fix catalog producers system db permissions (#310)

* fix catalog producers

* add changelog and workflow

* cleanup

---------

Co-authored-by: Raj Poluri <rpoluri@expediagroup.com>

Author: rpoluri

CHANGELOG.md

@@ -3,6 +3,10 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## [7.10.8] - 2025-05-12
+### Changed
+- Fix catalog producer roles access to system Glue database.
+
 ## [7.10.7] - 2025-05-08
 ### Changed
 - Output values to export glue database names and locations.

lf.tf

@@ -231,11 +231,9 @@ resource "aws_lakeformation_permissions" "catalog_producer_db_permissions" {
 }
 
 resource "aws_lakeformation_permissions" "catalog_producer_db_system_permissions" {
-  for_each = var.disable_glue_db_init && var.create_lf_resource ? tomap({
-    for schema in local.catalog_producer_schemas : "${schema["schema_name"]}-${schema["producer_arn"]}" => schema
-  }) : {}
+  for_each = var.disable_glue_db_init && var.create_lf_resource ? toset(var.lf_catalog_producer_arns) : []
 
-  principal   = each.value.producer_arn
+  principal   = each.key
   permissions = ["DESCRIBE", "CREATE_TABLE"]
 
   database {