1414class DataMeshProducer :
1515 _data_mesh_account_id = None
1616 _data_producer_account_id = None
17- _data_mesh_manager_role_arn = None
1817 _session = None
1918 _iam_client = None
2019 _sts_client = None
@@ -58,13 +57,16 @@ def __init__(self, data_mesh_account_id: str, region_name: str = 'us-east-1', lo
5857
5958 self ._data_producer_identity = self ._sts_client .get_caller_identity ()
6059 self ._data_producer_account_id = self ._data_producer_identity .get ('Account' )
60+ producer_role_name = utils .get_central_role_name (self ._data_producer_account_id , PRODUCER )
61+ self ._data_producer_role_arn = utils .get_role_arn (account_id = self ._data_mesh_account_id ,
62+ role_name = producer_role_name )
6163
6264 self ._producer_automator = ApiAutomator (target_account = self ._data_producer_account_id ,
6365 session = self ._session , log_level = self ._log_level )
6466
6567 # now assume the DataMeshProducer-<account-id> Role in the Mesh Account
6668 self ._data_mesh_session , self ._data_mesh_credentials , self ._data_mesh_arn = utils .assume_iam_role (
67- role_name = utils . get_central_role_name ( self . _data_producer_account_id , PRODUCER ) ,
69+ role_name = producer_role_name ,
6870 region_name = self ._current_region ,
6971 use_credentials = _producer_credentials ,
7072 target_account = self ._data_mesh_account_id
@@ -85,11 +87,15 @@ def __init__(self, data_mesh_account_id: str, region_name: str = 'us-east-1', lo
8587 region_name = self ._current_region ,
8688 log_level = log_level )
8789
90+ if self ._log_level == 'DEBUG' :
91+ utils .log_instance_signature (self , self ._logger )
92+
8893 def _create_mesh_table (self , table_def : dict , data_mesh_glue_client , source_database_name : str ,
8994 data_mesh_database_name : str ,
9095 producer_account_id : str ,
9196 data_mesh_account_id : str , create_public_metadata : bool = True ,
92- expose_table_references_with_suffix : str = "_link" , use_original_table_name : bool = False ):
97+ expose_table_references_with_suffix : str = "_link" ,
98+ use_original_table_name : bool = False ) -> tuple :
9399 '''
94100 API to create a table as a data product in the data mesh
95101 :param table_def:
@@ -106,7 +112,7 @@ def _create_mesh_table(self, table_def: dict, data_mesh_glue_client, source_data
106112 # remove properties from a TableInfo object returned from get_table to be compatible with put_table
107113 keys = [
108114 'DatabaseName' , 'CreateTime' , 'UpdateTime' , 'CreatedBy' , 'IsRegisteredWithLakeFormation' , 'CatalogId' ,
109- 'Tags'
115+ 'Tags' , 'VersionId'
110116 ]
111117 t = utils .remove_dict_keys (input_dict = table_def , remove_keys = keys )
112118 t ['Owner' ] = producer_account_id
@@ -138,8 +144,8 @@ def _create_mesh_table(self, table_def: dict, data_mesh_glue_client, source_data
138144 partition_input_list = table_partitions
139145 )
140146
141- # grant access to the producer account
142- perms = ['INSERT' , 'SELECT' , 'ALTER' , 'DELETE' , 'DESCRIBE' ]
147+ # grant full access to the producer account
148+ perms = ['INSERT' , 'SELECT' , 'ALTER' , 'DELETE' , 'DESCRIBE' , 'DROP' ]
143149 permissions_granted = self ._mesh_automator .lf_grant_permissions (
144150 data_mesh_account_id = self ._data_mesh_account_id ,
145151 principal = producer_account_id ,
@@ -153,37 +159,37 @@ def _create_mesh_table(self, table_def: dict, data_mesh_glue_client, source_data
153159 if create_public_metadata is True :
154160 self ._mesh_automator .lf_grant_permissions (
155161 data_mesh_account_id = self ._data_mesh_account_id ,
156- principal = utils .get_role_arn (self ._data_mesh_account_id , DATA_MESH_READONLY_ROLENAME ),
162+ principal = utils .get_role_arn (account_id = self ._data_mesh_account_id ,
163+ role_name = DATA_MESH_READONLY_ROLENAME ),
157164 database_name = data_mesh_database_name ,
158165 table_name = table_name ,
159166 permissions = ['DESCRIBE' ],
160167 grantable_permissions = None
161168 )
162- self ._logger .info (f"Granted Describe on { table_name } { DATA_MESH_READONLY_ROLENAME } )
169+ self ._logger .info (f"Granted Describe on Table { table_name } { DATA_MESH_READONLY_ROLENAME } )
163170
164171 # in the producer account, accept the RAM share after 1 second - seems to be an async delay
165- if permissions_granted > 0 :
166- time .sleep (1 )
167- self ._producer_automator .accept_pending_lf_resource_shares (
168- sender_account = data_mesh_account_id
169- )
172+ time .sleep (1 )
173+ self ._producer_automator .accept_pending_lf_resource_shares (
174+ sender_account = data_mesh_account_id
175+ )
170176
171- # create a resource link for the data mesh table in producer account
172- if use_original_table_name is True :
173- link_table_name = table_name
174- else :
175- link_table_name = f"{ table_name }
176- if expose_table_references_with_suffix is not None :
177- link_table_name = f"{ table_name } { expose_table_references_with_suffix }
177+ # create a resource link for the data mesh table in producer account
178+ if use_original_table_name is True :
179+ link_table_name = table_name
180+ else :
181+ link_table_name = f"{ table_name }
182+ if expose_table_references_with_suffix is not None :
183+ link_table_name = f"{ table_name } { expose_table_references_with_suffix }
178184
179- self ._producer_automator .create_remote_table (
180- data_mesh_account_id = self ._data_mesh_account_id ,
181- database_name = data_mesh_database_name ,
182- local_table_name = link_table_name ,
183- remote_table_name = table_name
184- )
185+ self ._producer_automator .create_remote_table (
186+ data_mesh_account_id = self ._data_mesh_account_id ,
187+ database_name = data_mesh_database_name ,
188+ local_table_name = link_table_name ,
189+ remote_table_name = table_name
190+ )
185191
186- return table_name , link_table_name
192+ return table_name , link_table_name
187193
188194 def _make_database_name (self , database_name : str ):
189195 return "%s-%s" % (database_name , self ._data_producer_identity .get ('Account' ))
@@ -227,6 +233,9 @@ def create_data_products(self, source_database_name: str,
227233 expose_data_mesh_db_name : str = None ,
228234 expose_table_references_with_suffix : str = "_link" ,
229235 use_original_table_name : bool = False ):
236+ if self ._log_level == 'DEBUG' :
237+ self ._logger .debug (locals ())
238+
230239 if create_public_metadata is None :
231240 create_public_metadata = True
232241
@@ -272,7 +281,7 @@ def create_data_products(self, source_database_name: str,
272281 # grant the mesh permissions to administer the database
273282 self ._mesh_automator .lf_grant_permissions (
274283 data_mesh_account_id = self ._data_mesh_account_id ,
275- principal = self ._data_mesh_arn ,
284+ principal = self ._data_producer_role_arn ,
276285 database_name = data_mesh_database_name ,
277286 permissions = ['ALL' ],
278287 grantable_permissions = None
@@ -334,19 +343,24 @@ def create_data_products(self, source_database_name: str,
334343 )
335344
336345 # grant the mesh permissions to describe and select from the table
346+ manager_perms = ['DESCRIBE' , 'SELECT' , 'DROP' ]
337347 self ._mesh_automator .lf_grant_permissions (
338348 data_mesh_account_id = self ._data_mesh_account_id ,
339- principal = self ._data_mesh_arn ,
349+ principal = utils .get_role_arn (account_id = self ._data_mesh_account_id ,
350+ role_name = DATA_MESH_MANAGER_ROLENAME ),
340351 database_name = data_mesh_database_name ,
341352 table_name = table .get ('Name' ),
342- permissions = [ 'DESCRIBE' , 'SELECT' ] ,
353+ permissions = manager_perms ,
343354 grantable_permissions = None
344355 )
345356 self ._logger .info (
346- f"Granted describe access on Table { table .get ('Name' )} Data Mesh { self . _data_mesh_account_id } )
357+ f"Granted { manager_perms } { table .get ('Name' )} { DATA_MESH_MANAGER_ROLENAME } )
347358
348359 shared_objects .get ('Tables' ).append ({
349- 'SourceTable' : created_table [0 ],
360+ 'SourceTable' : table .get ('Name' ),
361+ 'TargetDatabase' : data_mesh_database_name ,
362+ 'TargetTable' : created_table [0 ],
363+ 'LinkDatabase' : data_mesh_database_name ,
350364 'LinkTable' : created_table [1 ]
351365 })
352366
0 commit comments