UNPKG

@google-cloud/pubsub/build/src/iam.d.ts

Version:

10.9 kBTypeScriptView Raw

1/*!
* Copyright 2014 Google Inc. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
*      http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
16/// <reference types="node" />
17import { CallOptions, IamProtos } from 'google-gax';
18import { Omit, PubSub, RequestCallback, ResourceCallback } from './pubsub';
19export declare type Policy = {
  etag?: string | Buffer;
21} & Omit<IamProtos.google.iam.v1.IPolicy, 'etag'>;
22export declare type GetPolicyCallback = RequestCallback<Policy>;
23export declare type SetPolicyCallback = RequestCallback<Policy>;
24export declare type SetPolicyResponse = [Policy];
25export declare type GetPolicyResponse = [Policy];
26/**
* Shows which IAM permissions is allowed.
* The key to this object are the IAM permissions (string) and the values are
* booleans, true if permissions are granted to the corresponding key.
*/
31export interface IamPermissionsMap {
  [key: string]: boolean;
33}
34export declare type TestIamPermissionsResponse = [IamPermissionsMap, IamProtos.google.iam.v1.ITestIamPermissionsResponse];
35export declare type TestIamPermissionsCallback = ResourceCallback<IamPermissionsMap, IamProtos.google.iam.v1.ITestIamPermissionsResponse>;
36/**
* [IAM (Identity and Access
* Management)](https://cloud.google.com/pubsub/access_control) allows you to
* set permissions on individual resources and offers a wider range of roles:
* editor, owner, publisher, subscriber, and viewer. This gives you greater
* flexibility and allows you to set more fine-grained access control.
*
* For example:
*   * Grant access on a per-topic or per-subscription basis, rather than for
*     the whole Cloud project.
*   * Grant access with limited capabilities, such as to only publish messages
*     to a topic, or to only to consume messages from a subscription, but not
*     to delete the topic or subscription.
*
*
* *The IAM access control features described in this document are Beta,
* including the API methods to get and set IAM policies, and to test IAM
* permissions. Cloud Pub/Sub's use of IAM features is not covered by any
* SLA or deprecation policy, and may be subject to backward-incompatible
* changes.*
*
* @class
* @param {PubSub} pubsub PubSub Object.
* @param {string} id The name of the topic or subscription.
*
* @see [Access Control Overview]{@link https://cloud.google.com/pubsub/access_control}
* @see [What is Cloud IAM?]{@link https://cloud.google.com/iam/}
*
* @example
* ```
* const {PubSub} = require('@google-cloud/pubsub');
* const pubsub = new PubSub();
*
* const topic = pubsub.topic('my-topic');
* // topic.iam
*
* const subscription = pubsub.subscription('my-subscription');
* // subscription.iam
* ```
*/
76export declare class IAM {
  pubsub: PubSub;
  request: typeof PubSub.prototype.request;
  id: string;
  constructor(pubsub: PubSub, id: string);
  /**
   * @typedef {array} GetPolicyResponse
   * @property {object} 0 The policy.
   */
  /**
   * @callback GetPolicyCallback
   * @param {?Error} err Request error, if any.
   * @param {object} acl The policy.
   */
  /**
   * Get the IAM policy
   *
   * @param {object} [gaxOptions] Request configuration options, outlined
   *     here: https://googleapis.github.io/gax-nodejs/interfaces/CallOptions.html.
   * @param {GetPolicyCallback} [callback] Callback function.
   * @returns {Promise<GetPolicyResponse>}
   *
   * @see [Topics: getIamPolicy API Documentation]{@link https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.topics/getIamPolicy}
   * @see [Subscriptions: getIamPolicy API Documentation]{@link https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.subscriptions/getIamPolicy}
   *
   * @example
   * ```
   * const {PubSub} = require('@google-cloud/pubsub');
   * const pubsub = new PubSub();
   *
   * const topic = pubsub.topic('my-topic');
   * const subscription = topic.subscription('my-subscription');
   *
   * topic.iam.getPolicy(function(err, policy, apiResponse) {});
   *
   * subscription.iam.getPolicy(function(err, policy, apiResponse) {});
   *
   * //-
   * // If the callback is omitted, we'll return a Promise.
   * //-
   * topic.iam.getPolicy().then(function(data) {
   *   const policy = data[0];
   *   const apiResponse = data[1];
   * });
   * ```
   */
  getPolicy(gaxOpts?: CallOptions): Promise<GetPolicyResponse>;
  getPolicy(callback: GetPolicyCallback): void;
  getPolicy(gaxOpts: CallOptions, callback: GetPolicyCallback): void;
  /**
   * @typedef {array} SetPolicyResponse
   * @property {object} 0 The policy.
   */
  /**
   * @callback SetPolicyCallback
   * @param {?Error} err Request error, if any.
   * @param {object} acl The policy.
   */
  /**
   * Set the IAM policy
   *
   * @throws {Error} If no policy is provided.
   *
   * @param {object} policy The [policy](https://cloud.google.com/pubsub/docs/reference/rest/v1/Policy).
   * @param {array} [policy.bindings] Bindings associate members with roles.
   * @param {Array<object>} [policy.rules] Rules to be applied to the policy.
   * @param {string} [policy.etag] Etags are used to perform a read-modify-write.
   * @param {object} [gaxOptions] Request configuration options, outlined
   *     here: https://googleapis.github.io/gax-nodejs/interfaces/CallOptions.html.
   * @param {SetPolicyCallback} callback Callback function.
   * @returns {Promise<SetPolicyResponse>}
   *
   * @see [Topics: setIamPolicy API Documentation]{@link https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.topics/setIamPolicy}
   * @see [Subscriptions: setIamPolicy API Documentation]{@link https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.subscriptions/setIamPolicy}
   * @see [Policy]{@link https://cloud.google.com/pubsub/docs/reference/rest/v1/Policy}
   *
   * @example
   * ```
   * const {PubSub} = require('@google-cloud/pubsub');
   * const pubsub = new PubSub();
   *
   * const topic = pubsub.topic('my-topic');
   * const subscription = topic.subscription('my-subscription');
   *
   * const myPolicy = {
   *   bindings: [
   *     {
   *       role: 'roles/pubsub.subscriber',
   *       members:
   * ['serviceAccount:myotherproject@appspot.gserviceaccount.com']
   *     }
   *   ]
   * };
   *
   * topic.iam.setPolicy(myPolicy, function(err, policy, apiResponse) {});
   *
   * subscription.iam.setPolicy(myPolicy, function(err, policy, apiResponse)
   * {});
   *
   * //-
   * // If the callback is omitted, we'll return a Promise.
   * //-
   * topic.iam.setPolicy(myPolicy).then(function(data) {
   *   const policy = data[0];
   *   const apiResponse = data[1];
   * });
   * ```
   */
  setPolicy(policy: Policy, gaxOpts?: CallOptions): Promise<SetPolicyResponse>;
  setPolicy(policy: Policy, gaxOpts: CallOptions, callback: SetPolicyCallback): void;
  setPolicy(policy: Policy, callback: SetPolicyCallback): void;
  /**
   * @callback TestIamPermissionsCallback
   * @param {?Error} err Request error, if any.
   * @param {TestIamPermissionsAPIResponse} permissions A subset of permissions that the caller is allowed.
   * @param {PermissionsResponse} apiResponse The full API response.
   */
  /**
   * @typedef {array} TestIamPermissionsResponse
   * @property {object[]} 0 A subset of permissions that the caller is allowed.
   * @property {PermissionsResponse} 1 The full API response.
   */
  /**
   * @typedef {string[]} PermissionsResponse
   * A subset of TestPermissionsRequest.permissions that the caller is allowed.
   * @see https://cloud.google.com/pubsub/docs/reference/rpc/google.iam.v1#google.iam.v1.TestIamPermissionsRequest
   */
  /**
   * Test a set of permissions for a resource.
   *
   * Permissions with wildcards such as `*` or `storage.*` are not allowed.
   *
   * @throws {Error} If permissions are not provided.
   *
   * @param {string|string[]} permissions The permission(s) to test for.
   * @param {object} [gaxOptions] Request configuration options, outlined
   *     here: https://googleapis.github.io/gax-nodejs/interfaces/CallOptions.html.
   * @param {TestIamPermissionsCallback} [callback] Callback function.
   * @returns {Promise<TestIamPermissionsResponse>}
   *
   * @see [Topics: testIamPermissions API Documentation]{@link https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.topics/testIamPermissions}
   * @see [Subscriptions: testIamPermissions API Documentation]{@link https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.subscriptions/testIamPermissions}
   * @see [Permissions Reference]{@link https://cloud.google.com/pubsub/access_control#permissions}
   *
   * @example
   * ```
   * const {PubSub} = require('@google-cloud/pubsub');
   * const pubsub = new PubSub();
   *
   * const topic = pubsub.topic('my-topic');
   * const subscription = topic.subscription('my-subscription');
   *
   * //-
   * // Test a single permission.
   * //-
   * const test = 'pubsub.topics.update';
   *
   * topic.iam.testPermissions(test, function(err, permissions, apiResponse) {
   *   console.log(permissions);
   *   // {
   *   //   "pubsub.topics.update": true
   *   // }
   * });
   *
   * //-
   * // Test several permissions at once.
   * //-
   * const tests = [
   *   'pubsub.subscriptions.consume',
   *   'pubsub.subscriptions.update'
   * ];
   *
   * subscription.iam.testPermissions(tests, function(err, permissions) {
   *   console.log(permissions);
   *   // {
   *   //   "pubsub.subscriptions.consume": true,
   *   //   "pubsub.subscriptions.update": false
   *   // }
   * });
   *
   * //-
   * // If the callback is omitted, we'll return a Promise.
   * //-
   * topic.iam.testPermissions(test).then(function(data) {
   *   const permissions = data[0];
   *   const apiResponse = data[1];
   * });
   * ```
   */
  testPermissions(permissions: string | string[], gaxOpts?: CallOptions): Promise<TestIamPermissionsResponse>;
  testPermissions(permissions: string | string[], gaxOpts: CallOptions, callback: TestIamPermissionsCallback): void;
  testPermissions(permissions: string | string[], callback: TestIamPermissionsCallback): void;
268}

1	`/*!`
2	`* Copyright 2014 Google Inc. All Rights Reserved.`
3	`*`
4	`* Licensed under the Apache License, Version 2.0 (the "License");`
5	`* you may not use this file except in compliance with the License.`
6	`* You may obtain a copy of the License at`
7	`*`
8	`* http://www.apache.org/licenses/LICENSE-2.0`
9	`*`
10	`* Unless required by applicable law or agreed to in writing, software`
11	`* distributed under the License is distributed on an "AS IS" BASIS,`
12	`* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
13	`* See the License for the specific language governing permissions and`
14	`* limitations under the License.`
15	`*/`
16	`/// <reference types="node" />`
17	`import { CallOptions, IamProtos } from 'google-gax';`
18	`import { Omit, PubSub, RequestCallback, ResourceCallback } from './pubsub';`
19	`export declare type Policy = {`
20	`etag?: string \| Buffer;`
21	`} & Omit<IamProtos.google.iam.v1.IPolicy, 'etag'>;`
22	`export declare type GetPolicyCallback = RequestCallback<Policy>;`
23	`export declare type SetPolicyCallback = RequestCallback<Policy>;`
24	`export declare type SetPolicyResponse = [Policy];`
25	`export declare type GetPolicyResponse = [Policy];`
26	`/**`
27	`* Shows which IAM permissions is allowed.`
28	`* The key to this object are the IAM permissions (string) and the values are`
29	`* booleans, true if permissions are granted to the corresponding key.`
30	`*/`
31	`export interface IamPermissionsMap {`
32	`[key: string]: boolean;`
33	`}`
34	`export declare type TestIamPermissionsResponse = [IamPermissionsMap, IamProtos.google.iam.v1.ITestIamPermissionsResponse];`
35	`export declare type TestIamPermissionsCallback = ResourceCallback<IamPermissionsMap, IamProtos.google.iam.v1.ITestIamPermissionsResponse>;`
36	`/**`
37	`* [IAM (Identity and Access`
38	`* Management)](https://cloud.google.com/pubsub/access_control) allows you to`
39	`* set permissions on individual resources and offers a wider range of roles:`
40	`* editor, owner, publisher, subscriber, and viewer. This gives you greater`
41	`* flexibility and allows you to set more fine-grained access control.`
42	`*`
43	`* For example:`
44	`* * Grant access on a per-topic or per-subscription basis, rather than for`
45	`* the whole Cloud project.`
46	`* * Grant access with limited capabilities, such as to only publish messages`
47	`* to a topic, or to only to consume messages from a subscription, but not`
48	`* to delete the topic or subscription.`
49	`*`
50	`*`
51	`* *The IAM access control features described in this document are Beta,`
52	`* including the API methods to get and set IAM policies, and to test IAM`
53	`* permissions. Cloud Pub/Sub's use of IAM features is not covered by any`
54	`* SLA or deprecation policy, and may be subject to backward-incompatible`
55	`* changes.*`
56	`*`
57	`* @class`
58	`* @param {PubSub} pubsub PubSub Object.`
59	`* @param {string} id The name of the topic or subscription.`
60	`*`
61	`* @see [Access Control Overview]{@link https://cloud.google.com/pubsub/access_control}`
62	`* @see [What is Cloud IAM?]{@link https://cloud.google.com/iam/}`
63	`*`
64	`* @example`
65	* ```
66	`* const {PubSub} = require('@google-cloud/pubsub');`
67	`* const pubsub = new PubSub();`
68	`*`
69	`* const topic = pubsub.topic('my-topic');`
70	`* // topic.iam`
71	`*`
72	`* const subscription = pubsub.subscription('my-subscription');`
73	`* // subscription.iam`
74	* ```
75	`*/`
76	`export declare class IAM {`
77	`pubsub: PubSub;`
78	`request: typeof PubSub.prototype.request;`
79	`id: string;`
80	`constructor(pubsub: PubSub, id: string);`
81	`/**`
82	`* @typedef {array} GetPolicyResponse`
83	`* @property {object} 0 The policy.`
84	`*/`
85	`/**`
86	`* @callback GetPolicyCallback`
87	`* @param {?Error} err Request error, if any.`
88	`* @param {object} acl The policy.`
89	`*/`
90	`/**`
91	`* Get the IAM policy`
92	`*`
93	`* @param {object} [gaxOptions] Request configuration options, outlined`
94	`* here: https://googleapis.github.io/gax-nodejs/interfaces/CallOptions.html.`
95	`* @param {GetPolicyCallback} [callback] Callback function.`
96	`* @returns {Promise<GetPolicyResponse>}`
97	`*`
98	`* @see [Topics: getIamPolicy API Documentation]{@link https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.topics/getIamPolicy}`
99	`* @see [Subscriptions: getIamPolicy API Documentation]{@link https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.subscriptions/getIamPolicy}`
100	`*`
101	`* @example`
102	* ```
103	`* const {PubSub} = require('@google-cloud/pubsub');`
104	`* const pubsub = new PubSub();`
105	`*`
106	`* const topic = pubsub.topic('my-topic');`
107	`* const subscription = topic.subscription('my-subscription');`
108	`*`
109	`* topic.iam.getPolicy(function(err, policy, apiResponse) {});`
110	`*`
111	`* subscription.iam.getPolicy(function(err, policy, apiResponse) {});`
112	`*`
113	`* //-`
114	`* // If the callback is omitted, we'll return a Promise.`
115	`* //-`
116	`* topic.iam.getPolicy().then(function(data) {`
117	`* const policy = data[0];`
118	`* const apiResponse = data[1];`
119	`* });`
120	* ```
121	`*/`
122	`getPolicy(gaxOpts?: CallOptions): Promise<GetPolicyResponse>;`
123	`getPolicy(callback: GetPolicyCallback): void;`
124	`getPolicy(gaxOpts: CallOptions, callback: GetPolicyCallback): void;`
125	`/**`
126	`* @typedef {array} SetPolicyResponse`
127	`* @property {object} 0 The policy.`
128	`*/`
129	`/**`
130	`* @callback SetPolicyCallback`
131	`* @param {?Error} err Request error, if any.`
132	`* @param {object} acl The policy.`
133	`*/`
134	`/**`
135	`* Set the IAM policy`
136	`*`
137	`* @throws {Error} If no policy is provided.`
138	`*`
139	`* @param {object} policy The [policy](https://cloud.google.com/pubsub/docs/reference/rest/v1/Policy).`
140	`* @param {array} [policy.bindings] Bindings associate members with roles.`
141	`* @param {Array<object>} [policy.rules] Rules to be applied to the policy.`
142	`* @param {string} [policy.etag] Etags are used to perform a read-modify-write.`
143	`* @param {object} [gaxOptions] Request configuration options, outlined`
144	`* here: https://googleapis.github.io/gax-nodejs/interfaces/CallOptions.html.`
145	`* @param {SetPolicyCallback} callback Callback function.`
146	`* @returns {Promise<SetPolicyResponse>}`
147	`*`
148	`* @see [Topics: setIamPolicy API Documentation]{@link https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.topics/setIamPolicy}`
149	`* @see [Subscriptions: setIamPolicy API Documentation]{@link https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.subscriptions/setIamPolicy}`
150	`* @see [Policy]{@link https://cloud.google.com/pubsub/docs/reference/rest/v1/Policy}`
151	`*`
152	`* @example`
153	* ```
154	`* const {PubSub} = require('@google-cloud/pubsub');`
155	`* const pubsub = new PubSub();`
156	`*`
157	`* const topic = pubsub.topic('my-topic');`
158	`* const subscription = topic.subscription('my-subscription');`
159	`*`
160	`* const myPolicy = {`
161	`* bindings: [`
162	`* {`
163	`* role: 'roles/pubsub.subscriber',`
164	`* members:`
165	`* ['serviceAccount:myotherproject@appspot.gserviceaccount.com']`
166	`* }`
167	`* ]`
168	`* };`
169	`*`
170	`* topic.iam.setPolicy(myPolicy, function(err, policy, apiResponse) {});`
171	`*`
172	`* subscription.iam.setPolicy(myPolicy, function(err, policy, apiResponse)`
173	`* {});`
174	`*`
175	`* //-`
176	`* // If the callback is omitted, we'll return a Promise.`
177	`* //-`
178	`* topic.iam.setPolicy(myPolicy).then(function(data) {`
179	`* const policy = data[0];`
180	`* const apiResponse = data[1];`
181	`* });`
182	* ```
183	`*/`
184	`setPolicy(policy: Policy, gaxOpts?: CallOptions): Promise<SetPolicyResponse>;`
185	`setPolicy(policy: Policy, gaxOpts: CallOptions, callback: SetPolicyCallback): void;`
186	`setPolicy(policy: Policy, callback: SetPolicyCallback): void;`
187	`/**`
188	`* @callback TestIamPermissionsCallback`
189	`* @param {?Error} err Request error, if any.`
190	`* @param {TestIamPermissionsAPIResponse} permissions A subset of permissions that the caller is allowed.`
191	`* @param {PermissionsResponse} apiResponse The full API response.`
192	`*/`
193	`/**`
194	`* @typedef {array} TestIamPermissionsResponse`
195	`* @property {object[]} 0 A subset of permissions that the caller is allowed.`
196	`* @property {PermissionsResponse} 1 The full API response.`
197	`*/`
198	`/**`
199	`* @typedef {string[]} PermissionsResponse`
200	`* A subset of TestPermissionsRequest.permissions that the caller is allowed.`
201	`* @see https://cloud.google.com/pubsub/docs/reference/rpc/google.iam.v1#google.iam.v1.TestIamPermissionsRequest`
202	`*/`
203	`/**`
204	`* Test a set of permissions for a resource.`
205	`*`
206	* Permissions with wildcards such as `` or `storage.` are not allowed.
207	`*`
208	`* @throws {Error} If permissions are not provided.`
209	`*`
210	`* @param {string\|string[]} permissions The permission(s) to test for.`
211	`* @param {object} [gaxOptions] Request configuration options, outlined`
212	`* here: https://googleapis.github.io/gax-nodejs/interfaces/CallOptions.html.`
213	`* @param {TestIamPermissionsCallback} [callback] Callback function.`
214	`* @returns {Promise<TestIamPermissionsResponse>}`
215	`*`
216	`* @see [Topics: testIamPermissions API Documentation]{@link https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.topics/testIamPermissions}`
217	`* @see [Subscriptions: testIamPermissions API Documentation]{@link https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.subscriptions/testIamPermissions}`
218	`* @see [Permissions Reference]{@link https://cloud.google.com/pubsub/access_control#permissions}`
219	`*`
220	`* @example`
221	* ```
222	`* const {PubSub} = require('@google-cloud/pubsub');`
223	`* const pubsub = new PubSub();`
224	`*`
225	`* const topic = pubsub.topic('my-topic');`
226	`* const subscription = topic.subscription('my-subscription');`
227	`*`
228	`* //-`
229	`* // Test a single permission.`
230	`* //-`
231	`* const test = 'pubsub.topics.update';`
232	`*`
233	`* topic.iam.testPermissions(test, function(err, permissions, apiResponse) {`
234	`* console.log(permissions);`
235	`* // {`
236	`* // "pubsub.topics.update": true`
237	`* // }`
238	`* });`
239	`*`
240	`* //-`
241	`* // Test several permissions at once.`
242	`* //-`
243	`* const tests = [`
244	`* 'pubsub.subscriptions.consume',`
245	`* 'pubsub.subscriptions.update'`
246	`* ];`
247	`*`
248	`* subscription.iam.testPermissions(tests, function(err, permissions) {`
249	`* console.log(permissions);`
250	`* // {`
251	`* // "pubsub.subscriptions.consume": true,`
252	`* // "pubsub.subscriptions.update": false`
253	`* // }`
254	`* });`
255	`*`
256	`* //-`
257	`* // If the callback is omitted, we'll return a Promise.`
258	`* //-`
259	`* topic.iam.testPermissions(test).then(function(data) {`
260	`* const permissions = data[0];`
261	`* const apiResponse = data[1];`
262	`* });`
263	* ```
264	`*/`
265	`testPermissions(permissions: string \| string[], gaxOpts?: CallOptions): Promise<TestIamPermissionsResponse>;`
266	`testPermissions(permissions: string \| string[], gaxOpts: CallOptions, callback: TestIamPermissionsCallback): void;`
267	`testPermissions(permissions: string \| string[], callback: TestIamPermissionsCallback): void;`
268	`}`