From dc9b53c67ba47a4e013572c9800903e8815b169d Mon Sep 17 00:00:00 2001 From: Paul Zietsman Date: Wed, 22 Mar 2023 11:59:42 +0200 Subject: [PATCH 1/7] feat: Lake Formation add external data filtering and session tags. --- .changelog/tmp.txt | 7 ++ .../lakeformation/data_lake_settings.go | 64 +++++++++++++++++++ .../data_lake_settings_data_source.go | 17 +++++ .../data_lake_settings_data_source_test.go | 3 + .../lakeformation/data_lake_settings_test.go | 20 +++++- ...formation_data_lake_settings.html.markdown | 3 + ...formation_data_lake_settings.html.markdown | 24 +++++++ 7 files changed, 136 insertions(+), 2 deletions(-) create mode 100644 .changelog/tmp.txt diff --git a/.changelog/tmp.txt b/.changelog/tmp.txt new file mode 100644 index 000000000000..538c24f81631 --- /dev/null +++ b/.changelog/tmp.txt @@ -0,0 +1,7 @@ +```release-note:enhancement +resource/aws_lakeformation_data_lake_settings: Add `allow_external_data_filtering`, `external_data_filtering_allow_list` and `authorized_session_tag_value_list` arguments +``` + +```release-note:enhancement +data-source/aws_lakeformation_data_lake_settings: Add `allow_external_data_filtering`, `external_data_filtering_allow_list` and `authorized_session_tag_value_list` attributes +``` \ No newline at end of file diff --git a/internal/service/lakeformation/data_lake_settings.go b/internal/service/lakeformation/data_lake_settings.go index 739e30c87997..1353a6ddee56 100644 --- a/internal/service/lakeformation/data_lake_settings.go +++ b/internal/service/lakeformation/data_lake_settings.go @@ -105,6 +105,25 @@ func ResourceDataLakeSettings() *schema.Resource { ValidateFunc: verify.ValidAccountID, }, }, + "allow_external_data_filtering": { + Type: schema.TypeBool, + Optional: true, + }, + "external_data_filtering_allow_list": { + Type: schema.TypeSet, + Computed: true, + Optional: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validPrincipal, + }, + }, + "authorized_session_tag_value_list": { + Type: schema.TypeList, + Computed: true, + Optional: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, }, } } @@ -137,6 +156,18 @@ func resourceDataLakeSettingsCreate(ctx context.Context, d *schema.ResourceData, settings.TrustedResourceOwners = flex.ExpandStringList(v.([]interface{})) } + if v, ok := d.GetOk("allow_external_data_filtering"); ok { + settings.AllowExternalDataFiltering = aws.Bool(v.(bool)) + } + + if v, ok := d.GetOk("external_data_filtering_allow_list"); ok { + settings.ExternalDataFilteringAllowList = expandDataLakeSettingsDataFilteringAllowList(v.(*schema.Set)) + } + + if v, ok := d.GetOk("authorized_session_tag_value_list"); ok { + settings.AuthorizedSessionTagValueList = flex.ExpandStringList(v.([]interface{})) + } + input.DataLakeSettings = settings var output *lakeformation.PutDataLakeSettingsOutput @@ -205,6 +236,9 @@ func resourceDataLakeSettingsRead(ctx context.Context, d *schema.ResourceData, m d.Set("create_table_default_permissions", flattenDataLakeSettingsCreateDefaultPermissions(settings.CreateTableDefaultPermissions)) d.Set("admins", flattenDataLakeSettingsAdmins(settings.DataLakeAdmins)) d.Set("trusted_resource_owners", flex.FlattenStringList(settings.TrustedResourceOwners)) + d.Set("allow_external_data_filtering", settings.AllowExternalDataFiltering) + d.Set("external_data_filtering_allow_list", flattenDataLakeSettingsDataFilteringAllowList(settings.ExternalDataFilteringAllowList)) + d.Set("authorized_session_tag_value_list", flex.FlattenStringList(settings.AuthorizedSessionTagValueList)) return diags } @@ -321,3 +355,33 @@ func flattenDataLakeSettingsAdmins(apiObjects []*lakeformation.DataLakePrincipal return tfSlice } + +func expandDataLakeSettingsDataFilteringAllowList(tfSet *schema.Set) []*lakeformation.DataLakePrincipal { + tfSlice := tfSet.List() + apiObjects := make([]*lakeformation.DataLakePrincipal, 0, len(tfSlice)) + + for _, tfItem := range tfSlice { + val, ok := tfItem.(string) + if ok && val != "" { + apiObjects = append(apiObjects, &lakeformation.DataLakePrincipal{ + DataLakePrincipalIdentifier: aws.String(tfItem.(string)), + }) + } + } + + return apiObjects +} + +func flattenDataLakeSettingsDataFilteringAllowList(apiObjects []*lakeformation.DataLakePrincipal) []interface{} { + if apiObjects == nil { + return nil + } + + tfSlice := make([]interface{}, 0, len(apiObjects)) + + for _, apiObject := range apiObjects { + tfSlice = append(tfSlice, *apiObject.DataLakePrincipalIdentifier) + } + + return tfSlice +} diff --git a/internal/service/lakeformation/data_lake_settings_data_source.go b/internal/service/lakeformation/data_lake_settings_data_source.go index 3742965f1b0e..089123ae2343 100644 --- a/internal/service/lakeformation/data_lake_settings_data_source.go +++ b/internal/service/lakeformation/data_lake_settings_data_source.go @@ -70,6 +70,20 @@ func DataSourceDataLakeSettings() *schema.Resource { Computed: true, Elem: &schema.Schema{Type: schema.TypeString}, }, + "allow_external_data_filtering": { + Type: schema.TypeBool, + Optional: true, + }, + "external_data_filtering_allow_list": { + Type: schema.TypeSet, + Computed: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "authorized_session_tag_value_list": { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, }, } } @@ -107,6 +121,9 @@ func dataSourceDataLakeSettingsRead(ctx context.Context, d *schema.ResourceData, d.Set("create_table_default_permissions", flattenDataLakeSettingsCreateDefaultPermissions(settings.CreateTableDefaultPermissions)) d.Set("admins", flattenDataLakeSettingsAdmins(settings.DataLakeAdmins)) d.Set("trusted_resource_owners", flex.FlattenStringList(settings.TrustedResourceOwners)) + d.Set("allow_external_data_filtering", settings.AllowExternalDataFiltering) + d.Set("external_data_filtering_allow_list", flattenDataLakeSettingsDataFilteringAllowList(settings.ExternalDataFilteringAllowList)) + d.Set("authorized_session_tag_value_list", flex.FlattenStringList(settings.AuthorizedSessionTagValueList)) return diags } diff --git a/internal/service/lakeformation/data_lake_settings_data_source_test.go b/internal/service/lakeformation/data_lake_settings_data_source_test.go index 3f2299cf0c30..6d674fe933ab 100644 --- a/internal/service/lakeformation/data_lake_settings_data_source_test.go +++ b/internal/service/lakeformation/data_lake_settings_data_source_test.go @@ -24,6 +24,9 @@ func testAccDataLakeSettingsDataSource_basic(t *testing.T) { resource.TestCheckResourceAttrPair(resourceName, "catalog_id", "data.aws_caller_identity.current", "account_id"), resource.TestCheckResourceAttr(resourceName, "admins.#", "1"), resource.TestCheckResourceAttrPair(resourceName, "admins.0", "data.aws_iam_session_context.current", "issuer_arn"), + resource.TestCheckResourceAttr(resourceName, "allow_external_data_filtering", "false"), + resource.TestCheckResourceAttr(resourceName, "external_data_filtering_allow_list.#", "0"), + resource.TestCheckResourceAttr(resourceName, "authorized_session_tag_value_list.#", "0"), ), }, }, diff --git a/internal/service/lakeformation/data_lake_settings_test.go b/internal/service/lakeformation/data_lake_settings_test.go index bfe908a4825f..e93d9dbd20fc 100644 --- a/internal/service/lakeformation/data_lake_settings_test.go +++ b/internal/service/lakeformation/data_lake_settings_test.go @@ -32,6 +32,19 @@ func testAccDataLakeSettings_basic(t *testing.T) { resource.TestCheckResourceAttrPair(resourceName, "catalog_id", "data.aws_caller_identity.current", "account_id"), resource.TestCheckResourceAttr(resourceName, "admins.#", "1"), resource.TestCheckResourceAttrPair(resourceName, "admins.0", "data.aws_iam_session_context.current", "issuer_arn"), + resource.TestCheckResourceAttr(resourceName, "create_database_default_permissions.#", "1"), + resource.TestCheckResourceAttr(resourceName, "create_database_default_permissions.0.principal", "IAM_ALLOWED_PRINCIPALS"), + resource.TestCheckResourceAttr(resourceName, "create_database_default_permissions.0.permissions.#", "1"), + resource.TestCheckResourceAttr(resourceName, "create_database_default_permissions.0.permissions.0", "ALL"), + resource.TestCheckResourceAttr(resourceName, "create_table_default_permissions.#", "1"), + resource.TestCheckResourceAttr(resourceName, "create_table_default_permissions.0.principal", "IAM_ALLOWED_PRINCIPALS"), + resource.TestCheckResourceAttr(resourceName, "create_table_default_permissions.0.permissions.#", "1"), + resource.TestCheckResourceAttr(resourceName, "create_table_default_permissions.0.permissions.0", "ALL"), + resource.TestCheckResourceAttr(resourceName, "allow_external_data_filtering", "true"), + resource.TestCheckResourceAttr(resourceName, "external_data_filtering_allow_list.#", "1"), + resource.TestCheckResourceAttrPair(resourceName, "external_data_filtering_allow_list.0", "data.aws_caller_identity.current", "account_id"), + resource.TestCheckResourceAttr(resourceName, "authorized_session_tag_value_list.#", "1"), + resource.TestCheckResourceAttr(resourceName, "authorized_session_tag_value_list.0", "engine1"), ), }, }, @@ -161,8 +174,11 @@ resource "aws_lakeformation_data_lake_settings" "test" { permissions = ["ALL"] } - admins = [data.aws_iam_session_context.current.issuer_arn] - trusted_resource_owners = [data.aws_caller_identity.current.account_id] + admins = [data.aws_iam_session_context.current.issuer_arn] + trusted_resource_owners = [data.aws_caller_identity.current.account_id] + allow_external_data_filtering = true + external_data_filtering_allow_list = [data.aws_caller_identity.current.account_id] + authorized_session_tag_value_list = ["engine1"] } ` diff --git a/website/docs/d/lakeformation_data_lake_settings.html.markdown b/website/docs/d/lakeformation_data_lake_settings.html.markdown index bb60ade6b6c6..58a96297cda4 100644 --- a/website/docs/d/lakeformation_data_lake_settings.html.markdown +++ b/website/docs/d/lakeformation_data_lake_settings.html.markdown @@ -32,6 +32,9 @@ In addition to arguments above, the following attributes are exported. * `create_database_default_permissions` - Up to three configuration blocks of principal permissions for default create database permissions. Detailed below. * `create_table_default_permissions` - Up to three configuration blocks of principal permissions for default create table permissions. Detailed below. * `trusted_resource_owners` – List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs). +* `allow_external_data_filtering` - Whether to allow Amazon EMR clusters to access data managed by Lake Formation. +* `external_data_filtering_allow_list` - A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering. +* `authorized_session_tag_value_list` - Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it. ### create_database_default_permissions diff --git a/website/docs/r/lakeformation_data_lake_settings.html.markdown b/website/docs/r/lakeformation_data_lake_settings.html.markdown index 6a6b60e3b9e3..fff4e2fe39cb 100644 --- a/website/docs/r/lakeformation_data_lake_settings.html.markdown +++ b/website/docs/r/lakeformation_data_lake_settings.html.markdown @@ -40,6 +40,27 @@ resource "aws_lakeformation_data_lake_settings" "example" { } ``` +### Enable EMR access to LakeFormation resources +```terraform +resource "aws_lakeformation_data_lake_settings" "example" { + admins = [aws_iam_user.test.arn, aws_iam_role.test.arn] + + create_database_default_permissions { + permissions = ["SELECT", "ALTER", "DROP"] + principal = aws_iam_user.test.arn + } + + create_table_default_permissions { + permissions = ["ALL"] + principal = aws_iam_role.test.arn + } + + allow_external_data_filtering = true + external_data_filtering_allow_list = [data.aws_caller_identity.current.account_id, data.aws_caller_identity.third_party.account_id] + authorized_session_tag_value_list = ["Amazon EMR"] +} +``` + ## Argument Reference The following arguments are optional: @@ -49,6 +70,9 @@ The following arguments are optional: * `create_database_default_permissions` - (Optional) Up to three configuration blocks of principal permissions for default create database permissions. Detailed below. * `create_table_default_permissions` - (Optional) Up to three configuration blocks of principal permissions for default create table permissions. Detailed below. * `trusted_resource_owners` – (Optional) List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs). +* `allow_external_data_filtering` - (Optional) Whether to allow Amazon EMR clusters to access data managed by Lake Formation. +* `external_data_filtering_allow_list` - (Optional) A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering. +* `authorized_session_tag_value_list` - (Optional) Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it. ~> **NOTE:** Although optional, not including `admins`, `create_database_default_permissions`, `create_table_default_permissions`, and/or `trusted_resource_owners` results in the setting being cleared. From 81aeea1045ee1118d4589c008acbd708d7903e3b Mon Sep 17 00:00:00 2001 From: Paul Zietsman Date: Wed, 22 Mar 2023 12:13:23 +0200 Subject: [PATCH 2/7] chore: Update changelog number --- .changelog/{tmp.txt => 30207.txt} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .changelog/{tmp.txt => 30207.txt} (100%) diff --git a/.changelog/tmp.txt b/.changelog/30207.txt similarity index 100% rename from .changelog/tmp.txt rename to .changelog/30207.txt From 16dba5af452f0f1c177b54508c1f6c86e5203322 Mon Sep 17 00:00:00 2001 From: Paul Zietsman Date: Wed, 22 Mar 2023 12:30:56 +0200 Subject: [PATCH 3/7] fix: failing `markdown-lint` action --- website/docs/r/lakeformation_data_lake_settings.html.markdown | 1 + 1 file changed, 1 insertion(+) diff --git a/website/docs/r/lakeformation_data_lake_settings.html.markdown b/website/docs/r/lakeformation_data_lake_settings.html.markdown index fff4e2fe39cb..c550a776f6b9 100644 --- a/website/docs/r/lakeformation_data_lake_settings.html.markdown +++ b/website/docs/r/lakeformation_data_lake_settings.html.markdown @@ -41,6 +41,7 @@ resource "aws_lakeformation_data_lake_settings" "example" { ``` ### Enable EMR access to LakeFormation resources + ```terraform resource "aws_lakeformation_data_lake_settings" "example" { admins = [aws_iam_user.test.arn, aws_iam_role.test.arn] From 69ec03d2c2e47d4ffa9932d6967c1276ee3675d0 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Mon, 17 Apr 2023 08:15:07 -0400 Subject: [PATCH 4/7] r/aws_lakeformation_data_lake_settings: Alphabetize attributes. --- .../lakeformation/data_lake_settings.go | 63 ++++++++++--------- 1 file changed, 32 insertions(+), 31 deletions(-) diff --git a/internal/service/lakeformation/data_lake_settings.go b/internal/service/lakeformation/data_lake_settings.go index f3b0c86fa166..3ed8ffcb9000 100644 --- a/internal/service/lakeformation/data_lake_settings.go +++ b/internal/service/lakeformation/data_lake_settings.go @@ -27,6 +27,7 @@ func ResourceDataLakeSettings() *schema.Resource { UpdateWithoutTimeout: resourceDataLakeSettingsCreate, ReadWithoutTimeout: resourceDataLakeSettingsRead, DeleteWithoutTimeout: resourceDataLakeSettingsDelete, + Importer: &schema.ResourceImporter{ StateContext: schema.ImportStatePassthroughContext, }, @@ -41,6 +42,16 @@ func ResourceDataLakeSettings() *schema.Resource { ValidateFunc: verify.ValidARN, }, }, + "allow_external_data_filtering": { + Type: schema.TypeBool, + Optional: true, + }, + "authorized_session_tag_value_list": { + Type: schema.TypeList, + Computed: true, + Optional: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, "catalog_id": { Type: schema.TypeString, ForceNew: true, @@ -96,19 +107,6 @@ func ResourceDataLakeSettings() *schema.Resource { }, }, }, - "trusted_resource_owners": { - Type: schema.TypeList, - Computed: true, - Optional: true, - Elem: &schema.Schema{ - Type: schema.TypeString, - ValidateFunc: verify.ValidAccountID, - }, - }, - "allow_external_data_filtering": { - Type: schema.TypeBool, - Optional: true, - }, "external_data_filtering_allow_list": { Type: schema.TypeSet, Computed: true, @@ -118,11 +116,14 @@ func ResourceDataLakeSettings() *schema.Resource { ValidateFunc: validPrincipal, }, }, - "authorized_session_tag_value_list": { + "trusted_resource_owners": { Type: schema.TypeList, Computed: true, Optional: true, - Elem: &schema.Schema{Type: schema.TypeString}, + Elem: &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: verify.ValidAccountID, + }, }, }, } @@ -140,32 +141,32 @@ func resourceDataLakeSettingsCreate(ctx context.Context, d *schema.ResourceData, settings := &lakeformation.DataLakeSettings{} - if v, ok := d.GetOk("create_database_default_permissions"); ok { - settings.CreateDatabaseDefaultPermissions = expandDataLakeSettingsCreateDefaultPermissions(v.([]interface{})) + if v, ok := d.GetOk("admins"); ok { + settings.DataLakeAdmins = expandDataLakeSettingsAdmins(v.(*schema.Set)) } - if v, ok := d.GetOk("create_table_default_permissions"); ok { - settings.CreateTableDefaultPermissions = expandDataLakeSettingsCreateDefaultPermissions(v.([]interface{})) + if v, ok := d.GetOk("allow_external_data_filtering"); ok { + settings.AllowExternalDataFiltering = aws.Bool(v.(bool)) } - if v, ok := d.GetOk("admins"); ok { - settings.DataLakeAdmins = expandDataLakeSettingsAdmins(v.(*schema.Set)) + if v, ok := d.GetOk("authorized_session_tag_value_list"); ok { + settings.AuthorizedSessionTagValueList = flex.ExpandStringList(v.([]interface{})) } - if v, ok := d.GetOk("trusted_resource_owners"); ok { - settings.TrustedResourceOwners = flex.ExpandStringList(v.([]interface{})) + if v, ok := d.GetOk("create_database_default_permissions"); ok { + settings.CreateDatabaseDefaultPermissions = expandDataLakeSettingsCreateDefaultPermissions(v.([]interface{})) } - if v, ok := d.GetOk("allow_external_data_filtering"); ok { - settings.AllowExternalDataFiltering = aws.Bool(v.(bool)) + if v, ok := d.GetOk("create_table_default_permissions"); ok { + settings.CreateTableDefaultPermissions = expandDataLakeSettingsCreateDefaultPermissions(v.([]interface{})) } if v, ok := d.GetOk("external_data_filtering_allow_list"); ok { settings.ExternalDataFilteringAllowList = expandDataLakeSettingsDataFilteringAllowList(v.(*schema.Set)) } - if v, ok := d.GetOk("authorized_session_tag_value_list"); ok { - settings.AuthorizedSessionTagValueList = flex.ExpandStringList(v.([]interface{})) + if v, ok := d.GetOk("trusted_resource_owners"); ok { + settings.TrustedResourceOwners = flex.ExpandStringList(v.([]interface{})) } input.DataLakeSettings = settings @@ -232,13 +233,13 @@ func resourceDataLakeSettingsRead(ctx context.Context, d *schema.ResourceData, m settings := output.DataLakeSettings - d.Set("create_database_default_permissions", flattenDataLakeSettingsCreateDefaultPermissions(settings.CreateDatabaseDefaultPermissions)) - d.Set("create_table_default_permissions", flattenDataLakeSettingsCreateDefaultPermissions(settings.CreateTableDefaultPermissions)) d.Set("admins", flattenDataLakeSettingsAdmins(settings.DataLakeAdmins)) - d.Set("trusted_resource_owners", flex.FlattenStringList(settings.TrustedResourceOwners)) d.Set("allow_external_data_filtering", settings.AllowExternalDataFiltering) - d.Set("external_data_filtering_allow_list", flattenDataLakeSettingsDataFilteringAllowList(settings.ExternalDataFilteringAllowList)) d.Set("authorized_session_tag_value_list", flex.FlattenStringList(settings.AuthorizedSessionTagValueList)) + d.Set("create_database_default_permissions", flattenDataLakeSettingsCreateDefaultPermissions(settings.CreateDatabaseDefaultPermissions)) + d.Set("create_table_default_permissions", flattenDataLakeSettingsCreateDefaultPermissions(settings.CreateTableDefaultPermissions)) + d.Set("external_data_filtering_allow_list", flattenDataLakeSettingsDataFilteringAllowList(settings.ExternalDataFilteringAllowList)) + d.Set("trusted_resource_owners", flex.FlattenStringList(settings.TrustedResourceOwners)) return diags } From aea6e39bf22b97aacaa2e3092c84f6f36f580252 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Mon, 17 Apr 2023 08:20:25 -0400 Subject: [PATCH 5/7] r/aws_lakeformation_data_lake_settings: Cosmetics. --- internal/service/lakeformation/data_lake_settings.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/service/lakeformation/data_lake_settings.go b/internal/service/lakeformation/data_lake_settings.go index 3ed8ffcb9000..734eef4a8c6d 100644 --- a/internal/service/lakeformation/data_lake_settings.go +++ b/internal/service/lakeformation/data_lake_settings.go @@ -351,7 +351,7 @@ func flattenDataLakeSettingsAdmins(apiObjects []*lakeformation.DataLakePrincipal tfSlice := make([]interface{}, 0, len(apiObjects)) for _, apiObject := range apiObjects { - tfSlice = append(tfSlice, *apiObject.DataLakePrincipalIdentifier) + tfSlice = append(tfSlice, aws.StringValue(apiObject.DataLakePrincipalIdentifier)) } return tfSlice @@ -381,7 +381,7 @@ func flattenDataLakeSettingsDataFilteringAllowList(apiObjects []*lakeformation.D tfSlice := make([]interface{}, 0, len(apiObjects)) for _, apiObject := range apiObjects { - tfSlice = append(tfSlice, *apiObject.DataLakePrincipalIdentifier) + tfSlice = append(tfSlice, aws.StringValue(apiObject.DataLakePrincipalIdentifier)) } return tfSlice From 1f4986a4a3c01fa24e9f9bb2a8125394b008b27b Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Mon, 17 Apr 2023 08:22:39 -0400 Subject: [PATCH 6/7] d/aws_lakeformation_data_lake_settings: Alphabetize attributes. --- .../data_lake_settings_data_source.go | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/internal/service/lakeformation/data_lake_settings_data_source.go b/internal/service/lakeformation/data_lake_settings_data_source.go index 089123ae2343..92608337d91e 100644 --- a/internal/service/lakeformation/data_lake_settings_data_source.go +++ b/internal/service/lakeformation/data_lake_settings_data_source.go @@ -27,6 +27,15 @@ func DataSourceDataLakeSettings() *schema.Resource { Computed: true, Elem: &schema.Schema{Type: schema.TypeString}, }, + "allow_external_data_filtering": { + Type: schema.TypeBool, + Optional: true, + }, + "authorized_session_tag_value_list": { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, "catalog_id": { Type: schema.TypeString, Optional: true, @@ -65,21 +74,12 @@ func DataSourceDataLakeSettings() *schema.Resource { }, }, }, - "trusted_resource_owners": { - Type: schema.TypeList, - Computed: true, - Elem: &schema.Schema{Type: schema.TypeString}, - }, - "allow_external_data_filtering": { - Type: schema.TypeBool, - Optional: true, - }, "external_data_filtering_allow_list": { Type: schema.TypeSet, Computed: true, Elem: &schema.Schema{Type: schema.TypeString}, }, - "authorized_session_tag_value_list": { + "trusted_resource_owners": { Type: schema.TypeList, Computed: true, Elem: &schema.Schema{Type: schema.TypeString}, @@ -117,13 +117,13 @@ func dataSourceDataLakeSettingsRead(ctx context.Context, d *schema.ResourceData, settings := output.DataLakeSettings - d.Set("create_database_default_permissions", flattenDataLakeSettingsCreateDefaultPermissions(settings.CreateDatabaseDefaultPermissions)) - d.Set("create_table_default_permissions", flattenDataLakeSettingsCreateDefaultPermissions(settings.CreateTableDefaultPermissions)) d.Set("admins", flattenDataLakeSettingsAdmins(settings.DataLakeAdmins)) - d.Set("trusted_resource_owners", flex.FlattenStringList(settings.TrustedResourceOwners)) d.Set("allow_external_data_filtering", settings.AllowExternalDataFiltering) - d.Set("external_data_filtering_allow_list", flattenDataLakeSettingsDataFilteringAllowList(settings.ExternalDataFilteringAllowList)) d.Set("authorized_session_tag_value_list", flex.FlattenStringList(settings.AuthorizedSessionTagValueList)) + d.Set("create_database_default_permissions", flattenDataLakeSettingsCreateDefaultPermissions(settings.CreateDatabaseDefaultPermissions)) + d.Set("create_table_default_permissions", flattenDataLakeSettingsCreateDefaultPermissions(settings.CreateTableDefaultPermissions)) + d.Set("external_data_filtering_allow_list", flattenDataLakeSettingsDataFilteringAllowList(settings.ExternalDataFilteringAllowList)) + d.Set("trusted_resource_owners", flex.FlattenStringList(settings.TrustedResourceOwners)) return diags } From 7fbb4b84dbf317e6e8173081aad71937738416d6 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Mon, 17 Apr 2023 08:23:26 -0400 Subject: [PATCH 7/7] d/aws_lakeformation_data_lake_settings: 'allow_external_data_filtering' is Computed. --- .../service/lakeformation/data_lake_settings_data_source.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/service/lakeformation/data_lake_settings_data_source.go b/internal/service/lakeformation/data_lake_settings_data_source.go index 92608337d91e..3248fd3c5bc4 100644 --- a/internal/service/lakeformation/data_lake_settings_data_source.go +++ b/internal/service/lakeformation/data_lake_settings_data_source.go @@ -29,7 +29,7 @@ func DataSourceDataLakeSettings() *schema.Resource { }, "allow_external_data_filtering": { Type: schema.TypeBool, - Optional: true, + Computed: true, }, "authorized_session_tag_value_list": { Type: schema.TypeList,