aws-cdk-lib/aws-iam/lib/grant.js

Version 2 of the AWS Cloud Development Kit library

"use strict";var _a,_b;Object.defineProperty(exports,"__esModule",{value:!0}),exports.CompositeDependable=exports.Grant=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var constructs_1=()=>{var tmp=require("constructs");return constructs_1=()=>tmp,tmp},policy_statement_1=()=>{var tmp=require("./policy-statement");return policy_statement_1=()=>tmp,tmp},cdk=()=>{var tmp=require("../../core");return cdk=()=>tmp,tmp};class Grant{static addToPrincipalOrResource(options){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_iam_GrantWithResourceOptions(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.addToPrincipalOrResource),error}const result=Grant.addToPrincipal({...options,scope:options.resource}),resourceAndPrincipalAccountComparison=options.grantee.grantPrincipal.principalAccount?cdk().Token.compareStrings(options.resource.env.account,options.grantee.grantPrincipal.principalAccount):void 0,equalOrBothUnresolved=resourceAndPrincipalAccountComparison===cdk().TokenComparison.SAME||resourceAndPrincipalAccountComparison==cdk().TokenComparison.BOTH_UNRESOLVED,sameAccount=resourceAndPrincipalAccountComparison?equalOrBothUnresolved:!1;if(result.success&&sameAccount)return result;const statement=new(policy_statement_1()).PolicyStatement({actions:options.actions,resources:options.resourceSelfArns||options.resourceArns,principals:[options.grantee.grantPrincipal]}),resourceResult=options.resource.addToResourcePolicy(statement);return new Grant({resourceStatement:statement,options,policyDependable:resourceResult.statementAdded?resourceResult.policyDependable??options.resource:void 0})}static addToPrincipal(options){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_iam_GrantOnPrincipalOptions(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.addToPrincipal),error}const statement=new(policy_statement_1()).PolicyStatement({actions:options.actions,resources:options.resourceArns,conditions:options.conditions}),addedToPrincipal=options.grantee.grantPrincipal.addToPrincipalPolicy(statement);if(!addedToPrincipal.statementAdded)return new Grant({principalStatement:void 0,options});if(!addedToPrincipal.policyDependable)throw new Error("Contract violation: when Principal returns statementAdded=true, it should return a dependable");return new Grant({principalStatement:statement,options,policyDependable:addedToPrincipal.policyDependable})}static addToPrincipalAndResource(options){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_iam_GrantOnPrincipalAndResourceOptions(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.addToPrincipalAndResource),error}const result=Grant.addToPrincipal({...options,scope:options.resource}),statement=new(policy_statement_1()).PolicyStatement({actions:options.actions,resources:options.resourceSelfArns||options.resourceArns,principals:[options.resourcePolicyPrincipal||options.grantee.grantPrincipal]}),resourceResult=options.resource.addToResourcePolicy(statement),resourceDependable=resourceResult.statementAdded?resourceResult.policyDependable??options.resource:void 0;return new Grant({principalStatement:statement,resourceStatement:result.resourceStatement,options,policyDependable:resourceDependable?new CompositeDependable(result,resourceDependable):result})}static drop(grantee,_intent){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_iam_IGrantable(grantee)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.drop),error}return new Grant({options:{grantee,actions:[],resourceArns:[]}})}constructor(props){this.principalStatements=new Array,this.resourceStatements=new Array,this.dependables=new Array,this.options=props.options,this.principalStatement=props.principalStatement,this.resourceStatement=props.resourceStatement,this.principalStatement&&this.principalStatements.push(this.principalStatement),this.resourceStatement&&this.resourceStatements.push(this.resourceStatement),props.policyDependable&&this.dependables.push(props.policyDependable);const self=this;constructs_1().Dependable.implement(this,{get dependencyRoots(){return Array.from(new Set(self.dependables.flatMap(d=>constructs_1().Dependable.of(d).dependencyRoots)))}})}get success(){return this.principalStatement!==void 0||this.resourceStatement!==void 0}assertSuccess(){if(!this.success)throw new Error(`${describeGrant(this.options)} could not be added on either identity or resource policy.`)}applyBefore(...constructs){for(const construct of constructs)construct.node.addDependency(this)}combine(rhs){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_iam_Grant(rhs)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.combine),error}const combinedPrinc=[...this.principalStatements,...rhs.principalStatements],combinedRes=[...this.resourceStatements,...rhs.resourceStatements],ret=new Grant({options:this.options,principalStatement:combinedPrinc[0],resourceStatement:combinedRes[0]});return ret.principalStatements.splice(0,ret.principalStatements.length,...combinedPrinc),ret.resourceStatements.splice(0,ret.resourceStatements.length,...combinedRes),ret.dependables.push(...this.dependables,...rhs.dependables),ret}}exports.Grant=Grant,_a=JSII_RTTI_SYMBOL_1,Grant[_a]={fqn:"aws-cdk-lib.aws_iam.Grant",version:"2.185.0"};function describeGrant(options){return`Permissions for '${options.grantee}' to call '${options.actions}' on '${options.resourceArns}'`}class CompositeDependable{constructor(...dependables){constructs_1().Dependable.implement(this,{get dependencyRoots(){return Array.prototype.concat.apply([],dependables.map(d=>constructs_1().Dependable.of(d).dependencyRoots))}})}}exports.CompositeDependable=CompositeDependable,_b=JSII_RTTI_SYMBOL_1,CompositeDependable[_b]={fqn:"aws-cdk-lib.aws_iam.CompositeDependable",version:"2.185.0"};