aws-sdk-lakeformation 1.21.0 → 1.22.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 661e9a65976f2d4b4ac76c2cfc6d9e3e9338b1b0c95a9b9e2b2e989787c05a4b
-  data.tar.gz: 4bd104b49cbfd8cf0827acd4a2476db161f11ddc3b3f58031293250cda686873
+  metadata.gz: a55afbd610679a74deeeff0896156b546c51d36cbdcba8f01823a511636515f8
+  data.tar.gz: ab7d56d1c6d3ad21bbe73fb84642b1fa84a1bd4e56382d779c4af2a2ca4e568f
 SHA512:
-  metadata.gz: 25b15cef28c7cd1aaab6ee59bdef325b0cb0e80955dec214fef231587d0af47a89aebbb5848fe74994bd8730a25b862d6b34aad818beee042b9bc813b0fe8820
-  data.tar.gz: 9bed87645b4570c2450b579c7357bacb7ea60034ae26d98ab74d6834479106c09ec67af1060b54b2bbe9c8f54049bd12e00a8b267b03c8ac408fd97271d673ec
+  metadata.gz: e5c25e9424b777c147fbb63663122a94a5ce8f3bdad6cd5056458202b432dff08bde9de022a30a0a0326142dd15e36788d9df83caa2d642c75fc3b98bd0cc772
+  data.tar.gz: a26df2e4ef0bd2ebf4c9b0af61cf1047c640f3d86198c6b2b9c84160260a13a41d0d071709a5abe762a45440bea7364c4dfedc3a4f3f0375cc207279989b05dc

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.22.0 (2022-01-05)
+------------------
+
+* Feature - Add new APIs for 3rd Party Support for Lake Formation
+
 1.21.0 (2021-12-21)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.21.0
+1.22.0

data/lib/aws-sdk-lakeformation/client.rb

@@ -1104,6 +1104,11 @@ module Aws::LakeFormation
     #   resp.data_lake_settings.create_table_default_permissions[0].permissions[0] #=> String, one of "ALL", "SELECT", "ALTER", "DROP", "DELETE", "INSERT", "DESCRIBE", "CREATE_DATABASE", "CREATE_TABLE", "DATA_LOCATION_ACCESS", "CREATE_TAG", "ALTER_TAG", "DELETE_TAG", "DESCRIBE_TAG", "ASSOCIATE_TAG"
     #   resp.data_lake_settings.trusted_resource_owners #=> Array
     #   resp.data_lake_settings.trusted_resource_owners[0] #=> String
+    #   resp.data_lake_settings.allow_external_data_filtering #=> Boolean
+    #   resp.data_lake_settings.external_data_filtering_allow_list #=> Array
+    #   resp.data_lake_settings.external_data_filtering_allow_list[0].data_lake_principal_identifier #=> String
+    #   resp.data_lake_settings.authorized_session_tag_value_list #=> Array
+    #   resp.data_lake_settings.authorized_session_tag_value_list[0] #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/GetDataLakeSettings AWS API Documentation
     #
@@ -1502,6 +1507,133 @@ module Aws::LakeFormation
       req.send_request(options)
     end
 
+    # This API is identical to `GetTemporaryTableCredentials` except that
+    # this is used when the target Data Catalog resource is of type
+    # Partition. Lake Formation restricts the permission of the vended
+    # credentials with the same scope down policy which restricts access to
+    # a single Amazon S3 prefix.
+    #
+    # @option params [required, String] :table_arn
+    #   The ARN of the partitions' table.
+    #
+    # @option params [required, Types::PartitionValueList] :partition
+    #   A list of partition values identifying a single partition.
+    #
+    # @option params [Array<String>] :permissions
+    #   Filters the request based on the user having been granted a list of
+    #   specified permissions on the requested resource(s).
+    #
+    # @option params [Integer] :duration_seconds
+    #   The time period, between 900 and 21,600 seconds, for the timeout of
+    #   the temporary credentials.
+    #
+    # @option params [Types::AuditContext] :audit_context
+    #   A structure representing context to access a resource (column names,
+    #   query ID, etc).
+    #
+    # @option params [required, Array<String>] :supported_permission_types
+    #   A list of supported permission types for the partition. Valid values
+    #   are `COLUMN_PERMISSION` and `CELL_FILTER_PERMISSION`.
+    #
+    # @return [Types::GetTemporaryGluePartitionCredentialsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetTemporaryGluePartitionCredentialsResponse#access_key_id #access_key_id} => String
+    #   * {Types::GetTemporaryGluePartitionCredentialsResponse#secret_access_key #secret_access_key} => String
+    #   * {Types::GetTemporaryGluePartitionCredentialsResponse#session_token #session_token} => String
+    #   * {Types::GetTemporaryGluePartitionCredentialsResponse#expiration #expiration} => Time
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_temporary_glue_partition_credentials({
+    #     table_arn: "ResourceArnString", # required
+    #     partition: { # required
+    #       values: ["ValueString"], # required
+    #     },
+    #     permissions: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_TAG, ALTER_TAG, DELETE_TAG, DESCRIBE_TAG, ASSOCIATE_TAG
+    #     duration_seconds: 1,
+    #     audit_context: {
+    #       additional_audit_context: "AuditContextString",
+    #     },
+    #     supported_permission_types: ["COLUMN_PERMISSION"], # required, accepts COLUMN_PERMISSION, CELL_FILTER_PERMISSION
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.access_key_id #=> String
+    #   resp.secret_access_key #=> String
+    #   resp.session_token #=> String
+    #   resp.expiration #=> Time
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/GetTemporaryGluePartitionCredentials AWS API Documentation
+    #
+    # @overload get_temporary_glue_partition_credentials(params = {})
+    # @param [Hash] params ({})
+    def get_temporary_glue_partition_credentials(params = {}, options = {})
+      req = build_request(:get_temporary_glue_partition_credentials, params)
+      req.send_request(options)
+    end
+
+    # Allows a caller in a secure environment to assume a role with
+    # permission to access Amazon S3. In order to vend such credentials,
+    # Lake Formation assumes the role associated with a registered location,
+    # for example an Amazon S3 bucket, with a scope down policy which
+    # restricts the access to a single prefix.
+    #
+    # @option params [required, String] :table_arn
+    #   The ARN identifying a table in the Data Catalog for the temporary
+    #   credentials request.
+    #
+    # @option params [Array<String>] :permissions
+    #   Filters the request based on the user having been granted a list of
+    #   specified permissions on the requested resource(s).
+    #
+    # @option params [Integer] :duration_seconds
+    #   The time period, between 900 and 21,600 seconds, for the timeout of
+    #   the temporary credentials.
+    #
+    # @option params [Types::AuditContext] :audit_context
+    #   A structure representing context to access a resource (column names,
+    #   query ID, etc).
+    #
+    # @option params [required, Array<String>] :supported_permission_types
+    #   A list of supported permission types for the table. Valid values are
+    #   `COLUMN_PERMISSION` and `CELL_FILTER_PERMISSION`.
+    #
+    # @return [Types::GetTemporaryGlueTableCredentialsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetTemporaryGlueTableCredentialsResponse#access_key_id #access_key_id} => String
+    #   * {Types::GetTemporaryGlueTableCredentialsResponse#secret_access_key #secret_access_key} => String
+    #   * {Types::GetTemporaryGlueTableCredentialsResponse#session_token #session_token} => String
+    #   * {Types::GetTemporaryGlueTableCredentialsResponse#expiration #expiration} => Time
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_temporary_glue_table_credentials({
+    #     table_arn: "ResourceArnString", # required
+    #     permissions: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_TAG, ALTER_TAG, DELETE_TAG, DESCRIBE_TAG, ASSOCIATE_TAG
+    #     duration_seconds: 1,
+    #     audit_context: {
+    #       additional_audit_context: "AuditContextString",
+    #     },
+    #     supported_permission_types: ["COLUMN_PERMISSION"], # required, accepts COLUMN_PERMISSION, CELL_FILTER_PERMISSION
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.access_key_id #=> String
+    #   resp.secret_access_key #=> String
+    #   resp.session_token #=> String
+    #   resp.expiration #=> Time
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/GetTemporaryGlueTableCredentials AWS API Documentation
+    #
+    # @overload get_temporary_glue_table_credentials(params = {})
+    # @param [Hash] params ({})
+    def get_temporary_glue_table_credentials(params = {}, options = {})
+      req = build_request(:get_temporary_glue_table_credentials, params)
+      req.send_request(options)
+    end
+
     # Returns the work units resulting from the query. Work units can be
     # executed in any order and in parallel.
     #
@@ -2198,6 +2330,13 @@ module Aws::LakeFormation
     #         },
     #       ],
     #       trusted_resource_owners: ["CatalogIdString"],
+    #       allow_external_data_filtering: false,
+    #       external_data_filtering_allow_list: [
+    #         {
+    #           data_lake_principal_identifier: "DataLakePrincipalString",
+    #         },
+    #       ],
+    #       authorized_session_tag_value_list: ["NameString"],
     #     },
     #   })
     #
@@ -2875,7 +3014,7 @@ module Aws::LakeFormation
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-lakeformation'
-      context[:gem_version] = '1.21.0'
+      context[:gem_version] = '1.22.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-lakeformation/client_api.rb

@@ -14,11 +14,15 @@ module Aws::LakeFormation
     include Seahorse::Model
 
     AccessDeniedException = Shapes::StructureShape.new(name: 'AccessDeniedException')
+    AccessKeyIdString = Shapes::StringShape.new(name: 'AccessKeyIdString')
     AddLFTagsToResourceRequest = Shapes::StructureShape.new(name: 'AddLFTagsToResourceRequest')
     AddLFTagsToResourceResponse = Shapes::StructureShape.new(name: 'AddLFTagsToResourceResponse')
     AddObjectInput = Shapes::StructureShape.new(name: 'AddObjectInput')
     AllRowsWildcard = Shapes::StructureShape.new(name: 'AllRowsWildcard')
     AlreadyExistsException = Shapes::StructureShape.new(name: 'AlreadyExistsException')
+    AuditContext = Shapes::StructureShape.new(name: 'AuditContext')
+    AuditContextString = Shapes::StringShape.new(name: 'AuditContextString')
+    AuthorizedSessionTagValueList = Shapes::ListShape.new(name: 'AuthorizedSessionTagValueList')
     BatchGrantPermissionsRequest = Shapes::StructureShape.new(name: 'BatchGrantPermissionsRequest')
     BatchGrantPermissionsResponse = Shapes::StructureShape.new(name: 'BatchGrantPermissionsResponse')
     BatchPermissionsFailureEntry = Shapes::StructureShape.new(name: 'BatchPermissionsFailureEntry')
@@ -44,6 +48,7 @@ module Aws::LakeFormation
     CreateDataCellsFilterResponse = Shapes::StructureShape.new(name: 'CreateDataCellsFilterResponse')
     CreateLFTagRequest = Shapes::StructureShape.new(name: 'CreateLFTagRequest')
     CreateLFTagResponse = Shapes::StructureShape.new(name: 'CreateLFTagResponse')
+    CredentialTimeoutDurationSecondInteger = Shapes::IntegerShape.new(name: 'CredentialTimeoutDurationSecondInteger')
     DataCellsFilter = Shapes::StructureShape.new(name: 'DataCellsFilter')
     DataCellsFilterList = Shapes::ListShape.new(name: 'DataCellsFilterList')
     DataCellsFilterResource = Shapes::StructureShape.new(name: 'DataCellsFilterResource')
@@ -76,6 +81,7 @@ module Aws::LakeFormation
     ErrorDetail = Shapes::StructureShape.new(name: 'ErrorDetail')
     ErrorMessageString = Shapes::StringShape.new(name: 'ErrorMessageString')
     ExecutionStatistics = Shapes::StructureShape.new(name: 'ExecutionStatistics')
+    ExpirationTimestamp = Shapes::TimestampShape.new(name: 'ExpirationTimestamp')
     ExpiredException = Shapes::StructureShape.new(name: 'ExpiredException')
     Expression = Shapes::ListShape.new(name: 'Expression')
     ExtendTransactionRequest = Shapes::StructureShape.new(name: 'ExtendTransactionRequest')
@@ -99,6 +105,10 @@ module Aws::LakeFormation
     GetResourceLFTagsResponse = Shapes::StructureShape.new(name: 'GetResourceLFTagsResponse')
     GetTableObjectsRequest = Shapes::StructureShape.new(name: 'GetTableObjectsRequest')
     GetTableObjectsResponse = Shapes::StructureShape.new(name: 'GetTableObjectsResponse')
+    GetTemporaryGluePartitionCredentialsRequest = Shapes::StructureShape.new(name: 'GetTemporaryGluePartitionCredentialsRequest')
+    GetTemporaryGluePartitionCredentialsResponse = Shapes::StructureShape.new(name: 'GetTemporaryGluePartitionCredentialsResponse')
+    GetTemporaryGlueTableCredentialsRequest = Shapes::StructureShape.new(name: 'GetTemporaryGlueTableCredentialsRequest')
+    GetTemporaryGlueTableCredentialsResponse = Shapes::StructureShape.new(name: 'GetTemporaryGlueTableCredentialsResponse')
     GetWorkUnitResultsRequest = Shapes::StructureShape.new(name: 'GetWorkUnitResultsRequest')
     GetWorkUnitResultsRequestQueryIdString = Shapes::StringShape.new(name: 'GetWorkUnitResultsRequestQueryIdString')
     GetWorkUnitResultsRequestWorkUnitIdLong = Shapes::IntegerShape.new(name: 'GetWorkUnitResultsRequestWorkUnitIdLong')
@@ -147,11 +157,15 @@ module Aws::LakeFormation
     OptimizerType = Shapes::StringShape.new(name: 'OptimizerType')
     PageSize = Shapes::IntegerShape.new(name: 'PageSize')
     PartitionObjects = Shapes::StructureShape.new(name: 'PartitionObjects')
+    PartitionValueList = Shapes::StructureShape.new(name: 'PartitionValueList')
     PartitionValueString = Shapes::StringShape.new(name: 'PartitionValueString')
     PartitionValuesList = Shapes::ListShape.new(name: 'PartitionValuesList')
     PartitionedTableObjectsList = Shapes::ListShape.new(name: 'PartitionedTableObjectsList')
     Permission = Shapes::StringShape.new(name: 'Permission')
     PermissionList = Shapes::ListShape.new(name: 'PermissionList')
+    PermissionType = Shapes::StringShape.new(name: 'PermissionType')
+    PermissionTypeList = Shapes::ListShape.new(name: 'PermissionTypeList')
+    PermissionTypeMismatchException = Shapes::StructureShape.new(name: 'PermissionTypeMismatchException')
     PlanningStatistics = Shapes::StructureShape.new(name: 'PlanningStatistics')
     PredicateString = Shapes::StringShape.new(name: 'PredicateString')
     PrincipalPermissions = Shapes::StructureShape.new(name: 'PrincipalPermissions')
@@ -188,6 +202,8 @@ module Aws::LakeFormation
     SearchDatabasesByLFTagsResponse = Shapes::StructureShape.new(name: 'SearchDatabasesByLFTagsResponse')
     SearchTablesByLFTagsRequest = Shapes::StructureShape.new(name: 'SearchTablesByLFTagsRequest')
     SearchTablesByLFTagsResponse = Shapes::StructureShape.new(name: 'SearchTablesByLFTagsResponse')
+    SecretAccessKeyString = Shapes::StringShape.new(name: 'SecretAccessKeyString')
+    SessionTokenString = Shapes::StringShape.new(name: 'SessionTokenString')
     StartQueryPlanningRequest = Shapes::StructureShape.new(name: 'StartQueryPlanningRequest')
     StartQueryPlanningResponse = Shapes::StructureShape.new(name: 'StartQueryPlanningResponse')
     StartTransactionRequest = Shapes::StructureShape.new(name: 'StartTransactionRequest')
@@ -237,6 +253,8 @@ module Aws::LakeFormation
     UpdateTableObjectsResponse = Shapes::StructureShape.new(name: 'UpdateTableObjectsResponse')
     UpdateTableStorageOptimizerRequest = Shapes::StructureShape.new(name: 'UpdateTableStorageOptimizerRequest')
     UpdateTableStorageOptimizerResponse = Shapes::StructureShape.new(name: 'UpdateTableStorageOptimizerResponse')
+    ValueString = Shapes::StringShape.new(name: 'ValueString')
+    ValueStringList = Shapes::ListShape.new(name: 'ValueStringList')
     VirtualObject = Shapes::StructureShape.new(name: 'VirtualObject')
     VirtualObjectList = Shapes::ListShape.new(name: 'VirtualObjectList')
     WorkUnitIdLong = Shapes::IntegerShape.new(name: 'WorkUnitIdLong')
@@ -269,6 +287,11 @@ module Aws::LakeFormation
     AlreadyExistsException.add_member(:message, Shapes::ShapeRef.new(shape: MessageString, location_name: "Message"))
     AlreadyExistsException.struct_class = Types::AlreadyExistsException
 
+    AuditContext.add_member(:additional_audit_context, Shapes::ShapeRef.new(shape: AuditContextString, location_name: "AdditionalAuditContext"))
+    AuditContext.struct_class = Types::AuditContext
+
+    AuthorizedSessionTagValueList.member = Shapes::ShapeRef.new(shape: NameString)
+
     BatchGrantPermissionsRequest.add_member(:catalog_id, Shapes::ShapeRef.new(shape: CatalogIdString, location_name: "CatalogId"))
     BatchGrantPermissionsRequest.add_member(:entries, Shapes::ShapeRef.new(shape: BatchPermissionsRequestEntryList, required: true, location_name: "Entries"))
     BatchGrantPermissionsRequest.struct_class = Types::BatchGrantPermissionsRequest
@@ -363,6 +386,9 @@ module Aws::LakeFormation
     DataLakeSettings.add_member(:create_database_default_permissions, Shapes::ShapeRef.new(shape: PrincipalPermissionsList, location_name: "CreateDatabaseDefaultPermissions"))
     DataLakeSettings.add_member(:create_table_default_permissions, Shapes::ShapeRef.new(shape: PrincipalPermissionsList, location_name: "CreateTableDefaultPermissions"))
     DataLakeSettings.add_member(:trusted_resource_owners, Shapes::ShapeRef.new(shape: TrustedResourceOwners, location_name: "TrustedResourceOwners"))
+    DataLakeSettings.add_member(:allow_external_data_filtering, Shapes::ShapeRef.new(shape: NullableBoolean, location_name: "AllowExternalDataFiltering"))
+    DataLakeSettings.add_member(:external_data_filtering_allow_list, Shapes::ShapeRef.new(shape: DataLakePrincipalList, location_name: "ExternalDataFilteringAllowList"))
+    DataLakeSettings.add_member(:authorized_session_tag_value_list, Shapes::ShapeRef.new(shape: AuthorizedSessionTagValueList, location_name: "AuthorizedSessionTagValueList"))
     DataLakeSettings.struct_class = Types::DataLakeSettings
 
     DataLocationResource.add_member(:catalog_id, Shapes::ShapeRef.new(shape: CatalogIdString, location_name: "CatalogId"))
@@ -516,6 +542,33 @@ module Aws::LakeFormation
     GetTableObjectsResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: TokenString, location_name: "NextToken"))
     GetTableObjectsResponse.struct_class = Types::GetTableObjectsResponse
 
+    GetTemporaryGluePartitionCredentialsRequest.add_member(:table_arn, Shapes::ShapeRef.new(shape: ResourceArnString, required: true, location_name: "TableArn"))
+    GetTemporaryGluePartitionCredentialsRequest.add_member(:partition, Shapes::ShapeRef.new(shape: PartitionValueList, required: true, location_name: "Partition"))
+    GetTemporaryGluePartitionCredentialsRequest.add_member(:permissions, Shapes::ShapeRef.new(shape: PermissionList, location_name: "Permissions"))
+    GetTemporaryGluePartitionCredentialsRequest.add_member(:duration_seconds, Shapes::ShapeRef.new(shape: CredentialTimeoutDurationSecondInteger, location_name: "DurationSeconds"))
+    GetTemporaryGluePartitionCredentialsRequest.add_member(:audit_context, Shapes::ShapeRef.new(shape: AuditContext, location_name: "AuditContext"))
+    GetTemporaryGluePartitionCredentialsRequest.add_member(:supported_permission_types, Shapes::ShapeRef.new(shape: PermissionTypeList, required: true, location_name: "SupportedPermissionTypes"))
+    GetTemporaryGluePartitionCredentialsRequest.struct_class = Types::GetTemporaryGluePartitionCredentialsRequest
+
+    GetTemporaryGluePartitionCredentialsResponse.add_member(:access_key_id, Shapes::ShapeRef.new(shape: AccessKeyIdString, location_name: "AccessKeyId"))
+    GetTemporaryGluePartitionCredentialsResponse.add_member(:secret_access_key, Shapes::ShapeRef.new(shape: SecretAccessKeyString, location_name: "SecretAccessKey"))
+    GetTemporaryGluePartitionCredentialsResponse.add_member(:session_token, Shapes::ShapeRef.new(shape: SessionTokenString, location_name: "SessionToken"))
+    GetTemporaryGluePartitionCredentialsResponse.add_member(:expiration, Shapes::ShapeRef.new(shape: ExpirationTimestamp, location_name: "Expiration"))
+    GetTemporaryGluePartitionCredentialsResponse.struct_class = Types::GetTemporaryGluePartitionCredentialsResponse
+
+    GetTemporaryGlueTableCredentialsRequest.add_member(:table_arn, Shapes::ShapeRef.new(shape: ResourceArnString, required: true, location_name: "TableArn"))
+    GetTemporaryGlueTableCredentialsRequest.add_member(:permissions, Shapes::ShapeRef.new(shape: PermissionList, location_name: "Permissions"))
+    GetTemporaryGlueTableCredentialsRequest.add_member(:duration_seconds, Shapes::ShapeRef.new(shape: CredentialTimeoutDurationSecondInteger, location_name: "DurationSeconds"))
+    GetTemporaryGlueTableCredentialsRequest.add_member(:audit_context, Shapes::ShapeRef.new(shape: AuditContext, location_name: "AuditContext"))
+    GetTemporaryGlueTableCredentialsRequest.add_member(:supported_permission_types, Shapes::ShapeRef.new(shape: PermissionTypeList, required: true, location_name: "SupportedPermissionTypes"))
+    GetTemporaryGlueTableCredentialsRequest.struct_class = Types::GetTemporaryGlueTableCredentialsRequest
+
+    GetTemporaryGlueTableCredentialsResponse.add_member(:access_key_id, Shapes::ShapeRef.new(shape: AccessKeyIdString, location_name: "AccessKeyId"))
+    GetTemporaryGlueTableCredentialsResponse.add_member(:secret_access_key, Shapes::ShapeRef.new(shape: SecretAccessKeyString, location_name: "SecretAccessKey"))
+    GetTemporaryGlueTableCredentialsResponse.add_member(:session_token, Shapes::ShapeRef.new(shape: SessionTokenString, location_name: "SessionToken"))
+    GetTemporaryGlueTableCredentialsResponse.add_member(:expiration, Shapes::ShapeRef.new(shape: ExpirationTimestamp, location_name: "Expiration"))
+    GetTemporaryGlueTableCredentialsResponse.struct_class = Types::GetTemporaryGlueTableCredentialsResponse
+
     GetWorkUnitResultsRequest.add_member(:query_id, Shapes::ShapeRef.new(shape: GetWorkUnitResultsRequestQueryIdString, required: true, location_name: "QueryId"))
     GetWorkUnitResultsRequest.add_member(:work_unit_id, Shapes::ShapeRef.new(shape: GetWorkUnitResultsRequestWorkUnitIdLong, required: true, location_name: "WorkUnitId"))
     GetWorkUnitResultsRequest.add_member(:work_unit_token, Shapes::ShapeRef.new(shape: SyntheticGetWorkUnitResultsRequestWorkUnitTokenString, required: true, location_name: "WorkUnitToken"))
@@ -651,12 +704,20 @@ module Aws::LakeFormation
     PartitionObjects.add_member(:objects, Shapes::ShapeRef.new(shape: TableObjectList, location_name: "Objects"))
     PartitionObjects.struct_class = Types::PartitionObjects
 
+    PartitionValueList.add_member(:values, Shapes::ShapeRef.new(shape: ValueStringList, required: true, location_name: "Values"))
+    PartitionValueList.struct_class = Types::PartitionValueList
+
     PartitionValuesList.member = Shapes::ShapeRef.new(shape: PartitionValueString)
 
     PartitionedTableObjectsList.member = Shapes::ShapeRef.new(shape: PartitionObjects)
 
     PermissionList.member = Shapes::ShapeRef.new(shape: Permission)
 
+    PermissionTypeList.member = Shapes::ShapeRef.new(shape: PermissionType)
+
+    PermissionTypeMismatchException.add_member(:message, Shapes::ShapeRef.new(shape: MessageString, location_name: "Message"))
+    PermissionTypeMismatchException.struct_class = Types::PermissionTypeMismatchException
+
     PlanningStatistics.add_member(:estimated_data_to_scan_bytes, Shapes::ShapeRef.new(shape: NumberOfBytes, location_name: "EstimatedDataToScanBytes"))
     PlanningStatistics.add_member(:planning_time_millis, Shapes::ShapeRef.new(shape: NumberOfMilliseconds, location_name: "PlanningTimeMillis"))
     PlanningStatistics.add_member(:queue_time_millis, Shapes::ShapeRef.new(shape: NumberOfMilliseconds, location_name: "QueueTimeMillis"))
@@ -890,6 +951,8 @@ module Aws::LakeFormation
     UpdateTableStorageOptimizerResponse.add_member(:result, Shapes::ShapeRef.new(shape: Result, location_name: "Result"))
     UpdateTableStorageOptimizerResponse.struct_class = Types::UpdateTableStorageOptimizerResponse
 
+    ValueStringList.member = Shapes::ShapeRef.new(shape: ValueString)
+
     VirtualObject.add_member(:uri, Shapes::ShapeRef.new(shape: URI, required: true, location_name: "Uri"))
     VirtualObject.add_member(:etag, Shapes::ShapeRef.new(shape: ETagString, location_name: "ETag"))
     VirtualObject.struct_class = Types::VirtualObject
@@ -1223,6 +1286,34 @@ module Aws::LakeFormation
         )
       end)
 
+      api.add_operation(:get_temporary_glue_partition_credentials, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "GetTemporaryGluePartitionCredentials"
+        o.http_method = "POST"
+        o.http_request_uri = "/GetTemporaryGluePartitionCredentials"
+        o.input = Shapes::ShapeRef.new(shape: GetTemporaryGluePartitionCredentialsRequest)
+        o.output = Shapes::ShapeRef.new(shape: GetTemporaryGluePartitionCredentialsResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServiceException)
+        o.errors << Shapes::ShapeRef.new(shape: OperationTimeoutException)
+        o.errors << Shapes::ShapeRef.new(shape: EntityNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+        o.errors << Shapes::ShapeRef.new(shape: PermissionTypeMismatchException)
+      end)
+
+      api.add_operation(:get_temporary_glue_table_credentials, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "GetTemporaryGlueTableCredentials"
+        o.http_method = "POST"
+        o.http_request_uri = "/GetTemporaryGlueTableCredentials"
+        o.input = Shapes::ShapeRef.new(shape: GetTemporaryGlueTableCredentialsRequest)
+        o.output = Shapes::ShapeRef.new(shape: GetTemporaryGlueTableCredentialsResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServiceException)
+        o.errors << Shapes::ShapeRef.new(shape: OperationTimeoutException)
+        o.errors << Shapes::ShapeRef.new(shape: EntityNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+        o.errors << Shapes::ShapeRef.new(shape: PermissionTypeMismatchException)
+      end)
+
       api.add_operation(:get_work_unit_results, Seahorse::Model::Operation.new.tap do |o|
         o.name = "GetWorkUnitResults"
         o.http_method = "POST"

data/lib/aws-sdk-lakeformation/errors.rb

@@ -36,6 +36,7 @@ module Aws::LakeFormation
   # * {InternalServiceException}
   # * {InvalidInputException}
   # * {OperationTimeoutException}
+  # * {PermissionTypeMismatchException}
   # * {ResourceNotReadyException}
   # * {ResourceNumberLimitExceededException}
   # * {StatisticsNotReadyYetException}
@@ -186,6 +187,21 @@ module Aws::LakeFormation
       end
     end
 
+    class PermissionTypeMismatchException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::LakeFormation::Types::PermissionTypeMismatchException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+
+      # @return [String]
+      def message
+        @message || @data[:message]
+      end
+    end
+
     class ResourceNotReadyException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context

data/lib/aws-sdk-lakeformation/types.rb

@@ -192,6 +192,30 @@ module Aws::LakeFormation
       include Aws::Structure
     end
 
+    # A structure used to include auditing information on the privileged
+    # API.
+    #
+    # @note When making an API call, you may pass AuditContext
+    #   data as a hash:
+    #
+    #       {
+    #         additional_audit_context: "AuditContextString",
+    #       }
+    #
+    # @!attribute [rw] additional_audit_context
+    #   The filter engine can populate the 'AdditionalAuditContext'
+    #   information with the request ID for you to track. This information
+    #   will be displayed in CloudTrail log in your account.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/AuditContext AWS API Documentation
+    #
+    class AuditContext < Struct.new(
+      :additional_audit_context)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass BatchGrantPermissionsRequest
     #   data as a hash:
     #
@@ -747,6 +771,9 @@ module Aws::LakeFormation
     #
     # @!attribute [rw] column_wildcard
     #   A wildcard with exclusions.
+    #
+    #   You must specify either a `ColumnNames` list or the
+    #   `ColumnWildCard`.
     #   @return [Types::ColumnWildcard]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/DataCellsFilter AWS API Documentation
@@ -802,8 +829,8 @@ module Aws::LakeFormation
       include Aws::Structure
     end
 
-    # The AWS Lake Formation principal. Supported principals are IAM users
-    # or IAM roles.
+    # The Lake Formation principal. Supported principals are IAM users or
+    # IAM roles.
     #
     # @note When making an API call, you may pass DataLakePrincipal
     #   data as a hash:
@@ -855,6 +882,13 @@ module Aws::LakeFormation
     #           },
     #         ],
     #         trusted_resource_owners: ["CatalogIdString"],
+    #         allow_external_data_filtering: false,
+    #         external_data_filtering_allow_list: [
+    #           {
+    #             data_lake_principal_identifier: "DataLakePrincipalString",
+    #           },
+    #         ],
+    #         authorized_session_tag_value_list: ["NameString"],
     #       }
     #
     # @!attribute [rw] data_lake_admins
@@ -919,13 +953,49 @@ module Aws::LakeFormation
     #   boundary, such as the same team or company.
     #   @return [Array<String>]
     #
+    # @!attribute [rw] allow_external_data_filtering
+    #   Whether to allow Amazon EMR clusters to access data managed by Lake
+    #   Formation.
+    #
+    #   If true, you allow Amazon EMR clusters to access data in Amazon S3
+    #   locations that are registered with Lake Formation.
+    #
+    #   If false or null, no Amazon EMR clusters will be able to access data
+    #   in Amazon S3 locations that are registered with Lake Formation.
+    #
+    #   For more information, see [(Optional) Allow Data Filtering on Amazon
+    #   EMR][1].
+    #
+    #
+    #
+    #   [1]: https://docs-aws.amazon.com/lake-formation/latest/dg/getting-started-setup.html#emr-switch
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] external_data_filtering_allow_list
+    #   A list of the account IDs of Amazon Web Services accounts with
+    #   Amazon EMR clusters that are to perform data filtering.&gt;
+    #   @return [Array<Types::DataLakePrincipal>]
+    #
+    # @!attribute [rw] authorized_session_tag_value_list
+    #   Lake Formation relies on a privileged process secured by Amazon EMR
+    #   or the third party integrator to tag the user's role while assuming
+    #   it. Lake Formation will publish the acceptable key-value pair, for
+    #   example key = "LakeFormationTrustedCaller" and value = "TRUE"
+    #   and the third party integrator must properly tag the temporary
+    #   security credentials that will be used to call Lake Formation's
+    #   administrative APIs.
+    #   @return [Array<String>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/DataLakeSettings AWS API Documentation
     #
     class DataLakeSettings < Struct.new(
       :data_lake_admins,
       :create_database_default_permissions,
       :create_table_default_permissions,
-      :trusted_resource_owners)
+      :trusted_resource_owners,
+      :allow_external_data_filtering,
+      :external_data_filtering_allow_list,
+      :authorized_session_tag_value_list)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1824,6 +1894,167 @@ module Aws::LakeFormation
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass GetTemporaryGluePartitionCredentialsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         table_arn: "ResourceArnString", # required
+    #         partition: { # required
+    #           values: ["ValueString"], # required
+    #         },
+    #         permissions: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_TAG, ALTER_TAG, DELETE_TAG, DESCRIBE_TAG, ASSOCIATE_TAG
+    #         duration_seconds: 1,
+    #         audit_context: {
+    #           additional_audit_context: "AuditContextString",
+    #         },
+    #         supported_permission_types: ["COLUMN_PERMISSION"], # required, accepts COLUMN_PERMISSION, CELL_FILTER_PERMISSION
+    #       }
+    #
+    # @!attribute [rw] table_arn
+    #   The ARN of the partitions' table.
+    #   @return [String]
+    #
+    # @!attribute [rw] partition
+    #   A list of partition values identifying a single partition.
+    #   @return [Types::PartitionValueList]
+    #
+    # @!attribute [rw] permissions
+    #   Filters the request based on the user having been granted a list of
+    #   specified permissions on the requested resource(s).
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] duration_seconds
+    #   The time period, between 900 and 21,600 seconds, for the timeout of
+    #   the temporary credentials.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] audit_context
+    #   A structure representing context to access a resource (column names,
+    #   query ID, etc).
+    #   @return [Types::AuditContext]
+    #
+    # @!attribute [rw] supported_permission_types
+    #   A list of supported permission types for the partition. Valid values
+    #   are `COLUMN_PERMISSION` and `CELL_FILTER_PERMISSION`.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/GetTemporaryGluePartitionCredentialsRequest AWS API Documentation
+    #
+    class GetTemporaryGluePartitionCredentialsRequest < Struct.new(
+      :table_arn,
+      :partition,
+      :permissions,
+      :duration_seconds,
+      :audit_context,
+      :supported_permission_types)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] access_key_id
+    #   The access key ID for the temporary credentials.
+    #   @return [String]
+    #
+    # @!attribute [rw] secret_access_key
+    #   The secret key for the temporary credentials.
+    #   @return [String]
+    #
+    # @!attribute [rw] session_token
+    #   The session token for the temporary credentials.
+    #   @return [String]
+    #
+    # @!attribute [rw] expiration
+    #   The date and time when the temporary credentials expire.
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/GetTemporaryGluePartitionCredentialsResponse AWS API Documentation
+    #
+    class GetTemporaryGluePartitionCredentialsResponse < Struct.new(
+      :access_key_id,
+      :secret_access_key,
+      :session_token,
+      :expiration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass GetTemporaryGlueTableCredentialsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         table_arn: "ResourceArnString", # required
+    #         permissions: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_TAG, ALTER_TAG, DELETE_TAG, DESCRIBE_TAG, ASSOCIATE_TAG
+    #         duration_seconds: 1,
+    #         audit_context: {
+    #           additional_audit_context: "AuditContextString",
+    #         },
+    #         supported_permission_types: ["COLUMN_PERMISSION"], # required, accepts COLUMN_PERMISSION, CELL_FILTER_PERMISSION
+    #       }
+    #
+    # @!attribute [rw] table_arn
+    #   The ARN identifying a table in the Data Catalog for the temporary
+    #   credentials request.
+    #   @return [String]
+    #
+    # @!attribute [rw] permissions
+    #   Filters the request based on the user having been granted a list of
+    #   specified permissions on the requested resource(s).
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] duration_seconds
+    #   The time period, between 900 and 21,600 seconds, for the timeout of
+    #   the temporary credentials.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] audit_context
+    #   A structure representing context to access a resource (column names,
+    #   query ID, etc).
+    #   @return [Types::AuditContext]
+    #
+    # @!attribute [rw] supported_permission_types
+    #   A list of supported permission types for the table. Valid values are
+    #   `COLUMN_PERMISSION` and `CELL_FILTER_PERMISSION`.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/GetTemporaryGlueTableCredentialsRequest AWS API Documentation
+    #
+    class GetTemporaryGlueTableCredentialsRequest < Struct.new(
+      :table_arn,
+      :permissions,
+      :duration_seconds,
+      :audit_context,
+      :supported_permission_types)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] access_key_id
+    #   The access key ID for the temporary credentials.
+    #   @return [String]
+    #
+    # @!attribute [rw] secret_access_key
+    #   The secret key for the temporary credentials.
+    #   @return [String]
+    #
+    # @!attribute [rw] session_token
+    #   The session token for the temporary credentials.
+    #   @return [String]
+    #
+    # @!attribute [rw] expiration
+    #   The date and time when the temporary credentials expire.
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/GetTemporaryGlueTableCredentialsResponse AWS API Documentation
+    #
+    class GetTemporaryGlueTableCredentialsResponse < Struct.new(
+      :access_key_id,
+      :secret_access_key,
+      :session_token,
+      :expiration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass GetWorkUnitResultsRequest
     #   data as a hash:
     #
@@ -2725,6 +2956,45 @@ module Aws::LakeFormation
       include Aws::Structure
     end
 
+    # Contains a list of values defining partitions.
+    #
+    # @note When making an API call, you may pass PartitionValueList
+    #   data as a hash:
+    #
+    #       {
+    #         values: ["ValueString"], # required
+    #       }
+    #
+    # @!attribute [rw] values
+    #   The list of partition values.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/PartitionValueList AWS API Documentation
+    #
+    class PartitionValueList < Struct.new(
+      :values)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The engine does not support filtering data based on the enforced
+    # permissions. For example, if you call the
+    # `GetTemporaryGlueTableCredentials` operation with
+    # `SupportedPermissionType` equal to `ColumnPermission`, but cell-level
+    # permissions exist on the table, this exception is thrown.
+    #
+    # @!attribute [rw] message
+    #   A message describing the problem.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/PermissionTypeMismatchException AWS API Documentation
+    #
+    class PermissionTypeMismatchException < Struct.new(
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Statistics related to the processing of a query statement.
     #
     # @!attribute [rw] estimated_data_to_scan_bytes
@@ -2848,6 +3118,13 @@ module Aws::LakeFormation
     #             },
     #           ],
     #           trusted_resource_owners: ["CatalogIdString"],
+    #           allow_external_data_filtering: false,
+    #           external_data_filtering_allow_list: [
+    #             {
+    #               data_lake_principal_identifier: "DataLakePrincipalString",
+    #             },
+    #           ],
+    #           authorized_session_tag_value_list: ["NameString"],
     #         },
     #       }
     #

data/lib/aws-sdk-lakeformation.rb

@@ -48,6 +48,6 @@ require_relative 'aws-sdk-lakeformation/customizations'
 # @!group service
 module Aws::LakeFormation
 
-  GEM_VERSION = '1.21.0'
+  GEM_VERSION = '1.22.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-lakeformation
 version: !ruby/object:Gem::Version
-  version: 1.21.0
+  version: 1.22.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-12-21 00:00:00.000000000 Z
+date: 2022-01-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core