AWS Lake Formation:grant_permissions:Resource.Table 中的未知参数:"TableWildcard"
AWS Lake Formation : grant_permissions : Unknown parameter in Resource.Table: "TableWildcard"
正在尝试通过 Lambda 函数授予 Lake 权限。 (Python 3.8)
据我所知,我根据文档获得了我的代码。
然而,却遇到了一连串关于参数不正确的无意义错误。
难道我只需要一个配镜师?
还是有些细微差别,或者今天亚马逊的风吹向哪个方向?
import boto3
import json
from botocore.exceptions import ClientError
def main(event,context):
client = boto3.client('lakeformation')
response = client.grant_permissions(
Principal={
'DataLakePrincipalIdentifier': 'arn:aws:iam::123456789012:role/myRole'
},
Resource={
'Table': {
'DatabaseName': 'myDatabase',
'TableWildcard': {}
},
},
Permissions=['ALL'],
PermissionsWithGrantOption=['ALL']
)
============================================= =========================================
[ERROR] ParamValidationError: Parameter validation failed: Missing
required parameter in Resource.Table: "Name" Unknown parameter in
Resource.Table: "TableWildcard", must be one of: DatabaseName, Name
Traceback (most recent call last): File "/var/task/main.py", line
10, in main
response = client.grant_permissions( File "/var/runtime/botocore/client.py", line 316, in _api_call
return self._make_api_call(operation_name, kwargs) File "/var/runtime/botocore/client.py", line 607, in _make_api_call
request_dict = self._convert_to_request_dict( File "/var/runtime/botocore/client.py", line 655, in
_convert_to_request_dict
request_dict = self._serializer.serialize_to_request( File "/var/runtime/botocore/validate.py", line 297, in serialize_to_request
raise ParamValidationError(report=report.generate_report())
我调查了一下这个问题。错误是因为在 lambda 上,TableResoures 的定义是(注意 lambda 上缺少的 TableWildcard):
"TableResource":{
"type":"structure",
"required":[
"DatabaseName",
"Name"
],
"members":{
"DatabaseName":{
"shape":"NameString",
"documentation":"<p>The name of the database for the table. Unique to a Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database privileges to a principal. </p>"
},
"Name":{
"shape":"NameString",
"documentation":"<p>The name of the table.</p>"
}
},
"documentation":"<p>A structure for the table object. A table is a metadata definition that represents your data. You can Grant and Revoke table privileges to a principal. </p>"
}
相比之下,latest version on github 有:
"TableResource":{
"type":"structure",
"required":["DatabaseName"],
"members":{
"CatalogId":{
"shape":"CatalogIdString",
"documentation":"<p>The identifier for the Data Catalog. By default, it is the account ID of the caller.</p>"
},
"DatabaseName":{
"shape":"NameString",
"documentation":"<p>The name of the database for the table. Unique to a Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database privileges to a principal. </p>"
},
"Name":{
"shape":"NameString",
"documentation":"<p>The name of the table.</p>"
},
"TableWildcard":{
"shape":"TableWildcard",
"documentation":"<p>A wildcard object representing every table under a database.</p> <p>At least one of <code>TableResource$Name</code> or <code>TableResource$TableWildcard</code> is required.</p>"
}
}
在我看来这是一个错误。
正在尝试通过 Lambda 函数授予 Lake 权限。 (Python 3.8) 据我所知,我根据文档获得了我的代码。 然而,却遇到了一连串关于参数不正确的无意义错误。 难道我只需要一个配镜师? 还是有些细微差别,或者今天亚马逊的风吹向哪个方向?
import boto3
import json
from botocore.exceptions import ClientError
def main(event,context):
client = boto3.client('lakeformation')
response = client.grant_permissions(
Principal={
'DataLakePrincipalIdentifier': 'arn:aws:iam::123456789012:role/myRole'
},
Resource={
'Table': {
'DatabaseName': 'myDatabase',
'TableWildcard': {}
},
},
Permissions=['ALL'],
PermissionsWithGrantOption=['ALL']
)
============================================= =========================================
[ERROR] ParamValidationError: Parameter validation failed: Missing required parameter in Resource.Table: "Name" Unknown parameter in Resource.Table: "TableWildcard", must be one of: DatabaseName, Name Traceback (most recent call last): File "/var/task/main.py", line 10, in main response = client.grant_permissions( File "/var/runtime/botocore/client.py", line 316, in _api_call return self._make_api_call(operation_name, kwargs) File "/var/runtime/botocore/client.py", line 607, in _make_api_call request_dict = self._convert_to_request_dict( File "/var/runtime/botocore/client.py", line 655, in _convert_to_request_dict request_dict = self._serializer.serialize_to_request( File "/var/runtime/botocore/validate.py", line 297, in serialize_to_request raise ParamValidationError(report=report.generate_report())
我调查了一下这个问题。错误是因为在 lambda 上,TableResoures 的定义是(注意 lambda 上缺少的 TableWildcard):
"TableResource":{
"type":"structure",
"required":[
"DatabaseName",
"Name"
],
"members":{
"DatabaseName":{
"shape":"NameString",
"documentation":"<p>The name of the database for the table. Unique to a Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database privileges to a principal. </p>"
},
"Name":{
"shape":"NameString",
"documentation":"<p>The name of the table.</p>"
}
},
"documentation":"<p>A structure for the table object. A table is a metadata definition that represents your data. You can Grant and Revoke table privileges to a principal. </p>"
}
相比之下,latest version on github 有:
"TableResource":{
"type":"structure",
"required":["DatabaseName"],
"members":{
"CatalogId":{
"shape":"CatalogIdString",
"documentation":"<p>The identifier for the Data Catalog. By default, it is the account ID of the caller.</p>"
},
"DatabaseName":{
"shape":"NameString",
"documentation":"<p>The name of the database for the table. Unique to a Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database privileges to a principal. </p>"
},
"Name":{
"shape":"NameString",
"documentation":"<p>The name of the table.</p>"
},
"TableWildcard":{
"shape":"TableWildcard",
"documentation":"<p>A wildcard object representing every table under a database.</p> <p>At least one of <code>TableResource$Name</code> or <code>TableResource$TableWildcard</code> is required.</p>"
}
}
在我看来这是一个错误。