LakeFormation class

Defines the public endpoint for the Lake Formation service.

Constructors

LakeFormation({required String region, AwsClientCredentials? credentials, AwsClientCredentialsProvider? credentialsProvider, Client? client, String? endpointUrl})

Properties

hashCode → int

The hash code for this object.

no setter, inherited

runtimeType → Type

A representation of the runtime type of the object.

no setter, inherited

Methods

addLFTagsToResource({required List<LFTagPair> lFTags, required Resource resource, String? catalogId}) → Future<AddLFTagsToResourceResponse>

Attaches one or more LF-tags to an existing resource.

assumeDecoratedRoleWithSAML({required String principalArn, required String roleArn, required String sAMLAssertion, int? durationSeconds}) → Future<AssumeDecoratedRoleWithSAMLResponse>

Allows a caller to assume an IAM role decorated as the SAML user specified in the SAML assertion included in the request. This decoration allows Lake Formation to enforce access policies against the SAML users and groups. This API operation requires SAML federation setup in the caller’s account as it can only be called with valid SAML assertions. Lake Formation does not scope down the permission of the assumed role. All permissions attached to the role via the SAML federation setup will be included in the role session.

batchGrantPermissions({required List<BatchPermissionsRequestEntry> entries, String? catalogId}) → Future<BatchGrantPermissionsResponse>

Batch operation to grant permissions to the principal.

batchRevokePermissions({required List<BatchPermissionsRequestEntry> entries, String? catalogId}) → Future<BatchRevokePermissionsResponse>

Batch operation to revoke permissions from the principal.

cancelTransaction({required String transactionId}) → Future<void>

Attempts to cancel the specified transaction. Returns an exception if the transaction was previously committed.

close() → void

Closes the internal HTTP client if none was provided at creation. If a client was passed as a constructor argument, this becomes a noop.

commitTransaction({required String transactionId}) → Future<CommitTransactionResponse>

Attempts to commit the specified transaction. Returns an exception if the transaction was previously aborted. This API action is idempotent if called multiple times for the same transaction.

createDataCellsFilter({required DataCellsFilter tableData}) → Future<void>

Creates a data cell filter to allow one to grant access to certain columns on certain rows.

createLakeFormationIdentityCenterConfiguration({String? catalogId, ExternalFilteringConfiguration? externalFiltering, String? instanceArn, List<ServiceIntegrationUnion>? serviceIntegrations, List<DataLakePrincipal>? shareRecipients}) → Future<CreateLakeFormationIdentityCenterConfigurationResponse>

Creates an IAM Identity Center connection with Lake Formation to allow IAM Identity Center users and groups to access Data Catalog resources.

createLakeFormationOptIn({required DataLakePrincipal principal, required Resource resource, Condition? condition}) → Future<void>

Enforce Lake Formation permissions for the given databases, tables, and principals.

createLFTag({required String tagKey, required List<String> tagValues, String? catalogId}) → Future<void>

Creates an LF-tag with the specified name and values.

createLFTagExpression({required List<LFTag> expression, required String name, String? catalogId, String? description}) → Future<void>

Creates a new LF-Tag expression with the provided name, description, catalog ID, and expression body. This call fails if a LF-Tag expression with the same name already exists in the caller’s account or if the underlying LF-Tags don't exist. To call this API operation, caller needs the following Lake Formation permissions:

deleteDataCellsFilter({String? databaseName, String? name, String? tableCatalogId, String? tableName}) → Future<void>

Deletes a data cell filter.

deleteLakeFormationIdentityCenterConfiguration({String? catalogId}) → Future<void>

Deletes an IAM Identity Center connection with Lake Formation.

deleteLakeFormationOptIn({required DataLakePrincipal principal, required Resource resource, Condition? condition}) → Future<void>

Remove the Lake Formation permissions enforcement of the given databases, tables, and principals.

deleteLFTag({required String tagKey, String? catalogId}) → Future<void>

Deletes an LF-tag by its key name. The operation fails if the specified tag key doesn't exist. When you delete an LF-Tag:

deleteLFTagExpression({required String name, String? catalogId}) → Future<void>

Deletes the LF-Tag expression. The caller must be a data lake admin or have DROP permissions on the LF-Tag expression. Deleting a LF-Tag expression will also delete all LFTagPolicy permissions referencing the LF-Tag expression.

deleteObjectsOnCancel({required String databaseName, required List<VirtualObject> objects, required String tableName, required String transactionId, String? catalogId}) → Future<void>

For a specific governed table, provides a list of Amazon S3 objects that will be written during the current transaction and that can be automatically deleted if the transaction is canceled. Without this call, no Amazon S3 objects are automatically deleted when a transaction cancels.

deregisterResource({required String resourceArn}) → Future<void>

Deregisters the resource as managed by the Data Catalog.

describeLakeFormationIdentityCenterConfiguration({String? catalogId}) → Future<DescribeLakeFormationIdentityCenterConfigurationResponse>

Retrieves the instance ARN and application ARN for the connection.

describeResource({required String resourceArn}) → Future<DescribeResourceResponse>

Retrieves the current data access role for the given resource registered in Lake Formation.

describeTransaction({required String transactionId}) → Future<DescribeTransactionResponse>

Returns the details of a single transaction.

extendTransaction({String? transactionId}) → Future<void>

Indicates to the service that the specified transaction is still active and should not be treated as idle and aborted.

getDataCellsFilter({required String databaseName, required String name, required String tableCatalogId, required String tableName}) → Future<GetDataCellsFilterResponse>

Returns a data cells filter.

getDataLakePrincipal() → Future<GetDataLakePrincipalResponse>

Returns the identity of the invoking principal.

getDataLakeSettings({String? catalogId}) → Future<GetDataLakeSettingsResponse>

Retrieves the list of the data lake administrators of a Lake Formation-managed data lake.

getEffectivePermissionsForPath({required String resourceArn, String? catalogId, int? maxResults, String? nextToken}) → Future<GetEffectivePermissionsForPathResponse>

Returns the Lake Formation permissions for a specified table or database resource located at a path in Amazon S3. GetEffectivePermissionsForPath will not return databases and tables if the catalog is encrypted.

getLFTag({required String tagKey, String? catalogId}) → Future<GetLFTagResponse>

Returns an LF-tag definition.

getLFTagExpression({required String name, String? catalogId}) → Future<GetLFTagExpressionResponse>

Returns the details about the LF-Tag expression. The caller must be a data lake admin or must have DESCRIBE permission on the LF-Tag expression resource.

getQueryState({required String queryId}) → Future<GetQueryStateResponse>

Returns the state of a query previously submitted. Clients are expected to poll GetQueryState to monitor the current state of the planning before retrieving the work units. A query state is only visible to the principal that made the initial call to StartQueryPlanning.

getQueryStatistics({required String queryId}) → Future<GetQueryStatisticsResponse>

Retrieves statistics on the planning and execution of a query.

getResourceLFTags({required Resource resource, String? catalogId, bool? showAssignedLFTags}) → Future<GetResourceLFTagsResponse>

Returns the LF-tags applied to a resource.

getTableObjects({required String databaseName, required String tableName, String? catalogId, int? maxResults, String? nextToken, String? partitionPredicate, DateTime? queryAsOfTime, String? transactionId}) → Future<GetTableObjectsResponse>

Returns the set of Amazon S3 objects that make up the specified governed table. A transaction ID or timestamp can be specified for time-travel queries.

getTemporaryDataLocationCredentials({AuditContext? auditContext, CredentialsScope? credentialsScope, List<String>? dataLocations, int? durationSeconds}) → Future<GetTemporaryDataLocationCredentialsResponse>

Allows a user or application in a secure environment to access data in a specific Amazon S3 location registered with Lake Formation by providing temporary scoped credentials that are limited to the requested data location and the caller's authorized access level.

getTemporaryGluePartitionCredentials({required PartitionValueList partition, required String tableArn, AuditContext? auditContext, int? durationSeconds, List<Permission>? permissions, List<PermissionType>? supportedPermissionTypes}) → Future<GetTemporaryGluePartitionCredentialsResponse>

This API is identical to GetTemporaryTableCredentials except that this is used when the target Data Catalog resource is of type Partition. Lake Formation restricts the permission of the vended credentials with the same scope down policy which restricts access to a single Amazon S3 prefix.

getTemporaryGlueTableCredentials({required String tableArn, AuditContext? auditContext, int? durationSeconds, List<Permission>? permissions, QuerySessionContext? querySessionContext, String? s3Path, List<PermissionType>? supportedPermissionTypes}) → Future<GetTemporaryGlueTableCredentialsResponse>

Allows a caller in a secure environment to assume a role with permission to access Amazon S3. In order to vend such credentials, Lake Formation assumes the role associated with a registered location, for example an Amazon S3 bucket, with a scope down policy which restricts the access to a single prefix.

getWorkUnitResults({required String queryId, required int workUnitId, required String workUnitToken}) → Future<GetWorkUnitResultsResponse>

Returns the work units resulting from the query. Work units can be executed in any order and in parallel.

getWorkUnits({required String queryId, String? nextToken, int? pageSize}) → Future<GetWorkUnitsResponse>

Retrieves the work units generated by the StartQueryPlanning operation.

grantPermissions({required List<Permission> permissions, required DataLakePrincipal principal, required Resource resource, String? catalogId, Condition? condition, List<Permission>? permissionsWithGrantOption}) → Future<void>

Grants permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3.

listDataCellsFilter({int? maxResults, String? nextToken, TableResource? table}) → Future<ListDataCellsFilterResponse>

Lists all the data cell filters on a table.

listLakeFormationOptIns({int? maxResults, String? nextToken, DataLakePrincipal? principal, Resource? resource}) → Future<ListLakeFormationOptInsResponse>

Retrieve the current list of resources and principals that are opt in to enforce Lake Formation permissions.

listLFTagExpressions({String? catalogId, int? maxResults, String? nextToken}) → Future<ListLFTagExpressionsResponse>

Returns the LF-Tag expressions in caller’s account filtered based on caller's permissions. Data Lake and read only admins implicitly can see all tag expressions in their account, else caller needs DESCRIBE permissions on tag expression.

listLFTags({String? catalogId, int? maxResults, String? nextToken, ResourceShareType? resourceShareType}) → Future<ListLFTagsResponse>

Lists LF-tags that the requester has permission to view.

listPermissions({String? catalogId, String? includeRelated, int? maxResults, String? nextToken, DataLakePrincipal? principal, Resource? resource, DataLakeResourceType? resourceType}) → Future<ListPermissionsResponse>

Returns a list of the principal permissions on the resource, filtered by the permissions of the caller. For example, if you are granted an ALTER permission, you are able to see only the principal permissions for ALTER.

listResources({List<FilterCondition>? filterConditionList, int? maxResults, String? nextToken}) → Future<ListResourcesResponse>

Lists the resources registered to be managed by the Data Catalog.

listTableStorageOptimizers({required String databaseName, required String tableName, String? catalogId, int? maxResults, String? nextToken, OptimizerType? storageOptimizerType}) → Future<ListTableStorageOptimizersResponse>

Returns the configuration of all storage optimizers associated with a specified table.

listTransactions({String? catalogId, int? maxResults, String? nextToken, TransactionStatusFilter? statusFilter}) → Future<ListTransactionsResponse>

Returns metadata about transactions and their status. To prevent the response from growing indefinitely, only uncommitted transactions and those available for time-travel queries are returned.

noSuchMethod(Invocation invocation) → dynamic

Invoked when a nonexistent method or property is accessed.

inherited

putDataLakeSettings({required DataLakeSettings dataLakeSettings, String? catalogId}) → Future<void>

Sets the list of data lake administrators who have admin privileges on all resources managed by Lake Formation. For more information on admin privileges, see Granting Lake Formation Permissions.

registerResource({required String resourceArn, String? expectedResourceOwnerAccount, bool? hybridAccessEnabled, String? roleArn, bool? useServiceLinkedRole, bool? withFederation, bool? withPrivilegedAccess}) → Future<void>

Registers the resource as managed by the Data Catalog.

removeLFTagsFromResource({required List<LFTagPair> lFTags, required Resource resource, String? catalogId}) → Future<RemoveLFTagsFromResourceResponse>

Removes an LF-tag from the resource. Only database, table, or tableWithColumns resource are allowed. To tag columns, use the column inclusion list in tableWithColumns to specify column input.

revokePermissions({required List<Permission> permissions, required DataLakePrincipal principal, required Resource resource, String? catalogId, Condition? condition, List<Permission>? permissionsWithGrantOption}) → Future<void>

Revokes permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3.

searchDatabasesByLFTags({required List<LFTag> expression, String? catalogId, int? maxResults, String? nextToken}) → Future<SearchDatabasesByLFTagsResponse>

This operation allows a search on DATABASE resources by TagCondition. This operation is used by admins who want to grant user permissions on certain TagConditions. Before making a grant, the admin can use SearchDatabasesByTags to find all resources where the given TagConditions are valid to verify whether the returned resources can be shared.

searchTablesByLFTags({required List<LFTag> expression, String? catalogId, int? maxResults, String? nextToken}) → Future<SearchTablesByLFTagsResponse>

This operation allows a search on TABLE resources by LFTags. This will be used by admins who want to grant user permissions on certain LF-tags. Before making a grant, the admin can use SearchTablesByLFTags to find all resources where the given LFTags are valid to verify whether the returned resources can be shared.

startQueryPlanning({required QueryPlanningContext queryPlanningContext, required String queryString}) → Future<StartQueryPlanningResponse>

Submits a request to process a query statement.

startTransaction({TransactionType? transactionType}) → Future<StartTransactionResponse>

Starts a new transaction and returns its transaction ID. Transaction IDs are opaque objects that you can use to identify a transaction.

toString() → String

A string representation of this object.

inherited

updateDataCellsFilter({required DataCellsFilter tableData}) → Future<void>

Updates a data cell filter.

updateLakeFormationIdentityCenterConfiguration({ApplicationStatus? applicationStatus, String? catalogId, ExternalFilteringConfiguration? externalFiltering, List<ServiceIntegrationUnion>? serviceIntegrations, List<DataLakePrincipal>? shareRecipients}) → Future<void>

Updates the IAM Identity Center connection parameters.

updateLFTag({required String tagKey, String? catalogId, List<String>? tagValuesToAdd, List<String>? tagValuesToDelete}) → Future<void>

Updates the list of possible values for the specified LF-tag key. If the LF-tag does not exist, the operation throws an EntityNotFoundException. The values in the delete key values will be deleted from list of possible values. If any value in the delete key values is attached to a resource, then API errors out with a 400 Exception - "Update not allowed". Untag the attribute before deleting the LF-tag key's value.

updateLFTagExpression({required List<LFTag> expression, required String name, String? catalogId, String? description}) → Future<void>

Updates the name of the LF-Tag expression to the new description and expression body provided. Updating a LF-Tag expression immediately changes the permission boundaries of all existing LFTagPolicy permission grants that reference the given LF-Tag expression.

updateResource({required String resourceArn, required String roleArn, String? expectedResourceOwnerAccount, bool? hybridAccessEnabled, bool? withFederation}) → Future<void>

Updates the data access role used for vending access to the given (registered) resource in Lake Formation.

updateTableObjects({required String databaseName, required String tableName, required List<WriteOperation> writeOperations, String? catalogId, String? transactionId}) → Future<void>

Updates the manifest of Amazon S3 objects that make up the specified governed table.

updateTableStorageOptimizer({required String databaseName, required Map<OptimizerType, Map<String, String>> storageOptimizerConfig, required String tableName, String? catalogId}) → Future<UpdateTableStorageOptimizerResponse>

Updates the configuration of the storage optimizers for a table.

Operators

operator ==(Object other) → bool

The equality operator.

inherited