cdk-iam-floyd
Version:
AWS IAM policy statement generator with fluent interface for AWS CDK
1,067 lines • 107 kB
JavaScript
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.Wafv2 = void 0;
const shared_1 = require("../../shared");
/**
* Statement provider for service [wafv2](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awswafv2.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
class Wafv2 extends shared_1.PolicyStatement {
/**
* Grants permission to associate a WebACL with a resource
*
* Access Level: Write
*
* Dependent actions:
* - amplify:AssociateWebACL
* - apigateway:SetWebACL
* - apprunner:AssociateWebAcl
* - appsync:AssociateWebACL
* - appsync:SetWebACL
* - cognito-idp:AssociateWebACL
* - ec2:AssociateVerifiedAccessInstanceWebAcl
* - elasticloadbalancing:CreateWebACLAssociation
* - elasticloadbalancing:SetWebAcl
* - wafv2:GetPermissionPolicy
* - wafv2:PutPermissionPolicy
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_AssociateWebACL.html
*/
toAssociateWebACL() {
return this.to('AssociateWebACL');
}
/**
* Grants permission to calculate web ACL capacity unit (WCU) requirements for a specified scope and set of rules
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_CheckCapacity.html
*/
toCheckCapacity() {
return this.to('CheckCapacity');
}
/**
* Grants permission to create an API key for use in the integration of the CAPTCHA API in your JavaScript client applications
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_CreateAPIKey.html
*/
toCreateAPIKey() {
return this.to('CreateAPIKey');
}
/**
* Grants permission to create an IPSet
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - wafv2:TagResource
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_CreateIPSet.html
*/
toCreateIPSet() {
return this.to('CreateIPSet');
}
/**
* Grants permission to create a RegexPatternSet
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - wafv2:TagResource
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_CreateRegexPatternSet.html
*/
toCreateRegexPatternSet() {
return this.to('CreateRegexPatternSet');
}
/**
* Grants permission to create a RuleGroup
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - wafv2:TagResource
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_CreateRuleGroup.html
*/
toCreateRuleGroup() {
return this.to('CreateRuleGroup');
}
/**
* Grants permission to create a WebACL
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - wafv2:TagResource
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_CreateWebACL.html
*/
toCreateWebACL() {
return this.to('CreateWebACL');
}
/**
* Grants permission to delete an API key
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_DeleteAPIKey.html
*/
toDeleteAPIKey() {
return this.to('DeleteAPIKey');
}
/**
* Grants permission to delete FirewallManagedRulesGroups from a WebACL if not managed by Firewall Manager anymore
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_DeleteFirewallManagerRuleGroups.html
*/
toDeleteFirewallManagerRuleGroups() {
return this.to('DeleteFirewallManagerRuleGroups');
}
/**
* Grants permission to delete an IPSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_DeleteIPSet.html
*/
toDeleteIPSet() {
return this.to('DeleteIPSet');
}
/**
* Grants permission to delete the LoggingConfiguration from a WebACL
*
* Access Level: Write
*
* Possible conditions:
* - .ifLogScope()
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_DeleteLoggingConfiguration.html
*/
toDeleteLoggingConfiguration() {
return this.to('DeleteLoggingConfiguration');
}
/**
* Grants permission to delete the PermissionPolicy on a RuleGroup
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_DeletePermissionPolicy.html
*/
toDeletePermissionPolicy() {
return this.to('DeletePermissionPolicy');
}
/**
* Grants permission to delete a RegexPatternSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_DeleteRegexPatternSet.html
*/
toDeleteRegexPatternSet() {
return this.to('DeleteRegexPatternSet');
}
/**
* Grants permission to delete a RuleGroup
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_DeleteRuleGroup.html
*/
toDeleteRuleGroup() {
return this.to('DeleteRuleGroup');
}
/**
* Grants permission to delete a WebACL
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_DeleteWebACL.html
*/
toDeleteWebACL() {
return this.to('DeleteWebACL');
}
/**
* Grants permission to retrieve product information for a managed rule group
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_DescribeAllManagedProducts.html
*/
toDescribeAllManagedProducts() {
return this.to('DescribeAllManagedProducts');
}
/**
* Grants permission to retrieve product information for a managed rule group by a given vendor
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_DescribeManagedProductsByVendor.html
*/
toDescribeManagedProductsByVendor() {
return this.to('DescribeManagedProductsByVendor');
}
/**
* Grants permission to retrieve high-level information for a managed rule group
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_DescribeManagedRuleGroup.html
*/
toDescribeManagedRuleGroup() {
return this.to('DescribeManagedRuleGroup');
}
/**
* Grants permission to disassociate Firewall Manager from a WebACL
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_DisassociateFirewallManager.html
*/
toDisassociateFirewallManager() {
return this.to('DisassociateFirewallManager');
}
/**
* Grants permission to disassociate a WebACL from an application resource
*
* Access Level: Write
*
* Dependent actions:
* - amplify:DisassociateWebACL
* - apigateway:SetWebACL
* - apprunner:DisassociateWebAcl
* - appsync:DisassociateWebACL
* - appsync:SetWebACL
* - cognito-idp:DisassociateWebACL
* - ec2:DisassociateVerifiedAccessInstanceWebAcl
* - elasticloadbalancing:DeleteWebACLAssociation
* - elasticloadbalancing:SetWebAcl
* - wafv2:PutPermissionPolicy
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_DisassociateWebACL.html
*/
toDisassociateWebACL() {
return this.to('DisassociateWebACL');
}
/**
* Grants permission to generate a presigned download URL for the specified release of the mobile SDK
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_GenerateMobileSdkReleaseUrl.html
*/
toGenerateMobileSdkReleaseUrl() {
return this.to('GenerateMobileSdkReleaseUrl');
}
/**
* Grants permission to return your API key in decrypted form. Use this to check the token domains that you have defined for the key
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_GetDecryptedAPIKey.html
*/
toGetDecryptedAPIKey() {
return this.to('GetDecryptedAPIKey');
}
/**
* Grants permission to retrieve details about an IPSet
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_GetIPSet.html
*/
toGetIPSet() {
return this.to('GetIPSet');
}
/**
* Grants permission to retrieve LoggingConfiguration for a WebACL
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifLogScope()
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_GetLoggingConfiguration.html
*/
toGetLoggingConfiguration() {
return this.to('GetLoggingConfiguration');
}
/**
* Grants permission to retrieve details about a ManagedRuleSet
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_GetManagedRuleSet.html
*/
toGetManagedRuleSet() {
return this.to('GetManagedRuleSet');
}
/**
* Grants permission to retrieve information for the specified mobile SDK release, including release notes and tags
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_GetMobileSdkRelease.html
*/
toGetMobileSdkRelease() {
return this.to('GetMobileSdkRelease');
}
/**
* Grants permission to retrieve a PermissionPolicy for a RuleGroup
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_GetPermissionPolicy.html
*/
toGetPermissionPolicy() {
return this.to('GetPermissionPolicy');
}
/**
* Grants permission to retrieve the keys that are currently blocked by a rate-based rule
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_GetRateBasedStatementManagedKeys.html
*/
toGetRateBasedStatementManagedKeys() {
return this.to('GetRateBasedStatementManagedKeys');
}
/**
* Grants permission to retrieve details about a RegexPatternSet
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_GetRegexPatternSet.html
*/
toGetRegexPatternSet() {
return this.to('GetRegexPatternSet');
}
/**
* Grants permission to retrieve details about a RuleGroup
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_GetRuleGroup.html
*/
toGetRuleGroup() {
return this.to('GetRuleGroup');
}
/**
* Grants permission to retrieve detailed information about a sampling of web requests
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_GetSampledRequests.html
*/
toGetSampledRequests() {
return this.to('GetSampledRequests');
}
/**
* Grants permission to retrieve aggregated path statistics with bot traffic analysis for a WebACL within a specified time window
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_GetTopPathStatisticsByTraffic.html
*/
toGetTopPathStatisticsByTraffic() {
return this.to('GetTopPathStatisticsByTraffic');
}
/**
* Grants permission to retrieve details about a WebACL
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_GetWebACL.html
*/
toGetWebACL() {
return this.to('GetWebACL');
}
/**
* Grants permission to retrieve the WebACL that's associated with a resource
*
* Access Level: Read
*
* Dependent actions:
* - amplify:GetWebACLForResource
* - apprunner:DescribeWebAclForService
* - appsync:GetWebACLForResource
* - cognito-idp:GetWebACLForResource
* - ec2:GetVerifiedAccessInstanceWebAcl
* - elasticloadbalancing:GetLoadBalancerWebACL
* - wafv2:GetWebACL
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_GetWebACLForResource.html
*/
toGetWebACLForResource() {
return this.to('GetWebACLForResource');
}
/**
* Grants permission to retrieve a list of the API keys that you've defined for the specified scope
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_ListAPIKeys.html
*/
toListAPIKeys() {
return this.to('ListAPIKeys');
}
/**
* Grants permission to retrieve an array of managed rule group versions that are available for you to use
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_ListAvailableManagedRuleGroupVersions.html
*/
toListAvailableManagedRuleGroupVersions() {
return this.to('ListAvailableManagedRuleGroupVersions');
}
/**
* Grants permission to retrieve an array of managed rule groups that are available for you to use
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_ListAvailableManagedRuleGroups.html
*/
toListAvailableManagedRuleGroups() {
return this.to('ListAvailableManagedRuleGroups');
}
/**
* Grants permission to retrieve an array of IPSetSummary objects for the IP sets that you manage
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_ListIPSets.html
*/
toListIPSets() {
return this.to('ListIPSets');
}
/**
* Grants permission to retrieve an array of your LoggingConfiguration objects
*
* Access Level: List
*
* Possible conditions:
* - .ifLogScope()
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_ListLoggingConfigurations.html
*/
toListLoggingConfigurations() {
return this.to('ListLoggingConfigurations');
}
/**
* Grants permission to retrieve an array of your ManagedRuleSet objects
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_ListManagedRuleSets.html
*/
toListManagedRuleSets() {
return this.to('ListManagedRuleSets');
}
/**
* Grants permission to retrieve a list of the available releases for the mobile SDK and the specified device platform
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_ListMobileSdkReleases.html
*/
toListMobileSdkReleases() {
return this.to('ListMobileSdkReleases');
}
/**
* Grants permission to retrieve an array of RegexPatternSetSummary objects for the regex pattern sets that you manage
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_ListRegexPatternSets.html
*/
toListRegexPatternSets() {
return this.to('ListRegexPatternSets');
}
/**
* Grants permission to retrieve an array of the Amazon Resource Names (ARNs) for the resources that are associated with a web ACL
*
* Access Level: List
*
* Dependent actions:
* - amplify:ListResourcesForWebACL
* - apprunner:ListAssociatedServicesForWebAcl
* - appsync:ListResourcesForWebACL
* - cognito-idp:ListResourcesForWebACL
* - ec2:DescribeVerifiedAccessInstanceWebAclAssociations
* - elasticloadbalancing:DescribeWebACLAssociation
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_ListResourcesForWebACL.html
*/
toListResourcesForWebACL() {
return this.to('ListResourcesForWebACL');
}
/**
* Grants permission to retrieve an array of RuleGroupSummary objects for the rule groups that you manage
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_ListRuleGroups.html
*/
toListRuleGroups() {
return this.to('ListRuleGroups');
}
/**
* Grants permission to list tags for a resource
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_ListTagsForResource.html
*/
toListTagsForResource() {
return this.to('ListTagsForResource');
}
/**
* Grants permission to retrieve an array of WebACLSummary objects for the web ACLs that you manage
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_ListWebACLs.html
*/
toListWebACLs() {
return this.to('ListWebACLs');
}
/**
* Grants permission to create FirewallManagedRulesGroups in a WebACL
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_PutFirewallManagerRuleGroups.html
*/
toPutFirewallManagerRuleGroups() {
return this.to('PutFirewallManagerRuleGroups');
}
/**
* Grants permission to enable a LoggingConfiguration, to start logging for a web ACL
*
* Access Level: Write
*
* Possible conditions:
* - .ifLogScope()
* - .ifLogDestinationResource()
*
* Dependent actions:
* - iam:CreateServiceLinkedRole
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_PutLoggingConfiguration.html
*/
toPutLoggingConfiguration() {
return this.to('PutLoggingConfiguration');
}
/**
* Grants permission to enable create a new or update an existing version of a ManagedRuleSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_PutManagedRuleSetVersions.html
*/
toPutManagedRuleSetVersions() {
return this.to('PutManagedRuleSetVersions');
}
/**
* Grants permission to attach an IAM policy to a resource, used to share rule groups between accounts
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_PutPermissionPolicy.html
*/
toPutPermissionPolicy() {
return this.to('PutPermissionPolicy');
}
/**
* Grants permission to associate tags with a AWS resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_TagResource.html
*/
toTagResource() {
return this.to('TagResource');
}
/**
* Grants permission to disassociate tags from an AWS resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_UntagResource.html
*/
toUntagResource() {
return this.to('UntagResource');
}
/**
* Grants permission to update an IPSet
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_UpdateIPSet.html
*/
toUpdateIPSet() {
return this.to('UpdateIPSet');
}
/**
* Grants permission to update the expiry date of a version in ManagedRuleSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_UpdateManagedRuleSetVersionExpiryDate.html
*/
toUpdateManagedRuleSetVersionExpiryDate() {
return this.to('UpdateManagedRuleSetVersionExpiryDate');
}
/**
* Grants permission to update a RegexPatternSet
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_UpdateRegexPatternSet.html
*/
toUpdateRegexPatternSet() {
return this.to('UpdateRegexPatternSet');
}
/**
* Grants permission to update a RuleGroup
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_UpdateRuleGroup.html
*/
toUpdateRuleGroup() {
return this.to('UpdateRuleGroup');
}
/**
* Grants permission to update a WebACL
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_UpdateWebACL.html
*/
toUpdateWebACL() {
return this.to('UpdateWebACL');
}
/**
* Adds a resource of type webacl to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_WebACL.html
*
* @param scope - Identifier for the scope.
* @param name - Identifier for the name.
* @param id - Identifier for the id.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onWebacl(scope, name, id, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:wafv2:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:${scope}/webacl/${name}/${id}`);
}
/**
* Adds a resource of type ipset to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_IPSet.html
*
* @param scope - Identifier for the scope.
* @param name - Identifier for the name.
* @param id - Identifier for the id.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onIpset(scope, name, id, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:wafv2:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:${scope}/ipset/${name}/${id}`);
}
/**
* Adds a resource of type managedruleset to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_ManagedRuleSet.html
*
* @param scope - Identifier for the scope.
* @param name - Identifier for the name.
* @param id - Identifier for the id.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onManagedruleset(scope, name, id, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:wafv2:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:${scope}/managedruleset/${name}/${id}`);
}
/**
* Adds a resource of type rulegroup to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_RuleGroup.html
*
* @param scope - Identifier for the scope.
* @param name - Identifier for the name.
* @param id - Identifier for the id.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onRulegroup(scope, name, id, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:wafv2:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:${scope}/rulegroup/${name}/${id}`);
}
/**
* Adds a resource of type regexpatternset to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_RegexPatternSet.html
*
* @param scope - Identifier for the scope.
* @param name - Identifier for the name.
* @param id - Identifier for the id.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onRegexpatternset(scope, name, id, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:wafv2:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:${scope}/regexpatternset/${name}/${id}`);
}
/**
* Adds a resource of type loadbalancer/app/ to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_WebACL.html
*
* @param loadBalancerName - Identifier for the loadBalancerName.
* @param loadBalancerId - Identifier for the loadBalancerId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onLoadbalancerApp(loadBalancerName, loadBalancerId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:elasticloadbalancing:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:loadbalancer/app/${loadBalancerName}/${loadBalancerId}`);
}
/**
* Adds a resource of type apigateway to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_WebACL.html
*
* @param apiId - Identifier for the apiId.
* @param stageName - Identifier for the stageName.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onApigateway(apiId, stageName, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:/restapis/${apiId}/stages/${stageName}`);
}
/**
* Adds a resource of type appsync to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_WebACL.html
*
* @param graphQLAPIId - Identifier for the graphQLAPIId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onAppsync(graphQLAPIId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:appsync:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:apis/${graphQLAPIId}`);
}
/**
* Adds a resource of type userpool to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_WebACL.html
*
* @param userPoolId - Identifier for the userPoolId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onUserpool(userPoolId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:cognito-idp:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:userpool/${userPoolId}`);
}
/**
* Adds a resource of type apprunner to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_WebACL.html
*
* @param serviceName - Identifier for the serviceName.
* @param serviceId - Identifier for the serviceId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onApprunner(serviceName, serviceId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apprunner:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:service/${serviceName}/${serviceId}`);
}
/**
* Adds a resource of type verified-access-instance to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_WebACL.html
*
* @param verifiedAccessInstanceId - Identifier for the verifiedAccessInstanceId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onVerifiedAccessInstance(verifiedAccessInstanceId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:ec2:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:verified-access-instance/${verifiedAccessInstanceId}`);
}
/**
* Adds a resource of type amplify-app to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_WebACL.html
*
* @param appId - Identifier for the appId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onAmplifyApp(appId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:amplify:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:apps/${appId}`);
}
/**
* Filters access by the allowed set of values for each of the tags
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag
*
* Applies to actions:
* - .toCreateIPSet()
* - .toCreateRegexPatternSet()
* - .toCreateRuleGroup()
* - .toCreateWebACL()
* - .toTagResource()
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsRequestTag(tagKey, value, operator) {
return this.if(`aws:RequestTag/${tagKey}`, value, operator ?? 'StringLike');
}
/**
* Filters access by tag-value associated with the resource
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag
*
* Applies to actions:
* - .toGetIPSet()
* - .toGetLoggingConfiguration()
* - .toGetRateBasedStatementManagedKeys()
* - .toGetRegexPatternSet()
* - .toGetRuleGroup()
* - .toGetWebACL()
* - .toListTagsForResource()
* - .toTagResource()
* - .toUpdateIPSet()
* - .toUpdateRegexPatternSet()
* - .toUpdateRuleGroup()
* - .toUpdateWebACL()
*
* Applies to resource types:
* - webacl
* - ipset
* - rulegroup
* - regexpatternset
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsResourceTag(tagKey, value, operator) {
return this.if(`aws:ResourceTag/${tagKey}`, value, operator ?? 'StringLike');
}
/**
* Filters access by the presence of mandatory tags in the request
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys
*
* Applies to actions:
* - .toCreateIPSet()
* - .toCreateRegexPatternSet()
* - .toCreateRuleGroup()
* - .toCreateWebACL()
* - .toTagResource()
* - .toUntagResource()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsTagKeys(value, operator) {
return this.if(`aws:TagKeys`, value, operator ?? 'StringLike');
}
/**
* Filters access by log destination ARN for PutLoggingConfiguration API
*
* https://docs.aws.amazon.com/waf/latest/developerguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies-conditionkeys
*
* Applies to actions:
* - .toPutLoggingConfiguration()
*
* @param value The value(s) to check
* @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike`
*/
ifLogDestinationResource(value, operator) {
return this.if(`LogDestinationResource`, value, operator ?? 'ArnLike');
}
/**
* Filters access by log scope for Logging Configuration API
*
* https://docs.aws.amazon.com/waf/latest/developerguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies-conditionkeys
*
* Applies to actions:
* - .toDeleteLoggingConfiguration()
* - .toGetLoggingConfiguration()
* - .toListLoggingConfigurations()
* - .toPutLoggingConfiguration()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifLogScope(value, operator) {
return this.if(`LogScope`, value, operator ?? 'StringLike');
}
/**
* Statement provider for service [wafv2](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awswafv2.html).
*
*/
constructor(props) {
super(props);
this.servicePrefix = 'wafv2';
this.accessLevelList = {
Write: [
'AssociateWebACL',
'CreateAPIKey',
'CreateIPSet',
'CreateRegexPatternSet',
'CreateRuleGroup',
'CreateWebACL',
'DeleteAPIKey',
'DeleteFirewallManagerRuleGroups',
'DeleteIPSet',
'DeleteLoggingConfiguration',
'DeleteRegexPatternSet',
'DeleteRuleGroup',
'DeleteWebACL',
'DisassociateFirewallManager',
'DisassociateWebACL',
'PutFirewallManagerRuleGroups',
'PutLoggingConfiguration',
'PutManagedRuleSetVersions',
'UpdateIPSet',
'UpdateManagedRuleSetVersionExpiryDate',
'UpdateRegexPatternSet',
'UpdateRuleGroup',
'UpdateWebACL'
],
Read: [
'CheckCapacity',
'DescribeAllManagedProducts',
'DescribeManagedProductsByVendor',
'DescribeManagedRuleGroup',
'GenerateMobileSdkReleaseUrl',
'GetDecryptedAPIKey',
'GetIPSet',
'GetLoggingConfiguration',
'GetManagedRuleSet',
'GetMobileSdkRelease',
'GetPermissionPolicy',
'GetRateBasedStatementManagedKeys',
'GetRegexPatternSet',
'GetRuleGroup',
'GetSampledRequests',
'GetTopPathStatisticsByTraffic',
'GetWebACL',
'GetWebACLForResource',
'ListTagsForResource'
],
'Permissions management': [
'DeletePermissionPolicy',
'PutPermissionPolicy'
],
List: [
'ListAPIKeys',
'ListAvailableManagedRuleGroupVersions',
'ListAvailableManagedRuleGroups',
'ListIPSets',
'ListLoggingConfigurations',
'ListManagedRuleSets',
'ListMobileSdkReleases',
'ListRegexPatternSets',
'ListResourcesForWebACL',
'ListRuleGroups',
'ListWebACLs'
],
Tagging: [
'TagResource',
'UntagResource'
]
};
}
}
exports.Wafv2 = Wafv2;
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoid2FmdjIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJ3YWZ2Mi50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFDQSx5Q0FBeUQ7QUFHekQ7Ozs7R0FJRztBQUNILE1BQWEsS0FBTSxTQUFRLHdCQUFlO0lBR3hDOzs7Ozs7Ozs7Ozs7Ozs7Ozs7O09BbUJHO0lBQ0ksaUJBQWlCO1FBQ3RCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO0lBQ3BDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxlQUFlO1FBQ3BCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxlQUFlLENBQUMsQ0FBQztJQUNsQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksY0FBYztRQUNuQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsY0FBYyxDQUFDLENBQUM7SUFDakMsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7O09BYUc7SUFDSSxhQUFhO1FBQ2xCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxhQUFhLENBQUMsQ0FBQztJQUNoQyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7T0FhRztJQUNJLHVCQUF1QjtRQUM1QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsdUJBQXVCLENBQUMsQ0FBQztJQUMxQyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7T0FhRztJQUNJLGlCQUFpQjtRQUN0QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsaUJBQWlCLENBQUMsQ0FBQztJQUNwQyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7T0FhRztJQUNJLGNBQWM7UUFDbkIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGNBQWMsQ0FBQyxDQUFDO0lBQ2pDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxjQUFjO1FBQ25CLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxjQUFjLENBQUMsQ0FBQztJQUNqQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksaUNBQWlDO1FBQ3RDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxpQ0FBaUMsQ0FBQyxDQUFDO0lBQ3BELENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxhQUFhO1FBQ2xCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxhQUFhLENBQUMsQ0FBQztJQUNoQyxDQUFDO0lBRUQ7Ozs7Ozs7OztPQVNHO0lBQ0ksNEJBQTRCO1FBQ2pDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyw0QkFBNEIsQ0FBQyxDQUFDO0lBQy9DLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSx3QkFBd0I7UUFDN0IsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHdCQUF3QixDQUFDLENBQUM7SUFDM0MsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHVCQUF1QjtRQUM1QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsdUJBQXVCLENBQUMsQ0FBQztJQUMxQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksaUJBQWlCO1FBQ3RCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO0lBQ3BDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxjQUFjO1FBQ25CLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxjQUFjLENBQUMsQ0FBQztJQUNqQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksNEJBQTRCO1FBQ2pDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyw0QkFBNEIsQ0FBQyxDQUFDO0lBQy9DLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxpQ0FBaUM7UUFDdEMsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGlDQUFpQyxDQUFDLENBQUM7SUFDcEQsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLDBCQUEwQjtRQUMvQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsMEJBQTBCLENBQUMsQ0FBQztJQUM3QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksNkJBQTZCO1FBQ2xDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyw2QkFBNkIsQ0FBQyxDQUFDO0lBQ2hELENBQUM7SUFFRDs7Ozs7Ozs7Ozs7Ozs7Ozs7O09Ba0JHO0lBQ0ksb0JBQW9CO1FBQ3pCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxvQkFBb0IsQ0FBQyxDQUFDO0lBQ3ZDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSw2QkFBNkI7UUFDbEMsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLDZCQUE2QixDQUFDLENBQUM7SUFDaEQsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLG9CQUFvQjtRQUN6QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsb0JBQW9CLENBQUMsQ0FBQztJQUN2QyxDQUFDO0lBRUQ7Ozs7Ozs7OztPQVNHO0lBQ0ksVUFBVTtRQUNmLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxVQUFVLENBQUMsQ0FBQztJQUM3QixDQUFDO0lBRUQ7Ozs7Ozs7Ozs7T0FVRztJQUNJLHlCQUF5QjtRQUM5QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMseUJBQXlCLENBQUMsQ0FBQztJQUM1QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksbUJBQW1CO1FBQ3hCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxtQkFBbUIsQ0FBQyxDQUFDO0lBQ3RDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxxQkFBcUI7UUFDMUIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHFCQUFxQixDQUFDLENBQUM7SUFDeEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHFCQUFxQjtRQUMxQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMscUJBQXFCLENBQUMsQ0FBQztJQUN4QyxDQUFDO0lBRUQ7Ozs7Ozs7OztPQVNHO0lBQ0ksa0NBQWtDO1FBQ3ZDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxrQ0FBa0MsQ0FBQyxDQUFDO0lBQ3JELENBQUM7SUFFRDs7Ozs7Ozs7O09BU0c7SUFDSSxvQkFBb0I7UUFDekIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLG9CQUFvQixDQUFDLENBQUM7SUFDdkMsQ0FBQztJQUVEOzs7Ozs7Ozs7T0FTRztJQUNJLGNBQWM7UUFDbkIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGNBQWMsQ0FBQyxDQUFDO0lBQ2pDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxvQkFBb0I7UUFDekIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLG9CQUFvQixDQUFDLENBQUM7SUFDdkMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLCtCQUErQjtRQUNwQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsK0JBQStCLENBQUMsQ0FBQztJQUNsRCxDQUFDO0lBRUQ7Ozs7Ozs7OztPQVNHO0lBQ0ksV0FBVztRQUNoQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsV0FBVyxDQUFDLENBQUM7SUFDOUIsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7Ozs7T0FlRztJQUNJLHNCQUFzQjtRQUMzQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsc0JBQXNCLENBQUMsQ0FBQztJQUN6QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksYUFBYTtRQUNsQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsYUFBYSxDQUFDLENBQUM7SUFDaEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHVDQUF1QztRQUM1QyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsdUNBQXVDLENBQUMsQ0FBQztJQUMxRCxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksZ0NBQWdDO1FBQ3JDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxnQ0FBZ0MsQ0FBQyxDQUFDO0lBQ25ELENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxZQUFZO1FBQ2pCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxZQUFZLENBQUMsQ0FBQztJQUMvQixDQUFDO0lBRUQ7Ozs7Ozs7OztPQVNHO0lBQ0ksMkJBQTJCO1FBQ2hDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQywyQkFBMkIsQ0FBQyxDQUFDO0lBQzlDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxxQkFBcUI7UUFDMUIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHFCQUFxQixDQUFDLENBQUM7SUFDeEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHVCQUF1QjtRQUM1QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsdUJBQXVCLENBQUMsQ0FBQztJQUMxQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksc0JBQXNCO1FBQzNCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxzQkFBc0IsQ0FBQyxDQUFDO0lBQ3pDLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7Ozs7T0FjRztJQUNJLHdCQUF3QjtRQUM3QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsd0JBQXdCLENBQUMsQ0FBQztJQUMzQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksZ0JBQWdCO1FBQ3JCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO0lBQ25DLENBQUM7SUFFRDs7Ozs7Ozs7O09BU0c7SUFDSSxxQkFBcUI7UUFDMUIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHFCQUFxQixDQUFDLENBQUM7SUFDeEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGFBQWE7UUFDbEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGFBQWEsQ0FBQyxDQUFDO0lBQ2hDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSw4QkFBOEI7UUFDbkMsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLDhCQUE4QixDQUFDLENBQUM7SUFDakQsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7O09BYUc7SUFDSSx5QkFBeUI7UUFDOUIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHlCQUF5QixDQUFDLENBQUM7SUFDNUMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLDJCQUEyQjtRQUNoQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsMkJBQTJCLENBQUMsQ0FBQztJQUM5QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0kscUJBQXFCO1FBQzFCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxxQkFBcUIsQ0FBQyxDQUFDO0lBQ3hDLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7T0FXRztJQUNJLGFBQWE7UUFDbEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGFBQWEsQ0FBQyxDQUFDO0lBQ2hDLENBQUM7SUFFRDs7Ozs7Ozs7O09BU0c7SUFDSSxlQUFlO1FBQ3BCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxlQUFlLENBQUMsQ0FBQztJQUNsQyxDQUFDO0lBRUQ7Ozs7Ozs7OztPQVNHO0lBQ0ksYUFBYTtRQUNsQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsYUFBYSxDQUFDLENBQUM7SUFDaEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHVDQUF1QztRQUM1QyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsdUNBQXVDLENBQUMsQ0FBQztJQUMxRCxDQUFDO0lBRUQ7Ozs7Ozs7OztPQVNHO0lBQ0ksdUJBQXVCO1FBQzVCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyx1QkFBdUIsQ0FBQyxDQUFDO0lBQzFDLENBQUM7SUFFRDs7Ozs7Ozs7O09BU0c7SUFDSSxpQkFBaUI7UUFDdEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGlCQUFpQixDQUFDLENBQUM7SUFDcEMsQ0FBQztJQUVEOzs7Ozs7Ozs7T0FTRztJQUNJLGNBQWM7UUFDbkIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGNBQWMsQ0FBQyxDQUFDO0lBQ2pDLENBQUM7SUF3RUQ7Ozs7Ozs7Ozs7Ozs7O09BY0c7SUFDSSxRQUFRLENBQUMsS0FBYSxFQUFFLElBQVksRUFBRSxFQUFVLEVBQUUsT0FBZ0IsRUFBRSxNQUFlLEVBQUUsU0FBa0I7UUFDNUcsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLE9BQVEsU0FBUyxJQUFJLElBQUksQ0FBQyxnQkFBaUIsVUFBVyxNQUFNLElBQUksSUFBSSxDQUFDLGFBQWMsSUFBSyxPQUFPLElBQUksSUFBSSxDQUFDLGNBQWUsSUFBSyxLQUFNLFdBQVksSUFBSyxJQUFLLEVBQUcsRUFBRSxDQUFDLENBQUM7SUFDaEwsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7OztPQWNHO0lBQ0ksT0FBTyxDQUFDLEtBQWEsRUFBRSxJQUFZLEVBQUUsRUFBVSxFQUFFLE9BQWdCLEVBQUUsTUFBZSxFQUFFLFNBQWtCO1FBQzNHLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxPQUFRLFNBQVMsSUFBSSxJQUFJLENBQUMsZ0JBQWlCLFVBQVcsTUFBTSxJQUFJLElBQUksQ0FBQyxhQUFjLElBQUssT0FBTyxJQUFJLElBQUksQ0FBQyxjQUFlLElBQUssS0FBTSxVQUFXLElBQUssSUFBSyxFQUFHLEVBQUUsQ0FBQyxDQUFDO0lBQy9LLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7T0FXRztJQUNJLGdCQUFnQixDQUFDLEtBQWEsRUFBRSxJQUFZLEVBQUUsRUFBVSxFQUFFLE9BQWdCLEVBQUUsTUFBZSxFQUFFLFNBQWtCO1FBQ3BILE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxPQUFRLFNBQVMsSUFBSSxJQUFJLENBQUMsZ0JBQWlCLFVBQVcsTUFBTSxJQUFJLElBQUksQ0FBQyxhQUFjLElBQUssT0FBTyxJQUFJLElBQUksQ0FBQyxjQUFlLElBQUssS0FBTSxtQkFBb0IsSUFBSyxJQUFLLEVBQUcsRUFBRSxDQUFDLENBQUM7SUFDeEwsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7OztPQWNHO0lBQ0ksV0FBVyxDQUFDLEtBQWEsRUFBRSxJQUFZLEVBQUUsRUFBVSxFQUFFLE9BQWdCLEVBQUUsTUFBZSxFQUFFLFNBQWtCO1FBQy9HLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxPQUFRLFNBQVMsSUFBSSxJQUFJLENBQUMsZ0JBQWlCLFVBQVcsTUFBTSxJQUFJLElBQUksQ0FBQyxhQUFjLElBQUssT0FBTyxJQUFJLElBQUksQ0FBQyxjQUFlLElBQUssS0FBTSxjQUFlLElBQUssSUFBSyxFQUFHLEVBQUUsQ0FBQyxDQUFDO0lBQ25MLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7Ozs7T0FjRztJQUNJLGlCQUFpQixDQUFDLEtBQWEsRUFBRSxJQUFZLEVBQUUsRUFBVSxFQUFFLE9BQWdCLEVBQUUsTUFBZSxFQUFFLFNBQWtCO1FBQ3JILE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxPQUFRLFNBQVMsSUFBSSxJQUFJLENBQUMsZ0JBQWlCLFVBQVcsTUFBTSxJQUFJLElBQUksQ0FBQyxhQUFjLElBQUssT0FBTyxJQUFJLElBQUksQ0FBQyxjQUFlLElBQUssS0FBTSxvQkFBcUIsSUFBSyxJQUFLLEVBQUcsRUFBRSxDQUFDLENBQUM7SUFDekwsQ0FBQztJQUVEOzs7Ozs7Ozs7O09BVUc7SUFDSSxpQkFBaUIsQ0FBQyxnQkFBd0IsRUFBRSxjQUFzQixFQUFFLE9BQWdCLEVBQUUsTUFBZSxFQUFFLFNBQWtCO1FBQzlILE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxPQUFRLFNBQVMsSUFBSSxJQUFJLENBQUMsZ0JBQWlCLHlCQUEwQixNQUFNLElBQUksSUFBSSxDQUFDLGFBQWMsSUFBSyxPQUFPLElBQUksSUFBSSxDQUFDLGNBQWUscUJBQXNCLGdCQUFpQixJQUFLLGNBQWUsRUFBRSxDQUFDLENBQUM7SUFDdE4sQ0FBQztJQUVEOzs7Ozs7Ozs7O09BVUc7SUFDSSxZQUFZLENBQUMsS0FBYSxFQUFFLFNBQWlCLEVBQUUsT0FBZ0IsRUFBRSxNQUFlLEVBQUUsU0FBa0I7UUFDekcsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLE9BQVEsU0FBUyxJQUFJLElBQUksQ0FBQyxnQkFBaUIsZUFBZ0IsTUFBTSxJQUFJLElBQUksQ0FBQyxhQUFjLElBQUssT0FBTyxJQUFJLElBQUksQ0FBQyxjQUFlLGNBQWUsS0FBTSxXQUFZLFNBQVUsRUFBRSxDQUFDLENBQUM7SUFDNUwsQ0FBQztJQUVEOzs7Ozs7Ozs7T0FTRztJQUNJLFNBQVMsQ0FBQyxZQUFvQixFQUFFLE9BQWdCLEVBQUUsTUFBZSxFQUFFLFNBQWtCO1FBQzFGLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxPQUFRLFNBQVMsSUFBSSxJQUFJLENBQUMsZ0JBQWlCLFlBQWEsTUFBTSxJQUFJLElBQUksQ0FBQyxhQUFjLElBQUssT0FBTyxJQUFJLElBQUksQ