terraconstructs 0.1.10 → 0.2.0

package/lib/aws/notify/queue.d.ts

@@ -1,9 +1,13 @@
 import { sqsQueue } from "@cdktf/provider-aws";
 import { Construct } from "constructs";
-import { SqsQueueConfig } from ".";
-import { AwsConstructBase, AwsConstructProps } from "../aws-construct";
-import * as iam from "../iam";
-export interface QueueProps extends AwsConstructProps, SqsQueueConfig {
+import { Duration } from "../../duration";
+import { IQueue, QueueBase, QueueEncryption } from "./queue-base";
+import { AwsConstructProps } from "../aws-construct";
+import * as kms from "../encryption";
+/**
+ * Properties for creating a new Queue
+ */
+export interface QueueProps extends AwsConstructProps {
     /**
      * Queue Name prefix
      *
@@ -16,7 +20,58 @@ export interface QueueProps extends AwsConstructProps, SqsQueueConfig {
      * For a FIFO (first-in-first-out) queue, the name must end with the .fifo
      * @default - GridUUID + Stack Unique Name
      */
-    readonly namePrefix?: string;
+    readonly queueName?: string;
+    /**
+     * The number of seconds that Amazon SQS retains a message.
+     *
+     * You can specify an integer value from 60 seconds (1 minute) to 1209600
+     * seconds (14 days). The default value is 345600 seconds (4 days).
+     *
+     * @default Duration.days(4)
+     */
+    readonly retentionPeriod?: Duration;
+    /**
+     * The time in seconds that the delivery of all messages in the queue is delayed.
+     *
+     * You can specify an integer value of 0 to 900 (15 minutes). The default
+     * value is 0.
+     *
+     * @default 0
+     */
+    readonly deliveryDelay?: Duration;
+    /**
+     * The limit of how many bytes that a message can contain before Amazon SQS rejects it.
+     *
+     * You can specify an integer value from 1024 bytes (1 KiB) to 1048576 bytes
+     * (1 MiB). The default value is 1048576 (1 MiB).
+     *
+     * @default 1MiB
+     */
+    readonly maxMessageSizeBytes?: number;
+    /**
+     * Default wait time for ReceiveMessage calls.
+     *
+     * Does not wait if set to 0, otherwise waits this amount of seconds
+     * by default for messages to arrive.
+     *
+     * For more information, see Amazon SQS Long Poll.
+     *
+     *  @default 0
+     */
+    readonly receiveMessageWaitTime?: Duration;
+    /**
+     * Timeout of processing a single message.
+     *
+     * After dequeuing, the processor has this much time to handle the message
+     * and delete it from the queue before it becomes visible again for dequeueing
+     * by another processor.
+     *
+     * Values must be from 0 to 43200 seconds (12 hours). If you don't specify
+     * a value, AWS CloudFormation uses the default value of 30 seconds.
+     *
+     * @default Duration.seconds(30)
+     */
+    readonly visibilityTimeout?: Duration;
     /**
      * Send messages to this queue if they were unsuccessfully dequeued a number of times.
      *
@@ -28,18 +83,40 @@ export interface QueueProps extends AwsConstructProps, SqsQueueConfig {
      */
     readonly deadLetterQueue?: DeadLetterQueue;
     /**
-     * The string that includes the parameters for the permissions for the dead-letter queue
-     * redrive permission and which source queues can specify dead-letter queues.
+     * Whether the contents of the queue are encrypted, and by what type of key.
      *
-     * @default - All source queues can designate this queue as their dead-letter queue.
+     * Be aware that encryption is not available in all regions, please see the docs
+     * for current availability details.
      *
-     * {@link https://registry.terraform.io/providers/hashicorp/aws/5.68.0/docs/resources/sqs_queue#redrive_allow_policy SqsQueue#redrive_allow_policy}
+     * @default SQS_MANAGED (SSE-SQS) for newly created queues
      */
-    readonly redriveAllowPolicy?: RedriveAllowPolicy;
+    readonly encryption?: QueueEncryption;
+    /**
+     * External KMS key to use for queue encryption.
+     *
+     * Individual messages will be encrypted using data keys. The data keys in
+     * turn will be encrypted using this key, and reused for a maximum of
+     * `dataKeyReuseSecs` seconds.
+     *
+     * If the 'encryptionMasterKey' property is set, 'encryption' type will be
+     * implicitly set to "KMS".
+     *
+     * @default If encryption is set to KMS and not specified, a key will be created.
+     */
+    readonly encryptionMasterKey?: kms.IKey;
+    /**
+     * The length of time that Amazon SQS reuses a data key before calling KMS again.
+     *
+     * The value must be an integer between 60 (1 minute) and 86,400 (24
+     * hours). The default is 300 (5 minutes).
+     *
+     * @default Duration.minutes(5)
+     */
+    readonly dataKeyReuse?: Duration;
     /**
      * Whether this a first-in-first-out (FIFO) queue.
      *
-     * @default false, unless nameSuffix ends in '.fifo' or 'contentBasedDeduplication' is true.
+     * @default false, unless queueName ends in '.fifo' or 'contentBasedDeduplication' is true.
      */
     readonly fifo?: boolean;
     /**
@@ -75,201 +152,89 @@ export interface QueueProps extends AwsConstructProps, SqsQueueConfig {
      * @default FifoThroughputLimit.PER_QUEUE
      */
     readonly fifoThroughputLimit?: FifoThroughputLimit;
-}
-/**
- * Outputs which may be registered for output via the Grid.
- */
-export interface QueueOutputs {
     /**
-     * Queue name
+     * Policy to apply when the queue is removed from the stack
+     *
+     * Even though queues are technically stateful, their contents are transient and it
+     * is common to add and remove Queues while rearchitecting your application. The
+     * default is therefore `DESTROY`. Change it to `RETAIN` if the messages are so
+     * valuable that accidentally losing them would be unacceptable.
+     *
+     * @default RemovalPolicy.DESTROY
      */
-    readonly name: string;
     /**
-     * Queue arn
+     * Enforce encryption of data in transit.
+     * @see https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-security-best-practices.html#enforce-encryption-data-in-transit
+     *
+     * @default false
      */
-    readonly arn: string;
+    readonly enforceSSL?: boolean;
     /**
-     * Queue url
+     * The string that includes the parameters for the permissions for the dead-letter queue
+     * redrive permission and which source queues can specify dead-letter queues.
+     *
+     * @default - All source queues can designate this queue as their dead-letter queue.
+     *
+     * {@link https://registry.terraform.io/providers/hashicorp/aws/5.68.0/docs/resources/sqs_queue#redrive_allow_policy SqsQueue#redrive_allow_policy}
      */
-    readonly url: string;
+    readonly redriveAllowPolicy?: RedriveAllowPolicy;
 }
 /**
- * Imported or created Queue attributes
+ * A new Amazon SQS queue
  */
-export interface IQueue extends iam.IAwsConstructWithPolicy {
-    /** Strongly typed outputs */
-    readonly queueOutputs: QueueOutputs;
-    /**
-     * The ARN of this queue
-     * @attribute
-     */
-    readonly queueArn: string;
-    /**
-     * The URL of this queue
-     * @attribute
-     */
-    readonly queueUrl: string;
-    /**
-     * The name of this queue
-     * @attribute
-     */
-    readonly queueName: string;
+export declare class Queue extends QueueBase {
     /**
-     * If this queue is configured with a dead-letter queue, this is the dead-letter queue settings.
+     * Uniquely identifies this class.
      */
-    readonly deadLetterQueue?: DeadLetterQueue;
+    static readonly PROPERTY_INJECTION_ID: string;
     /**
-     * Whether this queue is an Amazon SQS FIFO queue. If false, this is a standard queue.
+     * Import an existing SQS queue provided an ARN
+     *
+     * @param scope The parent creating construct
+     * @param id The construct's name
+     * @param queueArn queue ARN (i.e. arn:aws:sqs:us-east-2:444455556666:queue1)
      */
-    readonly fifo: boolean;
+    static fromQueueArn(scope: Construct, id: string, queueArn: string): IQueue;
+    readonly resource: sqsQueue.SqsQueue;
     /**
-     * Grant permissions to consume messages from a queue
-     *
-     * This will grant the following permissions:
-     *
-     *   - sqs:ChangeMessageVisibility
-     *   - sqs:DeleteMessage
-     *   - sqs:ReceiveMessage
-     *   - sqs:GetQueueAttributes
-     *   - sqs:GetQueueUrl
-     *
-     * @param grantee Principal to grant consume rights to
+     * The ARN of this queue
      */
-    grantConsumeMessages(grantee: iam.IGrantable): iam.Grant;
+    readonly queueArn: string;
     /**
-     * Grant access to send messages to a queue to the given identity.
-     *
-     * This will grant the following permissions:
-     *
-     *  - sqs:SendMessage
-     *  - sqs:GetQueueAttributes
-     *  - sqs:GetQueueUrl
-     *
-     * @param grantee Principal to grant send rights to
+     * The name of this queue
      */
-    grantSendMessages(grantee: iam.IGrantable): iam.Grant;
+    readonly queueName: string;
     /**
-     * Grant an IAM principal permissions to purge all messages from the queue.
-     *
-     * This will grant the following permissions:
-     *
-     *  - sqs:PurgeQueue
-     *  - sqs:GetQueueAttributes
-     *  - sqs:GetQueueUrl
-     *
-     * @param grantee Principal to grant send rights to
+     * The URL of this queue
      */
-    grantPurge(grantee: iam.IGrantable): iam.Grant;
+    readonly queueUrl: string;
     /**
-     * Grant the actions defined in queueActions to the identity Principal given
-     * on this SQS queue resource.
-     *
-     * @param grantee Principal to grant right to
-     * @param queueActions The actions to grant
+     * If this queue is encrypted, this is the KMS key.
      */
-    grant(grantee: iam.IGrantable, ...queueActions: string[]): iam.Grant;
-}
-/**
- * The `Queue` beacon provides an [AWS SQS Queue](https://aws.amazon.com/sqs/).
- *
- * ```ts
- * new notify.Queue(stack, "Queue", {
- *   namePrefix: "queue.fifo",
- *   messageRetentionSeconds: Duration.days(14).toSeconds(),
- *   visibilityTimeoutSeconds: Duration.minutes(15).toSeconds(),
- * });
- * ```
- *
- * @resource aws_sqs_queue
- * @beacon-class notify.IQueue
- */
-export declare class Queue extends AwsConstructBase implements IQueue {
-    readonly resource: sqsQueue.SqsQueue;
-    private readonly _outputs;
-    get queueOutputs(): QueueOutputs;
-    get outputs(): Record<string, any>;
-    private policy?;
-    get queueArn(): string;
-    get queueUrl(): string;
-    get queueName(): string;
-    readonly deadLetterQueue?: DeadLetterQueue;
+    readonly encryptionMasterKey?: kms.IKey;
     /**
      * Whether this queue is an Amazon SQS FIFO queue. If false, this is a standard queue.
      */
     readonly fifo: boolean;
-    constructor(scope: Construct, name: string, props?: QueueProps);
-    /**
-     * Adds a statement to the IAM resource policy associated with this queue.
-     *
-     * If this queue was created in this stack (`new Queue`), a queue policy
-     * will be automatically created upon the first call to `addToPolicy`.
-     */
-    addToResourcePolicy(statement: iam.PolicyStatement): iam.AddToResourcePolicyResult;
-    /**
-     * Grant permissions to consume messages from a queue
-     *
-     * This will grant the following permissions:
-     *
-     *   - sqs:ChangeMessageVisibility
-     *   - sqs:DeleteMessage
-     *   - sqs:ReceiveMessage
-     *   - sqs:GetQueueAttributes
-     *   - sqs:GetQueueUrl
-     *
-     * If encryption is used, permission to use the key to decrypt the contents of the queue will also be granted to the same principal.
-     *
-     * This will grant the following KMS permissions:
-     *
-     *   - kms:Decrypt
-     *
-     * @param grantee Principal to grant consume rights to
-     */
-    grantConsumeMessages(grantee: iam.IGrantable): iam.Grant;
     /**
-     * Grant access to send messages to a queue to the given identity.
-     *
-     * This will grant the following permissions:
-     *
-     *  - sqs:SendMessage
-     *  - sqs:GetQueueAttributes
-     *  - sqs:GetQueueUrl
-     *
-     * If encryption is used, permission to use the key to encrypt/decrypt the contents of the queue will also be granted to the same principal.
-     *
-     * This will grant the following KMS permissions:
-     *
-     *  - kms:Decrypt
-     *  - kms:Encrypt
-     *  - kms:ReEncrypt*
-     *  - kms:GenerateDataKey*
-     *
-     * @param grantee Principal to grant send rights to
+     * Whether the contents of the queue are encrypted, and by what type of key.
      */
-    grantSendMessages(grantee: iam.IGrantable): iam.Grant;
+    readonly encryptionType?: QueueEncryption;
     /**
-     * Grant an IAM principal permissions to purge all messages from the queue.
-     *
-     * This will grant the following permissions:
-     *
-     *  - sqs:PurgeQueue
-     *  - sqs:GetQueueAttributes
-     *  - sqs:GetQueueUrl
-     *
-     * @param grantee Principal to grant send rights to
-     */
-    grantPurge(grantee: iam.IGrantable): iam.Grant;
-    /**
-     * Grant the actions defined in queueActions to the identity Principal given
-     * on this SQS queue resource.
-     *
-     * @param grantee Principal to grant right to
-     * @param actions The actions to grant
+     * If this queue is configured with a dead-letter queue, this is the dead-letter queue settings.
      */
-    grant(grantee: iam.IGrantable, ...actions: string[]): iam.Grant;
+    readonly deadLetterQueue?: DeadLetterQueue;
+    protected readonly autoCreatePolicy = true;
+    private readonly physicalName;
+    constructor(scope: Construct, id: string, props?: QueueProps);
     /**
      * Look at the props, see if the FIFO props agree, and return the correct subset of props
      */
     private determineFifoProps;
+    /**
+     * Adds an iam statement to enforce encryption of data in transit.
+     */
+    private enforceSSLStatement;
 }
 /**
  * Dead letter queue settings
@@ -310,23 +275,6 @@ export interface RedriveAllowPolicy {
      */
     readonly sourceQueues?: IQueue[];
 }
-/**
- * The permission type that defines which source queues can specify the current queue as the dead-letter queue
- */
-export declare enum RedrivePermission {
-    /**
-     * Any source queues in this AWS account in the same Region can specify this queue as the dead-letter queue
-     */
-    ALLOW_ALL = "allowAll",
-    /**
-     * No source queues can specify this queue as the dead-letter queue
-     */
-    DENY_ALL = "denyAll",
-    /**
-     * Only queues specified by the `sourceQueueArns` parameter can specify this queue as the dead-letter queue
-     */
-    BY_QUEUE = "byQueue"
-}
 /**
  * What kind of deduplication scope to apply
  */
@@ -353,3 +301,22 @@ export declare enum FifoThroughputLimit {
      */
     PER_MESSAGE_GROUP_ID = "perMessageGroupId"
 }
+/**
+ * The permission type that defines which source queues can specify the current queue as the dead-letter queue
+ */
+export declare enum RedrivePermission {
+    /**
+     * Any source queues in this AWS account in the same Region can specify this queue as the dead-letter queue
+     */
+    ALLOW_ALL = "allowAll",
+    /**
+     * No source queues can specify this queue as the dead-letter queue
+     */
+    DENY_ALL = "denyAll",
+    /**
+     * Only queues specified by the `sourceQueueArns` parameter can specify this queue as the dead-letter queue
+     */
+    BY_QUEUE = "byQueue"
+}
+export declare function validateQueueProps(scope: Construct, props: QueueProps): void;
+export declare function validateRedriveAllowPolicy(scope: Construct, policy: RedriveAllowPolicy): void;