tokern / lakecli Goto Github PK
View Code? Open in Web Editor NEWA CLI to manage and monitor permissions in AWS Lake Formation
License: Apache License 2.0
A CLI to manage and monitor permissions in AWS Lake Formation
License: Apache License 2.0
For example AccessDeniedException causes the application to fail.
\r:iamdb> grant SELECT ON TABLE '*****' TO '****';
.....
raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (AccessDeniedException) when calling the GrantPermissions operation: Insufficient Lake Formation permission(s) on ******
During handling of the above exception, another exception occurred:
.....
except OperationalError as e:
NameError: name 'OperationalError' is not defined
In this case, there permission did not exist.
revoke SELECT ON TABLE 'taxidata'.'parq_zones' TO 'user/datalake_user';
Error message from boto:
botocore.errorfactory.InvalidInputException: An error occurred (InvalidInputException) when calling the RevokePermissions operation: No permissions revoked. Grantee has no permissions and no grantable permissions on resource.
\r:iamdb> SELECT * FROM database_privileges;
no such table: database_privileges
\r:iamdb> SELECT * FROM table_privileges;
no such table: table_privileges
\r:iamdb>
While lakecli is a great tool to view and manage permissions for your lakeformation resources, i think it is missing the ALL_TABLES grant option. For instance, if there are say 500 tables within a database, is it possible to GRANT select on ALL TABLES in database to a principal instead of granting each table at a time?
Traceback (most recent call last):
File "/opt/anaconda3/envs/ops/bin/lakecli", line 8, in
sys.exit(cli())
File "/opt/anaconda3/envs/ops/lib/python3.8/site-packages/click/core.py", line 1130, in call
return self.main(*args, **kwargs)
File "/opt/anaconda3/envs/ops/lib/python3.8/site-packages/click/core.py", line 1055, in main
rv = self.invoke(ctx)
File "/opt/anaconda3/envs/ops/lib/python3.8/site-packages/click/core.py", line 1404, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/opt/anaconda3/envs/ops/lib/python3.8/site-packages/click/core.py", line 760, in invoke
return __callback(*args, **kwargs)
File "/opt/anaconda3/envs/ops/lib/python3.8/site-packages/lakecli/main.py", line 725, in cli
athenacli.run_cli()
File "/opt/anaconda3/envs/ops/lib/python3.8/site-packages/lakecli/main.py", line 291, in run_cli
self.cli = self._build_cli(history)
File "/opt/anaconda3/envs/ops/lib/python3.8/site-packages/lakecli/main.py", line 581, in _build_cli
reserve_space_for_menu=self.get_reserved_space()
File "/opt/anaconda3/envs/ops/lib/python3.8/site-packages/lakecli/main.py", line 630, in get_reserved_space
_, height = click.get_terminal_size()
AttributeError: module 'click' has no attribute 'get_terminal_size'
When a GRANT statement is executed on a non-existent table, the exception thrown is AccessDeniedException
botocore.exceptions.ClientError: An error occurred (AccessDeniedException) when calling the GrantPermissions operation: Insufficient Lake Formation permission(s) on parq_misc
Otherwise it conflicts with other packages, I'd prefer not having to create yet another environment for this CLI :_/
Installing collected packages: tabulate, configobj, cli-helpers, sqlparse, prompt-toolkit, peewee, click, lakecli
Attempting uninstall: prompt-toolkit
Found existing installation: prompt-toolkit 3.0.20
Uninstalling prompt-toolkit-3.0.20:
Successfully uninstalled prompt-toolkit-3.0.20
ERROR: pip's dependency resolver does not currently take into account all the packages that are installed. This behaviour is the source of the following dependency conflicts.
ipython 7.27.0 requires prompt-toolkit!=3.0.0,!=3.0.1,<3.1.0,>=2.0.0, but you have prompt-toolkit 1.0.18 which is incompatible.
Same goes for athenacli
but with other deps?:
Collecting tenacity>=4.1.0
Downloading tenacity-8.0.1-py3-none-any.whl (24 kB)
Installing collected packages: tenacity, sqlparse, PyAthena, prompt-toolkit, athenacli
Attempting uninstall: sqlparse
Found existing installation: sqlparse 0.2.4
Uninstalling sqlparse-0.2.4:
Successfully uninstalled sqlparse-0.2.4
Attempting uninstall: prompt-toolkit
Found existing installation: prompt-toolkit 1.0.18
Uninstalling prompt-toolkit-1.0.18:
Successfully uninstalled prompt-toolkit-1.0.18
ERROR: pip's dependency resolver does not currently take into account all the packages that are installed. This behaviour is the source of the following dependency conflicts.
lakecli 0.2.0 requires prompt-toolkit<1.1.0,>=1.0.10, but you have prompt-toolkit 2.0.10 which is incompatible.
lakecli 0.2.0 requires sqlparse<0.3.0,>=0.2.2, but you have sqlparse 0.3.1 which is incompatible.
Nice writeup over https://tokern.io/blog/lake-formation-permissions/ regardless ;)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.