3

尝试通过 Lambda 函数授予湖权限。(Python 3.8)据我所见,我的代码符合文档。然而,却出现了一连串关于参数不正确的胡说八道的错误。难道我只需要一个配镜师?或者是一些细微差别,或者今天亚马逊风吹向哪个方向?

import boto3
import json
from botocore.exceptions import ClientError

def main(event,context):

    client = boto3.client('lakeformation')

    response = client.grant_permissions(
        Principal={
            'DataLakePrincipalIdentifier': 'arn:aws:iam::123456789012:role/myRole'
        },
        Resource={
            'Table': {
                'DatabaseName': 'myDatabase',
                'TableWildcard': {}
            },
        },
        Permissions=['ALL'],
        PermissionsWithGrantOption=['ALL']
    )

==================================================== =====================================

[错误] ParamValidationError:参数验证失败:Resource.Table 中缺少必需的参数:“Name”Resource.Table 中的未知参数:“TableWildcard”,必须是以下之一:DatabaseName、Name Traceback(最近一次调用):文件“/ var/task/main.py",第 10 行,在主响应中 = client.grant_permissions( 文件 "/var/runtime/botocore/client.py",第 316 行,在 _api_call return self._make_api_call(operation_name, kwargs) 文件中" /var/runtime/botocore/client.py”,第 607 行,在 _make_api_call request_dict = self._convert_to_request_dict(文件“/var/runtime/botocore/client.py”,第 655 行,在 _convert_to_request_dict request_dict = self._serializer.serialize_to_request(文件“/var/runtime/botocore/validate.py”,第 297 行,在 serialize_to_request 中引发 ParamValidationError(report=report.generate_report())

4

1 回答 1

2

我稍微调查了一下这个问题。错误是因为在 lambda 上,定义TableResoures是(注意 lambda 上的缺失TableWildcard):

    "TableResource":{
      "type":"structure",
      "required":[
        "DatabaseName",
        "Name"
      ],
      "members":{
        "DatabaseName":{
          "shape":"NameString",
          "documentation":"<p>The name of the database for the table. Unique to a Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database privileges to a principal. </p>"
        },
        "Name":{
          "shape":"NameString",
          "documentation":"<p>The name of the table.</p>"
        }
      },
      "documentation":"<p>A structure for the table object. A table is a metadata definition that represents your data. You can Grant and Revoke table privileges to a principal. </p>"
    }

相比之下,github上的最新版本有:

    "TableResource":{
      "type":"structure",
      "required":["DatabaseName"],
      "members":{
        "CatalogId":{
          "shape":"CatalogIdString",
          "documentation":"<p>The identifier for the Data Catalog. By default, it is the account ID of the caller.</p>"
        },
        "DatabaseName":{
          "shape":"NameString",
          "documentation":"<p>The name of the database for the table. Unique to a Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database privileges to a principal. </p>"
        },
        "Name":{
          "shape":"NameString",
          "documentation":"<p>The name of the table.</p>"
        },
        "TableWildcard":{
          "shape":"TableWildcard",
          "documentation":"<p>A wildcard object representing every table under a database.</p> <p>At least one of <code>TableResource$Name</code> or <code>TableResource$TableWildcard</code> is required.</p>"
        }
      }

在我看来,这是一些错误。

于 2020-08-06T09:21:16.983 回答