lakeformation

package module
v0.30.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 30, 2020 License: Apache-2.0 Imports: 27 Imported by: 12

Documentation

Overview

Package lakeformation provides the API client, operations, and parameter types for AWS Lake Formation.

AWS Lake Formation Defines the public endpoint for the AWS Lake Formation service.

Index

Constants

View Source
const ServiceAPIVersion = "2017-03-31"
View Source
const ServiceID = "LakeFormation"

Variables

This section is empty.

Functions

func NewDefaultEndpointResolver

func NewDefaultEndpointResolver() *internalendpoints.Resolver

NewDefaultEndpointResolver constructs a new service endpoint resolver

Types

type BatchGrantPermissionsInput

type BatchGrantPermissionsInput struct {

	// A list of up to 20 entries for resource permissions to be granted by batch
	// operation to the principal.
	//
	// This member is required.
	Entries []types.BatchPermissionsRequestEntry

	// The identifier for the Data Catalog. By default, the account ID. The Data
	// Catalog is the persistent metadata store. It contains database definitions,
	// table definitions, and other control information to manage your AWS Lake
	// Formation environment.
	CatalogId *string
}

type BatchGrantPermissionsOutput

type BatchGrantPermissionsOutput struct {

	// A list of failures to grant permissions to the resources.
	Failures []types.BatchPermissionsFailureEntry

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

type BatchRevokePermissionsInput

type BatchRevokePermissionsInput struct {

	// A list of up to 20 entries for resource permissions to be revoked by batch
	// operation to the principal.
	//
	// This member is required.
	Entries []types.BatchPermissionsRequestEntry

	// The identifier for the Data Catalog. By default, the account ID. The Data
	// Catalog is the persistent metadata store. It contains database definitions,
	// table definitions, and other control information to manage your AWS Lake
	// Formation environment.
	CatalogId *string
}

type BatchRevokePermissionsOutput

type BatchRevokePermissionsOutput struct {

	// A list of failures to revoke permissions to the resources.
	Failures []types.BatchPermissionsFailureEntry

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

type Client

type Client struct {
	// contains filtered or unexported fields
}

Client provides the API client to make operations call for AWS Lake Formation.

func New

func New(options Options, optFns ...func(*Options)) *Client

New returns an initialized Client based on the functional options. Provide additional functional options to further configure the behavior of the client, such as changing the client's endpoint or adding custom middleware behavior.

func NewFromConfig

func NewFromConfig(cfg aws.Config, optFns ...func(*Options)) *Client

NewFromConfig returns a new client from the provided config.

func (*Client) BatchGrantPermissions

func (c *Client) BatchGrantPermissions(ctx context.Context, params *BatchGrantPermissionsInput, optFns ...func(*Options)) (*BatchGrantPermissionsOutput, error)

Batch operation to grant permissions to the principal.

func (*Client) BatchRevokePermissions

func (c *Client) BatchRevokePermissions(ctx context.Context, params *BatchRevokePermissionsInput, optFns ...func(*Options)) (*BatchRevokePermissionsOutput, error)

Batch operation to revoke permissions from the principal.

func (*Client) DeregisterResource

func (c *Client) DeregisterResource(ctx context.Context, params *DeregisterResourceInput, optFns ...func(*Options)) (*DeregisterResourceOutput, error)

Deregisters the resource as managed by the Data Catalog. When you deregister a path, Lake Formation removes the path from the inline policy attached to your service-linked role.

func (*Client) DescribeResource

func (c *Client) DescribeResource(ctx context.Context, params *DescribeResourceInput, optFns ...func(*Options)) (*DescribeResourceOutput, error)

Retrieves the current data access role for the given resource registered in AWS Lake Formation.

func (*Client) GetDataLakeSettings

func (c *Client) GetDataLakeSettings(ctx context.Context, params *GetDataLakeSettingsInput, optFns ...func(*Options)) (*GetDataLakeSettingsOutput, error)

Retrieves the list of the data lake administrators of a Lake Formation-managed data lake.

func (*Client) GetEffectivePermissionsForPath

func (c *Client) GetEffectivePermissionsForPath(ctx context.Context, params *GetEffectivePermissionsForPathInput, optFns ...func(*Options)) (*GetEffectivePermissionsForPathOutput, error)

Returns the Lake Formation permissions for a specified table or database resource located at a path in Amazon S3. GetEffectivePermissionsForPath will not return databases and tables if the catalog is encrypted.

func (*Client) GrantPermissions

func (c *Client) GrantPermissions(ctx context.Context, params *GrantPermissionsInput, optFns ...func(*Options)) (*GrantPermissionsOutput, error)

Grants permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3. For information about permissions, see Security and Access Control to Metadata and Data (https://docs-aws.amazon.com/lake-formation/latest/dg/security-data-access.html).

func (*Client) ListPermissions

func (c *Client) ListPermissions(ctx context.Context, params *ListPermissionsInput, optFns ...func(*Options)) (*ListPermissionsOutput, error)

Returns a list of the principal permissions on the resource, filtered by the permissions of the caller. For example, if you are granted an ALTER permission, you are able to see only the principal permissions for ALTER. This operation returns only those permissions that have been explicitly granted. For information about permissions, see Security and Access Control to Metadata and Data (https://docs-aws.amazon.com/lake-formation/latest/dg/security-data-access.html).

func (*Client) ListResources

func (c *Client) ListResources(ctx context.Context, params *ListResourcesInput, optFns ...func(*Options)) (*ListResourcesOutput, error)

Lists the resources registered to be managed by the Data Catalog.

func (*Client) PutDataLakeSettings

func (c *Client) PutDataLakeSettings(ctx context.Context, params *PutDataLakeSettingsInput, optFns ...func(*Options)) (*PutDataLakeSettingsOutput, error)

Sets the list of data lake administrators who have admin privileges on all resources managed by Lake Formation. For more information on admin privileges, see Granting Lake Formation Permissions (https://docs.aws.amazon.com/lake-formation/latest/dg/lake-formation-permissions.html). This API replaces the current list of data lake admins with the new list being passed. To add an admin, fetch the current list and add the new admin to that list and pass that list in this API.

func (*Client) RegisterResource

func (c *Client) RegisterResource(ctx context.Context, params *RegisterResourceInput, optFns ...func(*Options)) (*RegisterResourceOutput, error)

Registers the resource as managed by the Data Catalog. To add or update data, Lake Formation needs read/write access to the chosen Amazon S3 path. Choose a role that you know has permission to do this, or choose the AWSServiceRoleForLakeFormationDataAccess service-linked role. When you register the first Amazon S3 path, the service-linked role and a new inline policy are created on your behalf. Lake Formation adds the first path to the inline policy and attaches it to the service-linked role. When you register subsequent paths, Lake Formation adds the path to the existing policy. The following request registers a new location and gives AWS Lake Formation permission to use the service-linked role to access that location. ResourceArn = arn:aws:s3:::my-bucket UseServiceLinkedRole = true If UseServiceLinkedRole is not set to true, you must provide or set the RoleArn: arn:aws:iam::12345:role/my-data-access-role

func (*Client) RevokePermissions

func (c *Client) RevokePermissions(ctx context.Context, params *RevokePermissionsInput, optFns ...func(*Options)) (*RevokePermissionsOutput, error)

Revokes permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3.

func (*Client) UpdateResource

func (c *Client) UpdateResource(ctx context.Context, params *UpdateResourceInput, optFns ...func(*Options)) (*UpdateResourceOutput, error)

Updates the data access role used for vending access to the given (registered) resource in AWS Lake Formation.

type DeregisterResourceInput

type DeregisterResourceInput struct {

	// The Amazon Resource Name (ARN) of the resource that you want to deregister.
	//
	// This member is required.
	ResourceArn *string
}

type DeregisterResourceOutput

type DeregisterResourceOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

type DescribeResourceInput

type DescribeResourceInput struct {

	// The resource ARN.
	//
	// This member is required.
	ResourceArn *string
}

type DescribeResourceOutput

type DescribeResourceOutput struct {

	// A structure containing information about an AWS Lake Formation resource.
	ResourceInfo *types.ResourceInfo

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

type EndpointResolver

type EndpointResolver interface {
	ResolveEndpoint(region string, options EndpointResolverOptions) (aws.Endpoint, error)
}

EndpointResolver interface for resolving service endpoints.

func WithEndpointResolver

func WithEndpointResolver(awsResolver aws.EndpointResolver, fallbackResolver EndpointResolver) EndpointResolver

WithEndpointResolver returns an EndpointResolver that first delegates endpoint resolution to the awsResolver. If awsResolver returns aws.EndpointNotFoundError error, the resolver will use the the provided fallbackResolver for resolution. awsResolver and fallbackResolver must not be nil

type EndpointResolverFunc

type EndpointResolverFunc func(region string, options EndpointResolverOptions) (aws.Endpoint, error)

EndpointResolverFunc is a helper utility that wraps a function so it satisfies the EndpointResolver interface. This is useful when you want to add additional endpoint resolving logic, or stub out specific endpoints with custom values.

func (EndpointResolverFunc) ResolveEndpoint

func (fn EndpointResolverFunc) ResolveEndpoint(region string, options EndpointResolverOptions) (endpoint aws.Endpoint, err error)

type EndpointResolverOptions added in v0.29.0

type EndpointResolverOptions = internalendpoints.Options

EndpointResolverOptions is the service endpoint resolver options

type GetDataLakeSettingsInput

type GetDataLakeSettingsInput struct {

	// The identifier for the Data Catalog. By default, the account ID. The Data
	// Catalog is the persistent metadata store. It contains database definitions,
	// table definitions, and other control information to manage your AWS Lake
	// Formation environment.
	CatalogId *string
}

type GetDataLakeSettingsOutput

type GetDataLakeSettingsOutput struct {

	// A structure representing a list of AWS Lake Formation principals designated as
	// data lake administrators.
	DataLakeSettings *types.DataLakeSettings

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

type GetEffectivePermissionsForPathAPIClient added in v0.30.0

type GetEffectivePermissionsForPathAPIClient interface {
	GetEffectivePermissionsForPath(context.Context, *GetEffectivePermissionsForPathInput, ...func(*Options)) (*GetEffectivePermissionsForPathOutput, error)
}

GetEffectivePermissionsForPathAPIClient is a client that implements the GetEffectivePermissionsForPath operation.

type GetEffectivePermissionsForPathInput

type GetEffectivePermissionsForPathInput struct {

	// The Amazon Resource Name (ARN) of the resource for which you want to get
	// permissions.
	//
	// This member is required.
	ResourceArn *string

	// The identifier for the Data Catalog. By default, the account ID. The Data
	// Catalog is the persistent metadata store. It contains database definitions,
	// table definitions, and other control information to manage your AWS Lake
	// Formation environment.
	CatalogId *string

	// The maximum number of results to return.
	MaxResults *int32

	// A continuation token, if this is not the first call to retrieve this list.
	NextToken *string
}

type GetEffectivePermissionsForPathOutput

type GetEffectivePermissionsForPathOutput struct {

	// A continuation token, if this is not the first call to retrieve this list.
	NextToken *string

	// A list of the permissions for the specified table or database resource located
	// at the path in Amazon S3.
	Permissions []types.PrincipalResourcePermissions

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

type GetEffectivePermissionsForPathPaginator added in v0.30.0

type GetEffectivePermissionsForPathPaginator struct {
	// contains filtered or unexported fields
}

GetEffectivePermissionsForPathPaginator is a paginator for GetEffectivePermissionsForPath

func NewGetEffectivePermissionsForPathPaginator added in v0.30.0

NewGetEffectivePermissionsForPathPaginator returns a new GetEffectivePermissionsForPathPaginator

func (*GetEffectivePermissionsForPathPaginator) HasMorePages added in v0.30.0

HasMorePages returns a boolean indicating whether more pages are available

func (*GetEffectivePermissionsForPathPaginator) NextPage added in v0.30.0

NextPage retrieves the next GetEffectivePermissionsForPath page.

type GetEffectivePermissionsForPathPaginatorOptions added in v0.30.0

type GetEffectivePermissionsForPathPaginatorOptions struct {
	// The maximum number of results to return.
	Limit int32

	// Set to true if pagination should stop if the service returns a pagination token
	// that matches the most recent token provided to the service.
	StopOnDuplicateToken bool
}

GetEffectivePermissionsForPathPaginatorOptions is the paginator options for GetEffectivePermissionsForPath

type GrantPermissionsInput

type GrantPermissionsInput struct {

	// The permissions granted to the principal on the resource. AWS Lake Formation
	// defines privileges to grant and revoke access to metadata in the Data Catalog
	// and data organized in underlying data storage such as Amazon S3. AWS Lake
	// Formation requires that each principal be authorized to perform a specific task
	// on AWS Lake Formation resources.
	//
	// This member is required.
	Permissions []types.Permission

	// The principal to be granted the permissions on the resource. Supported
	// principals are IAM users or IAM roles, and they are defined by their principal
	// type and their ARN. Note that if you define a resource with a particular ARN,
	// then later delete, and recreate a resource with that same ARN, the resource
	// maintains the permissions already granted.
	//
	// This member is required.
	Principal *types.DataLakePrincipal

	// The resource to which permissions are to be granted. Resources in AWS Lake
	// Formation are the Data Catalog, databases, and tables.
	//
	// This member is required.
	Resource *types.Resource

	// The identifier for the Data Catalog. By default, the account ID. The Data
	// Catalog is the persistent metadata store. It contains database definitions,
	// table definitions, and other control information to manage your AWS Lake
	// Formation environment.
	CatalogId *string

	// Indicates a list of the granted permissions that the principal may pass to other
	// users. These permissions may only be a subset of the permissions granted in the
	// Privileges.
	PermissionsWithGrantOption []types.Permission
}

type GrantPermissionsOutput

type GrantPermissionsOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

type HTTPClient

type HTTPClient interface {
	Do(*http.Request) (*http.Response, error)
}

type HTTPSignerV4

type HTTPSignerV4 interface {
	SignHTTP(ctx context.Context, credentials aws.Credentials, r *http.Request, payloadHash string, service string, region string, signingTime time.Time) error
}

type ListPermissionsAPIClient added in v0.30.0

type ListPermissionsAPIClient interface {
	ListPermissions(context.Context, *ListPermissionsInput, ...func(*Options)) (*ListPermissionsOutput, error)
}

ListPermissionsAPIClient is a client that implements the ListPermissions operation.

type ListPermissionsInput

type ListPermissionsInput struct {

	// The identifier for the Data Catalog. By default, the account ID. The Data
	// Catalog is the persistent metadata store. It contains database definitions,
	// table definitions, and other control information to manage your AWS Lake
	// Formation environment.
	CatalogId *string

	// The maximum number of results to return.
	MaxResults *int32

	// A continuation token, if this is not the first call to retrieve this list.
	NextToken *string

	// Specifies a principal to filter the permissions returned.
	Principal *types.DataLakePrincipal

	// A resource where you will get a list of the principal permissions. This
	// operation does not support getting privileges on a table with columns. Instead,
	// call this operation on the table, and the operation returns the table and the
	// table w columns.
	Resource *types.Resource

	// Specifies a resource type to filter the permissions returned.
	ResourceType types.DataLakeResourceType
}

type ListPermissionsOutput

type ListPermissionsOutput struct {

	// A continuation token, if this is not the first call to retrieve this list.
	NextToken *string

	// A list of principals and their permissions on the resource for the specified
	// principal and resource types.
	PrincipalResourcePermissions []types.PrincipalResourcePermissions

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

type ListPermissionsPaginator added in v0.30.0

type ListPermissionsPaginator struct {
	// contains filtered or unexported fields
}

ListPermissionsPaginator is a paginator for ListPermissions

func NewListPermissionsPaginator added in v0.30.0

func NewListPermissionsPaginator(client ListPermissionsAPIClient, params *ListPermissionsInput, optFns ...func(*ListPermissionsPaginatorOptions)) *ListPermissionsPaginator

NewListPermissionsPaginator returns a new ListPermissionsPaginator

func (*ListPermissionsPaginator) HasMorePages added in v0.30.0

func (p *ListPermissionsPaginator) HasMorePages() bool

HasMorePages returns a boolean indicating whether more pages are available

func (*ListPermissionsPaginator) NextPage added in v0.30.0

func (p *ListPermissionsPaginator) NextPage(ctx context.Context, optFns ...func(*Options)) (*ListPermissionsOutput, error)

NextPage retrieves the next ListPermissions page.

type ListPermissionsPaginatorOptions added in v0.30.0

type ListPermissionsPaginatorOptions struct {
	// The maximum number of results to return.
	Limit int32

	// Set to true if pagination should stop if the service returns a pagination token
	// that matches the most recent token provided to the service.
	StopOnDuplicateToken bool
}

ListPermissionsPaginatorOptions is the paginator options for ListPermissions

type ListResourcesAPIClient added in v0.30.0

type ListResourcesAPIClient interface {
	ListResources(context.Context, *ListResourcesInput, ...func(*Options)) (*ListResourcesOutput, error)
}

ListResourcesAPIClient is a client that implements the ListResources operation.

type ListResourcesInput

type ListResourcesInput struct {

	// Any applicable row-level and/or column-level filtering conditions for the
	// resources.
	FilterConditionList []types.FilterCondition

	// The maximum number of resource results.
	MaxResults *int32

	// A continuation token, if this is not the first call to retrieve these resources.
	NextToken *string
}

type ListResourcesOutput

type ListResourcesOutput struct {

	// A continuation token, if this is not the first call to retrieve these resources.
	NextToken *string

	// A summary of the data lake resources.
	ResourceInfoList []types.ResourceInfo

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

type ListResourcesPaginator added in v0.30.0

type ListResourcesPaginator struct {
	// contains filtered or unexported fields
}

ListResourcesPaginator is a paginator for ListResources

func NewListResourcesPaginator added in v0.30.0

func NewListResourcesPaginator(client ListResourcesAPIClient, params *ListResourcesInput, optFns ...func(*ListResourcesPaginatorOptions)) *ListResourcesPaginator

NewListResourcesPaginator returns a new ListResourcesPaginator

func (*ListResourcesPaginator) HasMorePages added in v0.30.0

func (p *ListResourcesPaginator) HasMorePages() bool

HasMorePages returns a boolean indicating whether more pages are available

func (*ListResourcesPaginator) NextPage added in v0.30.0

func (p *ListResourcesPaginator) NextPage(ctx context.Context, optFns ...func(*Options)) (*ListResourcesOutput, error)

NextPage retrieves the next ListResources page.

type ListResourcesPaginatorOptions added in v0.30.0

type ListResourcesPaginatorOptions struct {
	// The maximum number of resource results.
	Limit int32

	// Set to true if pagination should stop if the service returns a pagination token
	// that matches the most recent token provided to the service.
	StopOnDuplicateToken bool
}

ListResourcesPaginatorOptions is the paginator options for ListResources

type Options

type Options struct {
	// Set of options to modify how an operation is invoked. These apply to all
	// operations invoked for this client. Use functional options on operation call to
	// modify this list for per operation behavior.
	APIOptions []func(*middleware.Stack) error

	// Configures the events that will be sent to the configured logger.
	ClientLogMode aws.ClientLogMode

	// The credentials object to use when signing requests.
	Credentials aws.CredentialsProvider

	// The endpoint options to be used when attempting to resolve an endpoint.
	EndpointOptions EndpointResolverOptions

	// The service endpoint resolver.
	EndpointResolver EndpointResolver

	// Signature Version 4 (SigV4) Signer
	HTTPSignerV4 HTTPSignerV4

	// The logger writer interface to write logging messages to.
	Logger logging.Logger

	// The region to send requests to. (Required)
	Region string

	// Retryer guides how HTTP requests should be retried in case of recoverable
	// failures. When nil the API client will use a default retryer.
	Retryer retry.Retryer

	// The HTTP client to invoke API calls with. Defaults to client's default HTTP
	// implementation if nil.
	HTTPClient HTTPClient
}

func (Options) Copy

func (o Options) Copy() Options

Copy creates a clone where the APIOptions list is deep copied.

type PutDataLakeSettingsInput

type PutDataLakeSettingsInput struct {

	// A structure representing a list of AWS Lake Formation principals designated as
	// data lake administrators.
	//
	// This member is required.
	DataLakeSettings *types.DataLakeSettings

	// The identifier for the Data Catalog. By default, the account ID. The Data
	// Catalog is the persistent metadata store. It contains database definitions,
	// table definitions, and other control information to manage your AWS Lake
	// Formation environment.
	CatalogId *string
}

type PutDataLakeSettingsOutput

type PutDataLakeSettingsOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

type RegisterResourceInput

type RegisterResourceInput struct {

	// The Amazon Resource Name (ARN) of the resource that you want to register.
	//
	// This member is required.
	ResourceArn *string

	// The identifier for the role that registers the resource.
	RoleArn *string

	// Designates an AWS Identity and Access Management (IAM) service-linked role by
	// registering this role with the Data Catalog. A service-linked role is a unique
	// type of IAM role that is linked directly to Lake Formation. For more
	// information, see Using Service-Linked Roles for Lake Formation
	// (https://docs-aws.amazon.com/lake-formation/latest/dg/service-linked-roles.html).
	UseServiceLinkedRole *bool
}

type RegisterResourceOutput

type RegisterResourceOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

type ResolveEndpoint

type ResolveEndpoint struct {
	Resolver EndpointResolver
	Options  EndpointResolverOptions
}

func (*ResolveEndpoint) HandleSerialize

func (*ResolveEndpoint) ID

func (*ResolveEndpoint) ID() string

type RevokePermissionsInput

type RevokePermissionsInput struct {

	// The permissions revoked to the principal on the resource. For information about
	// permissions, see Security and Access Control to Metadata and Data
	// (https://docs-aws.amazon.com/lake-formation/latest/dg/security-data-access.html).
	//
	// This member is required.
	Permissions []types.Permission

	// The principal to be revoked permissions on the resource.
	//
	// This member is required.
	Principal *types.DataLakePrincipal

	// The resource to which permissions are to be revoked.
	//
	// This member is required.
	Resource *types.Resource

	// The identifier for the Data Catalog. By default, the account ID. The Data
	// Catalog is the persistent metadata store. It contains database definitions,
	// table definitions, and other control information to manage your AWS Lake
	// Formation environment.
	CatalogId *string

	// Indicates a list of permissions for which to revoke the grant option allowing
	// the principal to pass permissions to other principals.
	PermissionsWithGrantOption []types.Permission
}

type RevokePermissionsOutput

type RevokePermissionsOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

type UpdateResourceInput

type UpdateResourceInput struct {

	// The resource ARN.
	//
	// This member is required.
	ResourceArn *string

	// The new role to use for the given resource registered in AWS Lake Formation.
	//
	// This member is required.
	RoleArn *string
}

type UpdateResourceOutput

type UpdateResourceOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

Directories

Path Synopsis
internal

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL