tokern / lakecli Goto Github PK

View Code? Open in Web Editor NEW

25.0 4.0 7.0 747 KB

A CLI to manage and monitor permissions in AWS Lake Formation

License: Apache License 2.0

Python 100.00%

aws aws-glue aws-lake-formation permissions sql

lakecli's People

Contributors

Stargazers

Watchers

Forkers

vrajat achyuthsamudrala amitkumar27 bryanyang0528 gwaffen-mck florianmeyrueis chadhoyt

lakecli's Issues

Errors in command should not cause application to exit

For example AccessDeniedException causes the application to fail.

\r:iamdb> grant SELECT ON TABLE '*****' TO '****';
.....
    raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (AccessDeniedException) when calling the GrantPermissions operation: Insufficient Lake Formation permission(s) on ******

During handling of the above exception, another exception occurred:
.....
except OperationalError as e:
NameError: name 'OperationalError' is not defined

Revoke Exception causes application to exit

In this case, there permission did not exist.

revoke SELECT ON TABLE 'taxidata'.'parq_zones' TO 'user/datalake_user';

Error message from boto:

botocore.errorfactory.InvalidInputException: An error occurred (InvalidInputException) when calling the RevokePermissions operation: No permissions revoked. Grantee has no permissions and no grantable permissions on resource.

no such table:

\r:iamdb> SELECT * FROM database_privileges;
no such table: database_privileges
\r:iamdb> SELECT * FROM table_privileges;
no such table: table_privileges
\r:iamdb>

Issue Summary

While lakecli is a great tool to view and manage permissions for your lakeformation resources, i think it is missing the ALL_TABLES grant option. For instance, if there are say 500 tables within a database, is it possible to GRANT select on ALL TABLES in database to a principal instead of granting each table at a time?

AttributeError: module 'click' has no attribute 'get_terminal_size'

Traceback (most recent call last):
File "/opt/anaconda3/envs/ops/bin/lakecli", line 8, in
sys.exit(cli())
File "/opt/anaconda3/envs/ops/lib/python3.8/site-packages/click/core.py", line 1130, in call
return self.main(*args, **kwargs)
File "/opt/anaconda3/envs/ops/lib/python3.8/site-packages/click/core.py", line 1055, in main
rv = self.invoke(ctx)
File "/opt/anaconda3/envs/ops/lib/python3.8/site-packages/click/core.py", line 1404, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/opt/anaconda3/envs/ops/lib/python3.8/site-packages/click/core.py", line 760, in invoke
return __callback(*args, **kwargs)
File "/opt/anaconda3/envs/ops/lib/python3.8/site-packages/lakecli/main.py", line 725, in cli
athenacli.run_cli()
File "/opt/anaconda3/envs/ops/lib/python3.8/site-packages/lakecli/main.py", line 291, in run_cli
self.cli = self._build_cli(history)
File "/opt/anaconda3/envs/ops/lib/python3.8/site-packages/lakecli/main.py", line 581, in _build_cli
reserve_space_for_menu=self.get_reserved_space()
File "/opt/anaconda3/envs/ops/lib/python3.8/site-packages/lakecli/main.py", line 630, in get_reserved_space
_, height = click.get_terminal_size()
AttributeError: module 'click' has no attribute 'get_terminal_size'

Bad error message when table name is wrong

When a GRANT statement is executed on a non-existent table, the exception thrown is AccessDeniedException

botocore.exceptions.ClientError: An error occurred (AccessDeniedException) when calling the GrantPermissions operation: Insufficient Lake Formation permission(s) on parq_misc

Bump up prompt-toolkit and sqlparse deps?

Otherwise it conflicts with other packages, I'd prefer not having to create yet another environment for this CLI :_/

Installing collected packages: tabulate, configobj, cli-helpers, sqlparse, prompt-toolkit, peewee, click, lakecli
  Attempting uninstall: prompt-toolkit
    Found existing installation: prompt-toolkit 3.0.20
    Uninstalling prompt-toolkit-3.0.20:
      Successfully uninstalled prompt-toolkit-3.0.20
ERROR: pip's dependency resolver does not currently take into account all the packages that are installed. This behaviour is the source of the following dependency conflicts.
ipython 7.27.0 requires prompt-toolkit!=3.0.0,!=3.0.1,<3.1.0,>=2.0.0, but you have prompt-toolkit 1.0.18 which is incompatible.

Same goes for athenacli but with other deps?:

Collecting tenacity>=4.1.0
  Downloading tenacity-8.0.1-py3-none-any.whl (24 kB)
Installing collected packages: tenacity, sqlparse, PyAthena, prompt-toolkit, athenacli
  Attempting uninstall: sqlparse
    Found existing installation: sqlparse 0.2.4
    Uninstalling sqlparse-0.2.4:
      Successfully uninstalled sqlparse-0.2.4
  Attempting uninstall: prompt-toolkit
    Found existing installation: prompt-toolkit 1.0.18
    Uninstalling prompt-toolkit-1.0.18:
      Successfully uninstalled prompt-toolkit-1.0.18
ERROR: pip's dependency resolver does not currently take into account all the packages that are installed. This behaviour is the source of the following dependency conflicts.
lakecli 0.2.0 requires prompt-toolkit<1.1.0,>=1.0.10, but you have prompt-toolkit 2.0.10 which is incompatible.
lakecli 0.2.0 requires sqlparse<0.3.0,>=0.2.2, but you have sqlparse 0.3.1 which is incompatible.

Nice writeup over https://tokern.io/blog/lake-formation-permissions/ regardless ;)

tokern / lakecli Goto Github PK

lakecli's People

Contributors

Stargazers

Watchers

Forkers

lakecli's Issues

Errors in command should not cause application to exit

Revoke Exception causes application to exit

no such table:

ALL_TABLES grant option

Issue Summary

AttributeError: module 'click' has no attribute 'get_terminal_size'

Bad error message when table name is wrong

Bump up prompt-toolkit and sqlparse deps?

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent