Skip to content

Commit 6cd1c09

Browse files
This release added "condition" to LakeFormation OptIn APIs, also added WithPrivilegedAccess flag to RegisterResource and DescribeResource.
1 parent 57d6dd3 commit 6cd1c09

26 files changed

+351
-29
lines changed

generator/ServiceModels/lakeformation/lakeformation-2017-03-31.api.json

Lines changed: 14 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -191,7 +191,8 @@
191191
{"shape":"OperationTimeoutException"},
192192
{"shape":"EntityNotFoundException"},
193193
{"shape":"AccessDeniedException"},
194-
{"shape":"ConcurrentModificationException"}
194+
{"shape":"ConcurrentModificationException"},
195+
{"shape":"ResourceNumberLimitExceededException"}
195196
]
196197
},
197198
"DeleteDataCellsFilter":{
@@ -1126,6 +1127,7 @@
11261127
"Principal":{"shape":"DataLakePrincipal"},
11271128
"Resource":{"shape":"Resource"},
11281129
"Permissions":{"shape":"PermissionList"},
1130+
"Condition":{"shape":"Condition"},
11291131
"PermissionsWithGrantOption":{"shape":"PermissionList"}
11301132
}
11311133
},
@@ -1147,6 +1149,7 @@
11471149
"Failures":{"shape":"BatchPermissionsFailureList"}
11481150
}
11491151
},
1152+
"Boolean":{"type":"boolean"},
11501153
"BooleanNullable":{"type":"boolean"},
11511154
"CancelTransactionRequest":{
11521155
"type":"structure",
@@ -1315,7 +1318,8 @@
13151318
],
13161319
"members":{
13171320
"Principal":{"shape":"DataLakePrincipal"},
1318-
"Resource":{"shape":"Resource"}
1321+
"Resource":{"shape":"Resource"},
1322+
"Condition":{"shape":"Condition"}
13191323
}
13201324
},
13211325
"CreateLakeFormationOptInResponse":{
@@ -1490,7 +1494,8 @@
14901494
],
14911495
"members":{
14921496
"Principal":{"shape":"DataLakePrincipal"},
1493-
"Resource":{"shape":"Resource"}
1497+
"Resource":{"shape":"Resource"},
1498+
"Condition":{"shape":"Condition"}
14941499
}
14951500
},
14961501
"DeleteLakeFormationOptInResponse":{
@@ -1991,6 +1996,7 @@
19911996
"Principal":{"shape":"DataLakePrincipal"},
19921997
"Resource":{"shape":"Resource"},
19931998
"Permissions":{"shape":"PermissionList"},
1999+
"Condition":{"shape":"Condition"},
19942000
"PermissionsWithGrantOption":{"shape":"PermissionList"}
19952001
}
19962002
},
@@ -2530,7 +2536,8 @@
25302536
"UseServiceLinkedRole":{"shape":"NullableBoolean"},
25312537
"RoleArn":{"shape":"IAMRoleArn"},
25322538
"WithFederation":{"shape":"NullableBoolean"},
2533-
"HybridAccessEnabled":{"shape":"NullableBoolean"}
2539+
"HybridAccessEnabled":{"shape":"NullableBoolean"},
2540+
"WithPrivilegedAccess":{"shape":"Boolean"}
25342541
}
25352542
},
25362543
"RegisterResourceResponse":{
@@ -2578,7 +2585,8 @@
25782585
"RoleArn":{"shape":"IAMRoleArn"},
25792586
"LastModified":{"shape":"LastModifiedTimestamp"},
25802587
"WithFederation":{"shape":"NullableBoolean"},
2581-
"HybridAccessEnabled":{"shape":"NullableBoolean"}
2588+
"HybridAccessEnabled":{"shape":"NullableBoolean"},
2589+
"WithPrivilegedAccess":{"shape":"NullableBoolean"}
25822590
}
25832591
},
25842592
"ResourceInfoList":{
@@ -2635,6 +2643,7 @@
26352643
"Principal":{"shape":"DataLakePrincipal"},
26362644
"Resource":{"shape":"Resource"},
26372645
"Permissions":{"shape":"PermissionList"},
2646+
"Condition":{"shape":"Condition"},
26382647
"PermissionsWithGrantOption":{"shape":"PermissionList"}
26392648
}
26402649
},

generator/ServiceModels/lakeformation/lakeformation-2017-03-31.docs.json

Lines changed: 14 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,7 @@
4848
"ListTableStorageOptimizers": "<p>Returns the configuration of all storage optimizers associated with a specified table.</p>",
4949
"ListTransactions": "<p>Returns metadata about transactions and their status. To prevent the response from growing indefinitely, only uncommitted transactions and those available for time-travel queries are returned.</p> <p>This operation can help you identify uncommitted transactions or to get information about transactions.</p>",
5050
"PutDataLakeSettings": "<p>Sets the list of data lake administrators who have admin privileges on all resources managed by Lake Formation. For more information on admin privileges, see <a href=\"https://docs.aws.amazon.com/lake-formation/latest/dg/lake-formation-permissions.html\">Granting Lake Formation Permissions</a>.</p> <p>This API replaces the current list of data lake admins with the new list being passed. To add an admin, fetch the current list and add the new admin to that list and pass that list in this API.</p>",
51-
"RegisterResource": "<p>Registers the resource as managed by the Data Catalog.</p> <p>To add or update data, Lake Formation needs read/write access to the chosen Amazon S3 path. Choose a role that you know has permission to do this, or choose the AWSServiceRoleForLakeFormationDataAccess service-linked role. When you register the first Amazon S3 path, the service-linked role and a new inline policy are created on your behalf. Lake Formation adds the first path to the inline policy and attaches it to the service-linked role. When you register subsequent paths, Lake Formation adds the path to the existing policy.</p> <p>The following request registers a new location and gives Lake Formation permission to use the service-linked role to access that location.</p> <p> <code>ResourceArn = arn:aws:s3:::my-bucket/ UseServiceLinkedRole = true</code> </p> <p>If <code>UseServiceLinkedRole</code> is not set to true, you must provide or set the <code>RoleArn</code>:</p> <p> <code>arn:aws:iam::12345:role/my-data-access-role</code> </p>",
51+
"RegisterResource": "<p>Registers the resource as managed by the Data Catalog.</p> <p>To add or update data, Lake Formation needs read/write access to the chosen data location. Choose a role that you know has permission to do this, or choose the AWSServiceRoleForLakeFormationDataAccess service-linked role. When you register the first Amazon S3 path, the service-linked role and a new inline policy are created on your behalf. Lake Formation adds the first path to the inline policy and attaches it to the service-linked role. When you register subsequent paths, Lake Formation adds the path to the existing policy.</p> <p>The following request registers a new location and gives Lake Formation permission to use the service-linked role to access that location.</p> <p> <code>ResourceArn = arn:aws:s3:::my-bucket/ UseServiceLinkedRole = true</code> </p> <p>If <code>UseServiceLinkedRole</code> is not set to true, you must provide or set the <code>RoleArn</code>:</p> <p> <code>arn:aws:iam::12345:role/my-data-access-role</code> </p>",
5252
"RemoveLFTagsFromResource": "<p>Removes an LF-tag from the resource. Only database, table, or tableWithColumns resource are allowed. To tag columns, use the column inclusion list in <code>tableWithColumns</code> to specify column input.</p>",
5353
"RevokePermissions": "<p>Revokes permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3.</p>",
5454
"SearchDatabasesByLFTags": "<p>This operation allows a search on <code>DATABASE</code> resources by <code>TagCondition</code>. This operation is used by admins who want to grant user permissions on certain <code>TagConditions</code>. Before making a grant, the admin can use <code>SearchDatabasesByTags</code> to find all resources where the given <code>TagConditions</code> are valid to verify whether the returned resources can be shared.</p>",
@@ -199,6 +199,12 @@
199199
"refs": {
200200
}
201201
},
202+
"Boolean": {
203+
"base": null,
204+
"refs": {
205+
"RegisterResourceRequest$WithPrivilegedAccess": "<p>Grants the calling principal the permissions to perform all supported Lake Formation operations on the registered data location. </p>"
206+
}
207+
},
202208
"BooleanNullable": {
203209
"base": null,
204210
"refs": {
@@ -330,8 +336,13 @@
330336
"Condition": {
331337
"base": "<p>A Lake Formation condition, which applies to permissions and opt-ins that contain an expression.</p>",
332338
"refs": {
339+
"BatchPermissionsRequestEntry$Condition": null,
340+
"CreateLakeFormationOptInRequest$Condition": null,
341+
"DeleteLakeFormationOptInRequest$Condition": null,
342+
"GrantPermissionsRequest$Condition": null,
333343
"LakeFormationOptInsInfo$Condition": "<p>A Lake Formation condition, which applies to permissions and opt-ins that contain an expression.</p>",
334-
"PrincipalResourcePermissions$Condition": "<p>A Lake Formation condition, which applies to permissions and opt-ins that contain an expression.</p>"
344+
"PrincipalResourcePermissions$Condition": "<p>A Lake Formation condition, which applies to permissions and opt-ins that contain an expression.</p>",
345+
"RevokePermissionsRequest$Condition": null
335346
}
336347
},
337348
"ContextKey": {
@@ -1243,6 +1254,7 @@
12431254
"RegisterResourceRequest$HybridAccessEnabled": "<p> Specifies whether the data access of tables pointing to the location can be managed by both Lake Formation permissions as well as Amazon S3 bucket policies. </p>",
12441255
"ResourceInfo$WithFederation": "<p>Whether or not the resource is a federated resource.</p>",
12451256
"ResourceInfo$HybridAccessEnabled": "<p> Indicates whether the data access of tables pointing to the location can be managed by both Lake Formation permissions as well as Amazon S3 bucket policies. </p>",
1257+
"ResourceInfo$WithPrivilegedAccess": "<p>Grants the calling principal the permissions to perform all supported Lake Formation operations on the registered data location. </p>",
12461258
"UpdateResourceRequest$WithFederation": "<p>Whether or not the resource is a federated resource.</p>",
12471259
"UpdateResourceRequest$HybridAccessEnabled": "<p> Specifies whether the data access of tables pointing to the location can be managed by both Lake Formation permissions as well as Amazon S3 bucket policies. </p>"
12481260
}

generator/ServiceModels/lakeformation/lakeformation-2017-03-31.normal.json

Lines changed: 19 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -201,7 +201,8 @@
201201
{"shape":"OperationTimeoutException"},
202202
{"shape":"EntityNotFoundException"},
203203
{"shape":"AccessDeniedException"},
204-
{"shape":"ConcurrentModificationException"}
204+
{"shape":"ConcurrentModificationException"},
205+
{"shape":"ResourceNumberLimitExceededException"}
205206
],
206207
"documentation":"<p>Enforce Lake Formation permissions for the given databases, tables, and principals.</p>"
207208
},
@@ -814,7 +815,7 @@
814815
{"shape":"ResourceNumberLimitExceededException"},
815816
{"shape":"AccessDeniedException"}
816817
],
817-
"documentation":"<p>Registers the resource as managed by the Data Catalog.</p> <p>To add or update data, Lake Formation needs read/write access to the chosen Amazon S3 path. Choose a role that you know has permission to do this, or choose the AWSServiceRoleForLakeFormationDataAccess service-linked role. When you register the first Amazon S3 path, the service-linked role and a new inline policy are created on your behalf. Lake Formation adds the first path to the inline policy and attaches it to the service-linked role. When you register subsequent paths, Lake Formation adds the path to the existing policy.</p> <p>The following request registers a new location and gives Lake Formation permission to use the service-linked role to access that location.</p> <p> <code>ResourceArn = arn:aws:s3:::my-bucket/ UseServiceLinkedRole = true</code> </p> <p>If <code>UseServiceLinkedRole</code> is not set to true, you must provide or set the <code>RoleArn</code>:</p> <p> <code>arn:aws:iam::12345:role/my-data-access-role</code> </p>"
818+
"documentation":"<p>Registers the resource as managed by the Data Catalog.</p> <p>To add or update data, Lake Formation needs read/write access to the chosen data location. Choose a role that you know has permission to do this, or choose the AWSServiceRoleForLakeFormationDataAccess service-linked role. When you register the first Amazon S3 path, the service-linked role and a new inline policy are created on your behalf. Lake Formation adds the first path to the inline policy and attaches it to the service-linked role. When you register subsequent paths, Lake Formation adds the path to the existing policy.</p> <p>The following request registers a new location and gives Lake Formation permission to use the service-linked role to access that location.</p> <p> <code>ResourceArn = arn:aws:s3:::my-bucket/ UseServiceLinkedRole = true</code> </p> <p>If <code>UseServiceLinkedRole</code> is not set to true, you must provide or set the <code>RoleArn</code>:</p> <p> <code>arn:aws:iam::12345:role/my-data-access-role</code> </p>"
818819
},
819820
"RemoveLFTagsFromResource":{
820821
"name":"RemoveLFTagsFromResource",
@@ -1276,6 +1277,7 @@
12761277
"shape":"PermissionList",
12771278
"documentation":"<p>The permissions to be granted.</p>"
12781279
},
1280+
"Condition":{"shape":"Condition"},
12791281
"PermissionsWithGrantOption":{
12801282
"shape":"PermissionList",
12811283
"documentation":"<p>Indicates if the option to pass permissions is granted.</p>"
@@ -1310,6 +1312,7 @@
13101312
}
13111313
}
13121314
},
1315+
"Boolean":{"type":"boolean"},
13131316
"BooleanNullable":{"type":"boolean"},
13141317
"CancelTransactionRequest":{
13151318
"type":"structure",
@@ -1549,7 +1552,8 @@
15491552
],
15501553
"members":{
15511554
"Principal":{"shape":"DataLakePrincipal"},
1552-
"Resource":{"shape":"Resource"}
1555+
"Resource":{"shape":"Resource"},
1556+
"Condition":{"shape":"Condition"}
15531557
}
15541558
},
15551559
"CreateLakeFormationOptInResponse":{
@@ -1838,7 +1842,8 @@
18381842
],
18391843
"members":{
18401844
"Principal":{"shape":"DataLakePrincipal"},
1841-
"Resource":{"shape":"Resource"}
1845+
"Resource":{"shape":"Resource"},
1846+
"Condition":{"shape":"Condition"}
18421847
}
18431848
},
18441849
"DeleteLakeFormationOptInResponse":{
@@ -2708,6 +2713,7 @@
27082713
"shape":"PermissionList",
27092714
"documentation":"<p>The permissions granted to the principal on the resource. Lake Formation defines privileges to grant and revoke access to metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3. Lake Formation requires that each principal be authorized to perform a specific task on Lake Formation resources. </p>"
27102715
},
2716+
"Condition":{"shape":"Condition"},
27112717
"PermissionsWithGrantOption":{
27122718
"shape":"PermissionList",
27132719
"documentation":"<p>Indicates a list of the granted permissions that the principal may pass to other users. These permissions may only be a subset of the permissions granted in the <code>Privileges</code>.</p>"
@@ -3599,6 +3605,10 @@
35993605
"HybridAccessEnabled":{
36003606
"shape":"NullableBoolean",
36013607
"documentation":"<p> Specifies whether the data access of tables pointing to the location can be managed by both Lake Formation permissions as well as Amazon S3 bucket policies. </p>"
3608+
},
3609+
"WithPrivilegedAccess":{
3610+
"shape":"Boolean",
3611+
"documentation":"<p>Grants the calling principal the permissions to perform all supported Lake Formation operations on the registered data location. </p>"
36023612
}
36033613
}
36043614
},
@@ -3702,6 +3712,10 @@
37023712
"HybridAccessEnabled":{
37033713
"shape":"NullableBoolean",
37043714
"documentation":"<p> Indicates whether the data access of tables pointing to the location can be managed by both Lake Formation permissions as well as Amazon S3 bucket policies. </p>"
3715+
},
3716+
"WithPrivilegedAccess":{
3717+
"shape":"NullableBoolean",
3718+
"documentation":"<p>Grants the calling principal the permissions to perform all supported Lake Formation operations on the registered data location. </p>"
37053719
}
37063720
},
37073721
"documentation":"<p>A structure containing information about an Lake Formation resource.</p>"
@@ -3780,6 +3794,7 @@
37803794
"shape":"PermissionList",
37813795
"documentation":"<p>The permissions revoked to the principal on the resource. For information about permissions, see <a href=\"https://docs.aws.amazon.com/lake-formation/latest/dg/security-data-access.html\">Security and Access Control to Metadata and Data</a>.</p>"
37823796
},
3797+
"Condition":{"shape":"Condition"},
37833798
"PermissionsWithGrantOption":{
37843799
"shape":"PermissionList",
37853800
"documentation":"<p>Indicates a list of permissions for which to revoke the grant option allowing the principal to pass permissions to other principals.</p>"

sdk/src/Services/LakeFormation/Generated/Model/BatchPermissionsRequestEntry.cs

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,12 +34,28 @@ namespace Amazon.LakeFormation.Model
3434
/// </summary>
3535
public partial class BatchPermissionsRequestEntry
3636
{
37+
private Condition _condition;
3738
private string _id;
3839
private List<string> _permissions = AWSConfigs.InitializeCollections ? new List<string>() : null;
3940
private List<string> _permissionsWithGrantOption = AWSConfigs.InitializeCollections ? new List<string>() : null;
4041
private DataLakePrincipal _principal;
4142
private Resource _resource;
4243

44+
/// <summary>
45+
/// Gets and sets the property Condition.
46+
/// </summary>
47+
public Condition Condition
48+
{
49+
get { return this._condition; }
50+
set { this._condition = value; }
51+
}
52+
53+
// Check to see if Condition property is set
54+
internal bool IsSetCondition()
55+
{
56+
return this._condition != null;
57+
}
58+
4359
/// <summary>
4460
/// Gets and sets the property Id.
4561
/// <para>

sdk/src/Services/LakeFormation/Generated/Model/CreateLakeFormationOptInRequest.cs

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -35,9 +35,25 @@ namespace Amazon.LakeFormation.Model
3535
/// </summary>
3636
public partial class CreateLakeFormationOptInRequest : AmazonLakeFormationRequest
3737
{
38+
private Condition _condition;
3839
private DataLakePrincipal _principal;
3940
private Resource _resource;
4041

42+
/// <summary>
43+
/// Gets and sets the property Condition.
44+
/// </summary>
45+
public Condition Condition
46+
{
47+
get { return this._condition; }
48+
set { this._condition = value; }
49+
}
50+
51+
// Check to see if Condition property is set
52+
internal bool IsSetCondition()
53+
{
54+
return this._condition != null;
55+
}
56+
4157
/// <summary>
4258
/// Gets and sets the property Principal.
4359
/// </summary>

sdk/src/Services/LakeFormation/Generated/Model/DeleteLakeFormationOptInRequest.cs

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,9 +36,25 @@ namespace Amazon.LakeFormation.Model
3636
/// </summary>
3737
public partial class DeleteLakeFormationOptInRequest : AmazonLakeFormationRequest
3838
{
39+
private Condition _condition;
3940
private DataLakePrincipal _principal;
4041
private Resource _resource;
4142

43+
/// <summary>
44+
/// Gets and sets the property Condition.
45+
/// </summary>
46+
public Condition Condition
47+
{
48+
get { return this._condition; }
49+
set { this._condition = value; }
50+
}
51+
52+
// Check to see if Condition property is set
53+
internal bool IsSetCondition()
54+
{
55+
return this._condition != null;
56+
}
57+
4258
/// <summary>
4359
/// Gets and sets the property Principal.
4460
/// </summary>

sdk/src/Services/LakeFormation/Generated/Model/GrantPermissionsRequest.cs

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,7 @@ namespace Amazon.LakeFormation.Model
4343
public partial class GrantPermissionsRequest : AmazonLakeFormationRequest
4444
{
4545
private string _catalogId;
46+
private Condition _condition;
4647
private List<string> _permissions = AWSConfigs.InitializeCollections ? new List<string>() : null;
4748
private List<string> _permissionsWithGrantOption = AWSConfigs.InitializeCollections ? new List<string>() : null;
4849
private DataLakePrincipal _principal;
@@ -69,6 +70,21 @@ internal bool IsSetCatalogId()
6970
return this._catalogId != null;
7071
}
7172

73+
/// <summary>
74+
/// Gets and sets the property Condition.
75+
/// </summary>
76+
public Condition Condition
77+
{
78+
get { return this._condition; }
79+
set { this._condition = value; }
80+
}
81+
82+
// Check to see if Condition property is set
83+
internal bool IsSetCondition()
84+
{
85+
return this._condition != null;
86+
}
87+
7288
/// <summary>
7389
/// Gets and sets the property Permissions.
7490
/// <para>

sdk/src/Services/LakeFormation/Generated/Model/Internal/MarshallTransformations/BatchPermissionsRequestEntryMarshaller.cs

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -48,6 +48,17 @@ public void Marshall(BatchPermissionsRequestEntry requestObject, JsonMarshallerC
4848
{
4949
if(requestObject == null)
5050
return;
51+
if(requestObject.IsSetCondition())
52+
{
53+
context.Writer.WritePropertyName("Condition");
54+
context.Writer.WriteObjectStart();
55+
56+
var marshaller = ConditionMarshaller.Instance;
57+
marshaller.Marshall(requestObject.Condition, context);
58+
59+
context.Writer.WriteObjectEnd();
60+
}
61+
5162
if(requestObject.IsSetId())
5263
{
5364
context.Writer.WritePropertyName("Id");

0 commit comments

Comments
 (0)