cdk-iam-floyd
Version:
AWS IAM policy statement generator with fluent interface for AWS CDK
1,048 lines • 105 kB
JavaScript
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.Wafv2 = void 0;
const shared_1 = require("../../shared");
/**
* Statement provider for service [wafv2](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awswafv2.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
class Wafv2 extends shared_1.PolicyStatement {
/**
* Grants permission to associate a WebACL with a resource
*
* Access Level: Write
*
* Dependent actions:
* - amplify:AssociateWebACL
* - apigateway:SetWebACL
* - apprunner:AssociateWebAcl
* - appsync:SetWebACL
* - cognito-idp:AssociateWebACL
* - ec2:AssociateVerifiedAccessInstanceWebAcl
* - elasticloadbalancing:SetWebAcl
* - wafv2:GetPermissionPolicy
* - wafv2:PutPermissionPolicy
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_AssociateWebACL.html
*/
toAssociateWebACL() {
return this.to('AssociateWebACL');
}
/**
* Grants permission to calculate web ACL capacity unit (WCU) requirements for a specified scope and set of rules
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_CheckCapacity.html
*/
toCheckCapacity() {
return this.to('CheckCapacity');
}
/**
* Grants permission to create an API key for use in the integration of the CAPTCHA API in your JavaScript client applications
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_CreateAPIKey.html
*/
toCreateAPIKey() {
return this.to('CreateAPIKey');
}
/**
* Grants permission to create an IPSet
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - wafv2:TagResource
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_CreateIPSet.html
*/
toCreateIPSet() {
return this.to('CreateIPSet');
}
/**
* Grants permission to create a RegexPatternSet
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - wafv2:TagResource
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_CreateRegexPatternSet.html
*/
toCreateRegexPatternSet() {
return this.to('CreateRegexPatternSet');
}
/**
* Grants permission to create a RuleGroup
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - wafv2:TagResource
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_CreateRuleGroup.html
*/
toCreateRuleGroup() {
return this.to('CreateRuleGroup');
}
/**
* Grants permission to create a WebACL
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - wafv2:TagResource
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_CreateWebACL.html
*/
toCreateWebACL() {
return this.to('CreateWebACL');
}
/**
* Grants permission to delete an API key
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_DeleteAPIKey.html
*/
toDeleteAPIKey() {
return this.to('DeleteAPIKey');
}
/**
* Grants permission to delete FirewallManagedRulesGroups from a WebACL if not managed by Firewall Manager anymore
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_DeleteFirewallManagerRuleGroups.html
*/
toDeleteFirewallManagerRuleGroups() {
return this.to('DeleteFirewallManagerRuleGroups');
}
/**
* Grants permission to delete an IPSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_DeleteIPSet.html
*/
toDeleteIPSet() {
return this.to('DeleteIPSet');
}
/**
* Grants permission to delete the LoggingConfiguration from a WebACL
*
* Access Level: Write
*
* Possible conditions:
* - .ifLogScope()
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_DeleteLoggingConfiguration.html
*/
toDeleteLoggingConfiguration() {
return this.to('DeleteLoggingConfiguration');
}
/**
* Grants permission to delete the PermissionPolicy on a RuleGroup
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_DeletePermissionPolicy.html
*/
toDeletePermissionPolicy() {
return this.to('DeletePermissionPolicy');
}
/**
* Grants permission to delete a RegexPatternSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_DeleteRegexPatternSet.html
*/
toDeleteRegexPatternSet() {
return this.to('DeleteRegexPatternSet');
}
/**
* Grants permission to delete a RuleGroup
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_DeleteRuleGroup.html
*/
toDeleteRuleGroup() {
return this.to('DeleteRuleGroup');
}
/**
* Grants permission to delete a WebACL
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_DeleteWebACL.html
*/
toDeleteWebACL() {
return this.to('DeleteWebACL');
}
/**
* Grants permission to retrieve product information for a managed rule group
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_DescribeAllManagedProducts.html
*/
toDescribeAllManagedProducts() {
return this.to('DescribeAllManagedProducts');
}
/**
* Grants permission to retrieve product information for a managed rule group by a given vendor
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_DescribeManagedProductsByVendor.html
*/
toDescribeManagedProductsByVendor() {
return this.to('DescribeManagedProductsByVendor');
}
/**
* Grants permission to retrieve high-level information for a managed rule group
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_DescribeManagedRuleGroup.html
*/
toDescribeManagedRuleGroup() {
return this.to('DescribeManagedRuleGroup');
}
/**
* Grants permission to disassociate Firewall Manager from a WebACL
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_DisassociateFirewallManager.html
*/
toDisassociateFirewallManager() {
return this.to('DisassociateFirewallManager');
}
/**
* Grants permission to disassociate a WebACL from an application resource
*
* Access Level: Write
*
* Dependent actions:
* - amplify:DisassociateWebACL
* - apigateway:SetWebACL
* - apprunner:DisassociateWebAcl
* - appsync:SetWebACL
* - cognito-idp:DisassociateWebACL
* - ec2:DisassociateVerifiedAccessInstanceWebAcl
* - elasticloadbalancing:SetWebAcl
* - wafv2:PutPermissionPolicy
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_DisassociateWebACL.html
*/
toDisassociateWebACL() {
return this.to('DisassociateWebACL');
}
/**
* Grants permission to generate a presigned download URL for the specified release of the mobile SDK
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_GenerateMobileSdkReleaseUrl.html
*/
toGenerateMobileSdkReleaseUrl() {
return this.to('GenerateMobileSdkReleaseUrl');
}
/**
* Grants permission to return your API key in decrypted form. Use this to check the token domains that you have defined for the key
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_GetDecryptedAPIKey.html
*/
toGetDecryptedAPIKey() {
return this.to('GetDecryptedAPIKey');
}
/**
* Grants permission to retrieve details about an IPSet
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_GetIPSet.html
*/
toGetIPSet() {
return this.to('GetIPSet');
}
/**
* Grants permission to retrieve LoggingConfiguration for a WebACL
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifLogScope()
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_GetLoggingConfiguration.html
*/
toGetLoggingConfiguration() {
return this.to('GetLoggingConfiguration');
}
/**
* Grants permission to retrieve details about a ManagedRuleSet
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_GetManagedRuleSet.html
*/
toGetManagedRuleSet() {
return this.to('GetManagedRuleSet');
}
/**
* Grants permission to retrieve information for the specified mobile SDK release, including release notes and tags
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_GetMobileSdkRelease.html
*/
toGetMobileSdkRelease() {
return this.to('GetMobileSdkRelease');
}
/**
* Grants permission to retrieve a PermissionPolicy for a RuleGroup
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_GetPermissionPolicy.html
*/
toGetPermissionPolicy() {
return this.to('GetPermissionPolicy');
}
/**
* Grants permission to retrieve the keys that are currently blocked by a rate-based rule
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_GetRateBasedStatementManagedKeys.html
*/
toGetRateBasedStatementManagedKeys() {
return this.to('GetRateBasedStatementManagedKeys');
}
/**
* Grants permission to retrieve details about a RegexPatternSet
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_GetRegexPatternSet.html
*/
toGetRegexPatternSet() {
return this.to('GetRegexPatternSet');
}
/**
* Grants permission to retrieve details about a RuleGroup
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_GetRuleGroup.html
*/
toGetRuleGroup() {
return this.to('GetRuleGroup');
}
/**
* Grants permission to retrieve detailed information about a sampling of web requests
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_GetSampledRequests.html
*/
toGetSampledRequests() {
return this.to('GetSampledRequests');
}
/**
* Grants permission to retrieve details about a WebACL
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_GetWebACL.html
*/
toGetWebACL() {
return this.to('GetWebACL');
}
/**
* Grants permission to retrieve the WebACL that's associated with a resource
*
* Access Level: Read
*
* Dependent actions:
* - amplify:GetWebACLForResource
* - apprunner:DescribeWebAclForService
* - cognito-idp:GetWebACLForResource
* - ec2:GetVerifiedAccessInstanceWebAcl
* - wafv2:GetWebACL
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_GetWebACLForResource.html
*/
toGetWebACLForResource() {
return this.to('GetWebACLForResource');
}
/**
* Grants permission to retrieve a list of the API keys that you've defined for the specified scope
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_ListAPIKeys.html
*/
toListAPIKeys() {
return this.to('ListAPIKeys');
}
/**
* Grants permission to retrieve an array of managed rule group versions that are available for you to use
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_ListAvailableManagedRuleGroupVersions.html
*/
toListAvailableManagedRuleGroupVersions() {
return this.to('ListAvailableManagedRuleGroupVersions');
}
/**
* Grants permission to retrieve an array of managed rule groups that are available for you to use
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_ListAvailableManagedRuleGroups.html
*/
toListAvailableManagedRuleGroups() {
return this.to('ListAvailableManagedRuleGroups');
}
/**
* Grants permission to retrieve an array of IPSetSummary objects for the IP sets that you manage
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_ListIPSets.html
*/
toListIPSets() {
return this.to('ListIPSets');
}
/**
* Grants permission to retrieve an array of your LoggingConfiguration objects
*
* Access Level: List
*
* Possible conditions:
* - .ifLogScope()
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_ListLoggingConfigurations.html
*/
toListLoggingConfigurations() {
return this.to('ListLoggingConfigurations');
}
/**
* Grants permission to retrieve an array of your ManagedRuleSet objects
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_ListManagedRuleSets.html
*/
toListManagedRuleSets() {
return this.to('ListManagedRuleSets');
}
/**
* Grants permission to retrieve a list of the available releases for the mobile SDK and the specified device platform
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_ListMobileSdkReleases.html
*/
toListMobileSdkReleases() {
return this.to('ListMobileSdkReleases');
}
/**
* Grants permission to retrieve an array of RegexPatternSetSummary objects for the regex pattern sets that you manage
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_ListRegexPatternSets.html
*/
toListRegexPatternSets() {
return this.to('ListRegexPatternSets');
}
/**
* Grants permission to retrieve an array of the Amazon Resource Names (ARNs) for the resources that are associated with a web ACL
*
* Access Level: List
*
* Dependent actions:
* - amplify:ListResourcesForWebACL
* - apprunner:ListAssociatedServicesForWebAcl
* - cognito-idp:ListResourcesForWebACL
* - ec2:DescribeVerifiedAccessInstanceWebAclAssociations
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_ListResourcesForWebACL.html
*/
toListResourcesForWebACL() {
return this.to('ListResourcesForWebACL');
}
/**
* Grants permission to retrieve an array of RuleGroupSummary objects for the rule groups that you manage
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_ListRuleGroups.html
*/
toListRuleGroups() {
return this.to('ListRuleGroups');
}
/**
* Grants permission to list tags for a resource
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_ListTagsForResource.html
*/
toListTagsForResource() {
return this.to('ListTagsForResource');
}
/**
* Grants permission to retrieve an array of WebACLSummary objects for the web ACLs that you manage
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_ListWebACLs.html
*/
toListWebACLs() {
return this.to('ListWebACLs');
}
/**
* Grants permission to create FirewallManagedRulesGroups in a WebACL
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_PutFirewallManagerRuleGroups.html
*/
toPutFirewallManagerRuleGroups() {
return this.to('PutFirewallManagerRuleGroups');
}
/**
* Grants permission to enable a LoggingConfiguration, to start logging for a web ACL
*
* Access Level: Write
*
* Possible conditions:
* - .ifLogScope()
* - .ifLogDestinationResource()
*
* Dependent actions:
* - iam:CreateServiceLinkedRole
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_PutLoggingConfiguration.html
*/
toPutLoggingConfiguration() {
return this.to('PutLoggingConfiguration');
}
/**
* Grants permission to enable create a new or update an existing version of a ManagedRuleSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_PutManagedRuleSetVersions.html
*/
toPutManagedRuleSetVersions() {
return this.to('PutManagedRuleSetVersions');
}
/**
* Grants permission to attach an IAM policy to a resource, used to share rule groups between accounts
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_PutPermissionPolicy.html
*/
toPutPermissionPolicy() {
return this.to('PutPermissionPolicy');
}
/**
* Grants permission to associate tags with a AWS resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_TagResource.html
*/
toTagResource() {
return this.to('TagResource');
}
/**
* Grants permission to disassociate tags from an AWS resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_UntagResource.html
*/
toUntagResource() {
return this.to('UntagResource');
}
/**
* Grants permission to update an IPSet
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_UpdateIPSet.html
*/
toUpdateIPSet() {
return this.to('UpdateIPSet');
}
/**
* Grants permission to update the expiry date of a version in ManagedRuleSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_UpdateManagedRuleSetVersionExpiryDate.html
*/
toUpdateManagedRuleSetVersionExpiryDate() {
return this.to('UpdateManagedRuleSetVersionExpiryDate');
}
/**
* Grants permission to update a RegexPatternSet
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_UpdateRegexPatternSet.html
*/
toUpdateRegexPatternSet() {
return this.to('UpdateRegexPatternSet');
}
/**
* Grants permission to update a RuleGroup
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_UpdateRuleGroup.html
*/
toUpdateRuleGroup() {
return this.to('UpdateRuleGroup');
}
/**
* Grants permission to update a WebACL
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_UpdateWebACL.html
*/
toUpdateWebACL() {
return this.to('UpdateWebACL');
}
/**
* Adds a resource of type webacl to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_WebACL.html
*
* @param scope - Identifier for the scope.
* @param name - Identifier for the name.
* @param id - Identifier for the id.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onWebacl(scope, name, id, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:wafv2:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:${scope}/webacl/${name}/${id}`);
}
/**
* Adds a resource of type ipset to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_IPSet.html
*
* @param scope - Identifier for the scope.
* @param name - Identifier for the name.
* @param id - Identifier for the id.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onIpset(scope, name, id, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:wafv2:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:${scope}/ipset/${name}/${id}`);
}
/**
* Adds a resource of type managedruleset to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_ManagedRuleSet.html
*
* @param scope - Identifier for the scope.
* @param name - Identifier for the name.
* @param id - Identifier for the id.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onManagedruleset(scope, name, id, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:wafv2:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:${scope}/managedruleset/${name}/${id}`);
}
/**
* Adds a resource of type rulegroup to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_RuleGroup.html
*
* @param scope - Identifier for the scope.
* @param name - Identifier for the name.
* @param id - Identifier for the id.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onRulegroup(scope, name, id, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:wafv2:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:${scope}/rulegroup/${name}/${id}`);
}
/**
* Adds a resource of type regexpatternset to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_RegexPatternSet.html
*
* @param scope - Identifier for the scope.
* @param name - Identifier for the name.
* @param id - Identifier for the id.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onRegexpatternset(scope, name, id, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:wafv2:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:${scope}/regexpatternset/${name}/${id}`);
}
/**
* Adds a resource of type loadbalancer/app/ to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_WebACL.html
*
* @param loadBalancerName - Identifier for the loadBalancerName.
* @param loadBalancerId - Identifier for the loadBalancerId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onLoadbalancerApp(loadBalancerName, loadBalancerId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:elasticloadbalancing:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:loadbalancer/app/${loadBalancerName}/${loadBalancerId}`);
}
/**
* Adds a resource of type apigateway to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_WebACL.html
*
* @param apiId - Identifier for the apiId.
* @param stageName - Identifier for the stageName.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onApigateway(apiId, stageName, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:/restapis/${apiId}/stages/${stageName}`);
}
/**
* Adds a resource of type appsync to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_WebACL.html
*
* @param graphQLAPIId - Identifier for the graphQLAPIId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onAppsync(graphQLAPIId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:appsync:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:apis/${graphQLAPIId}`);
}
/**
* Adds a resource of type userpool to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_WebACL.html
*
* @param userPoolId - Identifier for the userPoolId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onUserpool(userPoolId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:cognito-idp:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:userpool/${userPoolId}`);
}
/**
* Adds a resource of type apprunner to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_WebACL.html
*
* @param serviceName - Identifier for the serviceName.
* @param serviceId - Identifier for the serviceId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onApprunner(serviceName, serviceId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apprunner:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:service/${serviceName}/${serviceId}`);
}
/**
* Adds a resource of type verified-access-instance to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_WebACL.html
*
* @param verifiedAccessInstanceId - Identifier for the verifiedAccessInstanceId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onVerifiedAccessInstance(verifiedAccessInstanceId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:ec2:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:verified-access-instance/${verifiedAccessInstanceId}`);
}
/**
* Adds a resource of type amplify-app to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_WebACL.html
*
* @param appId - Identifier for the appId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onAmplifyApp(appId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:amplify:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:apps/${appId}`);
}
/**
* Filters access by the allowed set of values for each of the tags
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag
*
* Applies to actions:
* - .toCreateIPSet()
* - .toCreateRegexPatternSet()
* - .toCreateRuleGroup()
* - .toCreateWebACL()
* - .toTagResource()
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsRequestTag(tagKey, value, operator) {
return this.if(`aws:RequestTag/${tagKey}`, value, operator ?? 'StringLike');
}
/**
* Filters access by tag-value associated with the resource
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag
*
* Applies to actions:
* - .toGetIPSet()
* - .toGetLoggingConfiguration()
* - .toGetRateBasedStatementManagedKeys()
* - .toGetRegexPatternSet()
* - .toGetRuleGroup()
* - .toGetWebACL()
* - .toListTagsForResource()
* - .toTagResource()
* - .toUpdateIPSet()
* - .toUpdateRegexPatternSet()
* - .toUpdateRuleGroup()
* - .toUpdateWebACL()
*
* Applies to resource types:
* - webacl
* - ipset
* - rulegroup
* - regexpatternset
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsResourceTag(tagKey, value, operator) {
return this.if(`aws:ResourceTag/${tagKey}`, value, operator ?? 'StringLike');
}
/**
* Filters access by the presence of mandatory tags in the request
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys
*
* Applies to actions:
* - .toCreateIPSet()
* - .toCreateRegexPatternSet()
* - .toCreateRuleGroup()
* - .toCreateWebACL()
* - .toTagResource()
* - .toUntagResource()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsTagKeys(value, operator) {
return this.if(`aws:TagKeys`, value, operator ?? 'StringLike');
}
/**
* Filters access by log destination ARN for PutLoggingConfiguration API
*
* https://docs.aws.amazon.com/waf/latest/developerguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies-conditionkeys
*
* Applies to actions:
* - .toPutLoggingConfiguration()
*
* @param value The value(s) to check
* @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike`
*/
ifLogDestinationResource(value, operator) {
return this.if(`LogDestinationResource`, value, operator ?? 'ArnLike');
}
/**
* Filters access by log scope for Logging Configuration API
*
* https://docs.aws.amazon.com/waf/latest/developerguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies-conditionkeys
*
* Applies to actions:
* - .toDeleteLoggingConfiguration()
* - .toGetLoggingConfiguration()
* - .toListLoggingConfigurations()
* - .toPutLoggingConfiguration()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifLogScope(value, operator) {
return this.if(`LogScope`, value, operator ?? 'StringLike');
}
/**
* Statement provider for service [wafv2](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awswafv2.html).
*
*/
constructor(props) {
super(props);
this.servicePrefix = 'wafv2';
this.accessLevelList = {
Write: [
'AssociateWebACL',
'CreateAPIKey',
'CreateIPSet',
'CreateRegexPatternSet',
'CreateRuleGroup',
'CreateWebACL',
'DeleteAPIKey',
'DeleteFirewallManagerRuleGroups',
'DeleteIPSet',
'DeleteLoggingConfiguration',
'DeleteRegexPatternSet',
'DeleteRuleGroup',
'DeleteWebACL',
'DisassociateFirewallManager',
'DisassociateWebACL',
'PutFirewallManagerRuleGroups',
'PutLoggingConfiguration',
'PutManagedRuleSetVersions',
'UpdateIPSet',
'UpdateManagedRuleSetVersionExpiryDate',
'UpdateRegexPatternSet',
'UpdateRuleGroup',
'UpdateWebACL'
],
Read: [
'CheckCapacity',
'DescribeAllManagedProducts',
'DescribeManagedProductsByVendor',
'DescribeManagedRuleGroup',
'GenerateMobileSdkReleaseUrl',
'GetDecryptedAPIKey',
'GetIPSet',
'GetLoggingConfiguration',
'GetManagedRuleSet',
'GetMobileSdkRelease',
'GetPermissionPolicy',
'GetRateBasedStatementManagedKeys',
'GetRegexPatternSet',
'GetRuleGroup',
'GetSampledRequests',
'GetWebACL',
'GetWebACLForResource',
'ListTagsForResource'
],
'Permissions management': [
'DeletePermissionPolicy',
'PutPermissionPolicy'
],
List: [
'ListAPIKeys',
'ListAvailableManagedRuleGroupVersions',
'ListAvailableManagedRuleGroups',
'ListIPSets',
'ListLoggingConfigurations',
'ListManagedRuleSets',
'ListMobileSdkReleases',
'ListRegexPatternSets',
'ListResourcesForWebACL',
'ListRuleGroups',
'ListWebACLs'
],
Tagging: [
'TagResource',
'UntagResource'
]
};
}
}
exports.Wafv2 = Wafv2;
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoid2FmdjIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJ3YWZ2Mi50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFDQSx5Q0FBeUQ7QUFHekQ7Ozs7R0FJRztBQUNILE1BQWEsS0FBTSxTQUFRLHdCQUFlO0lBR3hDOzs7Ozs7Ozs7Ozs7Ozs7OztPQWlCRztJQUNJLGlCQUFpQjtRQUN0QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsaUJBQWlCLENBQUMsQ0FBQztJQUNwQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksZUFBZTtRQUNwQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsZUFBZSxDQUFDLENBQUM7SUFDbEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGNBQWM7UUFDbkIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGNBQWMsQ0FBQyxDQUFDO0lBQ2pDLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7OztPQWFHO0lBQ0ksYUFBYTtRQUNsQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsYUFBYSxDQUFDLENBQUM7SUFDaEMsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7O09BYUc7SUFDSSx1QkFBdUI7UUFDNUIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHVCQUF1QixDQUFDLENBQUM7SUFDMUMsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7O09BYUc7SUFDSSxpQkFBaUI7UUFDdEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGlCQUFpQixDQUFDLENBQUM7SUFDcEMsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7O09BYUc7SUFDSSxjQUFjO1FBQ25CLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxjQUFjLENBQUMsQ0FBQztJQUNqQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksY0FBYztRQUNuQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsY0FBYyxDQUFDLENBQUM7SUFDakMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGlDQUFpQztRQUN0QyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsaUNBQWlDLENBQUMsQ0FBQztJQUNwRCxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksYUFBYTtRQUNsQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsYUFBYSxDQUFDLENBQUM7SUFDaEMsQ0FBQztJQUVEOzs7Ozs7Ozs7T0FTRztJQUNJLDRCQUE0QjtRQUNqQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsNEJBQTRCLENBQUMsQ0FBQztJQUMvQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksd0JBQXdCO1FBQzdCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyx3QkFBd0IsQ0FBQyxDQUFDO0lBQzNDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSx1QkFBdUI7UUFDNUIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHVCQUF1QixDQUFDLENBQUM7SUFDMUMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGlCQUFpQjtRQUN0QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsaUJBQWlCLENBQUMsQ0FBQztJQUNwQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksY0FBYztRQUNuQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsY0FBYyxDQUFDLENBQUM7SUFDakMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLDRCQUE0QjtRQUNqQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsNEJBQTRCLENBQUMsQ0FBQztJQUMvQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksaUNBQWlDO1FBQ3RDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxpQ0FBaUMsQ0FBQyxDQUFDO0lBQ3BELENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSwwQkFBMEI7UUFDL0IsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLDBCQUEwQixDQUFDLENBQUM7SUFDN0MsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLDZCQUE2QjtRQUNsQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsNkJBQTZCLENBQUMsQ0FBQztJQUNoRCxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7Ozs7T0FnQkc7SUFDSSxvQkFBb0I7UUFDekIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLG9CQUFvQixDQUFDLENBQUM7SUFDdkMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLDZCQUE2QjtRQUNsQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsNkJBQTZCLENBQUMsQ0FBQztJQUNoRCxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksb0JBQW9CO1FBQ3pCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxvQkFBb0IsQ0FBQyxDQUFDO0lBQ3ZDLENBQUM7SUFFRDs7Ozs7Ozs7O09BU0c7SUFDSSxVQUFVO1FBQ2YsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLFVBQVUsQ0FBQyxDQUFDO0lBQzdCLENBQUM7SUFFRDs7Ozs7Ozs7OztPQVVHO0lBQ0kseUJBQXlCO1FBQzlCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyx5QkFBeUIsQ0FBQyxDQUFDO0lBQzVDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxtQkFBbUI7UUFDeEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLG1CQUFtQixDQUFDLENBQUM7SUFDdEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHFCQUFxQjtRQUMxQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMscUJBQXFCLENBQUMsQ0FBQztJQUN4QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0kscUJBQXFCO1FBQzFCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxxQkFBcUIsQ0FBQyxDQUFDO0lBQ3hDLENBQUM7SUFFRDs7Ozs7Ozs7O09BU0c7SUFDSSxrQ0FBa0M7UUFDdkMsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGtDQUFrQyxDQUFDLENBQUM7SUFDckQsQ0FBQztJQUVEOzs7Ozs7Ozs7T0FTRztJQUNJLG9CQUFvQjtRQUN6QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsb0JBQW9CLENBQUMsQ0FBQztJQUN2QyxDQUFDO0lBRUQ7Ozs7Ozs7OztPQVNHO0lBQ0ksY0FBYztRQUNuQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsY0FBYyxDQUFDLENBQUM7SUFDakMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLG9CQUFvQjtRQUN6QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsb0JBQW9CLENBQUMsQ0FBQztJQUN2QyxDQUFDO0lBRUQ7Ozs7Ozs7OztPQVNHO0lBQ0ksV0FBVztRQUNoQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsV0FBVyxDQUFDLENBQUM7SUFDOUIsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7O09BYUc7SUFDSSxzQkFBc0I7UUFDM0IsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHNCQUFzQixDQUFDLENBQUM7SUFDekMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGFBQWE7UUFDbEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGFBQWEsQ0FBQyxDQUFDO0lBQ2hDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSx1Q0FBdUM7UUFDNUMsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHVDQUF1QyxDQUFDLENBQUM7SUFDMUQsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGdDQUFnQztRQUNyQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsZ0NBQWdDLENBQUMsQ0FBQztJQUNuRCxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksWUFBWTtRQUNqQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsWUFBWSxDQUFDLENBQUM7SUFDL0IsQ0FBQztJQUVEOzs7Ozs7Ozs7T0FTRztJQUNJLDJCQUEyQjtRQUNoQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsMkJBQTJCLENBQUMsQ0FBQztJQUM5QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0kscUJBQXFCO1FBQzFCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxxQkFBcUIsQ0FBQyxDQUFDO0lBQ3hDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSx1QkFBdUI7UUFDNUIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHVCQUF1QixDQUFDLENBQUM7SUFDMUMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHNCQUFzQjtRQUMzQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsc0JBQXNCLENBQUMsQ0FBQztJQUN6QyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7OztPQVlHO0lBQ0ksd0JBQXdCO1FBQzdCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyx3QkFBd0IsQ0FBQyxDQUFDO0lBQzNDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxnQkFBZ0I7UUFDckIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGdCQUFnQixDQUFDLENBQUM7SUFDbkMsQ0FBQztJQUVEOzs7Ozs7Ozs7T0FTRztJQUNJLHFCQUFxQjtRQUMxQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMscUJBQXFCLENBQUMsQ0FBQztJQUN4QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksYUFBYTtRQUNsQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsYUFBYSxDQUFDLENBQUM7SUFDaEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLDhCQUE4QjtRQUNuQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsOEJBQThCLENBQUMsQ0FBQztJQUNqRCxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7T0FhRztJQUNJLHlCQUF5QjtRQUM5QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMseUJBQXlCLENBQUMsQ0FBQztJQUM1QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksMkJBQTJCO1FBQ2hDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQywyQkFBMkIsQ0FBQyxDQUFDO0lBQzlDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxxQkFBcUI7UUFDMUIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHFCQUFxQixDQUFDLENBQUM7SUFDeEMsQ0FBQztJQUVEOzs7Ozs7Ozs7OztPQVdHO0lBQ0ksYUFBYTtRQUNsQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsYUFBYSxDQUFDLENBQUM7SUFDaEMsQ0FBQztJQUVEOzs7Ozs7Ozs7T0FTRztJQUNJLGVBQWU7UUFDcEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGVBQWUsQ0FBQyxDQUFDO0lBQ2xDLENBQUM7SUFFRDs7Ozs7Ozs7O09BU0c7SUFDSSxhQUFhO1FBQ2xCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxhQUFhLENBQUMsQ0FBQztJQUNoQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksdUNBQXVDO1FBQzVDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyx1Q0FBdUMsQ0FBQyxDQUFDO0lBQzFELENBQUM7SUFFRDs7Ozs7Ozs7O09BU0c7SUFDSSx1QkFBdUI7UUFDNUIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHVCQUF1QixDQUFDLENBQUM7SUFDMUMsQ0FBQztJQUVEOzs7Ozs7Ozs7T0FTRztJQUNJLGlCQUFpQjtRQUN0QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsaUJBQWlCLENBQUMsQ0FBQztJQUNwQyxDQUFDO0lBRUQ7Ozs7Ozs7OztPQVNHO0lBQ0ksY0FBYztRQUNuQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsY0FBYyxDQUFDLENBQUM7SUFDakMsQ0FBQztJQXVFRDs7Ozs7Ozs7Ozs7Ozs7T0FjRztJQUNJLFFBQVEsQ0FBQyxLQUFhLEVBQUUsSUFBWSxFQUFFLEVBQVUsRUFBRSxPQUFnQixFQUFFLE1BQWUsRUFBRSxTQUFrQjtRQUM1RyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsT0FBUSxTQUFTLElBQUksSUFBSSxDQUFDLGdCQUFpQixVQUFXLE1BQU0sSUFBSSxJQUFJLENBQUMsYUFBYyxJQUFLLE9BQU8sSUFBSSxJQUFJLENBQUMsY0FBZSxJQUFLLEtBQU0sV0FBWSxJQUFLLElBQUssRUFBRyxFQUFFLENBQUMsQ0FBQztJQUNoTCxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7O09BY0c7SUFDSSxPQUFPLENBQUMsS0FBYSxFQUFFLElBQVksRUFBRSxFQUFVLEVBQUUsT0FBZ0IsRUFBRSxNQUFlLEVBQUUsU0FBa0I7UUFDM0csT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLE9BQVEsU0FBUyxJQUFJLElBQUksQ0FBQyxnQkFBaUIsVUFBVyxNQUFNLElBQUksSUFBSSxDQUFDLGFBQWMsSUFBSyxPQUFPLElBQUksSUFBSSxDQUFDLGNBQWUsSUFBSyxLQUFNLFVBQVcsSUFBSyxJQUFLLEVBQUcsRUFBRSxDQUFDLENBQUM7SUFDL0ssQ0FBQztJQUVEOzs7Ozs7Ozs7OztPQVdHO0lBQ0ksZ0JBQWdCLENBQUMsS0FBYSxFQUFFLElBQVksRUFBRSxFQUFVLEVBQUUsT0FBZ0IsRUFBRSxNQUFlLEVBQUUsU0FBa0I7UUFDcEgsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLE9BQVEsU0FBUyxJQUFJLElBQUksQ0FBQyxnQkFBaUIsVUFBVyxNQUFNLElBQUksSUFBSSxDQUFDLGFBQWMsSUFBSyxPQUFPLElBQUksSUFBSSxDQUFDLGNBQWUsSUFBSyxLQUFNLG1CQUFvQixJQUFLLElBQUssRUFBRyxFQUFFLENBQUMsQ0FBQztJQUN4TCxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7O09BY0c7SUFDSSxXQUFXLENBQUMsS0FBYSxFQUFFLElBQVksRUFBRSxFQUFVLEVBQUUsT0FBZ0IsRUFBRSxNQUFlLEVBQUUsU0FBa0I7UUFDL0csT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLE9BQVEsU0FBUyxJQUFJLElBQUksQ0FBQyxnQkFBaUIsVUFBVyxNQUFNLElBQUksSUFBSSxDQUFDLGFBQWMsSUFBSyxPQUFPLElBQUksSUFBSSxDQUFDLGNBQWUsSUFBSyxLQUFNLGNBQWUsSUFBSyxJQUFLLEVBQUcsRUFBRSxDQUFDLENBQUM7SUFDbkwsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7OztPQWNHO0lBQ0ksaUJBQWlCLENBQUMsS0FBYSxFQUFFLElBQVksRUFBRSxFQUFVLEVBQUUsT0FBZ0IsRUFBRSxNQUFlLEVBQUUsU0FBa0I7UUFDckgsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLE9BQVEsU0FBUyxJQUFJLElBQUksQ0FBQyxnQkFBaUIsVUFBVyxNQUFNLElBQUksSUFBSSxDQUFDLGFBQWMsSUFBSyxPQUFPLElBQUksSUFBSSxDQUFDLGNBQWUsSUFBSyxLQUFNLG9CQUFxQixJQUFLLElBQUssRUFBRyxFQUFFLENBQUMsQ0FBQztJQUN6TCxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7T0FVRztJQUNJLGlCQUFpQixDQUFDLGdCQUF3QixFQUFFLGNBQXNCLEVBQUUsT0FBZ0IsRUFBRSxNQUFlLEVBQUUsU0FBa0I7UUFDOUgsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLE9BQVEsU0FBUyxJQUFJLElBQUksQ0FBQyxnQkFBaUIseUJBQTBCLE1BQU0sSUFBSSxJQUFJLENBQUMsYUFBYyxJQUFLLE9BQU8sSUFBSSxJQUFJLENBQUMsY0FBZSxxQkFBc0IsZ0JBQWlCLElBQUssY0FBZSxFQUFFLENBQUMsQ0FBQztJQUN0TixDQUFDO0lBRUQ7Ozs7Ozs7Ozs7T0FVRztJQUNJLFlBQVksQ0FBQyxLQUFhLEVBQUUsU0FBaUIsRUFBRSxPQUFnQixFQUFFLE1BQWUsRUFBRSxTQUFrQjtRQUN6RyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsT0FBUSxTQUFTLElBQUksSUFBSSxDQUFDLGdCQUFpQixlQUFnQixNQUFNLElBQUksSUFBSSxDQUFDLGFBQWMsSUFBSyxPQUFPLElBQUksSUFBSSxDQUFDLGNBQWUsY0FBZSxLQUFNLFdBQVksU0FBVSxFQUFFLENBQUMsQ0FBQztJQUM1TCxDQUFDO0lBRUQ7Ozs7Ozs7OztPQVNHO0lBQ0ksU0FBUyxDQUFDLFlBQW9CLEVBQUUsT0FBZ0IsRUFBRSxNQUFlLEVBQUUsU0FBa0I7UUFDMUYsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLE9BQVEsU0FBUyxJQUFJLElBQUksQ0FBQyxnQkFBaUIsWUFBYSxNQUFNLElBQUksSUFBSSxDQUFDLGFBQWMsSUFBSyxPQUFPLElBQUksSUFBSSxDQUFDLGNBQWUsU0FBVSxZQUFhLEVBQUUsQ0FBQyxDQUFDO0lBQ3JLLENBQUM7SUFFRDs7Ozs7Ozs7O09BU0c7SUFDSSxVQUFVLENBQUMsVUFBa0IsRUFBRSxPQUFnQixFQUFFLE1BQWUsRUFBRSxTQUFrQjtRQUN6RixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsT0FBUSxTQUFTLElBQUksSUFBSSxDQUFDLGdCQUFpQixnQkFBaUIsTUFBTSxJQUFJLElBQUksQ0FBQyxhQUFjLElBQUssT0FBTyxJQUFJLElBQUksQ0FBQyxjQUFlLGFBQWMsVUFBVyxFQUFFLENBQUMsQ0FBQztJQUMzSyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7T0FVRztJQUNJLFdBQVcsQ0FBQyxXQUFtQixFQUFFLFNBQWlCLEVBQUUsT0FBZ0IsRUFBRSxNQUFlLEVBQUUsU0FBa0I7UUFDOUcsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLE9BQVEsU0FBUyxJQUFJLElBQUksQ0FBQyxnQkFBaUIsY0FBZSxNQUFNLElBQUksSUFBSSxDQUFDLGFBQWMsSUFBSyxPQUFPLElBQUksSUFBSSxDQUFDLGNBQWUsWUFBYSxXQUFZLElBQUssU0FBVSxFQUFFLENBQUMsQ0FBQztJQUN4TCxDQUFDO0lBRUQ7Ozs7Ozs7OztPQVNHO0lBQ0ksd0JBQXdCLENBQUMsd0JBQWdDLEVBQUUsT0FBZ0IsRUFBRSxNQUFlLEVBQUUsU0FBa0I7UUFDckgsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLE9BQVEsU0FBUyxJQUFJLElBQUksQ0FBQyxnQkFBaUIsUUFBUyxNQUFNLElBQUksSUFBSSxDQUFDLGFBQWMs