feat(client-lakeformation): This release added "condition" to LakeFormation OptIn APIs, also added WithPrivilegedAccess flag to RegisterResource and DescribeResource.

Author: awstools

clients/client-lakeformation/src/commands/BatchGrantPermissionsCommand.ts

@@ -108,6 +108,9 @@ export interface BatchGrantPermissionsCommandOutput extends BatchGrantPermission
  *       Permissions: [ // PermissionList
  *         "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_LF_TAG" || "ASSOCIATE" || "GRANT_WITH_LF_TAG_EXPRESSION" || "CREATE_LF_TAG_EXPRESSION" || "CREATE_CATALOG" || "SUPER_USER",
  *       ],
+ *       Condition: { // Condition
+ *         Expression: "STRING_VALUE",
+ *       },
  *       PermissionsWithGrantOption: [
  *         "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_LF_TAG" || "ASSOCIATE" || "GRANT_WITH_LF_TAG_EXPRESSION" || "CREATE_LF_TAG_EXPRESSION" || "CREATE_CATALOG" || "SUPER_USER",
  *       ],
@@ -189,6 +192,9 @@ export interface BatchGrantPermissionsCommandOutput extends BatchGrantPermission
  * //         Permissions: [ // PermissionList
  * //           "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_LF_TAG" || "ASSOCIATE" || "GRANT_WITH_LF_TAG_EXPRESSION" || "CREATE_LF_TAG_EXPRESSION" || "CREATE_CATALOG" || "SUPER_USER",
  * //         ],
+ * //         Condition: { // Condition
+ * //           Expression: "STRING_VALUE",
+ * //         },
  * //         PermissionsWithGrantOption: [
  * //           "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_LF_TAG" || "ASSOCIATE" || "GRANT_WITH_LF_TAG_EXPRESSION" || "CREATE_LF_TAG_EXPRESSION" || "CREATE_CATALOG" || "SUPER_USER",
  * //         ],

clients/client-lakeformation/src/commands/BatchRevokePermissionsCommand.ts

@@ -108,6 +108,9 @@ export interface BatchRevokePermissionsCommandOutput extends BatchRevokePermissi
  *       Permissions: [ // PermissionList
  *         "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_LF_TAG" || "ASSOCIATE" || "GRANT_WITH_LF_TAG_EXPRESSION" || "CREATE_LF_TAG_EXPRESSION" || "CREATE_CATALOG" || "SUPER_USER",
  *       ],
+ *       Condition: { // Condition
+ *         Expression: "STRING_VALUE",
+ *       },
  *       PermissionsWithGrantOption: [
  *         "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_LF_TAG" || "ASSOCIATE" || "GRANT_WITH_LF_TAG_EXPRESSION" || "CREATE_LF_TAG_EXPRESSION" || "CREATE_CATALOG" || "SUPER_USER",
  *       ],
@@ -189,6 +192,9 @@ export interface BatchRevokePermissionsCommandOutput extends BatchRevokePermissi
  * //         Permissions: [ // PermissionList
  * //           "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_LF_TAG" || "ASSOCIATE" || "GRANT_WITH_LF_TAG_EXPRESSION" || "CREATE_LF_TAG_EXPRESSION" || "CREATE_CATALOG" || "SUPER_USER",
  * //         ],
+ * //         Condition: { // Condition
+ * //           Expression: "STRING_VALUE",
+ * //         },
  * //         PermissionsWithGrantOption: [
  * //           "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_LF_TAG" || "ASSOCIATE" || "GRANT_WITH_LF_TAG_EXPRESSION" || "CREATE_LF_TAG_EXPRESSION" || "CREATE_CATALOG" || "SUPER_USER",
  * //         ],

clients/client-lakeformation/src/commands/CreateLakeFormationOptInCommand.ts

@@ -101,6 +101,9 @@ export interface CreateLakeFormationOptInCommandOutput extends CreateLakeFormati
  *       Name: "STRING_VALUE", // required
  *     },
  *   },
+ *   Condition: { // Condition
+ *     Expression: "STRING_VALUE",
+ *   },
  * };
  * const command = new CreateLakeFormationOptInCommand(input);
  * const response = await client.send(command);
@@ -132,6 +135,9 @@ export interface CreateLakeFormationOptInCommandOutput extends CreateLakeFormati
  * @throws {@link OperationTimeoutException} (client fault)
  *  <p>The operation timed out.</p>
  *
+ * @throws {@link ResourceNumberLimitExceededException} (client fault)
+ *  <p>A resource numerical limit was exceeded.</p>
+ *
  * @throws {@link LakeFormationServiceException}
  * <p>Base exception class for all service exceptions from LakeFormation service.</p>
  *

clients/client-lakeformation/src/commands/DeleteLakeFormationOptInCommand.ts

@@ -101,6 +101,9 @@ export interface DeleteLakeFormationOptInCommandOutput extends DeleteLakeFormati
  *       Name: "STRING_VALUE", // required
  *     },
  *   },
+ *   Condition: { // Condition
+ *     Expression: "STRING_VALUE",
+ *   },
  * };
  * const command = new DeleteLakeFormationOptInCommand(input);
  * const response = await client.send(command);

clients/client-lakeformation/src/commands/DescribeResourceCommand.ts

@@ -47,6 +47,7 @@ export interface DescribeResourceCommandOutput extends DescribeResourceResponse,
  * //     LastModified: new Date("TIMESTAMP"),
  * //     WithFederation: true || false,
  * //     HybridAccessEnabled: true || false,
+ * //     WithPrivilegedAccess: true || false,
  * //   },
  * // };
  *

clients/client-lakeformation/src/commands/GrantPermissionsCommand.ts

@@ -106,6 +106,9 @@ export interface GrantPermissionsCommandOutput extends GrantPermissionsResponse,
  *   Permissions: [ // PermissionList // required
  *     "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_LF_TAG" || "ASSOCIATE" || "GRANT_WITH_LF_TAG_EXPRESSION" || "CREATE_LF_TAG_EXPRESSION" || "CREATE_CATALOG" || "SUPER_USER",
  *   ],
+ *   Condition: { // Condition
+ *     Expression: "STRING_VALUE",
+ *   },
  *   PermissionsWithGrantOption: [
  *     "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_LF_TAG" || "ASSOCIATE" || "GRANT_WITH_LF_TAG_EXPRESSION" || "CREATE_LF_TAG_EXPRESSION" || "CREATE_CATALOG" || "SUPER_USER",
  *   ],

clients/client-lakeformation/src/commands/ListResourcesCommand.ts

@@ -58,6 +58,7 @@ export interface ListResourcesCommandOutput extends ListResourcesResponse, __Met
  * //       LastModified: new Date("TIMESTAMP"),
  * //       WithFederation: true || false,
  * //       HybridAccessEnabled: true || false,
+ * //       WithPrivilegedAccess: true || false,
  * //     },
  * //   ],
  * //   NextToken: "STRING_VALUE",

clients/client-lakeformation/src/commands/RegisterResourceCommand.ts

@@ -29,7 +29,7 @@ export interface RegisterResourceCommandOutput extends RegisterResourceResponse,
 
 /**
  * <p>Registers the resource as managed by the Data Catalog.</p>
- *          <p>To add or update data, Lake Formation needs read/write access to the chosen Amazon S3 path. Choose a role that you know has permission to do this, or choose the AWSServiceRoleForLakeFormationDataAccess service-linked role. When you register the first Amazon S3 path, the service-linked role and a new inline policy are created on your behalf. Lake Formation adds the first path to the inline policy and attaches it to the service-linked role. When you register subsequent paths, Lake Formation adds the path to the existing policy.</p>
+ *          <p>To add or update data, Lake Formation needs read/write access to the chosen data location. Choose a role that you know has permission to do this, or choose the AWSServiceRoleForLakeFormationDataAccess service-linked role. When you register the first Amazon S3 path, the service-linked role and a new inline policy are created on your behalf. Lake Formation adds the first path to the inline policy and attaches it to the service-linked role. When you register subsequent paths, Lake Formation adds the path to the existing policy.</p>
  *          <p>The following request registers a new location and gives Lake Formation permission to use the service-linked role to access that location.</p>
  *          <p>
  *             <code>ResourceArn = arn:aws:s3:::my-bucket/
@@ -51,6 +51,7 @@ export interface RegisterResourceCommandOutput extends RegisterResourceResponse,
  *   RoleArn: "STRING_VALUE",
  *   WithFederation: true || false,
  *   HybridAccessEnabled: true || false,
+ *   WithPrivilegedAccess: true || false,
  * };
  * const command = new RegisterResourceCommand(input);
  * const response = await client.send(command);

clients/client-lakeformation/src/commands/RevokePermissionsCommand.ts

@@ -105,6 +105,9 @@ export interface RevokePermissionsCommandOutput extends RevokePermissionsRespons
  *   Permissions: [ // PermissionList // required
  *     "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_LF_TAG" || "ASSOCIATE" || "GRANT_WITH_LF_TAG_EXPRESSION" || "CREATE_LF_TAG_EXPRESSION" || "CREATE_CATALOG" || "SUPER_USER",
  *   ],
+ *   Condition: { // Condition
+ *     Expression: "STRING_VALUE",
+ *   },
  *   PermissionsWithGrantOption: [
  *     "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_LF_TAG" || "ASSOCIATE" || "GRANT_WITH_LF_TAG_EXPRESSION" || "CREATE_LF_TAG_EXPRESSION" || "CREATE_CATALOG" || "SUPER_USER",
  *   ],

clients/client-lakeformation/src/models/models_0.ts

@@ -734,6 +734,18 @@ export interface AuditContext {
   AdditionalAuditContext?: string | undefined;
 }
 
+/**
+ * <p>A Lake Formation condition, which applies to permissions and opt-ins that contain an expression.</p>
+ * @public
+ */
+export interface Condition {
+  /**
+   * <p>An expression written based on the Cedar Policy Language used to match the principal attributes.</p>
+   * @public
+   */
+  Expression?: string | undefined;
+}
+
 /**
  * @public
  * @enum
@@ -804,6 +816,12 @@ export interface BatchPermissionsRequestEntry {
    */
   Permissions?: Permission[] | undefined;
 
+  /**
+   * <p>A Lake Formation condition, which applies to permissions and opt-ins that contain an expression.</p>
+   * @public
+   */
+  Condition?: Condition | undefined;
+
   /**
    * <p>Indicates if the option to pass permissions is granted.</p>
    * @public
@@ -1232,6 +1250,12 @@ export interface CreateLakeFormationOptInRequest {
    * @public
    */
   Resource: Resource | undefined;
+
+  /**
+   * <p>A Lake Formation condition, which applies to permissions and opt-ins that contain an expression.</p>
+   * @public
+   */
+  Condition?: Condition | undefined;
 }
 
 /**
@@ -1369,6 +1393,12 @@ export interface DeleteLakeFormationOptInRequest {
    * @public
    */
   Resource: Resource | undefined;
+
+  /**
+   * <p>A Lake Formation condition, which applies to permissions and opt-ins that contain an expression.</p>
+   * @public
+   */
+  Condition?: Condition | undefined;
 }
 
 /**
@@ -1623,6 +1653,12 @@ export interface ResourceInfo {
    * @public
    */
   HybridAccessEnabled?: boolean | undefined;
+
+  /**
+   * <p>Grants the calling principal the permissions to perform all supported Lake Formation operations on the registered data location. </p>
+   * @public
+   */
+  WithPrivilegedAccess?: boolean | undefined;
 }
 
 /**
@@ -1918,18 +1954,6 @@ export interface DetailsMap {
   ResourceShare?: string[] | undefined;
 }
 
-/**
- * <p>A Lake Formation condition, which applies to permissions and opt-ins that contain an expression.</p>
- * @public
- */
-export interface Condition {
-  /**
-   * <p>An expression written based on the Cedar Policy Language used to match the principal attributes.</p>
-   * @public
-   */
-  Expression?: string | undefined;
-}
-
 /**
  * <p>The permissions granted or revoked on a resource.</p>
  * @public
@@ -2932,6 +2956,12 @@ export interface GrantPermissionsRequest {
    */
   Permissions: Permission[] | undefined;
 
+  /**
+   * <p>A Lake Formation condition, which applies to permissions and opt-ins that contain an expression.</p>
+   * @public
+   */
+  Condition?: Condition | undefined;
+
   /**
    * <p>Indicates a list of the granted permissions that the principal may pass to other users. These permissions may only be a subset of the permissions granted in the <code>Privileges</code>.</p>
    * @public
@@ -3618,6 +3648,12 @@ export interface RegisterResourceRequest {
    * @public
    */
   HybridAccessEnabled?: boolean | undefined;
+
+  /**
+   * <p>Grants the calling principal the permissions to perform all supported Lake Formation operations on the registered data location. </p>
+   * @public
+   */
+  WithPrivilegedAccess?: boolean | undefined;
 }
 
 /**
@@ -3688,6 +3724,12 @@ export interface RevokePermissionsRequest {
    */
   Permissions: Permission[] | undefined;
 
+  /**
+   * <p>A Lake Formation condition, which applies to permissions and opt-ins that contain an expression.</p>
+   * @public
+   */
+  Condition?: Condition | undefined;
+
   /**
    * <p>Indicates a list of permissions for which to revoke the grant option allowing the principal to pass permissions to other principals.</p>
    * @public