-
Notifications
You must be signed in to change notification settings - Fork 151
/
getPermissions.go
108 lines (103 loc) · 4.7 KB
/
getPermissions.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
package lakeformation
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
// Get permissions for a principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3. Permissions are granted to a principal, in a Data Catalog, relative to a Lake Formation resource, which includes the Data Catalog, databases, and tables. For more information, see [Security and Access Control to Metadata and Data in Lake Formation](https://docs.aws.amazon.com/lake-formation/latest/dg/security-data-access.html).
//
// > **NOTE:** This data source deals with explicitly granted permissions. Lake Formation grants implicit permissions to data lake administrators, database creators, and table creators. For more information, see [Implicit Lake Formation Permissions](https://docs.aws.amazon.com/lake-formation/latest/dg/implicit-permissions.html).
//
// ## Example Usage
// ### Permissions For A Lake Formation S3 Resource
//
// ```go
// package main
//
// import (
// "github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lakeformation"
// "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
// )
//
// func main() {
// pulumi.Run(func(ctx *pulumi.Context) error {
// _, err := lakeformation.LookupPermissions(ctx, &lakeformation.LookupPermissionsArgs{
// Principal: aws_iam_role.Workflow_role.Arn,
// DataLocation: lakeformation.GetPermissionsDataLocation{
// Arn: aws_lakeformation_resource.Test.Arn,
// },
// }, nil)
// if err != nil {
// return err
// }
// return nil
// })
// }
// ```
// ### Permissions For A Glue Catalog Database
//
// ```go
// package main
//
// import (
// "github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lakeformation"
// "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
// )
//
// func main() {
// pulumi.Run(func(ctx *pulumi.Context) error {
// _, err := lakeformation.LookupPermissions(ctx, &lakeformation.LookupPermissionsArgs{
// Principal: aws_iam_role.Workflow_role.Arn,
// Database: lakeformation.GetPermissionsDatabase{
// Name: aws_glue_catalog_database.Test.Name,
// CatalogId: "110376042874",
// },
// }, nil)
// if err != nil {
// return err
// }
// return nil
// })
// }
// ```
func LookupPermissions(ctx *pulumi.Context, args *LookupPermissionsArgs, opts ...pulumi.InvokeOption) (*LookupPermissionsResult, error) {
var rv LookupPermissionsResult
err := ctx.Invoke("aws:lakeformation/getPermissions:getPermissions", args, &rv, opts...)
if err != nil {
return nil, err
}
return &rv, nil
}
// A collection of arguments for invoking getPermissions.
type LookupPermissionsArgs struct {
// Identifier for the Data Catalog. By default, it is the account ID of the caller.
CatalogId *string `pulumi:"catalogId"`
// Whether the permissions are to be granted for the Data Catalog. Defaults to `false`.
CatalogResource *bool `pulumi:"catalogResource"`
// Configuration block for a data location resource. Detailed below.
DataLocation *GetPermissionsDataLocation `pulumi:"dataLocation"`
// Configuration block for a database resource. Detailed below.
Database *GetPermissionsDatabase `pulumi:"database"`
// Principal to be granted the permissions on the resource. Supported principals are IAM users or IAM roles.
Principal string `pulumi:"principal"`
// Configuration block for a table resource. Detailed below.
Table *GetPermissionsTable `pulumi:"table"`
// Configuration block for a table with columns resource. Detailed below.
TableWithColumns *GetPermissionsTableWithColumns `pulumi:"tableWithColumns"`
}
// A collection of values returned by getPermissions.
type LookupPermissionsResult struct {
CatalogId *string `pulumi:"catalogId"`
CatalogResource *bool `pulumi:"catalogResource"`
DataLocation GetPermissionsDataLocation `pulumi:"dataLocation"`
Database GetPermissionsDatabase `pulumi:"database"`
// The provider-assigned unique ID for this managed resource.
Id string `pulumi:"id"`
// List of permissions granted to the principal. For details on permissions, see [Lake Formation Permissions Reference](https://docs.aws.amazon.com/lake-formation/latest/dg/lf-permissions-reference.html).
Permissions []string `pulumi:"permissions"`
// Subset of `permissions` which the principal can pass.
PermissionsWithGrantOptions []string `pulumi:"permissionsWithGrantOptions"`
Principal string `pulumi:"principal"`
Table GetPermissionsTable `pulumi:"table"`
TableWithColumns GetPermissionsTableWithColumns `pulumi:"tableWithColumns"`
}