1 | /*!
|
2 | * Copyright 2014 Google Inc. All Rights Reserved.
|
3 | *
|
4 | * Licensed under the Apache License, Version 2.0 (the "License");
|
5 | * you may not use this file except in compliance with the License.
|
6 | * You may obtain a copy of the License at
|
7 | *
|
8 | * http://www.apache.org/licenses/LICENSE-2.0
|
9 | *
|
10 | * Unless required by applicable law or agreed to in writing, software
|
11 | * distributed under the License is distributed on an "AS IS" BASIS,
|
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
13 | * See the License for the specific language governing permissions and
|
14 | * limitations under the License.
|
15 | */
|
16 | /// <reference types="node" />
|
17 | import { CallOptions, IamProtos } from 'google-gax';
|
18 | import { Omit, PubSub, RequestCallback, ResourceCallback } from './pubsub';
|
19 | export declare type Policy = {
|
20 | etag?: string | Buffer;
|
21 | } & Omit<IamProtos.google.iam.v1.IPolicy, 'etag'>;
|
22 | export declare type GetPolicyCallback = RequestCallback<Policy>;
|
23 | export declare type SetPolicyCallback = RequestCallback<Policy>;
|
24 | export declare type SetPolicyResponse = [Policy];
|
25 | export declare type GetPolicyResponse = [Policy];
|
26 | /**
|
27 | * Shows which IAM permissions is allowed.
|
28 | * The key to this object are the IAM permissions (string) and the values are
|
29 | * booleans, true if permissions are granted to the corresponding key.
|
30 | */
|
31 | export interface IamPermissionsMap {
|
32 | [key: string]: boolean;
|
33 | }
|
34 | export declare type TestIamPermissionsResponse = [IamPermissionsMap, IamProtos.google.iam.v1.ITestIamPermissionsResponse];
|
35 | export declare type TestIamPermissionsCallback = ResourceCallback<IamPermissionsMap, IamProtos.google.iam.v1.ITestIamPermissionsResponse>;
|
36 | /**
|
37 | * [IAM (Identity and Access
|
38 | * Management)](https://cloud.google.com/pubsub/access_control) allows you to
|
39 | * set permissions on individual resources and offers a wider range of roles:
|
40 | * editor, owner, publisher, subscriber, and viewer. This gives you greater
|
41 | * flexibility and allows you to set more fine-grained access control.
|
42 | *
|
43 | * For example:
|
44 | * * Grant access on a per-topic or per-subscription basis, rather than for
|
45 | * the whole Cloud project.
|
46 | * * Grant access with limited capabilities, such as to only publish messages
|
47 | * to a topic, or to only to consume messages from a subscription, but not
|
48 | * to delete the topic or subscription.
|
49 | *
|
50 | *
|
51 | * *The IAM access control features described in this document are Beta,
|
52 | * including the API methods to get and set IAM policies, and to test IAM
|
53 | * permissions. Cloud Pub/Sub's use of IAM features is not covered by any
|
54 | * SLA or deprecation policy, and may be subject to backward-incompatible
|
55 | * changes.*
|
56 | *
|
57 | * @class
|
58 | * @param {PubSub} pubsub PubSub Object.
|
59 | * @param {string} id The name of the topic or subscription.
|
60 | *
|
61 | * @see [Access Control Overview]{@link https://cloud.google.com/pubsub/access_control}
|
62 | * @see [What is Cloud IAM?]{@link https://cloud.google.com/iam/}
|
63 | *
|
64 | * @example
|
65 | * ```
|
66 | * const {PubSub} = require('@google-cloud/pubsub');
|
67 | * const pubsub = new PubSub();
|
68 | *
|
69 | * const topic = pubsub.topic('my-topic');
|
70 | * // topic.iam
|
71 | *
|
72 | * const subscription = pubsub.subscription('my-subscription');
|
73 | * // subscription.iam
|
74 | * ```
|
75 | */
|
76 | export declare class IAM {
|
77 | pubsub: PubSub;
|
78 | request: typeof PubSub.prototype.request;
|
79 | id: string;
|
80 | constructor(pubsub: PubSub, id: string);
|
81 | /**
|
82 | * @typedef {array} GetPolicyResponse
|
83 | * 0 The policy.
{object} |
84 | */
|
85 | /**
|
86 | * @callback GetPolicyCallback
|
87 | * @param {?Error} err Request error, if any.
|
88 | * @param {object} acl The policy.
|
89 | */
|
90 | /**
|
91 | * Get the IAM policy
|
92 | *
|
93 | * @param {object} [gaxOptions] Request configuration options, outlined
|
94 | * here: https://googleapis.github.io/gax-nodejs/interfaces/CallOptions.html.
|
95 | * @param {GetPolicyCallback} [callback] Callback function.
|
96 | * @returns {Promise<GetPolicyResponse>}
|
97 | *
|
98 | * @see [Topics: getIamPolicy API Documentation]{@link https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.topics/getIamPolicy}
|
99 | * @see [Subscriptions: getIamPolicy API Documentation]{@link https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.subscriptions/getIamPolicy}
|
100 | *
|
101 | * @example
|
102 | * ```
|
103 | * const {PubSub} = require('@google-cloud/pubsub');
|
104 | * const pubsub = new PubSub();
|
105 | *
|
106 | * const topic = pubsub.topic('my-topic');
|
107 | * const subscription = topic.subscription('my-subscription');
|
108 | *
|
109 | * topic.iam.getPolicy(function(err, policy, apiResponse) {});
|
110 | *
|
111 | * subscription.iam.getPolicy(function(err, policy, apiResponse) {});
|
112 | *
|
113 | * //-
|
114 | * // If the callback is omitted, we'll return a Promise.
|
115 | * //-
|
116 | * topic.iam.getPolicy().then(function(data) {
|
117 | * const policy = data[0];
|
118 | * const apiResponse = data[1];
|
119 | * });
|
120 | * ```
|
121 | */
|
122 | getPolicy(gaxOpts?: CallOptions): Promise<GetPolicyResponse>;
|
123 | getPolicy(callback: GetPolicyCallback): void;
|
124 | getPolicy(gaxOpts: CallOptions, callback: GetPolicyCallback): void;
|
125 | /**
|
126 | * @typedef {array} SetPolicyResponse
|
127 | * @property {object} 0 The policy.
|
128 | */
|
129 | /**
|
130 | * @callback SetPolicyCallback
|
131 | * @param {?Error} err Request error, if any.
|
132 | * @param {object} acl The policy.
|
133 | */
|
134 | /**
|
135 | * Set the IAM policy
|
136 | *
|
137 | * @throws {Error} If no policy is provided.
|
138 | *
|
139 | * @param {object} policy The [policy](https://cloud.google.com/pubsub/docs/reference/rest/v1/Policy).
|
140 | * @param {array} [policy.bindings] Bindings associate members with roles.
|
141 | * @param {Array<object>} [policy.rules] Rules to be applied to the policy.
|
142 | * @param {string} [policy.etag] Etags are used to perform a read-modify-write.
|
143 | * @param {object} [gaxOptions] Request configuration options, outlined
|
144 | * here: https://googleapis.github.io/gax-nodejs/interfaces/CallOptions.html.
|
145 | * @param {SetPolicyCallback} callback Callback function.
|
146 | * @returns {Promise<SetPolicyResponse>}
|
147 | *
|
148 | * @see [Topics: setIamPolicy API Documentation]{@link https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.topics/setIamPolicy}
|
149 | * @see [Subscriptions: setIamPolicy API Documentation]{@link https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.subscriptions/setIamPolicy}
|
150 | * @see [Policy]{@link https://cloud.google.com/pubsub/docs/reference/rest/v1/Policy}
|
151 | *
|
152 | * @example
|
153 | * ```
|
154 | * const {PubSub} = require('@google-cloud/pubsub');
|
155 | * const pubsub = new PubSub();
|
156 | *
|
157 | * const topic = pubsub.topic('my-topic');
|
158 | * const subscription = topic.subscription('my-subscription');
|
159 | *
|
160 | * const myPolicy = {
|
161 | * bindings: [
|
162 | * {
|
163 | * role: 'roles/pubsub.subscriber',
|
164 | * members:
|
165 | * ['serviceAccount:myotherproject@appspot.gserviceaccount.com']
|
166 | * }
|
167 | * ]
|
168 | * };
|
169 | *
|
170 | * topic.iam.setPolicy(myPolicy, function(err, policy, apiResponse) {});
|
171 | *
|
172 | * subscription.iam.setPolicy(myPolicy, function(err, policy, apiResponse)
|
173 | * {});
|
174 | *
|
175 | * //-
|
176 | * // If the callback is omitted, we'll return a Promise.
|
177 | * //-
|
178 | * topic.iam.setPolicy(myPolicy).then(function(data) {
|
179 | * const policy = data[0];
|
180 | * const apiResponse = data[1];
|
181 | * });
|
182 | * ```
|
183 | */
|
184 | setPolicy(policy: Policy, gaxOpts?: CallOptions): Promise<SetPolicyResponse>;
|
185 | setPolicy(policy: Policy, gaxOpts: CallOptions, callback: SetPolicyCallback): void;
|
186 | setPolicy(policy: Policy, callback: SetPolicyCallback): void;
|
187 | /**
|
188 | * @callback TestIamPermissionsCallback
|
189 | * @param {?Error} err Request error, if any.
|
190 | * @param {TestIamPermissionsAPIResponse} permissions A subset of permissions that the caller is allowed.
|
191 | * @param {PermissionsResponse} apiResponse The full API response.
|
192 | */
|
193 | /**
|
194 | * @typedef {array} TestIamPermissionsResponse
|
195 | * @property {object[]} 0 A subset of permissions that the caller is allowed.
|
196 | * @property {PermissionsResponse} 1 The full API response.
|
197 | */
|
198 | /**
|
199 | * @typedef {string[]} PermissionsResponse
|
200 | * A subset of TestPermissionsRequest.permissions that the caller is allowed.
|
201 | * @see https://cloud.google.com/pubsub/docs/reference/rpc/google.iam.v1#google.iam.v1.TestIamPermissionsRequest
|
202 | */
|
203 | /**
|
204 | * Test a set of permissions for a resource.
|
205 | *
|
206 | * Permissions with wildcards such as `*` or `storage.*` are not allowed.
|
207 | *
|
208 | * @throws {Error} If permissions are not provided.
|
209 | *
|
210 | * @param {string|string[]} permissions The permission(s) to test for.
|
211 | * @param {object} [gaxOptions] Request configuration options, outlined
|
212 | * here: https://googleapis.github.io/gax-nodejs/interfaces/CallOptions.html.
|
213 | * @param {TestIamPermissionsCallback} [callback] Callback function.
|
214 | * @returns {Promise<TestIamPermissionsResponse>}
|
215 | *
|
216 | * @see [Topics: testIamPermissions API Documentation]{@link https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.topics/testIamPermissions}
|
217 | * @see [Subscriptions: testIamPermissions API Documentation]{@link https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.subscriptions/testIamPermissions}
|
218 | * @see [Permissions Reference]{@link https://cloud.google.com/pubsub/access_control#permissions}
|
219 | *
|
220 | * @example
|
221 | * ```
|
222 | * const {PubSub} = require('@google-cloud/pubsub');
|
223 | * const pubsub = new PubSub();
|
224 | *
|
225 | * const topic = pubsub.topic('my-topic');
|
226 | * const subscription = topic.subscription('my-subscription');
|
227 | *
|
228 | * //-
|
229 | * // Test a single permission.
|
230 | * //-
|
231 | * const test = 'pubsub.topics.update';
|
232 | *
|
233 | * topic.iam.testPermissions(test, function(err, permissions, apiResponse) {
|
234 | * console.log(permissions);
|
235 | * // {
|
236 | * // "pubsub.topics.update": true
|
237 | * // }
|
238 | * });
|
239 | *
|
240 | * //-
|
241 | * // Test several permissions at once.
|
242 | * //-
|
243 | * const tests = [
|
244 | * 'pubsub.subscriptions.consume',
|
245 | * 'pubsub.subscriptions.update'
|
246 | * ];
|
247 | *
|
248 | * subscription.iam.testPermissions(tests, function(err, permissions) {
|
249 | * console.log(permissions);
|
250 | * // {
|
251 | * // "pubsub.subscriptions.consume": true,
|
252 | * // "pubsub.subscriptions.update": false
|
253 | * // }
|
254 | * });
|
255 | *
|
256 | * //-
|
257 | * // If the callback is omitted, we'll return a Promise.
|
258 | * //-
|
259 | * topic.iam.testPermissions(test).then(function(data) {
|
260 | * const permissions = data[0];
|
261 | * const apiResponse = data[1];
|
262 | * });
|
263 | * ```
|
264 | */
|
265 | testPermissions(permissions: string | string[], gaxOpts?: CallOptions): Promise<TestIamPermissionsResponse>;
|
266 | testPermissions(permissions: string | string[], gaxOpts: CallOptions, callback: TestIamPermissionsCallback): void;
|
267 | testPermissions(permissions: string | string[], callback: TestIamPermissionsCallback): void;
|
268 | }
|