github.com/pulumi/pulumi-aws/sdk/v6@v6.32.0/go/aws/lakeformation/getPermissions.go (about) 1 // Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. 2 // *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** 3 4 package lakeformation 5 6 import ( 7 "context" 8 "reflect" 9 10 "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/internal" 11 "github.com/pulumi/pulumi/sdk/v3/go/pulumi" 12 ) 13 14 // Get permissions for a principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3. Permissions are granted to a principal, in a Data Catalog, relative to a Lake Formation resource, which includes the Data Catalog, databases, tables, LF-tags, and LF-tag policies. For more information, see [Security and Access Control to Metadata and Data in Lake Formation](https://docs.aws.amazon.com/lake-formation/latest/dg/security-data-access.html). 15 // 16 // > **NOTE:** This data source deals with explicitly granted permissions. Lake Formation grants implicit permissions to data lake administrators, database creators, and table creators. For more information, see [Implicit Lake Formation Permissions](https://docs.aws.amazon.com/lake-formation/latest/dg/implicit-permissions.html). 17 // 18 // ## Example Usage 19 // 20 // ### Permissions For A Lake Formation S3 Resource 21 // 22 // <!--Start PulumiCodeChooser --> 23 // ```go 24 // package main 25 // 26 // import ( 27 // 28 // "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation" 29 // "github.com/pulumi/pulumi/sdk/v3/go/pulumi" 30 // 31 // ) 32 // 33 // func main() { 34 // pulumi.Run(func(ctx *pulumi.Context) error { 35 // _, err := lakeformation.LookupPermissions(ctx, &lakeformation.LookupPermissionsArgs{ 36 // Principal: workflowRole.Arn, 37 // DataLocation: lakeformation.GetPermissionsDataLocation{ 38 // Arn: testAwsLakeformationResource.Arn, 39 // }, 40 // }, nil) 41 // if err != nil { 42 // return err 43 // } 44 // return nil 45 // }) 46 // } 47 // 48 // ``` 49 // <!--End PulumiCodeChooser --> 50 // 51 // ### Permissions For A Glue Catalog Database 52 // 53 // <!--Start PulumiCodeChooser --> 54 // ```go 55 // package main 56 // 57 // import ( 58 // 59 // "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation" 60 // "github.com/pulumi/pulumi/sdk/v3/go/pulumi" 61 // 62 // ) 63 // 64 // func main() { 65 // pulumi.Run(func(ctx *pulumi.Context) error { 66 // _, err := lakeformation.LookupPermissions(ctx, &lakeformation.LookupPermissionsArgs{ 67 // Principal: workflowRole.Arn, 68 // Database: lakeformation.GetPermissionsDatabase{ 69 // Name: testAwsGlueCatalogDatabase.Name, 70 // CatalogId: "110376042874", 71 // }, 72 // }, nil) 73 // if err != nil { 74 // return err 75 // } 76 // return nil 77 // }) 78 // } 79 // 80 // ``` 81 // <!--End PulumiCodeChooser --> 82 // 83 // ### Permissions For Tag-Based Access Control 84 // 85 // <!--Start PulumiCodeChooser --> 86 // ```go 87 // package main 88 // 89 // import ( 90 // 91 // "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation" 92 // "github.com/pulumi/pulumi/sdk/v3/go/pulumi" 93 // 94 // ) 95 // 96 // func main() { 97 // pulumi.Run(func(ctx *pulumi.Context) error { 98 // _, err := lakeformation.LookupPermissions(ctx, &lakeformation.LookupPermissionsArgs{ 99 // Principal: workflowRole.Arn, 100 // LfTagPolicy: lakeformation.GetPermissionsLfTagPolicy{ 101 // ResourceType: "DATABASE", 102 // Expressions: []lakeformation.GetPermissionsLfTagPolicyExpression{ 103 // { 104 // Key: "Team", 105 // Values: []string{ 106 // "Sales", 107 // }, 108 // }, 109 // { 110 // Key: "Environment", 111 // Values: []string{ 112 // "Dev", 113 // "Production", 114 // }, 115 // }, 116 // }, 117 // }, 118 // }, nil) 119 // if err != nil { 120 // return err 121 // } 122 // return nil 123 // }) 124 // } 125 // 126 // ``` 127 // <!--End PulumiCodeChooser --> 128 func LookupPermissions(ctx *pulumi.Context, args *LookupPermissionsArgs, opts ...pulumi.InvokeOption) (*LookupPermissionsResult, error) { 129 opts = internal.PkgInvokeDefaultOpts(opts) 130 var rv LookupPermissionsResult 131 err := ctx.Invoke("aws:lakeformation/getPermissions:getPermissions", args, &rv, opts...) 132 if err != nil { 133 return nil, err 134 } 135 return &rv, nil 136 } 137 138 // A collection of arguments for invoking getPermissions. 139 type LookupPermissionsArgs struct { 140 // Identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment. 141 CatalogId *string `pulumi:"catalogId"` 142 // Whether the permissions are to be granted for the Data Catalog. Defaults to `false`. 143 CatalogResource *bool `pulumi:"catalogResource"` 144 // Configuration block for a data cells filter resource. Detailed below. 145 DataCellsFilter *GetPermissionsDataCellsFilter `pulumi:"dataCellsFilter"` 146 // Configuration block for a data location resource. Detailed below. 147 DataLocation *GetPermissionsDataLocation `pulumi:"dataLocation"` 148 // Configuration block for a database resource. Detailed below. 149 Database *GetPermissionsDatabase `pulumi:"database"` 150 // Configuration block for an LF-tag resource. Detailed below. 151 LfTag *GetPermissionsLfTag `pulumi:"lfTag"` 152 // Configuration block for an LF-tag policy resource. Detailed below. 153 LfTagPolicy *GetPermissionsLfTagPolicy `pulumi:"lfTagPolicy"` 154 // Principal to be granted the permissions on the resource. Supported principals are IAM users or IAM roles. 155 // 156 // One of the following is required: 157 Principal string `pulumi:"principal"` 158 // Configuration block for a table resource. Detailed below. 159 Table *GetPermissionsTable `pulumi:"table"` 160 // Configuration block for a table with columns resource. Detailed below. 161 // 162 // The following arguments are optional: 163 TableWithColumns *GetPermissionsTableWithColumns `pulumi:"tableWithColumns"` 164 } 165 166 // A collection of values returned by getPermissions. 167 type LookupPermissionsResult struct { 168 CatalogId *string `pulumi:"catalogId"` 169 CatalogResource *bool `pulumi:"catalogResource"` 170 DataCellsFilter GetPermissionsDataCellsFilter `pulumi:"dataCellsFilter"` 171 DataLocation GetPermissionsDataLocation `pulumi:"dataLocation"` 172 Database GetPermissionsDatabase `pulumi:"database"` 173 // The provider-assigned unique ID for this managed resource. 174 Id string `pulumi:"id"` 175 LfTag GetPermissionsLfTag `pulumi:"lfTag"` 176 LfTagPolicy GetPermissionsLfTagPolicy `pulumi:"lfTagPolicy"` 177 // List of permissions granted to the principal. For details on permissions, see [Lake Formation Permissions Reference](https://docs.aws.amazon.com/lake-formation/latest/dg/lf-permissions-reference.html). 178 Permissions []string `pulumi:"permissions"` 179 // Subset of `permissions` which the principal can pass. 180 PermissionsWithGrantOptions []string `pulumi:"permissionsWithGrantOptions"` 181 Principal string `pulumi:"principal"` 182 Table GetPermissionsTable `pulumi:"table"` 183 TableWithColumns GetPermissionsTableWithColumns `pulumi:"tableWithColumns"` 184 } 185 186 func LookupPermissionsOutput(ctx *pulumi.Context, args LookupPermissionsOutputArgs, opts ...pulumi.InvokeOption) LookupPermissionsResultOutput { 187 return pulumi.ToOutputWithContext(context.Background(), args). 188 ApplyT(func(v interface{}) (LookupPermissionsResult, error) { 189 args := v.(LookupPermissionsArgs) 190 r, err := LookupPermissions(ctx, &args, opts...) 191 var s LookupPermissionsResult 192 if r != nil { 193 s = *r 194 } 195 return s, err 196 }).(LookupPermissionsResultOutput) 197 } 198 199 // A collection of arguments for invoking getPermissions. 200 type LookupPermissionsOutputArgs struct { 201 // Identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment. 202 CatalogId pulumi.StringPtrInput `pulumi:"catalogId"` 203 // Whether the permissions are to be granted for the Data Catalog. Defaults to `false`. 204 CatalogResource pulumi.BoolPtrInput `pulumi:"catalogResource"` 205 // Configuration block for a data cells filter resource. Detailed below. 206 DataCellsFilter GetPermissionsDataCellsFilterPtrInput `pulumi:"dataCellsFilter"` 207 // Configuration block for a data location resource. Detailed below. 208 DataLocation GetPermissionsDataLocationPtrInput `pulumi:"dataLocation"` 209 // Configuration block for a database resource. Detailed below. 210 Database GetPermissionsDatabasePtrInput `pulumi:"database"` 211 // Configuration block for an LF-tag resource. Detailed below. 212 LfTag GetPermissionsLfTagPtrInput `pulumi:"lfTag"` 213 // Configuration block for an LF-tag policy resource. Detailed below. 214 LfTagPolicy GetPermissionsLfTagPolicyPtrInput `pulumi:"lfTagPolicy"` 215 // Principal to be granted the permissions on the resource. Supported principals are IAM users or IAM roles. 216 // 217 // One of the following is required: 218 Principal pulumi.StringInput `pulumi:"principal"` 219 // Configuration block for a table resource. Detailed below. 220 Table GetPermissionsTablePtrInput `pulumi:"table"` 221 // Configuration block for a table with columns resource. Detailed below. 222 // 223 // The following arguments are optional: 224 TableWithColumns GetPermissionsTableWithColumnsPtrInput `pulumi:"tableWithColumns"` 225 } 226 227 func (LookupPermissionsOutputArgs) ElementType() reflect.Type { 228 return reflect.TypeOf((*LookupPermissionsArgs)(nil)).Elem() 229 } 230 231 // A collection of values returned by getPermissions. 232 type LookupPermissionsResultOutput struct{ *pulumi.OutputState } 233 234 func (LookupPermissionsResultOutput) ElementType() reflect.Type { 235 return reflect.TypeOf((*LookupPermissionsResult)(nil)).Elem() 236 } 237 238 func (o LookupPermissionsResultOutput) ToLookupPermissionsResultOutput() LookupPermissionsResultOutput { 239 return o 240 } 241 242 func (o LookupPermissionsResultOutput) ToLookupPermissionsResultOutputWithContext(ctx context.Context) LookupPermissionsResultOutput { 243 return o 244 } 245 246 func (o LookupPermissionsResultOutput) CatalogId() pulumi.StringPtrOutput { 247 return o.ApplyT(func(v LookupPermissionsResult) *string { return v.CatalogId }).(pulumi.StringPtrOutput) 248 } 249 250 func (o LookupPermissionsResultOutput) CatalogResource() pulumi.BoolPtrOutput { 251 return o.ApplyT(func(v LookupPermissionsResult) *bool { return v.CatalogResource }).(pulumi.BoolPtrOutput) 252 } 253 254 func (o LookupPermissionsResultOutput) DataCellsFilter() GetPermissionsDataCellsFilterOutput { 255 return o.ApplyT(func(v LookupPermissionsResult) GetPermissionsDataCellsFilter { return v.DataCellsFilter }).(GetPermissionsDataCellsFilterOutput) 256 } 257 258 func (o LookupPermissionsResultOutput) DataLocation() GetPermissionsDataLocationOutput { 259 return o.ApplyT(func(v LookupPermissionsResult) GetPermissionsDataLocation { return v.DataLocation }).(GetPermissionsDataLocationOutput) 260 } 261 262 func (o LookupPermissionsResultOutput) Database() GetPermissionsDatabaseOutput { 263 return o.ApplyT(func(v LookupPermissionsResult) GetPermissionsDatabase { return v.Database }).(GetPermissionsDatabaseOutput) 264 } 265 266 // The provider-assigned unique ID for this managed resource. 267 func (o LookupPermissionsResultOutput) Id() pulumi.StringOutput { 268 return o.ApplyT(func(v LookupPermissionsResult) string { return v.Id }).(pulumi.StringOutput) 269 } 270 271 func (o LookupPermissionsResultOutput) LfTag() GetPermissionsLfTagOutput { 272 return o.ApplyT(func(v LookupPermissionsResult) GetPermissionsLfTag { return v.LfTag }).(GetPermissionsLfTagOutput) 273 } 274 275 func (o LookupPermissionsResultOutput) LfTagPolicy() GetPermissionsLfTagPolicyOutput { 276 return o.ApplyT(func(v LookupPermissionsResult) GetPermissionsLfTagPolicy { return v.LfTagPolicy }).(GetPermissionsLfTagPolicyOutput) 277 } 278 279 // List of permissions granted to the principal. For details on permissions, see [Lake Formation Permissions Reference](https://docs.aws.amazon.com/lake-formation/latest/dg/lf-permissions-reference.html). 280 func (o LookupPermissionsResultOutput) Permissions() pulumi.StringArrayOutput { 281 return o.ApplyT(func(v LookupPermissionsResult) []string { return v.Permissions }).(pulumi.StringArrayOutput) 282 } 283 284 // Subset of `permissions` which the principal can pass. 285 func (o LookupPermissionsResultOutput) PermissionsWithGrantOptions() pulumi.StringArrayOutput { 286 return o.ApplyT(func(v LookupPermissionsResult) []string { return v.PermissionsWithGrantOptions }).(pulumi.StringArrayOutput) 287 } 288 289 func (o LookupPermissionsResultOutput) Principal() pulumi.StringOutput { 290 return o.ApplyT(func(v LookupPermissionsResult) string { return v.Principal }).(pulumi.StringOutput) 291 } 292 293 func (o LookupPermissionsResultOutput) Table() GetPermissionsTableOutput { 294 return o.ApplyT(func(v LookupPermissionsResult) GetPermissionsTable { return v.Table }).(GetPermissionsTableOutput) 295 } 296 297 func (o LookupPermissionsResultOutput) TableWithColumns() GetPermissionsTableWithColumnsOutput { 298 return o.ApplyT(func(v LookupPermissionsResult) GetPermissionsTableWithColumns { return v.TableWithColumns }).(GetPermissionsTableWithColumnsOutput) 299 } 300 301 func init() { 302 pulumi.RegisterOutputType(LookupPermissionsResultOutput{}) 303 }