iam-floyd
Version:
AWS IAM policy statement generator with fluent interface
1,032 lines • 102 kB
JavaScript
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.Fsx = void 0;
const shared_1 = require("../../shared");
/**
* Statement provider for service [fsx](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonfsx.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
class Fsx extends shared_1.PolicyStatement {
/**
* Statement provider for service [fsx](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonfsx.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
constructor(sid) {
super(sid);
this.servicePrefix = 'fsx';
this.accessLevelList = {
Write: [
'AssociateFileGateway',
'AssociateFileSystemAliases',
'CancelDataRepositoryTask',
'CopyBackup',
'CopySnapshotAndUpdateVolume',
'CreateBackup',
'CreateDataRepositoryAssociation',
'CreateDataRepositoryTask',
'CreateFileCache',
'CreateFileSystem',
'CreateFileSystemFromBackup',
'CreateSnapshot',
'CreateStorageVirtualMachine',
'CreateVolume',
'CreateVolumeFromBackup',
'DeleteBackup',
'DeleteDataRepositoryAssociation',
'DeleteFileCache',
'DeleteFileSystem',
'DeleteSnapshot',
'DeleteStorageVirtualMachine',
'DeleteVolume',
'DisassociateFileGateway',
'DisassociateFileSystemAliases',
'ReleaseFileSystemNfsV3Locks',
'RestoreVolumeFromSnapshot',
'StartMisconfiguredStateRecovery',
'UpdateDataRepositoryAssociation',
'UpdateFileCache',
'UpdateFileSystem',
'UpdateSharedVpcConfiguration',
'UpdateSnapshot',
'UpdateStorageVirtualMachine',
'UpdateVolume'
],
'Permissions management': [
'BypassSnaplockEnterpriseRetention',
'DeleteResourcePolicy',
'GetResourcePolicy',
'ManageBackupPrincipalAssociations',
'PutResourcePolicy'
],
Read: [
'DescribeAssociatedFileGateways',
'DescribeBackups',
'DescribeDataRepositoryAssociations',
'DescribeDataRepositoryTasks',
'DescribeFileCaches',
'DescribeFileSystemAliases',
'DescribeFileSystems',
'DescribeSharedVpcConfiguration',
'DescribeSnapshots',
'DescribeStorageVirtualMachines',
'DescribeVolumes',
'ListTagsForResource'
],
Tagging: [
'TagResource',
'UntagResource'
]
};
}
/**
* Grants permission to associate a File Gateway instance with an Amazon FSx for Windows File Server file system
*
* Access Level: Write
*
* https://docs.aws.amazon.com/filegateway/latest/filefsxw/what-is-file-fsxw.html
*/
toAssociateFileGateway() {
return this.to('AssociateFileGateway');
}
/**
* Grants permission to associate DNS aliases with an Amazon FSx for Windows File Server file system
*
* Access Level: Write
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_AssociateFileSystemAliases.html
*/
toAssociateFileSystemAliases() {
return this.to('AssociateFileSystemAliases');
}
/**
* Grants permission to allow deletion of an FSx for ONTAP SnapLock Enterprise volume that contains WORM (write once, read many) files with active retention periods
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/fsx/latest/ONTAPGuide/snaplock-enterprise.html#bypass-enterprise
*/
toBypassSnaplockEnterpriseRetention() {
return this.to('BypassSnaplockEnterpriseRetention');
}
/**
* Grants permission to cancel a data repository task
*
* Access Level: Write
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_CancelDataRepositoryTask.html
*/
toCancelDataRepositoryTask() {
return this.to('CancelDataRepositoryTask');
}
/**
* Grants permission to copy a backup
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - fsx:TagResource
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_CopyBackup.html
*/
toCopyBackup() {
return this.to('CopyBackup');
}
/**
* Grants permission to update an existing volume by using a snapshot from another Amazon FSx for OpenZFS file system
*
* Access Level: Write
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_CopySnapshotAndUpdateVolume.html
*/
toCopySnapshotAndUpdateVolume() {
return this.to('CopySnapshotAndUpdateVolume');
}
/**
* Grants permission to create a new backup of an Amazon FSx file system or an Amazon FSx volume
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - fsx:TagResource
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_CreateBackup.html
*/
toCreateBackup() {
return this.to('CreateBackup');
}
/**
* Grants permission to create a new data respository association for an Amazon FSx for Lustre file system
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - fsx:TagResource
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_CreateDataRepositoryAssociation.html
*/
toCreateDataRepositoryAssociation() {
return this.to('CreateDataRepositoryAssociation');
}
/**
* Grants permission to create a new data respository task for an Amazon FSx for Lustre file system
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - fsx:TagResource
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_CreateDataRepositoryTask.html
*/
toCreateDataRepositoryTask() {
return this.to('CreateDataRepositoryTask');
}
/**
* Grants permission to create a new, empty, Amazon file cache
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - ec2:DescribeSecurityGroups
* - ec2:DescribeSubnets
* - ec2:DescribeVpcs
* - ec2:GetSecurityGroupsForVpc
* - fsx:CreateDataRepositoryAssociation
* - fsx:TagResource
* - logs:CreateLogGroup
* - logs:CreateLogStream
* - logs:PutLogEvents
* - s3:ListBucket
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_CreateFileCache.html
*/
toCreateFileCache() {
return this.to('CreateFileCache');
}
/**
* Grants permission to create a new, empty, Amazon FSx file system
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - ec2:GetSecurityGroupsForVpc
* - fsx:TagResource
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_CreateFileSystem.html
*/
toCreateFileSystem() {
return this.to('CreateFileSystem');
}
/**
* Grants permission to create a new Amazon FSx file system from an existing backup
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - ec2:GetSecurityGroupsForVpc
* - fsx:TagResource
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_CreateFileSystemFromBackup.html
*/
toCreateFileSystemFromBackup() {
return this.to('CreateFileSystemFromBackup');
}
/**
* Grants permission to create a new snapshot on a volume
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - fsx:TagResource
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_CreateSnapshot.html
*/
toCreateSnapshot() {
return this.to('CreateSnapshot');
}
/**
* Grants permission to create a new storage virtual machine in an Amazon FSx for Ontap file system
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - fsx:TagResource
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_CreateStorageVirtualMachine.html
*/
toCreateStorageVirtualMachine() {
return this.to('CreateStorageVirtualMachine');
}
/**
* Grants permission to create a new volume
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifStorageVirtualMachineId()
* - .ifParentVolumeId()
*
* Dependent actions:
* - fsx:TagResource
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_CreateVolume.html
*/
toCreateVolume() {
return this.to('CreateVolume');
}
/**
* Grants permission to create a new volume from backup
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifStorageVirtualMachineId()
*
* Dependent actions:
* - fsx:TagResource
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_CreateVolumeFromBackup.html
*/
toCreateVolumeFromBackup() {
return this.to('CreateVolumeFromBackup');
}
/**
* Grants permission to delete a backup, deleting its contents. After deletion, the backup no longer exists, and its data is no longer available
*
* Access Level: Write
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_DeleteBackup.html
*/
toDeleteBackup() {
return this.to('DeleteBackup');
}
/**
* Grants permission to delete a data repository association
*
* Access Level: Write
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_DeleteDataRepositoryAssociation.html
*/
toDeleteDataRepositoryAssociation() {
return this.to('DeleteDataRepositoryAssociation');
}
/**
* Grants permission to delete a file cache, deleting its contents
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - fsx:DeleteDataRepositoryAssociation
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_DeleteFileCache.html
*/
toDeleteFileCache() {
return this.to('DeleteFileCache');
}
/**
* Grants permission to delete a file system, deleting its contents and any existing automatic backups of the file system
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - fsx:CreateBackup
* - fsx:TagResource
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_DeleteFileSystem.html
*/
toDeleteFileSystem() {
return this.to('DeleteFileSystem');
}
/**
* Required to manage cross-account sharing of FSx volumes through AWS Resource Access Manager (RAM). PutResourcePolicy and GetResourcePolicy are also required
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/fsx/latest/OpenZFSGuide/on-demand-replication.html
*/
toDeleteResourcePolicy() {
return this.to('DeleteResourcePolicy');
}
/**
* Grants permission to delete a snapshot on a volume
*
* Access Level: Write
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_DeleteSnapshot.html
*/
toDeleteSnapshot() {
return this.to('DeleteSnapshot');
}
/**
* Grants permission to delete a storage virtual machine, deleting its contents
*
* Access Level: Write
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_DeleteStorageVirtualMachine.html
*/
toDeleteStorageVirtualMachine() {
return this.to('DeleteStorageVirtualMachine');
}
/**
* Grants permission to delete a volume, deleting its contents and any existing automatic backups of the volume
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifStorageVirtualMachineId()
* - .ifParentVolumeId()
*
* Dependent actions:
* - fsx:TagResource
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_DeleteVolume.html
*/
toDeleteVolume() {
return this.to('DeleteVolume');
}
/**
* Grants permission to describe the File Gateway instances associated with an Amazon FSx for Windows File Server file system
*
* Access Level: Read
*
* https://docs.aws.amazon.com/filegateway/latest/filefsxw/what-is-file-fsxw.html
*/
toDescribeAssociatedFileGateways() {
return this.to('DescribeAssociatedFileGateways');
}
/**
* Grants permission to return the descriptions of all backups owned by your AWS account in the AWS Region of the endpoint that you're calling
*
* Access Level: Read
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_DescribeBackups.html
*/
toDescribeBackups() {
return this.to('DescribeBackups');
}
/**
* Grants permission to return the descriptions of all data repository associations owned by your AWS account in the AWS Region of the endpoint that you're calling
*
* Access Level: Read
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_DescribeDataRepositoryAssociations.html
*/
toDescribeDataRepositoryAssociations() {
return this.to('DescribeDataRepositoryAssociations');
}
/**
* Grants permission to return the descriptions of all data repository tasks owned by your AWS account in the AWS Region of the endpoint that you're calling
*
* Access Level: Read
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_DescribeDataRepositoryTasks.html
*/
toDescribeDataRepositoryTasks() {
return this.to('DescribeDataRepositoryTasks');
}
/**
* Grants permission to return the descriptions of all file caches owned by your AWS account in the AWS Region of the endpoint that you're calling
*
* Access Level: Read
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_DescribeFileCaches.html
*/
toDescribeFileCaches() {
return this.to('DescribeFileCaches');
}
/**
* Grants permission to return the description of all DNS aliases owned by your Amazon FSx for Windows File Server file system
*
* Access Level: Read
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_DescribeFileSystemAliases.html
*/
toDescribeFileSystemAliases() {
return this.to('DescribeFileSystemAliases');
}
/**
* Grants permission to return the descriptions of all file systems owned by your AWS account in the AWS Region of the endpoint that you're calling
*
* Access Level: Read
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_DescribeFileSystems.html
*/
toDescribeFileSystems() {
return this.to('DescribeFileSystems');
}
/**
* Grants permission to return the descriptions of whether FSx route table updates from participant accounts are allowed in your account
*
* Access Level: Read
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_DescribeSharedVpcConfiguration.html
*/
toDescribeSharedVpcConfiguration() {
return this.to('DescribeSharedVpcConfiguration');
}
/**
* Grants permission to return the descriptions of all snapshots owned by your AWS account in the AWS Region of the endpoint you're calling
*
* Access Level: Read
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_DescribeSnapshots.html
*/
toDescribeSnapshots() {
return this.to('DescribeSnapshots');
}
/**
* Grants permission to return the descriptions of all storage virtual machines owned by your AWS account in the AWS Region of the endpoint that you're calling
*
* Access Level: Read
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_DescribeStorageVirtualMachines.html
*/
toDescribeStorageVirtualMachines() {
return this.to('DescribeStorageVirtualMachines');
}
/**
* Grants permission to return the descriptions of all volumes owned by your AWS account in the AWS Region of the endpoint that you're calling
*
* Access Level: Read
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_DescribeVolumes.html
*/
toDescribeVolumes() {
return this.to('DescribeVolumes');
}
/**
* Grants permission to disassociate a File Gateway instance from an Amazon FSx for Windows File Server file system
*
* Access Level: Write
*
* https://docs.aws.amazon.com/filegateway/latest/filefsxw/what-is-file-fsxw.html
*/
toDisassociateFileGateway() {
return this.to('DisassociateFileGateway');
}
/**
* Grants permission to disassociate file system aliases with an Amazon FSx for Windows File Server file system
*
* Access Level: Write
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_DisassociateFileSystemAliases.html
*/
toDisassociateFileSystemAliases() {
return this.to('DisassociateFileSystemAliases');
}
/**
* Required to manage cross-account sharing of FSx volumes through AWS Resource Access Manager (RAM). PutResourcePolicy and DeleteResourcePolicy are also required
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/fsx/latest/OpenZFSGuide/on-demand-replication.html
*/
toGetResourcePolicy() {
return this.to('GetResourcePolicy');
}
/**
* Grants permission to list tags for an Amazon FSx resource
*
* Access Level: Read
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_ListTagsForResource.html
*/
toListTagsForResource() {
return this.to('ListTagsForResource');
}
/**
* Grants permission to manage backup principal associations through AWS Backup
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_CopyBackup.html
*/
toManageBackupPrincipalAssociations() {
return this.to('ManageBackupPrincipalAssociations');
}
/**
* Required to manage cross-account sharing of FSx volumes through AWS Resource Access Manager (RAM). DeleteResourcePolicy and GetResourcePolicy are also required
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/fsx/latest/OpenZFSGuide/on-demand-replication.html
*/
toPutResourcePolicy() {
return this.to('PutResourcePolicy');
}
/**
* Grants permission to release file system NFS V3 locks
*
* Access Level: Write
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_ReleaseFileSystemNfsV3Locks.html
*/
toReleaseFileSystemNfsV3Locks() {
return this.to('ReleaseFileSystemNfsV3Locks');
}
/**
* Grants permission to restore volume state from a snapshot
*
* Access Level: Write
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_RestoreVolumeFromSnapshot.html
*/
toRestoreVolumeFromSnapshot() {
return this.to('RestoreVolumeFromSnapshot');
}
/**
* Grants permission to start misconfigured state recovery
*
* Access Level: Write
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_StartMisconfiguredStateRecovery.html
*/
toStartMisconfiguredStateRecovery() {
return this.to('StartMisconfiguredStateRecovery');
}
/**
* Grants permission to tag an Amazon FSx resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_TagResource.html
*/
toTagResource() {
return this.to('TagResource');
}
/**
* Grants permission to remove a tag from an Amazon FSx resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_UntagResource.html
*/
toUntagResource() {
return this.to('UntagResource');
}
/**
* Grants permission to update data repository association configuration
*
* Access Level: Write
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_UpdateDataRepositoryAssociation.html
*/
toUpdateDataRepositoryAssociation() {
return this.to('UpdateDataRepositoryAssociation');
}
/**
* Grants permission to update file cache configuration
*
* Access Level: Write
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_UpdateFileCache.html
*/
toUpdateFileCache() {
return this.to('UpdateFileCache');
}
/**
* Grants permission to update file system configuration
*
* Access Level: Write
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_UpdateFileSystem.html
*/
toUpdateFileSystem() {
return this.to('UpdateFileSystem');
}
/**
* Grants permission to enable or disable FSx route table updates from participant accounts in your account
*
* Access Level: Write
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_UpdateSharedVpcConfiguration.html
*/
toUpdateSharedVpcConfiguration() {
return this.to('UpdateSharedVpcConfiguration');
}
/**
* Grants permission to update snapshot configuration
*
* Access Level: Write
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_UpdateSnapshot.html
*/
toUpdateSnapshot() {
return this.to('UpdateSnapshot');
}
/**
* Grants permission to update storage virtual machine configuration
*
* Access Level: Write
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_UpdateStorageVirtualMachine.html
*/
toUpdateStorageVirtualMachine() {
return this.to('UpdateStorageVirtualMachine');
}
/**
* Grants permission to update volume configuration
*
* Access Level: Write
*
* Possible conditions:
* - .ifStorageVirtualMachineId()
* - .ifParentVolumeId()
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_UpdateVolume.html
*/
toUpdateVolume() {
return this.to('UpdateVolume');
}
/**
* Adds a resource of type file-system to the statement
*
* https://docs.aws.amazon.com/fsx/latest/WindowsGuide/access-control-overview.html#access-control-resources
*
* @param fileSystemId - Identifier for the fileSystemId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onFileSystem(fileSystemId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:fsx:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:file-system/${fileSystemId}`);
}
/**
* Adds a resource of type file-cache to the statement
*
* https://docs.aws.amazon.com/fsx/latest/FileCacheGuide/security-iam.html
*
* @param fileCacheId - Identifier for the fileCacheId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onFileCache(fileCacheId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:fsx:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:file-cache/${fileCacheId}`);
}
/**
* Adds a resource of type backup to the statement
*
* https://docs.aws.amazon.com/fsx/latest/WindowsGuide/access-control-overview.html#access-control-resources
*
* @param backupId - Identifier for the backupId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onBackup(backupId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:fsx:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:backup/${backupId}`);
}
/**
* Adds a resource of type storage-virtual-machine to the statement
*
* https://docs.aws.amazon.com/fsx/latest/ONTAPGuide/security-iam.html
*
* @param fileSystemId - Identifier for the fileSystemId.
* @param storageVirtualMachineId - Identifier for the storageVirtualMachineId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onStorageVirtualMachine(fileSystemId, storageVirtualMachineId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:fsx:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:storage-virtual-machine/${fileSystemId}/${storageVirtualMachineId}`);
}
/**
* Adds a resource of type task to the statement
*
* https://docs.aws.amazon.com/fsx/latest/LustreGuide/access-control-overview.html#access-control-resources
*
* @param taskId - Identifier for the taskId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onTask(taskId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:fsx:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:task/${taskId}`);
}
/**
* Adds a resource of type association to the statement
*
* https://docs.aws.amazon.com/fsx/latest/LustreGuide/access-control-overview.html#access-control-resources
*
* @param fileSystemIdOrFileCacheId - Identifier for the fileSystemIdOrFileCacheId.
* @param dataRepositoryAssociationId - Identifier for the dataRepositoryAssociationId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onAssociation(fileSystemIdOrFileCacheId, dataRepositoryAssociationId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:fsx:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:association/${fileSystemIdOrFileCacheId}/${dataRepositoryAssociationId}`);
}
/**
* Adds a resource of type volume to the statement
*
* https://docs.aws.amazon.com/fsx/latest/ONTAPGuide/security-iam.html
*
* @param fileSystemId - Identifier for the fileSystemId.
* @param volumeId - Identifier for the volumeId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onVolume(fileSystemId, volumeId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:fsx:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:volume/${fileSystemId}/${volumeId}`);
}
/**
* Adds a resource of type snapshot to the statement
*
* https://docs.aws.amazon.com/fsx/latest/OpenZFSGuide/access-control-overview.html#access-control-resources
*
* @param volumeId - Identifier for the volumeId.
* @param snapshotId - Identifier for the snapshotId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onSnapshot(volumeId, snapshotId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:fsx:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:snapshot/${volumeId}/${snapshotId}`);
}
/**
* Filters access by the tags that are passed in the request
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag
*
* Applies to actions:
* - .toCopyBackup()
* - .toCreateBackup()
* - .toCreateDataRepositoryAssociation()
* - .toCreateDataRepositoryTask()
* - .toCreateFileCache()
* - .toCreateFileSystem()
* - .toCreateFileSystemFromBackup()
* - .toCreateSnapshot()
* - .toCreateStorageVirtualMachine()
* - .toCreateVolume()
* - .toCreateVolumeFromBackup()
* - .toDeleteFileCache()
* - .toDeleteFileSystem()
* - .toDeleteVolume()
* - .toTagResource()
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsRequestTag(tagKey, value, operator) {
return this.if(`aws:RequestTag/${tagKey}`, value, operator ?? 'StringLike');
}
/**
* Filters access by the tags associated with the resource
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag
*
* Applies to resource types:
* - file-system
* - file-cache
* - backup
* - storage-virtual-machine
* - task
* - association
* - volume
* - snapshot
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsResourceTag(tagKey, value, operator) {
return this.if(`aws:ResourceTag/${tagKey}`, value, operator ?? 'StringLike');
}
/**
* Filters access by the tag keys that are passed in the request
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys
*
* Applies to actions:
* - .toCopyBackup()
* - .toCreateBackup()
* - .toCreateDataRepositoryAssociation()
* - .toCreateDataRepositoryTask()
* - .toCreateFileCache()
* - .toCreateFileSystem()
* - .toCreateFileSystemFromBackup()
* - .toCreateSnapshot()
* - .toCreateStorageVirtualMachine()
* - .toCreateVolume()
* - .toCreateVolumeFromBackup()
* - .toDeleteFileCache()
* - .toDeleteFileSystem()
* - .toDeleteVolume()
* - .toTagResource()
* - .toUntagResource()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsTagKeys(value, operator) {
return this.if(`aws:TagKeys`, value, operator ?? 'StringLike');
}
/**
* Filters access by whether the backup is a destination backup for a CopyBackup operation
*
* https://docs.aws.amazon.com/fsx/latest/WindowsGuide/using-backups.html#copy-backups
*
* @param value `true` or `false`. **Default:** `true`
*/
ifIsBackupCopyDestination(value) {
return this.if(`IsBackupCopyDestination`, (typeof value !== 'undefined' ? value : true), 'Bool');
}
/**
* Filters access by whether the backup is a source backup for a CopyBackup operation
*
* https://docs.aws.amazon.com/fsx/latest/WindowsGuide/using-backups.html#copy-backups
*
* @param value `true` or `false`. **Default:** `true`
*/
ifIsBackupCopySource(value) {
return this.if(`IsBackupCopySource`, (typeof value !== 'undefined' ? value : true), 'Bool');
}
/**
* Filters access by NFS data repositories which support authentication
*
* https://docs.aws.amazon.com/fsx/latest/FileCacheGuide/encryption-in-transit.html
*
* Applies to actions:
* - .toCreateFileCache()
*
* @param value `true` or `false`. **Default:** `true`
*/
ifNfsDataRepositoryAuthenticationEnabled(value) {
return this.if(`NfsDataRepositoryAuthenticationEnabled`, (typeof value !== 'undefined' ? value : true), 'Bool');
}
/**
* Filters access by NFS data repositories which support encryption-in-transit
*
* https://docs.aws.amazon.com/fsx/latest/FileCacheGuide/encryption-in-transit.html
*
* Applies to actions:
* - .toCreateFileCache()
*
* @param value `true` or `false`. **Default:** `true`
*/
ifNfsDataRepositoryEncryptionInTransitEnabled(value) {
return this.if(`NfsDataRepositoryEncryptionInTransitEnabled`, (typeof value !== 'undefined' ? value : true), 'Bool');
}
/**
* Filters access by the containing parent volume for mutating volume operations
*
* https://docs.aws.amazon.com/fsx/latest/OpenZFSGuide/creating-volumes.html
*
* Applies to actions:
* - .toCreateVolume()
* - .toDeleteVolume()
* - .toUpdateVolume()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifParentVolumeId(value, operator) {
return this.if(`ParentVolumeId`, value, operator ?? 'StringLike');
}
/**
* Filters access by the containing storage virtual machine for a volume for mutating volume operations
*
* https://docs.aws.amazon.com/fsx/latest/ONTAPGuide/creating-volumes.html
*
* Applies to actions:
* - .toCreateVolume()
* - .toCreateVolumeFromBackup()
* - .toDeleteVolume()
* - .toUpdateVolume()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifStorageVirtualMachineId(value, operator) {
return this.if(`StorageVirtualMachineId`, value, operator ?? 'StringLike');
}
}
exports.Fsx = Fsx;
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZnN4LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiZnN4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUNBLHlDQUF5RDtBQUV6RDs7OztHQUlHO0FBQ0gsTUFBYSxHQUFJLFNBQVEsd0JBQWU7SUFHdEM7Ozs7T0FJRztJQUNILFlBQVksR0FBWTtRQUN0QixLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7UUFSTixrQkFBYSxHQUFHLEtBQUssQ0FBQztRQWd0Qm5CLG9CQUFlLEdBQW9CO1lBQzNDLEtBQUssRUFBRTtnQkFDTCxzQkFBc0I7Z0JBQ3RCLDRCQUE0QjtnQkFDNUIsMEJBQTBCO2dCQUMxQixZQUFZO2dCQUNaLDZCQUE2QjtnQkFDN0IsY0FBYztnQkFDZCxpQ0FBaUM7Z0JBQ2pDLDBCQUEwQjtnQkFDMUIsaUJBQWlCO2dCQUNqQixrQkFBa0I7Z0JBQ2xCLDRCQUE0QjtnQkFDNUIsZ0JBQWdCO2dCQUNoQiw2QkFBNkI7Z0JBQzdCLGNBQWM7Z0JBQ2Qsd0JBQXdCO2dCQUN4QixjQUFjO2dCQUNkLGlDQUFpQztnQkFDakMsaUJBQWlCO2dCQUNqQixrQkFBa0I7Z0JBQ2xCLGdCQUFnQjtnQkFDaEIsNkJBQTZCO2dCQUM3QixjQUFjO2dCQUNkLHlCQUF5QjtnQkFDekIsK0JBQStCO2dCQUMvQiw2QkFBNkI7Z0JBQzdCLDJCQUEyQjtnQkFDM0IsaUNBQWlDO2dCQUNqQyxpQ0FBaUM7Z0JBQ2pDLGlCQUFpQjtnQkFDakIsa0JBQWtCO2dCQUNsQiw4QkFBOEI7Z0JBQzlCLGdCQUFnQjtnQkFDaEIsNkJBQTZCO2dCQUM3QixjQUFjO2FBQ2Y7WUFDRCx3QkFBd0IsRUFBRTtnQkFDeEIsbUNBQW1DO2dCQUNuQyxzQkFBc0I7Z0JBQ3RCLG1CQUFtQjtnQkFDbkIsbUNBQW1DO2dCQUNuQyxtQkFBbUI7YUFDcEI7WUFDRCxJQUFJLEVBQUU7Z0JBQ0osZ0NBQWdDO2dCQUNoQyxpQkFBaUI7Z0JBQ2pCLG9DQUFvQztnQkFDcEMsNkJBQTZCO2dCQUM3QixvQkFBb0I7Z0JBQ3BCLDJCQUEyQjtnQkFDM0IscUJBQXFCO2dCQUNyQixnQ0FBZ0M7Z0JBQ2hDLG1CQUFtQjtnQkFDbkIsZ0NBQWdDO2dCQUNoQyxpQkFBaUI7Z0JBQ2pCLHFCQUFxQjthQUN0QjtZQUNELE9BQU8sRUFBRTtnQkFDUCxhQUFhO2dCQUNiLGVBQWU7YUFDaEI7U0FDRixDQUFDO0lBcndCRixDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksc0JBQXNCO1FBQzNCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxzQkFBc0IsQ0FBQyxDQUFDO0lBQ3pDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSw0QkFBNEI7UUFDakMsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLDRCQUE0QixDQUFDLENBQUM7SUFDL0MsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLG1DQUFtQztRQUN4QyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsbUNBQW1DLENBQUMsQ0FBQztJQUN0RCxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksMEJBQTBCO1FBQy9CLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQywwQkFBMEIsQ0FBQyxDQUFDO0lBQzdDLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7OztPQWFHO0lBQ0ksWUFBWTtRQUNqQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsWUFBWSxDQUFDLENBQUM7SUFDL0IsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLDZCQUE2QjtRQUNsQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsNkJBQTZCLENBQUMsQ0FBQztJQUNoRCxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7T0FhRztJQUNJLGNBQWM7UUFDbkIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGNBQWMsQ0FBQyxDQUFDO0lBQ2pDLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7OztPQWFHO0lBQ0ksaUNBQWlDO1FBQ3RDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxpQ0FBaUMsQ0FBQyxDQUFDO0lBQ3BELENBQUM7SUFFRDs7Ozs7Ozs7Ozs7OztPQWFHO0lBQ0ksMEJBQTBCO1FBQy9CLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQywwQkFBMEIsQ0FBQyxDQUFDO0lBQzdDLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztPQXNCRztJQUNJLGlCQUFpQjtRQUN0QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsaUJBQWlCLENBQUMsQ0FBQztJQUNwQyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7O09BY0c7SUFDSSxrQkFBa0I7UUFDdkIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGtCQUFrQixDQUFDLENBQUM7SUFDckMsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7OztPQWNHO0lBQ0ksNEJBQTRCO1FBQ2pDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyw0QkFBNEIsQ0FBQyxDQUFDO0lBQy9DLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7OztPQWFHO0lBQ0ksZ0JBQWdCO1FBQ3JCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO0lBQ25DLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7OztPQWFHO0lBQ0ksNkJBQTZCO1FBQ2xDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyw2QkFBNkIsQ0FBQyxDQUFDO0lBQ2hELENBQUM7SUFFRDs7Ozs7Ozs7Ozs7Ozs7O09BZUc7SUFDSSxjQUFjO1FBQ25CLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxjQUFjLENBQUMsQ0FBQztJQUNqQyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7O09BY0c7SUFDSSx3QkFBd0I7UUFDN0IsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHdCQUF3QixDQUFDLENBQUM7SUFDM0MsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGNBQWM7UUFDbkIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGNBQWMsQ0FBQyxDQUFDO0lBQ2pDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxpQ0FBaUM7UUFDdEMsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGlDQUFpQyxDQUFDLENBQUM7SUFDcEQsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7O09BYUc7SUFDSSxpQkFBaUI7UUFDdEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGlCQUFpQixDQUFDLENBQUM7SUFDcEMsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7OztPQWNHO0lBQ0ksa0JBQWtCO1FBQ3ZCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDO0lBQ3JDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxzQkFBc0I7UUFDM0IsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHNCQUFzQixDQUFDLENBQUM7SUFDekMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGdCQUFnQjtRQUNyQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztJQUNuQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksNkJBQTZCO1FBQ2xDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyw2QkFBNkIsQ0FBQyxDQUFDO0lBQ2hELENBQUM7SUFFRDs7Ozs7Ozs7Ozs7Ozs7O09BZUc7SUFDSSxjQUFjO1FBQ25CLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxjQUFjLENBQUMsQ0FBQztJQUNqQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksZ0NBQWdDO1FBQ3JDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxnQ0FBZ0MsQ0FBQyxDQUFDO0lBQ25ELENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxpQkFBaUI7UUFDdEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGlCQUFpQixDQUFDLENBQUM7SUFDcEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLG9DQUFvQztRQUN6QyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsb0NBQW9DLENBQUMsQ0FBQztJQUN2RCxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksNkJBQTZCO1FBQ2xDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyw2QkFBNkIsQ0FBQyxDQUFDO0lBQ2hELENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxvQkFBb0I7UUFDekIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLG9CQUFvQixDQUFDLENBQUM7SUFDdkMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLDJCQUEyQjtRQUNoQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsMkJBQTJCLENBQUMsQ0FBQztJQUM5QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0kscUJBQXFCO1FBQzFCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxxQkFBcUIsQ0FBQyxDQUFDO0lBQ3hDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxnQ0FBZ0M7UUFDckMsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGdDQUFnQyxDQUFDLENBQUM7SUFDbkQsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLG1CQUFtQjtRQUN4QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsbUJBQW1CLENBQUMsQ0FBQztJQUN0QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksZ0NBQWdDO1FBQ3JDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxnQ0FBZ0MsQ0FBQyxDQUFDO0lBQ25ELENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxpQkFBaUI7UUFDdEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGlCQUFpQixDQUFDLENBQUM7SUFDcEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHlCQUF5QjtRQUM5QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMseUJBQXlCLENBQUMsQ0FBQztJQUM1QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksK0JBQStCO1FBQ3BDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQywrQkFBK0IsQ0FBQyxDQUFDO0lBQ2xELENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxtQkFBbUI7UUFDeEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLG1CQUFtQixDQUFDLENBQUM7SUFDdEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHFCQUFxQjtRQUMxQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMscUJBQXFCLENBQUMsQ0FBQztJQUN4QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksbUNBQW1DO1FBQ3hDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxtQ0FBbUMsQ0FBQyxDQUFDO0lBQ3RELENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxtQkFBbUI7UUFDeEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLG1CQUFtQixDQUFDLENBQUM7SUFDdEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLDZCQUE2QjtRQUNsQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsNkJBQTZCLENBQUMsQ0FBQztJQUNoRCxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksMkJBQTJCO1FBQ2hDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQywyQkFBMkIsQ0FBQyxDQUFDO0lBQzlDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxpQ0FBaUM7UUFDdEMsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGlDQUFpQyxDQUFDLENBQUM7SUFDcEQsQ0FBQztJQUVEOzs7Ozs7Ozs7O09BVUc7SUFDSSxhQUFhO1FBQ2xCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxhQUFhLENBQUMsQ0FBQztJQUNoQyxDQUFDO0lBRUQ7Ozs7Ozs7OztPQVNHO0lBQ0ksZUFBZTtRQUNwQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsZUFBZSxDQUFDLENBQUM7SUFDbEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGlDQUFpQztRQUN0QyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsaUNBQWlDLENBQUMsQ0FBQztJQUNwRCxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksaUJBQWlCO1FBQ3RCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO0lBQ3BDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxrQkFBa0I7UUFDdkIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGtCQUFrQixDQUFDLENBQUM7SUFDckMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLDhCQUE4QjtRQUNuQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsOEJBQThCLENBQUMsQ0FBQztJQUNqRCxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksZ0JBQWdCO1FBQ3JCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO0lBQ25DLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSw2QkFBNkI7UUFDbEMsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLDZCQUE2QixDQUFDLENBQUM7SUFDaEQsQ0FBQztJQUVEOzs7Ozs7Ozs7O09BVUc7SUFDSSxjQUFjO1FBQ25CLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxjQUFjLENBQUMsQ0FBQztJQUNqQyxDQUFDO0lBa0VEOzs7Ozs7Ozs7Ozs7T0FZRztJQUNJLFlBQVksQ0FBQyxZQUFvQixFQUFFLE9BQWdCLEVBQUUsTUFBZSxFQUFFLFNBQWtCO1FBQzdGLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxPQUFRLFNBQVMsSUFBSSxJQUFJLENBQUMsZ0JBQWlCLFFBQVMsTUFBTSxJQUFJLElBQUksQ0FBQyxhQUFjLElBQUssT0FBTyxJQUFJLElBQUksQ0FBQyxjQUFlLGdCQUFpQixZQUFhLEVBQUUsQ0FBQyxDQUFDO0lBQ3hLLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7O09BWUc7SUFDSSxXQUFXLENBQUMsV0FBbUIsRUFBRSxPQUFnQixFQUFFLE1BQWUsRUFBRSxTQUFrQjtRQUMzRixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsT0FBUSxTQUFTLElBQUksSUFBSSxDQUFDLGdCQUFpQixRQUFTLE1BQU0sSUFBSSxJQUFJLENBQUMsYUFBYyxJQUFLLE9BQU8sSUFBSSxJQUFJLENBQUMsY0FBZSxlQUFnQixXQUFZLEVBQUUsQ0FBQyxDQUFDO0lBQ3RLLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7O09BWUc7SUFDSSxRQUFRLENBQUMsUUFBZ0IsRUFBRSxPQUFnQixFQUFFLE1BQWUsRUFBRSxTQUFrQjtRQUNyRixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsT0FBUSxTQUFTLElBQUksSUFBSSxDQUFDLGdCQUFpQixRQUFTLE1BQU0sSUFBSSxJQUFJLENBQUMsYUFBYyxJQUFLLE9BQU8sSUFBSSxJQUFJLENBQUMsY0FBZSxXQUFZLFFBQVMsRUFBRSxDQUFDLENBQUM7SUFDL0osQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7O09BYUc7SUFDSSx1QkFBdUIsQ0FBQyxZQUFvQixFQUFFLHVCQUErQixFQUFFLE9BQWdCLEVBQUUsTUFBZSxFQUFFLFNBQWtCO1FBQ3pJLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxPQUFRLFNBQVMsSUFBSSxJQUFJLENBQUMsZ0JBQWlCLFFBQVMsTUFBTSxJQUFJLElBQUksQ0FBQyxhQUFjLElBQUssT0FBTyxJQUFJLElBQUksQ0FBQyxjQUFlLDRCQUE2QixZQUFhLElBQUssdUJBQXdCLEVBQUUsQ0FBQyxDQUFDO0lBQ2pOLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7O09BWUc7SUFDSSxNQUFNLENBQUMsTUFBYyxFQUFFLE9BQWdCLEVBQUUsTUFBZSxFQUFFLFNBQWtCO1FBQ2pGLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxPQUFRLFNBQVMsSUFBSSxJQUFJLENBQUMsZ0JBQWlCLFFBQVMsTUFBTSxJQUFJLElBQUksQ0FBQyxhQUFjLElBQUssT0FBTyxJQUFJLElBQUksQ0FBQyxjQUFlLFNBQVUsTUFBTyxFQUFFLENBQUMsQ0FBQztJQUMzSixDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7T0FhRztJQUNJLGFBQWEsQ0FBQyx5QkFBaUMsRUFBRSwyQkFBbUMsRUFBRSxPQUFnQixFQUFFLE1BQWUsRUFBRSxTQUFrQjtRQUNoSixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsT0FBUSxTQUFTLElBQUksSUFBSSxDQUFDLGdCQUFpQixRQUFTLE1BQU0sSUFBSSxJQUFJLENBQUMsYUFBYyxJQUFLLE9BQU8sSUFBSSxJQUFJLENBQUMsY0FBZSxnQkFBaUIseUJBQTBCLElBQUssMkJBQTRCLEVBQUUsQ0FBQyxDQUFDO0lBQ3ROLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7OztPQWFHO0lBQ0ksUUFBUSxDQUFDLFlBQW9CLEVBQUUsUUFBZ0IsRUFBRSxPQUFnQixFQUFFLE1BQWUsRUFBRSxTQUFrQjtRQUMzRyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsT0FBUSxTQUFTLElBQUksSUFBSSxDQUFDLGdCQUFpQixRQUFTLE1BQU0sSUFBSSxJQUFJLENBQUMsYUFBYyxJQUFLLE9BQU8sSUFBSSxJQUFJLENBQUMsY0FBZSxXQUFZLFlBQWEsSUFBSyxRQUFTLEVBQUUsQ0FBQyxDQUFDO0lBQ2pMLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7OztPQWFHO0lBQ0ksVUFBVSxDQUFDLFFBQWdCLEVBQUUsVUFBa0IsRUFBRSxPQUFnQixFQUFFLE1BQWUsRUFBRSxTQUFrQjtRQUMzRyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsT0FBUSxTQUFTLElBQUksSUFBSSxDQUFDLGdCQUFpQixRQUFTLE1BQU0sSUFBSSxJQUFJLENBQUMsYUFBYyxJQUFLLE9BQU8sSUFBSSxJQUFJLENBQUMsY0FBZSxhQUFjLFFBQVMsSUFBSyxVQUFXLEVBQUUsQ0FBQyxDQUFDO0lBQ2pMLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztPQXlCRztJQUNJLGVBQWUsQ0FBQyxNQUFjLEVBQUUsS0FBd0IsRUFBRSxRQUE0QjtRQUMzRixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsa0JBQW1CLE1BQU8sRUFBRSxFQUFFLEtBQUssRUFBRSxRQUFRLElBQUksWUFBWSxDQUFDLENBQUM7SUFDaEYsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7Ozs7Ozs7T0FrQkc7SUFDSSxnQkFBZ0IsQ0FBQyxNQUFjLEVBQUUsS0FBd0IsRUFBRSxRQUE0QjtRQUM1RixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsbUJBQW9CLE1BQU8sRUFBRSxFQUFFLEtBQUssRUFBRSxRQUFRLElBQUksWUFBWSxDQUFDLENBQUM7SUFDakYsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O09BeUJHO0lBQ0ksWUFBWSxDQUFDLEtBQXdCLEVBQUUsUUFBNEI7UUFDeEUsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGFBQWEsRUFBRSxLQUFLLEVBQUUsUUFBUSxJQUFJLFlBQVksQ0FBQyxDQUFDO0lBQ2pFLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSx5QkFBeUIsQ0FBQyxLQUFlO1FBQzlDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyx5QkFBeUIsRUFBRSxDQUFDLE9BQU8sS0FBSyxLQUFLLFdBQVcsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUM