aws-cdk-lib/pipelines/lib/private/asset-singleton-role.js

Version 2 of the AWS Cloud Development Kit library

"use strict";var __decorate=exports&&exports.__decorate||function(decorators,target,key,desc){var c=arguments.length,r=c<3?target:desc===null?desc=Object.getOwnPropertyDescriptor(target,key):desc,d;if(typeof Reflect=="object"&&typeof Reflect.decorate=="function")r=Reflect.decorate(decorators,target,key,desc);else for(var i=decorators.length-1;i>=0;i--)(d=decorators[i])&&(r=(c<3?d(r):c>3?d(target,key,r):d(target,key))||r);return c>3&&r&&Object.defineProperty(target,key,r),r};Object.defineProperty(exports,"__esModule",{value:!0}),exports.AssetSingletonRole=void 0;var iam=()=>{var tmp=require("../../../aws-iam");return iam=()=>tmp,tmp},core_1=()=>{var tmp=require("../../../core");return core_1=()=>tmp,tmp},metadata_resource_1=()=>{var tmp=require("../../../core/lib/metadata-resource");return metadata_resource_1=()=>tmp,tmp},prop_injectable_1=()=>{var tmp=require("../../../core/lib/prop-injectable");return prop_injectable_1=()=>tmp,tmp};let AssetSingletonRole=class extends iam().Role{constructor(scope,id,props){super(scope,id,props),this._rejectDuplicates=!1,(0,metadata_resource_1().addConstructMetadata)(this,props),this.addToPolicy(new(iam()).PolicyStatement({resources:[core_1().Stack.of(this).formatArn({service:"logs",resource:"log-group",arnFormat:core_1().ArnFormat.COLON_RESOURCE_NAME,resourceName:"/aws/codebuild/*"})],actions:["logs:CreateLogGroup","logs:CreateLogStream","logs:PutLogEvents"]})),this.addToPolicy(new(iam()).PolicyStatement({actions:["codebuild:CreateReportGroup","codebuild:CreateReport","codebuild:UpdateReport","codebuild:BatchPutTestCases","codebuild:BatchPutCodeCoverages"],resources:[core_1().Stack.of(this).formatArn({service:"codebuild",resource:"report-group",resourceName:"*"})]})),this.addToPolicy(new(iam()).PolicyStatement({resources:["*"],actions:["codebuild:BatchGetBuilds","codebuild:StartBuild","codebuild:StopBuild"]})),this._rejectDuplicates=!0}addToPrincipalPolicy(statement){const json=statement.toStatementJson(),acts=JSON.stringify(json.Action),alreadyAdded=['["logs:CreateLogGroup","logs:CreateLogStream","logs:PutLogEvents"]','["codebuild:CreateReportGroup","codebuild:CreateReport","codebuild:UpdateReport","codebuild:BatchPutTestCases","codebuild:BatchPutCodeCoverages"]','["codebuild:BatchGetBuilds","codebuild:StartBuild","codebuild:StopBuild"]'];return this._rejectDuplicates&&alreadyAdded.includes(acts)?{statementAdded:!0,policyDependable:new class{}}:acts==='["kms:Decrypt","kms:Encrypt","kms:ReEncrypt*","kms:GenerateDataKey*"]'?{statementAdded:!0,policyDependable:new class{}}:super.addToPrincipalPolicy(statement)}addAssumeRole(roleArn){this._assumeRoleStatement||(this._assumeRoleStatement=new(iam()).PolicyStatement({actions:["sts:AssumeRole"]}),this.addToPrincipalPolicy(this._assumeRoleStatement));const MAX_ARNS_PER_STATEMENT=10;this._assumeRoleStatement.addResources(roleArn),this._assumeRoleStatement.resources.length>=MAX_ARNS_PER_STATEMENT&&(this._assumeRoleStatement=void 0)}};exports.AssetSingletonRole=AssetSingletonRole,AssetSingletonRole.PROPERTY_INJECTION_ID="aws-cdk-lib.pipelines.AssetSingletonRole",__decorate([(0,metadata_resource_1().MethodMetadata)()],AssetSingletonRole.prototype,"addToPrincipalPolicy",null),__decorate([(0,metadata_resource_1().MethodMetadata)()],AssetSingletonRole.prototype,"addAssumeRole",null),exports.AssetSingletonRole=AssetSingletonRole=__decorate([prop_injectable_1().propertyInjectable],AssetSingletonRole);