UNPKG

aws-cdk-lib

Version:

Version 2 of the AWS Cloud Development Kit library

github.com/aws/aws-cdk

aws/aws-cdk

2 lines (1 loc) 2.91 kB
1
2
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.ImportedRole=void 0;var util_1=()=>{var tmp=require("./util");return util_1=()=>tmp,tmp},core_1=()=>{var tmp=require("../../../core");return core_1=()=>tmp,tmp},cx_api_1=()=>{var tmp=require("../../../cx-api");return cx_api_1=()=>tmp,tmp},grant_1=()=>{var tmp=require("../grant");return grant_1=()=>tmp,tmp},policy_1=()=>{var tmp=require("../policy");return policy_1=()=>tmp,tmp},principals_1=()=>{var tmp=require("../principals");return principals_1=()=>tmp,tmp},util_2=()=>{var tmp=require("../util");return util_2=()=>tmp,tmp};class ImportedRole extends core_1().Resource{constructor(scope,id,props){super(scope,id,{account:props.account}),this.grantPrincipal=this,this.assumeRoleAction="sts:AssumeRole",this.attachedPolicies=new(util_2()).AttachedPolicies,this.roleArn=props.roleArn,this.roleName=props.roleName,this.policyFragment=new(principals_1()).ArnPrincipal(this.roleArn).policyFragment,this.defaultPolicyName=props.defaultPolicyName,this.principalAccount=props.account}addToPolicy(statement){return this.addToPrincipalPolicy(statement).statementAdded}addToPrincipalPolicy(statement){if(!this.defaultPolicy){const useUniqueName=core_1().FeatureFlags.of(this).isEnabled(cx_api_1().IAM_IMPORTED_ROLE_STACK_SAFE_DEFAULT_POLICY_NAME),prefix="Policy";let defaultDefaultPolicyName=useUniqueName?`${prefix}${core_1().Names.uniqueId(this)}`:prefix;defaultDefaultPolicyName.length>util_1().MAX_POLICY_NAME_LEN&&(defaultDefaultPolicyName=`${prefix}${core_1().Names.uniqueResourceName(this,{maxLength:util_1().MAX_POLICY_NAME_LEN-prefix.length})}`);const policyName=this.defaultPolicyName??defaultDefaultPolicyName;this.defaultPolicy=new(policy_1()).Policy(this,policyName,useUniqueName?{policyName}:void 0),this.attachInlinePolicy(this.defaultPolicy)}return this.defaultPolicy.addStatements(statement),{statementAdded:!0,policyDependable:this.defaultPolicy}}attachInlinePolicy(policy){const thisAndPolicyAccountComparison=core_1().Token.compareStrings(this.env.account,policy.env.account);(thisAndPolicyAccountComparison===core_1().TokenComparison.SAME||thisAndPolicyAccountComparison===core_1().TokenComparison.BOTH_UNRESOLVED||thisAndPolicyAccountComparison===core_1().TokenComparison.ONE_UNRESOLVED)&&(this.attachedPolicies.attach(policy),policy.attachToRole(this))}addManagedPolicy(policy){core_1().Annotations.of(this).addWarningV2("@aws-cdk/aws-iam:importedRoleManagedPolicyNotAdded",`Not adding managed policy: ${policy.managedPolicyArn} to imported role: ${this.roleName}`)}grantPassRole(identity){return this.grant(identity,"iam:PassRole")}grantAssumeRole(identity){return this.grant(identity,"sts:AssumeRole")}grant(grantee,...actions){return grant_1().Grant.addToPrincipal({grantee,actions,resourceArns:[this.roleArn],scope:this})}dedupeString(){return`ImportedRole:${this.roleArn}`}}exports.ImportedRole=ImportedRole;