iam-floyd
Version:
AWS IAM policy statement generator with fluent interface
1,083 lines • 99.2 kB
JavaScript
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.Ds = void 0;
const shared_1 = require("../../shared");
/**
* Statement provider for service [ds](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsdirectoryservice.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
class Ds extends shared_1.PolicyStatement {
/**
* Statement provider for service [ds](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsdirectoryservice.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
constructor(sid) {
super(sid);
this.servicePrefix = 'ds';
this.accessLevelList = {
Write: [
'AcceptSharedDirectory',
'AddIpRoutes',
'AddRegion',
'AuthorizeApplication',
'CancelSchemaExtension',
'ConnectDirectory',
'CreateAlias',
'CreateComputer',
'CreateConditionalForwarder',
'CreateDirectory',
'CreateIdentityPoolDirectory',
'CreateLogSubscription',
'CreateMicrosoftAD',
'CreateSnapshot',
'CreateTrust',
'DeleteConditionalForwarder',
'DeleteDirectory',
'DeleteLogSubscription',
'DeleteSnapshot',
'DeleteTrust',
'DeregisterCertificate',
'DeregisterEventTopic',
'DisableClientAuthentication',
'DisableDirectoryDataAccess',
'DisableLDAPS',
'DisableRadius',
'DisableRoleAccess',
'DisableSso',
'EnableClientAuthentication',
'EnableDirectoryDataAccess',
'EnableLDAPS',
'EnableRadius',
'EnableRoleAccess',
'EnableSso',
'RegisterCertificate',
'RegisterEventTopic',
'RejectSharedDirectory',
'RemoveIpRoutes',
'RemoveRegion',
'ResetUserPassword',
'RestoreFromSnapshot',
'ShareDirectory',
'StartSchemaExtension',
'UnauthorizeApplication',
'UnshareDirectory',
'UpdateAuthorizedApplication',
'UpdateConditionalForwarder',
'UpdateDirectory',
'UpdateDirectorySetup',
'UpdateNumberOfDomainControllers',
'UpdateRadius',
'UpdateSettings',
'UpdateTrust'
],
'Permissions management': [
'AccessDSData'
],
Tagging: [
'AddTagsToResource',
'RemoveTagsFromResource'
],
Read: [
'CheckAlias',
'DescribeCertificate',
'DescribeClientAuthenticationSettings',
'DescribeConditionalForwarders',
'DescribeDirectoryDataAccess',
'DescribeDomainControllers',
'DescribeEventTopics',
'DescribeLDAPSSettings',
'DescribeRegions',
'DescribeSettings',
'DescribeSharedDirectories',
'DescribeSnapshots',
'DescribeTrusts',
'DescribeUpdateDirectory',
'GetAuthorizedApplicationDetails',
'GetDirectoryLimits',
'GetSnapshotLimits',
'ListAuthorizedApplications',
'ListIpRoutes',
'ListLogSubscriptions',
'ListTagsForResource',
'VerifyTrust'
],
List: [
'DescribeDirectories',
'ListCertificates',
'ListSchemaExtensions'
]
};
}
/**
* Grants permission to accept a directory sharing request that was sent from the directory owner account
*
* Access Level: Write
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_AcceptSharedDirectory.html
*/
toAcceptSharedDirectory() {
return this.to('AcceptSharedDirectory');
}
/**
* Grants permission to access directory data using the Directory Service Data API
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/directoryservice/latest/admin-guide/UsingWithDS_IAM_ResourcePermissions.html
*/
toAccessDSData() {
return this.to('AccessDSData');
}
/**
* Grants permission to add a CIDR address block to correctly route traffic to and from your Microsoft AD on Amazon Web Services
*
* Access Level: Write
*
* Dependent actions:
* - ec2:AuthorizeSecurityGroupEgress
* - ec2:AuthorizeSecurityGroupIngress
* - ec2:DescribeSecurityGroups
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_AddIpRoutes.html
*/
toAddIpRoutes() {
return this.to('AddIpRoutes');
}
/**
* Grants permission to add two domain controllers in the specified Region for the specified directory
*
* Access Level: Write
*
* Dependent actions:
* - ec2:AuthorizeSecurityGroupEgress
* - ec2:AuthorizeSecurityGroupIngress
* - ec2:CreateNetworkInterface
* - ec2:CreateSecurityGroup
* - ec2:CreateTags
* - ec2:DescribeNetworkInterfaces
* - ec2:DescribeSubnets
* - ec2:DescribeVpcs
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_AddRegion.html
*/
toAddRegion() {
return this.to('AddRegion');
}
/**
* Grants permission to add or overwrite one or more tags for the specified Amazon Directory Services directory
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - ec2:CreateTags
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_AddTagsToResource.html
*/
toAddTagsToResource() {
return this.to('AddTagsToResource');
}
/**
* Grants permission to authorize an application for your AWS Directory
*
* Access Level: Write
*
* https://docs.aws.amazon.com/directoryservice/latest/admin-guide/UsingWithDS_IAM_ResourcePermissions.html
*/
toAuthorizeApplication() {
return this.to('AuthorizeApplication');
}
/**
* Grants permission to cancel an in-progress schema extension to a Microsoft AD directory
*
* Access Level: Write
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_CancelSchemaExtension.html
*/
toCancelSchemaExtension() {
return this.to('CancelSchemaExtension');
}
/**
* Grants permission to verify that the alias is available for use
*
* Access Level: Read
*
* https://docs.aws.amazon.com/directoryservice/latest/admin-guide/UsingWithDS_IAM_ResourcePermissions.html
*/
toCheckAlias() {
return this.to('CheckAlias');
}
/**
* Grants permission to create an AD Connector to connect to an on-premises directory
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - ec2:AuthorizeSecurityGroupEgress
* - ec2:AuthorizeSecurityGroupIngress
* - ec2:CreateNetworkInterface
* - ec2:CreateSecurityGroup
* - ec2:CreateTags
* - ec2:DescribeNetworkInterfaces
* - ec2:DescribeSubnets
* - ec2:DescribeVpcs
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_ConnectDirectory.html
*/
toConnectDirectory() {
return this.to('ConnectDirectory');
}
/**
* Grants permission to create an alias for a directory and assigns the alias to the directory
*
* Access Level: Write
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_CreateAlias.html
*/
toCreateAlias() {
return this.to('CreateAlias');
}
/**
* Grants permission to create a computer account in the specified directory, and joins the computer to the directory
*
* Access Level: Write
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_CreateComputer.html
*/
toCreateComputer() {
return this.to('CreateComputer');
}
/**
* Grants permission to create a conditional forwarder associated with your AWS directory
*
* Access Level: Write
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_CreateConditionalForwarder.html
*/
toCreateConditionalForwarder() {
return this.to('CreateConditionalForwarder');
}
/**
* Grants permission to create a Simple AD directory
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - ec2:AuthorizeSecurityGroupEgress
* - ec2:AuthorizeSecurityGroupIngress
* - ec2:CreateNetworkInterface
* - ec2:CreateSecurityGroup
* - ec2:CreateTags
* - ec2:DescribeNetworkInterfaces
* - ec2:DescribeSubnets
* - ec2:DescribeVpcs
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_CreateDirectory.html
*/
toCreateDirectory() {
return this.to('CreateDirectory');
}
/**
* Grants permission to create an IdentityPool Directory in the AWS cloud
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/directoryservice/latest/admin-guide/UsingWithDS_IAM_ResourcePermissions.html
*/
toCreateIdentityPoolDirectory() {
return this.to('CreateIdentityPoolDirectory');
}
/**
* Grants permission to create a subscription to forward real time Directory Service domain controller security logs to the specified CloudWatch log group in your AWS account
*
* Access Level: Write
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_CreateLogSubscription.html
*/
toCreateLogSubscription() {
return this.to('CreateLogSubscription');
}
/**
* Grants permission to create a Microsoft AD in the AWS cloud
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - ec2:AuthorizeSecurityGroupEgress
* - ec2:AuthorizeSecurityGroupIngress
* - ec2:CreateNetworkInterface
* - ec2:CreateSecurityGroup
* - ec2:CreateTags
* - ec2:DescribeNetworkInterfaces
* - ec2:DescribeSubnets
* - ec2:DescribeVpcs
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_CreateMicrosoftAD.html
*/
toCreateMicrosoftAD() {
return this.to('CreateMicrosoftAD');
}
/**
* Grants permission to create a snapshot of a Simple AD or Microsoft AD directory in the AWS cloud
*
* Access Level: Write
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_CreateSnapshot.html
*/
toCreateSnapshot() {
return this.to('CreateSnapshot');
}
/**
* Grants permission to initiate the creation of the AWS side of a trust relationship between a Microsoft AD in the AWS cloud and an external domain
*
* Access Level: Write
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_CreateTrust.html
*/
toCreateTrust() {
return this.to('CreateTrust');
}
/**
* Grants permission to delete a conditional forwarder that has been set up for your AWS directory
*
* Access Level: Write
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_DeleteConditionalForwarder.html
*/
toDeleteConditionalForwarder() {
return this.to('DeleteConditionalForwarder');
}
/**
* Grants permission to delete an AWS Directory Service directory
*
* Access Level: Write
*
* Dependent actions:
* - ec2:DeleteNetworkInterface
* - ec2:DeleteSecurityGroup
* - ec2:DescribeNetworkInterfaces
* - ec2:RevokeSecurityGroupEgress
* - ec2:RevokeSecurityGroupIngress
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_DeleteDirectory.html
*/
toDeleteDirectory() {
return this.to('DeleteDirectory');
}
/**
* Grants permission to delete the specified log subscription
*
* Access Level: Write
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_DeleteLogSubscription.html
*/
toDeleteLogSubscription() {
return this.to('DeleteLogSubscription');
}
/**
* Grants permission to delete a directory snapshot
*
* Access Level: Write
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_DeleteSnapshot.html
*/
toDeleteSnapshot() {
return this.to('DeleteSnapshot');
}
/**
* Grants permission to delete an existing trust relationship between your Microsoft AD in the AWS cloud and an external domain
*
* Access Level: Write
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_DeleteTrust.html
*/
toDeleteTrust() {
return this.to('DeleteTrust');
}
/**
* Grants permission to delete from the system the certificate that was registered for a secured LDAP connection
*
* Access Level: Write
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_DeregisterCertificate.html
*/
toDeregisterCertificate() {
return this.to('DeregisterCertificate');
}
/**
* Grants permission to remove the specified directory as a publisher to the specified SNS topic
*
* Access Level: Write
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_DeregisterEventTopic.html
*/
toDeregisterEventTopic() {
return this.to('DeregisterEventTopic');
}
/**
* Grants permission to display information about the certificate registered for a secured LDAP connection
*
* Access Level: Read
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_DescribeCertificate.html
*/
toDescribeCertificate() {
return this.to('DescribeCertificate');
}
/**
* Grants permission to retrieve information about the type of client authentication for the specified directory, if the type is specified. If no type is specified, information about all client authentication types that are supported for the specified directory is retrieved. Currently, only SmartCard is supported
*
* Access Level: Read
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_DescribeClientAuthenticationSettings.html
*/
toDescribeClientAuthenticationSettings() {
return this.to('DescribeClientAuthenticationSettings');
}
/**
* Grants permission to obtain information about the conditional forwarders for this account
*
* Access Level: Read
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_DescribeConditionalForwarders.html
*/
toDescribeConditionalForwarders() {
return this.to('DescribeConditionalForwarders');
}
/**
* Grants permission to obtain information about the directories that belong to this account
*
* Access Level: List
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_DescribeDirectories.html
*/
toDescribeDirectories() {
return this.to('DescribeDirectories');
}
/**
* Grants permission to describe the Directory Service Data API status for the specified directory
*
* Access Level: Read
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_DescribeDirectoryDataAccess.html
*/
toDescribeDirectoryDataAccess() {
return this.to('DescribeDirectoryDataAccess');
}
/**
* Grants permission to provide information about any domain controllers in your directory
*
* Access Level: Read
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_DescribeDomainControllers.html
*/
toDescribeDomainControllers() {
return this.to('DescribeDomainControllers');
}
/**
* Grants permission to obtain information about which SNS topics receive status messages from the specified directory
*
* Access Level: Read
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_DescribeEventTopics.html
*/
toDescribeEventTopics() {
return this.to('DescribeEventTopics');
}
/**
* Grants permission to describe the status of LDAP security for the specified directory
*
* Access Level: Read
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_DescribeLDAPSSettings.html
*/
toDescribeLDAPSSettings() {
return this.to('DescribeLDAPSSettings');
}
/**
* Grants permission to provide information about the Regions that are configured for multi-Region replication
*
* Access Level: Read
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_DescribeRegions.html
*/
toDescribeRegions() {
return this.to('DescribeRegions');
}
/**
* Grants permission to retrieve information about the configurable settings for the specified directory
*
* Access Level: Read
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_DescribeSettings.html
*/
toDescribeSettings() {
return this.to('DescribeSettings');
}
/**
* Grants permission to return the shared directories in your account
*
* Access Level: Read
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_DescribeSharedDirectories.html
*/
toDescribeSharedDirectories() {
return this.to('DescribeSharedDirectories');
}
/**
* Grants permission to obtain information about the directory snapshots that belong to this account
*
* Access Level: Read
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_DescribeSnapshots.html
*/
toDescribeSnapshots() {
return this.to('DescribeSnapshots');
}
/**
* Grants permission to obtain information about the trust relationships for this account
*
* Access Level: Read
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_DescribeTrusts.html
*/
toDescribeTrusts() {
return this.to('DescribeTrusts');
}
/**
* Grants permission to describe the updates of a directory for a particular update type
*
* Access Level: Read
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_DescribeUpdateDirectory.html
*/
toDescribeUpdateDirectory() {
return this.to('DescribeUpdateDirectory');
}
/**
* Grants permission to disable alternative client authentication methods for the specified directory
*
* Access Level: Write
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_DisableClientAuthentication.html
*/
toDisableClientAuthentication() {
return this.to('DisableClientAuthentication');
}
/**
* Grants permission to disable the Directory Service Data API for the specified directory
*
* Access Level: Write
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_DisableDirectoryDataAccess.html
*/
toDisableDirectoryDataAccess() {
return this.to('DisableDirectoryDataAccess');
}
/**
* Grants permission to deactivate LDAP secure calls for the specified directory
*
* Access Level: Write
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_DisableLDAPS.html
*/
toDisableLDAPS() {
return this.to('DisableLDAPS');
}
/**
* Grants permission to disable multi-factor authentication (MFA) with the Remote Authentication Dial In User Service (RADIUS) server for an AD Connector directory
*
* Access Level: Write
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_DisableRadius.html
*/
toDisableRadius() {
return this.to('DisableRadius');
}
/**
* Grants permission to disable AWS Management Console access for identity in your AWS Directory
*
* Access Level: Write
*
* https://docs.aws.amazon.com/directoryservice/latest/admin-guide/UsingWithDS_IAM_ResourcePermissions.html
*/
toDisableRoleAccess() {
return this.to('DisableRoleAccess');
}
/**
* Grants permission to disable single-sign on for a directory
*
* Access Level: Write
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_DisableSso.html
*/
toDisableSso() {
return this.to('DisableSso');
}
/**
* Grants permission to enable alternative client authentication methods for the specified directory
*
* Access Level: Write
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_EnableClientAuthentication.html
*/
toEnableClientAuthentication() {
return this.to('EnableClientAuthentication');
}
/**
* Grants permission to enable the Directory Service Data API for the specified directory
*
* Access Level: Write
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_EnableDirectoryDataAccess.html
*/
toEnableDirectoryDataAccess() {
return this.to('EnableDirectoryDataAccess');
}
/**
* Grants permission to activate the switch for the specific directory to always use LDAP secure calls
*
* Access Level: Write
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_EnableLDAPS.html
*/
toEnableLDAPS() {
return this.to('EnableLDAPS');
}
/**
* Grants permission to enable multi-factor authentication (MFA) with the Remote Authentication Dial In User Service (RADIUS) server for an AD Connector directory
*
* Access Level: Write
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_EnableRadius.html
*/
toEnableRadius() {
return this.to('EnableRadius');
}
/**
* Grants permission to enable AWS Management Console access for identity in your AWS Directory
*
* Access Level: Write
*
* Dependent actions:
* - iam:PassRole
*
* https://docs.aws.amazon.com/directoryservice/latest/admin-guide/UsingWithDS_IAM_ResourcePermissions.html
*/
toEnableRoleAccess() {
return this.to('EnableRoleAccess');
}
/**
* Grants permission to enable single-sign on for a directory
*
* Access Level: Write
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_EnableSso.html
*/
toEnableSso() {
return this.to('EnableSso');
}
/**
* Grants permission to retrieve the details of the authorized applications on a directory
*
* Access Level: Read
*
* https://docs.aws.amazon.com/directoryservice/latest/admin-guide/UsingWithDS_IAM_ResourcePermissions.html
*/
toGetAuthorizedApplicationDetails() {
return this.to('GetAuthorizedApplicationDetails');
}
/**
* Grants permission to obtain directory limit information for the current region
*
* Access Level: Read
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_GetDirectoryLimits.html
*/
toGetDirectoryLimits() {
return this.to('GetDirectoryLimits');
}
/**
* Grants permission to obtain the manual snapshot limits for a directory
*
* Access Level: Read
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_GetSnapshotLimits.html
*/
toGetSnapshotLimits() {
return this.to('GetSnapshotLimits');
}
/**
* Grants permission to obtain the AWS applications authorized for a directory
*
* Access Level: Read
*
* https://docs.aws.amazon.com/directoryservice/latest/admin-guide/UsingWithDS_IAM_ResourcePermissions.html
*/
toListAuthorizedApplications() {
return this.to('ListAuthorizedApplications');
}
/**
* Grants permission to list all the certificates registered for a secured LDAP connection, for the specified directory
*
* Access Level: List
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_ListCertificates.html
*/
toListCertificates() {
return this.to('ListCertificates');
}
/**
* Grants permission to list the address blocks that you have added to a directory
*
* Access Level: Read
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_ListIpRoutes.html
*/
toListIpRoutes() {
return this.to('ListIpRoutes');
}
/**
* Grants permission to list the active log subscriptions for the AWS account
*
* Access Level: Read
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_ListLogSubscriptions.html
*/
toListLogSubscriptions() {
return this.to('ListLogSubscriptions');
}
/**
* Grants permission to list all schema extensions applied to a Microsoft AD Directory
*
* Access Level: List
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_ListSchemaExtensions.html
*/
toListSchemaExtensions() {
return this.to('ListSchemaExtensions');
}
/**
* Grants permission to list all tags on an Amazon Directory Services directory
*
* Access Level: Read
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_ListTagsForResource.html
*/
toListTagsForResource() {
return this.to('ListTagsForResource');
}
/**
* Grants permission to register a certificate for secured LDAP connection
*
* Access Level: Write
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_RegisterCertificate.html
*/
toRegisterCertificate() {
return this.to('RegisterCertificate');
}
/**
* Grants permission to associate a directory with an SNS topic
*
* Access Level: Write
*
* Dependent actions:
* - sns:GetTopicAttributes
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_RegisterEventTopic.html
*/
toRegisterEventTopic() {
return this.to('RegisterEventTopic');
}
/**
* Grants permission to reject a directory sharing request that was sent from the directory owner account
*
* Access Level: Write
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_RejectSharedDirectory.html
*/
toRejectSharedDirectory() {
return this.to('RejectSharedDirectory');
}
/**
* Grants permission to remove IP address blocks from a directory
*
* Access Level: Write
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_RemoveIpRoutes.html
*/
toRemoveIpRoutes() {
return this.to('RemoveIpRoutes');
}
/**
* Grants permission to stop all replication and removes the domain controllers from the specified Region. You cannot remove the primary Region with this operation
*
* Access Level: Write
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_RemoveRegion.html
*/
toRemoveRegion() {
return this.to('RemoveRegion');
}
/**
* Grants permission to remove tags from an Amazon Directory Services directory
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - ec2:DeleteTags
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_RemoveTagsFromResource.html
*/
toRemoveTagsFromResource() {
return this.to('RemoveTagsFromResource');
}
/**
* Grants permission to reset the password for any user in your AWS Managed Microsoft AD or Simple AD directory
*
* Access Level: Write
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_ResetUserPassword.html
*/
toResetUserPassword() {
return this.to('ResetUserPassword');
}
/**
* Grants permission to restore a directory using an existing directory snapshot
*
* Access Level: Write
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_RestoreFromSnapshot.html
*/
toRestoreFromSnapshot() {
return this.to('RestoreFromSnapshot');
}
/**
* Grants permission to share a specified directory in your AWS account (directory owner) with another AWS account (directory consumer). With this operation you can use your directory from any AWS account and from any Amazon VPC within an AWS Region
*
* Access Level: Write
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_ShareDirectory.html
*/
toShareDirectory() {
return this.to('ShareDirectory');
}
/**
* Grants permission to apply a schema extension to a Microsoft AD directory
*
* Access Level: Write
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_StartSchemaExtension.html
*/
toStartSchemaExtension() {
return this.to('StartSchemaExtension');
}
/**
* Grants permission to unauthorize an application from your AWS Directory
*
* Access Level: Write
*
* https://docs.aws.amazon.com/directoryservice/latest/admin-guide/UsingWithDS_IAM_ResourcePermissions.html
*/
toUnauthorizeApplication() {
return this.to('UnauthorizeApplication');
}
/**
* Grants permission to stop the directory sharing between the directory owner and consumer accounts
*
* Access Level: Write
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_UnshareDirectory.html
*/
toUnshareDirectory() {
return this.to('UnshareDirectory');
}
/**
* Grants permission to update an authorized application for your AWS Directory
*
* Access Level: Write
*
* https://docs.aws.amazon.com/directoryservice/latest/admin-guide/UsingWithDS_IAM_ResourcePermissions.html
*/
toUpdateAuthorizedApplication() {
return this.to('UpdateAuthorizedApplication');
}
/**
* Grants permission to update a conditional forwarder that has been set up for your AWS directory
*
* Access Level: Write
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_UpdateConditionalForwarder.html
*/
toUpdateConditionalForwarder() {
return this.to('UpdateConditionalForwarder');
}
/**
* Grants permission to update the configurations like service account credentials or DNS server IP addresses for the specified directory
*
* Access Level: Write
*
* https://docs.aws.amazon.com/directoryservice/latest/admin-guide/UsingWithDS_IAM_ResourcePermissions.html
*/
toUpdateDirectory() {
return this.to('UpdateDirectory');
}
/**
* Grants permission to update the directory for a particular update type
*
* Access Level: Write
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_UpdateDirectorySetup.html
*/
toUpdateDirectorySetup() {
return this.to('UpdateDirectorySetup');
}
/**
* Grants permission to add or remove domain controllers to or from the directory. Based on the difference between current value and new value (provided through this API call), domain controllers will be added or removed. It may take up to 45 minutes for any new domain controllers to become fully active once the requested number of domain controllers is updated. During this time, you cannot make another update request
*
* Access Level: Write
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_UpdateNumberOfDomainControllers.html
*/
toUpdateNumberOfDomainControllers() {
return this.to('UpdateNumberOfDomainControllers');
}
/**
* Grants permission to update the Remote Authentication Dial In User Service (RADIUS) server information for an AD Connector directory
*
* Access Level: Write
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_UpdateRadius.html
*/
toUpdateRadius() {
return this.to('UpdateRadius');
}
/**
* Grants permission to update the configurable settings for the specified directory
*
* Access Level: Write
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_UpdateSettings.html
*/
toUpdateSettings() {
return this.to('UpdateSettings');
}
/**
* Grants permission to update the trust that has been set up between your AWS Managed Microsoft AD directory and an on-premises Active Directory
*
* Access Level: Write
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_UpdateTrust.html
*/
toUpdateTrust() {
return this.to('UpdateTrust');
}
/**
* Grants permission to verify a trust relationship between your Microsoft AD in the AWS cloud and an external domain
*
* Access Level: Read
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_VerifyTrust.html
*/
toVerifyTrust() {
return this.to('VerifyTrust');
}
/**
* Adds a resource of type directory to the statement
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/welcome.html
*
* @param directoryId - Identifier for the directoryId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onDirectory(directoryId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:ds:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:directory/${directoryId}`);
}
/**
* Filters access by the value of the request to AWS DS
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_Tag.html
*
* Applies to actions:
* - .toAddTagsToResource()
* - .toConnectDirectory()
* - .toCreateDirectory()
* - .toCreateIdentityPoolDirectory()
* - .toCreateMicrosoftAD()
* - .toRemoveTagsFromResource()
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsRequestTag(tagKey, value, operator) {
return this.if(`aws:RequestTag/${tagKey}`, value, operator ?? 'StringLike');
}
/**
* Filters access by the AWS DS Resource being acted upon
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_Tag.html
*
* Applies to resource types:
* - directory
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsResourceTag(tagKey, value, operator) {
return this.if(`aws:ResourceTag/${tagKey}`, value, operator ?? 'StringLike');
}
/**
* Filters access by the tag keys that are passed in the request
*
* https://docs.aws.amazon.com/directoryservice/latest/devguide/API_Tag.html
*
* Applies to actions:
* - .toAddTagsToResource()
* - .toConnectDirectory()
* - .toCreateDirectory()
* - .toCreateIdentityPoolDirectory()
* - .toCreateMicrosoftAD()
* - .toRemoveTagsFromResource()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsTagKeys(value, operator) {
return this.if(`aws:TagKeys`, value, operator ?? 'StringLike');
}
}
exports.Ds = Ds;
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZGlyZWN0b3J5c2VydmljZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbImRpcmVjdG9yeXNlcnZpY2UudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQ0EseUNBQXlEO0FBRXpEOzs7O0dBSUc7QUFDSCxNQUFhLEVBQUcsU0FBUSx3QkFBZTtJQUdyQzs7OztPQUlHO0lBQ0gsWUFBWSxHQUFZO1FBQ3RCLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQztRQVJOLGtCQUFhLEdBQUcsSUFBSSxDQUFDO1FBODlCbEIsb0JBQWUsR0FBb0I7WUFDM0MsS0FBSyxFQUFFO2dCQUNMLHVCQUF1QjtnQkFDdkIsYUFBYTtnQkFDYixXQUFXO2dCQUNYLHNCQUFzQjtnQkFDdEIsdUJBQXVCO2dCQUN2QixrQkFBa0I7Z0JBQ2xCLGFBQWE7Z0JBQ2IsZ0JBQWdCO2dCQUNoQiw0QkFBNEI7Z0JBQzVCLGlCQUFpQjtnQkFDakIsNkJBQTZCO2dCQUM3Qix1QkFBdUI7Z0JBQ3ZCLG1CQUFtQjtnQkFDbkIsZ0JBQWdCO2dCQUNoQixhQUFhO2dCQUNiLDRCQUE0QjtnQkFDNUIsaUJBQWlCO2dCQUNqQix1QkFBdUI7Z0JBQ3ZCLGdCQUFnQjtnQkFDaEIsYUFBYTtnQkFDYix1QkFBdUI7Z0JBQ3ZCLHNCQUFzQjtnQkFDdEIsNkJBQTZCO2dCQUM3Qiw0QkFBNEI7Z0JBQzVCLGNBQWM7Z0JBQ2QsZUFBZTtnQkFDZixtQkFBbUI7Z0JBQ25CLFlBQVk7Z0JBQ1osNEJBQTRCO2dCQUM1QiwyQkFBMkI7Z0JBQzNCLGFBQWE7Z0JBQ2IsY0FBYztnQkFDZCxrQkFBa0I7Z0JBQ2xCLFdBQVc7Z0JBQ1gscUJBQXFCO2dCQUNyQixvQkFBb0I7Z0JBQ3BCLHVCQUF1QjtnQkFDdkIsZ0JBQWdCO2dCQUNoQixjQUFjO2dCQUNkLG1CQUFtQjtnQkFDbkIscUJBQXFCO2dCQUNyQixnQkFBZ0I7Z0JBQ2hCLHNCQUFzQjtnQkFDdEIsd0JBQXdCO2dCQUN4QixrQkFBa0I7Z0JBQ2xCLDZCQUE2QjtnQkFDN0IsNEJBQTRCO2dCQUM1QixpQkFBaUI7Z0JBQ2pCLHNCQUFzQjtnQkFDdEIsaUNBQWlDO2dCQUNqQyxjQUFjO2dCQUNkLGdCQUFnQjtnQkFDaEIsYUFBYTthQUNkO1lBQ0Qsd0JBQXdCLEVBQUU7Z0JBQ3hCLGNBQWM7YUFDZjtZQUNELE9BQU8sRUFBRTtnQkFDUCxtQkFBbUI7Z0JBQ25CLHdCQUF3QjthQUN6QjtZQUNELElBQUksRUFBRTtnQkFDSixZQUFZO2dCQUNaLHFCQUFxQjtnQkFDckIsc0NBQXNDO2dCQUN0QywrQkFBK0I7Z0JBQy9CLDZCQUE2QjtnQkFDN0IsMkJBQTJCO2dCQUMzQixxQkFBcUI7Z0JBQ3JCLHVCQUF1QjtnQkFDdkIsaUJBQWlCO2dCQUNqQixrQkFBa0I7Z0JBQ2xCLDJCQUEyQjtnQkFDM0IsbUJBQW1CO2dCQUNuQixnQkFBZ0I7Z0JBQ2hCLHlCQUF5QjtnQkFDekIsaUNBQWlDO2dCQUNqQyxvQkFBb0I7Z0JBQ3BCLG1CQUFtQjtnQkFDbkIsNEJBQTRCO2dCQUM1QixjQUFjO2dCQUNkLHNCQUFzQjtnQkFDdEIscUJBQXFCO2dCQUNyQixhQUFhO2FBQ2Q7WUFDRCxJQUFJLEVBQUU7Z0JBQ0oscUJBQXFCO2dCQUNyQixrQkFBa0I7Z0JBQ2xCLHNCQUFzQjthQUN2QjtTQUNGLENBQUM7SUFqakNGLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSx1QkFBdUI7UUFDNUIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHVCQUF1QixDQUFDLENBQUM7SUFDMUMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGNBQWM7UUFDbkIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGNBQWMsQ0FBQyxDQUFDO0lBQ2pDLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7T0FXRztJQUNJLGFBQWE7UUFDbEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGFBQWEsQ0FBQyxDQUFDO0lBQ2hDLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7Ozs7OztPQWdCRztJQUNJLFdBQVc7UUFDaEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLFdBQVcsQ0FBQyxDQUFDO0lBQzlCLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7OztPQWFHO0lBQ0ksbUJBQW1CO1FBQ3hCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxtQkFBbUIsQ0FBQyxDQUFDO0lBQ3RDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxzQkFBc0I7UUFDM0IsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHNCQUFzQixDQUFDLENBQUM7SUFDekMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHVCQUF1QjtRQUM1QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsdUJBQXVCLENBQUMsQ0FBQztJQUMxQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksWUFBWTtRQUNqQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsWUFBWSxDQUFDLENBQUM7SUFDL0IsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7Ozs7Ozs7OztPQW9CRztJQUNJLGtCQUFrQjtRQUN2QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsa0JBQWtCLENBQUMsQ0FBQztJQUNyQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksYUFBYTtRQUNsQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsYUFBYSxDQUFDLENBQUM7SUFDaEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGdCQUFnQjtRQUNyQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztJQUNuQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksNEJBQTRCO1FBQ2pDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyw0QkFBNEIsQ0FBQyxDQUFDO0lBQy9DLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7T0FvQkc7SUFDSSxpQkFBaUI7UUFDdEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGlCQUFpQixDQUFDLENBQUM7SUFDcEMsQ0FBQztJQUVEOzs7Ozs7Ozs7O09BVUc7SUFDSSw2QkFBNkI7UUFDbEMsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLDZCQUE2QixDQUFDLENBQUM7SUFDaEQsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHVCQUF1QjtRQUM1QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsdUJBQXVCLENBQUMsQ0FBQztJQUMxQyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O09Bb0JHO0lBQ0ksbUJBQW1CO1FBQ3hCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxtQkFBbUIsQ0FBQyxDQUFDO0lBQ3RDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxnQkFBZ0I7UUFDckIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGdCQUFnQixDQUFDLENBQUM7SUFDbkMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGFBQWE7UUFDbEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGFBQWEsQ0FBQyxDQUFDO0lBQ2hDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSw0QkFBNEI7UUFDakMsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLDRCQUE0QixDQUFDLENBQUM7SUFDL0MsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7O09BYUc7SUFDSSxpQkFBaUI7UUFDdEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGlCQUFpQixDQUFDLENBQUM7SUFDcEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHVCQUF1QjtRQUM1QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsdUJBQXVCLENBQUMsQ0FBQztJQUMxQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksZ0JBQWdCO1FBQ3JCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO0lBQ25DLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxhQUFhO1FBQ2xCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxhQUFhLENBQUMsQ0FBQztJQUNoQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksdUJBQXVCO1FBQzVCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyx1QkFBdUIsQ0FBQyxDQUFDO0lBQzFDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxzQkFBc0I7UUFDM0IsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHNCQUFzQixDQUFDLENBQUM7SUFDekMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHFCQUFxQjtRQUMxQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMscUJBQXFCLENBQUMsQ0FBQztJQUN4QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksc0NBQXNDO1FBQzNDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxzQ0FBc0MsQ0FBQyxDQUFDO0lBQ3pELENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSwrQkFBK0I7UUFDcEMsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLCtCQUErQixDQUFDLENBQUM7SUFDbEQsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHFCQUFxQjtRQUMxQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMscUJBQXFCLENBQUMsQ0FBQztJQUN4QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksNkJBQTZCO1FBQ2xDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyw2QkFBNkIsQ0FBQyxDQUFDO0lBQ2hELENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSwyQkFBMkI7UUFDaEMsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLDJCQUEyQixDQUFDLENBQUM7SUFDOUMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHFCQUFxQjtRQUMxQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMscUJBQXFCLENBQUMsQ0FBQztJQUN4QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksdUJBQXVCO1FBQzVCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyx1QkFBdUIsQ0FBQyxDQUFDO0lBQzFDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxpQkFBaUI7UUFDdEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGlCQUFpQixDQUFDLENBQUM7SUFDcEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGtCQUFrQjtRQUN2QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsa0JBQWtCLENBQUMsQ0FBQztJQUNyQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksMkJBQTJCO1FBQ2hDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQywyQkFBMkIsQ0FBQyxDQUFDO0lBQzlDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxtQkFBbUI7UUFDeEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLG1CQUFtQixDQUFDLENBQUM7SUFDdEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGdCQUFnQjtRQUNyQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztJQUNuQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0kseUJBQXlCO1FBQzlCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyx5QkFBeUIsQ0FBQyxDQUFDO0lBQzVDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSw2QkFBNkI7UUFDbEMsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLDZCQUE2QixDQUFDLENBQUM7SUFDaEQsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLDRCQUE0QjtRQUNqQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsNEJBQTRCLENBQUMsQ0FBQztJQUMvQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksY0FBYztRQUNuQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsY0FBYyxDQUFDLENBQUM7SUFDakMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGVBQWU7UUFDcEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGVBQWUsQ0FBQyxDQUFDO0lBQ2xDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxtQkFBbUI7UUFDeEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLG1CQUFtQixDQUFDLENBQUM7SUFDdEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLFlBQVk7UUFDakIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLFlBQVksQ0FBQyxDQUFDO0lBQy9CLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSw0QkFBNEI7UUFDakMsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLDRCQUE0QixDQUFDLENBQUM7SUFDL0MsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLDJCQUEyQjtRQUNoQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsMkJBQTJCLENBQUMsQ0FBQztJQUM5QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksYUFBYTtRQUNsQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsYUFBYSxDQUFDLENBQUM7SUFDaEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGNBQWM7UUFDbkIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGNBQWMsQ0FBQyxDQUFDO0lBQ2pDLENBQUM7SUFFRDs7Ozs7Ozs7O09BU0c7SUFDSSxrQkFBa0I7UUFDdkIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGtCQUFrQixDQUFDLENBQUM7SUFDckMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLFdBQVc7UUFDaEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLFdBQVcsQ0FBQyxDQUFDO0lBQzlCLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxpQ0FBaUM7UUFDdEMsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGlDQUFpQyxDQUFDLENBQUM7SUFDcEQsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLG9CQUFvQjtRQUN6QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsb0JBQW9CLENBQUMsQ0FBQztJQUN2QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksbUJBQW1CO1FBQ3hCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxtQkFBbUIsQ0FBQyxDQUFDO0lBQ3RDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSw0QkFBNEI7UUFDakMsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLDRCQUE0QixDQUFDLENBQUM7SUFDL0MsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGtCQUFrQjtRQUN2QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsa0JBQWtCLENBQUMsQ0FBQztJQUNyQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksY0FBYztRQUNuQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsY0FBYyxDQUFDLENBQUM7SUFDakMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHNCQUFzQjtRQUMzQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsc0JBQXNCLENBQUMsQ0FBQztJQUN6QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksc0JBQXNCO1FBQzNCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxzQkFBc0IsQ0FBQyxDQUFDO0lBQ3pDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxxQkFBcUI7UUFDMUIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHFCQUFxQixDQUFDLENBQUM7SUFDeEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHFCQUFxQjtRQUMxQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMscUJBQXFCLENBQUMsQ0FBQztJQUN4QyxDQUFDO0lBRUQ7Ozs7Ozs7OztPQVNHO0lBQ0ksb0JBQW9CO1FBQ3pCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxvQkFBb0IsQ0FBQyxDQUFDO0lBQ3ZDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSx1QkFBdUI7UUFDNUIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHVCQUF1QixDQUFDLENBQUM7SUFDMUMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGdCQUFnQjtRQUNyQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztJQUNuQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksY0FBYztRQUNuQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsY0FBYyxDQUFDLENBQUM7SUFDakMsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7O09BYUc7SUFDSSx3QkFBd0I7UUFDN0IsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHdCQUF3QixDQUFDLENBQUM7SUFDM0MsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLG1CQUFtQjtRQUN4QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsbUJBQW1CLENBQUMsQ0FBQztJQUN0QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0kscUJBQXFCO1FBQzFCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxxQkFBcUIsQ0FBQyxDQUFDO0lBQ3hDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxnQkFBZ0I7UUFDckIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGdCQUFnQixDQUFDLENBQUM7SUFDbkMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHNCQUFzQjtRQUMzQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsc0JBQXNCLENBQUMsQ0FBQztJQUN6QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksd0JBQXdCO1FBQzdCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyx3QkFBd0IsQ0FBQyxDQUFDO0lBQzNDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxrQkFBa0I7UUFDdkIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGtCQUFrQixDQUFDLENBQUM7SUFDckMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLDZCQUE2QjtRQUNsQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsNkJBQTZCLENBQUMsQ0FBQztJQUNoRCxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksNEJBQTRCO1FBQ2pDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyw0QkFBNEIsQ0FBQyxDQUFDO0lBQy9DLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxpQkFBaUI7UUFDdEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGlCQUFpQixDQUFDLENBQUM7SUFDcEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHNCQUFzQjtRQUMzQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsc0JBQXNCLENBQUMsQ0FBQztJQUN6QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksaUNBQWlDO1FBQ3RDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxpQ0FBaUMsQ0FBQyxDQUFDO0lBQ3BELENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxjQUFjO1FBQ25CLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxjQUFjLENBQUMsQ0FBQztJQUNqQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksZ0JBQWdCO1FBQ3JCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO0lBQ25DLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxhQUFhO1FBQ2xCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxhQUFhLENBQUMsQ0FBQztJQUNoQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksYUFBYTtRQUNsQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsYUFBYSxDQUFDLENBQUM7SUFDaEMsQ0FBQztJQWdHRDs7Ozs7Ozs7Ozs7O09BWUc7SUFDSSxXQUFXLENBQUMsV0FBbUIsRUFBRSxPQUFnQixFQUFFLE1BQWUsRUFBRSxTQUFrQjtRQUMzRixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsT0FBUSxTQUFTLElBQUksSUFBSSxDQUFDLGdCQUFpQixPQUFRLE1BQU0sSUFBSSxJQUFJLENBQUMsYUFBYyxJQUFLLE9BQU8sSUFBSSxJQUFJLENBQUMsY0FBZSxjQUFlLFdBQVksRUFBRSxDQUFDLENBQUM7SUFDcEssQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7Ozs7O09BZ0JHO0lBQ0ksZUFBZSxDQUFDLE1BQWMsRUFBRSxLQUF3QixFQUFFLFFBQTRCO1FBQzNGLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxrQkFBbUIsTUFBTyxFQUFFLEVBQUUsS0FBSyxFQUFFLFFBQVEsSUFBSSxZQUFZLENBQUMsQ0FBQztJQUNoRixDQUFDO0lBRUQ7Ozs7Ozs7Ozs7O09BV0c7SUFDSSxnQkFBZ0IsQ0FBQyxNQUFjLEVBQUUsS0FBd0IsRUFBRSxRQUE0QjtRQUM1RixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsbUJBQW9CLE1BQU8sRUFBRSxFQUFFLEtBQUssRUFBRSxRQUFRLElBQUksWUFBWSxDQUFDLENBQUM7SUFDakYsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7Ozs7T0FlRztJQUNJLFlBQVksQ0FBQyxLQUF3QixFQUFFLFFBQTRCO1FBQ3hFLE9BQU8sSUFBSSxDQUFDLEVB