Class: AWSCDK::IAM::Grant
- Inherits:
-
Jsii::Object
- Object
- Jsii::Object
- AWSCDK::IAM::Grant
- Includes:
- Constructs::IDependable
- Defined in:
- iam/grant.rb
Overview
Result of a grant() operation.
This class is not instantiable by consumers on purpose, so that they will be required to call the Grant factory functions.
Class Method Summary collapse
-
.add_statement_to_resource_policy(options) ⇒ AWSCDK::IAM::Grant
Add a pre-constructed policy statement to the resource's policy.
-
.add_to_principal(options) ⇒ AWSCDK::IAM::Grant
Try to grant the given permissions to the given principal.
-
.add_to_principal_and_resource(options) ⇒ AWSCDK::IAM::Grant
Add a grant both on the principal and on the resource.
-
.add_to_principal_or_resource(options) ⇒ AWSCDK::IAM::Grant
Grant the given permissions to the principal.
-
.drop(grantee, _intent) ⇒ AWSCDK::IAM::Grant
Returns a "no-op"
Grantobject which represents a "dropped grant". - .jsii_overridable_methods ⇒ Object
Instance Method Summary collapse
-
#apply_before(*constructs) ⇒ void
Make sure this grant is applied before the given constructs are deployed.
-
#assert_success ⇒ void
Throw an error if this grant wasn't successful.
-
#combine(rhs) ⇒ AWSCDK::IAM::Grant
Combine two grants into a new one.
-
#initialize(*args) ⇒ Grant
constructor
A new instance of Grant.
-
#principal_statement ⇒ AWSCDK::IAM::PolicyStatement?
deprecated
Deprecated.
Use
principalStatementsinstead -
#principal_statements ⇒ Array<AWSCDK::IAM::PolicyStatement>
The statements that were added to the principal's policy.
-
#resource_statement ⇒ AWSCDK::IAM::PolicyStatement?
deprecated
Deprecated.
Use
resourceStatementsinstead -
#resource_statements ⇒ Array<AWSCDK::IAM::PolicyStatement>
The statements that were added to the resource policy.
-
#success ⇒ Boolean
Whether the grant operation was successful.
Constructor Details
#initialize(*args) ⇒ Grant
Returns a new instance of Grant.
12 13 14 |
# File 'iam/grant.rb', line 12 def initialize(*args) raise NoMethodError, "aws-cdk-lib.aws_iam.Grant does not have a visible constructor; use the provided factory methods" end |
Class Method Details
.add_statement_to_resource_policy(options) ⇒ AWSCDK::IAM::Grant
Add a pre-constructed policy statement to the resource's policy.
This method provides direct, low-level control over the initial policy statement being added. It is useful when you need to:
- Add complex policy statements that can't be expressed through other grant methods
- Specify the initial structure of the policy statement
- Add statements with custom conditions or other advanced IAM features
Important differences from other grant methods:
- Only modifies the resource policy, never modifies any principal's policy
- Takes a complete PolicyStatement rather than constructing one from parameters
- Always attempts to add the statement, regardless of principal type or account
- Does not attempt any automatic principal/resource policy selection logic
Note: The final form of the policy statement in the resource's policy may differ from the provided statement, depending on the resource's implementation of addToResourcePolicy.
75 76 77 78 79 |
# File 'iam/grant.rb', line 75 def self.add_statement_to_resource_policy() = .is_a?(Hash) ? ::AWSCDK::IAM::GrantPolicyWithResourceOptions.new(**.transform_keys(&:to_sym)) : Jsii::Type.check_type(, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLkdyYW50UG9saWN5V2l0aFJlc291cmNlT3B0aW9ucyJ9")), "options") Jsii::Kernel.instance.call_static("aws-cdk-lib.aws_iam.Grant", "addStatementToResourcePolicy", []) end |
.add_to_principal(options) ⇒ AWSCDK::IAM::Grant
Try to grant the given permissions to the given principal.
Absence of a principal leads to a warning, but failing to add the permissions to a present principal is not an error.
88 89 90 91 92 |
# File 'iam/grant.rb', line 88 def self.add_to_principal() = .is_a?(Hash) ? ::AWSCDK::IAM::GrantOnPrincipalOptions.new(**.transform_keys(&:to_sym)) : Jsii::Type.check_type(, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLkdyYW50T25QcmluY2lwYWxPcHRpb25zIn0=")), "options") Jsii::Kernel.instance.call_static("aws-cdk-lib.aws_iam.Grant", "addToPrincipal", []) end |
.add_to_principal_and_resource(options) ⇒ AWSCDK::IAM::Grant
Add a grant both on the principal and on the resource.
As long as any principal is given, granting on the principal may fail (in case of a non-identity principal), but granting on the resource will never fail.
Statement will be the resource statement.
104 105 106 107 108 |
# File 'iam/grant.rb', line 104 def self.add_to_principal_and_resource() = .is_a?(Hash) ? ::AWSCDK::IAM::GrantOnPrincipalAndResourceOptions.new(**.transform_keys(&:to_sym)) : Jsii::Type.check_type(, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLkdyYW50T25QcmluY2lwYWxBbmRSZXNvdXJjZU9wdGlvbnMifQ==")), "options") Jsii::Kernel.instance.call_static("aws-cdk-lib.aws_iam.Grant", "addToPrincipalAndResource", []) end |
.add_to_principal_or_resource(options) ⇒ AWSCDK::IAM::Grant
Grant the given permissions to the principal.
The permissions will be added to the principal policy primarily, falling back to the resource policy if necessary. The permissions must be granted somewhere.
- Trying to grant permissions to a principal that does not admit adding to the principal policy while not providing a resource with a resource policy is an error.
- Trying to grant permissions to an absent principal (possible in the case of imported resources) leads to a warning being added to the resource construct.
125 126 127 128 129 |
# File 'iam/grant.rb', line 125 def self.add_to_principal_or_resource() = .is_a?(Hash) ? ::AWSCDK::IAM::GrantWithResourceOptions.new(**.transform_keys(&:to_sym)) : Jsii::Type.check_type(, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLkdyYW50V2l0aFJlc291cmNlT3B0aW9ucyJ9")), "options") Jsii::Kernel.instance.call_static("aws-cdk-lib.aws_iam.Grant", "addToPrincipalOrResource", []) end |
.drop(grantee, _intent) ⇒ AWSCDK::IAM::Grant
Returns a "no-op" Grant object which represents a "dropped grant".
This can be used for e.g. imported resources where you may not be able to modify the resource's policy or some underlying policy which you don't know about.
139 140 141 142 143 |
# File 'iam/grant.rb', line 139 def self.drop(grantee, _intent) Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee") Jsii::Type.check_type(_intent, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "_intent") Jsii::Kernel.instance.call_static("aws-cdk-lib.aws_iam.Grant", "drop", [grantee, _intent]) end |
.jsii_overridable_methods ⇒ Object
16 17 18 19 20 21 22 23 24 25 26 27 |
# File 'iam/grant.rb', line 16 def self.jsii_overridable_methods { :principal_statements => { kind: :property, name: "principalStatements", is_optional: false }, :resource_statements => { kind: :property, name: "resourceStatements", is_optional: false }, :success => { kind: :property, name: "success", is_optional: false }, :principal_statement => { kind: :property, name: "principalStatement", is_optional: true }, :resource_statement => { kind: :property, name: "resourceStatement", is_optional: true }, :apply_before => { kind: :method, name: "applyBefore", is_optional: false }, :assert_success => { kind: :method, name: "assertSuccess", is_optional: false }, :combine => { kind: :method, name: "combine", is_optional: false }, } end |
Instance Method Details
#apply_before(*constructs) ⇒ void
This method returns an undefined value.
Make sure this grant is applied before the given constructs are deployed.
The same as construct.node.addDependency(grant), but slightly nicer to read.
188 189 190 191 192 193 |
# File 'iam/grant.rb', line 188 def apply_before(*constructs) constructs.each_with_index do |item, index| Jsii::Type.check_type(item, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJjb25zdHJ1Y3RzLklDb25zdHJ1Y3QifQ==")), "constructs[#{index}]") end jsii_call_method("applyBefore", [*constructs]) end |
#assert_success ⇒ void
This method returns an undefined value.
Throw an error if this grant wasn't successful.
198 199 200 |
# File 'iam/grant.rb', line 198 def assert_success() jsii_call_method("assertSuccess", []) end |
#combine(rhs) ⇒ AWSCDK::IAM::Grant
Combine two grants into a new one.
206 207 208 209 |
# File 'iam/grant.rb', line 206 def combine(rhs) Jsii::Type.check_type(rhs, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLkdyYW50In0=")), "rhs") jsii_call_method("combine", [rhs]) end |
#principal_statement ⇒ AWSCDK::IAM::PolicyStatement?
Use principalStatements instead
The statement that was added to the principal's policy.
170 171 172 |
# File 'iam/grant.rb', line 170 def principal_statement() jsii_get_property("principalStatement") end |
#principal_statements ⇒ Array<AWSCDK::IAM::PolicyStatement>
The statements that were added to the principal's policy.
148 149 150 |
# File 'iam/grant.rb', line 148 def principal_statements() jsii_get_property("principalStatements") end |
#resource_statement ⇒ AWSCDK::IAM::PolicyStatement?
Use resourceStatements instead
The statement that was added to the resource policy.
178 179 180 |
# File 'iam/grant.rb', line 178 def resource_statement() jsii_get_property("resourceStatement") end |
#resource_statements ⇒ Array<AWSCDK::IAM::PolicyStatement>
The statements that were added to the resource policy.
155 156 157 |
# File 'iam/grant.rb', line 155 def resource_statements() jsii_get_property("resourceStatements") end |
#success ⇒ Boolean
Whether the grant operation was successful.
162 163 164 |
# File 'iam/grant.rb', line 162 def success() jsii_get_property("success") end |