aws-cdk-lib
Version:
Version 2 of the AWS Cloud Development Kit library
2 lines (1 loc) • 11 kB
JavaScript
"use strict";var __runInitializers=exports&&exports.__runInitializers||function(thisArg,initializers,value){for(var useValue=arguments.length>2,i=0;i<initializers.length;i++)value=useValue?initializers[i].call(thisArg,value):initializers[i].call(thisArg);return useValue?value:void 0},__esDecorate=exports&&exports.__esDecorate||function(ctor,descriptorIn,decorators,contextIn,initializers,extraInitializers){function accept(f){if(f!==void 0&&typeof f!="function")throw new TypeError("Function expected");return f}for(var kind=contextIn.kind,key=kind==="getter"?"get":kind==="setter"?"set":"value",target=!descriptorIn&&ctor?contextIn.static?ctor:ctor.prototype:null,descriptor=descriptorIn||(target?Object.getOwnPropertyDescriptor(target,contextIn.name):{}),_,done=!1,i=decorators.length-1;i>=0;i--){var context={};for(var p in contextIn)context[p]=p==="access"?{}:contextIn[p];for(var p in contextIn.access)context.access[p]=contextIn.access[p];context.addInitializer=function(f){if(done)throw new TypeError("Cannot add initializers after decoration has completed");extraInitializers.push(accept(f||null))};var result=(0,decorators[i])(kind==="accessor"?{get:descriptor.get,set:descriptor.set}:descriptor[key],context);if(kind==="accessor"){if(result===void 0)continue;if(result===null||typeof result!="object")throw new TypeError("Object expected");(_=accept(result.get))&&(descriptor.get=_),(_=accept(result.set))&&(descriptor.set=_),(_=accept(result.init))&&initializers.unshift(_)}else(_=accept(result))&&(kind==="field"?initializers.unshift(_):descriptor[key]=_)}target&&Object.defineProperty(target,contextIn.name,descriptor),done=!0};Object.defineProperty(exports,"__esModule",{value:!0}),exports.ManagedPolicy=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var iam_generated_1=()=>{var tmp=require("./iam.generated");return iam_generated_1=()=>tmp,tmp},policy_document_1=()=>{var tmp=require("./policy-document");return policy_document_1=()=>tmp,tmp},principals_1=()=>{var tmp=require("./principals");return principals_1=()=>tmp,tmp},util_1=()=>{var tmp=require("./private/util");return util_1=()=>tmp,tmp},core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp},helpers_internal_1=()=>{var tmp=require("../../core/lib/helpers-internal");return helpers_internal_1=()=>tmp,tmp},metadata_resource_1=()=>{var tmp=require("../../core/lib/metadata-resource");return metadata_resource_1=()=>tmp,tmp},detached_construct_1=()=>{var tmp=require("../../core/lib/private/detached-construct");return detached_construct_1=()=>tmp,tmp},prop_injectable_1=()=>{var tmp=require("../../core/lib/prop-injectable");return prop_injectable_1=()=>tmp,tmp};let ManagedPolicy=(()=>{let _classDecorators=[prop_injectable_1().propertyInjectable],_classDescriptor,_classExtraInitializers=[],_classThis,_classSuper=core_1().Resource,_instanceExtraInitializers=[],_addStatements_decorators,_attachToUser_decorators,_attachToRole_decorators,_attachToGroup_decorators;var ManagedPolicy2=class extends _classSuper{static{_classThis=this}static{const _metadata=typeof Symbol=="function"&&Symbol.metadata?Object.create(_classSuper[Symbol.metadata]??null):void 0;_addStatements_decorators=[(0,metadata_resource_1().MethodMetadata)()],_attachToUser_decorators=[(0,metadata_resource_1().MethodMetadata)()],_attachToRole_decorators=[(0,metadata_resource_1().MethodMetadata)()],_attachToGroup_decorators=[(0,metadata_resource_1().MethodMetadata)()],__esDecorate(this,null,_addStatements_decorators,{kind:"method",name:"addStatements",static:!1,private:!1,access:{has:obj=>"addStatements"in obj,get:obj=>obj.addStatements},metadata:_metadata},null,_instanceExtraInitializers),__esDecorate(this,null,_attachToUser_decorators,{kind:"method",name:"attachToUser",static:!1,private:!1,access:{has:obj=>"attachToUser"in obj,get:obj=>obj.attachToUser},metadata:_metadata},null,_instanceExtraInitializers),__esDecorate(this,null,_attachToRole_decorators,{kind:"method",name:"attachToRole",static:!1,private:!1,access:{has:obj=>"attachToRole"in obj,get:obj=>obj.attachToRole},metadata:_metadata},null,_instanceExtraInitializers),__esDecorate(this,null,_attachToGroup_decorators,{kind:"method",name:"attachToGroup",static:!1,private:!1,access:{has:obj=>"attachToGroup"in obj,get:obj=>obj.attachToGroup},metadata:_metadata},null,_instanceExtraInitializers),__esDecorate(null,_classDescriptor={value:_classThis},_classDecorators,{kind:"class",name:_classThis.name,metadata:_metadata},null,_classExtraInitializers),ManagedPolicy2=_classThis=_classDescriptor.value,_metadata&&Object.defineProperty(_classThis,Symbol.metadata,{enumerable:!0,configurable:!0,writable:!0,value:_metadata})}static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_iam.ManagedPolicy",version:"2.233.0"};static PROPERTY_INJECTION_ID="aws-cdk-lib.aws-iam.ManagedPolicy";static fromManagedPolicyName(scope,id,managedPolicyName){class Import extends core_1().Resource{managedPolicyArn=core_1().Stack.of(scope).formatArn({service:"iam",region:"",account:core_1().Stack.of(scope).account,resource:"policy",resourceName:managedPolicyName});get managedPolicyRef(){return{policyArn:this.managedPolicyArn}}}return new Import(scope,id)}static fromManagedPolicyArn(scope,id,managedPolicyArn){class Import extends core_1().Resource{managedPolicyArn=managedPolicyArn;get managedPolicyRef(){return{policyArn:this.managedPolicyArn}}}return new Import(scope,id)}static fromAwsManagedPolicyName(managedPolicyName){class AwsManagedPolicy extends detached_construct_1().DetachedConstruct{managedPolicyArn=core_1().Arn.format({partition:core_1().Aws.PARTITION,service:"iam",region:"",account:"aws",resource:"policy",resourceName:managedPolicyName});constructor(){super("The result of fromAwsManagedPolicyName can not be used in this API")}get managedPolicyRef(){return{policyArn:this.managedPolicyArn}}}return new AwsManagedPolicy}managedPolicyArn=__runInitializers(this,_instanceExtraInitializers);document=new(policy_document_1()).PolicyDocument;managedPolicyName;description;path;grantPrincipal;roles=new Array;users=new Array;groups=new Array;_precreatedPolicy;constructor(scope,id,props={}){super(scope,id,{physicalName:props.managedPolicyName});try{jsiiDeprecationWarnings().aws_cdk_lib_aws_iam_ManagedPolicyProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,ManagedPolicy2),error}(0,metadata_resource_1().addConstructMetadata)(this,props),this.description=props.description||"",this.path=props.path||"/",props.document&&(this.document=props.document);const config=(0,helpers_internal_1().getCustomizeRolesConfig)(this),_precreatedPolicy=ManagedPolicy2.fromManagedPolicyName(this,"Imported"+id,id);if(this.managedPolicyName=id,this.managedPolicyArn=_precreatedPolicy.managedPolicyArn,config.enabled&&(this._precreatedPolicy=_precreatedPolicy),!config.preventSynthesis){const resource=new(iam_generated_1()).CfnManagedPolicy(this,"Resource",{policyDocument:this.document,managedPolicyName:this.physicalName,description:this.description,path:this.path,roles:(0,util_1().undefinedIfEmpty)(()=>this.roles.map(r=>r.roleRef.roleName)),users:(0,util_1().undefinedIfEmpty)(()=>this.users.map(u=>u.userRef.userName)),groups:(0,util_1().undefinedIfEmpty)(()=>this.groups.map(g=>g.groupRef.groupName))});this.managedPolicyName=this.getResourceNameAttribute(core_1().Stack.of(this).splitArn(resource.ref,core_1().ArnFormat.SLASH_RESOURCE_NAME).resourceName),this.managedPolicyArn=this.getResourceArnAttribute(resource.ref,{region:"",service:"iam",resource:"policy",resourceName:this.physicalName})}props.users&&props.users.forEach(u=>this.attachToUser(u)),props.groups&&props.groups.forEach(g=>this.attachToGroup(g)),props.roles&&props.roles.forEach(r=>this.attachToRole(r)),props.statements&&props.statements.forEach(p=>this.addStatements(p)),this.grantPrincipal=new ManagedPolicyGrantPrincipal(this),this.node.addValidation({validate:()=>this.validateManagedPolicy()})}get managedPolicyRef(){return{policyArn:this.managedPolicyArn}}addStatements(...statement){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_iam_PolicyStatement(statement)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.addStatements),error}this.document.addStatements(...statement)}attachToUser(user){try{jsiiDeprecationWarnings().aws_cdk_lib_interfaces_aws_iam_IUserRef(user)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.attachToUser),error}this.users.find(u=>u.userRef.userArn===user.userRef.userArn)||this.users.push(user)}attachToRole(role){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_iam_IRole(role)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.attachToRole),error}this.roles.find(r=>r.roleRef.roleArn===role.roleArn)||this.roles.push(role)}attachToGroup(group){try{jsiiDeprecationWarnings().aws_cdk_lib_interfaces_aws_iam_IGroupRef(group)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.attachToGroup),error}this.groups.find(g=>g.groupRef.groupArn===group.groupRef.groupArn)||this.groups.push(group)}validateManagedPolicy(){const result=new Array;return this.document.isEmpty&&result.push("Managed Policy is empty. You must add statements to the policy"),result.push(...this.document.validateForIdentityPolicy()),result.length===0&&this._precreatedPolicy&&helpers_internal_1().PolicySynthesizer.getOrCreate(this).addManagedPolicy(this.node.path,{policyStatements:this.document.toJSON()?.Statement,roles:this.roles.map(role=>role.node.path)}),result}static{__runInitializers(_classThis,_classExtraInitializers)}};return ManagedPolicy2=_classThis})();exports.ManagedPolicy=ManagedPolicy;class ManagedPolicyGrantPrincipal{_managedPolicy;policyFragment;principalAccount;grantPrincipal=this;constructor(_managedPolicy){this._managedPolicy=_managedPolicy;const arn=core_1().Lazy.string({produce:()=>{throw new(core_1()).ValidationError("This grant operation needs to add a resource policy so needs access to a principal. Grant permissions to a Role or User, instead of a ManagedPolicy.",_managedPolicy)}});this.policyFragment=new(principals_1()).ArnPrincipal(arn).policyFragment,this.principalAccount=_managedPolicy.env.account}get assumeRoleAction(){throw new(core_1()).ValidationError("This grant operation needs to add a resource policy so needs access to a principal. Grant permissions to a Role or User, instead of a ManagedPolicy.",this._managedPolicy)}addToPolicy(statement){return this.addToPrincipalPolicy(statement).statementAdded}addToPrincipalPolicy(statement){return this._managedPolicy.addStatements(statement),{statementAdded:!0,policyDependable:this._managedPolicy}}toString(){return`ManagedPolicy(${this._managedPolicy.node.path})`}}