cdk-iam-floyd
Version:
AWS IAM policy statement generator with fluent interface for AWS CDK
1,072 lines • 100 kB
JavaScript
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.S3express = void 0;
const shared_1 = require("../../shared");
/**
* Statement provider for service [s3express](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazons3express.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
class S3express extends shared_1.PolicyStatement {
/**
* Grants permission to create a new access point
*
* Access Level: Write
*
* Possible conditions:
* - .ifDataAccessPointAccount()
* - .ifDataAccessPointArn()
* - .ifAccessPointNetworkOrigin()
* - .ifAuthType()
* - .ifLocationName()
* - .ifResourceAccount()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateAccessPoint.html
*/
toCreateAccessPoint() {
return this.to('CreateAccessPoint');
}
/**
* Grants permission to create a new bucket
*
* Access Level: Write
*
* Possible conditions:
* - .ifAuthType()
* - .ifLocationName()
* - .ifResourceAccount()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html
*/
toCreateBucket() {
return this.to('CreateBucket');
}
/**
* Grants permission to Create Session token which is used for object APIs such as PutObject, GetObject, etc
*
* Access Level: Write
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSessionMode()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
* - .ifXAmzServerSideEncryption()
* - .ifXAmzServerSideEncryptionAwsKmsKeyId()
* - .ifAllAccessRestrictedToLocalZoneGroup()
* - .ifPermissions()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html
*/
toCreateSession() {
return this.to('CreateSession');
}
/**
* Grants permission to delete the access point named in the URI
*
* Access Level: Write
*
* Possible conditions:
* - .ifDataAccessPointAccount()
* - .ifDataAccessPointArn()
* - .ifAccessPointNetworkOrigin()
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteAccessPoint.html
*/
toDeleteAccessPoint() {
return this.to('DeleteAccessPoint');
}
/**
* Grants permission to delete the policy on a specified access point
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifDataAccessPointAccount()
* - .ifDataAccessPointArn()
* - .ifAccessPointNetworkOrigin()
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteAccessPointPolicy.html
*/
toDeleteAccessPointPolicy() {
return this.to('DeleteAccessPointPolicy');
}
/**
* Grants permission to delete the scope configuration on a specified access point
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifDataAccessPointAccount()
* - .ifDataAccessPointArn()
* - .ifAccessPointNetworkOrigin()
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteAccessPointScope.html
*/
toDeleteAccessPointScope() {
return this.to('DeleteAccessPointScope');
}
/**
* Grants permission to delete the bucket named in the URI
*
* Access Level: Write
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html
*/
toDeleteBucket() {
return this.to('DeleteBucket');
}
/**
* Grants permission to delete the policy on a specified bucket
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketPolicy.html
*/
toDeleteBucketPolicy() {
return this.to('DeleteBucketPolicy');
}
/**
* Grants permission to return configuration information about the specified access point
*
* Access Level: Read
*
* Possible conditions:
* - .ifDataAccessPointAccount()
* - .ifDataAccessPointArn()
* - .ifAccessPointNetworkOrigin()
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetAccessPoint.html
*/
toGetAccessPoint() {
return this.to('GetAccessPoint');
}
/**
* Grants permission to return the access point policy associated with the specified access point
*
* Access Level: Read
*
* Possible conditions:
* - .ifDataAccessPointAccount()
* - .ifDataAccessPointArn()
* - .ifAccessPointNetworkOrigin()
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetAccessPointPolicy.html
*/
toGetAccessPointPolicy() {
return this.to('GetAccessPointPolicy');
}
/**
* Grants permission to return the scope configuration associated with the specified access point
*
* Access Level: Read
*
* Possible conditions:
* - .ifDataAccessPointAccount()
* - .ifDataAccessPointArn()
* - .ifAccessPointNetworkOrigin()
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetAccessPointScope.html
*/
toGetAccessPointScope() {
return this.to('GetAccessPointScope');
}
/**
* Grants permission to return the policy of the specified bucket
*
* Access Level: Read
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketPolicy.html
*/
toGetBucketPolicy() {
return this.to('GetBucketPolicy');
}
/**
* Grants permission to return the default encryption configuration for a directory bucket
*
* Access Level: Read
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketEncryption.html
*/
toGetEncryptionConfiguration() {
return this.to('GetEncryptionConfiguration');
}
/**
* Grants permission to return an inventory configuration identified by the inventory configuration ID for a S3 directory bucket
*
* Access Level: Read
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketInventoryConfiguration.html
*/
toGetInventoryConfiguration() {
return this.to('GetInventoryConfiguration');
}
/**
* Grants permission to return the lifecycle configuration information set on a directory bucket
*
* Access Level: Read
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html
*/
toGetLifecycleConfiguration() {
return this.to('GetLifecycleConfiguration');
}
/**
* Grants permission to get a metrics configuration of a directory bucket
*
* Access Level: Read
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetricsConfiguration.html
*/
toGetMetricsConfiguration() {
return this.to('GetMetricsConfiguration');
}
/**
* Grants permission to list access points
*
* Access Level: List
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_ListAccessPointsForDirectoryBuckets.html
*/
toListAccessPointsForDirectoryBuckets() {
return this.to('ListAccessPointsForDirectoryBuckets');
}
/**
* Grants permission to list all directory buckets owned by the authenticated sender of the request
*
* Access Level: List
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListDirectoryBuckets.html
*/
toListAllMyDirectoryBuckets() {
return this.to('ListAllMyDirectoryBuckets');
}
/**
* Grants permission to lists all of the tags for a specified resource
*
* Access Level: List
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_ListTagsForResource.html
*/
toListTagsForResource() {
return this.to('ListTagsForResource');
}
/**
* Grants permission to associate an access policy with a specified access point
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifDataAccessPointAccount()
* - .ifDataAccessPointArn()
* - .ifAccessPointNetworkOrigin()
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutAccessPointPolicy.html
*/
toPutAccessPointPolicy() {
return this.to('PutAccessPointPolicy');
}
/**
* Grants permission to associate an access point with a specified access point scope configuration
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifDataAccessPointAccount()
* - .ifDataAccessPointArn()
* - .ifAccessPointNetworkOrigin()
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutAccessPointScope.html
*/
toPutAccessPointScope() {
return this.to('PutAccessPointScope');
}
/**
* Grants permission to add or replace a bucket policy on a bucket
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketPolicy.html
*/
toPutBucketPolicy() {
return this.to('PutBucketPolicy');
}
/**
* Grants permission to set the encryption configuration for a directory bucket
*
* Access Level: Write
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketEncryption.html
*/
toPutEncryptionConfiguration() {
return this.to('PutEncryptionConfiguration');
}
/**
* Grants permission to add an inventory configuration to the bucket, identified by the inventory ID
*
* Access Level: Write
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
* - .ifInventoryAccessibleOptionalFields()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketInventoryConfiguration.html
*/
toPutInventoryConfiguration() {
return this.to('PutInventoryConfiguration');
}
/**
* Grants permission to create a new lifecycle configuration for the directory bucket or replace an existing lifecycle configuration
*
* Access Level: Write
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html
*/
toPutLifecycleConfiguration() {
return this.to('PutLifecycleConfiguration');
}
/**
* Grants permission to set or update a metrics configuration for the CloudWatch request metrics of a directory bucket
*
* Access Level: Write
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html
*/
toPutMetricsConfiguration() {
return this.to('PutMetricsConfiguration');
}
/**
* Grants permission to create a new user-defined tag or update an existing tag
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_TagResource.html
*/
toTagResource() {
return this.to('TagResource');
}
/**
* Grants permission to remove the specified user-defined tags from an S3 resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_UntagResource.html
*/
toUntagResource() {
return this.to('UntagResource');
}
/**
* Adds a resource of type bucket to the statement
*
* https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html
*
* @param bucketName - Identifier for the bucketName.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifBucketTag()
*/
onBucket(bucketName, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:s3express:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:bucket/${bucketName}`);
}
/**
* Adds a resource of type accesspoint to the statement
*
* https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html
*
* @param accessPointName - Identifier for the accessPointName.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifAccessPointTag()
*/
onAccesspoint(accessPointName, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:s3express:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:accesspoint/${accessPointName}`);
}
/**
* Filters access by the tags that are passed in the request
*
* https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-tagging.html#example-user-policy-request-tag
*
* Applies to actions:
* - .toCreateAccessPoint()
* - .toCreateBucket()
* - .toTagResource()
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsRequestTag(tagKey, value, operator) {
return this.if(`aws:RequestTag/${tagKey}`, value, operator ?? 'StringLike');
}
/**
* Filters access by the tags associated with the resource
*
* https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-tagging.html#example-user-policy-resource-tag
*
* Applies to resource types:
* - bucket
* - accesspoint
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsResourceTag(tagKey, value, operator) {
return this.if(`aws:ResourceTag/${tagKey}`, value, operator ?? 'StringLike');
}
/**
* Filters access by the tag keys that are passed in the request
*
* https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-tagging.html#example-user-policy-tag-keys
*
* Applies to actions:
* - .toCreateAccessPoint()
* - .toCreateBucket()
* - .toTagResource()
* - .toUntagResource()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsTagKeys(value, operator) {
return this.if(`aws:TagKeys`, value, operator ?? 'StringLike');
}
/**
* Filters access by the network origin (Internet or VPC)
*
* https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-access-points.html#access-points-policies
*
* Applies to actions:
* - .toCreateAccessPoint()
* - .toDeleteAccessPoint()
* - .toDeleteAccessPointPolicy()
* - .toDeleteAccessPointScope()
* - .toGetAccessPoint()
* - .toGetAccessPointPolicy()
* - .toGetAccessPointScope()
* - .toPutAccessPointPolicy()
* - .toPutAccessPointScope()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAccessPointNetworkOrigin(value, operator) {
return this.if(`AccessPointNetworkOrigin`, value, operator ?? 'StringLike');
}
/**
* Filters access by tag key-value pairs attached to the access point
*
* https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points-db-tagging.html#example-access-points-db-policy-bucket-tag
*
* Applies to resource types:
* - accesspoint
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAccessPointTag(tagKey, value, operator) {
return this.if(`AccessPointTag/${tagKey}`, value, operator ?? 'StringLike');
}
/**
* Filters access by AWS Local Zone network border group(s) provided in this condition key
*
* Applies to actions:
* - .toCreateSession()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAllAccessRestrictedToLocalZoneGroup(value, operator) {
return this.if(`AllAccessRestrictedToLocalZoneGroup`, value, operator ?? 'StringLike');
}
/**
* Filters access by tag key-value pairs attached to the bucket
*
* https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-tagging.html#example-policy-bucket-tag
*
* Applies to resource types:
* - bucket
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifBucketTag(tagKey, value, operator) {
return this.if(`BucketTag/${tagKey}`, value, operator ?? 'StringLike');
}
/**
* Filters access by the AWS Account ID that owns the access point
*
* https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-access-points.html#access-points-policies
*
* Applies to actions:
* - .toCreateAccessPoint()
* - .toDeleteAccessPoint()
* - .toDeleteAccessPointPolicy()
* - .toDeleteAccessPointScope()
* - .toGetAccessPoint()
* - .toGetAccessPointPolicy()
* - .toGetAccessPointScope()
* - .toPutAccessPointPolicy()
* - .toPutAccessPointScope()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifDataAccessPointAccount(value, operator) {
return this.if(`DataAccessPointAccount`, value, operator ?? 'StringLike');
}
/**
* Filters access by an access point Amazon Resource Name (ARN)
*
* https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-access-points.html#access-points-policies
*
* Applies to actions:
* - .toCreateAccessPoint()
* - .toDeleteAccessPoint()
* - .toDeleteAccessPointPolicy()
* - .toDeleteAccessPointScope()
* - .toGetAccessPoint()
* - .toGetAccessPointPolicy()
* - .toGetAccessPointScope()
* - .toPutAccessPointPolicy()
* - .toPutAccessPointScope()
*
* @param value The value(s) to check
* @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike`
*/
ifDataAccessPointArn(value, operator) {
return this.if(`DataAccessPointArn`, value, operator ?? 'ArnLike');
}
/**
* Filters access by restricting which optional metadata fields a user can add when configuring S3 Inventory reports
*
* https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html#example-bucket-policies-s3-inventory-3
*
* Applies to actions:
* - .toPutInventoryConfiguration()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifInventoryAccessibleOptionalFields(value, operator) {
return this.if(`InventoryAccessibleOptionalFields`, value, operator ?? 'StringLike');
}
/**
* Filters access by a specific Availability Zone or Local Zone ID
*
* https://docs.aws.amazon.com/AmazonS3/latest/userguide/amazon-s3-express-zonal-policy-keys.html#example-location-name
*
* Applies to actions:
* - .toCreateAccessPoint()
* - .toCreateBucket()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifLocationName(value, operator) {
return this.if(`LocationName`, value, operator ?? 'StringLike');
}
/**
* Filters access by the permission requested by Access Point Scope configuration, such as GetObject, PutObject
*
* Applies to actions:
* - .toCreateSession()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifPermissions(value, operator) {
return this.if(`Permissions`, value, operator ?? 'StringLike');
}
/**
* Filters access by the resource owner AWS account ID
*
* https://docs.aws.amazon.com/AmazonS3/latest/userguide/amazon-s3-express-zonal-policy-keys.html#example-object-resource-account
*
* Applies to actions:
* - .toCreateAccessPoint()
* - .toCreateBucket()
* - .toCreateSession()
* - .toDeleteAccessPoint()
* - .toDeleteAccessPointPolicy()
* - .toDeleteAccessPointScope()
* - .toDeleteBucket()
* - .toDeleteBucketPolicy()
* - .toGetAccessPoint()
* - .toGetAccessPointPolicy()
* - .toGetAccessPointScope()
* - .toGetBucketPolicy()
* - .toGetEncryptionConfiguration()
* - .toGetInventoryConfiguration()
* - .toGetLifecycleConfiguration()
* - .toGetMetricsConfiguration()
* - .toListAccessPointsForDirectoryBuckets()
* - .toListAllMyDirectoryBuckets()
* - .toListTagsForResource()
* - .toPutAccessPointPolicy()
* - .toPutAccessPointScope()
* - .toPutBucketPolicy()
* - .toPutEncryptionConfiguration()
* - .toPutInventoryConfiguration()
* - .toPutLifecycleConfiguration()
* - .toPutMetricsConfiguration()
* - .toTagResource()
* - .toUntagResource()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifResourceAccount(value, operator) {
return this.if(`ResourceAccount`, value, operator ?? 'StringLike');
}
/**
* Filters access by the permission requested by CreateSession API, such as ReadOnly and ReadWrite
*
* https://docs.aws.amazon.com/AmazonS3/latest/userguide/amazon-s3-express-zonal-policy-keys.html#example-session-mode
*
* Applies to actions:
* - .toCreateSession()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSessionMode(value, operator) {
return this.if(`SessionMode`, value, operator ?? 'StringLike');
}
/**
* Filters access by the TLS version used by the client
*
* Applies to actions:
* - .toCreateAccessPoint()
* - .toCreateBucket()
* - .toCreateSession()
* - .toDeleteAccessPoint()
* - .toDeleteAccessPointPolicy()
* - .toDeleteAccessPointScope()
* - .toDeleteBucket()
* - .toDeleteBucketPolicy()
* - .toGetAccessPoint()
* - .toGetAccessPointPolicy()
* - .toGetAccessPointScope()
* - .toGetBucketPolicy()
* - .toGetEncryptionConfiguration()
* - .toGetInventoryConfiguration()
* - .toGetLifecycleConfiguration()
* - .toGetMetricsConfiguration()
* - .toListAccessPointsForDirectoryBuckets()
* - .toListAllMyDirectoryBuckets()
* - .toListTagsForResource()
* - .toPutAccessPointPolicy()
* - .toPutAccessPointScope()
* - .toPutBucketPolicy()
* - .toPutEncryptionConfiguration()
* - .toPutInventoryConfiguration()
* - .toPutLifecycleConfiguration()
* - .toPutMetricsConfiguration()
* - .toTagResource()
* - .toUntagResource()
*
* @param value The value(s) to check
* @param operator Works with [numeric operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_Numeric). **Default:** `NumericEquals`
*/
ifTlsVersion(value, operator) {
return this.if(`TlsVersion`, value, operator ?? 'NumericEquals');
}
/**
* Filters access by authentication method
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/bucket-policy-s3-sigv4-conditions.html
*
* Applies to actions:
* - .toCreateAccessPoint()
* - .toCreateBucket()
* - .toCreateSession()
* - .toDeleteAccessPoint()
* - .toDeleteAccessPointPolicy()
* - .toDeleteAccessPointScope()
* - .toDeleteBucket()
* - .toDeleteBucketPolicy()
* - .toGetAccessPoint()
* - .toGetAccessPointPolicy()
* - .toGetAccessPointScope()
* - .toGetBucketPolicy()
* - .toGetEncryptionConfiguration()
* - .toGetInventoryConfiguration()
* - .toGetLifecycleConfiguration()
* - .toGetMetricsConfiguration()
* - .toListAccessPointsForDirectoryBuckets()
* - .toListAllMyDirectoryBuckets()
* - .toListTagsForResource()
* - .toPutAccessPointPolicy()
* - .toPutAccessPointScope()
* - .toPutBucketPolicy()
* - .toPutEncryptionConfiguration()
* - .toPutInventoryConfiguration()
* - .toPutLifecycleConfiguration()
* - .toPutMetricsConfiguration()
* - .toTagResource()
* - .toUntagResource()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAuthType(value, operator) {
return this.if(`authType`, value, operator ?? 'StringLike');
}
/**
* Filters access by the age in milliseconds of the request signature
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/bucket-policy-s3-sigv4-conditions.html
*
* Applies to actions:
* - .toCreateSession()
*
* @param value The value(s) to check
* @param operator Works with [numeric operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_Numeric). **Default:** `NumericEquals`
*/
ifSignatureAge(value, operator) {
return this.if(`signatureAge`, value, operator ?? 'NumericEquals');
}
/**
* Filters access by the AWS Signature Version used on the request
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/bucket-policy-s3-sigv4-conditions.html
*
* Applies to actions:
* - .toCreateAccessPoint()
* - .toCreateBucket()
* - .toCreateSession()
* - .toDeleteAccessPoint()
* - .toDeleteAccessPointPolicy()
* - .toDeleteAccessPointScope()
* - .toDeleteBucket()
* - .toDeleteBucketPolicy()
* - .toGetAccessPoint()
* - .toGetAccessPointPolicy()
* - .toGetAccessPointScope()
* - .toGetBucketPolicy()
* - .toGetEncryptionConfiguration()
* - .toGetInventoryConfiguration()
* - .toGetLifecycleConfiguration()
* - .toGetMetricsConfiguration()
* - .toListAccessPointsForDirectoryBuckets()
* - .toListAllMyDirectoryBuckets()
* - .toListTagsForResource()
* - .toPutAccessPointPolicy()
* - .toPutAccessPointScope()
* - .toPutBucketPolicy()
* - .toPutEncryptionConfiguration()
* - .toPutInventoryConfiguration()
* - .toPutLifecycleConfiguration()
* - .toPutMetricsConfiguration()
* - .toTagResource()
* - .toUntagResource()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSignatureversion(value, operator) {
return this.if(`signatureversion`, value, operator ?? 'StringLike');
}
/**
* Filters access by unsigned content in your bucket
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/bucket-policy-s3-sigv4-conditions.html
*
* Applies to actions:
* - .toCreateAccessPoint()
* - .toCreateBucket()
* - .toCreateSession()
* - .toDeleteAccessPoint()
* - .toDeleteAccessPointPolicy()
* - .toDeleteAccessPointScope()
* - .toDeleteBucket()
* - .toDeleteBucketPolicy()
* - .toGetAccessPoint()
* - .toGetAccessPointPolicy()
* - .toGetAccessPointScope()
* - .toGetBucketPolicy()
* - .toGetEncryptionConfiguration()
* - .toGetInventoryConfiguration()
* - .toGetLifecycleConfiguration()
* - .toGetMetricsConfiguration()
* - .toListAccessPointsForDirectoryBuckets()
* - .toListAllMyDirectoryBuckets()
* - .toListTagsForResource()
* - .toPutAccessPointPolicy()
* - .toPutAccessPointScope()
* - .toPutBucketPolicy()
* - .toPutEncryptionConfiguration()
* - .toPutInventoryConfiguration()
* - .toPutLifecycleConfiguration()
* - .toPutMetricsConfiguration()
* - .toTagResource()
* - .toUntagResource()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifXAmzContentSha256(value, operator) {
return this.if(`x-amz-content-sha256`, value, operator ?? 'StringLike');
}
/**
* Filters access by server-side encryption
*
* https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-data-protection.html
*
* Applies to actions:
* - .toCreateSession()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifXAmzServerSideEncryption(value, operator) {
return this.if(`x-amz-server-side-encryption`, value, operator ?? 'StringLike');
}
/**
* Filters access by AWS KMS customer managed key for server-side encryption
*
* https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-UsingKMSEncryption.html#s3-express-require-sse-kms
*
* Applies to actions:
* - .toCreateSession()
*
* @param value The value(s) to check
* @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike`
*/
ifXAmzServerSideEncryptionAwsKmsKeyId(value, operator) {
return this.if(`x-amz-server-side-encryption-aws-kms-key-id`, value, operator ?? 'ArnLike');
}
/**
* Statement provider for service [s3express](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazons3express.html).
*
*/
constructor(props) {
super(props);
this.servicePrefix = 's3express';
this.accessLevelList = {
Write: [
'CreateAccessPoint',
'CreateBucket',
'CreateSession',
'DeleteAccessPoint',
'DeleteBucket',
'PutEncryptionConfiguration',
'PutInventoryConfiguration',
'PutLifecycleConfiguration',
'PutMetricsConfiguration'
],
'Permissions management': [
'DeleteAccessPointPolicy',
'DeleteAccessPointScope',
'DeleteBucketPolicy',
'PutAccessPointPolicy',
'PutAccessPointScope',
'PutBucketPolicy'
],
Read: [
'GetAccessPoint',
'GetAccessPointPolicy',
'GetAccessPointScope',
'GetBucketPolicy',
'GetEncryptionConfiguration',
'GetInventoryConfiguration',
'GetLifecycleConfiguration',
'GetMetricsConfiguration'
],
List: [
'ListAccessPointsForDirectoryBuckets',
'ListAllMyDirectoryBuckets',
'ListTagsForResource'
],
Tagging: [
'TagResource',
'UntagResource'
]
};
}
}
exports.S3express = S3express;
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiczNleHByZXNzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiczNleHByZXNzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUNBLHlDQUF5RDtBQUd6RDs7OztHQUlHO0FBQ0gsTUFBYSxTQUFVLFNBQVEsd0JBQWU7SUFHNUM7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7T0FtQkc7SUFDSSxtQkFBbUI7UUFDeEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLG1CQUFtQixDQUFDLENBQUM7SUFDdEMsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7Ozs7O09BZ0JHO0lBQ0ksY0FBYztRQUNuQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsY0FBYyxDQUFDLENBQUM7SUFDakMsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7Ozs7Ozs7O09BbUJHO0lBQ0ksZUFBZTtRQUNwQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsZUFBZSxDQUFDLENBQUM7SUFDbEMsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7Ozs7O09BZ0JHO0lBQ0ksbUJBQW1CO1FBQ3hCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxtQkFBbUIsQ0FBQyxDQUFDO0lBQ3RDLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7Ozs7OztPQWdCRztJQUNJLHlCQUF5QjtRQUM5QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMseUJBQXlCLENBQUMsQ0FBQztJQUM1QyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7Ozs7T0FnQkc7SUFDSSx3QkFBd0I7UUFDN0IsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHdCQUF3QixDQUFDLENBQUM7SUFDM0MsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7O09BYUc7SUFDSSxjQUFjO1FBQ25CLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxjQUFjLENBQUMsQ0FBQztJQUNqQyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7T0FhRztJQUNJLG9CQUFvQjtRQUN6QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsb0JBQW9CLENBQUMsQ0FBQztJQUN2QyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7Ozs7T0FnQkc7SUFDSSxnQkFBZ0I7UUFDckIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGdCQUFnQixDQUFDLENBQUM7SUFDbkMsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7Ozs7O09BZ0JHO0lBQ0ksc0JBQXNCO1FBQzNCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxzQkFBc0IsQ0FBQyxDQUFDO0lBQ3pDLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7Ozs7OztPQWdCRztJQUNJLHFCQUFxQjtRQUMxQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMscUJBQXFCLENBQUMsQ0FBQztJQUN4QyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7T0FhRztJQUNJLGlCQUFpQjtRQUN0QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsaUJBQWlCLENBQUMsQ0FBQztJQUNwQyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7T0FhRztJQUNJLDRCQUE0QjtRQUNqQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsNEJBQTRCLENBQUMsQ0FBQztJQUMvQyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7T0FhRztJQUNJLDJCQUEyQjtRQUNoQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsMkJBQTJCLENBQUMsQ0FBQztJQUM5QyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7T0FhRztJQUNJLDJCQUEyQjtRQUNoQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsMkJBQTJCLENBQUMsQ0FBQztJQUM5QyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7T0FhRztJQUNJLHlCQUF5QjtRQUM5QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMseUJBQXlCLENBQUMsQ0FBQztJQUM1QyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7T0FhRztJQUNJLHFDQUFxQztRQUMxQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMscUNBQXFDLENBQUMsQ0FBQztJQUN4RCxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7T0FhRztJQUNJLDJCQUEyQjtRQUNoQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsMkJBQTJCLENBQUMsQ0FBQztJQUM5QyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7T0FhRztJQUNJLHFCQUFxQjtRQUMxQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMscUJBQXFCLENBQUMsQ0FBQztJQUN4QyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7Ozs7T0FnQkc7SUFDSSxzQkFBc0I7UUFDM0IsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHNCQUFzQixDQUFDLENBQUM7SUFDekMsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7Ozs7O09BZ0JHO0lBQ0kscUJBQXFCO1FBQzFCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxxQkFBcUIsQ0FBQyxDQUFDO0lBQ3hDLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7OztPQWFHO0lBQ0ksaUJBQWlCO1FBQ3RCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO0lBQ3BDLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7OztPQWFHO0lBQ0ksNEJBQTRCO1FBQ2pDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyw0QkFBNEIsQ0FBQyxDQUFDO0lBQy9DLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7Ozs7T0FjRztJQUNJLDJCQUEyQjtRQUNoQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsMkJBQTJCLENBQUMsQ0FBQztJQUM5QyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7T0FhRztJQUNJLDJCQUEyQjtRQUNoQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsMkJBQTJCLENBQUMsQ0FBQztJQUM5QyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7T0FhRztJQUNJLHlCQUF5QjtRQUM5QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMseUJBQXlCLENBQUMsQ0FBQztJQUM1QyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7OztPQWVHO0lBQ0ksYUFBYTtRQUNsQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsYUFBYSxDQUFDLENBQUM7SUFDaEMsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7OztPQWNHO0lBQ0ksZUFBZTtRQUNwQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsZUFBZSxDQUFDLENBQUM7SUFDbEMsQ0FBQztJQTJDRDs7Ozs7Ozs7Ozs7OztPQWFHO0lBQ0ksUUFBUSxDQUFDLFVBQWtCLEVBQUUsT0FBZ0IsRUFBRSxNQUFlLEVBQUUsU0FBa0I7UUFDdkYsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLE9BQVEsU0FBUyxJQUFJLElBQUksQ0FBQyxnQkFBaUIsY0FBZSxNQUFNLElBQUksSUFBSSxDQUFDLGFBQWMsSUFBSyxPQUFPLElBQUksSUFBSSxDQUFDLGNBQWUsV0FBWSxVQUFXLEVBQUUsQ0FBQyxDQUFDO0lBQ3ZLLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7OztPQWFHO0lBQ0ksYUFBYSxDQUFDLGVBQXVCLEVBQUUsT0FBZ0IsRUFBRSxNQUFlLEVBQUUsU0FBa0I7UUFDakcsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLE9BQVEsU0FBUyxJQUFJLElBQUksQ0FBQyxnQkFBaUIsY0FBZSxNQUFNLElBQUksSUFBSSxDQUFDLGFBQWMsSUFBSyxPQUFPLElBQUksSUFBSSxDQUFDLGNBQWUsZ0JBQWlCLGVBQWdCLEVBQUUsQ0FBQyxDQUFDO0lBQ2pMLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7OztPQWFHO0lBQ0ksZUFBZSxDQUFDLE1BQWMsRUFBRSxLQUF3QixFQUFFLFFBQTRCO1FBQzNGLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxrQkFBbUIsTUFBTyxFQUFFLEVBQUUsS0FBSyxFQUFFLFFBQVEsSUFBSSxZQUFZLENBQUMsQ0FBQztJQUNoRixDQUFDO0lBRUQ7Ozs7Ozs7Ozs7OztPQVlHO0lBQ0ksZ0JBQWdCLENBQUMsTUFBYyxFQUFFLEtBQXdCLEVBQUUsUUFBNEI7UUFDNUYsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLG1CQUFvQixNQUFPLEVBQUUsRUFBRSxLQUFLLEVBQUUsUUFBUSxJQUFJLFlBQVksQ0FBQyxDQUFDO0lBQ2pGLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7OztPQWFHO0lBQ0ksWUFBWSxDQUFDLEtBQXdCLEVBQUUsUUFBNEI7UUFDeEUsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGFBQWEsRUFBRSxLQUFLLEVBQUUsUUFBUSxJQUFJLFlBQVksQ0FBQyxDQUFDO0lBQ2pFLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7Ozs7Ozs7O09Ba0JHO0lBQ0ksMEJBQTBCLENBQUMsS0FBd0IsRUFBRSxRQUE0QjtRQUN0RixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsMEJBQTBCLEVBQUUsS0FBSyxFQUFFLFFBQVEsSUFBSSxZQUFZLENBQUMsQ0FBQztJQUM5RSxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7O09BV0c7SUFDSSxnQkFBZ0IsQ0FBQyxNQUFjLEVBQUUsS0FBd0IsRUFBRSxRQUE0QjtRQUM1RixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsa0JBQW1CLE1BQU8sRUFBRSxFQUFFLEtBQUssRUFBRSxRQUFRLElBQUksWUFBWSxDQUFDLENBQUM7SUFDaEYsQ0FBQztJQUVEOzs7Ozs7OztPQVFHO0lBQ0kscUNBQXFDLENBQUMsS0FBd0IsRUFBRSxRQUE0QjtRQUNqRyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMscUNBQXFDLEVBQUUsS0FBSyxFQUFFLFFBQVEsSUFBSSxZQUFZLENBQUMsQ0FBQztJQUN6RixDQUFDO0lBRUQ7Ozs7Ozs7Ozs7O09BV0c7SUFDSSxXQUFXLENBQUMsTUFBYyxFQUFFLEtBQXdCLEVBQUUsUUFBNEI7UUFDdkYsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGFBQWMsTUFBTyxFQUFFLEVBQUUsS0FBSyxFQUFFLFFBQVEsSUFBSSxZQUFZLENBQUMsQ0FBQztJQUMzRSxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7Ozs7OztPQWtCRztJQUNJLHdCQUF3QixDQUFDLEtBQXdCLEVBQUUsUUFBNEI7UUFDcEYsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHdCQUF3QixFQUFFLEtBQUssRUFBRSxRQUFRLElBQUksWUFBWSxDQUFDLENBQUM7SUFDNUUsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7Ozs7Ozs7T0FrQkc7SUFDSSxvQkFBb0IsQ0FBQyxLQUF3QixFQUFFLFFBQTRCO1FBQ2hGLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxvQkFBb0IsRUFBRSxLQUFLLEVBQUUsUUFBUSxJQUFJLFNBQVMsQ0FBQyxDQUFDO0lBQ3JFLENBQUM7SUFFRDs7Ozs7Ozs7OztPQVVHO0lBQ0ksbUNBQW1DLENBQUMsS0FBd0IsRUFBRSxRQUE0QjtRQUMvRixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsbUNBQW1DLEVBQUUsS0FBSyxFQUFFLFFBQVEsSUFBSSxZQUFZLENBQUMsQ0FBQztJQUN2RixDQUFDO0lBRUQ7Ozs7Ozs7Ozs7O09BV0c7SUFDSSxjQUFjLENBQUMsS0FBd0IsRUFBRSxRQUE0QjtRQUMxRSxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsY0FBYyxFQUFFLEtBQUssRUFBRSxRQUFRLElBQUksWUFBWSxDQUFDLENBQUM7SUFDbEUsQ0FBQztJQUVEOzs7Ozs7OztPQVFHO0lBQ0ksYUFBYSxDQUFDLEtBQXdCLEVBQUUsUUFBNEI7UUFDekUsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGFBQWEsRUFBRSxLQUFLLEVBQUUsUUFBUSxJQUFJLFlBQVksQ0FBQyxDQUFDO0lBQ2pFLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztPQXFDRztJQUNJLGlCQUFpQixDQUFDLEtBQXdCLEVBQUUsUUFBNEI7UUFDN0UsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGlCQUFpQixFQUFFLEtBQUssRUFBRSxRQUFRLElBQUksWUFBWSxDQUFDLENBQUM7SUFDckUsQ0FBQztJQUVEOzs7Ozs7Ozs7O09BVUc7SUFDSSxhQUFhLENBQUMsS0FBd0IsRUFBRSxRQUE0QjtRQUN6RSxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsYUFBYSxFQUFFLEtBQUssRUFBRSxRQUFRLElBQUksWUFBWSxDQUFDLENBQUM7SUFDakUsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztPQW1DRztJQUNJLFlBQVksQ0FBQyxLQUF3QixFQUFFLFFBQTRCO1FBQ3hFLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxZQUFZLEVBQUUsS0FBSyxFQUFFLFFBQVEsSUFBSSxlQUFlLENBQUMsQ0FBQztJQUNuRSxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7T0FxQ0c7SUFDSSxVQUFVLENBQUMsS0FBd0IsRUFBRSxRQUE0QjtRQUN0RSxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsVUFBVSxFQUFFLEtBQUssRUFBRSxRQUFRLElBQUksWUFBWSxDQUFDLENBQUM7SUFDOUQsQ0FBQztJQUVEOzs7Ozs7Ozs7O09BVUc7SUFDSSxjQUFjLENBQUMsS0FBd0IsRUFBRSxRQUE0QjtRQUMxRSxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsY0FBYyxFQUFFLEtBQUssRUFBRSxRQUFRLElBQUksZUFBZSxDQUFDLENBQUM7SUFDckUsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O09BcUNHO0lBQ0ksa0JBQWtCLENBQUMsS0FBd0IsRUFBRSxRQUE0QjtRQUM5RSxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsa0JBQWtCLEVBQUUsS0FBSyxFQUFFLFFBQVEsSUFBSSxZQUFZLENBQUMsQ0FBQztJQUN0RSxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7T0FxQ0c7SUFDSSxtQkFBbUIsQ0FBQyxLQUF3QixFQUFFLFFBQTRCO1FBQy9FLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxzQkFBc0IsRUFBRSxLQUFLLEVBQUUsUUFBUSxJQUFJLFlBQVksQ0FBQyxDQUFDO0lBQzFFLENBQUM7SUFFRDs7Ozs7Ozs7OztPQVVHO0lBQ0ksMEJBQTBCLENBQUMsS0FBd0IsRUFBRSxRQUE0QjtRQUN0RixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsOEJBQThCLEVBQUUsS0FBSyxFQUFFLFFBQVEsSUFBSSxZQUFZLENBQUMsQ0FBQztJQUNsRixDQUFDO0lBRUQ7Ozs7Ozs7Ozs7T0FVRztJQUNJLHFDQUFxQyxDQUFDLEtBQXdCLEVBQUUsUUFBNEI7UUFDakcsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLDZDQUE2QyxFQUFFLEtBQUssRUFBRSxRQUFRLElBQUksU0FBUyxDQUFDLENBQUM7SUFDOUYsQ0FBQztJQUVEOzs7T0FHRztJQUNILFlBQVksS0FBZ0M7UUFDMUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBdGxDUixrQkFBYSxHQUFHLFdBQVcsQ0FBQztRQXFpQnpCLG9CQUFlLEdBQW9CO1lBQzNDLEtBQUssRUFBRTtnQkFDTCxtQkFBbUI7Z0JBQ25CLGNBQWM7Z0JBQ2QsZUFBZTtnQkFDZixtQkFBbUI7Z0JBQ25CLGNBQWM7Z0JBQ2QsNEJBQTRCO2dCQUM1QiwyQkFBMkI7Z0JBQzNCLDJCQUEyQjtnQkFDM0IseUJBQXlCO2FBQzFCO1lBQ0Qsd0JBQXdCLEVBQUU7Z0JBQ3hCLHlCQUF5QjtnQkFDekIsd0JBQXdCO2dCQUN4QixvQkFBb0I7Z0JBQ3BCLHNCQUFzQjtnQkFDdEIscUJBQXFCO2dCQUNyQixpQkFBaUI7YUFDbEI7WUFDRCxJQUFJLEVBQUU7Z0JBQ0osZ0JBQWdCO2dCQUNoQixzQkFBc0I7Z0JBQ3RCLHFCQUFxQjtnQkFDckIsaUJBQWlCO2dCQUNqQiw0QkFBNEI7Z0JBQzVCLDJCQUEyQjtnQkFDM0IsMkJBQTJCO2dCQUMzQix5QkFBeUI7YUFDMUI7WUFDRCxJQUFJLEVBQUU7Z0JBQ0oscUNBQXFDO2dCQUNyQywyQkFBMkI7Z0JBQzNCLHFCQUFxQjthQUN0QjtZQUNELE9BQU8sRUFBRTtnQkFDUCxhQUFhO2dCQUNiLGVBQWU7YUFDaEI7U0FDRixDQUFDO0lBMmdCRixDQUFDO0NBQ0Y7QUF6bENELDhCQXlsQ0MiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBBY2Nlc3NMZXZlbExpc3QgfSBmcm9tICcuLi8uLi9zaGFyZWQvYWNjZXNzLWxldmVsJztcbmltcG9ydCB7IFBvbGljeVN0YXRlbWVudCwgT3BlcmF0b3IgfSBmcm9tICcuLi8uLi9zaGFyZWQnO1xuaW1wb3J0IHsgYXdzX2lhbSBhcyBpYW0gfSBmcm9tIFwiYXdzLWNkay1saWJcIjtcblxuLyoqXG4gKiBTdGF0ZW1lbnQgcHJvdmlkZXIgZm9yIHNlcnZpY2UgW3MzZXhwcmVzc10oaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL3NlcnZpY2UtYXV0aG9yaXphdGlvbi9sYXRlc3QvcmVmZXJlbmNlL2xpc3RfYW1hem9uczNleHByZXNzLmh0bWwpLlxuICpcbiAqIEBwYXJhbSBzaWQgW1NJRF0oaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL0lBTS9sYXRlc3QvVXNlckd1aWRlL3JlZmVyZW5jZV9wb2xpY2llc19lbGVtZW50c19zaWQuaHRtbCkgb2YgdGhlIHN0YXRlbWVudFxuICovXG5leHBvcnQgY2xhc3MgUzNleHByZXNzIGV4dGVuZHMgUG9saWN5U3RhdGVtZW50IHtcbiAgcHVibGljIHNlcnZpY2VQcmVmaXggPSAnczNleHByZXNzJztcblxuICAvKipcbiAgICogR3JhbnRzIHBlcm1pc3Npb24gdG8gY3JlYXRlIGEgbmV3IGFjY2VzcyBwb2ludFxuICAgKlxuICAgKiBBY2Nlc3MgTGV2ZWw6IFdyaXRlXG4gICAqXG4gICAqIFBvc3NpYmxlIGNvbmRpdGlvbnM6XG4gICAqIC0gLmlmRGF0YUFjY2Vzc1BvaW50QWNjb3VudCgpXG4gICAqIC0gLmlmRGF0YUFjY2Vzc1BvaW50QXJuKClcbiAgICogLSAuaWZBY2Nlc3NQb2ludE5ldHdvcmtPcmlnaW4oKVxuICAgKiAtIC5pZkF1dGhUeXBlKClcbiAgICogLSAuaWZMb2NhdGlvbk5hbWUoKVxuICAgKiAtIC5pZlJlc291cmNlQWNjb3VudCgpXG4gICAqIC0gLmlmU2lnbmF0dXJldmVyc2lvbigpXG4gICAqIC0gLmlmVGxzVmVyc2lvbigpXG4gICAqIC0gLmlmWEFtekNvbnRlbnRTaGEyNTYoKVxuICAgKiAtIC5pZkF3c1JlcXVlc3RUYWcoKVxuICAgKiAtIC5pZkF3c1RhZ0tleXMoKVxuICAgKlxuICAgKiBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vQW1hem9uUzMvbGF0ZXN0L0FQSS9BUElfY29udHJvbF9DcmVhdGVBY2Nlc3NQb2ludC5odG1sXG4gICAqL1xuICBwdWJsaWMgdG9DcmVhdGVBY2Nlc3NQb2ludCgpIHtcbiAgICByZXR1cm4gdGhpcy50bygnQ3JlYXRlQWNjZXNzUG9pbnQnKTtcbiAgfV