@aws-cdk/aws-redshift-alpha
Version:
The CDK Construct Library for AWS::Redshift
67 lines • 10.4 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.UserTablePrivileges = void 0;
const cdk = require("aws-cdk-lib/core");
const constructs_1 = require("constructs");
const table_1 = require("../table");
const database_query_1 = require("./database-query");
const handler_name_1 = require("./database-query-provider/handler-name");
/**
* Privileges granted to a Redshift user on Redshift tables.
*
* This construct is located in the `private` directory to ensure that it is not exported for direct public use. This
* means that user privileges must be managed through the `Table.grant` method or the `User.addTablePrivileges`
* method. Thus, each `User` will have at most one `UserTablePrivileges` construct to manage its privileges. For details
* on why this is a Good Thing, see the README, under "Granting Privileges".
*/
class UserTablePrivileges extends constructs_1.Construct {
constructor(scope, id, props) {
super(scope, id);
this.privileges = props.privileges ?? [];
new database_query_1.DatabaseQuery(this, 'Resource', {
...props,
handler: handler_name_1.HandlerName.UserTablePrivileges,
properties: {
username: props.user.username,
tablePrivileges: cdk.Lazy.any({
produce: () => Object.entries(groupPrivilegesByTable(this.privileges))
.map(([tableId, tablePrivileges]) => ({
tableId,
// The first element always exists since the groupBy element is at least a singleton.
tableName: tablePrivileges[0].table.tableName,
actions: unifyTableActions(tablePrivileges).map(action => table_1.TableAction[action]),
})),
}),
},
});
}
/**
* Grant this user additional privileges.
*/
addPrivileges(table, ...actions) {
this.privileges.push({ table, actions });
}
}
exports.UserTablePrivileges = UserTablePrivileges;
const unifyTableActions = (tablePrivileges) => {
const set = new Set(tablePrivileges.flatMap(x => x.actions));
if (set.has(table_1.TableAction.ALL)) {
return [table_1.TableAction.ALL];
}
if (set.has(table_1.TableAction.UPDATE) || set.has(table_1.TableAction.DELETE)) {
set.add(table_1.TableAction.SELECT);
}
return [...set];
};
const groupPrivilegesByTable = (privileges) => {
return privileges.reduce((grouped, privilege) => {
const { table } = privilege;
const tableId = table.node.id;
const tablePrivileges = grouped[tableId] ?? [];
return {
...grouped,
[tableId]: [...tablePrivileges, privilege],
};
}, {});
};
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicHJpdmlsZWdlcy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbInByaXZpbGVnZXMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsd0NBQXdDO0FBQ3hDLDJDQUF1QztBQUV2QyxvQ0FBK0M7QUFFL0MscURBQWlEO0FBQ2pELHlFQUFxRTtBQW1DckU7Ozs7Ozs7R0FPRztBQUNILE1BQWEsbUJBQW9CLFNBQVEsc0JBQVM7SUFHaEQsWUFBWSxLQUFnQixFQUFFLEVBQVUsRUFBRSxLQUErQjtRQUN2RSxLQUFLLENBQUMsS0FBSyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBRWpCLElBQUksQ0FBQyxVQUFVLEdBQUcsS0FBSyxDQUFDLFVBQVUsSUFBSSxFQUFFLENBQUM7UUFFekMsSUFBSSw4QkFBYSxDQUFrQyxJQUFJLEVBQUUsVUFBVSxFQUFFO1lBQ25FLEdBQUcsS0FBSztZQUNSLE9BQU8sRUFBRSwwQkFBVyxDQUFDLG1CQUFtQjtZQUN4QyxVQUFVLEVBQUU7Z0JBQ1YsUUFBUSxFQUFFLEtBQUssQ0FBQyxJQUFJLENBQUMsUUFBUTtnQkFDN0IsZUFBZSxFQUFFLEdBQUcsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDO29CQUM1QixPQUFPLEVBQUUsR0FBRyxFQUFFLENBQ1osTUFBTSxDQUFDLE9BQU8sQ0FBQyxzQkFBc0IsQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLENBQUM7eUJBQ3BELEdBQUcsQ0FBQyxDQUFDLENBQUMsT0FBTyxFQUFFLGVBQWUsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDO3dCQUNwQyxPQUFPO3dCQUNQLHFGQUFxRjt3QkFDckYsU0FBUyxFQUFFLGVBQWUsQ0FBQyxDQUFDLENBQUUsQ0FBQyxLQUFLLENBQUMsU0FBUzt3QkFDOUMsT0FBTyxFQUFFLGlCQUFpQixDQUFDLGVBQWUsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsRUFBRSxDQUFDLG1CQUFXLENBQUMsTUFBTSxDQUFDLENBQUM7cUJBQy9FLENBQUMsQ0FBQztpQkFDUixDQUFRO2FBQ1Y7U0FDRixDQUFDLENBQUM7S0FDSjtJQUVEOztPQUVHO0lBQ0gsYUFBYSxDQUFDLEtBQWEsRUFBRSxHQUFHLE9BQXNCO1FBQ3BELElBQUksQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLEVBQUUsS0FBSyxFQUFFLE9BQU8sRUFBRSxDQUFDLENBQUM7S0FDMUM7Q0FDRjtBQWpDRCxrREFpQ0M7QUFFRCxNQUFNLGlCQUFpQixHQUFHLENBQUMsZUFBaUMsRUFBaUIsRUFBRTtJQUM3RSxNQUFNLEdBQUcsR0FBRyxJQUFJLEdBQUcsQ0FBYyxlQUFlLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUM7SUFFMUUsSUFBSSxHQUFHLENBQUMsR0FBRyxDQUFDLG1CQUFXLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQztRQUM3QixPQUFPLENBQUMsbUJBQVcsQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUMzQixDQUFDO0lBRUQsSUFBSSxHQUFHLENBQUMsR0FBRyxDQUFDLG1CQUFXLENBQUMsTUFBTSxDQUFDLElBQUksR0FBRyxDQUFDLEdBQUcsQ0FBQyxtQkFBVyxDQUFDLE1BQU0sQ0FBQyxFQUFFLENBQUM7UUFDL0QsR0FBRyxDQUFDLEdBQUcsQ0FBQyxtQkFBVyxDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBQzlCLENBQUM7SUFFRCxPQUFPLENBQUMsR0FBRyxHQUFHLENBQUMsQ0FBQztBQUNsQixDQUFDLENBQUM7QUFFRixNQUFNLHNCQUFzQixHQUFHLENBQUMsVUFBNEIsRUFBb0MsRUFBRTtJQUNoRyxPQUFPLFVBQVUsQ0FBQyxNQUFNLENBQUMsQ0FBQyxPQUFPLEVBQUUsU0FBUyxFQUFFLEVBQUU7UUFDOUMsTUFBTSxFQUFFLEtBQUssRUFBRSxHQUFHLFNBQVMsQ0FBQztRQUM1QixNQUFNLE9BQU8sR0FBRyxLQUFLLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQztRQUM5QixNQUFNLGVBQWUsR0FBRyxPQUFPLENBQUMsT0FBTyxDQUFDLElBQUksRUFBRSxDQUFDO1FBQy9DLE9BQU87WUFDTCxHQUFHLE9BQU87WUFDVixDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUMsR0FBRyxlQUFlLEVBQUUsU0FBUyxDQUFDO1NBQzNDLENBQUM7SUFDSixDQUFDLEVBQUUsRUFBc0MsQ0FBQyxDQUFDO0FBQzdDLENBQUMsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCAqIGFzIGNkayBmcm9tICdhd3MtY2RrLWxpYi9jb3JlJztcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gJ2NvbnN0cnVjdHMnO1xuaW1wb3J0IHsgRGF0YWJhc2VPcHRpb25zIH0gZnJvbSAnLi4vZGF0YWJhc2Utb3B0aW9ucyc7XG5pbXBvcnQgeyBJVGFibGUsIFRhYmxlQWN0aW9uIH0gZnJvbSAnLi4vdGFibGUnO1xuaW1wb3J0IHsgSVVzZXIgfSBmcm9tICcuLi91c2VyJztcbmltcG9ydCB7IERhdGFiYXNlUXVlcnkgfSBmcm9tICcuL2RhdGFiYXNlLXF1ZXJ5JztcbmltcG9ydCB7IEhhbmRsZXJOYW1lIH0gZnJvbSAnLi9kYXRhYmFzZS1xdWVyeS1wcm92aWRlci9oYW5kbGVyLW5hbWUnO1xuaW1wb3J0IHsgVXNlclRhYmxlUHJpdmlsZWdlc0hhbmRsZXJQcm9wcyB9IGZyb20gJy4vaGFuZGxlci1wcm9wcyc7XG5cbi8qKlxuICogVGhlIFJlZHNoaWZ0IHRhYmxlIGFuZCBhY3Rpb24gdGhhdCBtYWtlIHVwIGEgcHJpdmlsZWdlIHRoYXQgY2FuIGJlIGdyYW50ZWQgdG8gYSBSZWRzaGlmdCB1c2VyLlxuICovXG5leHBvcnQgaW50ZXJmYWNlIFRhYmxlUHJpdmlsZWdlIHtcbiAgLyoqXG4gICAqIFRoZSB0YWJsZSBvbiB3aGljaCBwcml2aWxlZ2VzIHdpbGwgYmUgZ3JhbnRlZC5cbiAgICovXG4gIHJlYWRvbmx5IHRhYmxlOiBJVGFibGU7XG5cbiAgLyoqXG4gICAqIFRoZSBhY3Rpb25zIHRoYXQgd2lsbCBiZSBncmFudGVkLlxuICAgKi9cbiAgcmVhZG9ubHkgYWN0aW9uczogVGFibGVBY3Rpb25bXTtcbn1cblxuLyoqXG4gKiBQcm9wZXJ0aWVzIGZvciBzcGVjaWZ5aW5nIHByaXZpbGVnZXMgZ3JhbnRlZCB0byBhIFJlZHNoaWZ0IHVzZXIgb24gUmVkc2hpZnQgdGFibGVzLlxuICovXG5leHBvcnQgaW50ZXJmYWNlIFVzZXJUYWJsZVByaXZpbGVnZXNQcm9wcyBleHRlbmRzIERhdGFiYXNlT3B0aW9ucyB7XG4gIC8qKlxuICAgKiBUaGUgdXNlciB0byB3aGljaCBwcml2aWxlZ2VzIHdpbGwgYmUgZ3JhbnRlZC5cbiAgICovXG4gIHJlYWRvbmx5IHVzZXI6IElVc2VyO1xuXG4gIC8qKlxuICAgKiBUaGUgcHJpdmlsZWdlcyB0byBiZSBncmFudGVkLlxuICAgKlxuICAgKiBAZGVmYXVsdCBbXSAtIHVzZSBgYWRkUHJpdmlsZWdlc2AgdG8gZ3JhbnQgcHJpdmlsZWdlcyBhZnRlciBjb25zdHJ1Y3Rpb25cbiAgICovXG4gIHJlYWRvbmx5IHByaXZpbGVnZXM/OiBUYWJsZVByaXZpbGVnZVtdO1xufVxuXG4vKipcbiAqIFByaXZpbGVnZXMgZ3JhbnRlZCB0byBhIFJlZHNoaWZ0IHVzZXIgb24gUmVkc2hpZnQgdGFibGVzLlxuICpcbiAqIFRoaXMgY29uc3RydWN0IGlzIGxvY2F0ZWQgaW4gdGhlIGBwcml2YXRlYCBkaXJlY3RvcnkgdG8gZW5zdXJlIHRoYXQgaXQgaXMgbm90IGV4cG9ydGVkIGZvciBkaXJlY3QgcHVibGljIHVzZS4gVGhpc1xuICogbWVhbnMgdGhhdCB1c2VyIHByaXZpbGVnZXMgbXVzdCBiZSBtYW5hZ2VkIHRocm91Z2ggdGhlIGBUYWJsZS5ncmFudGAgbWV0aG9kIG9yIHRoZSBgVXNlci5hZGRUYWJsZVByaXZpbGVnZXNgXG4gKiBtZXRob2QuIFRodXMsIGVhY2ggYFVzZXJgIHdpbGwgaGF2ZSBhdCBtb3N0IG9uZSBgVXNlclRhYmxlUHJpdmlsZWdlc2AgY29uc3RydWN0IHRvIG1hbmFnZSBpdHMgcHJpdmlsZWdlcy4gRm9yIGRldGFpbHNcbiAqIG9uIHdoeSB0aGlzIGlzIGEgR29vZCBUaGluZywgc2VlIHRoZSBSRUFETUUsIHVuZGVyIFwiR3JhbnRpbmcgUHJpdmlsZWdlc1wiLlxuICovXG5leHBvcnQgY2xhc3MgVXNlclRhYmxlUHJpdmlsZWdlcyBleHRlbmRzIENvbnN0cnVjdCB7XG4gIHByaXZhdGUgcHJpdmlsZWdlczogVGFibGVQcml2aWxlZ2VbXTtcblxuICBjb25zdHJ1Y3RvcihzY29wZTogQ29uc3RydWN0LCBpZDogc3RyaW5nLCBwcm9wczogVXNlclRhYmxlUHJpdmlsZWdlc1Byb3BzKSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkKTtcblxuICAgIHRoaXMucHJpdmlsZWdlcyA9IHByb3BzLnByaXZpbGVnZXMgPz8gW107XG5cbiAgICBuZXcgRGF0YWJhc2VRdWVyeTxVc2VyVGFibGVQcml2aWxlZ2VzSGFuZGxlclByb3BzPih0aGlzLCAnUmVzb3VyY2UnLCB7XG4gICAgICAuLi5wcm9wcyxcbiAgICAgIGhhbmRsZXI6IEhhbmRsZXJOYW1lLlVzZXJUYWJsZVByaXZpbGVnZXMsXG4gICAgICBwcm9wZXJ0aWVzOiB7XG4gICAgICAgIHVzZXJuYW1lOiBwcm9wcy51c2VyLnVzZXJuYW1lLFxuICAgICAgICB0YWJsZVByaXZpbGVnZXM6IGNkay5MYXp5LmFueSh7XG4gICAgICAgICAgcHJvZHVjZTogKCkgPT5cbiAgICAgICAgICAgIE9iamVjdC5lbnRyaWVzKGdyb3VwUHJpdmlsZWdlc0J5VGFibGUodGhpcy5wcml2aWxlZ2VzKSlcbiAgICAgICAgICAgICAgLm1hcCgoW3RhYmxlSWQsIHRhYmxlUHJpdmlsZWdlc10pID0+ICh7XG4gICAgICAgICAgICAgICAgdGFibGVJZCxcbiAgICAgICAgICAgICAgICAvLyBUaGUgZmlyc3QgZWxlbWVudCBhbHdheXMgZXhpc3RzIHNpbmNlIHRoZSBncm91cEJ5IGVsZW1lbnQgaXMgYXQgbGVhc3QgYSBzaW5nbGV0b24uXG4gICAgICAgICAgICAgICAgdGFibGVOYW1lOiB0YWJsZVByaXZpbGVnZXNbMF0hLnRhYmxlLnRhYmxlTmFtZSxcbiAgICAgICAgICAgICAgICBhY3Rpb25zOiB1bmlmeVRhYmxlQWN0aW9ucyh0YWJsZVByaXZpbGVnZXMpLm1hcChhY3Rpb24gPT4gVGFibGVBY3Rpb25bYWN0aW9uXSksXG4gICAgICAgICAgICAgIH0pKSxcbiAgICAgICAgfSkgYXMgYW55LFxuICAgICAgfSxcbiAgICB9KTtcbiAgfVxuXG4gIC8qKlxuICAgKiBHcmFudCB0aGlzIHVzZXIgYWRkaXRpb25hbCBwcml2aWxlZ2VzLlxuICAgKi9cbiAgYWRkUHJpdmlsZWdlcyh0YWJsZTogSVRhYmxlLCAuLi5hY3Rpb25zOiBUYWJsZUFjdGlvbltdKTogdm9pZCB7XG4gICAgdGhpcy5wcml2aWxlZ2VzLnB1c2goeyB0YWJsZSwgYWN0aW9ucyB9KTtcbiAgfVxufVxuXG5jb25zdCB1bmlmeVRhYmxlQWN0aW9ucyA9ICh0YWJsZVByaXZpbGVnZXM6IFRhYmxlUHJpdmlsZWdlW10pOiBUYWJsZUFjdGlvbltdID0+IHtcbiAgY29uc3Qgc2V0ID0gbmV3IFNldDxUYWJsZUFjdGlvbj4odGFibGVQcml2aWxlZ2VzLmZsYXRNYXAoeCA9PiB4LmFjdGlvbnMpKTtcblxuICBpZiAoc2V0LmhhcyhUYWJsZUFjdGlvbi5BTEwpKSB7XG4gICAgcmV0dXJuIFtUYWJsZUFjdGlvbi5BTExdO1xuICB9XG5cbiAgaWYgKHNldC5oYXMoVGFibGVBY3Rpb24uVVBEQVRFKSB8fCBzZXQuaGFzKFRhYmxlQWN0aW9uLkRFTEVURSkpIHtcbiAgICBzZXQuYWRkKFRhYmxlQWN0aW9uLlNFTEVDVCk7XG4gIH1cblxuICByZXR1cm4gWy4uLnNldF07XG59O1xuXG5jb25zdCBncm91cFByaXZpbGVnZXNCeVRhYmxlID0gKHByaXZpbGVnZXM6IFRhYmxlUHJpdmlsZWdlW10pOiBSZWNvcmQ8c3RyaW5nLCBUYWJsZVByaXZpbGVnZVtdPiA9PiB7XG4gIHJldHVybiBwcml2aWxlZ2VzLnJlZHVjZSgoZ3JvdXBlZCwgcHJpdmlsZWdlKSA9PiB7XG4gICAgY29uc3QgeyB0YWJsZSB9ID0gcHJpdmlsZWdlO1xuICAgIGNvbnN0IHRhYmxlSWQgPSB0YWJsZS5ub2RlLmlkO1xuICAgIGNvbnN0IHRhYmxlUHJpdmlsZWdlcyA9IGdyb3VwZWRbdGFibGVJZF0gPz8gW107XG4gICAgcmV0dXJuIHtcbiAgICAgIC4uLmdyb3VwZWQsXG4gICAgICBbdGFibGVJZF06IFsuLi50YWJsZVByaXZpbGVnZXMsIHByaXZpbGVnZV0sXG4gICAgfTtcbiAgfSwge30gYXMgUmVjb3JkPHN0cmluZywgVGFibGVQcml2aWxlZ2VbXT4pO1xufTtcbiJdfQ==