aws-sdk-glue 1.21.0 → 1.22.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 33dfbd8cd501aea555a6adb73af4f5b1a22de7f0
-  data.tar.gz: 99483d744483150ef11ae2070fdbe801f283da9a
+  metadata.gz: 7bd20ff19fa24b57fa6f85130314adc106c1ee44
+  data.tar.gz: 135656c06781a39736f74b7e79802c9146b0153e
 SHA512:
-  metadata.gz: 16e66d8af6abf7832f043fe70f14bc20d61c98771c4c0fb2adefa0ef7bef32839b56517f5afb5662981d3b2e2647aec2a0d4f30b32711bd62bc598bc775243cf
-  data.tar.gz: 5863e06bd1e29206e631b20c61721d195d5c62a4ffe83da75a0eaf22e5734a6584025b8b3d2fc7bf62a41337c9ab0304f79a713edc20e13526b3ed579c7b4ad7
+  metadata.gz: 618f61a6979c13ab6b6bc322d648f0d8d9be51d6892c7a713fab3444a1711388df05a5b81734b71ca80c3a5ea06b2034145a39548d921c9c31ca3f203c448bfc
+  data.tar.gz: 588086109cd797973b58bece273b860e20733cd51d2da784294f8a7e9d22f8cde154730106772d43869fdfcc350e90513869f0a6d33e3d46b31ea9a90054f5a2

data/lib/aws-sdk-glue.rb

@@ -42,6 +42,6 @@ require_relative 'aws-sdk-glue/customizations'
 # @service
 module Aws::Glue
 
-  GEM_VERSION = '1.21.0'
+  GEM_VERSION = '1.22.0'
 
 end

data/lib/aws-sdk-glue/client.rb

@@ -2022,6 +2022,15 @@ module Aws::Glue
     # @option params [required, String] :name
     #   The name of the connection definition to retrieve.
     #
+    # @option params [Boolean] :hide_password
+    #   Allow you to retrieve the connection metadata without displaying the
+    #   password. For instance, the AWS Glue console uses this flag to
+    #   retrieve connections, since the console does not display passwords.
+    #   Set this parameter where the caller may not have permission to use the
+    #   KMS key to decrypt the password, but does have permission to access
+    #   the rest of the connection metadata (that is, the other connection
+    #   properties).
+    #
     # @return [Types::GetConnectionResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetConnectionResponse#connection #connection} => Types::Connection
@@ -2031,6 +2040,7 @@ module Aws::Glue
     #   resp = client.get_connection({
     #     catalog_id: "CatalogIdString",
     #     name: "NameString", # required
+    #     hide_password: false,
     #   })
     #
     # @example Response structure
@@ -2068,6 +2078,15 @@ module Aws::Glue
     # @option params [Types::GetConnectionsFilter] :filter
     #   A filter that controls which connections will be returned.
     #
+    # @option params [Boolean] :hide_password
+    #   Allow you to retrieve the connection metadata without displaying the
+    #   password. For instance, the AWS Glue console uses this flag to
+    #   retrieve connections, since the console does not display passwords.
+    #   Set this parameter where the caller may not have permission to use the
+    #   KMS key to decrypt the password, but does have permission to access
+    #   the rest of the connection metadata (that is, the other connection
+    #   properties).
+    #
     # @option params [String] :next_token
     #   A continuation token, if this is a continuation call.
     #
@@ -2087,6 +2106,7 @@ module Aws::Glue
     #       match_criteria: ["NameString"],
     #       connection_type: "JDBC", # accepts JDBC, SFTP
     #     },
+    #     hide_password: false,
     #     next_token: "Token",
     #     max_results: 1,
     #   })
@@ -2317,6 +2337,8 @@ module Aws::Glue
     #
     #   resp.data_catalog_encryption_settings.encryption_at_rest.catalog_encryption_mode #=> String, one of "DISABLED", "SSE-KMS"
     #   resp.data_catalog_encryption_settings.encryption_at_rest.sse_aws_kms_key_id #=> String
+    #   resp.data_catalog_encryption_settings.connection_password_encryption.return_connection_password_encrypted #=> Boolean
+    #   resp.data_catalog_encryption_settings.connection_password_encryption.aws_kms_key_id #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/glue-2017-03-31/GetDataCatalogEncryptionSettings AWS API Documentation
     #
@@ -3922,6 +3944,10 @@ module Aws::Glue
     #         catalog_encryption_mode: "DISABLED", # required, accepts DISABLED, SSE-KMS
     #         sse_aws_kms_key_id: "NameString",
     #       },
+    #       connection_password_encryption: {
+    #         return_connection_password_encrypted: false, # required
+    #         aws_kms_key_id: "NameString",
+    #       },
     #     },
     #   })
     #
@@ -4937,7 +4963,7 @@ module Aws::Glue
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-glue'
-      context[:gem_version] = '1.21.0'
+      context[:gem_version] = '1.22.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-glue/client_api.rb

@@ -77,6 +77,7 @@ module Aws::Glue
     ConnectionInput = Shapes::StructureShape.new(name: 'ConnectionInput')
     ConnectionList = Shapes::ListShape.new(name: 'ConnectionList')
     ConnectionName = Shapes::StringShape.new(name: 'ConnectionName')
+    ConnectionPasswordEncryption = Shapes::StructureShape.new(name: 'ConnectionPasswordEncryption')
     ConnectionProperties = Shapes::MapShape.new(name: 'ConnectionProperties')
     ConnectionPropertyKey = Shapes::StringShape.new(name: 'ConnectionPropertyKey')
     ConnectionType = Shapes::StringShape.new(name: 'ConnectionType')
@@ -611,6 +612,10 @@ module Aws::Glue
 
     ConnectionList.member = Shapes::ShapeRef.new(shape: Connection)
 
+    ConnectionPasswordEncryption.add_member(:return_connection_password_encrypted, Shapes::ShapeRef.new(shape: Boolean, required: true, location_name: "ReturnConnectionPasswordEncrypted"))
+    ConnectionPasswordEncryption.add_member(:aws_kms_key_id, Shapes::ShapeRef.new(shape: NameString, location_name: "AwsKmsKeyId"))
+    ConnectionPasswordEncryption.struct_class = Types::ConnectionPasswordEncryption
+
     ConnectionProperties.key = Shapes::ShapeRef.new(shape: ConnectionPropertyKey)
     ConnectionProperties.value = Shapes::ShapeRef.new(shape: ValueString)
 
@@ -809,6 +814,7 @@ module Aws::Glue
     DagNodes.member = Shapes::ShapeRef.new(shape: CodeGenNode)
 
     DataCatalogEncryptionSettings.add_member(:encryption_at_rest, Shapes::ShapeRef.new(shape: EncryptionAtRest, location_name: "EncryptionAtRest"))
+    DataCatalogEncryptionSettings.add_member(:connection_password_encryption, Shapes::ShapeRef.new(shape: ConnectionPasswordEncryption, location_name: "ConnectionPasswordEncryption"))
     DataCatalogEncryptionSettings.struct_class = Types::DataCatalogEncryptionSettings
 
     Database.add_member(:name, Shapes::ShapeRef.new(shape: NameString, required: true, location_name: "Name"))
@@ -985,6 +991,7 @@ module Aws::Glue
 
     GetConnectionRequest.add_member(:catalog_id, Shapes::ShapeRef.new(shape: CatalogIdString, location_name: "CatalogId"))
     GetConnectionRequest.add_member(:name, Shapes::ShapeRef.new(shape: NameString, required: true, location_name: "Name"))
+    GetConnectionRequest.add_member(:hide_password, Shapes::ShapeRef.new(shape: Boolean, location_name: "HidePassword"))
     GetConnectionRequest.struct_class = Types::GetConnectionRequest
 
     GetConnectionResponse.add_member(:connection, Shapes::ShapeRef.new(shape: Connection, location_name: "Connection"))
@@ -996,6 +1003,7 @@ module Aws::Glue
 
     GetConnectionsRequest.add_member(:catalog_id, Shapes::ShapeRef.new(shape: CatalogIdString, location_name: "CatalogId"))
     GetConnectionsRequest.add_member(:filter, Shapes::ShapeRef.new(shape: GetConnectionsFilter, location_name: "Filter"))
+    GetConnectionsRequest.add_member(:hide_password, Shapes::ShapeRef.new(shape: Boolean, location_name: "HidePassword"))
     GetConnectionsRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: Token, location_name: "NextToken"))
     GetConnectionsRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: PageSize, location_name: "MaxResults"))
     GetConnectionsRequest.struct_class = Types::GetConnectionsRequest

data/lib/aws-sdk-glue/types.rb

@@ -826,6 +826,11 @@ module Aws::Glue
     #
     #   * `PASSWORD` - A password, if one is used, for the user name.
     #
+    #   * `ENCRYPTED_PASSWORD` - When you enable connection password
+    #     protection by setting `ConnectionPasswordEncryption` in the Data
+    #     Catalog encryption settings, this field stores the key you
+    #     designate to encrypt the password.
+    #
     #   * `JDBC_DRIVER_JAR_URI` - The S3 path of the a jar file that
     #     contains the JDBC driver to use.
     #
@@ -938,6 +943,55 @@ module Aws::Glue
       include Aws::Structure
     end
 
+    # The data structure used by the Data Catalog to encrypt the password as
+    # part of `CreateConnection` or `UpdateConnection` and store it in the
+    # `ENCRYPTED_PASSWORD` field in the connection properties. You can
+    # enable catalog encryption or only password encryption.
+    #
+    # When a `CreationConnection` request arrives containing a password, the
+    # Data Catalog first encrypts the password using your KMS key, and then
+    # encrypts the whole connection object again if catalog encryption is
+    # also enabled.
+    #
+    # This encryption requires that you set KMS key permissions to enable or
+    # restrict access on the password key according to your security
+    # requirements. For example, you may want only admin users to have
+    # decrypt permission on the password key.
+    #
+    # @note When making an API call, you may pass ConnectionPasswordEncryption
+    #   data as a hash:
+    #
+    #       {
+    #         return_connection_password_encrypted: false, # required
+    #         aws_kms_key_id: "NameString",
+    #       }
+    #
+    # @!attribute [rw] return_connection_password_encrypted
+    #   When the `ReturnConnectionPasswordEncrypted` flag is set to
+    #   "true", passwords remain encrypted in the responses of
+    #   `GetConnection` and `GetConnections`. This encryption takes effect
+    #   independently from catalog encryption.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] aws_kms_key_id
+    #   A KMS key used to protect access to the JDBC source.
+    #
+    #   All users in your account should be granted the `kms:encrypt`
+    #   permission to encrypt passwords before storing them in the Data
+    #   Catalog (through the AWS Glue `CreateConnection` operation).
+    #
+    #   The decrypt permission should be granted only to KMS key admins and
+    #   IAM roles designated for AWS Glue crawlers.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/glue-2017-03-31/ConnectionPasswordEncryption AWS API Documentation
+    #
+    class ConnectionPasswordEncryption < Struct.new(
+      :return_connection_password_encrypted,
+      :aws_kms_key_id)
+      include Aws::Structure
+    end
+
     # Specifies the connections used by a job.
     #
     # @note When making an API call, you may pass ConnectionsList
@@ -2302,16 +2356,29 @@ module Aws::Glue
     #           catalog_encryption_mode: "DISABLED", # required, accepts DISABLED, SSE-KMS
     #           sse_aws_kms_key_id: "NameString",
     #         },
+    #         connection_password_encryption: {
+    #           return_connection_password_encrypted: false, # required
+    #           aws_kms_key_id: "NameString",
+    #         },
     #       }
     #
     # @!attribute [rw] encryption_at_rest
     #   Specifies encryption-at-rest configuration for the Data Catalog.
     #   @return [Types::EncryptionAtRest]
     #
+    # @!attribute [rw] connection_password_encryption
+    #   When password protection is enabled, the Data Catalog uses a
+    #   customer-provided key to encrypt the password as part of
+    #   `CreateConnection` or `UpdateConnection` and store it in the
+    #   `ENCRYPTED_PASSWORD` field in the connection properties. You can
+    #   enable catalog encryption or only password encryption.
+    #   @return [Types::ConnectionPasswordEncryption]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/glue-2017-03-31/DataCatalogEncryptionSettings AWS API Documentation
     #
     class DataCatalogEncryptionSettings < Struct.new(
-      :encryption_at_rest)
+      :encryption_at_rest,
+      :connection_password_encryption)
       include Aws::Structure
     end
 
@@ -3200,6 +3267,7 @@ module Aws::Glue
     #       {
     #         catalog_id: "CatalogIdString",
     #         name: "NameString", # required
+    #         hide_password: false,
     #       }
     #
     # @!attribute [rw] catalog_id
@@ -3211,11 +3279,22 @@ module Aws::Glue
     #   The name of the connection definition to retrieve.
     #   @return [String]
     #
+    # @!attribute [rw] hide_password
+    #   Allow you to retrieve the connection metadata without displaying the
+    #   password. For instance, the AWS Glue console uses this flag to
+    #   retrieve connections, since the console does not display passwords.
+    #   Set this parameter where the caller may not have permission to use
+    #   the KMS key to decrypt the password, but does have permission to
+    #   access the rest of the connection metadata (that is, the other
+    #   connection properties).
+    #   @return [Boolean]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/glue-2017-03-31/GetConnectionRequest AWS API Documentation
     #
     class GetConnectionRequest < Struct.new(
       :catalog_id,
-      :name)
+      :name,
+      :hide_password)
       include Aws::Structure
     end
 
@@ -3268,6 +3347,7 @@ module Aws::Glue
     #           match_criteria: ["NameString"],
     #           connection_type: "JDBC", # accepts JDBC, SFTP
     #         },
+    #         hide_password: false,
     #         next_token: "Token",
     #         max_results: 1,
     #       }
@@ -3281,6 +3361,16 @@ module Aws::Glue
     #   A filter that controls which connections will be returned.
     #   @return [Types::GetConnectionsFilter]
     #
+    # @!attribute [rw] hide_password
+    #   Allow you to retrieve the connection metadata without displaying the
+    #   password. For instance, the AWS Glue console uses this flag to
+    #   retrieve connections, since the console does not display passwords.
+    #   Set this parameter where the caller may not have permission to use
+    #   the KMS key to decrypt the password, but does have permission to
+    #   access the rest of the connection metadata (that is, the other
+    #   connection properties).
+    #   @return [Boolean]
+    #
     # @!attribute [rw] next_token
     #   A continuation token, if this is a continuation call.
     #   @return [String]
@@ -3294,6 +3384,7 @@ module Aws::Glue
     class GetConnectionsRequest < Struct.new(
       :catalog_id,
       :filter,
+      :hide_password,
       :next_token,
       :max_results)
       include Aws::Structure
@@ -5766,6 +5857,10 @@ module Aws::Glue
     #             catalog_encryption_mode: "DISABLED", # required, accepts DISABLED, SSE-KMS
     #             sse_aws_kms_key_id: "NameString",
     #           },
+    #           connection_password_encryption: {
+    #             return_connection_password_encrypted: false, # required
+    #             aws_kms_key_id: "NameString",
+    #           },
     #         },
     #       }
     #
@@ -6537,6 +6632,12 @@ module Aws::Glue
     # @!attribute [rw] partition_keys
     #   A list of columns by which the table is partitioned. Only primitive
     #   types are supported as partition keys.
+    #
+    #   When creating a table used by Athena, and you do not specify any
+    #   `partitionKeys`, you must at least set the value of `partitionKeys`
+    #   to an empty list. For example:
+    #
+    #   `"PartitionKeys": []`
     #   @return [Array<Types::Column>]
     #
     # @!attribute [rw] view_original_text
@@ -6701,6 +6802,12 @@ module Aws::Glue
     # @!attribute [rw] partition_keys
     #   A list of columns by which the table is partitioned. Only primitive
     #   types are supported as partition keys.
+    #
+    #   When creating a table used by Athena, and you do not specify any
+    #   `partitionKeys`, you must at least set the value of `partitionKeys`
+    #   to an empty list. For example:
+    #
+    #   `"PartitionKeys": []`
     #   @return [Array<Types::Column>]
     #
     # @!attribute [rw] view_original_text

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-glue
 version: !ruby/object:Gem::Version
-  version: 1.21.0
+  version: 1.22.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-11-20 00:00:00.000000000 Z
+date: 2018-12-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core