cdk-iam-floyd
Version:
AWS IAM policy statement generator with fluent interface for AWS CDK
1,121 lines • 104 kB
JavaScript
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.Waf = void 0;
const shared_1 = require("../../shared");
/**
* Statement provider for service [waf](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awswaf.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
class Waf extends shared_1.PolicyStatement {
/**
* Grants permission to create a ByteMatchSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_CreateByteMatchSet.html
*/
toCreateByteMatchSet() {
return this.to('CreateByteMatchSet');
}
/**
* Grants permission to create a GeoMatchSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_CreateGeoMatchSet.html
*/
toCreateGeoMatchSet() {
return this.to('CreateGeoMatchSet');
}
/**
* Grants permission to create an IPSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_CreateIPSet.html
*/
toCreateIPSet() {
return this.to('CreateIPSet');
}
/**
* Grants permission to create a RateBasedRule for limiting the volume of requests from a single IP address
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_CreateRateBasedRule.html
*/
toCreateRateBasedRule() {
return this.to('CreateRateBasedRule');
}
/**
* Grants permission to create a RegexMatchSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_CreateRegexMatchSet.html
*/
toCreateRegexMatchSet() {
return this.to('CreateRegexMatchSet');
}
/**
* Grants permission to create a RegexPatternSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_CreateRegexPatternSet.html
*/
toCreateRegexPatternSet() {
return this.to('CreateRegexPatternSet');
}
/**
* Grants permission to create a Rule for filtering web requests
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_CreateRule.html
*/
toCreateRule() {
return this.to('CreateRule');
}
/**
* Grants permission to create a RuleGroup, which is a collection of predefined rules that you can use in a WebACL
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_CreateRuleGroup.html
*/
toCreateRuleGroup() {
return this.to('CreateRuleGroup');
}
/**
* Grants permission to create a SizeConstraintSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_CreateSizeConstraintSet.html
*/
toCreateSizeConstraintSet() {
return this.to('CreateSizeConstraintSet');
}
/**
* Grants permission to create an SqlInjectionMatchSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_CreateSqlInjectionMatchSet.html
*/
toCreateSqlInjectionMatchSet() {
return this.to('CreateSqlInjectionMatchSet');
}
/**
* Grants permission to create a WebACL, which contains rules for filtering web requests
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_CreateWebACL.html
*/
toCreateWebACL() {
return this.to('CreateWebACL');
}
/**
* Grants permission to create a CloudFormation web ACL template in an S3 bucket for the purposes of migrating the web ACL from AWS WAF Classic to AWS WAF v2
*
* Access Level: Write
*
* Dependent actions:
* - s3:PutObject
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_CreateWebACLMigrationStack.html
*/
toCreateWebACLMigrationStack() {
return this.to('CreateWebACLMigrationStack');
}
/**
* Grants permission to create an XssMatchSet, which you use to detect requests that contain cross-site scripting attacks
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_CreateXssMatchSet.html
*/
toCreateXssMatchSet() {
return this.to('CreateXssMatchSet');
}
/**
* Grants permission to delete a ByteMatchSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_DeleteByteMatchSet.html
*/
toDeleteByteMatchSet() {
return this.to('DeleteByteMatchSet');
}
/**
* Grants permission to delete a GeoMatchSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_DeleteGeoMatchSet.html
*/
toDeleteGeoMatchSet() {
return this.to('DeleteGeoMatchSet');
}
/**
* Grants permission to delete an IPSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_DeleteIPSet.html
*/
toDeleteIPSet() {
return this.to('DeleteIPSet');
}
/**
* Grants permission to delete the LoggingConfiguration from a web ACL
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_DeleteLoggingConfiguration.html
*/
toDeleteLoggingConfiguration() {
return this.to('DeleteLoggingConfiguration');
}
/**
* Grants permission to delete an IAM policy from a rule group
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_DeletePermissionPolicy.html
*/
toDeletePermissionPolicy() {
return this.to('DeletePermissionPolicy');
}
/**
* Grants permission to delete a RateBasedRule
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_DeleteRateBasedRule.html
*/
toDeleteRateBasedRule() {
return this.to('DeleteRateBasedRule');
}
/**
* Grants permission to delete a RegexMatchSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_DeleteRegexMatchSet.html
*/
toDeleteRegexMatchSet() {
return this.to('DeleteRegexMatchSet');
}
/**
* Grants permission to delete a RegexPatternSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_DeleteRegexPatternSet.html
*/
toDeleteRegexPatternSet() {
return this.to('DeleteRegexPatternSet');
}
/**
* Grants permission to delete a Rule
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_DeleteRule.html
*/
toDeleteRule() {
return this.to('DeleteRule');
}
/**
* Grants permission to delete a RuleGroup
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_DeleteRuleGroup.html
*/
toDeleteRuleGroup() {
return this.to('DeleteRuleGroup');
}
/**
* Grants permission to delete a SizeConstraintSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_DeleteSizeConstraintSet.html
*/
toDeleteSizeConstraintSet() {
return this.to('DeleteSizeConstraintSet');
}
/**
* Grants permission to delete an SqlInjectionMatchSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_DeleteSqlInjectionMatchSet.html
*/
toDeleteSqlInjectionMatchSet() {
return this.to('DeleteSqlInjectionMatchSet');
}
/**
* Grants permission to delete a WebACL
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_DeleteWebACL.html
*/
toDeleteWebACL() {
return this.to('DeleteWebACL');
}
/**
* Grants permission to delete an XssMatchSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_DeleteXssMatchSet.html
*/
toDeleteXssMatchSet() {
return this.to('DeleteXssMatchSet');
}
/**
* Grants permission to retrieve a ByteMatchSet
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_GetByteMatchSet.html
*/
toGetByteMatchSet() {
return this.to('GetByteMatchSet');
}
/**
* Grants permission to retrieve a change token to use in create, update, and delete requests
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_GetChangeToken.html
*/
toGetChangeToken() {
return this.to('GetChangeToken');
}
/**
* Grants permission to retrieve the status of a change token
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_GetChangeTokenStatus.html
*/
toGetChangeTokenStatus() {
return this.to('GetChangeTokenStatus');
}
/**
* Grants permission to retrieve a GeoMatchSet
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_GetGeoMatchSet.html
*/
toGetGeoMatchSet() {
return this.to('GetGeoMatchSet');
}
/**
* Grants permission to retrieve an IPSet
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_GetIPSet.html
*/
toGetIPSet() {
return this.to('GetIPSet');
}
/**
* Grants permission to retrieve a LoggingConfiguration for a web ACL
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_GetLoggingConfiguration.html
*/
toGetLoggingConfiguration() {
return this.to('GetLoggingConfiguration');
}
/**
* Grants permission to retrieve an IAM policy for a rule group
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_GetPermissionPolicy.html
*/
toGetPermissionPolicy() {
return this.to('GetPermissionPolicy');
}
/**
* Grants permission to retrieve a RateBasedRule
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_GetRateBasedRule.html
*/
toGetRateBasedRule() {
return this.to('GetRateBasedRule');
}
/**
* Grants permission to retrieve the array of IP addresses that are currently being blocked by a RateBasedRule
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_GetRateBasedRuleManagedKeys.html
*/
toGetRateBasedRuleManagedKeys() {
return this.to('GetRateBasedRuleManagedKeys');
}
/**
* Grants permission to retrieve a RegexMatchSet
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_GetRegexMatchSet.html
*/
toGetRegexMatchSet() {
return this.to('GetRegexMatchSet');
}
/**
* Grants permission to retrieve a RegexPatternSet
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_GetRegexPatternSet.html
*/
toGetRegexPatternSet() {
return this.to('GetRegexPatternSet');
}
/**
* Grants permission to retrieve a Rule
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_GetRule.html
*/
toGetRule() {
return this.to('GetRule');
}
/**
* Grants permission to retrieve a RuleGroup
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_GetRuleGroup.html
*/
toGetRuleGroup() {
return this.to('GetRuleGroup');
}
/**
* Grants permission to retrieve detailed information about a sample set of web requests
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_GetSampledRequests.html
*/
toGetSampledRequests() {
return this.to('GetSampledRequests');
}
/**
* Grants permission to retrieve a SizeConstraintSet
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_GetSizeConstraintSet.html
*/
toGetSizeConstraintSet() {
return this.to('GetSizeConstraintSet');
}
/**
* Grants permission to retrieve an SqlInjectionMatchSet
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_GetSqlInjectionMatchSet.html
*/
toGetSqlInjectionMatchSet() {
return this.to('GetSqlInjectionMatchSet');
}
/**
* Grants permission to retrieve a WebACL
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_GetWebACL.html
*/
toGetWebACL() {
return this.to('GetWebACL');
}
/**
* Grants permission to retrieve an XssMatchSet
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_GetXssMatchSet.html
*/
toGetXssMatchSet() {
return this.to('GetXssMatchSet');
}
/**
* Grants permission to retrieve an array of ActivatedRule objects
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_ListActivatedRulesInRuleGroup.html
*/
toListActivatedRulesInRuleGroup() {
return this.to('ListActivatedRulesInRuleGroup');
}
/**
* Grants permission to retrieve an array of ByteMatchSetSummary objects
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_ListByteMatchSets.html
*/
toListByteMatchSets() {
return this.to('ListByteMatchSets');
}
/**
* Grants permission to retrieve an array of GeoMatchSetSummary objects
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_ListGeoMatchSets.html
*/
toListGeoMatchSets() {
return this.to('ListGeoMatchSets');
}
/**
* Grants permission to retrieve an array of IPSetSummary objects
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_ListIPSets.html
*/
toListIPSets() {
return this.to('ListIPSets');
}
/**
* Grants permission to retrieve an array of LoggingConfiguration objects
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_ListLoggingConfigurations.html
*/
toListLoggingConfigurations() {
return this.to('ListLoggingConfigurations');
}
/**
* Grants permission to retrieve an array of RuleSummary objects
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_ListRateBasedRules.html
*/
toListRateBasedRules() {
return this.to('ListRateBasedRules');
}
/**
* Grants permission to retrieve an array of RegexMatchSetSummary objects
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_ListRegexMatchSets.html
*/
toListRegexMatchSets() {
return this.to('ListRegexMatchSets');
}
/**
* Grants permission to retrieve an array of RegexPatternSetSummary objects
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_ListRegexPatternSets.html
*/
toListRegexPatternSets() {
return this.to('ListRegexPatternSets');
}
/**
* Grants permission to retrieve an array of RuleGroup objects
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_ListRuleGroups.html
*/
toListRuleGroups() {
return this.to('ListRuleGroups');
}
/**
* Grants permission to retrieve an array of RuleSummary objects
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_ListRules.html
*/
toListRules() {
return this.to('ListRules');
}
/**
* Grants permission to retrieve an array of SizeConstraintSetSummary objects
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_ListSizeConstraintSets.html
*/
toListSizeConstraintSets() {
return this.to('ListSizeConstraintSets');
}
/**
* Grants permission to retrieve an array of SqlInjectionMatchSet objects
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_ListSqlInjectionMatchSets.html
*/
toListSqlInjectionMatchSets() {
return this.to('ListSqlInjectionMatchSets');
}
/**
* Grants permission to retrieve an array of RuleGroup objects that you are subscribed to
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_ListSubscribedRuleGroups.html
*/
toListSubscribedRuleGroups() {
return this.to('ListSubscribedRuleGroups');
}
/**
* Grants permission to retrieve the tags for a resource
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_ListTagsForResource.html
*/
toListTagsForResource() {
return this.to('ListTagsForResource');
}
/**
* Grants permission to retrieve an array of WebACLSummary objects
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_ListWebACLs.html
*/
toListWebACLs() {
return this.to('ListWebACLs');
}
/**
* Grants permission to retrieve an array of XssMatchSet objects
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_ListXssMatchSets.html
*/
toListXssMatchSets() {
return this.to('ListXssMatchSets');
}
/**
* Grants permission to associate a LoggingConfiguration with a specified web ACL
*
* Access Level: Write
*
* Dependent actions:
* - iam:CreateServiceLinkedRole
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_PutLoggingConfiguration.html
*/
toPutLoggingConfiguration() {
return this.to('PutLoggingConfiguration');
}
/**
* Grants permission to attach an IAM policy to a rule group, to share the rule group between accounts
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_PutPermissionPolicy.html
*/
toPutPermissionPolicy() {
return this.to('PutPermissionPolicy');
}
/**
* Grants permission to add a Tag to a resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_TagResource.html
*/
toTagResource() {
return this.to('TagResource');
}
/**
* Grants permission to remove a Tag from a resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_UntagResource.html
*/
toUntagResource() {
return this.to('UntagResource');
}
/**
* Grants permission to insert or delete ByteMatchTuple objects in a ByteMatchSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_UpdateByteMatchSet.html
*/
toUpdateByteMatchSet() {
return this.to('UpdateByteMatchSet');
}
/**
* Grants permission to insert or delete GeoMatchConstraint objects in a GeoMatchSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_UpdateGeoMatchSet.html
*/
toUpdateGeoMatchSet() {
return this.to('UpdateGeoMatchSet');
}
/**
* Grants permission to insert or delete IPSetDescriptor objects in an IPSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_UpdateIPSet.html
*/
toUpdateIPSet() {
return this.to('UpdateIPSet');
}
/**
* Grants permission to modify a rate based rule
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_UpdateRateBasedRule.html
*/
toUpdateRateBasedRule() {
return this.to('UpdateRateBasedRule');
}
/**
* Grants permission to insert or delete RegexMatchTuple objects in a RegexMatchSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_UpdateRegexMatchSet.html
*/
toUpdateRegexMatchSet() {
return this.to('UpdateRegexMatchSet');
}
/**
* Grants permission to insert or delete RegexPatternStrings in a RegexPatternSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_UpdateRegexPatternSet.html
*/
toUpdateRegexPatternSet() {
return this.to('UpdateRegexPatternSet');
}
/**
* Grants permission to modify a Rule
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_UpdateRule.html
*/
toUpdateRule() {
return this.to('UpdateRule');
}
/**
* Grants permission to insert or delete ActivatedRule objects in a RuleGroup
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_UpdateRuleGroup.html
*/
toUpdateRuleGroup() {
return this.to('UpdateRuleGroup');
}
/**
* Grants permission to insert or delete SizeConstraint objects in a SizeConstraintSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_UpdateSizeConstraintSet.html
*/
toUpdateSizeConstraintSet() {
return this.to('UpdateSizeConstraintSet');
}
/**
* Grants permission to insert or delete SqlInjectionMatchTuple objects in an SqlInjectionMatchSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_UpdateSqlInjectionMatchSet.html
*/
toUpdateSqlInjectionMatchSet() {
return this.to('UpdateSqlInjectionMatchSet');
}
/**
* Grants permission to insert or delete ActivatedRule objects in a WebACL
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_UpdateWebACL.html
*/
toUpdateWebACL() {
return this.to('UpdateWebACL');
}
/**
* Grants permission to insert or delete XssMatchTuple objects in an XssMatchSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_UpdateXssMatchSet.html
*/
toUpdateXssMatchSet() {
return this.to('UpdateXssMatchSet');
}
/**
* Adds a resource of type bytematchset to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_ByteMatchSet.html
*
* @param id - Identifier for the id.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onBytematchset(id, account, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:waf::${account ?? this.defaultAccount}:bytematchset/${id}`);
}
/**
* Adds a resource of type ipset to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_IPSet.html
*
* @param id - Identifier for the id.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onIpset(id, account, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:waf::${account ?? this.defaultAccount}:ipset/${id}`);
}
/**
* Adds a resource of type ratebasedrule to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_RateBasedRule.html
*
* @param id - Identifier for the id.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onRatebasedrule(id, account, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:waf::${account ?? this.defaultAccount}:ratebasedrule/${id}`);
}
/**
* Adds a resource of type rule to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_Rule.html
*
* @param id - Identifier for the id.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onRule(id, account, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:waf::${account ?? this.defaultAccount}:rule/${id}`);
}
/**
* Adds a resource of type sizeconstraintset to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_SizeConstraintSet.html
*
* @param id - Identifier for the id.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onSizeconstraintset(id, account, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:waf::${account ?? this.defaultAccount}:sizeconstraintset/${id}`);
}
/**
* Adds a resource of type sqlinjectionmatchset to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_SqlInjectionMatchSet.html
*
* @param id - Identifier for the id.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onSqlinjectionmatchset(id, account, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:waf::${account ?? this.defaultAccount}:sqlinjectionset/${id}`);
}
/**
* Adds a resource of type webacl to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_WebACL.html
*
* @param id - Identifier for the id.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onWebacl(id, account, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:waf::${account ?? this.defaultAccount}:webacl/${id}`);
}
/**
* Adds a resource of type xssmatchset to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_XssMatchSet.html
*
* @param id - Identifier for the id.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onXssmatchset(id, account, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:waf::${account ?? this.defaultAccount}:xssmatchset/${id}`);
}
/**
* Adds a resource of type regexmatchset to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_RegexMatchSet.html
*
* @param id - Identifier for the id.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onRegexmatchset(id, account, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:waf::${account ?? this.defaultAccount}:regexmatch/${id}`);
}
/**
* Adds a resource of type regexpatternset to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_RegexPatternSet.html
*
* @param id - Identifier for the id.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onRegexpatternset(id, account, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:waf::${account ?? this.defaultAccount}:regexpatternset/${id}`);
}
/**
* Adds a resource of type geomatchset to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_GeoMatchSet.html
*
* @param id - Identifier for the id.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onGeomatchset(id, account, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:waf::${account ?? this.defaultAccount}:geomatchset/${id}`);
}
/**
* Adds a resource of type rulegroup to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_RuleGroup.html
*
* @param id - Identifier for the id.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onRulegroup(id, account, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:waf::${account ?? this.defaultAccount}:rulegroup/${id}`);
}
/**
* Filters actions based on the allowed set of values for each of the tags
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag
*
* Applies to actions:
* - .toCreateRateBasedRule()
* - .toCreateRule()
* - .toCreateRuleGroup()
* - .toCreateWebACL()
* - .toTagResource()
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsRequestTag(tagKey, value, operator) {
return this.if(`aws:RequestTag/${tagKey}`, value, operator ?? 'StringLike');
}
/**
* Filters actions based on tag-value associated with the resource
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag
*
* Applies to resource types:
* - ratebasedrule
* - rule
* - webacl
* - rulegroup
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsResourceTag(tagKey, value, operator) {
return this.if(`aws:ResourceTag/${tagKey}`, value, operator ?? 'StringLike');
}
/**
* Filters actions based on the presence of mandatory tags in the request
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys
*
* Applies to actions:
* - .toCreateRateBasedRule()
* - .toCreateRule()
* - .toCreateRuleGroup()
* - .toCreateWebACL()
* - .toTagResource()
* - .toUntagResource()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsTagKeys(value, operator) {
return this.if(`aws:TagKeys`, value, operator ?? 'StringLike');
}
/**
* Statement provider for service [waf](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awswaf.html).
*
*/
constructor(props) {
super(props);
this.servicePrefix = 'waf';
this.accessLevelList = {
Write: [
'CreateByteMatchSet',
'CreateGeoMatchSet',
'CreateIPSet',
'CreateRateBasedRule',
'CreateRegexMatchSet',
'CreateRegexPatternSet',
'CreateRule',
'CreateRuleGroup',
'CreateSizeConstraintSet',
'CreateSqlInjectionMatchSet',
'CreateWebACLMigrationStack',
'CreateXssMatchSet',
'DeleteByteMatchSet',
'DeleteGeoMatchSet',
'DeleteIPSet',
'DeleteLoggingConfiguration',
'DeleteRateBasedRule',
'DeleteRegexMatchSet',
'DeleteRegexPatternSet',
'DeleteRule',
'DeleteRuleGroup',
'DeleteSizeConstraintSet',
'DeleteSqlInjectionMatchSet',
'DeleteXssMatchSet',
'PutLoggingConfiguration',
'UpdateByteMatchSet',
'UpdateGeoMatchSet',
'UpdateIPSet',
'UpdateRateBasedRule',
'UpdateRegexMatchSet',
'UpdateRegexPatternSet',
'UpdateRule',
'UpdateRuleGroup',
'UpdateSizeConstraintSet',
'UpdateSqlInjectionMatchSet',
'UpdateXssMatchSet'
],
'Permissions management': [
'CreateWebACL',
'DeletePermissionPolicy',
'DeleteWebACL',
'PutPermissionPolicy',
'UpdateWebACL'
],
Read: [
'GetByteMatchSet',
'GetChangeToken',
'GetChangeTokenStatus',
'GetGeoMatchSet',
'GetIPSet',
'GetLoggingConfiguration',
'GetPermissionPolicy',
'GetRateBasedRule',
'GetRateBasedRuleManagedKeys',
'GetRegexMatchSet',
'GetRegexPatternSet',
'GetRule',
'GetRuleGroup',
'GetSampledRequests',
'GetSizeConstraintSet',
'GetSqlInjectionMatchSet',
'GetWebACL',
'GetXssMatchSet',
'ListTagsForResource'
],
List: [
'ListActivatedRulesInRuleGroup',
'ListByteMatchSets',
'ListGeoMatchSets',
'ListIPSets',
'ListLoggingConfigurations',
'ListRateBasedRules',
'ListRegexMatchSets',
'ListRegexPatternSets',
'ListRuleGroups',
'ListRules',
'ListSizeConstraintSets',
'ListSqlInjectionMatchSets',
'ListSubscribedRuleGroups',
'ListWebACLs',
'ListXssMatchSets'
],
Tagging: [
'TagResource',
'UntagResource'
]
};
}
}
exports.Waf = Waf;
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoid2FmLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsid2FmLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUNBLHlDQUF5RDtBQUd6RDs7OztHQUlHO0FBQ0gsTUFBYSxHQUFJLFNBQVEsd0JBQWU7SUFHdEM7Ozs7OztPQU1HO0lBQ0ksb0JBQW9CO1FBQ3pCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxvQkFBb0IsQ0FBQyxDQUFDO0lBQ3ZDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxtQkFBbUI7UUFDeEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLG1CQUFtQixDQUFDLENBQUM7SUFDdEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGFBQWE7UUFDbEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGFBQWEsQ0FBQyxDQUFDO0lBQ2hDLENBQUM7SUFFRDs7Ozs7Ozs7OztPQVVHO0lBQ0kscUJBQXFCO1FBQzFCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxxQkFBcUIsQ0FBQyxDQUFDO0lBQ3hDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxxQkFBcUI7UUFDMUIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHFCQUFxQixDQUFDLENBQUM7SUFDeEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHVCQUF1QjtRQUM1QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsdUJBQXVCLENBQUMsQ0FBQztJQUMxQyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7T0FVRztJQUNJLFlBQVk7UUFDakIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLFlBQVksQ0FBQyxDQUFDO0lBQy9CLENBQUM7SUFFRDs7Ozs7Ozs7OztPQVVHO0lBQ0ksaUJBQWlCO1FBQ3RCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO0lBQ3BDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSx5QkFBeUI7UUFDOUIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHlCQUF5QixDQUFDLENBQUM7SUFDNUMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLDRCQUE0QjtRQUNqQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsNEJBQTRCLENBQUMsQ0FBQztJQUMvQyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7T0FVRztJQUNJLGNBQWM7UUFDbkIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGNBQWMsQ0FBQyxDQUFDO0lBQ2pDLENBQUM7SUFFRDs7Ozs7Ozs7O09BU0c7SUFDSSw0QkFBNEI7UUFDakMsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLDRCQUE0QixDQUFDLENBQUM7SUFDL0MsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLG1CQUFtQjtRQUN4QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsbUJBQW1CLENBQUMsQ0FBQztJQUN0QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksb0JBQW9CO1FBQ3pCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxvQkFBb0IsQ0FBQyxDQUFDO0lBQ3ZDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxtQkFBbUI7UUFDeEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLG1CQUFtQixDQUFDLENBQUM7SUFDdEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGFBQWE7UUFDbEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGFBQWEsQ0FBQyxDQUFDO0lBQ2hDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSw0QkFBNEI7UUFDakMsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLDRCQUE0QixDQUFDLENBQUM7SUFDL0MsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHdCQUF3QjtRQUM3QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsd0JBQXdCLENBQUMsQ0FBQztJQUMzQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0kscUJBQXFCO1FBQzFCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxxQkFBcUIsQ0FBQyxDQUFDO0lBQ3hDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxxQkFBcUI7UUFDMUIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHFCQUFxQixDQUFDLENBQUM7SUFDeEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHVCQUF1QjtRQUM1QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsdUJBQXVCLENBQUMsQ0FBQztJQUMxQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksWUFBWTtRQUNqQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsWUFBWSxDQUFDLENBQUM7SUFDL0IsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGlCQUFpQjtRQUN0QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsaUJBQWlCLENBQUMsQ0FBQztJQUNwQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0kseUJBQXlCO1FBQzlCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyx5QkFBeUIsQ0FBQyxDQUFDO0lBQzVDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSw0QkFBNEI7UUFDakMsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLDRCQUE0QixDQUFDLENBQUM7SUFDL0MsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGNBQWM7UUFDbkIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGNBQWMsQ0FBQyxDQUFDO0lBQ2pDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxtQkFBbUI7UUFDeEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLG1CQUFtQixDQUFDLENBQUM7SUFDdEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGlCQUFpQjtRQUN0QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsaUJBQWlCLENBQUMsQ0FBQztJQUNwQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksZ0JBQWdCO1FBQ3JCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO0lBQ25DLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxzQkFBc0I7UUFDM0IsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHNCQUFzQixDQUFDLENBQUM7SUFDekMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGdCQUFnQjtRQUNyQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztJQUNuQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksVUFBVTtRQUNmLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxVQUFVLENBQUMsQ0FBQztJQUM3QixDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0kseUJBQXlCO1FBQzlCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyx5QkFBeUIsQ0FBQyxDQUFDO0lBQzVDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxxQkFBcUI7UUFDMUIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHFCQUFxQixDQUFDLENBQUM7SUFDeEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGtCQUFrQjtRQUN2QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsa0JBQWtCLENBQUMsQ0FBQztJQUNyQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksNkJBQTZCO1FBQ2xDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyw2QkFBNkIsQ0FBQyxDQUFDO0lBQ2hELENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxrQkFBa0I7UUFDdkIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGtCQUFrQixDQUFDLENBQUM7SUFDckMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLG9CQUFvQjtRQUN6QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsb0JBQW9CLENBQUMsQ0FBQztJQUN2QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksU0FBUztRQUNkLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxTQUFTLENBQUMsQ0FBQztJQUM1QixDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksY0FBYztRQUNuQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsY0FBYyxDQUFDLENBQUM7SUFDakMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLG9CQUFvQjtRQUN6QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsb0JBQW9CLENBQUMsQ0FBQztJQUN2QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksc0JBQXNCO1FBQzNCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxzQkFBc0IsQ0FBQyxDQUFDO0lBQ3pDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSx5QkFBeUI7UUFDOUIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHlCQUF5QixDQUFDLENBQUM7SUFDNUMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLFdBQVc7UUFDaEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLFdBQVcsQ0FBQyxDQUFDO0lBQzlCLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxnQkFBZ0I7UUFDckIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGdCQUFnQixDQUFDLENBQUM7SUFDbkMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLCtCQUErQjtRQUNwQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsK0JBQStCLENBQUMsQ0FBQztJQUNsRCxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksbUJBQW1CO1FBQ3hCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxtQkFBbUIsQ0FBQyxDQUFDO0lBQ3RDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxrQkFBa0I7UUFDdkIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGtCQUFrQixDQUFDLENBQUM7SUFDckMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLFlBQVk7UUFDakIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLFlBQVksQ0FBQyxDQUFDO0lBQy9CLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSwyQkFBMkI7UUFDaEMsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLDJCQUEyQixDQUFDLENBQUM7SUFDOUMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLG9CQUFvQjtRQUN6QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsb0JBQW9CLENBQUMsQ0FBQztJQUN2QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksb0JBQW9CO1FBQ3pCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxvQkFBb0IsQ0FBQyxDQUFDO0lBQ3ZDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxzQkFBc0I7UUFDM0IsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHNCQUFzQixDQUFDLENBQUM7SUFDekMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGdCQUFnQjtRQUNyQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztJQUNuQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksV0FBVztRQUNoQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsV0FBVyxDQUFDLENBQUM7SUFDOUIsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHdCQUF3QjtRQUM3QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsd0JBQXdCLENBQUMsQ0FBQztJQUMzQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksMkJBQTJCO1FBQ2hDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQywyQkFBMkIsQ0FBQyxDQUFDO0lBQzlDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSwwQkFBMEI7UUFDL0IsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLDBCQUEwQixDQUFDLENBQUM7SUFDN0MsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHFCQUFxQjtRQUMxQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMscUJBQXFCLENBQUMsQ0FBQztJQUN4QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksYUFBYTtRQUNsQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsYUFBYSxDQUFDLENBQUM7SUFDaEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGtCQUFrQjtRQUN2QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsa0JBQWtCLENBQUMsQ0FBQztJQUNyQyxDQUFDO0lBRUQ7Ozs7Ozs7OztPQVNHO0lBQ0kseUJBQXlCO1FBQzlCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyx5QkFBeUIsQ0FBQyxDQUFDO0lBQzVDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxxQkFBcUI7UUFDMUIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHFCQUFxQixDQUFDLENBQUM7SUFDeEMsQ0FBQztJQUVEOzs7Ozs7Ozs7O09BVUc7SUFDSSxhQUFhO1FBQ2xCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxhQUFhLENBQUMsQ0FBQztJQUNoQyxDQUFDO0lBRUQ7Ozs7Ozs7OztPQVNHO0lBQ0ksZUFBZTtRQUNwQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsZUFBZSxDQUFDLENBQUM7SUFDbEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLG9CQUFvQjtRQUN6QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsb0JBQW9CLENBQUMsQ0FBQztJQUN2QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksbUJBQW1CO1FBQ3hCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxtQkFBbUIsQ0FBQyxDQUFDO0lBQ3RDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxhQUFhO1FBQ2xCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxhQUFhLENBQUMsQ0FBQztJQUNoQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0kscUJBQXFCO1FBQzFCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxxQkFBcUIsQ0FBQyxDQUFDO0lBQ3hDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxxQkFBcUI7UUFDMUIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHFCQUFxQixDQUFDLENBQUM7SUFDeEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHVCQUF1QjtRQUM1QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsdUJBQXVCLENBQUMsQ0FBQztJQUMxQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksWUFBWTtRQUNqQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsWUFBWSxDQUFDLENBQUM7SUFDL0IsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGlCQUFpQjtRQUN0QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsaUJBQWlCLENBQUMsQ0FBQztJQUNwQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0kseUJBQXlCO1FBQzlCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyx5QkFBeUIsQ0FBQyxDQUFDO0lBQzVDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSw0QkFBNEI7UUFDakMsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLDRCQUE0QixDQUFDLENBQUM7SUFDL0MsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGNBQWM7UUFDbkIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGNBQWMsQ0FBQyxDQUFDO0lBQ2pDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxtQkFBbUI7UUFDeEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLG1CQUFtQixDQUFDLENBQUM7SUFDdEMsQ0FBQztJQTRGRDs7Ozs7Ozs7T0FRRztJQUNJLGNBQWMsQ0FBQyxFQUFVLEVBQUUsT0FBZ0IsRUFBRSxTQUFrQjtRQUNwRSxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsT0FBUSxTQUFTLElBQUksSUFBSSxDQUFDLGdCQUFpQixTQUFVLE9BQU8sSUFBSSxJQUFJLENBQUMsY0FBZSxpQkFBa0IsRUFBRyxFQUFFLENBQUMsQ0FBQztJQUM5SCxDQUFDO0lBRUQ7Ozs7Ozs7O09BUUc7SUFDSSxPQUFPLENBQUMsRUFBVSxFQUFFLE9BQWdCLEVBQUUsU0FBa0I7UUFDN0QsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLE9BQVEsU0FBUyxJQUFJLElBQUksQ0FBQyxnQkFBaUIsU0FBVSxPQUFPLElBQUksSUFBSSxDQUFDLGNBQWUsVUFBVyxFQUFHLEVBQUUsQ0FBQyxDQUFDO0lBQ3ZILENBQUM7SUFFRDs7Ozs7Ozs7Ozs7T0FXRztJQUNJLGVBQWUsQ0FBQyxFQUFVLEVBQUUsT0FBZ0IsRUFBRSxTQUFrQjtRQUNyRSxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsT0FBUSxTQUFTLElBQUksSUFBSSxDQUFDLGdCQUFpQixTQUFVLE9BQU8sSUFBSSxJQUFJLENBQUMsY0FBZSxrQkFBbUIsRUFBRyxFQUFFLENBQUMsQ0FBQztJQUMvSCxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7O09BV0c7SUFDSSxNQUFNLENBQUMsRUFBVSxFQUFFLE9BQWdCLEVBQUUsU0FBa0I7UUFDNUQsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLE9BQVEsU0FBUyxJQUFJLElBQUksQ0FBQyxnQkFBaUIsU0FBVSxPQUFPLElBQUksSUFBSSxDQUFDLGNBQWUsU0FBVSxFQUFHLEVBQUUsQ0FBQyxDQUFDO0lBQ3RILENBQUM7SUFFRDs7Ozs7Ozs7T0FRRztJQUNJLG1CQUFtQixDQUFDLEVBQVUsRUFBRSxPQUFnQixFQUFFLFNBQWtCO1FBQ3pFLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxPQUFRLFNBQVMsSUFBSSxJQUFJLENBQUMsZ0JBQWlCLFNBQVUsT0FBTyxJQUFJLElBQUksQ0FBQyxjQUFlLHNCQUF1QixFQUFHLEVBQUUsQ0FBQyxDQUFDO0lBQ25JLENBQUM7SUFFRDs7Ozs7Ozs7T0FRRztJQUNJLHNCQUFzQixDQUFDLEVBQVUsRUFBRSxPQUFnQixFQUFFLFNBQWtCO1FBQzVFLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxPQUFRLFNBQVMsSUFBSSxJQUFJLENBQUMsZ0JBQWlCLFNBQVUsT0FBTyxJQUFJLElBQUksQ0FBQyxjQUFlLG9CQUFxQixFQUFHLEVBQUUsQ0FBQyxDQUFDO0lBQ2pJLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7T0FXRztJQUNJLFFBQVEsQ0FBQyxFQUFVLEVBQUUsT0FBZ0IsRUFBRSxTQUFrQjtRQUM5RCxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsT0FBUSxTQUFTLElBQUksSUFBSSxDQUFDLGdCQUFpQixTQUFVLE9BQU8sSUFBSSxJQUFJLENBQUMsY0FBZSxXQUFZLEVBQUcsRUFBRSxDQUFDLENBQUM7SUFDeEgsQ0FBQztJQUVEOzs7Ozs7OztPQVFHO0lBQ0ksYUFBYSxDQUFDLEVBQVUsRUFBRSxPQUFnQixFQUFFLFNBQWtCO1FBQ25FLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxPQUFRLFNBQVMsSUFBSSxJQUFJLENBQUMsZ0JBQWlCLFNBQVUsT0FBTyxJQUFJLElBQUksQ0FBQyxjQUFlLGdCQUFpQixFQUFHLEVBQUUsQ0FBQyxDQUFDO0lBQzdILENBQUM7SUFFRDs7Ozs7Ozs7T0FRRztJQUNJLGVBQWUsQ0FBQyxFQUFVLEVBQUUsT0FBZ0IsRUFBRSxTQUFrQjtRQUNyRSxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsT0FBUSxTQUFTLElBQUksSUFBSSxDQUFDLGdCQUFpQixTQUFVLE9BQU8sSUFBSSxJQUFJLENBQUMsY0FBZSxlQUFnQixFQUFHLEVBQUUsQ0FBQyxDQUFDO0lBQzVILENBQUM7SUFFRDs7Ozs7Ozs7T0FRRztJQUNJLGlCQUFpQixDQUFDLEVBQVUsRUFBRSxPQUFnQixFQUFFLFNBQWtCO1FBQ3ZFLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxPQUFRLFNBQVMsSUFBSSxJQUFJLENBQUMsZ0JBQWlCLFNBQVUsT0FBTyxJQUFJLE