lakeformation

package module
v0.26.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 1, 2020 License: Apache-2.0 Imports: 26 Imported by: 11

Documentation

Index

Constants

View Source 
const ServiceAPIVersion = "2017-03-31"
View Source 
const ServiceID = "LakeFormation"

Variables

This section is empty.

Functions

func AddResolveEndpointMiddleware 

func AddResolveEndpointMiddleware(stack *middleware.Stack, options ResolveEndpointMiddlewareOptions)

func NewDefaultEndpointResolver 

func NewDefaultEndpointResolver() *internalendpoints.Resolver

NewDefaultEndpointResolver constructs a new service endpoint resolver

func RemoveResolveEndpointMiddleware 

func RemoveResolveEndpointMiddleware(stack *middleware.Stack) error

Types

type BatchGrantPermissionsInput 

type BatchGrantPermissionsInput struct {

	// A list of up to 20 entries for resource permissions to be granted by batch
	// operation to the principal.
	//
	// This member is required.
	Entries []*types.BatchPermissionsRequestEntry

	// The identifier for the Data Catalog. By default, the account ID. The Data
	// Catalog is the persistent metadata store. It contains database definitions,
	// table definitions, and other control information to manage your AWS Lake
	// Formation environment.
	CatalogId *string
}

type BatchGrantPermissionsOutput 

type BatchGrantPermissionsOutput struct {

	// A list of failures to grant permissions to the resources.
	Failures []*types.BatchPermissionsFailureEntry

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

type BatchRevokePermissionsInput 

type BatchRevokePermissionsInput struct {

	// The identifier for the Data Catalog. By default, the account ID. The Data
	// Catalog is the persistent metadata store. It contains database definitions,
	// table definitions, and other control information to manage your AWS Lake
	// Formation environment.
	CatalogId *string

	// A list of up to 20 entries for resource permissions to be revoked by batch
	// operation to the principal.
	//
	// This member is required.
	Entries []*types.BatchPermissionsRequestEntry
}

type BatchRevokePermissionsOutput 

type BatchRevokePermissionsOutput struct {

	// A list of failures to revoke permissions to the resources.
	Failures []*types.BatchPermissionsFailureEntry

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

type Client 

type Client struct {
	// contains filtered or unexported fields
}

AWS Lake Formation Defines the public endpoint for the AWS Lake Formation service.

func New 

func New(options Options, optFns ...func(*Options)) *Client

New returns an initialized Client based on the functional options. Provide additional functional options to further configure the behavior of the client, such as changing the client's endpoint or adding custom middleware behavior.

func NewFromConfig 

func NewFromConfig(cfg aws.Config, optFns ...func(*Options)) *Client

NewFromConfig returns a new client from the provided config.

func (*Client) BatchGrantPermissions 

func (c *Client) BatchGrantPermissions(ctx context.Context, params *BatchGrantPermissionsInput, optFns ...func(*Options)) (*BatchGrantPermissionsOutput, error)

Batch operation to grant permissions to the principal.

func (*Client) BatchRevokePermissions 

func (c *Client) BatchRevokePermissions(ctx context.Context, params *BatchRevokePermissionsInput, optFns ...func(*Options)) (*BatchRevokePermissionsOutput, error)

Batch operation to revoke permissions from the principal.

func (*Client) DeregisterResource 

func (c *Client) DeregisterResource(ctx context.Context, params *DeregisterResourceInput, optFns ...func(*Options)) (*DeregisterResourceOutput, error)

Deregisters the resource as managed by the Data Catalog. <p>When you deregister a path, Lake Formation removes the path from the inline policy attached to your service-linked role.</p>

func (*Client) DescribeResource 

func (c *Client) DescribeResource(ctx context.Context, params *DescribeResourceInput, optFns ...func(*Options)) (*DescribeResourceOutput, error)

Retrieves the current data access role for the given resource registered in AWS Lake Formation.

func (*Client) GetDataLakeSettings 

func (c *Client) GetDataLakeSettings(ctx context.Context, params *GetDataLakeSettingsInput, optFns ...func(*Options)) (*GetDataLakeSettingsOutput, error)

Retrieves the list of the data lake administrators of a Lake Formation-managed data lake.

func (*Client) GetEffectivePermissionsForPath 

func (c *Client) GetEffectivePermissionsForPath(ctx context.Context, params *GetEffectivePermissionsForPathInput, optFns ...func(*Options)) (*GetEffectivePermissionsForPathOutput, error)

Returns the Lake Formation permissions for a specified table or database resource located at a path in Amazon S3. GetEffectivePermissionsForPath will not return databases and tables if the catalog is encrypted.

func (*Client) GrantPermissions 

func (c *Client) GrantPermissions(ctx context.Context, params *GrantPermissionsInput, optFns ...func(*Options)) (*GrantPermissionsOutput, error)

Grants permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3. For information about permissions, see Security and Access Control to Metadata and Data (https://docs-aws.amazon.com/lake-formation/latest/dg/security-data-access.html).

func (*Client) ListPermissions 

func (c *Client) ListPermissions(ctx context.Context, params *ListPermissionsInput, optFns ...func(*Options)) (*ListPermissionsOutput, error)

Returns a list of the principal permissions on the resource, filtered by the permissions of the caller. For example, if you are granted an ALTER permission, you are able to see only the principal permissions for ALTER. This operation returns only those permissions that have been explicitly granted. For information about permissions, see Security and Access Control to Metadata and Data (https://docs-aws.amazon.com/lake-formation/latest/dg/security-data-access.html).

func (*Client) ListResources 

func (c *Client) ListResources(ctx context.Context, params *ListResourcesInput, optFns ...func(*Options)) (*ListResourcesOutput, error)

Lists the resources registered to be managed by the Data Catalog.

func (*Client) PutDataLakeSettings 

func (c *Client) PutDataLakeSettings(ctx context.Context, params *PutDataLakeSettingsInput, optFns ...func(*Options)) (*PutDataLakeSettingsOutput, error)

Sets the list of data lake administrators who have admin privileges on all resources managed by Lake Formation. For more information on admin privileges, see Granting Lake Formation Permissions (https://docs.aws.amazon.com/lake-formation/latest/dg/lake-formation-permissions.html). <p>This API replaces the current list of data lake admins with the new list being passed. To add an admin, fetch the current list and add the new admin to that list and pass that list in this API.</p>

func (*Client) RegisterResource 

func (c *Client) RegisterResource(ctx context.Context, params *RegisterResourceInput, optFns ...func(*Options)) (*RegisterResourceOutput, error)

Registers the resource as managed by the Data Catalog. <p>To add or update data, Lake Formation needs read/write access to the chosen Amazon S3 path. Choose a role that you know has permission to do this, or choose the AWSServiceRoleForLakeFormationDataAccess service-linked role. When you register the first Amazon S3 path, the service-linked role and a new inline policy are created on your behalf. Lake Formation adds the first path to the inline policy and attaches it to the service-linked role. When you register subsequent paths, Lake Formation adds the path to the existing policy.</p> <p>The following request registers a new location and gives AWS Lake Formation permission to use the service-linked role to access that location.</p> <p> <code>ResourceArn = arn:aws:s3:::my-bucket UseServiceLinkedRole = true <p>If <code>UseServiceLinkedRole</code> is not set to true, you must provide or set the <code>RoleArn</code>:</p> <p> <code>arn:aws:iam::12345:role/my-data-access-role</code> </p>

func (*Client) RevokePermissions 

func (c *Client) RevokePermissions(ctx context.Context, params *RevokePermissionsInput, optFns ...func(*Options)) (*RevokePermissionsOutput, error)

Revokes permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3.

func (*Client) UpdateResource 

func (c *Client) UpdateResource(ctx context.Context, params *UpdateResourceInput, optFns ...func(*Options)) (*UpdateResourceOutput, error)

Updates the data access role used for vending access to the given (registered) resource in AWS Lake Formation.

type DeregisterResourceInput 

type DeregisterResourceInput struct {

	// The Amazon Resource Name (ARN) of the resource that you want to deregister.
	//
	// This member is required.
	ResourceArn *string
}

type DeregisterResourceOutput 

type DeregisterResourceOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

type DescribeResourceInput 

type DescribeResourceInput struct {

	// The resource ARN.
	//
	// This member is required.
	ResourceArn *string
}

type DescribeResourceOutput 

type DescribeResourceOutput struct {

	// A structure containing information about an AWS Lake Formation resource.
	ResourceInfo *types.ResourceInfo

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

type EndpointResolver 

type EndpointResolver interface {
	ResolveEndpoint(region string, options ResolverOptions) (aws.Endpoint, error)
}

EndpointResolver interface for resolving service endpoints.

func WithEndpointResolver 

func WithEndpointResolver(awsResolver aws.EndpointResolver, fallbackResolver EndpointResolver) EndpointResolver

WithEndpointResolver returns an EndpointResolver that first delegates endpoint resolution to the awsResolver. If awsResolver returns aws.EndpointNotFoundError error, the resolver will use the the provided fallbackResolver for resolution. awsResolver and fallbackResolver must not be nil

type EndpointResolverFunc 

type EndpointResolverFunc func(region string, options ResolverOptions) (aws.Endpoint, error)

EndpointResolverFunc is a helper utility that wraps a function so it satisfies the EndpointResolver interface. This is useful when you want to add additional endpoint resolving logic, or stub out specific endpoints with custom values.

func (EndpointResolverFunc) ResolveEndpoint 

func (fn EndpointResolverFunc) ResolveEndpoint(region string, options ResolverOptions) (endpoint aws.Endpoint, err error)

type GetDataLakeSettingsInput 

type GetDataLakeSettingsInput struct {

	// The identifier for the Data Catalog. By default, the account ID. The Data
	// Catalog is the persistent metadata store. It contains database definitions,
	// table definitions, and other control information to manage your AWS Lake
	// Formation environment.
	CatalogId *string
}

type GetDataLakeSettingsOutput 

type GetDataLakeSettingsOutput struct {

	// A structure representing a list of AWS Lake Formation principals designated as
	// data lake administrators.
	DataLakeSettings *types.DataLakeSettings

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

type GetEffectivePermissionsForPathInput 

type GetEffectivePermissionsForPathInput struct {

	// The identifier for the Data Catalog. By default, the account ID. The Data
	// Catalog is the persistent metadata store. It contains database definitions,
	// table definitions, and other control information to manage your AWS Lake
	// Formation environment.
	CatalogId *string

	// The Amazon Resource Name (ARN) of the resource for which you want to get
	// permissions.
	//
	// This member is required.
	ResourceArn *string

	// The maximum number of results to return.
	MaxResults *int32

	// A continuation token, if this is not the first call to retrieve this list.
	NextToken *string
}

type GetEffectivePermissionsForPathOutput 

type GetEffectivePermissionsForPathOutput struct {

	// A list of the permissions for the specified table or database resource located
	// at the path in Amazon S3.
	Permissions []*types.PrincipalResourcePermissions

	// A continuation token, if this is not the first call to retrieve this list.
	NextToken *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

type GrantPermissionsInput 

type GrantPermissionsInput struct {

	// The permissions granted to the principal on the resource. AWS Lake Formation
	// defines privileges to grant and revoke access to metadata in the Data Catalog
	// and data organized in underlying data storage such as Amazon S3. AWS Lake
	// Formation requires that each principal be authorized to perform a specific task
	// on AWS Lake Formation resources.
	//
	// This member is required.
	Permissions []types.Permission

	// The identifier for the Data Catalog. By default, the account ID. The Data
	// Catalog is the persistent metadata store. It contains database definitions,
	// table definitions, and other control information to manage your AWS Lake
	// Formation environment.
	CatalogId *string

	// The principal to be granted the permissions on the resource. Supported
	// principals are IAM users or IAM roles, and they are defined by their principal
	// type and their ARN. Note that if you define a resource with a particular ARN,
	// then later delete, and recreate a resource with that same ARN, the resource
	// maintains the permissions already granted.
	//
	// This member is required.
	Principal *types.DataLakePrincipal

	// Indicates a list of the granted permissions that the principal may pass to other
	// users. These permissions may only be a subset of the permissions granted in the
	// Privileges.
	PermissionsWithGrantOption []types.Permission

	// The resource to which permissions are to be granted. Resources in AWS Lake
	// Formation are the Data Catalog, databases, and tables.
	//
	// This member is required.
	Resource *types.Resource
}

type GrantPermissionsOutput 

type GrantPermissionsOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

type HTTPClient 

type HTTPClient interface {
	Do(*http.Request) (*http.Response, error)
}

type HTTPSignerV4 

type HTTPSignerV4 interface {
	SignHTTP(ctx context.Context, credentials aws.Credentials, r *http.Request, payloadHash string, service string, region string, signingTime time.Time) error
}

type ListPermissionsInput 

type ListPermissionsInput struct {

	// A continuation token, if this is not the first call to retrieve this list.
	NextToken *string

	// Specifies a resource type to filter the permissions returned.
	ResourceType types.DataLakeResourceType

	// The identifier for the Data Catalog. By default, the account ID. The Data
	// Catalog is the persistent metadata store. It contains database definitions,
	// table definitions, and other control information to manage your AWS Lake
	// Formation environment.
	CatalogId *string

	// Specifies a principal to filter the permissions returned.
	Principal *types.DataLakePrincipal

	// The maximum number of results to return.
	MaxResults *int32

	// A resource where you will get a list of the principal permissions. This
	// operation does not support getting privileges on a table with columns. Instead,
	// call this operation on the table, and the operation returns the table and the
	// table w columns.
	Resource *types.Resource
}

type ListPermissionsOutput 

type ListPermissionsOutput struct {

	// A continuation token, if this is not the first call to retrieve this list.
	NextToken *string

	// A list of principals and their permissions on the resource for the specified
	// principal and resource types.
	PrincipalResourcePermissions []*types.PrincipalResourcePermissions

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

type ListResourcesInput 

type ListResourcesInput struct {

	// The maximum number of resource results.
	MaxResults *int32

	// A continuation token, if this is not the first call to retrieve these resources.
	NextToken *string

	// Any applicable row-level and/or column-level filtering conditions for the
	// resources.
	FilterConditionList []*types.FilterCondition
}

type ListResourcesOutput 

type ListResourcesOutput struct {

	// A summary of the data lake resources.
	ResourceInfoList []*types.ResourceInfo

	// A continuation token, if this is not the first call to retrieve these resources.
	NextToken *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

type Options 

type Options struct {
	// Set of options to modify how an operation is invoked. These apply to all
	// operations invoked for this client. Use functional options on operation call to
	// modify this list for per operation behavior.
	APIOptions []func(*middleware.Stack) error

	// The credentials object to use when signing requests.
	Credentials aws.CredentialsProvider

	// The endpoint options to be used when attempting to resolve an endpoint.
	EndpointOptions ResolverOptions

	// The service endpoint resolver.
	EndpointResolver EndpointResolver

	// Signature Version 4 (SigV4) Signer
	HTTPSignerV4 HTTPSignerV4

	// The region to send requests to. (Required)
	Region string

	// Retryer guides how HTTP requests should be retried in case of recoverable
	// failures. When nil the API client will use a default retryer.
	Retryer retry.Retryer

	// The HTTP client to invoke API calls with. Defaults to client's default HTTP
	// implementation if nil.
	HTTPClient HTTPClient
}

func (Options) Copy 

func (o Options) Copy() Options

Copy creates a clone where the APIOptions list is deep copied.

func (Options) GetCredentials 

func (o Options) GetCredentials() aws.CredentialsProvider

func (Options) GetEndpointOptions 

func (o Options) GetEndpointOptions() ResolverOptions

func (Options) GetEndpointResolver 

func (o Options) GetEndpointResolver() EndpointResolver

func (Options) GetHTTPSignerV4 

func (o Options) GetHTTPSignerV4() HTTPSignerV4

func (Options) GetRegion 

func (o Options) GetRegion() string

func (Options) GetRetryer 

func (o Options) GetRetryer() retry.Retryer

type PutDataLakeSettingsInput 

type PutDataLakeSettingsInput struct {

	// A structure representing a list of AWS Lake Formation principals designated as
	// data lake administrators.
	//
	// This member is required.
	DataLakeSettings *types.DataLakeSettings

	// The identifier for the Data Catalog. By default, the account ID. The Data
	// Catalog is the persistent metadata store. It contains database definitions,
	// table definitions, and other control information to manage your AWS Lake
	// Formation environment.
	CatalogId *string
}

type PutDataLakeSettingsOutput 

type PutDataLakeSettingsOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

type RegisterResourceInput 

type RegisterResourceInput struct {

	// The Amazon Resource Name (ARN) of the resource that you want to register.
	//
	// This member is required.
	ResourceArn *string

	// The identifier for the role that registers the resource.
	RoleArn *string

	// Designates an AWS Identity and Access Management (IAM) service-linked role by
	// registering this role with the Data Catalog. A service-linked role is a unique
	// type of IAM role that is linked directly to Lake Formation.  <p>For more
	// information, see <a
	// href="https://docs-aws.amazon.com/lake-formation/latest/dg/service-linked-roles.html">Using
	// Service-Linked Roles for Lake Formation</a>.</p>
	UseServiceLinkedRole *bool
}

type RegisterResourceOutput 

type RegisterResourceOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

type ResolveEndpoint 

type ResolveEndpoint struct {
	Resolver EndpointResolver
	Options  ResolverOptions
}

func (*ResolveEndpoint) HandleSerialize 

func (m *ResolveEndpoint) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
)

func (*ResolveEndpoint) ID 

func (*ResolveEndpoint) ID() string

type ResolveEndpointMiddlewareOptions 

type ResolveEndpointMiddlewareOptions interface {
	GetEndpointResolver() EndpointResolver
	GetEndpointOptions() ResolverOptions
}

type ResolverOptions 

type ResolverOptions = internalendpoints.Options

ResolverOptions is the service endpoint resolver options

type RevokePermissionsInput 

type RevokePermissionsInput struct {

	// The identifier for the Data Catalog. By default, the account ID. The Data
	// Catalog is the persistent metadata store. It contains database definitions,
	// table definitions, and other control information to manage your AWS Lake
	// Formation environment.
	CatalogId *string

	// The principal to be revoked permissions on the resource.
	//
	// This member is required.
	Principal *types.DataLakePrincipal

	// Indicates a list of permissions for which to revoke the grant option allowing
	// the principal to pass permissions to other principals.
	PermissionsWithGrantOption []types.Permission

	// The permissions revoked to the principal on the resource. For information about
	// permissions, see Security and Access Control to Metadata and Data
	// (https://docs-aws.amazon.com/lake-formation/latest/dg/security-data-access.html).
	//
	// This member is required.
	Permissions []types.Permission

	// The resource to which permissions are to be revoked.
	//
	// This member is required.
	Resource *types.Resource
}

type RevokePermissionsOutput 

type RevokePermissionsOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

type UpdateResourceInput 

type UpdateResourceInput struct {

	// The resource ARN.
	//
	// This member is required.
	ResourceArn *string

	// The new role to use for the given resource registered in AWS Lake Formation.
	//
	// This member is required.
	RoleArn *string
}

type UpdateResourceOutput 

type UpdateResourceOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

Source Files

View all Source files

Directories

Path Synopsis
internal
endpoints

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.