UNPKG

aws-cdk-lib

Version:

Version 2 of the AWS Cloud Development Kit library

github.com/aws/aws-cdk

aws/aws-cdk

2 lines (1 loc) 2.71 kB
1
2
"use strict";Object.defineProperty(exports,"__esModule",{value:!0});var aws_iam_1=()=>{var tmp=require("../../../aws-iam");return aws_iam_1=()=>tmp,tmp},aws_kms_1=()=>{var tmp=require("../../../aws-kms");return aws_kms_1=()=>tmp,tmp},core_1=()=>{var tmp=require("../../../core");return core_1=()=>tmp,tmp},helpers_internal_1=()=>{var tmp=require("../../../core/lib/helpers-internal");return helpers_internal_1=()=>tmp,tmp},literal_string_1=()=>{var tmp=require("../../../core/lib/private/literal-string");return literal_string_1=()=>tmp,tmp},dynamodb_generated_1=()=>{var tmp=require("../dynamodb.generated");return dynamodb_generated_1=()=>tmp,tmp};class TablePolicyFactory{forResource(resource){if(!dynamodb_generated_1().CfnTable.isCfnTable(resource))throw new(core_1()).ValidationError((0,literal_string_1().lit)`Construct`,`Construct ${resource.node.path} is not of type CfnTable`,resource);return new CfnTableWithPolicy(resource)}}class CfnTableWithPolicy{table;env;policyDocument;constructor(table){this.table=table,this.env=table.env}addToResourcePolicy(statement){if(!this.policyDocument)if(core_1().Token.isResolved(this.table.resourcePolicy))this.policyDocument=aws_iam_1().PolicyDocument.fromJson(this.table.resourcePolicy?.policyDocument??{Statement:[]});else return{statementAdded:!1};return this.policyDocument.addStatements(statement),this.table.resourcePolicy={policyDocument:this.policyDocument.toJSON()},{statementAdded:!0,policyDependable:this.table}}}class EncryptedTableFactory{forResource(resource){if(!dynamodb_generated_1().CfnTable.isCfnTable(resource))throw new(core_1()).ValidationError((0,literal_string_1().lit)`Construct`,`Construct ${resource.node.path} is not of type CfnTable`,resource);return new EncryptedCfnTable(resource)}}class EncryptedCfnTable{table;env;constructor(table){this.table=table,this.env=table.env}grantOnKey(grantee,...actions){const key=tryFindKmsKeyForTable(this.table);return{grant:key?aws_kms_1().KeyGrants.fromKey(key).actions(grantee,...actions):void 0}}}function tryFindKmsKeyForTable(table){const cfnTable=tryFindTableConstruct(table),kmsMasterKeyId=cfnTable?.sseSpecification&&cfnTable.sseSpecification.kmsMasterKeyId;if(kmsMasterKeyId)return(0,helpers_internal_1().findClosestRelatedResource)(table,"AWS::KMS::Key",(_,key)=>key.ref===kmsMasterKeyId||key.attrKeyId===kmsMasterKeyId||key.attrArn===kmsMasterKeyId)}function tryFindTableConstruct(table){return(0,helpers_internal_1().findL1FromRef)(table,"AWS::DynamoDB::Table",(cfn,ref)=>ref.tableRef==cfn.tableRef)}aws_iam_1().DefaultPolicyFactories.set("AWS::DynamoDB::Table",new TablePolicyFactory),aws_iam_1().DefaultEncryptedResourceFactories.set("AWS::DynamoDB::Table",new EncryptedTableFactory);