UNPKG

aws-delivlib

Version:

A fabulous library for defining continuous pipelines for building, testing and releasing code libraries.

github.com/cdklabs/aws-delivlib

cdklabs/aws-delivlib

31 lines 4.9 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.grantAssumeRole = exports.grantSecretRead = void 0; const aws_cdk_lib_1 = require("aws-cdk-lib"); /** * Give the role permission to read a particular secret and its key. */ function grantSecretRead(secret, identity) { identity.addToPrincipalPolicy(new aws_cdk_lib_1.aws_iam.PolicyStatement({ resources: [secret.secretArn], actions: ['secretsmanager:ListSecrets', 'secretsmanager:DescribeSecret', 'secretsmanager:GetSecretValue'], })); if (secret.keyArn) { identity.addToPrincipalPolicy(new aws_cdk_lib_1.aws_iam.PolicyStatement({ resources: [secret.keyArn], actions: ['kms:Decrypt'], })); } } exports.grantSecretRead = grantSecretRead; /** * Give the role permission to assume another role. */ function grantAssumeRole(roleToAssumeArn, identity) { identity.addToPrincipalPolicy(new aws_cdk_lib_1.aws_iam.PolicyStatement({ resources: [roleToAssumeArn], actions: ['sts:AssumeRole'], })); } exports.grantAssumeRole = grantAssumeRole; //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGVybWlzc2lvbnMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJwZXJtaXNzaW9ucy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSw2Q0FBNkM7QUFzRDdDOztHQUVHO0FBQ0gsU0FBZ0IsZUFBZSxDQUFDLE1BQXNCLEVBQUUsUUFBd0I7SUFDOUUsUUFBUSxDQUFDLG9CQUFvQixDQUFDLElBQUkscUJBQUcsQ0FBQyxlQUFlLENBQUM7UUFDcEQsU0FBUyxFQUFFLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQztRQUM3QixPQUFPLEVBQUUsQ0FBQyw0QkFBNEIsRUFBRSwrQkFBK0IsRUFBRSwrQkFBK0IsQ0FBQztLQUMxRyxDQUFDLENBQUMsQ0FBQztJQUVKLElBQUksTUFBTSxDQUFDLE1BQU0sRUFBRTtRQUNqQixRQUFRLENBQUMsb0JBQW9CLENBQUMsSUFBSSxxQkFBRyxDQUFDLGVBQWUsQ0FBQztZQUNwRCxTQUFTLEVBQUUsQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDO1lBQzFCLE9BQU8sRUFBRSxDQUFDLGFBQWEsQ0FBQztTQUN6QixDQUFDLENBQUMsQ0FBQztLQUNMO0FBQ0gsQ0FBQztBQVpELDBDQVlDO0FBRUQ7O0dBRUc7QUFDSCxTQUFnQixlQUFlLENBQUMsZUFBdUIsRUFBRSxRQUF3QjtJQUMvRSxRQUFRLENBQUMsb0JBQW9CLENBQUMsSUFBSSxxQkFBRyxDQUFDLGVBQWUsQ0FBQztRQUNwRCxTQUFTLEVBQUUsQ0FBQyxlQUFlLENBQUM7UUFDNUIsT0FBTyxFQUFFLENBQUMsZ0JBQWdCLENBQUM7S0FDNUIsQ0FBQyxDQUFDLENBQUM7QUFDTixDQUFDO0FBTEQsMENBS0MiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBhd3NfaWFtIGFzIGlhbSB9IGZyb20gJ2F3cy1jZGstbGliJztcblxuXG4vKipcbiAqIERlc2NyaWJlIGEgU2VjcmV0cyBNYW5hZ2VyIHNlY3JldCBleHRlcm5hbCB0byB0aGUgQ0RLIGFwcFxuICovXG5leHBvcnQgaW50ZXJmYWNlIEV4dGVybmFsU2VjcmV0IHtcbiAgLyoqXG4gICAqIFRoZSBBUk4gb2YgdGhlIEFXUyBTZWNyZXRzIE1hbmFnZXIgc2VjcmV0LlxuICAgKi9cbiAgc2VjcmV0QXJuOiBzdHJpbmc7XG5cbiAgLyoqXG4gICAqIEFSTiBvZiB0aGUgZW5jcnlwdGlvbiBrZXkgZm9yIHRoaXMgc2VjcmV0LlxuICAgKlxuICAgKiAoQWZ0ZXIgY3JlYXRpb24gb2YgdGhlIHByb2plY3QsIHlvdSBtdXN0IG1hbnVhbGx5IGdyYW50IFwia21zOkRlY3J5cHRcIlxuICAgKiBwZXJtaXNzaW9ucyBvbiB0aGlzIGtleSB0byB0aGUgcm9sZSBjcmVhdGVkIGZvciB0aGlzIENvZGVCdWlsZCBwcm9qZWN0KS5cbiAgICovXG4gIGtleUFybj86IHN0cmluZztcblxuICAvKipcbiAgICogT3B0aW9uYWwgcm9sZSB0byBiZSBhc3N1bWVkIGluIG9yZGVyIHRvIGFjY2VzcyB0aGUgc2VjcmV0LlxuICAgKiBAZGVmYXVsdCBOb25lXG4gICAqL1xuICBhc3N1bWVSb2xlQXJuPzogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBUaGUgcmVnaW9uIHdoZXJlIHRoZSBzZWNyZXQgaXMgc3RvcmVkLlxuICAgKiBAZGVmYXVsdCBjdXJyZW50IHJlZ2lvblxuICAgKi9cbiAgcmVnaW9uPzogUmVnaW9uO1xufVxuXG4vLyBMaXN0IHRha2VuIGZyb20gaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL2dlbmVyYWwvbGF0ZXN0L2dyL3JhbmRlLmh0bWwuXG5leHBvcnQgdHlwZSBSZWdpb24gPVxuICAndXMtZWFzdC0xJyB8XG4gICd1cy1lYXN0LTInIHxcbiAgJ3VzLXdlc3QtMScgfFxuICAndXMtd2VzdC0yJyB8XG4gICdhcC1ub3J0aGVhc3QtMScgfFxuICAnYXAtbm9ydGhlYXN0LTInIHxcbiAgJ2FwLW5vcnRoZWFzdC0zJyB8XG4gICdhcC1zb3V0aC0xJyB8XG4gICdhcC1zb3V0aGVhc3QtMScgfFxuICAnYXAtc291dGhlYXN0LTInIHxcbiAgJ2NhLWNlbnRyYWwtMScgfFxuICAnY24tbm9ydGgtMScgfFxuICAnY24tbm9ydGh3ZXN0LTEnIHxcbiAgJ2V1LWNlbnRyYWwtMScgfFxuICAnZXUtd2VzdC0xJyB8XG4gICdldS13ZXN0LTInIHxcbiAgJ2V1LXdlc3QtMycgfFxuICAnc2EtZWFzdC0xJztcblxuLyoqXG4gKiBHaXZlIHRoZSByb2xlIHBlcm1pc3Npb24gdG8gcmVhZCBhIHBhcnRpY3VsYXIgc2VjcmV0IGFuZCBpdHMga2V5LlxuICovXG5leHBvcnQgZnVuY3Rpb24gZ3JhbnRTZWNyZXRSZWFkKHNlY3JldDogRXh0ZXJuYWxTZWNyZXQsIGlkZW50aXR5OiBpYW0uSVByaW5jaXBhbCkge1xuICBpZGVudGl0eS5hZGRUb1ByaW5jaXBhbFBvbGljeShuZXcgaWFtLlBvbGljeVN0YXRlbWVudCh7XG4gICAgcmVzb3VyY2VzOiBbc2VjcmV0LnNlY3JldEFybl0sXG4gICAgYWN0aW9uczogWydzZWNyZXRzbWFuYWdlcjpMaXN0U2VjcmV0cycsICdzZWNyZXRzbWFuYWdlcjpEZXNjcmliZVNlY3JldCcsICdzZWNyZXRzbWFuYWdlcjpHZXRTZWNyZXRWYWx1ZSddLFxuICB9KSk7XG5cbiAgaWYgKHNlY3JldC5rZXlBcm4pIHtcbiAgICBpZGVudGl0eS5hZGRUb1ByaW5jaXBhbFBvbGljeShuZXcgaWFtLlBvbGljeVN0YXRlbWVudCh7XG4gICAgICByZXNvdXJjZXM6IFtzZWNyZXQua2V5QXJuXSxcbiAgICAgIGFjdGlvbnM6IFsna21zOkRlY3J5cHQnXSxcbiAgICB9KSk7XG4gIH1cbn1cblxuLyoqXG4gKiBHaXZlIHRoZSByb2xlIHBlcm1pc3Npb24gdG8gYXNzdW1lIGFub3RoZXIgcm9sZS5cbiAqL1xuZXhwb3J0IGZ1bmN0aW9uIGdyYW50QXNzdW1lUm9sZShyb2xlVG9Bc3N1bWVBcm46IHN0cmluZywgaWRlbnRpdHk6IGlhbS5JUHJpbmNpcGFsKSB7XG4gIGlkZW50aXR5LmFkZFRvUHJpbmNpcGFsUG9saWN5KG5ldyBpYW0uUG9saWN5U3RhdGVtZW50KHtcbiAgICByZXNvdXJjZXM6IFtyb2xlVG9Bc3N1bWVBcm5dLFxuICAgIGFjdGlvbnM6IFsnc3RzOkFzc3VtZVJvbGUnXSxcbiAgfSkpO1xufVxuIl19