1 | ;
|
2 | var _a;
|
3 | Object.defineProperty(exports, "__esModule", { value: true });
|
4 | exports.PermissionsBoundary = void 0;
|
5 | const jsiiDeprecationWarnings = require("../.warnings.jsii.js");
|
6 | const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
|
7 | const core_1 = require("@aws-cdk/core");
|
8 | const constructs_1 = require("constructs");
|
9 | const iam_generated_1 = require("./iam.generated");
|
10 | /**
|
11 | * Modify the Permissions Boundaries of Users and Roles in a construct tree
|
12 | *
|
13 | * ```ts
|
14 | * const policy = iam.ManagedPolicy.fromAwsManagedPolicyName('ReadOnlyAccess');
|
15 | * iam.PermissionsBoundary.of(this).apply(policy);
|
16 | * ```
|
17 | */
|
18 | class PermissionsBoundary {
|
19 | constructor(scope) {
|
20 | this.scope = scope;
|
21 | }
|
22 | /**
|
23 | * Access the Permissions Boundaries of a construct tree
|
24 | */
|
25 | static of(scope) {
|
26 | return new PermissionsBoundary(scope);
|
27 | }
|
28 | /**
|
29 | * Apply the given policy as Permissions Boundary to all Roles and Users in
|
30 | * the scope.
|
31 | *
|
32 | * Will override any Permissions Boundaries configured previously; in case
|
33 | * a Permission Boundary is applied in multiple scopes, the Boundary applied
|
34 | * closest to the Role wins.
|
35 | */
|
36 | apply(boundaryPolicy) {
|
37 | try {
|
38 | jsiiDeprecationWarnings._aws_cdk_aws_iam_IManagedPolicy(boundaryPolicy);
|
39 | }
|
40 | catch (error) {
|
41 | if (process.env.JSII_DEBUG !== "1" && error.name === "DeprecationError") {
|
42 | Error.captureStackTrace(error, this.apply);
|
43 | }
|
44 | throw error;
|
45 | }
|
46 | constructs_1.Node.of(this.scope).applyAspect({
|
47 | visit(node) {
|
48 | if (core_1.CfnResource.isCfnResource(node) &&
|
49 | (node.cfnResourceType == iam_generated_1.CfnRole.CFN_RESOURCE_TYPE_NAME || node.cfnResourceType == iam_generated_1.CfnUser.CFN_RESOURCE_TYPE_NAME)) {
|
50 | node.addPropertyOverride('PermissionsBoundary', boundaryPolicy.managedPolicyArn);
|
51 | }
|
52 | },
|
53 | });
|
54 | }
|
55 | /**
|
56 | * Remove previously applied Permissions Boundaries
|
57 | */
|
58 | clear() {
|
59 | constructs_1.Node.of(this.scope).applyAspect({
|
60 | visit(node) {
|
61 | if (core_1.CfnResource.isCfnResource(node) &&
|
62 | (node.cfnResourceType == iam_generated_1.CfnRole.CFN_RESOURCE_TYPE_NAME || node.cfnResourceType == iam_generated_1.CfnUser.CFN_RESOURCE_TYPE_NAME)) {
|
63 | node.addPropertyDeletionOverride('PermissionsBoundary');
|
64 | }
|
65 | },
|
66 | });
|
67 | }
|
68 | }
|
69 | exports.PermissionsBoundary = PermissionsBoundary;
|
70 | _a = JSII_RTTI_SYMBOL_1;
|
71 | PermissionsBoundary[_a] = { fqn: "@aws-cdk/aws-iam.PermissionsBoundary", version: "1.161.0" };
|
72 | //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGVybWlzc2lvbnMtYm91bmRhcnkuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJwZXJtaXNzaW9ucy1ib3VuZGFyeS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7QUFBQSx3Q0FBNEM7QUFDNUMsMkNBQThDO0FBQzlDLG1EQUFtRDtBQUduRDs7Ozs7OztHQU9HO0FBQ0gsTUFBYSxtQkFBbUI7SUFROUIsWUFBcUMsS0FBaUI7UUFBakIsVUFBSyxHQUFMLEtBQUssQ0FBWTtLQUNyRDtJQVJEOztPQUVHO0lBQ0ksTUFBTSxDQUFDLEVBQUUsQ0FBQyxLQUFpQjtRQUNoQyxPQUFPLElBQUksbUJBQW1CLENBQUMsS0FBSyxDQUFDLENBQUM7S0FDdkM7SUFLRDs7Ozs7OztPQU9HO0lBQ0ksS0FBSyxDQUFDLGNBQThCOzs7Ozs7Ozs7O1FBQ3pDLGlCQUFJLENBQUMsRUFBRSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQyxXQUFXLENBQUM7WUFDOUIsS0FBSyxDQUFDLElBQWdCO2dCQUNwQixJQUNFLGtCQUFXLENBQUMsYUFBYSxDQUFDLElBQUksQ0FBQztvQkFDN0IsQ0FBQyxJQUFJLENBQUMsZUFBZSxJQUFJLHVCQUFPLENBQUMsc0JBQXNCLElBQUksSUFBSSxDQUFDLGVBQWUsSUFBSSx1QkFBTyxDQUFDLHNCQUFzQixDQUFDLEVBQ3BIO29CQUNBLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxxQkFBcUIsRUFBRSxjQUFjLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztpQkFDbEY7WUFDSCxDQUFDO1NBQ0YsQ0FBQyxDQUFDO0tBQ0o7SUFFRDs7T0FFRztJQUNJLEtBQUs7UUFDVixpQkFBSSxDQUFDLEVBQUUsQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLENBQUMsV0FBVyxDQUFDO1lBQzlCLEtBQUssQ0FBQyxJQUFnQjtnQkFDcEIsSUFDRSxrQkFBVyxDQUFDLGFBQWEsQ0FBQyxJQUFJLENBQUM7b0JBQzdCLENBQUMsSUFBSSxDQUFDLGVBQWUsSUFBSSx1QkFBTyxDQUFDLHNCQUFzQixJQUFJLElBQUksQ0FBQyxlQUFlLElBQUksdUJBQU8sQ0FBQyxzQkFBc0IsQ0FBQyxFQUNwSDtvQkFDQSxJQUFJLENBQUMsMkJBQTJCLENBQUMscUJBQXFCLENBQUMsQ0FBQztpQkFDekQ7WUFDSCxDQUFDO1NBQ0YsQ0FBQyxDQUFDO0tBQ0o7O0FBOUNILGtEQStDQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IENmblJlc291cmNlIH0gZnJvbSAnQGF3cy1jZGsvY29yZSc7XG5pbXBvcnQgeyBOb2RlLCBJQ29uc3RydWN0IH0gZnJvbSAnY29uc3RydWN0cyc7XG5pbXBvcnQgeyBDZm5Sb2xlLCBDZm5Vc2VyIH0gZnJvbSAnLi9pYW0uZ2VuZXJhdGVkJztcbmltcG9ydCB7IElNYW5hZ2VkUG9saWN5IH0gZnJvbSAnLi9tYW5hZ2VkLXBvbGljeSc7XG5cbi8qKlxuICogTW9kaWZ5IHRoZSBQZXJtaXNzaW9ucyBCb3VuZGFyaWVzIG9mIFVzZXJzIGFuZCBSb2xlcyBpbiBhIGNvbnN0cnVjdCB0cmVlXG4gKlxuICogYGBgdHNcbiAqIGNvbnN0IHBvbGljeSA9IGlhbS5NYW5hZ2VkUG9saWN5LmZyb21Bd3NNYW5hZ2VkUG9saWN5TmFtZSgnUmVhZE9ubHlBY2Nlc3MnKTtcbiAqIGlhbS5QZXJtaXNzaW9uc0JvdW5kYXJ5Lm9mKHRoaXMpLmFwcGx5KHBvbGljeSk7XG4gKiBgYGBcbiAqL1xuZXhwb3J0IGNsYXNzIFBlcm1pc3Npb25zQm91bmRhcnkge1xuICAvKipcbiAgICogQWNjZXNzIHRoZSBQZXJtaXNzaW9ucyBCb3VuZGFyaWVzIG9mIGEgY29uc3RydWN0IHRyZWVcbiAgICovXG4gIHB1YmxpYyBzdGF0aWMgb2Yoc2NvcGU6IElDb25zdHJ1Y3QpOiBQZXJtaXNzaW9uc0JvdW5kYXJ5IHtcbiAgICByZXR1cm4gbmV3IFBlcm1pc3Npb25zQm91bmRhcnkoc2NvcGUpO1xuICB9XG5cbiAgcHJpdmF0ZSBjb25zdHJ1Y3Rvcihwcml2YXRlIHJlYWRvbmx5IHNjb3BlOiBJQ29uc3RydWN0KSB7XG4gIH1cblxuICAvKipcbiAgICogQXBwbHkgdGhlIGdpdmVuIHBvbGljeSBhcyBQZXJtaXNzaW9ucyBCb3VuZGFyeSB0byBhbGwgUm9sZXMgYW5kIFVzZXJzIGluXG4gICAqIHRoZSBzY29wZS5cbiAgICpcbiAgICogV2lsbCBvdmVycmlkZSBhbnkgUGVybWlzc2lvbnMgQm91bmRhcmllcyBjb25maWd1cmVkIHByZXZpb3VzbHk7IGluIGNhc2VcbiAgICogYSBQZXJtaXNzaW9uIEJvdW5kYXJ5IGlzIGFwcGxpZWQgaW4gbXVsdGlwbGUgc2NvcGVzLCB0aGUgQm91bmRhcnkgYXBwbGllZFxuICAgKiBjbG9zZXN0IHRvIHRoZSBSb2xlIHdpbnMuXG4gICAqL1xuICBwdWJsaWMgYXBwbHkoYm91bmRhcnlQb2xpY3k6IElNYW5hZ2VkUG9saWN5KSB7XG4gICAgTm9kZS5vZih0aGlzLnNjb3BlKS5hcHBseUFzcGVjdCh7XG4gICAgICB2aXNpdChub2RlOiBJQ29uc3RydWN0KSB7XG4gICAgICAgIGlmIChcbiAgICAgICAgICBDZm5SZXNvdXJjZS5pc0NmblJlc291cmNlKG5vZGUpICYmXG4gICAgICAgICAgICAobm9kZS5jZm5SZXNvdXJjZVR5cGUgPT0gQ2ZuUm9sZS5DRk5fUkVTT1VSQ0VfVFlQRV9OQU1FIHx8IG5vZGUuY2ZuUmVzb3VyY2VUeXBlID09IENmblVzZXIuQ0ZOX1JFU09VUkNFX1RZUEVfTkFNRSlcbiAgICAgICAgKSB7XG4gICAgICAgICAgbm9kZS5hZGRQcm9wZXJ0eU92ZXJyaWRlKCdQZXJtaXNzaW9uc0JvdW5kYXJ5JywgYm91bmRhcnlQb2xpY3kubWFuYWdlZFBvbGljeUFybik7XG4gICAgICAgIH1cbiAgICAgIH0sXG4gICAgfSk7XG4gIH1cblxuICAvKipcbiAgICogUmVtb3ZlIHByZXZpb3VzbHkgYXBwbGllZCBQZXJtaXNzaW9ucyBCb3VuZGFyaWVzXG4gICAqL1xuICBwdWJsaWMgY2xlYXIoKSB7XG4gICAgTm9kZS5vZih0aGlzLnNjb3BlKS5hcHBseUFzcGVjdCh7XG4gICAgICB2aXNpdChub2RlOiBJQ29uc3RydWN0KSB7XG4gICAgICAgIGlmIChcbiAgICAgICAgICBDZm5SZXNvdXJjZS5pc0NmblJlc291cmNlKG5vZGUpICYmXG4gICAgICAgICAgICAobm9kZS5jZm5SZXNvdXJjZVR5cGUgPT0gQ2ZuUm9sZS5DRk5fUkVTT1VSQ0VfVFlQRV9OQU1FIHx8IG5vZGUuY2ZuUmVzb3VyY2VUeXBlID09IENmblVzZXIuQ0ZOX1JFU09VUkNFX1RZUEVfTkFNRSlcbiAgICAgICAgKSB7XG4gICAgICAgICAgbm9kZS5hZGRQcm9wZXJ0eURlbGV0aW9uT3ZlcnJpZGUoJ1Blcm1pc3Npb25zQm91bmRhcnknKTtcbiAgICAgICAgfVxuICAgICAgfSxcbiAgICB9KTtcbiAgfVxufVxuIl19 |
\ | No newline at end of file |