software.amazon.awssdk.services.lakeformation.model

Class DataLakeSettings

java.lang.Object

software.amazon.awssdk.services.lakeformation.model.DataLakeSettings

All Implemented Interfaces:

Serializable, SdkPojo, ToCopyableBuilder<DataLakeSettings.Builder,DataLakeSettings>

@Generated(value="software.amazon.awssdk:codegen")
public final class DataLakeSettings
extends Object
implements SdkPojo, Serializable, ToCopyableBuilder<DataLakeSettings.Builder,DataLakeSettings>

A structure representing a list of Lake Formation principals designated as data lake administrators and lists of principal permission entries for default create database and default create table permissions.

See Also:

Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static interface	DataLakeSettings.Builder

Method Summary

Modifier and Type	Method and Description
Boolean	allowExternalDataFiltering() Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
Boolean	allowFullTableExternalDataAccess() Whether to allow a third-party query engine to get data access credentials without session tags when a caller has full data access permissions.
List<String>	authorizedSessionTagValueList() Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
static DataLakeSettings.Builder	builder()
List<PrincipalPermissions>	createDatabaseDefaultPermissions() Specifies whether access control on newly created database is managed by Lake Formation permissions or exclusively by IAM permissions.
List<PrincipalPermissions>	createTableDefaultPermissions() Specifies whether access control on newly created table is managed by Lake Formation permissions or exclusively by IAM permissions.
List<DataLakePrincipal>	dataLakeAdmins() A list of Lake Formation principals.
boolean	equals(Object obj)
boolean	equalsBySdkFields(Object obj)
List<DataLakePrincipal>	externalDataFilteringAllowList() A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.>
<T> Optional<T>	getValueForField(String fieldName, Class<T> clazz)
boolean	hasAuthorizedSessionTagValueList() For responses, this returns true if the service returned a value for the AuthorizedSessionTagValueList property.
boolean	hasCreateDatabaseDefaultPermissions() For responses, this returns true if the service returned a value for the CreateDatabaseDefaultPermissions property.
boolean	hasCreateTableDefaultPermissions() For responses, this returns true if the service returned a value for the CreateTableDefaultPermissions property.
boolean	hasDataLakeAdmins() For responses, this returns true if the service returned a value for the DataLakeAdmins property.
boolean	hasExternalDataFilteringAllowList() For responses, this returns true if the service returned a value for the ExternalDataFilteringAllowList property.
int	hashCode()
boolean	hasParameters() For responses, this returns true if the service returned a value for the Parameters property.
boolean	hasReadOnlyAdmins() For responses, this returns true if the service returned a value for the ReadOnlyAdmins property.
boolean	hasTrustedResourceOwners() For responses, this returns true if the service returned a value for the TrustedResourceOwners property.
Map<String,String>	parameters() A key-value map that provides an additional configuration on your data lake.
List<DataLakePrincipal>	readOnlyAdmins() A list of Lake Formation principals with only view access to the resources, without the ability to make changes.
List<SdkField<?>>	sdkFields()
static Class<? extends DataLakeSettings.Builder>	serializableBuilderClass()
DataLakeSettings.Builder	toBuilder()
String	toString() Returns a string representation of this object.
List<String>	trustedResourceOwners() A list of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.amazon.awssdk.utils.builder.ToCopyableBuilder

copy

Method Detail

hasDataLakeAdmins

public final boolean hasDataLakeAdmins()

For responses, this returns true if the service returned a value for the DataLakeAdmins property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

dataLakeAdmins

public final List<DataLakePrincipal> dataLakeAdmins()

A list of Lake Formation principals. Supported principals are IAM users or IAM roles.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasDataLakeAdmins() method.

Returns:

A list of Lake Formation principals. Supported principals are IAM users or IAM roles.

hasReadOnlyAdmins

public final boolean hasReadOnlyAdmins()

For responses, this returns true if the service returned a value for the ReadOnlyAdmins property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

readOnlyAdmins

public final List<DataLakePrincipal> readOnlyAdmins()

A list of Lake Formation principals with only view access to the resources, without the ability to make changes. Supported principals are IAM users or IAM roles.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasReadOnlyAdmins() method.

Returns:

A list of Lake Formation principals with only view access to the resources, without the ability to make changes. Supported principals are IAM users or IAM roles.

hasCreateDatabaseDefaultPermissions

public final boolean hasCreateDatabaseDefaultPermissions()

For responses, this returns true if the service returned a value for the CreateDatabaseDefaultPermissions property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

createDatabaseDefaultPermissions

public final List<PrincipalPermissions> createDatabaseDefaultPermissions()

Specifies whether access control on newly created database is managed by Lake Formation permissions or exclusively by IAM permissions.

A null value indicates access control by Lake Formation permissions. A value that assigns ALL to IAM_ALLOWED_PRINCIPALS indicates access control by IAM permissions. This is referred to as the setting "Use only IAM access control," and is for backward compatibility with the Glue permission model implemented by IAM permissions.

The only permitted values are an empty array or an array that contains a single JSON object that grants ALL to IAM_ALLOWED_PRINCIPALS.

For more information, see Changing the Default Security Settings for Your Data Lake.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasCreateDatabaseDefaultPermissions() method.

Returns:

Specifies whether access control on newly created database is managed by Lake Formation permissions or exclusively by IAM permissions.

A null value indicates access control by Lake Formation permissions. A value that assigns ALL to IAM_ALLOWED_PRINCIPALS indicates access control by IAM permissions. This is referred to as the setting "Use only IAM access control," and is for backward compatibility with the Glue permission model implemented by IAM permissions.

The only permitted values are an empty array or an array that contains a single JSON object that grants ALL to IAM_ALLOWED_PRINCIPALS.

For more information, see Changing the Default Security Settings for Your Data Lake.

hasCreateTableDefaultPermissions

public final boolean hasCreateTableDefaultPermissions()

For responses, this returns true if the service returned a value for the CreateTableDefaultPermissions property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

createTableDefaultPermissions

public final List<PrincipalPermissions> createTableDefaultPermissions()

Specifies whether access control on newly created table is managed by Lake Formation permissions or exclusively by IAM permissions.

A null value indicates access control by Lake Formation permissions. A value that assigns ALL to IAM_ALLOWED_PRINCIPALS indicates access control by IAM permissions. This is referred to as the setting "Use only IAM access control," and is for backward compatibility with the Glue permission model implemented by IAM permissions.

The only permitted values are an empty array or an array that contains a single JSON object that grants ALL to IAM_ALLOWED_PRINCIPALS.

For more information, see Changing the Default Security Settings for Your Data Lake.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasCreateTableDefaultPermissions() method.

Returns:

Specifies whether access control on newly created table is managed by Lake Formation permissions or exclusively by IAM permissions.

A null value indicates access control by Lake Formation permissions. A value that assigns ALL to IAM_ALLOWED_PRINCIPALS indicates access control by IAM permissions. This is referred to as the setting "Use only IAM access control," and is for backward compatibility with the Glue permission model implemented by IAM permissions.

The only permitted values are an empty array or an array that contains a single JSON object that grants ALL to IAM_ALLOWED_PRINCIPALS.

For more information, see Changing the Default Security Settings for Your Data Lake.

hasParameters

public final boolean hasParameters()

For responses, this returns true if the service returned a value for the Parameters property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

parameters

public final Map<String,String> parameters()

A key-value map that provides an additional configuration on your data lake. CrossAccountVersion is the key you can configure in the Parameters field. Accepted values for the CrossAccountVersion key are 1, 2, and 3.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasParameters() method.

Returns:

A key-value map that provides an additional configuration on your data lake. CrossAccountVersion is the key you can configure in the Parameters field. Accepted values for the CrossAccountVersion key are 1, 2, and 3.

hasTrustedResourceOwners

public final boolean hasTrustedResourceOwners()

For responses, this returns true if the service returned a value for the TrustedResourceOwners property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

trustedResourceOwners

public final List<String> trustedResourceOwners()

A list of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs). The user ARNs can be logged in the resource owner's CloudTrail log.

You may want to specify this property when you are in a high-trust boundary, such as the same team or company.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasTrustedResourceOwners() method.

Returns:

A list of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs). The user ARNs can be logged in the resource owner's CloudTrail log.

You may want to specify this property when you are in a high-trust boundary, such as the same team or company.

allowExternalDataFiltering

public final Boolean allowExternalDataFiltering()

Whether to allow Amazon EMR clusters to access data managed by Lake Formation.

If true, you allow Amazon EMR clusters to access data in Amazon S3 locations that are registered with Lake Formation.

If false or null, no Amazon EMR clusters will be able to access data in Amazon S3 locations that are registered with Lake Formation.

For more information, see (Optional) Allow external data filtering.

Returns:

Whether to allow Amazon EMR clusters to access data managed by Lake Formation.

If true, you allow Amazon EMR clusters to access data in Amazon S3 locations that are registered with Lake Formation.

If false or null, no Amazon EMR clusters will be able to access data in Amazon S3 locations that are registered with Lake Formation.

For more information, see (Optional) Allow external data filtering.

allowFullTableExternalDataAccess

public final Boolean allowFullTableExternalDataAccess()

Whether to allow a third-party query engine to get data access credentials without session tags when a caller has full data access permissions.

Returns:

Whether to allow a third-party query engine to get data access credentials without session tags when a caller has full data access permissions.

hasExternalDataFilteringAllowList

public final boolean hasExternalDataFilteringAllowList()

For responses, this returns true if the service returned a value for the ExternalDataFilteringAllowList property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

externalDataFilteringAllowList

public final List<DataLakePrincipal> externalDataFilteringAllowList()

A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.>

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasExternalDataFilteringAllowList() method.

Returns:

A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.>

hasAuthorizedSessionTagValueList

public final boolean hasAuthorizedSessionTagValueList()

For responses, this returns true if the service returned a value for the AuthorizedSessionTagValueList property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

authorizedSessionTagValueList

public final List<String> authorizedSessionTagValueList()

Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it. Lake Formation will publish the acceptable key-value pair, for example key = "LakeFormationTrustedCaller" and value = "TRUE" and the third party integrator must properly tag the temporary security credentials that will be used to call Lake Formation's administrative APIs.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasAuthorizedSessionTagValueList() method.

Returns:

Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it. Lake Formation will publish the acceptable key-value pair, for example key = "LakeFormationTrustedCaller" and value = "TRUE" and the third party integrator must properly tag the temporary security credentials that will be used to call Lake Formation's administrative APIs.

toBuilder

public DataLakeSettings.Builder toBuilder()

Specified by:

toBuilder in interface ToCopyableBuilder<DataLakeSettings.Builder,DataLakeSettings>

builder

public static DataLakeSettings.Builder builder()

serializableBuilderClass

public static Class<? extends DataLakeSettings.Builder> serializableBuilderClass()

hashCode

public final int hashCode()

Overrides:

hashCode in class Object

equals

public final boolean equals(Object obj)

Overrides:

equals in class Object

equalsBySdkFields

public final boolean equalsBySdkFields(Object obj)

Specified by:

equalsBySdkFields in interface SdkPojo

toString

public final String toString()

Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be redacted from this string using a placeholder value.

Overrides:

toString in class Object

getValueForField

public final <T> Optional<T> getValueForField(String fieldName,
                                              Class<T> clazz)

sdkFields

public final List<SdkField<?>> sdkFields()

Specified by:

sdkFields in interface SdkPojo