cdk-iam-floyd
Version:
AWS IAM policy statement generator with fluent interface for AWS CDK
954 lines • 93.7 kB
JavaScript
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.Organizations = void 0;
const shared_1 = require("../../shared");
/**
* Statement provider for service [organizations](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
class Organizations extends shared_1.PolicyStatement {
/**
* Grants permission to send a response to the originator of a handshake agreeing to the action proposed by the handshake request
*
* Access Level: Write
*
* Dependent actions:
* - iam:CreateServiceLinkedRole
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_AcceptHandshake.html
*/
toAcceptHandshake() {
return this.to('AcceptHandshake');
}
/**
* Grants permission to attach a policy to a root, an organizational unit, or an individual account
*
* Access Level: Write
*
* Possible conditions:
* - .ifPolicyType()
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_AttachPolicy.html
*/
toAttachPolicy() {
return this.to('AttachPolicy');
}
/**
* Grants permission to cancel a handshake
*
* Access Level: Write
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_CancelHandshake.html
*/
toCancelHandshake() {
return this.to('CancelHandshake');
}
/**
* Grants permission to close an AWS account that is now a part of an Organizations, either created within the organization, or invited to join the organization
*
* Access Level: Write
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_CloseAccount.html
*/
toCloseAccount() {
return this.to('CloseAccount');
}
/**
* Grants permission to create an AWS account that is automatically a member of the organization with the credentials that made the request
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_CreateAccount.html
*/
toCreateAccount() {
return this.to('CreateAccount');
}
/**
* Grants permission to create an AWS GovCloud (US) account
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_CreateGovCloudAccount.html
*/
toCreateGovCloudAccount() {
return this.to('CreateGovCloudAccount');
}
/**
* Grants permission to create an organization. The account with the credentials that calls the CreateOrganization operation automatically becomes the management account of the new organization
*
* Access Level: Write
*
* Dependent actions:
* - iam:CreateServiceLinkedRole
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_CreateOrganization.html
*/
toCreateOrganization() {
return this.to('CreateOrganization');
}
/**
* Grants permission to create an organizational unit (OU) within a root or parent OU
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_CreateOrganizationalUnit.html
*/
toCreateOrganizationalUnit() {
return this.to('CreateOrganizationalUnit');
}
/**
* Grants permission to create a policy that you can attach to a root, an organizational unit (OU), or an individual AWS account
*
* Access Level: Write
*
* Possible conditions:
* - .ifPolicyType()
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_CreatePolicy.html
*/
toCreatePolicy() {
return this.to('CreatePolicy');
}
/**
* Grants permission to decline a handshake request. This sets the handshake state to DECLINED and effectively deactivates the request
*
* Access Level: Write
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_DeclineHandshake.html
*/
toDeclineHandshake() {
return this.to('DeclineHandshake');
}
/**
* Grants permission to delete the organization
*
* Access Level: Write
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_DeleteOrganization.html
*/
toDeleteOrganization() {
return this.to('DeleteOrganization');
}
/**
* Grants permission to delete an organizational unit from a root or another OU
*
* Access Level: Write
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_DeleteOrganizationalUnit.html
*/
toDeleteOrganizationalUnit() {
return this.to('DeleteOrganizationalUnit');
}
/**
* Grants permission to delete a policy from your organization
*
* Access Level: Write
*
* Possible conditions:
* - .ifPolicyType()
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_DeletePolicy.html
*/
toDeletePolicy() {
return this.to('DeletePolicy');
}
/**
* Grants permission to delete a resource policy from your organization
*
* Access Level: Write
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_DeleteResourcePolicy.html
*/
toDeleteResourcePolicy() {
return this.to('DeleteResourcePolicy');
}
/**
* Grants permission to deregister the specified member AWS account as a delegated administrator for the AWS service that is specified by ServicePrincipal
*
* Access Level: Write
*
* Possible conditions:
* - .ifServicePrincipal()
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_DeregisterDelegatedAdministrator.html
*/
toDeregisterDelegatedAdministrator() {
return this.to('DeregisterDelegatedAdministrator');
}
/**
* Grants permission to retrieve Organizations-related details about the specified account
*
* Access Level: Read
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_DescribeAccount.html
*/
toDescribeAccount() {
return this.to('DescribeAccount');
}
/**
* Grants permission to retrieve the current status of an asynchronous request to create an account
*
* Access Level: Read
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_DescribeCreateAccountStatus.html
*/
toDescribeCreateAccountStatus() {
return this.to('DescribeCreateAccountStatus');
}
/**
* Grants permission to retrieve the effective policy for an account
*
* Access Level: Read
*
* Possible conditions:
* - .ifPolicyType()
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_DescribeEffectivePolicy.html
*/
toDescribeEffectivePolicy() {
return this.to('DescribeEffectivePolicy');
}
/**
* Grants permission to retrieve details about a previously requested handshake
*
* Access Level: Read
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_DescribeHandshake.html
*/
toDescribeHandshake() {
return this.to('DescribeHandshake');
}
/**
* Grants permission to retrieves details about the organization that the calling credentials belong to
*
* Access Level: Read
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_DescribeOrganization.html
*/
toDescribeOrganization() {
return this.to('DescribeOrganization');
}
/**
* Grants permission to retrieve details about an organizational unit (OU)
*
* Access Level: Read
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_DescribeOrganizationalUnit.html
*/
toDescribeOrganizationalUnit() {
return this.to('DescribeOrganizationalUnit');
}
/**
* Grants permission to retrieves details about a policy
*
* Access Level: Read
*
* Possible conditions:
* - .ifPolicyType()
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_DescribePolicy.html
*/
toDescribePolicy() {
return this.to('DescribePolicy');
}
/**
* Grants permission to retrieve information about a resource policy
*
* Access Level: Read
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_DescribeResourcePolicy.html
*/
toDescribeResourcePolicy() {
return this.to('DescribeResourcePolicy');
}
/**
* Grants permission to detach a policy from a target root, organizational unit, or account
*
* Access Level: Write
*
* Possible conditions:
* - .ifPolicyType()
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_DetachPolicy.html
*/
toDetachPolicy() {
return this.to('DetachPolicy');
}
/**
* Grants permission to disable integration of an AWS service (the service that is specified by ServicePrincipal) with AWS Organizations
*
* Access Level: Write
*
* Possible conditions:
* - .ifServicePrincipal()
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_DisableAWSServiceAccess.html
*/
toDisableAWSServiceAccess() {
return this.to('DisableAWSServiceAccess');
}
/**
* Grants permission to disable an organization policy type in a root
*
* Access Level: Write
*
* Possible conditions:
* - .ifPolicyType()
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_DisablePolicyType.html
*/
toDisablePolicyType() {
return this.to('DisablePolicyType');
}
/**
* Grants permission to enable integration of an AWS service (the service that is specified by ServicePrincipal) with AWS Organizations
*
* Access Level: Write
*
* Possible conditions:
* - .ifServicePrincipal()
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_EnableAWSServiceAccess.html
*/
toEnableAWSServiceAccess() {
return this.to('EnableAWSServiceAccess');
}
/**
* Grants permission to start the process to enable all features in an organization, upgrading it from supporting only Consolidated Billing features
*
* Access Level: Write
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_EnableAllFeatures.html
*/
toEnableAllFeatures() {
return this.to('EnableAllFeatures');
}
/**
* Grants permission to enable a policy type in a root
*
* Access Level: Write
*
* Possible conditions:
* - .ifPolicyType()
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_EnablePolicyType.html
*/
toEnablePolicyType() {
return this.to('EnablePolicyType');
}
/**
* Grants permission to send an invitation to another AWS account, asking it to join your organization as a member account
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_InviteAccountToOrganization.html
*/
toInviteAccountToOrganization() {
return this.to('InviteAccountToOrganization');
}
/**
* Grants permission to remove a member account from its parent organization
*
* Access Level: Write
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_LeaveOrganization.html
*/
toLeaveOrganization() {
return this.to('LeaveOrganization');
}
/**
* Grants permission to retrieve the list of the AWS services for which you enabled integration with your organization
*
* Access Level: List
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListAWSServiceAccessForOrganization.html
*/
toListAWSServiceAccessForOrganization() {
return this.to('ListAWSServiceAccessForOrganization');
}
/**
* Grants permission to list all of the the accounts in the organization
*
* Access Level: List
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListAccounts.html
*/
toListAccounts() {
return this.to('ListAccounts');
}
/**
* Grants permission to list the accounts in an organization that are contained by a root or organizational unit (OU)
*
* Access Level: List
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListAccountsForParent.html
*/
toListAccountsForParent() {
return this.to('ListAccountsForParent');
}
/**
* Grants permission to list all of the OUs or accounts that are contained in a parent OU or root
*
* Access Level: List
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListChildren.html
*/
toListChildren() {
return this.to('ListChildren');
}
/**
* Grants permission to list the asynchronous account creation requests that are currently being tracked for the organization
*
* Access Level: List
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListCreateAccountStatus.html
*/
toListCreateAccountStatus() {
return this.to('ListCreateAccountStatus');
}
/**
* Grants permission to list the AWS accounts that are designated as delegated administrators in this organization
*
* Access Level: List
*
* Possible conditions:
* - .ifServicePrincipal()
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListDelegatedAdministrators.html
*/
toListDelegatedAdministrators() {
return this.to('ListDelegatedAdministrators');
}
/**
* Grants permission to list the AWS services for which the specified account is a delegated administrator in this organization
*
* Access Level: List
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListDelegatedServicesForAccount.html
*/
toListDelegatedServicesForAccount() {
return this.to('ListDelegatedServicesForAccount');
}
/**
* Grants permission to list all of the handshakes that are associated with an account
*
* Access Level: List
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListHandshakesForAccount.html
*/
toListHandshakesForAccount() {
return this.to('ListHandshakesForAccount');
}
/**
* Grants permission to list the handshakes that are associated with the organization
*
* Access Level: List
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListHandshakesForOrganization.html
*/
toListHandshakesForOrganization() {
return this.to('ListHandshakesForOrganization');
}
/**
* Grants permission to lists all of the organizational units (OUs) in a parent organizational unit or root
*
* Access Level: List
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListOrganizationalUnitsForParent.html
*/
toListOrganizationalUnitsForParent() {
return this.to('ListOrganizationalUnitsForParent');
}
/**
* Grants permission to list the root or organizational units (OUs) that serve as the immediate parent of a child OU or account
*
* Access Level: List
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListParents.html
*/
toListParents() {
return this.to('ListParents');
}
/**
* Grants permission to list all of the policies in an organization
*
* Access Level: List
*
* Possible conditions:
* - .ifPolicyType()
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListPolicies.html
*/
toListPolicies() {
return this.to('ListPolicies');
}
/**
* Grants permission to list all of the policies that are directly attached to a root, organizational unit (OU), or account
*
* Access Level: List
*
* Possible conditions:
* - .ifPolicyType()
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListPoliciesForTarget.html
*/
toListPoliciesForTarget() {
return this.to('ListPoliciesForTarget');
}
/**
* Grants permission to list all of the roots that are defined in the organization
*
* Access Level: List
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListRoots.html
*/
toListRoots() {
return this.to('ListRoots');
}
/**
* Grants permission to list all tags for the specified resource
*
* Access Level: List
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListTagsForResource.html
*/
toListTagsForResource() {
return this.to('ListTagsForResource');
}
/**
* Grants permission to list all the roots, OUs, and accounts to which a policy is attached
*
* Access Level: List
*
* Possible conditions:
* - .ifPolicyType()
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListTargetsForPolicy.html
*/
toListTargetsForPolicy() {
return this.to('ListTargetsForPolicy');
}
/**
* Grants permission to move an account from its current root or OU to another parent root or OU
*
* Access Level: Write
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_MoveAccount.html
*/
toMoveAccount() {
return this.to('MoveAccount');
}
/**
* Grants permission to create or update a resource policy
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_PutResourcePolicy.html
*/
toPutResourcePolicy() {
return this.to('PutResourcePolicy');
}
/**
* Grants permission to register the specified member account to administer the Organizations features of the AWS service that is specified by ServicePrincipal
*
* Access Level: Write
*
* Possible conditions:
* - .ifServicePrincipal()
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_RegisterDelegatedAdministrator.html
*/
toRegisterDelegatedAdministrator() {
return this.to('RegisterDelegatedAdministrator');
}
/**
* Grants permission to removes the specified account from the organization
*
* Access Level: Write
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_RemoveAccountFromOrganization.html
*/
toRemoveAccountFromOrganization() {
return this.to('RemoveAccountFromOrganization');
}
/**
* Grants permission to add one or more tags to the specified resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_TagResource.html
*/
toTagResource() {
return this.to('TagResource');
}
/**
* Grants permission to remove one or more tags from the specified resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_UntagResource.html
*/
toUntagResource() {
return this.to('UntagResource');
}
/**
* Grants permission to rename an organizational unit (OU)
*
* Access Level: Write
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_UpdateOrganizationalUnit.html
*/
toUpdateOrganizationalUnit() {
return this.to('UpdateOrganizationalUnit');
}
/**
* Grants permission to update an existing policy with a new name, description, or content
*
* Access Level: Write
*
* Possible conditions:
* - .ifPolicyType()
*
* https://docs.aws.amazon.com/organizations/latest/APIReference/API_UpdatePolicy.html
*/
toUpdatePolicy() {
return this.to('UpdatePolicy');
}
/**
* Adds a resource of type account to the statement
*
* https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions_overview.html
*
* @param organizationId - Identifier for the organizationId.
* @param accountId - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onAccount(organizationId, accountId, account, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:organizations::${account ?? this.defaultAccount}:account/o-${organizationId}/${accountId ?? this.defaultAccount}`);
}
/**
* Adds a resource of type handshake to the statement
*
* https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions_overview.html
*
* @param organizationId - Identifier for the organizationId.
* @param handshakeType - Identifier for the handshakeType.
* @param handshakeId - Identifier for the handshakeId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onHandshake(organizationId, handshakeType, handshakeId, account, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:organizations::${account ?? this.defaultAccount}:handshake/o-${organizationId}/${handshakeType}/h-${handshakeId}`);
}
/**
* Adds a resource of type organization to the statement
*
* https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions_overview.html
*
* @param organizationId - Identifier for the organizationId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onOrganization(organizationId, account, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:organizations::${account ?? this.defaultAccount}:organization/o-${organizationId}`);
}
/**
* Adds a resource of type organizationalunit to the statement
*
* https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions_overview.html
*
* @param organizationId - Identifier for the organizationId.
* @param organizationalUnitId - Identifier for the organizationalUnitId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onOrganizationalunit(organizationId, organizationalUnitId, account, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:organizations::${account ?? this.defaultAccount}:ou/o-${organizationId}/ou-${organizationalUnitId}`);
}
/**
* Adds a resource of type policy to the statement
*
* https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions_overview.html
*
* @param organizationId - Identifier for the organizationId.
* @param policyType - Identifier for the policyType.
* @param policyId - Identifier for the policyId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onPolicy(organizationId, policyType, policyId, account, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:organizations::${account ?? this.defaultAccount}:policy/o-${organizationId}/${policyType}/p-${policyId}`);
}
/**
* Adds a resource of type resourcepolicy to the statement
*
* https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions_overview.html
*
* @param organizationId - Identifier for the organizationId.
* @param resourcePolicyId - Identifier for the resourcePolicyId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onResourcepolicy(organizationId, resourcePolicyId, account, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:organizations::${account ?? this.defaultAccount}:resourcepolicy/o-${organizationId}/rp-${resourcePolicyId}`);
}
/**
* Adds a resource of type awspolicy to the statement
*
* https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions_overview.html
*
* @param policyType - Identifier for the policyType.
* @param policyId - Identifier for the policyId.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onAwspolicy(policyType, policyId, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:organizations::aws:policy/${policyType}/p-${policyId}`);
}
/**
* Adds a resource of type root to the statement
*
* https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions_overview.html
*
* @param organizationId - Identifier for the organizationId.
* @param rootId - Identifier for the rootId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onRoot(organizationId, rootId, account, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:organizations::${account ?? this.defaultAccount}:root/o-${organizationId}/r-${rootId}`);
}
/**
* Filters access by the tags that are passed in the request
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag
*
* Applies to actions:
* - .toCreateAccount()
* - .toCreateGovCloudAccount()
* - .toCreateOrganizationalUnit()
* - .toCreatePolicy()
* - .toInviteAccountToOrganization()
* - .toPutResourcePolicy()
* - .toTagResource()
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsRequestTag(tagKey, value, operator) {
return this.if(`aws:RequestTag/${tagKey}`, value, operator ?? 'StringLike');
}
/**
* Filters access by the tags associated with the resource
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag
*
* Applies to actions:
* - .toCreateAccount()
* - .toCreateGovCloudAccount()
* - .toCreatePolicy()
*
* Applies to resource types:
* - account
* - organizationalunit
* - policy
* - resourcepolicy
* - root
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsResourceTag(tagKey, value, operator) {
return this.if(`aws:ResourceTag/${tagKey}`, value, operator ?? 'StringLike');
}
/**
* Filters access by the tag keys that are passed in the request
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys
*
* Applies to actions:
* - .toCreateAccount()
* - .toCreateGovCloudAccount()
* - .toCreateOrganizationalUnit()
* - .toCreatePolicy()
* - .toInviteAccountToOrganization()
* - .toPutResourcePolicy()
* - .toTagResource()
* - .toUntagResource()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsTagKeys(value, operator) {
return this.if(`aws:TagKeys`, value, operator ?? 'StringLike');
}
/**
* Filters access by the specified policy type names
*
* https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions_overview.html#orgs_permissions_conditionkeys
*
* Applies to actions:
* - .toAttachPolicy()
* - .toCreatePolicy()
* - .toDeletePolicy()
* - .toDescribeEffectivePolicy()
* - .toDescribePolicy()
* - .toDetachPolicy()
* - .toDisablePolicyType()
* - .toEnablePolicyType()
* - .toListPolicies()
* - .toListPoliciesForTarget()
* - .toListTargetsForPolicy()
* - .toTagResource()
* - .toUpdatePolicy()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifPolicyType(value, operator) {
return this.if(`PolicyType`, value, operator ?? 'StringLike');
}
/**
* Filters access by the specified service principal names
*
* https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions_overview.html#orgs_permissions_conditionkeys
*
* Applies to actions:
* - .toDeregisterDelegatedAdministrator()
* - .toDisableAWSServiceAccess()
* - .toEnableAWSServiceAccess()
* - .toListDelegatedAdministrators()
* - .toRegisterDelegatedAdministrator()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifServicePrincipal(value, operator) {
return this.if(`ServicePrincipal`, value, operator ?? 'StringLike');
}
/**
* Statement provider for service [organizations](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html).
*
*/
constructor(props) {
super(props);
this.servicePrefix = 'organizations';
this.accessLevelList = {
Write: [
'AcceptHandshake',
'AttachPolicy',
'CancelHandshake',
'CloseAccount',
'CreateAccount',
'CreateGovCloudAccount',
'CreateOrganization',
'CreateOrganizationalUnit',
'CreatePolicy',
'DeclineHandshake',
'DeleteOrganization',
'DeleteOrganizationalUnit',
'DeletePolicy',
'DeleteResourcePolicy',
'DeregisterDelegatedAdministrator',
'DetachPolicy',
'DisableAWSServiceAccess',
'DisablePolicyType',
'EnableAWSServiceAccess',
'EnableAllFeatures',
'EnablePolicyType',
'InviteAccountToOrganization',
'LeaveOrganization',
'MoveAccount',
'PutResourcePolicy',
'RegisterDelegatedAdministrator',
'RemoveAccountFromOrganization',
'UpdateOrganizationalUnit',
'UpdatePolicy'
],
Read: [
'DescribeAccount',
'DescribeCreateAccountStatus',
'DescribeEffectivePolicy',
'DescribeHandshake',
'DescribeOrganization',
'DescribeOrganizationalUnit',
'DescribePolicy',
'DescribeResourcePolicy'
],
List: [
'ListAWSServiceAccessForOrganization',
'ListAccounts',
'ListAccountsForParent',
'ListChildren',
'ListCreateAccountStatus',
'ListDelegatedAdministrators',
'ListDelegatedServicesForAccount',
'ListHandshakesForAccount',
'ListHandshakesForOrganization',
'ListOrganizationalUnitsForParent',
'ListParents',
'ListPolicies',
'ListPoliciesForTarget',
'ListRoots',
'ListTagsForResource',
'ListTargetsForPolicy'
],
Tagging: [
'TagResource',
'UntagResource'
]
};
}
}
exports.Organizations = Organizations;
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib3JnYW5pemF0aW9ucy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIm9yZ2FuaXphdGlvbnMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQ0EseUNBQXlEO0FBR3pEOzs7O0dBSUc7QUFDSCxNQUFhLGFBQWMsU0FBUSx3QkFBZTtJQUdoRDs7Ozs7Ozs7O09BU0c7SUFDSSxpQkFBaUI7UUFDdEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGlCQUFpQixDQUFDLENBQUM7SUFDcEMsQ0FBQztJQUVEOzs7Ozs7Ozs7T0FTRztJQUNJLGNBQWM7UUFDbkIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGNBQWMsQ0FBQyxDQUFDO0lBQ2pDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxpQkFBaUI7UUFDdEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGlCQUFpQixDQUFDLENBQUM7SUFDcEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGNBQWM7UUFDbkIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGNBQWMsQ0FBQyxDQUFDO0lBQ2pDLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7T0FXRztJQUNJLGVBQWU7UUFDcEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGVBQWUsQ0FBQyxDQUFDO0lBQ2xDLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7T0FXRztJQUNJLHVCQUF1QjtRQUM1QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsdUJBQXVCLENBQUMsQ0FBQztJQUMxQyxDQUFDO0lBRUQ7Ozs7Ozs7OztPQVNHO0lBQ0ksb0JBQW9CO1FBQ3pCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxvQkFBb0IsQ0FBQyxDQUFDO0lBQ3ZDLENBQUM7SUFFRDs7Ozs7Ozs7OztPQVVHO0lBQ0ksMEJBQTBCO1FBQy9CLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQywwQkFBMEIsQ0FBQyxDQUFDO0lBQzdDLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7O09BWUc7SUFDSSxjQUFjO1FBQ25CLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxjQUFjLENBQUMsQ0FBQztJQUNqQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksa0JBQWtCO1FBQ3ZCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDO0lBQ3JDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxvQkFBb0I7UUFDekIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLG9CQUFvQixDQUFDLENBQUM7SUFDdkMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLDBCQUEwQjtRQUMvQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsMEJBQTBCLENBQUMsQ0FBQztJQUM3QyxDQUFDO0lBRUQ7Ozs7Ozs7OztPQVNHO0lBQ0ksY0FBYztRQUNuQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsY0FBYyxDQUFDLENBQUM7SUFDakMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHNCQUFzQjtRQUMzQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsc0JBQXNCLENBQUMsQ0FBQztJQUN6QyxDQUFDO0lBRUQ7Ozs7Ozs7OztPQVNHO0lBQ0ksa0NBQWtDO1FBQ3ZDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxrQ0FBa0MsQ0FBQyxDQUFDO0lBQ3JELENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxpQkFBaUI7UUFDdEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGlCQUFpQixDQUFDLENBQUM7SUFDcEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLDZCQUE2QjtRQUNsQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsNkJBQTZCLENBQUMsQ0FBQztJQUNoRCxDQUFDO0lBRUQ7Ozs7Ozs7OztPQVNHO0lBQ0kseUJBQXlCO1FBQzlCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyx5QkFBeUIsQ0FBQyxDQUFDO0lBQzVDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxtQkFBbUI7UUFDeEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLG1CQUFtQixDQUFDLENBQUM7SUFDdEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHNCQUFzQjtRQUMzQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsc0JBQXNCLENBQUMsQ0FBQztJQUN6QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksNEJBQTRCO1FBQ2pDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyw0QkFBNEIsQ0FBQyxDQUFDO0lBQy9DLENBQUM7SUFFRDs7Ozs7Ozs7O09BU0c7SUFDSSxnQkFBZ0I7UUFDckIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGdCQUFnQixDQUFDLENBQUM7SUFDbkMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHdCQUF3QjtRQUM3QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsd0JBQXdCLENBQUMsQ0FBQztJQUMzQyxDQUFDO0lBRUQ7Ozs7Ozs7OztPQVNHO0lBQ0ksY0FBYztRQUNuQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsY0FBYyxDQUFDLENBQUM7SUFDakMsQ0FBQztJQUVEOzs7Ozs7Ozs7T0FTRztJQUNJLHlCQUF5QjtRQUM5QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMseUJBQXlCLENBQUMsQ0FBQztJQUM1QyxDQUFDO0lBRUQ7Ozs7Ozs7OztPQVNHO0lBQ0ksbUJBQW1CO1FBQ3hCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxtQkFBbUIsQ0FBQyxDQUFDO0lBQ3RDLENBQUM7SUFFRDs7Ozs7Ozs7O09BU0c7SUFDSSx3QkFBd0I7UUFDN0IsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHdCQUF3QixDQUFDLENBQUM7SUFDM0MsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLG1CQUFtQjtRQUN4QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsbUJBQW1CLENBQUMsQ0FBQztJQUN0QyxDQUFDO0lBRUQ7Ozs7Ozs7OztPQVNHO0lBQ0ksa0JBQWtCO1FBQ3ZCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDO0lBQ3JDLENBQUM7SUFFRDs7Ozs7Ozs7OztPQVVHO0lBQ0ksNkJBQTZCO1FBQ2xDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyw2QkFBNkIsQ0FBQyxDQUFDO0lBQ2hELENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxtQkFBbUI7UUFDeEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLG1CQUFtQixDQUFDLENBQUM7SUFDdEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHFDQUFxQztRQUMxQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMscUNBQXFDLENBQUMsQ0FBQztJQUN4RCxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksY0FBYztRQUNuQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsY0FBYyxDQUFDLENBQUM7SUFDakMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHVCQUF1QjtRQUM1QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsdUJBQXVCLENBQUMsQ0FBQztJQUMxQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksY0FBYztRQUNuQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsY0FBYyxDQUFDLENBQUM7SUFDakMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHlCQUF5QjtRQUM5QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMseUJBQXlCLENBQUMsQ0FBQztJQUM1QyxDQUFDO0lBRUQ7Ozs7Ozs7OztPQVNHO0lBQ0ksNkJBQTZCO1FBQ2xDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyw2QkFBNkIsQ0FBQyxDQUFDO0lBQ2hELENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxpQ0FBaUM7UUFDdEMsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGlDQUFpQyxDQUFDLENBQUM7SUFDcEQsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLDBCQUEwQjtRQUMvQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsMEJBQTBCLENBQUMsQ0FBQztJQUM3QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksK0JBQStCO1FBQ3BDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQywrQkFBK0IsQ0FBQyxDQUFDO0lBQ2xELENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxrQ0FBa0M7UUFDdkMsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGtDQUFrQyxDQUFDLENBQUM7SUFDckQsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGFBQWE7UUFDbEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGFBQWEsQ0FBQyxDQUFDO0lBQ2hDLENBQUM7SUFFRDs7Ozs7Ozs7O09BU0c7SUFDSSxjQUFjO1FBQ25CLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxjQUFjLENBQUMsQ0FBQztJQUNqQyxDQUFDO0lBRUQ7Ozs7Ozs7OztPQVNHO0lBQ0ksdUJBQXVCO1FBQzVCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyx1QkFBdUIsQ0FBQyxDQUFDO0lBQzFDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxXQUFXO1FBQ2hCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxXQUFXLENBQUMsQ0FBQztJQUM5QixDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0kscUJBQXFCO1FBQzFCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxxQkFBcUIsQ0FBQyxDQUFDO0lBQ3hDLENBQUM7SUFFRDs7Ozs7Ozs7O09BU0c7SUFDSSxzQkFBc0I7UUFDM0IsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHNCQUFzQixDQUFDLENBQUM7SUFDekMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGFBQWE7UUFDbEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGFBQWEsQ0FBQyxDQUFDO0lBQ2hDLENBQUM7SUFFRDs7Ozs7Ozs7OztPQVVHO0lBQ0ksbUJBQW1CO1FBQ3hCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxtQkFBbUIsQ0FBQyxDQUFDO0lBQ3RDLENBQUM7SUFFRDs7Ozs7Ozs7O09BU0c7SUFDSSxnQ0FBZ0M7UUFDckMsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGdDQUFnQyxDQUFDLENBQUM7SUFDbkQsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLCtCQUErQjtRQUNwQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsK0JBQStCLENBQUMsQ0FBQztJQUNsRCxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7T0FVRztJQUNJLGFBQWE7UUFDbEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGFBQWEsQ0FBQyxDQUFDO0lBQ2hDLENBQUM7SUFFRDs7Ozs7Ozs7O09BU0c7SUFDSSxlQUFlO1FBQ3BCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxlQUFlLENBQUMsQ0FBQztJQUNsQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksMEJBQTBCO1FBQy9CLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQywwQkFBMEIsQ0FBQyxDQUFDO0lBQzdDLENBQUM7SUFFRDs7Ozs7Ozs7O09BU0c7SUFDSSxjQUFjO1FBQ25CLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxjQUFjLENBQUMsQ0FBQztJQUNqQyxDQUFDO0lBb0VEOzs7Ozs7Ozs7Ozs7T0FZRztJQUNJLFNBQVMsQ0FBQyxjQUFzQixFQUFFLFNBQWtCLEVBQUUsT0FBZ0IsRUFBRSxTQUFrQjtRQUMvRixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsT0FBUSxTQUFTLElBQUksSUFBSSxDQUFDLGdCQUFpQixtQkFBb0IsT0FBTyxJQUFJLElBQUksQ0FBQyxjQUFlLGNBQWUsY0FBZSxJQUFLLFNBQVMsSUFBSSxJQUFJLENBQUMsY0FBZSxFQUFFLENBQUMsQ0FBQztJQUN2TCxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7T0FVRztJQUNJLFdBQVcsQ0FBQyxjQUFzQixFQUFFLGFBQXFCLEVBQUUsV0FBbUIsRUFBRSxPQUFnQixFQUFFLFNBQWtCO1FBQ3pILE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxPQUFRLFNBQVMsSUFBSSxJQUFJLENBQUMsZ0JBQWlCLG1CQUFvQixPQUFPLElBQUksSUFBSSxDQUFDLGNBQWUsZ0JBQWlCLGNBQWUsSUFBSyxhQUFjLE1BQU8sV0FBWSxFQUFFLENBQUMsQ0FBQztJQUN6TCxDQUFDO0lBRUQ7Ozs7Ozs7O09BUUc7SUFDSSxjQUFjLENBQUMsY0FBc0IsRUFBRSxPQUFnQixFQUFFLFNBQWtCO1FBQ2hGLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxPQUFRLFNBQVMsSUFBSSxJQUFJLENBQUMsZ0JBQWlCLG1CQUFvQixPQUFPLElBQUksSUFBSSxDQUFDLGNBQWUsbUJBQW9CLGNBQWUsRUFBRSxDQUFDLENBQUM7SUFDdEosQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7T0FZRztJQUNJLG9CQUFvQixDQUFDLGNBQXNCLEVBQUUsb0JBQTRCLEVBQUUsT0FBZ0IsRUFBRSxTQUFrQjtRQUNwSCxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsT0FBUSxTQUFTLElBQUksSUFBSSxDQUFDLGdCQUFpQixtQkFBb0IsT0FBTyxJQUFJLElBQUksQ0FBQyxjQUFlLFNBQVUsY0FBZSxPQUFRLG9CQUFxQixFQUFFLENBQUMsQ0FBQztJQUN6SyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7T0FhRztJQUNJLFFBQVEsQ0FBQyxjQUFzQixFQUFFLFVBQWtCLEVBQUUsUUFBZ0IsRUFBRSxPQUFnQixFQUFFLFNBQWtCO1FBQ2hILE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxPQUFRLFNBQVMsSUFBSSxJQUFJLENBQUMsZ0JBQWlCLG1CQUFvQixPQUFPLElBQUksSUFBSSxDQUFDLGNBQWUsYUFBYyxjQUFlLElBQUssVUFBVyxNQUFPLFFBQVMsRUFBRSxDQUFDLENBQUM7SUFDaEwsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7T0FZRztJQUNJLGdCQUFnQixDQUFDLGNBQXNCLEVBQUUsZ0JBQXdCLEVBQUUsT0FBZ0IsRUFBRSxTQUFrQjtRQUM1RyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsT0FBUSxTQUFTLElBQUksSUFBSSxDQUFDLGdCQUFpQixtQkFBb0IsT0FBTyxJQUFJLElBQUksQ0FBQyxjQUFlLHFCQUFzQixjQUFlLE9BQVEsZ0JBQWlCLEVBQUUsQ0FBQyxDQUFDO0lBQ2pMLENBQUM7SUFFRDs7Ozs7Ozs7T0FRRztJQUNJLFdBQVcsQ0FBQyxVQUFrQixFQUFFLFFBQWdCLEVBQUUsU0FBa0I7UUFDekUsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLE9BQVEsU0FBUyxJQUFJLElBQUksQ0FBQyxnQkFBaUIsOEJBQStCLFVBQVcsTUFBTyxRQUFTLEVBQUUsQ0FBQyxDQUFDO0lBQzFILENBQUM7SUFFRDs7Ozs7Ozs7Ozs7O09BWUc7SUFDSSxNQUFNLENBQUMsY0FBc0IsRUFBRSxNQUFjLEVBQUUsT0FBZ0IsRUFBRSxTQUFrQjtRQUN4RixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsT0FBUSxTQUFTLElBQUksSUFBSSxDQUFDLGdCQUFpQixtQkFBb0IsT0FBTyxJQUFJLElBQUksQ0FBQyxjQUFlLFdBQVksY0FBZSxNQUFPLE1BQU8sRUFBRSxDQUFDLENBQUM7SUFDNUosQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7Ozs7OztPQWlCRztJQUNJLGVBQWUsQ0FBQyxNQUFjLEVBQUUsS0FBd0IsRUFBRSxRQUE0QjtRQUMzRixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsa0JBQW1CLE1BQU8sRUFBRSxFQUFFLEtBQUssRUFBRSxRQUFRLElBQUksWUFBWSxDQUFDLENBQUM7SUFDaEYsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7Ozs7Ozs7OztPQW9CRztJQUNJLGdCQUFnQixDQUFDLE1BQWMsRUFBRSxLQUF3QixFQUFFLFFBQTRCO1FBQzVGLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxtQkFBb0IsTUFBTyxFQUFFLEVBQUUsS0FBSyxFQUFFLFFBQVEsSUFBSSxZQUFZLENBQUMsQ0FBQztJQUNqRixDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7Ozs7O09BaUJHO0lBQ0ksWUFBWSxDQUFDLEtBQXdCLEVBQUUsUUFBNEI7UUFDeEUsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGFBQWEsRUFBRSxLQUFLLEVBQUUsUUFBUSxJQUFJLFlBQVksQ0FBQyxDQUFDO0lBQ2pFLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztPQXNCRztJQUNJLFlBQVksQ0FBQyxLQUF3QixFQUFFLFFBQTRCO1FBQ3hFLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxZQUFZLEVBQUUsS0FBSyxFQUFFLFFBQVEsSUFBSSxZQUFZLENBQUMsQ0FBQztJQUNoRSxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7O09BY0c7SUFDSSxrQkFBa0IsQ0FBQyxLQUF3QixFQUFFLFFBQTRCO1FBQzlFLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxrQkFBa0IsRUFBRSxLQUFLLEVBQUUsUUFBUSxJQUFJLFlBQVksQ0FBQyxDQUFDO0lBQ3RFLENBQUM7SUFFRDs7O09BR0c7SUFDSCxZQUFZLEtBQWdDO1FBQzFDLEtBQUssQ0FBQyxLQUFLLENBQUMsQ0FBQztRQWovQlIsa0JBQWEsR0FBRyxlQUFlLENBQUM7UUF3ckI3QixvQkFBZSxHQUFvQjtZQUMzQyxLQUFLLEVBQUU7Z0JBQ0wsaUJBQWlCO2dCQUNqQixjQUFjO2dCQUNkLGlCQUFpQjtnQkFDakIsY0FBYztnQkFDZCxlQUFlO2dCQUNmLHVCQUF1QjtnQkFDdkIsb0JBQW9CO2dCQUNwQiwwQkFBMEI7Z0JBQzFCLGNBQWM7Z0JBQ2Qsa0JBQWtCO2dCQUNsQixvQkFBb0I7Z0JBQ3BCLDBCQUEwQjtnQkFDMUIsY0FBYztnQkFDZCxzQkFBc0I7Z0JBQ3RCLGtDQUFrQztnQkFDbEMsY0FBYztnQkFDZCx5QkFBeUI7Z0JBQ3pCLG1CQUFtQjtnQkFDbkIsd0JBQXdCO2dCQUN4QixtQkFBbUI7Z0JBQ25CLGtCQUFrQjtnQkFDbEIsNkJBQTZCO2dCQUM3QixtQkFBbUI7Z0JBQ25CLGFBQWE7Z0JBQ2IsbUJBQW1CO2dCQUNuQixnQ0FBZ0M7Z0JBQ2hDLCtCQUErQjtnQkFDL0IsMEJBQTBCO2dCQUMxQixjQUFjO2FBQ2Y7WUFDRCxJQUFJLEVBQUU7Z0JBQ0osaUJBQWlCO2dCQUNqQiw2QkFBNkI7Z0JBQzdCLHlCQUF5QjtnQkFDekIsbUJBQW1CO2dCQUNuQixzQkFBc0I7Z0JBQ3RCLDRCQUE0QjtnQkFDNUIsZ0JBQWdCO2dCQUNoQix3QkFBd0I7YUFDekI7WUFDRCxJQUFJLEVBQUU7Z0JBQ0oscUNBQXFDO2dCQUNyQyxjQUFjO2dCQUNkLHVCQUF1QjtnQkFDdkIsY0FBYztnQkFDZCx5QkFBeUI7Z0JBQ3pCLDZCQUE2QjtnQkFDN0IsaUNBQWlDO2dCQUNqQywwQkFBMEI7Z0JBQzFCLCtCQUErQjtnQkFDL0Isa0NBQWtDO2dCQUNsQyxhQUFhO2dCQUNiLGNBQWM7Z0JBQ2QsdUJBQXVCO2dCQUN2QixXQUFXO2dCQUNYLHFCQUFxQjtnQkFDckIsc0JBQXNCO2FBQ3ZCO1lBQ0QsT0FBTyxFQUFFO2dCQUNQLGFBQWE7Z0JBQ2IsZUFBZTthQUNoQjtTQUNGLENBQUM7SUEwUEYsQ0FBQztDQUNGO0FBcC9CRCxzQ0FvL0JDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgQWNjZXNzTGV2ZWxMaXN0IH0gZnJvbSAnLi4vLi4vc2hhcmVkL2FjY2Vzcy1sZXZlbCc7XG5pbXBvcnQgeyBQb2xpY3lTdGF0ZW1lbnQsIE9wZXJhdG9yIH0gZnJvbSAnLi4vLi4vc2hhcmVkJztcbmltcG9ydCB7IGF3c19pYW0gYXMgaWFtIH0gZnJvbSBcImF3cy1jZGstbGliXCI7XG5cbi8qKlxuICogU3RhdGVtZW50IHByb3ZpZGVyIGZvciBzZXJ2aWNlIFtvcmdhbml6YXRpb25zXShodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vc2VydmljZS1hdXRob3JpemF0aW9uL2xhdGVzdC9yZWZlcmVuY2UvbGlzdF9hd3Nvcmdhbml6YXRpb25zLmh0bWwpLlxuICpcbiAqIEBwYXJhbSBzaWQgW1NJRF0oaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL0lBTS9sYXRlc3QvVXNlckd1aWRlL3JlZmVyZW5jZV9wb2xpY2llc19lbGVtZW50c19zaWQuaHRtbCkgb2YgdGhlIHN0YXRlbWVudFxuICovXG5leHBvcnQgY2xhc3MgT3JnYW5pemF0aW9ucyBleHRlbmRzIFBvbGljeVN0YXRlbWVudCB7XG4gIHB1YmxpYyBzZXJ2aWNlUHJlZml4ID0gJ29yZ2FuaXphdGlvbnMnO1xuXG4gIC8qKlxuICAgKiBHcmFudHMgcGVybWlzc2lvbiB0byBzZW5kIGEgcmVzcG9uc2UgdG8gdGhlIG9yaWdpbmF0b3Igb2YgYSBoYW5kc2hha2UgYWdyZWVpbmcgdG8gdGhlIGFjdGlvbiBwcm9wb3NlZCBieSB0aGUgaGFuZHNoYWtlIHJlcXVlc3RcbiAgICpcbiAgICogQWNjZXNzIExldmVsOiBXcml0ZVxuICAgKlxuICAgKiBEZXBlbmRlbnQgYWN0aW9uczpcbiAgICogLSBpYW06Q3JlYXRlU2VydmljZUxpbmtlZFJvbGVcbiAgICpcbiAgICogaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL29yZ2FuaXphdGlvbnMvbGF0ZXN0L0FQSVJlZmVyZW5jZS9BUElfQWNjZXB0SGFuZHNoYWtlLmh0bWxcbiAgICovXG4gIHB1YmxpYyB0b0FjY2VwdEhhbmRzaGFrZSgpIHtcbiAgICByZXR1cm4gdGhpcy50bygnQWNjZXB0SGFuZHNoYWtlJyk7XG4gIH1cblxuICAvKipcbiAgICogR3JhbnRzIHBlcm1pc3Npb24gdG8gYXR0YWNoIGEgcG9saWN5IHRvIGEgcm9vdCwgYW4gb3JnYW5pemF0aW9uYWwgdW5pdCwgb3IgYW4gaW5kaXZpZHVhbCBhY2NvdW50XG4gICAqXG4gICAqIEFjY2VzcyBMZXZlbDogV3JpdGVcbiAgICpcbiAgICogUG9zc2libGUgY29uZGl0aW9uczpcbiAgICogLSAuaWZQb2xpY3lUeXBlKClcbiAgICpcbiAgICogaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL29yZ2FuaXphdGlvbnMvbGF0ZXN0L0FQSVJlZmVyZW5jZS9BUElfQXR0YWNoUG9saWN5Lmh0bWxcbiAgICovXG4gIHB1YmxpYyB0b0F0dGFjaFBvbGljeSgpIHtcbiAgICByZXR1cm4gdGhpcy50bygnQXR0YWNoUG9saWN5Jyk7XG4gIH1cblxuICAvKipcbiAgICogR3JhbnRzIHBlcm1pc3Npb24gdG8gY2FuY2VsIGEgaGFuZHNoYWtlXG4gICAqXG4gICAqIEFjY2VzcyBMZXZlbDogV3JpdGVcbiAgICpcbiAgICogaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL29yZ2FuaXphdGlvbnMvbGF0ZXN0L0FQSVJlZmVyZW5jZS9BUElfQ2FuY2VsSGFuZHNoYWtlLmh0bWxcbiAgICovXG4gIHB1YmxpYyB0b0NhbmNlbEhhbmRzaGFrZSgpIHtcbiAgICByZXR1cm4gdGhpcy50bygnQ2FuY2VsSGFuZHNoYWtlJyk7XG4gIH1cblxuICAvKipcbiAgICogR3JhbnRzIHBlcm1pc3Npb24gdG8gY2xvc2UgYW4gQVdTIGFjY291bnQgdGhhdCBpcyBub3cgYSBwYXJ0IG9mIGFuIE9yZ2FuaXphdGlvbnMsIGVpdGhlciBjcmVhdGVkIHdpdGhpbiB0aGUgb3JnYW5pemF0aW9uLCBvciBpbnZpdGVkIHRvIGpvaW4gdGhlIG9yZ2FuaXphdGlvblxuICAgKlxuICAgKiBBY2Nlc3MgTGV2ZWw6IFdyaXRlXG4gICAqXG4gICAqIGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9vcmdhbml6YXRpb25zL2xhdGVzdC9BUElSZWZlcmVuY2UvQVBJX0Nsb3NlQWNjb3VudC5odG1sXG4gICAqL1xuICBwdWJsaWMgdG9DbG9zZUFjY291bnQoKSB7XG4gICAgcmV0dXJuIHRoaXMudG8oJ0Nsb3NlQWNjb3VudCcpO1xuICB9XG5cbiAgLyoqXG4gICAqIEdyYW50cyBwZXJtaXNzaW9uIHRvIGNyZWF0ZSBhbiBBV1MgYWNjb3VudCB0aGF0IGlzIGF1dG9tYXRpY2FsbHkgYSBtZW1iZXIgb2YgdGhlIG9yZ2FuaXphdGlvbiB3aXRoIHRoZSBjcmVkZW50aWFscyB0aGF0IG1hZGUgdGhlIHJlcXVlc3RcbiAgICpcbiAgICogQWNjZXNzIExldmVsOiBXcml0ZVxuICAgKlxuICAgKiBQb3NzaWJsZSBjb25kaXRpb25zOlxuICAgKiAtIC5pZkF3c1JlcXVlc3RUYWcoKVxuICAgKiAtIC5pZkF3c1RhZ0tleXMoKVxuICAgKiAtIC5pZkF3c1Jlc291cmNlVGFnKClcbiAgICpcbiAgICogaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL29yZ2FuaXphdGlvbnMvbGF0ZXN0L0FQSVJlZmVyZW5jZS9BUElfQ3JlYXRlQWNjb3VudC5odG1sXG4gICAqL1x