1 | ;
|
2 | /*!
|
3 | * Copyright 2014 Google Inc. All Rights Reserved.
|
4 | *
|
5 | * Licensed under the Apache License, Version 2.0 (the "License");
|
6 | * you may not use this file except in compliance with the License.
|
7 | * You may obtain a copy of the License at
|
8 | *
|
9 | * http://www.apache.org/licenses/LICENSE-2.0
|
10 | *
|
11 | * Unless required by applicable law or agreed to in writing, software
|
12 | * distributed under the License is distributed on an "AS IS" BASIS,
|
13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14 | * See the License for the specific language governing permissions and
|
15 | * limitations under the License.
|
16 | */
|
17 | Object.defineProperty(exports, "__esModule", { value: true });
|
18 | exports.IAM = void 0;
|
19 | /*!
|
20 | * @module pubsub/iam
|
21 | */
|
22 | const arrify = require("arrify");
|
23 | const util_1 = require("./util");
|
24 | /**
|
25 | * [IAM (Identity and Access
|
26 | * Management)](https://cloud.google.com/pubsub/access_control) allows you to
|
27 | * set permissions on individual resources and offers a wider range of roles:
|
28 | * editor, owner, publisher, subscriber, and viewer. This gives you greater
|
29 | * flexibility and allows you to set more fine-grained access control.
|
30 | *
|
31 | * For example:
|
32 | * * Grant access on a per-topic or per-subscription basis, rather than for
|
33 | * the whole Cloud project.
|
34 | * * Grant access with limited capabilities, such as to only publish messages
|
35 | * to a topic, or to only to consume messages from a subscription, but not
|
36 | * to delete the topic or subscription.
|
37 | *
|
38 | *
|
39 | * *The IAM access control features described in this document are Beta,
|
40 | * including the API methods to get and set IAM policies, and to test IAM
|
41 | * permissions. Cloud Pub/Sub's use of IAM features is not covered by any
|
42 | * SLA or deprecation policy, and may be subject to backward-incompatible
|
43 | * changes.*
|
44 | *
|
45 | * @class
|
46 | * @param {PubSub} pubsub PubSub Object.
|
47 | * @param {string} id The name of the topic or subscription.
|
48 | *
|
49 | * @see [Access Control Overview]{@link https://cloud.google.com/pubsub/access_control}
|
50 | * @see [What is Cloud IAM?]{@link https://cloud.google.com/iam/}
|
51 | *
|
52 | * @example
|
53 | * ```
|
54 | * const {PubSub} = require('@google-cloud/pubsub');
|
55 | * const pubsub = new PubSub();
|
56 | *
|
57 | * const topic = pubsub.topic('my-topic');
|
58 | * // topic.iam
|
59 | *
|
60 | * const subscription = pubsub.subscription('my-subscription');
|
61 | * // subscription.iam
|
62 | * ```
|
63 | */
|
64 | class IAM {
|
65 | constructor(pubsub, id) {
|
66 | this.pubsub = pubsub;
|
67 | this.request = pubsub.request.bind(pubsub);
|
68 | this.id = id;
|
69 | }
|
70 | getPolicy(optsOrCallback, callback) {
|
71 | const gaxOpts = typeof optsOrCallback === 'object' ? optsOrCallback : {};
|
72 | callback = typeof optsOrCallback === 'function' ? optsOrCallback : callback;
|
73 | const reqOpts = {
|
74 | resource: this.id,
|
75 | };
|
76 | this.request({
|
77 | client: 'SubscriberClient',
|
78 | method: 'getIamPolicy',
|
79 | reqOpts,
|
80 | gaxOpts,
|
81 | }, callback);
|
82 | }
|
83 | setPolicy(policy, optsOrCallback, callback) {
|
84 | if (!(typeof policy === 'object')) {
|
85 | throw new Error('A policy object is required.');
|
86 | }
|
87 | const gaxOpts = typeof optsOrCallback === 'object' ? optsOrCallback : {};
|
88 | callback = typeof optsOrCallback === 'function' ? optsOrCallback : callback;
|
89 | const reqOpts = {
|
90 | resource: this.id,
|
91 | policy,
|
92 | };
|
93 | this.request({
|
94 | client: 'SubscriberClient',
|
95 | method: 'setIamPolicy',
|
96 | reqOpts,
|
97 | gaxOpts,
|
98 | }, callback);
|
99 | }
|
100 | testPermissions(permissions, optsOrCallback, callback) {
|
101 | if (!Array.isArray(permissions) && !(typeof permissions === 'string')) {
|
102 | throw new Error('Permissions are required.');
|
103 | }
|
104 | const gaxOpts = typeof optsOrCallback === 'object' ? optsOrCallback : {};
|
105 | callback = typeof optsOrCallback === 'function' ? optsOrCallback : callback;
|
106 | const reqOpts = {
|
107 | resource: this.id,
|
108 | permissions: arrify(permissions),
|
109 | };
|
110 | this.request({
|
111 | client: 'SubscriberClient',
|
112 | method: 'testIamPermissions',
|
113 | reqOpts,
|
114 | gaxOpts,
|
115 | }, (err, resp) => {
|
116 | if (err) {
|
117 | callback(err, null, resp);
|
118 | return;
|
119 | }
|
120 | const availablePermissions = arrify(resp.permissions);
|
121 | const permissionHash = permissions.reduce((acc, permission) => {
|
122 | acc[permission] = availablePermissions.indexOf(permission) > -1;
|
123 | return acc;
|
124 | }, {});
|
125 | callback(null, permissionHash, resp);
|
126 | });
|
127 | }
|
128 | }
|
129 | exports.IAM = IAM;
|
130 | /*! Developer Documentation
|
131 | *
|
132 | * Existing async methods (except for streams) will return a Promise in the event
|
133 | * that a callback is omitted. Future methods will not allow for a callback.
|
134 | * (Use .then() on the returned Promise instead.)
|
135 | */
|
136 | util_1.promisifySome(IAM, IAM.prototype, [
|
137 | 'getPolicy',
|
138 | 'setPolicy',
|
139 | 'testPermissions',
|
140 | ]);
|
141 | //# sourceMappingURL=iam.js.map |
\ | No newline at end of file |