Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add aws_lakeformation_* tables Closes #2397 #2417

Merged
merged 10 commits into from
Mar 6, 2025
Merged

Add aws_lakeformation_* tables Closes #2397 #2417

merged 10 commits into from
Mar 6, 2025
+1,112 −0

Conversation

ParthaI
Copy link
Contributor

@ParthaI ParthaI commented Feb 17, 2025
edited
Loading

Integration test logs

Logs 
Add passing integration test logs here

Example query results

Results 
> select * from aws_lakeformation_resource where resource_arn = 'arn:aws:s3:::turbot-xxxxxxxxxxxx-us-east-1';
+--------------------------------------------+----------------------------------------------------------------------------------------------------------------------+------------------->
| resource_arn                               | role_arn                                                                                                             | hybrid_access_enab>
+--------------------------------------------+----------------------------------------------------------------------------------------------------------------------+------------------->
| arn:aws:s3:::turbot-xxxxxxxxxxxx-us-east-1 | arn:aws:iam::xxxxxxxxxxxx:role/aws-service-role/lakeformation.amazonaws.com/AWSServiceRoleForLakeFormationDataAccess | false             >
+--------------------------------------------+----------------------------------------------------------------------------------------------------------------------+------------------->

> select * from aws_lakeformation_tag
+--------------+-------------+-----------------------+-------------+-----------+-----------+--------------+--------------------+----------------------------------------------------------------+----------------------------------------------------------------+
| catalog_id   | tag_key     | tag_values            | title       | partition | region    | account_id   | sp_connection_name | sp_ctx                                                         | _ctx                                                           |
+--------------+-------------+-----------------------+-------------+-----------+-----------+--------------+--------------------+----------------------------------------------------------------+----------------------------------------------------------------+
| 632902152528 | Environment | ["Prod","Dev","Test"] | Environment | aws       | us-east-1 | xxxxxxxxxxxx | aws                | {"connection_name":"aws","steampipe":{"sdk_version":"5.10.4"}} | {"connection_name":"aws","steampipe":{"sdk_version":"5.10.4"}} |
+--------------+-------------+-----------------------+-------------+-----------+-----------+--------------+--------------------+----------------------------------------------------------------+----------------------------------------------------------------+

> select
  principal_identifier,
  database_catalog_id,
  database_name,
  table_catalog_id,
  table_database_name,
  table_name,
  table_with_columns_catalog_id,
  table_with_columns_database_name,
  table_with_columns_name,
  lf_tag_catalog_id,
  lf_tag_key,
  data_location_catalog_id,
  data_location_resource_arn
from 
  aws_lakeformation_permission where principal_identifier = 'arn:aws:iam::xxxxxxxxxxxx:role/aws-reserved/sso.amazonaws.com/us-east-2/AWSReservedSSO_SSO-Admin_73c8b60995c61b0f';
+-------------------------------------------------------------------------------------------------------------------+---------------------+--------------------------------------------------------------+------------------+------------------------------------------------>
| principal_identifier                                                                                              | database_catalog_id | database_name                                                | table_catalog_id | table_database_name                            >
+-------------------------------------------------------------------------------------------------------------------+---------------------+--------------------------------------------------------------+------------------+------------------------------------------------>
| arn:aws:iam::xxxxxxxxxxxx:role/aws-reserved/sso.amazonaws.com/us-east-2/AWSReservedSSO_SSO-Admin_73c8b60995c61b0f | xxxxxxxxxxxx        | athenacurcfn_cost_usage_report_log_legacy_exclude_split_cost | <null>           | <null>                                         >
| arn:aws:iam::xxxxxxxxxxxx:role/aws-reserved/sso.amazonaws.com/us-east-2/AWSReservedSSO_SSO-Admin_73c8b60995c61b0f | xxxxxxxxxxxx        | default                                                      | <null>           | <null>                                         >
| arn:aws:iam::xxxxxxxxxxxx:role/aws-reserved/sso.amazonaws.com/us-east-2/AWSReservedSSO_SSO-Admin_73c8b60995c61b0f | <null>              | <null>                                                       | xxxxxxxxxxxx     | athenacurcfn_cost_usage_report_log_legacy_exclu>
| arn:aws:iam::xxxxxxxxxxxx:role/aws-reserved/sso.amazonaws.com/us-east-2/AWSReservedSSO_SSO-Admin_73c8b60995c61b0f | <null>              | <null>                                                       | <null>           | <null>                                         >
+-------------------------------------------------------------------------------------------------------------------+---------------------+--------------------------------------------------------------+------------------+------------------------------------------------>

Time: 6.0s. Rows returned: 0. Rows fetched: 4. Hydrate calls: 0.

Scans:
  1) aws_lakeformation_permission.aws: Time: 5.8s. Fetched: 4. Hydrates: 0. Quals: principal_identifier=arn:aws:iam::xxxxxxxxxxxx:role/aws-reserved/sso.amazonaws.com/us-east-2/AWSReservedSSO_SSO-Admin_73c8b60995c61b0f.

> .cache off
> .cache clear
> select
  principal_identifier,
  database_catalog_id,
  database_name,
  table_catalog_id,
  table_database_name,
  table_name,
  table_with_columns_catalog_id,
  table_with_columns_database_name,
  table_with_columns_name,
  lf_tag_catalog_id,
  lf_tag_key,
  data_location_catalog_id,
  data_location_resource_arn
from 
  aws_lakeformation_permission where principal_identifier = 'arn:aws:iam::xxxxxxxxxxxx:role/aws-reserved/sso.amazonaws.com/us-east-2/AWSReservedSSO_SSO-Admin_73c8b60995c61b0f' and database_name = 'default'
+-------------------------------------------------------------------------------------------------------------------+---------------------+---------------+------------------+---------------------+------------+-------------------------------+---------------------------->
| principal_identifier                                                                                              | database_catalog_id | database_name | table_catalog_id | table_database_name | table_name | table_with_columns_catalog_id | table_with_columns_database>
+-------------------------------------------------------------------------------------------------------------------+---------------------+---------------+------------------+---------------------+------------+-------------------------------+---------------------------->
| arn:aws:iam::xxxxxxxxxxxx:role/aws-reserved/sso.amazonaws.com/us-east-2/AWSReservedSSO_SSO-Admin_73c8b60995c61b0f | xxxxxxxxxxxx        | default       | <null>           | <null>              | <null>     | <null>                        | <null>                     >
+-------------------------------------------------------------------------------------------------------------------+---------------------+---------------+------------------+---------------------+------------+-------------------------------+---------------------------->

Time: 1.4s. Rows returned: 0. Rows fetched: 1. Hydrate calls: 0.

Scans:
  1) aws_lakeformation_permission.aws: Time: 1.1s. Fetched: 1. Hydrates: 0. Quals: database_name=default, principal_identifier=arn:aws:iam::xxxxxxxxxxxx:role/aws-reserved/sso.amazonaws.com/us-east-2/AWSReservedSSO_SSO-Admin_73c8b60995c61b0f.

> select
> select
> select
  principal_identifier,
  database_catalog_id,
  database_name,
  table_catalog_id,
  table_database_name,
  table_name,
  table_with_columns_catalog_id,
  table_with_columns_database_name,
  table_with_columns_name,
  lf_tag_catalog_id,
  lf_tag_key,
  data_location_catalog_id,
  data_location_resource_arn
from 
  aws_lakeformation_permission where principal_identifier = 'arn:aws:iam::xxxxxxxxxxxx:role/aws-reserved/sso.amazonaws.com/us-east-2/AWSReservedSSO_SSO-Admin_73c8b60995c61b0f' and database_catalog_id = 'xxxxxxxxxxxx'
+-------------------------------------------------------------------------------------------------------------------+---------------------+--------------------------------------------------------------+------------------+---------------------+------------+------------->
| principal_identifier                                                                                              | database_catalog_id | database_name                                                | table_catalog_id | table_database_name | table_name | table_with_c>
+-------------------------------------------------------------------------------------------------------------------+---------------------+--------------------------------------------------------------+------------------+---------------------+------------+------------->
| arn:aws:iam::xxxxxxxxxxxx:role/aws-reserved/sso.amazonaws.com/us-east-2/AWSReservedSSO_SSO-Admin_73c8b60995c61b0f | xxxxxxxxxxxx        | athenacurcfn_cost_usage_report_log_legacy_exclude_split_cost | <null>           | <null>              | <null>     | <null>      >
| arn:aws:iam::xxxxxxxxxxxx:role/aws-reserved/sso.amazonaws.com/us-east-2/AWSReservedSSO_SSO-Admin_73c8b60995c61b0f | xxxxxxxxxxxx        | default                                                      | <null>           | <null>              | <null>     | <null>      >
+-------------------------------------------------------------------------------------------------------------------+---------------------+--------------------------------------------------------------+------------------+---------------------+------------+------------->

Time: 1.5s. Rows returned: 0. Rows fetched: 4. Hydrate calls: 0.

Scans:
  1) aws_lakeformation_permission.aws: Time: 1.4s. Fetched: 4. Hydrates: 0. Quals: principal_identifier=arn:aws:iam::xxxxxxxxxxxx:role/aws-reserved/sso.amazonaws.com/us-east-2/AWSReservedSSO_SSO-Admin_73c8b60995c61b0f, database_catalog_id=xxxxxxxxxxxx.

@ParthaI ParthaI requested a review from misraved February 17, 2025 09:37
@ParthaI ParthaI self-assigned this Feb 17, 2025
@ParthaI ParthaI marked this pull request as draft February 17, 2025 09:37
@ParthaI
Copy link
Contributor Author

ParthaI commented Feb 17, 2025

We need to add other tables for the Lakeformation service if required.

@ParthaI ParthaI marked this pull request as ready for review March 4, 2025 16:32
misraved
misraved reviewed Mar 5, 2025
View reviewed changes
Copy link
Contributor

@misraved misraved left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ParthaI please take a look at the review comments. Thanks!!

Also should the tables be defined as aws_lake_formation_* or aws_lakeformation_*?

aws/table_aws_lakeformation_permission.go
Comment on lines +332 to +334
// Error: aws: operation error LakeFormation: ListPermissions, 1 validation error(s) found.
// - missing required field, ListPermissionsInput.Resource.DataLocation.ResourceArn.
// (SQLSTATE HV000
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need these comments?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be helpful to include the actual error in the comments, as it would provide a clear understanding of why the following logic was added and the specific issue it addresses.

@ParthaI
Copy link
Contributor Author

ParthaI commented Mar 5, 2025

Also should the tables be defined as aws_lake_formation_* or aws_lakeformation_*?

@misraved, I have followed the naming convention used in Terraform. Here is the reference for your review: aws_lakeformation_resource.

@cbruno10 cbruno10 requested a review from Copilot March 5, 2025 18:55
Copilot
Copilot AI reviewed Mar 5, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR Overview

This PR introduces three new Steampipe tables to query AWS Lake Formation permissions, resources, and LF-tags. The changes include documentation in markdown for each table, as well as new Go implementations that integrate with the AWS Lake Formation API.

Reviewed Changes

File Description
docs/tables/aws_lakeformation_permission.md Adds documentation for querying Lake Formation permissions
docs/tables/aws_lakeformation_resource.md Adds documentation for querying Lake Formation resources
docs/tables/aws_lakeformation_tag.md Adds documentation for querying Lake Formation LF-tags
aws/table_aws_lakeformation_permission.go Adds new table implementation for Lake Formation permissions
aws/table_aws_lakeformation_tag.go Adds new table implementation for Lake Formation LF-tags
aws/table_aws_lakeformation_resource.go Adds new table implementation for Lake Formation resources
aws/plugin.go Registers the new Lake Formation tables within the plugin

Copilot reviewed 7 out of 7 changed files in this pull request and generated 1 comment.

aws/table_aws_lakeformation_resource.go Outdated
Hydrate: listLakeformationResources,
Tags: map[string]string{"service": "lakeformation", "action": "ListResources"},
},
GetMatrixItemFunc: SupportedRegionMatrix(laekformationv1.EndpointsID),
Copy link
Preview

Copilot AI Mar 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is a typo in the package alias 'laekformationv1'. It should be 'lakeformationv1' to ensure the correct endpoints are used.

Suggested change
GetMatrixItemFunc: SupportedRegionMatrix(laekformationv1.EndpointsID),
GetMatrixItemFunc: SupportedRegionMatrix(lakeformationv1.EndpointsID),

Copilot is powered by AI, so mistakes are possible. Review output carefully before use.

Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
@misraved misraved changed the title Add table aws_lakeformation_resource Closes #2397 Add aws_lakeformation_* tables Closes #2397 Mar 6, 2025
@misraved misraved merged commit 8c5674b into main Mar 6, 2025
1 check passed
@misraved misraved deleted the issue-2397 branch March 6, 2025 08:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@misraved misraved misraved approved these changes

Assignees

@ParthaI ParthaI

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ParthaI @misraved