UNPKG

3.51 kBTypeScriptView Raw
1import * as cdk from '@aws-cdk/core';
2import { PolicyStatement } from './policy-statement';
3/**
4 * Properties for a new PolicyDocument
5 */
6export interface PolicyDocumentProps {
7 /**
8 * Automatically assign Statement Ids to all statements
9 *
10 * @default false
11 */
12 readonly assignSids?: boolean;
13 /**
14 * Initial statements to add to the policy document
15 *
16 * @default - No statements
17 */
18 readonly statements?: PolicyStatement[];
19 /**
20 * Try to minimize the policy by merging statements
21 *
22 * To avoid overrunning the maximum policy size, combine statements if they produce
23 * the same result. Merging happens according to the following rules:
24 *
25 * - The Effect of both statements is the same
26 * - Neither of the statements have a 'Sid'
27 * - Combine Principals if the rest of the statement is exactly the same.
28 * - Combine Resources if the rest of the statement is exactly the same.
29 * - Combine Actions if the rest of the statement is exactly the same.
30 * - We will never combine NotPrincipals, NotResources or NotActions, because doing
31 * so would change the meaning of the policy document.
32 *
33 * @default - false, unless the feature flag `@aws-cdk/aws-iam:minimizePolicies` is set
34 */
35 readonly minimize?: boolean;
36}
37/**
38 * A PolicyDocument is a collection of statements
39 */
40export declare class PolicyDocument implements cdk.IResolvable {
41 /**
42 * Creates a new PolicyDocument based on the object provided.
43 * This will accept an object created from the `.toJSON()` call
44 * @param obj the PolicyDocument in object form.
45 */
46 static fromJson(obj: any): PolicyDocument;
47 readonly creationStack: string[];
48 private readonly statements;
49 private readonly autoAssignSids;
50 private readonly minimize?;
51 constructor(props?: PolicyDocumentProps);
52 resolve(context: cdk.IResolveContext): any;
53 /**
54 * Whether the policy document contains any statements.
55 */
56 get isEmpty(): boolean;
57 /**
58 * The number of statements already added to this policy.
59 * Can be used, for example, to generate unique "sid"s within the policy.
60 */
61 get statementCount(): number;
62 /**
63 * Adds a statement to the policy document.
64 *
65 * @param statement the statement to add.
66 */
67 addStatements(...statement: PolicyStatement[]): void;
68 /**
69 * Encode the policy document as a string
70 */
71 toString(): string;
72 /**
73 * JSON-ify the document
74 *
75 * Used when JSON.stringify() is called
76 */
77 toJSON(): any;
78 /**
79 * Validate that all policy statements in the policy document satisfies the
80 * requirements for any policy.
81 *
82 * @see https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json
83 */
84 validateForAnyPolicy(): string[];
85 /**
86 * Validate that all policy statements in the policy document satisfies the
87 * requirements for a resource-based policy.
88 *
89 * @see https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json
90 */
91 validateForResourcePolicy(): string[];
92 /**
93 * Validate that all policy statements in the policy document satisfies the
94 * requirements for an identity-based policy.
95 *
96 * @see https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json
97 */
98 validateForIdentityPolicy(): string[];
99 private render;
100}