UNPKG

@google-cloud/pubsub/build/src/iam.js

Version:

11.6 kBJavaScriptView Raw

1"use strict";
2/*!
* Copyright 2014 Google Inc. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
*      http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
17Object.defineProperty(exports, "__esModule", { value: true });
18exports.IAM = void 0;
19/*!
* @module pubsub/iam
*/
22const promisify_1 = require("@google-cloud/promisify");
23const arrify = require("arrify");
24/**
* [IAM (Identity and Access
* Management)](https://cloud.google.com/pubsub/access_control) allows you to
* set permissions on individual resources and offers a wider range of roles:
* editor, owner, publisher, subscriber, and viewer. This gives you greater
* flexibility and allows you to set more fine-grained access control.
*
* For example:
*   * Grant access on a per-topic or per-subscription basis, rather than for
*     the whole Cloud project.
*   * Grant access with limited capabilities, such as to only publish messages
*     to a topic, or to only to consume messages from a subscription, but not
*     to delete the topic or subscription.
*
*
* *The IAM access control features described in this document are Beta,
* including the API methods to get and set IAM policies, and to test IAM
* permissions. Cloud Pub/Sub's use of IAM features is not covered by any
* SLA or deprecation policy, and may be subject to backward-incompatible
* changes.*
*
* @class
* @param {PubSub} pubsub PubSub Object.
* @param {string} id The name of the topic or subscription.
*
* @see [Access Control Overview]{@link https://cloud.google.com/pubsub/access_control}
* @see [What is Cloud IAM?]{@link https://cloud.google.com/iam/}
*
* @example
* const {PubSub} = require('@google-cloud/pubsub');
* const pubsub = new PubSub();
*
* const topic = pubsub.topic('my-topic');
* // topic.iam
*
* const subscription = pubsub.subscription('my-subscription');
* // subscription.iam
*/
62class IAM {
  constructor(pubsub, id) {
      this.pubsub = pubsub;
      this.request = pubsub.request.bind(pubsub);
      this.id = id;
  }
  /**
   * @typedef {array} GetPolicyResponse
   * @property {object} 0 The policy.
   */
  /**
   * @callback GetPolicyCallback
   * @param {?Error} err Request error, if any.
   * @param {object} acl The policy.
   */
  /**
   * Get the IAM policy
   *
   * @param {object} [gaxOptions] Request configuration options, outlined
   *     here: https://googleapis.github.io/gax-nodejs/interfaces/CallOptions.html.
   * @param {GetPolicyCallback} [callback] Callback function.
   * @returns {Promise<GetPolicyResponse>}
   *
   * @see [Topics: getIamPolicy API Documentation]{@link https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.topics/getIamPolicy}
   * @see [Subscriptions: getIamPolicy API Documentation]{@link https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.subscriptions/getIamPolicy}
   *
   * @example
   * const {PubSub} = require('@google-cloud/pubsub');
   * const pubsub = new PubSub();
   *
   * const topic = pubsub.topic('my-topic');
   * const subscription = topic.subscription('my-subscription');
   *
   * topic.iam.getPolicy(function(err, policy, apiResponse) {});
   *
   * subscription.iam.getPolicy(function(err, policy, apiResponse) {});
   *
   * //-
   * // If the callback is omitted, we'll return a Promise.
   * //-
   * topic.iam.getPolicy().then(function(data) {
   *   const policy = data[0];
   *   const apiResponse = data[1];
   * });
   */
  getPolicy(optsOrCallback, callback) {
      const gaxOpts = typeof optsOrCallback === 'object' ? optsOrCallback : {};
      callback = typeof optsOrCallback === 'function' ? optsOrCallback : callback;
      const reqOpts = {
          resource: this.id,
      };
      this.request({
          client: 'SubscriberClient',
          method: 'getIamPolicy',
          reqOpts,
          gaxOpts,
      }, callback);
  }
  /**
   * @typedef {array} SetPolicyResponse
   * @property {object} 0 The policy.
   */
  /**
   * @callback SetPolicyCallback
   * @param {?Error} err Request error, if any.
   * @param {object} acl The policy.
   */
  /**
   * Set the IAM policy
   *
   * @throws {Error} If no policy is provided.
   *
   * @param {object} policy The [policy](https://cloud.google.com/pubsub/docs/reference/rest/v1/Policy).
   * @param {array} [policy.bindings] Bindings associate members with roles.
   * @param {Array<object>} [policy.rules] Rules to be applied to the policy.
   * @param {string} [policy.etag] Etags are used to perform a read-modify-write.
   * @param {object} [gaxOptions] Request configuration options, outlined
   *     here: https://googleapis.github.io/gax-nodejs/interfaces/CallOptions.html.
   * @param {SetPolicyCallback} callback Callback function.
   * @returns {Promise<SetPolicyResponse>}
   *
   * @see [Topics: setIamPolicy API Documentation]{@link https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.topics/setIamPolicy}
   * @see [Subscriptions: setIamPolicy API Documentation]{@link https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.subscriptions/setIamPolicy}
   * @see [Policy]{@link https://cloud.google.com/pubsub/docs/reference/rest/v1/Policy}
   *
   * @example
   * const {PubSub} = require('@google-cloud/pubsub');
   * const pubsub = new PubSub();
   *
   * const topic = pubsub.topic('my-topic');
   * const subscription = topic.subscription('my-subscription');
   *
   * const myPolicy = {
   *   bindings: [
   *     {
   *       role: 'roles/pubsub.subscriber',
   *       members:
   * ['serviceAccount:myotherproject@appspot.gserviceaccount.com']
   *     }
   *   ]
   * };
   *
   * topic.iam.setPolicy(myPolicy, function(err, policy, apiResponse) {});
   *
   * subscription.iam.setPolicy(myPolicy, function(err, policy, apiResponse)
   * {});
   *
   * //-
   * // If the callback is omitted, we'll return a Promise.
   * //-
   * topic.iam.setPolicy(myPolicy).then(function(data) {
   *   const policy = data[0];
   *   const apiResponse = data[1];
   * });
   */
  setPolicy(policy, optsOrCallback, callback) {
      if (!(typeof policy === 'object')) {
          throw new Error('A policy object is required.');
      }
      const gaxOpts = typeof optsOrCallback === 'object' ? optsOrCallback : {};
      callback = typeof optsOrCallback === 'function' ? optsOrCallback : callback;
      const reqOpts = {
          resource: this.id,
          policy,
      };
      this.request({
          client: 'SubscriberClient',
          method: 'setIamPolicy',
          reqOpts,
          gaxOpts,
      }, callback);
  }
  /**
   * @callback TestIamPermissionsCallback
   * @param {?Error} err Request error, if any.
   * @param {TestIamPermissionsAPIResponse} permissions A subset of permissions that the caller is allowed.
   * @param {PermissionsResponse} apiResponse The full API response.
   */
  /**
   * @typedef {array} TestIamPermissionsResponse
   * @property {object[]} 0 A subset of permissions that the caller is allowed.
   * @property {PermissionsResponse} 1 The full API response.
   */
  /**
   * @typedef {string[]} PermissionsResponse
   * A subset of TestPermissionsRequest.permissions that the caller is allowed.
   * @see https://cloud.google.com/pubsub/docs/reference/rpc/google.iam.v1#google.iam.v1.TestIamPermissionsRequest
   */
  /**
   * Test a set of permissions for a resource.
   *
   * Permissions with wildcards such as `*` or `storage.*` are not allowed.
   *
   * @throws {Error} If permissions are not provided.
   *
   * @param {string|string[]} permissions The permission(s) to test for.
   * @param {object} [gaxOptions] Request configuration options, outlined
   *     here: https://googleapis.github.io/gax-nodejs/interfaces/CallOptions.html.
   * @param {TestIamPermissionsCallback} [callback] Callback function.
   * @returns {Promise<TestIamPermissionsResponse>}
   *
   * @see [Topics: testIamPermissions API Documentation]{@link https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.topics/testIamPermissions}
   * @see [Subscriptions: testIamPermissions API Documentation]{@link https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.subscriptions/testIamPermissions}
   * @see [Permissions Reference]{@link https://cloud.google.com/pubsub/access_control#permissions}
   *
   * @example
   * const {PubSub} = require('@google-cloud/pubsub');
   * const pubsub = new PubSub();
   *
   * const topic = pubsub.topic('my-topic');
   * const subscription = topic.subscription('my-subscription');
   *
   * //-
   * // Test a single permission.
   * //-
   * const test = 'pubsub.topics.update';
   *
   * topic.iam.testPermissions(test, function(err, permissions, apiResponse) {
   *   console.log(permissions);
   *   // {
   *   //   "pubsub.topics.update": true
   *   // }
   * });
   *
   * //-
   * // Test several permissions at once.
   * //-
   * const tests = [
   *   'pubsub.subscriptions.consume',
   *   'pubsub.subscriptions.update'
   * ];
   *
   * subscription.iam.testPermissions(tests, function(err, permissions) {
   *   console.log(permissions);
   *   // {
   *   //   "pubsub.subscriptions.consume": true,
   *   //   "pubsub.subscriptions.update": false
   *   // }
   * });
   *
   * //-
   * // If the callback is omitted, we'll return a Promise.
   * //-
   * topic.iam.testPermissions(test).then(function(data) {
   *   const permissions = data[0];
   *   const apiResponse = data[1];
   * });
   */
  testPermissions(permissions, optsOrCallback, callback) {
      if (!Array.isArray(permissions) && !(typeof permissions === 'string')) {
          throw new Error('Permissions are required.');
      }
      const gaxOpts = typeof optsOrCallback === 'object' ? optsOrCallback : {};
      callback = typeof optsOrCallback === 'function' ? optsOrCallback : callback;
      const reqOpts = {
          resource: this.id,
          permissions: arrify(permissions),
      };
      this.request({
          client: 'SubscriberClient',
          method: 'testIamPermissions',
          reqOpts,
          gaxOpts,
      }, (err, resp) => {
          if (err) {
              callback(err, null, resp);
              return;
          }
          const availablePermissions = arrify(resp.permissions);
          const permissionHash = permissions.reduce((acc, permission) => {
              acc[permission] = availablePermissions.indexOf(permission) > -1;
              return acc;
          }, {});
          callback(null, permissionHash, resp);
      });
  }
298}
299exports.IAM = IAM;
300/*! Developer Documentation
*
* All async methods (except for streams) will return a Promise in the event
* that a callback is omitted.
*/
305promisify_1.promisifyAll(IAM);
306//# sourceMappingURL=iam.js.map
\No newline at end of file

1	`"use strict";`
2	`/*!`
3	`* Copyright 2014 Google Inc. All Rights Reserved.`
4	`*`
5	`* Licensed under the Apache License, Version 2.0 (the "License");`
6	`* you may not use this file except in compliance with the License.`
7	`* You may obtain a copy of the License at`
8	`*`
9	`* http://www.apache.org/licenses/LICENSE-2.0`
10	`*`
11	`* Unless required by applicable law or agreed to in writing, software`
12	`* distributed under the License is distributed on an "AS IS" BASIS,`
13	`* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
14	`* See the License for the specific language governing permissions and`
15	`* limitations under the License.`
16	`*/`
17	`Object.defineProperty(exports, "__esModule", { value: true });`
18	`exports.IAM = void 0;`
19	`/*!`
20	`* @module pubsub/iam`
21	`*/`
22	`const promisify_1 = require("@google-cloud/promisify");`
23	`const arrify = require("arrify");`
24	`/**`
25	`* [IAM (Identity and Access`
26	`* Management)](https://cloud.google.com/pubsub/access_control) allows you to`
27	`* set permissions on individual resources and offers a wider range of roles:`
28	`* editor, owner, publisher, subscriber, and viewer. This gives you greater`
29	`* flexibility and allows you to set more fine-grained access control.`
30	`*`
31	`* For example:`
32	`* * Grant access on a per-topic or per-subscription basis, rather than for`
33	`* the whole Cloud project.`
34	`* * Grant access with limited capabilities, such as to only publish messages`
35	`* to a topic, or to only to consume messages from a subscription, but not`
36	`* to delete the topic or subscription.`
37	`*`
38	`*`
39	`* *The IAM access control features described in this document are Beta,`
40	`* including the API methods to get and set IAM policies, and to test IAM`
41	`* permissions. Cloud Pub/Sub's use of IAM features is not covered by any`
42	`* SLA or deprecation policy, and may be subject to backward-incompatible`
43	`* changes.*`
44	`*`
45	`* @class`
46	`* @param {PubSub} pubsub PubSub Object.`
47	`* @param {string} id The name of the topic or subscription.`
48	`*`
49	`* @see [Access Control Overview]{@link https://cloud.google.com/pubsub/access_control}`
50	`* @see [What is Cloud IAM?]{@link https://cloud.google.com/iam/}`
51	`*`
52	`* @example`
53	`* const {PubSub} = require('@google-cloud/pubsub');`
54	`* const pubsub = new PubSub();`
55	`*`
56	`* const topic = pubsub.topic('my-topic');`
57	`* // topic.iam`
58	`*`
59	`* const subscription = pubsub.subscription('my-subscription');`
60	`* // subscription.iam`
61	`*/`
62	`class IAM {`
63	`constructor(pubsub, id) {`
64	`this.pubsub = pubsub;`
65	`this.request = pubsub.request.bind(pubsub);`
66	`this.id = id;`
67	`}`
68	`/**`
69	`* @typedef {array} GetPolicyResponse`
70	`* @property {object} 0 The policy.`
71	`*/`
72	`/**`
73	`* @callback GetPolicyCallback`
74	`* @param {?Error} err Request error, if any.`
75	`* @param {object} acl The policy.`
76	`*/`
77	`/**`
78	`* Get the IAM policy`
79	`*`
80	`* @param {object} [gaxOptions] Request configuration options, outlined`
81	`* here: https://googleapis.github.io/gax-nodejs/interfaces/CallOptions.html.`
82	`* @param {GetPolicyCallback} [callback] Callback function.`
83	`* @returns {Promise<GetPolicyResponse>}`
84	`*`
85	`* @see [Topics: getIamPolicy API Documentation]{@link https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.topics/getIamPolicy}`
86	`* @see [Subscriptions: getIamPolicy API Documentation]{@link https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.subscriptions/getIamPolicy}`
87	`*`
88	`* @example`
89	`* const {PubSub} = require('@google-cloud/pubsub');`
90	`* const pubsub = new PubSub();`
91	`*`
92	`* const topic = pubsub.topic('my-topic');`
93	`* const subscription = topic.subscription('my-subscription');`
94	`*`
95	`* topic.iam.getPolicy(function(err, policy, apiResponse) {});`
96	`*`
97	`* subscription.iam.getPolicy(function(err, policy, apiResponse) {});`
98	`*`
99	`* //-`
100	`* // If the callback is omitted, we'll return a Promise.`
101	`* //-`
102	`* topic.iam.getPolicy().then(function(data) {`
103	`* const policy = data[0];`
104	`* const apiResponse = data[1];`
105	`* });`
106	`*/`
107	`getPolicy(optsOrCallback, callback) {`
108	`const gaxOpts = typeof optsOrCallback === 'object' ? optsOrCallback : {};`
109	`callback = typeof optsOrCallback === 'function' ? optsOrCallback : callback;`
110	`const reqOpts = {`
111	`resource: this.id,`
112	`};`
113	`this.request({`
114	`client: 'SubscriberClient',`
115	`method: 'getIamPolicy',`
116	`reqOpts,`
117	`gaxOpts,`
118	`}, callback);`
119	`}`
120	`/**`
121	`* @typedef {array} SetPolicyResponse`
122	`* @property {object} 0 The policy.`
123	`*/`
124	`/**`
125	`* @callback SetPolicyCallback`
126	`* @param {?Error} err Request error, if any.`
127	`* @param {object} acl The policy.`
128	`*/`
129	`/**`
130	`* Set the IAM policy`
131	`*`
132	`* @throws {Error} If no policy is provided.`
133	`*`
134	`* @param {object} policy The [policy](https://cloud.google.com/pubsub/docs/reference/rest/v1/Policy).`
135	`* @param {array} [policy.bindings] Bindings associate members with roles.`
136	`* @param {Array<object>} [policy.rules] Rules to be applied to the policy.`
137	`* @param {string} [policy.etag] Etags are used to perform a read-modify-write.`
138	`* @param {object} [gaxOptions] Request configuration options, outlined`
139	`* here: https://googleapis.github.io/gax-nodejs/interfaces/CallOptions.html.`
140	`* @param {SetPolicyCallback} callback Callback function.`
141	`* @returns {Promise<SetPolicyResponse>}`
142	`*`
143	`* @see [Topics: setIamPolicy API Documentation]{@link https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.topics/setIamPolicy}`
144	`* @see [Subscriptions: setIamPolicy API Documentation]{@link https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.subscriptions/setIamPolicy}`
145	`* @see [Policy]{@link https://cloud.google.com/pubsub/docs/reference/rest/v1/Policy}`
146	`*`
147	`* @example`
148	`* const {PubSub} = require('@google-cloud/pubsub');`
149	`* const pubsub = new PubSub();`
150	`*`
151	`* const topic = pubsub.topic('my-topic');`
152	`* const subscription = topic.subscription('my-subscription');`
153	`*`
154	`* const myPolicy = {`
155	`* bindings: [`
156	`* {`
157	`* role: 'roles/pubsub.subscriber',`
158	`* members:`
159	`* ['serviceAccount:myotherproject@appspot.gserviceaccount.com']`
160	`* }`
161	`* ]`
162	`* };`
163	`*`
164	`* topic.iam.setPolicy(myPolicy, function(err, policy, apiResponse) {});`
165	`*`
166	`* subscription.iam.setPolicy(myPolicy, function(err, policy, apiResponse)`
167	`* {});`
168	`*`
169	`* //-`
170	`* // If the callback is omitted, we'll return a Promise.`
171	`* //-`
172	`* topic.iam.setPolicy(myPolicy).then(function(data) {`
173	`* const policy = data[0];`
174	`* const apiResponse = data[1];`
175	`* });`
176	`*/`
177	`setPolicy(policy, optsOrCallback, callback) {`
178	`if (!(typeof policy === 'object')) {`
179	`throw new Error('A policy object is required.');`
180	`}`
181	`const gaxOpts = typeof optsOrCallback === 'object' ? optsOrCallback : {};`
182	`callback = typeof optsOrCallback === 'function' ? optsOrCallback : callback;`
183	`const reqOpts = {`
184	`resource: this.id,`
185	`policy,`
186	`};`
187	`this.request({`
188	`client: 'SubscriberClient',`
189	`method: 'setIamPolicy',`
190	`reqOpts,`
191	`gaxOpts,`
192	`}, callback);`
193	`}`
194	`/**`
195	`* @callback TestIamPermissionsCallback`
196	`* @param {?Error} err Request error, if any.`
197	`* @param {TestIamPermissionsAPIResponse} permissions A subset of permissions that the caller is allowed.`
198	`* @param {PermissionsResponse} apiResponse The full API response.`
199	`*/`
200	`/**`
201	`* @typedef {array} TestIamPermissionsResponse`
202	`* @property {object[]} 0 A subset of permissions that the caller is allowed.`
203	`* @property {PermissionsResponse} 1 The full API response.`
204	`*/`
205	`/**`
206	`* @typedef {string[]} PermissionsResponse`
207	`* A subset of TestPermissionsRequest.permissions that the caller is allowed.`
208	`* @see https://cloud.google.com/pubsub/docs/reference/rpc/google.iam.v1#google.iam.v1.TestIamPermissionsRequest`
209	`*/`
210	`/**`
211	`* Test a set of permissions for a resource.`
212	`*`
213	* Permissions with wildcards such as `` or `storage.` are not allowed.
214	`*`
215	`* @throws {Error} If permissions are not provided.`
216	`*`
217	`* @param {string\|string[]} permissions The permission(s) to test for.`
218	`* @param {object} [gaxOptions] Request configuration options, outlined`
219	`* here: https://googleapis.github.io/gax-nodejs/interfaces/CallOptions.html.`
220	`* @param {TestIamPermissionsCallback} [callback] Callback function.`
221	`* @returns {Promise<TestIamPermissionsResponse>}`
222	`*`
223	`* @see [Topics: testIamPermissions API Documentation]{@link https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.topics/testIamPermissions}`
224	`* @see [Subscriptions: testIamPermissions API Documentation]{@link https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.subscriptions/testIamPermissions}`
225	`* @see [Permissions Reference]{@link https://cloud.google.com/pubsub/access_control#permissions}`
226	`*`
227	`* @example`
228	`* const {PubSub} = require('@google-cloud/pubsub');`
229	`* const pubsub = new PubSub();`
230	`*`
231	`* const topic = pubsub.topic('my-topic');`
232	`* const subscription = topic.subscription('my-subscription');`
233	`*`
234	`* //-`
235	`* // Test a single permission.`
236	`* //-`
237	`* const test = 'pubsub.topics.update';`
238	`*`
239	`* topic.iam.testPermissions(test, function(err, permissions, apiResponse) {`
240	`* console.log(permissions);`
241	`* // {`
242	`* // "pubsub.topics.update": true`
243	`* // }`
244	`* });`
245	`*`
246	`* //-`
247	`* // Test several permissions at once.`
248	`* //-`
249	`* const tests = [`
250	`* 'pubsub.subscriptions.consume',`
251	`* 'pubsub.subscriptions.update'`
252	`* ];`
253	`*`
254	`* subscription.iam.testPermissions(tests, function(err, permissions) {`
255	`* console.log(permissions);`
256	`* // {`
257	`* // "pubsub.subscriptions.consume": true,`
258	`* // "pubsub.subscriptions.update": false`
259	`* // }`
260	`* });`
261	`*`
262	`* //-`
263	`* // If the callback is omitted, we'll return a Promise.`
264	`* //-`
265	`* topic.iam.testPermissions(test).then(function(data) {`
266	`* const permissions = data[0];`
267	`* const apiResponse = data[1];`
268	`* });`
269	`*/`
270	`testPermissions(permissions, optsOrCallback, callback) {`
271	`if (!Array.isArray(permissions) && !(typeof permissions === 'string')) {`
272	`throw new Error('Permissions are required.');`
273	`}`
274	`const gaxOpts = typeof optsOrCallback === 'object' ? optsOrCallback : {};`
275	`callback = typeof optsOrCallback === 'function' ? optsOrCallback : callback;`
276	`const reqOpts = {`
277	`resource: this.id,`
278	`permissions: arrify(permissions),`
279	`};`
280	`this.request({`
281	`client: 'SubscriberClient',`
282	`method: 'testIamPermissions',`
283	`reqOpts,`
284	`gaxOpts,`
285	`}, (err, resp) => {`
286	`if (err) {`
287	`callback(err, null, resp);`
288	`return;`
289	`}`
290	`const availablePermissions = arrify(resp.permissions);`
291	`const permissionHash = permissions.reduce((acc, permission) => {`
292	`acc[permission] = availablePermissions.indexOf(permission) > -1;`
293	`return acc;`
294	`}, {});`
295	`callback(null, permissionHash, resp);`
296	`});`
297	`}`
298	`}`
299	`exports.IAM = IAM;`
300	`/*! Developer Documentation`
301	`*`
302	`* All async methods (except for streams) will return a Promise in the event`
303	`* that a callback is omitted.`
304	`*/`
305	`promisify_1.promisifyAll(IAM);`
306	`//# sourceMappingURL=iam.js.map`
\	No newline at end of file