-
Notifications
You must be signed in to change notification settings - Fork 4k
/
Copy pathtopic-base.ts
105 lines (88 loc) · 2.89 KB
/
topic-base.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
import iam = require('@aws-cdk/aws-iam');
import { IResource, Resource } from '@aws-cdk/core';
import { TopicPolicy } from './policy';
import { ITopicSubscription } from './subscriber';
import { Subscription } from './subscription';
export interface ITopic extends IResource {
/**
* @attribute
*/
readonly topicArn: string;
/**
* @attribute
*/
readonly topicName: string;
/**
* Subscribe some endpoint to this topic
*/
addSubscription(subscription: ITopicSubscription): void;
/**
* Adds a statement to the IAM resource policy associated with this topic.
*
* If this topic was created in this stack (`new Topic`), a topic policy
* will be automatically created upon the first call to `addToPolicy`. If
* the topic is improted (`Topic.import`), then this is a no-op.
*/
addToResourcePolicy(statement: iam.PolicyStatement): void;
/**
* Grant topic publishing permissions to the given identity
*/
grantPublish(identity: iam.IGrantable): iam.Grant;
}
/**
* Either a new or imported Topic
*/
export abstract class TopicBase extends Resource implements ITopic {
public abstract readonly topicArn: string;
public abstract readonly topicName: string;
/**
* Controls automatic creation of policy objects.
*
* Set by subclasses.
*/
protected abstract readonly autoCreatePolicy: boolean;
private policy?: TopicPolicy;
/**
* Subscribe some endpoint to this topic
*/
public addSubscription(subscription: ITopicSubscription) {
const subscriptionConfig = subscription.bind(this);
const scope = subscriptionConfig.subscriberScope || this;
const id = subscriptionConfig.subscriberId;
// We use the subscriber's id as the construct id. There's no meaning
// to subscribing the same subscriber twice on the same topic.
if (scope.node.tryFindChild(id)) {
throw new Error(`A subscription with id "${id}" already exists under the scope ${scope.node.path}`);
}
new Subscription(scope, id, {
topic: this,
...subscriptionConfig,
});
}
/**
* Adds a statement to the IAM resource policy associated with this topic.
*
* If this topic was created in this stack (`new Topic`), a topic policy
* will be automatically created upon the first call to `addToPolicy`. If
* the topic is improted (`Topic.import`), then this is a no-op.
*/
public addToResourcePolicy(statement: iam.PolicyStatement) {
if (!this.policy && this.autoCreatePolicy) {
this.policy = new TopicPolicy(this, 'Policy', { topics: [ this ] });
}
if (this.policy) {
this.policy.document.addStatements(statement);
}
}
/**
* Grant topic publishing permissions to the given identity
*/
public grantPublish(grantee: iam.IGrantable) {
return iam.Grant.addToPrincipalOrResource({
grantee,
actions: ['sns:Publish'],
resourceArns: [this.topicArn],
resource: this,
});
}
}