search

aws / aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
https://aws.amazon.com/cdk
Apache License 2.0
11.5k stars 3.85k forks source link

(lake-formation): Cannot Grant SELECT permission on TableWithColumnResource for ALL_TABLES #16477

Closed jgsqware closed 2 years ago

jgsqware commented 3 years ago

I'm trying to grant SELECT permission for TableWithColumnResource and apply it to ALL_TABLES. It failed on the CDK and CLI if I don't specify the table name or if I use ALL_TABLES as a name.

Reproduction Steps

I'm using this JSON to the CLI:

{
    "Principal": {
        "DataLakePrincipalIdentifier": "******"
    },
    "Resource": {
        "TableWithColumns": {
            "CatalogId": "******",
            "DatabaseName": "coinbase-poc",
            "ColumnWildcard": {}
        }
    },
    "Permissions": [
        "ALTER",
        "DESCRIBE",
        "INSERT"
    ],
    "PermissionsWithGrantOption": []
}

or I'm using this JSON to the CLI:

{
    "Principal": {
        "DataLakePrincipalIdentifier": "******"
    },
    "Resource": {
        "TableWithColumns": {
            "CatalogId": "******",
            "Name": "ALL_TABLES",
            "DatabaseName": "coinbase-poc",
            "ColumnWildcard": {}
        }
    },
    "Permissions": [
        "ALTER",
        "DESCRIBE",
        "INSERT"
    ],
    "PermissionsWithGrantOption": []
}

What did you expect to happen?

I expect to have a permission for my principal with SELECT form Column of ALL_TABLES of the database

What actually happened?

CLI or CDK failed with this error:

An error occurred (InvalidInputException) when calling the GrantPermissions operation: Table: ALL_TABLES not found.
aws lakeformation grant-permissions --cli-input-json file://./grant.json

Parameter validation failed:
Missing required parameter in Resource.TableWithColumns: "Name"

Environment

aws --version
aws-cli/2.2.30 Python/3.9.6 Linux/5.10.16.3-microsoft-standard-WSL2 source/x86_64.ubuntu.20 prompt/off

Other

This is :bug: Bug Report

peterwoodworth commented 2 years ago

Hey @jgsqware, I'm struggling to see how this issue relates to the CDK since you haven't provided any CDK code or commands

If something you're trying to do isn't working with the CLI there likely isn't an issue with the CDK here.

github-actions[bot] commented 2 years ago

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.