feat(client-glue): Introduce Catalog Encryption Role within Glue Data…

… Catalog Settings. Introduce SASL/PLAIN as an authentication method for Glue Kafka connections
aws · Feb 5, 2024 · 8df187d · 8df187d
1 parent 29d33ec
commit 8df187d
Show file tree

Hide file tree

Showing 5 changed files with 64 additions and 4 deletions.
diff --git a/clients/client-glue/src/commands/GetDataCatalogEncryptionSettingsCommand.ts b/clients/client-glue/src/commands/GetDataCatalogEncryptionSettingsCommand.ts
@@ -48,8 +48,9 @@ export interface GetDataCatalogEncryptionSettingsCommandOutput
  * // { // GetDataCatalogEncryptionSettingsResponse
  * //   DataCatalogEncryptionSettings: { // DataCatalogEncryptionSettings
  * //     EncryptionAtRest: { // EncryptionAtRest
- * //       CatalogEncryptionMode: "DISABLED" || "SSE-KMS", // required
+ * //       CatalogEncryptionMode: "DISABLED" || "SSE-KMS" || "SSE-KMS-WITH-SERVICE-ROLE", // required
  * //       SseAwsKmsKeyId: "STRING_VALUE",
+ * //       CatalogEncryptionServiceRole: "STRING_VALUE",
  * //     },
  * //     ConnectionPasswordEncryption: { // ConnectionPasswordEncryption
  * //       ReturnConnectionPasswordEncrypted: true || false, // required

diff --git a/clients/client-glue/src/commands/PutDataCatalogEncryptionSettingsCommand.ts b/clients/client-glue/src/commands/PutDataCatalogEncryptionSettingsCommand.ts
@@ -45,8 +45,9 @@ export interface PutDataCatalogEncryptionSettingsCommandOutput
  *   CatalogId: "STRING_VALUE",
  *   DataCatalogEncryptionSettings: { // DataCatalogEncryptionSettings
  *     EncryptionAtRest: { // EncryptionAtRest
- *       CatalogEncryptionMode: "DISABLED" || "SSE-KMS", // required
+ *       CatalogEncryptionMode: "DISABLED" || "SSE-KMS" || "SSE-KMS-WITH-SERVICE-ROLE", // required
  *       SseAwsKmsKeyId: "STRING_VALUE",
+ *       CatalogEncryptionServiceRole: "STRING_VALUE",
  *     },
  *     ConnectionPasswordEncryption: { // ConnectionPasswordEncryption
  *       ReturnConnectionPasswordEncrypted: true || false, // required

diff --git a/clients/client-glue/src/models/models_0.ts b/clients/client-glue/src/models/models_0.ts
@@ -8943,6 +8943,7 @@ export const ConnectionPropertyKey = {
   CUSTOM_JDBC_CERT_STRING: "CUSTOM_JDBC_CERT_STRING",
   ENCRYPTED_KAFKA_CLIENT_KEYSTORE_PASSWORD: "ENCRYPTED_KAFKA_CLIENT_KEYSTORE_PASSWORD",
   ENCRYPTED_KAFKA_CLIENT_KEY_PASSWORD: "ENCRYPTED_KAFKA_CLIENT_KEY_PASSWORD",
+  ENCRYPTED_KAFKA_SASL_PLAIN_PASSWORD: "ENCRYPTED_KAFKA_SASL_PLAIN_PASSWORD",
   ENCRYPTED_KAFKA_SASL_SCRAM_PASSWORD: "ENCRYPTED_KAFKA_SASL_SCRAM_PASSWORD",
   ENCRYPTED_PASSWORD: "ENCRYPTED_PASSWORD",
   HOST: "HOST",
@@ -8963,6 +8964,8 @@ export const ConnectionPropertyKey = {
   KAFKA_SASL_GSSAPI_PRINCIPAL: "KAFKA_SASL_GSSAPI_PRINCIPAL",
   KAFKA_SASL_GSSAPI_SERVICE: "KAFKA_SASL_GSSAPI_SERVICE",
   KAFKA_SASL_MECHANISM: "KAFKA_SASL_MECHANISM",
+  KAFKA_SASL_PLAIN_PASSWORD: "KAFKA_SASL_PLAIN_PASSWORD",
+  KAFKA_SASL_PLAIN_USERNAME: "KAFKA_SASL_PLAIN_USERNAME",
   KAFKA_SASL_SCRAM_PASSWORD: "KAFKA_SASL_SCRAM_PASSWORD",
   KAFKA_SASL_SCRAM_SECRETS_ARN: "KAFKA_SASL_SCRAM_SECRETS_ARN",
   KAFKA_SASL_SCRAM_USERNAME: "KAFKA_SASL_SCRAM_USERNAME",

diff --git a/clients/client-glue/src/models/models_1.ts b/clients/client-glue/src/models/models_1.ts
@@ -4693,7 +4693,19 @@ export interface Connection {
    *             </li>
    *             <li>
    *                <p>
-   *                   <code>KAFKA_SASL_MECHANISM</code> - <code>"SCRAM-SHA-512"</code>, <code>"GSSAPI"</code>, or <code>"AWS_MSK_IAM"</code>. These are the supported <a href="https://www.iana.org/assignments/sasl-mechanisms/sasl-mechanisms.xhtml">SASL Mechanisms</a>.</p>
+   *                   <code>KAFKA_SASL_MECHANISM</code> - <code>"SCRAM-SHA-512"</code>, <code>"GSSAPI"</code>, <code>"AWS_MSK_IAM"</code>, or <code>"PLAIN"</code>. These are the supported <a href="https://www.iana.org/assignments/sasl-mechanisms/sasl-mechanisms.xhtml">SASL Mechanisms</a>.</p>
+   *             </li>
+   *             <li>
+   *                <p>
+   *                   <code>KAFKA_SASL_PLAIN_USERNAME</code> - A plaintext username used to authenticate with the "PLAIN" mechanism.</p>
+   *             </li>
+   *             <li>
+   *                <p>
+   *                   <code>KAFKA_SASL_PLAIN_PASSWORD</code> - A plaintext password used to authenticate with the "PLAIN" mechanism.</p>
+   *             </li>
+   *             <li>
+   *                <p>
+   *                   <code>ENCRYPTED_KAFKA_SASL_PLAIN_PASSWORD</code> - The encrypted version of the Kafka SASL PLAIN password (if the user has the Glue encrypt passwords setting selected).</p>
    *             </li>
    *             <li>
    *                <p>
@@ -5249,6 +5261,7 @@ export interface ConnectionPasswordEncryption {
 export const CatalogEncryptionMode = {
   DISABLED: "DISABLED",
   SSEKMS: "SSE-KMS",
+  SSEKMSWITHSERVICEROLE: "SSE-KMS-WITH-SERVICE-ROLE",
 } as const;
 
 /**
@@ -5272,6 +5285,12 @@ export interface EncryptionAtRest {
    * <p>The ID of the KMS key to use for encryption at rest.</p>
    */
   SseAwsKmsKeyId?: string;
+
+  /**
+   * @public
+   * <p>The role that Glue assumes to encrypt and decrypt the Data Catalog objects on the caller's behalf.</p>
+   */
+  CatalogEncryptionServiceRole?: string;
 }
 
 /**