RubyGems - aws-sdk-lakeformation - Versions diffs - 1.26.0 → 1.27.0 - Mend

aws-sdk-lakeformation 1.26.0 → 1.27.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +5 -0
data/VERSION +1 -1
data/lib/aws-sdk-lakeformation/client.rb +74 -8
data/lib/aws-sdk-lakeformation/client_api.rb +29 -0
data/lib/aws-sdk-lakeformation/types.rb +73 -0
data/lib/aws-sdk-lakeformation.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a5baf612c864eedf2679448691dbd96b221097a8133badce1375c76dc0f48297
-  data.tar.gz: 160f22b141638242a1ec24a16ab1847c7f891814d562171ce74d2aeb5ce79e9e
+  metadata.gz: f408a75a960c931b6a2b4c88eae1dd513ad341c7bc8aea2ec42cf7ea8a1dbf90
+  data.tar.gz: d90872ab11a0a748f4ca8991e19bcb749f655d4b333f378f9fc04984abe824e1
 SHA512:
-  metadata.gz: a68dd4966f4aa25e5425431b5c08de671d2416b97598d4fffa268be176b84e518bc76be181642d2ad42b20d767b9ba8b9ca63e98a61f636bd8069c8b7437e4d8
-  data.tar.gz: a3ffcafde2bce08b60fb311d71b07fb1125da7cdddf6396b95e23b98d86d2f87976c2e09ed66ac4ae9acb25e277eddd1ca5cd86aba99dd33787fffa31d61b8aa
+  metadata.gz: 76de4c2bc9732757c8992d8a85b44cb73d040dfc549007b62aa46557c497f138a3e14de6d437a2364b60672437b2a7100cef2b2e7c97303db992fcdc80b25c63
+  data.tar.gz: 68f9c009e40d4cda9a6c5dc43ab3767c49fc662fcb66fc95ae7ee06a429d4000f5ee551491732c8de3b97c31a33cd5b8f75ba143ee76a2686a077853632b20c5

data/CHANGELOG.md CHANGED Viewed

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
+1.27.0 (2022-08-17)
+------------------
+* Feature - This release adds a new API support "AssumeDecoratedRoleWithSAML" and also release updates the corresponding documentation.
 1.26.0 (2022-03-22)
 ------------------

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 1.26.0
1	+ 1.27.0

data/lib/aws-sdk-lakeformation/client.rb CHANGED Viewed

@@ -450,6 +450,73 @@ module Aws::LakeFormation
       req.send_request(options)
     end
+    # Allows a caller to assume an IAM role decorated as the SAML user
+    # specified in the SAML assertion included in the request. This
+    # decoration allows Lake Formation to enforce access policies against
+    # the SAML users and groups. This API operation requires SAML federation
+    # setup in the caller’s account as it can only be called with valid SAML
+    # assertions. Lake Formation does not scope down the permission of the
+    # assumed role. All permissions attached to the role via the SAML
+    # federation setup will be included in the role session.
+    #
+    # This decorated role is expected to access data in Amazon S3 by getting
+    # temporary access from Lake Formation which is authorized via the
+    # virtual API `GetDataAccess`. Therefore, all SAML roles that can be
+    # assumed via `AssumeDecoratedRoleWithSAML` must at a minimum include
+    # `lakeformation:GetDataAccess` in their role policies. A typical IAM
+    # policy attached to such a role would look as follows:
+    #
+    # @option params [required, String] :saml_assertion
+    #   A SAML assertion consisting of an assertion statement for the user who
+    #   needs temporary credentials. This must match the SAML assertion that
+    #   was issued to IAM. This must be Base64 encoded.
+    #
+    # @option params [required, String] :role_arn
+    #   The role that represents an IAM principal whose scope down policy
+    #   allows it to call credential vending APIs such as
+    #   `GetTemporaryTableCredentials`. The caller must also have iam:PassRole
+    #   permission on this role.
+    #
+    # @option params [required, String] :principal_arn
+    #   The Amazon Resource Name (ARN) of the SAML provider in IAM that
+    #   describes the IdP.
+    #
+    # @option params [Integer] :duration_seconds
+    #   The time period, between 900 and 43,200 seconds, for the timeout of
+    #   the temporary credentials.
+    #
+    # @return [Types::AssumeDecoratedRoleWithSAMLResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::AssumeDecoratedRoleWithSAMLResponse#access_key_id #access_key_id} => String
+    #   * {Types::AssumeDecoratedRoleWithSAMLResponse#secret_access_key #secret_access_key} => String
+    #   * {Types::AssumeDecoratedRoleWithSAMLResponse#session_token #session_token} => String
+    #   * {Types::AssumeDecoratedRoleWithSAMLResponse#expiration #expiration} => Time
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.assume_decorated_role_with_saml({
+    #     saml_assertion: "SAMLAssertionString", # required
+    #     role_arn: "IAMRoleArn", # required
+    #     principal_arn: "IAMSAMLProviderArn", # required
+    #     duration_seconds: 1,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.access_key_id #=> String
+    #   resp.secret_access_key #=> String
+    #   resp.session_token #=> String
+    #   resp.expiration #=> Time
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/AssumeDecoratedRoleWithSAML AWS API Documentation
+    #
+    # @overload assume_decorated_role_with_saml(params = {})
+    # @param [Hash] params ({})
+    def assume_decorated_role_with_saml(params = {}, options = {})
+      req = build_request(:assume_decorated_role_with_saml, params)
+      req.send_request(options)
+    end
     # Batch operation to grant permissions to the principal.
     #
     # @option params [String] :catalog_id
@@ -868,13 +935,12 @@ module Aws::LakeFormation
       req.send_request(options)
     end
-    # Deletes the specified LF-tag key name. If the attribute key does not
-    # exist or the LF-tag does not exist, then the operation will not do
-    # anything. If the attribute key exists, then the operation checks if
-    # any resources are tagged with this attribute key, if yes, the API
-    # throws a 400 Exception with the message "Delete not allowed" as the
-    # LF-tag key is still attached with resources. You can consider
-    # untagging resources with this LF-tag key.
+    # Deletes the specified LF-tag given a key name. If the input parameter
+    # tag key was not found, then the operation will throw an exception.
+    # When you delete an LF-tag, the `LFTagPolicy` attached to the LF-tag
+    # becomes invalid. If the deleted LF-tag was still assigned to any
+    # resource, the tag policy attach to the deleted LF-tag will no longer
+    # be applied to the resource.
     #
     # @option params [String] :catalog_id
     #   The identifier for the Data Catalog. By default, the account ID. The
@@ -3018,7 +3084,7 @@ module Aws::LakeFormation
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-lakeformation'
-      context[:gem_version] = '1.26.0'
+      context[:gem_version] = '1.27.0'
       Seahorse::Client::Request.new(handlers, context)
     end

data/lib/aws-sdk-lakeformation/client_api.rb CHANGED Viewed

@@ -20,6 +20,8 @@ module Aws::LakeFormation
     AddObjectInput = Shapes::StructureShape.new(name: 'AddObjectInput')
     AllRowsWildcard = Shapes::StructureShape.new(name: 'AllRowsWildcard')
     AlreadyExistsException = Shapes::StructureShape.new(name: 'AlreadyExistsException')
+    AssumeDecoratedRoleWithSAMLRequest = Shapes::StructureShape.new(name: 'AssumeDecoratedRoleWithSAMLRequest')
+    AssumeDecoratedRoleWithSAMLResponse = Shapes::StructureShape.new(name: 'AssumeDecoratedRoleWithSAMLResponse')
     AuditContext = Shapes::StructureShape.new(name: 'AuditContext')
     AuditContextString = Shapes::StringShape.new(name: 'AuditContextString')
     AuthorizedSessionTagValueList = Shapes::ListShape.new(name: 'AuthorizedSessionTagValueList')
@@ -120,6 +122,7 @@ module Aws::LakeFormation
     GrantPermissionsRequest = Shapes::StructureShape.new(name: 'GrantPermissionsRequest')
     GrantPermissionsResponse = Shapes::StructureShape.new(name: 'GrantPermissionsResponse')
     IAMRoleArn = Shapes::StringShape.new(name: 'IAMRoleArn')
+    IAMSAMLProviderArn = Shapes::StringShape.new(name: 'IAMSAMLProviderArn')
     Identifier = Shapes::StringShape.new(name: 'Identifier')
     Integer = Shapes::IntegerShape.new(name: 'Integer')
     InternalServiceException = Shapes::StructureShape.new(name: 'InternalServiceException')
@@ -198,6 +201,7 @@ module Aws::LakeFormation
     RevokePermissionsRequest = Shapes::StructureShape.new(name: 'RevokePermissionsRequest')
     RevokePermissionsResponse = Shapes::StructureShape.new(name: 'RevokePermissionsResponse')
     RowFilter = Shapes::StructureShape.new(name: 'RowFilter')
+    SAMLAssertionString = Shapes::StringShape.new(name: 'SAMLAssertionString')
     SearchDatabasesByLFTagsRequest = Shapes::StructureShape.new(name: 'SearchDatabasesByLFTagsRequest')
     SearchDatabasesByLFTagsResponse = Shapes::StructureShape.new(name: 'SearchDatabasesByLFTagsResponse')
     SearchTablesByLFTagsRequest = Shapes::StructureShape.new(name: 'SearchTablesByLFTagsRequest')
@@ -287,6 +291,18 @@ module Aws::LakeFormation
     AlreadyExistsException.add_member(:message, Shapes::ShapeRef.new(shape: MessageString, location_name: "Message"))
     AlreadyExistsException.struct_class = Types::AlreadyExistsException
+    AssumeDecoratedRoleWithSAMLRequest.add_member(:saml_assertion, Shapes::ShapeRef.new(shape: SAMLAssertionString, required: true, location_name: "SAMLAssertion"))
+    AssumeDecoratedRoleWithSAMLRequest.add_member(:role_arn, Shapes::ShapeRef.new(shape: IAMRoleArn, required: true, location_name: "RoleArn"))
+    AssumeDecoratedRoleWithSAMLRequest.add_member(:principal_arn, Shapes::ShapeRef.new(shape: IAMSAMLProviderArn, required: true, location_name: "PrincipalArn"))
+    AssumeDecoratedRoleWithSAMLRequest.add_member(:duration_seconds, Shapes::ShapeRef.new(shape: CredentialTimeoutDurationSecondInteger, location_name: "DurationSeconds"))
+    AssumeDecoratedRoleWithSAMLRequest.struct_class = Types::AssumeDecoratedRoleWithSAMLRequest
+    AssumeDecoratedRoleWithSAMLResponse.add_member(:access_key_id, Shapes::ShapeRef.new(shape: AccessKeyIdString, location_name: "AccessKeyId"))
+    AssumeDecoratedRoleWithSAMLResponse.add_member(:secret_access_key, Shapes::ShapeRef.new(shape: SecretAccessKeyString, location_name: "SecretAccessKey"))
+    AssumeDecoratedRoleWithSAMLResponse.add_member(:session_token, Shapes::ShapeRef.new(shape: SessionTokenString, location_name: "SessionToken"))
+    AssumeDecoratedRoleWithSAMLResponse.add_member(:expiration, Shapes::ShapeRef.new(shape: ExpirationTimestamp, location_name: "Expiration"))
+    AssumeDecoratedRoleWithSAMLResponse.struct_class = Types::AssumeDecoratedRoleWithSAMLResponse
     AuditContext.add_member(:additional_audit_context, Shapes::ShapeRef.new(shape: AuditContextString, location_name: "AdditionalAuditContext"))
     AuditContext.struct_class = Types::AuditContext
@@ -1007,6 +1023,19 @@ module Aws::LakeFormation
         o.errors << Shapes::ShapeRef.new(shape: ConcurrentModificationException)
       end)
+      api.add_operation(:assume_decorated_role_with_saml, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "AssumeDecoratedRoleWithSAML"
+        o.http_method = "POST"
+        o.http_request_uri = "/AssumeDecoratedRoleWithSAML"
+        o.input = Shapes::ShapeRef.new(shape: AssumeDecoratedRoleWithSAMLRequest)
+        o.output = Shapes::ShapeRef.new(shape: AssumeDecoratedRoleWithSAMLResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServiceException)
+        o.errors << Shapes::ShapeRef.new(shape: OperationTimeoutException)
+        o.errors << Shapes::ShapeRef.new(shape: EntityNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+      end)
       api.add_operation(:batch_grant_permissions, Seahorse::Model::Operation.new.tap do |o|
         o.name = "BatchGrantPermissions"
         o.http_method = "POST"

data/lib/aws-sdk-lakeformation/types.rb CHANGED Viewed

@@ -192,6 +192,79 @@ module Aws::LakeFormation
       include Aws::Structure
     end
+    # @note When making an API call, you may pass AssumeDecoratedRoleWithSAMLRequest
+    #   data as a hash:
+    #
+    #       {
+    #         saml_assertion: "SAMLAssertionString", # required
+    #         role_arn: "IAMRoleArn", # required
+    #         principal_arn: "IAMSAMLProviderArn", # required
+    #         duration_seconds: 1,
+    #       }
+    #
+    # @!attribute [rw] saml_assertion
+    #   A SAML assertion consisting of an assertion statement for the user
+    #   who needs temporary credentials. This must match the SAML assertion
+    #   that was issued to IAM. This must be Base64 encoded.
+    #   @return [String]
+    #
+    # @!attribute [rw] role_arn
+    #   The role that represents an IAM principal whose scope down policy
+    #   allows it to call credential vending APIs such as
+    #   `GetTemporaryTableCredentials`. The caller must also have
+    #   iam:PassRole permission on this role.
+    #   @return [String]
+    #
+    # @!attribute [rw] principal_arn
+    #   The Amazon Resource Name (ARN) of the SAML provider in IAM that
+    #   describes the IdP.
+    #   @return [String]
+    #
+    # @!attribute [rw] duration_seconds
+    #   The time period, between 900 and 43,200 seconds, for the timeout of
+    #   the temporary credentials.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/AssumeDecoratedRoleWithSAMLRequest AWS API Documentation
+    #
+    class AssumeDecoratedRoleWithSAMLRequest < Struct.new(
+      :saml_assertion,
+      :role_arn,
+      :principal_arn,
+      :duration_seconds)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @!attribute [rw] access_key_id
+    #   The access key ID for the temporary credentials. (The access key
+    #   consists of an access key ID and a secret key).
+    #   @return [String]
+    #
+    # @!attribute [rw] secret_access_key
+    #   The secret key for the temporary credentials. (The access key
+    #   consists of an access key ID and a secret key).
+    #   @return [String]
+    #
+    # @!attribute [rw] session_token
+    #   The session token for the temporary credentials.
+    #   @return [String]
+    #
+    # @!attribute [rw] expiration
+    #   The date and time when the temporary credentials expire.
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/AssumeDecoratedRoleWithSAMLResponse AWS API Documentation
+    #
+    class AssumeDecoratedRoleWithSAMLResponse < Struct.new(
+      :access_key_id,
+      :secret_access_key,
+      :session_token,
+      :expiration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # A structure used to include auditing information on the privileged
     # API.
     #

data/lib/aws-sdk-lakeformation.rb CHANGED Viewed

@@ -48,6 +48,6 @@ require_relative 'aws-sdk-lakeformation/customizations'
 # @!group service
 module Aws::LakeFormation
-  GEM_VERSION = '1.26.0'
+  GEM_VERSION = '1.27.0'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-lakeformation
 version: !ruby/object:Gem::Version
-  version: 1.26.0
+  version: 1.27.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-03-22 00:00:00.000000000 Z
+date: 2022-08-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core