| 1 | ;
|
| 2 | /*!
|
| 3 | * Copyright 2014 Google Inc. All Rights Reserved.
|
| 4 | *
|
| 5 | * Licensed under the Apache License, Version 2.0 (the "License");
|
| 6 | * you may not use this file except in compliance with the License.
|
| 7 | * You may obtain a copy of the License at
|
| 8 | *
|
| 9 | * http://www.apache.org/licenses/LICENSE-2.0
|
| 10 | *
|
| 11 | * Unless required by applicable law or agreed to in writing, software
|
| 12 | * distributed under the License is distributed on an "AS IS" BASIS,
|
| 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
| 14 | * See the License for the specific language governing permissions and
|
| 15 | * limitations under the License.
|
| 16 | */
|
| 17 | Object.defineProperty(exports, "__esModule", { value: true });
|
| 18 | exports.IAM = void 0;
|
| 19 | /*!
|
| 20 | * @module pubsub/iam
|
| 21 | */
|
| 22 | const arrify = require("arrify");
|
| 23 | const util_1 = require("./util");
|
| 24 | /**
|
| 25 | * [IAM (Identity and Access
|
| 26 | * Management)](https://cloud.google.com/pubsub/access_control) allows you to
|
| 27 | * set permissions on individual resources and offers a wider range of roles:
|
| 28 | * editor, owner, publisher, subscriber, and viewer. This gives you greater
|
| 29 | * flexibility and allows you to set more fine-grained access control.
|
| 30 | *
|
| 31 | * For example:
|
| 32 | * * Grant access on a per-topic or per-subscription basis, rather than for
|
| 33 | * the whole Cloud project.
|
| 34 | * * Grant access with limited capabilities, such as to only publish messages
|
| 35 | * to a topic, or to only to consume messages from a subscription, but not
|
| 36 | * to delete the topic or subscription.
|
| 37 | *
|
| 38 | *
|
| 39 | * *The IAM access control features described in this document are Beta,
|
| 40 | * including the API methods to get and set IAM policies, and to test IAM
|
| 41 | * permissions. Cloud Pub/Sub's use of IAM features is not covered by any
|
| 42 | * SLA or deprecation policy, and may be subject to backward-incompatible
|
| 43 | * changes.*
|
| 44 | *
|
| 45 | * @class
|
| 46 | * @param {PubSub} pubsub PubSub Object.
|
| 47 | * @param {string} id The name of the topic or subscription.
|
| 48 | *
|
| 49 | * @see [Access Control Overview]{@link https://cloud.google.com/pubsub/access_control}
|
| 50 | * @see [What is Cloud IAM?]{@link https://cloud.google.com/iam/}
|
| 51 | *
|
| 52 | * @example
|
| 53 | * ```
|
| 54 | * const {PubSub} = require('@google-cloud/pubsub');
|
| 55 | * const pubsub = new PubSub();
|
| 56 | *
|
| 57 | * const topic = pubsub.topic('my-topic');
|
| 58 | * // topic.iam
|
| 59 | *
|
| 60 | * const subscription = pubsub.subscription('my-subscription');
|
| 61 | * // subscription.iam
|
| 62 | * ```
|
| 63 | */
|
| 64 | class IAM {
|
| 65 | constructor(pubsub, id) {
|
| 66 | this.pubsub = pubsub;
|
| 67 | this.request = pubsub.request.bind(pubsub);
|
| 68 | this.id = id;
|
| 69 | }
|
| 70 | getPolicy(optsOrCallback, callback) {
|
| 71 | const gaxOpts = typeof optsOrCallback === 'object' ? optsOrCallback : {};
|
| 72 | callback = typeof optsOrCallback === 'function' ? optsOrCallback : callback;
|
| 73 | const reqOpts = {
|
| 74 | resource: this.id,
|
| 75 | };
|
| 76 | this.request({
|
| 77 | client: 'SubscriberClient',
|
| 78 | method: 'getIamPolicy',
|
| 79 | reqOpts,
|
| 80 | gaxOpts,
|
| 81 | }, callback);
|
| 82 | }
|
| 83 | setPolicy(policy, optsOrCallback, callback) {
|
| 84 | if (!(typeof policy === 'object')) {
|
| 85 | throw new Error('A policy object is required.');
|
| 86 | }
|
| 87 | const gaxOpts = typeof optsOrCallback === 'object' ? optsOrCallback : {};
|
| 88 | callback = typeof optsOrCallback === 'function' ? optsOrCallback : callback;
|
| 89 | const reqOpts = {
|
| 90 | resource: this.id,
|
| 91 | policy,
|
| 92 | };
|
| 93 | this.request({
|
| 94 | client: 'SubscriberClient',
|
| 95 | method: 'setIamPolicy',
|
| 96 | reqOpts,
|
| 97 | gaxOpts,
|
| 98 | }, callback);
|
| 99 | }
|
| 100 | testPermissions(permissions, optsOrCallback, callback) {
|
| 101 | if (!Array.isArray(permissions) && !(typeof permissions === 'string')) {
|
| 102 | throw new Error('Permissions are required.');
|
| 103 | }
|
| 104 | const gaxOpts = typeof optsOrCallback === 'object' ? optsOrCallback : {};
|
| 105 | callback = typeof optsOrCallback === 'function' ? optsOrCallback : callback;
|
| 106 | const reqOpts = {
|
| 107 | resource: this.id,
|
| 108 | permissions: arrify(permissions),
|
| 109 | };
|
| 110 | this.request({
|
| 111 | client: 'SubscriberClient',
|
| 112 | method: 'testIamPermissions',
|
| 113 | reqOpts,
|
| 114 | gaxOpts,
|
| 115 | }, (err, resp) => {
|
| 116 | if (err) {
|
| 117 | callback(err, null, resp);
|
| 118 | return;
|
| 119 | }
|
| 120 | const availablePermissions = arrify(resp.permissions);
|
| 121 | const permissionHash = permissions.reduce((acc, permission) => {
|
| 122 | acc[permission] = availablePermissions.indexOf(permission) > -1;
|
| 123 | return acc;
|
| 124 | }, {});
|
| 125 | callback(null, permissionHash, resp);
|
| 126 | });
|
| 127 | }
|
| 128 | }
|
| 129 | exports.IAM = IAM;
|
| 130 | /*! Developer Documentation
|
| 131 | *
|
| 132 | * Existing async methods (except for streams) will return a Promise in the event
|
| 133 | * that a callback is omitted. Future methods will not allow for a callback.
|
| 134 | * (Use .then() on the returned Promise instead.)
|
| 135 | */
|
| 136 | util_1.promisifySome(IAM, IAM.prototype, [
|
| 137 | 'getPolicy',
|
| 138 | 'setPolicy',
|
| 139 | 'testPermissions',
|
| 140 | ]);
|
| 141 | //# sourceMappingURL=iam.js.map |
| \ | No newline at end of file |