified role from Lake Formation permissions
*
* @param roleArn - ARN of the role to remove permissions for
* @param lakeformationClient - Lake Formation client instance
*/
export async function removeLakeFormationPermissions(
roleArn: string,
lakeformationClient: LakeFormationClient,
): Promise<void> {
console.info(`Removing Lake Formation permissions for role: ${roleArn}`);
try {
const { admins, settings } = await getDataLakeSettings(lakeformationClient);
const hasRole = admins.some((admin) => admin.DataLakePrincipalIdentifier === roleArn);
if (!hasRole) {
console.info(`Role ${roleArn} not found in Lake Formation admins`);
return;
}
const updatedAdmins = admins.filter((admin) => admin.DataLakePrincipalIdentifier !== roleArn);
await updateDataLakeSettings(lakeformationClient, updatedAdmins, settings);
} catch (error) {
console.error(error);
throw new Error(`Failed to cleanup Lake Formation permissions: ${(error as Error).message}`);
}
}
|