feat(client-finspace-data): Release new API GetExternalDataViewAccess…

…Details

clients/client-finspace-data/src/FinspaceData.ts

@@ -51,6 +51,11 @@ import {
 } from "./commands/GetChangesetCommand";
 import { GetDatasetCommand, GetDatasetCommandInput, GetDatasetCommandOutput } from "./commands/GetDatasetCommand";
 import { GetDataViewCommand, GetDataViewCommandInput, GetDataViewCommandOutput } from "./commands/GetDataViewCommand";
+import {
+  GetExternalDataViewAccessDetailsCommand,
+  GetExternalDataViewAccessDetailsCommandInput,
+  GetExternalDataViewAccessDetailsCommandOutput,
+} from "./commands/GetExternalDataViewAccessDetailsCommand";
 import {
   GetPermissionGroupCommand,
   GetPermissionGroupCommandInput,
@@ -540,6 +545,46 @@ export class FinspaceData extends FinspaceDataClient {
     }
   }
 
+  /**
+   * <p>Returns the credentials to access the external Dataview from an S3 location. To call this API:</p>
+   *          <ul>
+   *             <li>
+   *                <p>You must retrieve the programmatic credentials.</p>
+   *             </li>
+   *             <li>
+   *                <p>You must be a member of a FinSpace user group, where the dataset that you want to access has <code>Read Dataset Data</code> permissions.</p>
+   *             </li>
+   *          </ul>
+   */
+  public getExternalDataViewAccessDetails(
+    args: GetExternalDataViewAccessDetailsCommandInput,
+    options?: __HttpHandlerOptions
+  ): Promise<GetExternalDataViewAccessDetailsCommandOutput>;
+  public getExternalDataViewAccessDetails(
+    args: GetExternalDataViewAccessDetailsCommandInput,
+    cb: (err: any, data?: GetExternalDataViewAccessDetailsCommandOutput) => void
+  ): void;
+  public getExternalDataViewAccessDetails(
+    args: GetExternalDataViewAccessDetailsCommandInput,
+    options: __HttpHandlerOptions,
+    cb: (err: any, data?: GetExternalDataViewAccessDetailsCommandOutput) => void
+  ): void;
+  public getExternalDataViewAccessDetails(
+    args: GetExternalDataViewAccessDetailsCommandInput,
+    optionsOrCb?: __HttpHandlerOptions | ((err: any, data?: GetExternalDataViewAccessDetailsCommandOutput) => void),
+    cb?: (err: any, data?: GetExternalDataViewAccessDetailsCommandOutput) => void
+  ): Promise<GetExternalDataViewAccessDetailsCommandOutput> | void {
+    const command = new GetExternalDataViewAccessDetailsCommand(args);
+    if (typeof optionsOrCb === "function") {
+      this.send(command, optionsOrCb);
+    } else if (typeof cb === "function") {
+      if (typeof optionsOrCb !== "object") throw new Error(`Expect http options but get ${typeof optionsOrCb}`);
+      this.send(command, optionsOrCb || {}, cb);
+    } else {
+      return this.send(command, optionsOrCb);
+    }
+  }
+
   /**
    * <p>Retrieves the details of a specific permission group.</p>
    */

clients/client-finspace-data/src/FinspaceDataClient.ts

@@ -79,6 +79,10 @@ import { EnableUserCommandInput, EnableUserCommandOutput } from "./commands/Enab
 import { GetChangesetCommandInput, GetChangesetCommandOutput } from "./commands/GetChangesetCommand";
 import { GetDatasetCommandInput, GetDatasetCommandOutput } from "./commands/GetDatasetCommand";
 import { GetDataViewCommandInput, GetDataViewCommandOutput } from "./commands/GetDataViewCommand";
+import {
+  GetExternalDataViewAccessDetailsCommandInput,
+  GetExternalDataViewAccessDetailsCommandOutput,
+} from "./commands/GetExternalDataViewAccessDetailsCommand";
 import { GetPermissionGroupCommandInput, GetPermissionGroupCommandOutput } from "./commands/GetPermissionGroupCommand";
 import {
   GetProgrammaticAccessCredentialsCommandInput,
@@ -127,6 +131,7 @@ export type ServiceInputTypes =
   | GetChangesetCommandInput
   | GetDataViewCommandInput
   | GetDatasetCommandInput
+  | GetExternalDataViewAccessDetailsCommandInput
   | GetPermissionGroupCommandInput
   | GetProgrammaticAccessCredentialsCommandInput
   | GetUserCommandInput
@@ -159,6 +164,7 @@ export type ServiceOutputTypes =
   | GetChangesetCommandOutput
   | GetDataViewCommandOutput
   | GetDatasetCommandOutput
+  | GetExternalDataViewAccessDetailsCommandOutput
   | GetPermissionGroupCommandOutput
   | GetProgrammaticAccessCredentialsCommandOutput
   | GetUserCommandOutput

clients/client-finspace-data/src/commands/GetExternalDataViewAccessDetailsCommand.ts

@@ -0,0 +1,112 @@
+// smithy-typescript generated code
+import { getSerdePlugin } from "@aws-sdk/middleware-serde";
+import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@aws-sdk/protocol-http";
+import { Command as $Command } from "@aws-sdk/smithy-client";
+import {
+  FinalizeHandlerArguments,
+  Handler,
+  HandlerExecutionContext,
+  HttpHandlerOptions as __HttpHandlerOptions,
+  MetadataBearer as __MetadataBearer,
+  MiddlewareStack,
+  SerdeContext as __SerdeContext,
+} from "@aws-sdk/types";
+
+import { FinspaceDataClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../FinspaceDataClient";
+import { GetExternalDataViewAccessDetailsRequest, GetExternalDataViewAccessDetailsResponse } from "../models/models_0";
+import {
+  deserializeAws_restJson1GetExternalDataViewAccessDetailsCommand,
+  serializeAws_restJson1GetExternalDataViewAccessDetailsCommand,
+} from "../protocols/Aws_restJson1";
+
+export interface GetExternalDataViewAccessDetailsCommandInput extends GetExternalDataViewAccessDetailsRequest {}
+export interface GetExternalDataViewAccessDetailsCommandOutput
+  extends GetExternalDataViewAccessDetailsResponse,
+    __MetadataBearer {}
+
+/**
+ * <p>Returns the credentials to access the external Dataview from an S3 location. To call this API:</p>
+ *          <ul>
+ *             <li>
+ *                <p>You must retrieve the programmatic credentials.</p>
+ *             </li>
+ *             <li>
+ *                <p>You must be a member of a FinSpace user group, where the dataset that you want to access has <code>Read Dataset Data</code> permissions.</p>
+ *             </li>
+ *          </ul>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { FinspaceDataClient, GetExternalDataViewAccessDetailsCommand } from "@aws-sdk/client-finspace-data"; // ES Modules import
+ * // const { FinspaceDataClient, GetExternalDataViewAccessDetailsCommand } = require("@aws-sdk/client-finspace-data"); // CommonJS import
+ * const client = new FinspaceDataClient(config);
+ * const command = new GetExternalDataViewAccessDetailsCommand(input);
+ * const response = await client.send(command);
+ * ```
+ *
+ * @see {@link GetExternalDataViewAccessDetailsCommandInput} for command's `input` shape.
+ * @see {@link GetExternalDataViewAccessDetailsCommandOutput} for command's `response` shape.
+ * @see {@link FinspaceDataClientResolvedConfig | config} for FinspaceDataClient's `config` shape.
+ *
+ */
+export class GetExternalDataViewAccessDetailsCommand extends $Command<
+  GetExternalDataViewAccessDetailsCommandInput,
+  GetExternalDataViewAccessDetailsCommandOutput,
+  FinspaceDataClientResolvedConfig
+> {
+  // Start section: command_properties
+  // End section: command_properties
+
+  constructor(readonly input: GetExternalDataViewAccessDetailsCommandInput) {
+    // Start section: command_constructor
+    super();
+    // End section: command_constructor
+  }
+
+  /**
+   * @internal
+   */
+  resolveMiddleware(
+    clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>,
+    configuration: FinspaceDataClientResolvedConfig,
+    options?: __HttpHandlerOptions
+  ): Handler<GetExternalDataViewAccessDetailsCommandInput, GetExternalDataViewAccessDetailsCommandOutput> {
+    this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize));
+
+    const stack = clientStack.concat(this.middlewareStack);
+
+    const { logger } = configuration;
+    const clientName = "FinspaceDataClient";
+    const commandName = "GetExternalDataViewAccessDetailsCommand";
+    const handlerExecutionContext: HandlerExecutionContext = {
+      logger,
+      clientName,
+      commandName,
+      inputFilterSensitiveLog: GetExternalDataViewAccessDetailsRequest.filterSensitiveLog,
+      outputFilterSensitiveLog: GetExternalDataViewAccessDetailsResponse.filterSensitiveLog,
+    };
+    const { requestHandler } = configuration;
+    return stack.resolve(
+      (request: FinalizeHandlerArguments<any>) =>
+        requestHandler.handle(request.request as __HttpRequest, options || {}),
+      handlerExecutionContext
+    );
+  }
+
+  private serialize(
+    input: GetExternalDataViewAccessDetailsCommandInput,
+    context: __SerdeContext
+  ): Promise<__HttpRequest> {
+    return serializeAws_restJson1GetExternalDataViewAccessDetailsCommand(input, context);
+  }
+
+  private deserialize(
+    output: __HttpResponse,
+    context: __SerdeContext
+  ): Promise<GetExternalDataViewAccessDetailsCommandOutput> {
+    return deserializeAws_restJson1GetExternalDataViewAccessDetailsCommand(output, context);
+  }
+
+  // Start section: command_body_extra
+  // End section: command_body_extra
+}

clients/client-finspace-data/src/commands/index.ts

@@ -13,6 +13,7 @@ export * from "./EnableUserCommand";
 export * from "./GetChangesetCommand";
 export * from "./GetDataViewCommand";
 export * from "./GetDatasetCommand";
+export * from "./GetExternalDataViewAccessDetailsCommand";
 export * from "./GetPermissionGroupCommand";
 export * from "./GetProgrammaticAccessCredentialsCommand";
 export * from "./GetUserCommand";

clients/client-finspace-data/src/models/models_0.ts

@@ -181,6 +181,42 @@ export class ValidationException extends __BaseException {
   }
 }
 
+/**
+ * <p> The credentials required to access the external Dataview from the S3 location.</p>
+ */
+export interface AwsCredentials {
+  /**
+   * <p> The unique identifier for the security credentials.</p>
+   */
+  accessKeyId?: string;
+
+  /**
+   * <p> The secret access key that can be used to sign requests.</p>
+   */
+  secretAccessKey?: string;
+
+  /**
+   * <p> The token that users must pass to use the credentials.</p>
+   */
+  sessionToken?: string;
+
+  /**
+   * <p> The Epoch time when the current credentials expire.</p>
+   */
+  expiration?: number;
+}
+
+export namespace AwsCredentials {
+  /**
+   * @internal
+   */
+  export const filterSensitiveLog = (obj: AwsCredentials): any => ({
+    ...obj,
+    ...(obj.secretAccessKey && { secretAccessKey: SENSITIVE_STRING }),
+    ...(obj.sessionToken && { sessionToken: SENSITIVE_STRING }),
+  });
+}
+
 export enum ChangeType {
   APPEND = "APPEND",
   MODIFY = "MODIFY",
@@ -820,6 +856,9 @@ export interface CreatePermissionGroupRequest {
 
   /**
    * <p>The option to indicate FinSpace application permissions that are granted to a specific group.</p>
+   *          <important>
+   *             <p>When assigning application permissions, be aware that the permission <code>ManageUsersAndGroups</code> allows users to grant themselves or others access to any functionality in their FinSpace environment's application. It should only be granted to trusted users.</p>
+   *          </important>
    *          <ul>
    *             <li>
    *                <p>
@@ -831,7 +870,7 @@ export interface CreatePermissionGroupRequest {
    *             </li>
    *             <li>
    *                <p>
-   *                   <code>ManageUsersAndGroups</code> – Group members can manage users and permission groups.</p>
+   *                   <code>ManageUsersAndGroups</code> – Group members can manage users and permission groups. This is a privileged permission that allows users to grant themselves or others access to any functionality in the application. It should only be granted to trusted users.</p>
    *             </li>
    *             <li>
    *                <p>
@@ -1695,6 +1734,73 @@ export namespace GetDataViewResponse {
   });
 }
 
+export interface GetExternalDataViewAccessDetailsRequest {
+  /**
+   * <p>The unique identifier for the Dataview that you want to access.</p>
+   */
+  dataViewId: string | undefined;
+
+  /**
+   * <p>The unique identifier for the Dataset.</p>
+   */
+  datasetId: string | undefined;
+}
+
+export namespace GetExternalDataViewAccessDetailsRequest {
+  /**
+   * @internal
+   */
+  export const filterSensitiveLog = (obj: GetExternalDataViewAccessDetailsRequest): any => ({
+    ...obj,
+  });
+}
+
+/**
+ * <p>The location of an external Dataview in an S3 bucket.</p>
+ */
+export interface S3Location {
+  /**
+   * <p> The name of the S3 bucket.</p>
+   */
+  bucket: string | undefined;
+
+  /**
+   * <p> The path of the folder, within the S3 bucket that contains the Dataset.</p>
+   */
+  key: string | undefined;
+}
+
+export namespace S3Location {
+  /**
+   * @internal
+   */
+  export const filterSensitiveLog = (obj: S3Location): any => ({
+    ...obj,
+  });
+}
+
+export interface GetExternalDataViewAccessDetailsResponse {
+  /**
+   * <p>The credentials required to access the external Dataview from the S3 location.</p>
+   */
+  credentials?: AwsCredentials;
+
+  /**
+   * <p>The location where the external Dataview is stored.</p>
+   */
+  s3Location?: S3Location;
+}
+
+export namespace GetExternalDataViewAccessDetailsResponse {
+  /**
+   * @internal
+   */
+  export const filterSensitiveLog = (obj: GetExternalDataViewAccessDetailsResponse): any => ({
+    ...obj,
+    ...(obj.credentials && { credentials: AwsCredentials.filterSensitiveLog(obj.credentials) }),
+  });
+}
+
 export interface GetPermissionGroupRequest {
   /**
    * <p>The unique identifier for the permission group.</p>
@@ -1738,6 +1844,9 @@ export interface PermissionGroup {
 
   /**
    * <p>Indicates the permissions that are granted to a specific group for accessing the FinSpace application.</p>
+   *          <important>
+   *             <p>When assigning application permissions, be aware that the permission <code>ManageUsersAndGroups</code> allows users to grant themselves or others access to any functionality in their FinSpace environment's application. It should only be granted to trusted users.</p>
+   *          </important>
    *          <ul>
    *             <li>
    *                <p>
@@ -1749,7 +1858,7 @@ export interface PermissionGroup {
    *             </li>
    *             <li>
    *                <p>
-   *                   <code>ManageUsersAndGroups</code> – Group members can manage users and permission groups.</p>
+   *                   <code>ManageUsersAndGroups</code> – Group members can manage users and permission groups. This is a privileged permission that allows users to grant themselves or others access to any functionality in the application. It should only be granted to trusted users.</p>
    *             </li>
    *             <li>
    *                <p>
@@ -3275,6 +3384,9 @@ export interface UpdatePermissionGroupRequest {
 
   /**
    * <p>The permissions that are granted to a specific group for accessing the FinSpace application.</p>
+   *          <important>
+   *             <p>When assigning application permissions, be aware that the permission <code>ManageUsersAndGroups</code> allows users to grant themselves or others access to any functionality in their FinSpace environment's application. It should only be granted to trusted users.</p>
+   *          </important>
    *          <ul>
    *             <li>
    *                <p>
@@ -3286,7 +3398,7 @@ export interface UpdatePermissionGroupRequest {
    *             </li>
    *             <li>
    *                <p>
-   *                   <code>ManageUsersAndGroups</code> – Group members can manage users and permission groups.</p>
+   *                   <code>ManageUsersAndGroups</code> – Group members can manage users and permission groups. This is a privileged permission that allows users to grant themselves or others access to any functionality in the application. It should only be granted to trusted users.</p>
    *             </li>
    *             <li>
    *                <p>