import { IClaimsContext } from '@catnekaise/cdk-iam-utilities'; import * as apigateway from 'aws-cdk-lib/aws-apigateway'; import * as cloudwatch from 'aws-cdk-lib/aws-cloudwatch'; import * as iam from 'aws-cdk-lib/aws-iam'; import * as lambda from 'aws-cdk-lib/aws-lambda'; import { Construct } from 'constructs'; import { TokenProviderConfigurator } from './configurator'; import { TokenProviderPathStrategy } from './gha-abac'; import { TokenProviderTargetRule } from './target'; import { GitHubAppPermissions } from '../app-permissions'; export declare enum TokenProviderEndpointType { DEFAULT = "DEFAULT", DYNAMIC_OWNER = "DYNAMIC_OWNER", STATIC_OWNER = "STATIC_OWNER" } export declare class TokenProviderEndpoint { readonly type: TokenProviderEndpointType; readonly owner?: string | undefined; readonly repo?: string | undefined; /** * Use this to configure a token provider at `/x//{owner}/{repo}` */ static useDefault(): TokenProviderEndpoint; /** * Use this to configure a token provider at `/x//{owner}` or `/x//` */ static useOwner(owner?: string): TokenProviderEndpoint; private constructor(); get isOwnerEndpoint(): boolean; } export interface TokenProviderActionsIdentitySettings { readonly claimsContext: IClaimsContext; readonly pathStrategy?: TokenProviderPathStrategy; } export interface ITokenProvider { /** * Use this to grant access to the token provider. */ grantExecute(role: iam.IRole, owner?: string, ...repo: string[]): iam.Grant; /** * use this to grant access to the token provider when the role is assumed via Cognito Identity */ grantExecuteGitHubActionsAbac(role: iam.IRole, settings: TokenProviderActionsIdentitySettings): iam.Grant; } export interface TokenProviderMethodOptions { readonly requestValidator: apigateway.RequestValidator; readonly endpointType: TokenProviderEndpointType; readonly tokenResponseModel: apigateway.Model; readonly errorResponseModel: apigateway.Model; readonly operationName: string; } export interface TokenProviderSettings { readonly permissions: GitHubAppPermissions; readonly endpoint: TokenProviderEndpoint; readonly targetRule: TokenProviderTargetRule; readonly app: string; readonly appId: number; readonly configurator: TokenProviderConfigurator; readonly methodOptions: TokenProviderMethodOptions; readonly name: string; readonly api: apigateway.IRestApi; readonly lambda: lambda.Function; } /** * This construct may receive some changes before constructor is made public. Until then use static create method. */ export declare class TokenProvider extends Construct implements ITokenProvider { private readonly settings; static create(scope: Construct, id: string, settings: TokenProviderSettings): TokenProvider; private readonly method; private constructor(); grantExecute(role: iam.IRole, owner?: string, ...repo: string[]): iam.Grant; grantExecuteGitHubActionsAbac(role: iam.IRole, settings: TokenProviderActionsIdentitySettings): iam.Grant; private baseResourcePath; metric(metricName: string, stage: apigateway.IStage, props?: cloudwatch.MetricOptions): cloudwatch.Metric; metricClientError(stage: apigateway.IStage, props?: cloudwatch.MetricOptions): cloudwatch.Metric; metricServerError(stage: apigateway.IStage, props?: cloudwatch.MetricOptions): cloudwatch.Metric; metricCacheHitCount(stage: apigateway.IStage, props?: cloudwatch.MetricOptions): cloudwatch.Metric; metricCacheMissCount(stage: apigateway.IStage, props?: cloudwatch.MetricOptions): cloudwatch.Metric; metricCount(stage: apigateway.IStage, props?: cloudwatch.MetricOptions): cloudwatch.Metric; get methodArn(): string; get methodId(): string; get httpMethod(): string; }