iam-floyd
Version:
AWS IAM policy statement generator with fluent interface
1,122 lines • 104 kB
JavaScript
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.Waf = void 0;
const shared_1 = require("../../shared");
/**
* Statement provider for service [waf](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awswaf.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
class Waf extends shared_1.PolicyStatement {
/**
* Statement provider for service [waf](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awswaf.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
constructor(sid) {
super(sid);
this.servicePrefix = 'waf';
this.accessLevelList = {
Write: [
'CreateByteMatchSet',
'CreateGeoMatchSet',
'CreateIPSet',
'CreateRateBasedRule',
'CreateRegexMatchSet',
'CreateRegexPatternSet',
'CreateRule',
'CreateRuleGroup',
'CreateSizeConstraintSet',
'CreateSqlInjectionMatchSet',
'CreateWebACLMigrationStack',
'CreateXssMatchSet',
'DeleteByteMatchSet',
'DeleteGeoMatchSet',
'DeleteIPSet',
'DeleteLoggingConfiguration',
'DeleteRateBasedRule',
'DeleteRegexMatchSet',
'DeleteRegexPatternSet',
'DeleteRule',
'DeleteRuleGroup',
'DeleteSizeConstraintSet',
'DeleteSqlInjectionMatchSet',
'DeleteXssMatchSet',
'PutLoggingConfiguration',
'UpdateByteMatchSet',
'UpdateGeoMatchSet',
'UpdateIPSet',
'UpdateRateBasedRule',
'UpdateRegexMatchSet',
'UpdateRegexPatternSet',
'UpdateRule',
'UpdateRuleGroup',
'UpdateSizeConstraintSet',
'UpdateSqlInjectionMatchSet',
'UpdateXssMatchSet'
],
'Permissions management': [
'CreateWebACL',
'DeletePermissionPolicy',
'DeleteWebACL',
'PutPermissionPolicy',
'UpdateWebACL'
],
Read: [
'GetByteMatchSet',
'GetChangeToken',
'GetChangeTokenStatus',
'GetGeoMatchSet',
'GetIPSet',
'GetLoggingConfiguration',
'GetPermissionPolicy',
'GetRateBasedRule',
'GetRateBasedRuleManagedKeys',
'GetRegexMatchSet',
'GetRegexPatternSet',
'GetRule',
'GetRuleGroup',
'GetSampledRequests',
'GetSizeConstraintSet',
'GetSqlInjectionMatchSet',
'GetWebACL',
'GetXssMatchSet',
'ListTagsForResource'
],
List: [
'ListActivatedRulesInRuleGroup',
'ListByteMatchSets',
'ListGeoMatchSets',
'ListIPSets',
'ListLoggingConfigurations',
'ListRateBasedRules',
'ListRegexMatchSets',
'ListRegexPatternSets',
'ListRuleGroups',
'ListRules',
'ListSizeConstraintSets',
'ListSqlInjectionMatchSets',
'ListSubscribedRuleGroups',
'ListWebACLs',
'ListXssMatchSets'
],
Tagging: [
'TagResource',
'UntagResource'
]
};
}
/**
* Grants permission to create a ByteMatchSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_CreateByteMatchSet.html
*/
toCreateByteMatchSet() {
return this.to('CreateByteMatchSet');
}
/**
* Grants permission to create a GeoMatchSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_CreateGeoMatchSet.html
*/
toCreateGeoMatchSet() {
return this.to('CreateGeoMatchSet');
}
/**
* Grants permission to create an IPSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_CreateIPSet.html
*/
toCreateIPSet() {
return this.to('CreateIPSet');
}
/**
* Grants permission to create a RateBasedRule for limiting the volume of requests from a single IP address
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_CreateRateBasedRule.html
*/
toCreateRateBasedRule() {
return this.to('CreateRateBasedRule');
}
/**
* Grants permission to create a RegexMatchSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_CreateRegexMatchSet.html
*/
toCreateRegexMatchSet() {
return this.to('CreateRegexMatchSet');
}
/**
* Grants permission to create a RegexPatternSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_CreateRegexPatternSet.html
*/
toCreateRegexPatternSet() {
return this.to('CreateRegexPatternSet');
}
/**
* Grants permission to create a Rule for filtering web requests
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_CreateRule.html
*/
toCreateRule() {
return this.to('CreateRule');
}
/**
* Grants permission to create a RuleGroup, which is a collection of predefined rules that you can use in a WebACL
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_CreateRuleGroup.html
*/
toCreateRuleGroup() {
return this.to('CreateRuleGroup');
}
/**
* Grants permission to create a SizeConstraintSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_CreateSizeConstraintSet.html
*/
toCreateSizeConstraintSet() {
return this.to('CreateSizeConstraintSet');
}
/**
* Grants permission to create an SqlInjectionMatchSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_CreateSqlInjectionMatchSet.html
*/
toCreateSqlInjectionMatchSet() {
return this.to('CreateSqlInjectionMatchSet');
}
/**
* Grants permission to create a WebACL, which contains rules for filtering web requests
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_CreateWebACL.html
*/
toCreateWebACL() {
return this.to('CreateWebACL');
}
/**
* Grants permission to create a CloudFormation web ACL template in an S3 bucket for the purposes of migrating the web ACL from AWS WAF Classic to AWS WAF v2
*
* Access Level: Write
*
* Dependent actions:
* - s3:PutObject
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_CreateWebACLMigrationStack.html
*/
toCreateWebACLMigrationStack() {
return this.to('CreateWebACLMigrationStack');
}
/**
* Grants permission to create an XssMatchSet, which you use to detect requests that contain cross-site scripting attacks
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_CreateXssMatchSet.html
*/
toCreateXssMatchSet() {
return this.to('CreateXssMatchSet');
}
/**
* Grants permission to delete a ByteMatchSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_DeleteByteMatchSet.html
*/
toDeleteByteMatchSet() {
return this.to('DeleteByteMatchSet');
}
/**
* Grants permission to delete a GeoMatchSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_DeleteGeoMatchSet.html
*/
toDeleteGeoMatchSet() {
return this.to('DeleteGeoMatchSet');
}
/**
* Grants permission to delete an IPSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_DeleteIPSet.html
*/
toDeleteIPSet() {
return this.to('DeleteIPSet');
}
/**
* Grants permission to delete the LoggingConfiguration from a web ACL
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_DeleteLoggingConfiguration.html
*/
toDeleteLoggingConfiguration() {
return this.to('DeleteLoggingConfiguration');
}
/**
* Grants permission to delete an IAM policy from a rule group
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_DeletePermissionPolicy.html
*/
toDeletePermissionPolicy() {
return this.to('DeletePermissionPolicy');
}
/**
* Grants permission to delete a RateBasedRule
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_DeleteRateBasedRule.html
*/
toDeleteRateBasedRule() {
return this.to('DeleteRateBasedRule');
}
/**
* Grants permission to delete a RegexMatchSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_DeleteRegexMatchSet.html
*/
toDeleteRegexMatchSet() {
return this.to('DeleteRegexMatchSet');
}
/**
* Grants permission to delete a RegexPatternSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_DeleteRegexPatternSet.html
*/
toDeleteRegexPatternSet() {
return this.to('DeleteRegexPatternSet');
}
/**
* Grants permission to delete a Rule
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_DeleteRule.html
*/
toDeleteRule() {
return this.to('DeleteRule');
}
/**
* Grants permission to delete a RuleGroup
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_DeleteRuleGroup.html
*/
toDeleteRuleGroup() {
return this.to('DeleteRuleGroup');
}
/**
* Grants permission to delete a SizeConstraintSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_DeleteSizeConstraintSet.html
*/
toDeleteSizeConstraintSet() {
return this.to('DeleteSizeConstraintSet');
}
/**
* Grants permission to delete an SqlInjectionMatchSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_DeleteSqlInjectionMatchSet.html
*/
toDeleteSqlInjectionMatchSet() {
return this.to('DeleteSqlInjectionMatchSet');
}
/**
* Grants permission to delete a WebACL
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_DeleteWebACL.html
*/
toDeleteWebACL() {
return this.to('DeleteWebACL');
}
/**
* Grants permission to delete an XssMatchSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_DeleteXssMatchSet.html
*/
toDeleteXssMatchSet() {
return this.to('DeleteXssMatchSet');
}
/**
* Grants permission to retrieve a ByteMatchSet
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_GetByteMatchSet.html
*/
toGetByteMatchSet() {
return this.to('GetByteMatchSet');
}
/**
* Grants permission to retrieve a change token to use in create, update, and delete requests
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_GetChangeToken.html
*/
toGetChangeToken() {
return this.to('GetChangeToken');
}
/**
* Grants permission to retrieve the status of a change token
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_GetChangeTokenStatus.html
*/
toGetChangeTokenStatus() {
return this.to('GetChangeTokenStatus');
}
/**
* Grants permission to retrieve a GeoMatchSet
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_GetGeoMatchSet.html
*/
toGetGeoMatchSet() {
return this.to('GetGeoMatchSet');
}
/**
* Grants permission to retrieve an IPSet
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_GetIPSet.html
*/
toGetIPSet() {
return this.to('GetIPSet');
}
/**
* Grants permission to retrieve a LoggingConfiguration for a web ACL
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_GetLoggingConfiguration.html
*/
toGetLoggingConfiguration() {
return this.to('GetLoggingConfiguration');
}
/**
* Grants permission to retrieve an IAM policy for a rule group
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_GetPermissionPolicy.html
*/
toGetPermissionPolicy() {
return this.to('GetPermissionPolicy');
}
/**
* Grants permission to retrieve a RateBasedRule
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_GetRateBasedRule.html
*/
toGetRateBasedRule() {
return this.to('GetRateBasedRule');
}
/**
* Grants permission to retrieve the array of IP addresses that are currently being blocked by a RateBasedRule
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_GetRateBasedRuleManagedKeys.html
*/
toGetRateBasedRuleManagedKeys() {
return this.to('GetRateBasedRuleManagedKeys');
}
/**
* Grants permission to retrieve a RegexMatchSet
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_GetRegexMatchSet.html
*/
toGetRegexMatchSet() {
return this.to('GetRegexMatchSet');
}
/**
* Grants permission to retrieve a RegexPatternSet
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_GetRegexPatternSet.html
*/
toGetRegexPatternSet() {
return this.to('GetRegexPatternSet');
}
/**
* Grants permission to retrieve a Rule
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_GetRule.html
*/
toGetRule() {
return this.to('GetRule');
}
/**
* Grants permission to retrieve a RuleGroup
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_GetRuleGroup.html
*/
toGetRuleGroup() {
return this.to('GetRuleGroup');
}
/**
* Grants permission to retrieve detailed information about a sample set of web requests
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_GetSampledRequests.html
*/
toGetSampledRequests() {
return this.to('GetSampledRequests');
}
/**
* Grants permission to retrieve a SizeConstraintSet
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_GetSizeConstraintSet.html
*/
toGetSizeConstraintSet() {
return this.to('GetSizeConstraintSet');
}
/**
* Grants permission to retrieve an SqlInjectionMatchSet
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_GetSqlInjectionMatchSet.html
*/
toGetSqlInjectionMatchSet() {
return this.to('GetSqlInjectionMatchSet');
}
/**
* Grants permission to retrieve a WebACL
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_GetWebACL.html
*/
toGetWebACL() {
return this.to('GetWebACL');
}
/**
* Grants permission to retrieve an XssMatchSet
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_GetXssMatchSet.html
*/
toGetXssMatchSet() {
return this.to('GetXssMatchSet');
}
/**
* Grants permission to retrieve an array of ActivatedRule objects
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_ListActivatedRulesInRuleGroup.html
*/
toListActivatedRulesInRuleGroup() {
return this.to('ListActivatedRulesInRuleGroup');
}
/**
* Grants permission to retrieve an array of ByteMatchSetSummary objects
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_ListByteMatchSets.html
*/
toListByteMatchSets() {
return this.to('ListByteMatchSets');
}
/**
* Grants permission to retrieve an array of GeoMatchSetSummary objects
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_ListGeoMatchSets.html
*/
toListGeoMatchSets() {
return this.to('ListGeoMatchSets');
}
/**
* Grants permission to retrieve an array of IPSetSummary objects
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_ListIPSets.html
*/
toListIPSets() {
return this.to('ListIPSets');
}
/**
* Grants permission to retrieve an array of LoggingConfiguration objects
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_ListLoggingConfigurations.html
*/
toListLoggingConfigurations() {
return this.to('ListLoggingConfigurations');
}
/**
* Grants permission to retrieve an array of RuleSummary objects
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_ListRateBasedRules.html
*/
toListRateBasedRules() {
return this.to('ListRateBasedRules');
}
/**
* Grants permission to retrieve an array of RegexMatchSetSummary objects
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_ListRegexMatchSets.html
*/
toListRegexMatchSets() {
return this.to('ListRegexMatchSets');
}
/**
* Grants permission to retrieve an array of RegexPatternSetSummary objects
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_ListRegexPatternSets.html
*/
toListRegexPatternSets() {
return this.to('ListRegexPatternSets');
}
/**
* Grants permission to retrieve an array of RuleGroup objects
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_ListRuleGroups.html
*/
toListRuleGroups() {
return this.to('ListRuleGroups');
}
/**
* Grants permission to retrieve an array of RuleSummary objects
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_ListRules.html
*/
toListRules() {
return this.to('ListRules');
}
/**
* Grants permission to retrieve an array of SizeConstraintSetSummary objects
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_ListSizeConstraintSets.html
*/
toListSizeConstraintSets() {
return this.to('ListSizeConstraintSets');
}
/**
* Grants permission to retrieve an array of SqlInjectionMatchSet objects
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_ListSqlInjectionMatchSets.html
*/
toListSqlInjectionMatchSets() {
return this.to('ListSqlInjectionMatchSets');
}
/**
* Grants permission to retrieve an array of RuleGroup objects that you are subscribed to
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_ListSubscribedRuleGroups.html
*/
toListSubscribedRuleGroups() {
return this.to('ListSubscribedRuleGroups');
}
/**
* Grants permission to retrieve the tags for a resource
*
* Access Level: Read
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_ListTagsForResource.html
*/
toListTagsForResource() {
return this.to('ListTagsForResource');
}
/**
* Grants permission to retrieve an array of WebACLSummary objects
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_ListWebACLs.html
*/
toListWebACLs() {
return this.to('ListWebACLs');
}
/**
* Grants permission to retrieve an array of XssMatchSet objects
*
* Access Level: List
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_ListXssMatchSets.html
*/
toListXssMatchSets() {
return this.to('ListXssMatchSets');
}
/**
* Grants permission to associate a LoggingConfiguration with a specified web ACL
*
* Access Level: Write
*
* Dependent actions:
* - iam:CreateServiceLinkedRole
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_PutLoggingConfiguration.html
*/
toPutLoggingConfiguration() {
return this.to('PutLoggingConfiguration');
}
/**
* Grants permission to attach an IAM policy to a rule group, to share the rule group between accounts
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_PutPermissionPolicy.html
*/
toPutPermissionPolicy() {
return this.to('PutPermissionPolicy');
}
/**
* Grants permission to add a Tag to a resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_TagResource.html
*/
toTagResource() {
return this.to('TagResource');
}
/**
* Grants permission to remove a Tag from a resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_UntagResource.html
*/
toUntagResource() {
return this.to('UntagResource');
}
/**
* Grants permission to insert or delete ByteMatchTuple objects in a ByteMatchSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_UpdateByteMatchSet.html
*/
toUpdateByteMatchSet() {
return this.to('UpdateByteMatchSet');
}
/**
* Grants permission to insert or delete GeoMatchConstraint objects in a GeoMatchSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_UpdateGeoMatchSet.html
*/
toUpdateGeoMatchSet() {
return this.to('UpdateGeoMatchSet');
}
/**
* Grants permission to insert or delete IPSetDescriptor objects in an IPSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_UpdateIPSet.html
*/
toUpdateIPSet() {
return this.to('UpdateIPSet');
}
/**
* Grants permission to modify a rate based rule
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_UpdateRateBasedRule.html
*/
toUpdateRateBasedRule() {
return this.to('UpdateRateBasedRule');
}
/**
* Grants permission to insert or delete RegexMatchTuple objects in a RegexMatchSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_UpdateRegexMatchSet.html
*/
toUpdateRegexMatchSet() {
return this.to('UpdateRegexMatchSet');
}
/**
* Grants permission to insert or delete RegexPatternStrings in a RegexPatternSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_UpdateRegexPatternSet.html
*/
toUpdateRegexPatternSet() {
return this.to('UpdateRegexPatternSet');
}
/**
* Grants permission to modify a Rule
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_UpdateRule.html
*/
toUpdateRule() {
return this.to('UpdateRule');
}
/**
* Grants permission to insert or delete ActivatedRule objects in a RuleGroup
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_UpdateRuleGroup.html
*/
toUpdateRuleGroup() {
return this.to('UpdateRuleGroup');
}
/**
* Grants permission to insert or delete SizeConstraint objects in a SizeConstraintSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_UpdateSizeConstraintSet.html
*/
toUpdateSizeConstraintSet() {
return this.to('UpdateSizeConstraintSet');
}
/**
* Grants permission to insert or delete SqlInjectionMatchTuple objects in an SqlInjectionMatchSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_UpdateSqlInjectionMatchSet.html
*/
toUpdateSqlInjectionMatchSet() {
return this.to('UpdateSqlInjectionMatchSet');
}
/**
* Grants permission to insert or delete ActivatedRule objects in a WebACL
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_UpdateWebACL.html
*/
toUpdateWebACL() {
return this.to('UpdateWebACL');
}
/**
* Grants permission to insert or delete XssMatchTuple objects in an XssMatchSet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_UpdateXssMatchSet.html
*/
toUpdateXssMatchSet() {
return this.to('UpdateXssMatchSet');
}
/**
* Adds a resource of type bytematchset to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_ByteMatchSet.html
*
* @param id - Identifier for the id.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onBytematchset(id, account, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:waf::${account ?? this.defaultAccount}:bytematchset/${id}`);
}
/**
* Adds a resource of type ipset to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_IPSet.html
*
* @param id - Identifier for the id.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onIpset(id, account, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:waf::${account ?? this.defaultAccount}:ipset/${id}`);
}
/**
* Adds a resource of type ratebasedrule to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_RateBasedRule.html
*
* @param id - Identifier for the id.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onRatebasedrule(id, account, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:waf::${account ?? this.defaultAccount}:ratebasedrule/${id}`);
}
/**
* Adds a resource of type rule to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_Rule.html
*
* @param id - Identifier for the id.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onRule(id, account, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:waf::${account ?? this.defaultAccount}:rule/${id}`);
}
/**
* Adds a resource of type sizeconstraintset to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_SizeConstraintSet.html
*
* @param id - Identifier for the id.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onSizeconstraintset(id, account, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:waf::${account ?? this.defaultAccount}:sizeconstraintset/${id}`);
}
/**
* Adds a resource of type sqlinjectionmatchset to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_SqlInjectionMatchSet.html
*
* @param id - Identifier for the id.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onSqlinjectionmatchset(id, account, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:waf::${account ?? this.defaultAccount}:sqlinjectionset/${id}`);
}
/**
* Adds a resource of type webacl to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_WebACL.html
*
* @param id - Identifier for the id.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onWebacl(id, account, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:waf::${account ?? this.defaultAccount}:webacl/${id}`);
}
/**
* Adds a resource of type xssmatchset to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_XssMatchSet.html
*
* @param id - Identifier for the id.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onXssmatchset(id, account, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:waf::${account ?? this.defaultAccount}:xssmatchset/${id}`);
}
/**
* Adds a resource of type regexmatchset to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_RegexMatchSet.html
*
* @param id - Identifier for the id.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onRegexmatchset(id, account, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:waf::${account ?? this.defaultAccount}:regexmatch/${id}`);
}
/**
* Adds a resource of type regexpatternset to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_RegexPatternSet.html
*
* @param id - Identifier for the id.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onRegexpatternset(id, account, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:waf::${account ?? this.defaultAccount}:regexpatternset/${id}`);
}
/**
* Adds a resource of type geomatchset to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_GeoMatchSet.html
*
* @param id - Identifier for the id.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onGeomatchset(id, account, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:waf::${account ?? this.defaultAccount}:geomatchset/${id}`);
}
/**
* Adds a resource of type rulegroup to the statement
*
* https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_RuleGroup.html
*
* @param id - Identifier for the id.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onRulegroup(id, account, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:waf::${account ?? this.defaultAccount}:rulegroup/${id}`);
}
/**
* Filters actions based on the allowed set of values for each of the tags
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag
*
* Applies to actions:
* - .toCreateRateBasedRule()
* - .toCreateRule()
* - .toCreateRuleGroup()
* - .toCreateWebACL()
* - .toTagResource()
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsRequestTag(tagKey, value, operator) {
return this.if(`aws:RequestTag/${tagKey}`, value, operator ?? 'StringLike');
}
/**
* Filters actions based on tag-value associated with the resource
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag
*
* Applies to resource types:
* - ratebasedrule
* - rule
* - webacl
* - rulegroup
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsResourceTag(tagKey, value, operator) {
return this.if(`aws:ResourceTag/${tagKey}`, value, operator ?? 'StringLike');
}
/**
* Filters actions based on the presence of mandatory tags in the request
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys
*
* Applies to actions:
* - .toCreateRateBasedRule()
* - .toCreateRule()
* - .toCreateRuleGroup()
* - .toCreateWebACL()
* - .toTagResource()
* - .toUntagResource()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsTagKeys(value, operator) {
return this.if(`aws:TagKeys`, value, operator ?? 'StringLike');
}
}
exports.Waf = Waf;
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoid2FmLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsid2FmLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUNBLHlDQUF5RDtBQUV6RDs7OztHQUlHO0FBQ0gsTUFBYSxHQUFJLFNBQVEsd0JBQWU7SUFHdEM7Ozs7T0FJRztJQUNILFlBQVksR0FBWTtRQUN0QixLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7UUFSTixrQkFBYSxHQUFHLEtBQUssQ0FBQztRQXUzQm5CLG9CQUFlLEdBQW9CO1lBQzNDLEtBQUssRUFBRTtnQkFDTCxvQkFBb0I7Z0JBQ3BCLG1CQUFtQjtnQkFDbkIsYUFBYTtnQkFDYixxQkFBcUI7Z0JBQ3JCLHFCQUFxQjtnQkFDckIsdUJBQXVCO2dCQUN2QixZQUFZO2dCQUNaLGlCQUFpQjtnQkFDakIseUJBQXlCO2dCQUN6Qiw0QkFBNEI7Z0JBQzVCLDRCQUE0QjtnQkFDNUIsbUJBQW1CO2dCQUNuQixvQkFBb0I7Z0JBQ3BCLG1CQUFtQjtnQkFDbkIsYUFBYTtnQkFDYiw0QkFBNEI7Z0JBQzVCLHFCQUFxQjtnQkFDckIscUJBQXFCO2dCQUNyQix1QkFBdUI7Z0JBQ3ZCLFlBQVk7Z0JBQ1osaUJBQWlCO2dCQUNqQix5QkFBeUI7Z0JBQ3pCLDRCQUE0QjtnQkFDNUIsbUJBQW1CO2dCQUNuQix5QkFBeUI7Z0JBQ3pCLG9CQUFvQjtnQkFDcEIsbUJBQW1CO2dCQUNuQixhQUFhO2dCQUNiLHFCQUFxQjtnQkFDckIscUJBQXFCO2dCQUNyQix1QkFBdUI7Z0JBQ3ZCLFlBQVk7Z0JBQ1osaUJBQWlCO2dCQUNqQix5QkFBeUI7Z0JBQ3pCLDRCQUE0QjtnQkFDNUIsbUJBQW1CO2FBQ3BCO1lBQ0Qsd0JBQXdCLEVBQUU7Z0JBQ3hCLGNBQWM7Z0JBQ2Qsd0JBQXdCO2dCQUN4QixjQUFjO2dCQUNkLHFCQUFxQjtnQkFDckIsY0FBYzthQUNmO1lBQ0QsSUFBSSxFQUFFO2dCQUNKLGlCQUFpQjtnQkFDakIsZ0JBQWdCO2dCQUNoQixzQkFBc0I7Z0JBQ3RCLGdCQUFnQjtnQkFDaEIsVUFBVTtnQkFDVix5QkFBeUI7Z0JBQ3pCLHFCQUFxQjtnQkFDckIsa0JBQWtCO2dCQUNsQiw2QkFBNkI7Z0JBQzdCLGtCQUFrQjtnQkFDbEIsb0JBQW9CO2dCQUNwQixTQUFTO2dCQUNULGNBQWM7Z0JBQ2Qsb0JBQW9CO2dCQUNwQixzQkFBc0I7Z0JBQ3RCLHlCQUF5QjtnQkFDekIsV0FBVztnQkFDWCxnQkFBZ0I7Z0JBQ2hCLHFCQUFxQjthQUN0QjtZQUNELElBQUksRUFBRTtnQkFDSiwrQkFBK0I7Z0JBQy9CLG1CQUFtQjtnQkFDbkIsa0JBQWtCO2dCQUNsQixZQUFZO2dCQUNaLDJCQUEyQjtnQkFDM0Isb0JBQW9CO2dCQUNwQixvQkFBb0I7Z0JBQ3BCLHNCQUFzQjtnQkFDdEIsZ0JBQWdCO2dCQUNoQixXQUFXO2dCQUNYLHdCQUF3QjtnQkFDeEIsMkJBQTJCO2dCQUMzQiwwQkFBMEI7Z0JBQzFCLGFBQWE7Z0JBQ2Isa0JBQWtCO2FBQ25CO1lBQ0QsT0FBTyxFQUFFO2dCQUNQLGFBQWE7Z0JBQ2IsZUFBZTthQUNoQjtTQUNGLENBQUM7SUF0OEJGLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxvQkFBb0I7UUFDekIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLG9CQUFvQixDQUFDLENBQUM7SUFDdkMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLG1CQUFtQjtRQUN4QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsbUJBQW1CLENBQUMsQ0FBQztJQUN0QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksYUFBYTtRQUNsQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsYUFBYSxDQUFDLENBQUM7SUFDaEMsQ0FBQztJQUVEOzs7Ozs7Ozs7O09BVUc7SUFDSSxxQkFBcUI7UUFDMUIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHFCQUFxQixDQUFDLENBQUM7SUFDeEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHFCQUFxQjtRQUMxQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMscUJBQXFCLENBQUMsQ0FBQztJQUN4QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksdUJBQXVCO1FBQzVCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyx1QkFBdUIsQ0FBQyxDQUFDO0lBQzFDLENBQUM7SUFFRDs7Ozs7Ozs7OztPQVVHO0lBQ0ksWUFBWTtRQUNqQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsWUFBWSxDQUFDLENBQUM7SUFDL0IsQ0FBQztJQUVEOzs7Ozs7Ozs7O09BVUc7SUFDSSxpQkFBaUI7UUFDdEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGlCQUFpQixDQUFDLENBQUM7SUFDcEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHlCQUF5QjtRQUM5QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMseUJBQXlCLENBQUMsQ0FBQztJQUM1QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksNEJBQTRCO1FBQ2pDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyw0QkFBNEIsQ0FBQyxDQUFDO0lBQy9DLENBQUM7SUFFRDs7Ozs7Ozs7OztPQVVHO0lBQ0ksY0FBYztRQUNuQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsY0FBYyxDQUFDLENBQUM7SUFDakMsQ0FBQztJQUVEOzs7Ozs7Ozs7T0FTRztJQUNJLDRCQUE0QjtRQUNqQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsNEJBQTRCLENBQUMsQ0FBQztJQUMvQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksbUJBQW1CO1FBQ3hCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxtQkFBbUIsQ0FBQyxDQUFDO0lBQ3RDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxvQkFBb0I7UUFDekIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLG9CQUFvQixDQUFDLENBQUM7SUFDdkMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLG1CQUFtQjtRQUN4QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsbUJBQW1CLENBQUMsQ0FBQztJQUN0QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksYUFBYTtRQUNsQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsYUFBYSxDQUFDLENBQUM7SUFDaEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLDRCQUE0QjtRQUNqQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsNEJBQTRCLENBQUMsQ0FBQztJQUMvQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksd0JBQXdCO1FBQzdCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyx3QkFBd0IsQ0FBQyxDQUFDO0lBQzNDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxxQkFBcUI7UUFDMUIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHFCQUFxQixDQUFDLENBQUM7SUFDeEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHFCQUFxQjtRQUMxQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMscUJBQXFCLENBQUMsQ0FBQztJQUN4QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksdUJBQXVCO1FBQzVCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyx1QkFBdUIsQ0FBQyxDQUFDO0lBQzFDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxZQUFZO1FBQ2pCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxZQUFZLENBQUMsQ0FBQztJQUMvQixDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksaUJBQWlCO1FBQ3RCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO0lBQ3BDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSx5QkFBeUI7UUFDOUIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHlCQUF5QixDQUFDLENBQUM7SUFDNUMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLDRCQUE0QjtRQUNqQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsNEJBQTRCLENBQUMsQ0FBQztJQUMvQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksY0FBYztRQUNuQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsY0FBYyxDQUFDLENBQUM7SUFDakMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLG1CQUFtQjtRQUN4QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsbUJBQW1CLENBQUMsQ0FBQztJQUN0QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksaUJBQWlCO1FBQ3RCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO0lBQ3BDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxnQkFBZ0I7UUFDckIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGdCQUFnQixDQUFDLENBQUM7SUFDbkMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHNCQUFzQjtRQUMzQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsc0JBQXNCLENBQUMsQ0FBQztJQUN6QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksZ0JBQWdCO1FBQ3JCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO0lBQ25DLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxVQUFVO1FBQ2YsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLFVBQVUsQ0FBQyxDQUFDO0lBQzdCLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSx5QkFBeUI7UUFDOUIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHlCQUF5QixDQUFDLENBQUM7SUFDNUMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHFCQUFxQjtRQUMxQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMscUJBQXFCLENBQUMsQ0FBQztJQUN4QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksa0JBQWtCO1FBQ3ZCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDO0lBQ3JDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSw2QkFBNkI7UUFDbEMsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLDZCQUE2QixDQUFDLENBQUM7SUFDaEQsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGtCQUFrQjtRQUN2QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsa0JBQWtCLENBQUMsQ0FBQztJQUNyQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksb0JBQW9CO1FBQ3pCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxvQkFBb0IsQ0FBQyxDQUFDO0lBQ3ZDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxTQUFTO1FBQ2QsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLFNBQVMsQ0FBQyxDQUFDO0lBQzVCLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxjQUFjO1FBQ25CLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxjQUFjLENBQUMsQ0FBQztJQUNqQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksb0JBQW9CO1FBQ3pCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxvQkFBb0IsQ0FBQyxDQUFDO0lBQ3ZDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxzQkFBc0I7UUFDM0IsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHNCQUFzQixDQUFDLENBQUM7SUFDekMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHlCQUF5QjtRQUM5QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMseUJBQXlCLENBQUMsQ0FBQztJQUM1QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksV0FBVztRQUNoQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsV0FBVyxDQUFDLENBQUM7SUFDOUIsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGdCQUFnQjtRQUNyQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztJQUNuQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksK0JBQStCO1FBQ3BDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQywrQkFBK0IsQ0FBQyxDQUFDO0lBQ2xELENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxtQkFBbUI7UUFDeEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLG1CQUFtQixDQUFDLENBQUM7SUFDdEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGtCQUFrQjtRQUN2QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsa0JBQWtCLENBQUMsQ0FBQztJQUNyQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksWUFBWTtRQUNqQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsWUFBWSxDQUFDLENBQUM7SUFDL0IsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLDJCQUEyQjtRQUNoQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsMkJBQTJCLENBQUMsQ0FBQztJQUM5QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksb0JBQW9CO1FBQ3pCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxvQkFBb0IsQ0FBQyxDQUFDO0lBQ3ZDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxvQkFBb0I7UUFDekIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLG9CQUFvQixDQUFDLENBQUM7SUFDdkMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHNCQUFzQjtRQUMzQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsc0JBQXNCLENBQUMsQ0FBQztJQUN6QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksZ0JBQWdCO1FBQ3JCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO0lBQ25DLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxXQUFXO1FBQ2hCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxXQUFXLENBQUMsQ0FBQztJQUM5QixDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksd0JBQXdCO1FBQzdCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyx3QkFBd0IsQ0FBQyxDQUFDO0lBQzNDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSwyQkFBMkI7UUFDaEMsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLDJCQUEyQixDQUFDLENBQUM7SUFDOUMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLDBCQUEwQjtRQUMvQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsMEJBQTBCLENBQUMsQ0FBQztJQUM3QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0kscUJBQXFCO1FBQzFCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxxQkFBcUIsQ0FBQyxDQUFDO0lBQ3hDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxhQUFhO1FBQ2xCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxhQUFhLENBQUMsQ0FBQztJQUNoQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksa0JBQWtCO1FBQ3ZCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDO0lBQ3JDLENBQUM7SUFFRDs7Ozs7Ozs7O09BU0c7SUFDSSx5QkFBeUI7UUFDOUIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHlCQUF5QixDQUFDLENBQUM7SUFDNUMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHFCQUFxQjtRQUMxQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMscUJBQXFCLENBQUMsQ0FBQztJQUN4QyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7T0FVRztJQUNJLGFBQWE7UUFDbEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGFBQWEsQ0FBQyxDQUFDO0lBQ2hDLENBQUM7SUFFRDs7Ozs7Ozs7O09BU0c7SUFDSSxlQUFlO1FBQ3BCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxlQUFlLENBQUMsQ0FBQztJQUNsQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksb0JBQW9CO1FBQ3pCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxvQkFBb0IsQ0FBQyxDQUFDO0lBQ3ZDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxtQkFBbUI7UUFDeEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLG1CQUFtQixDQUFDLENBQUM7SUFDdEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGFBQWE7UUFDbEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGFBQWEsQ0FBQyxDQUFDO0lBQ2hDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxxQkFBcUI7UUFDMUIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHFCQUFxQixDQUFDLENBQUM7SUFDeEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHFCQUFxQjtRQUMxQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMscUJBQXFCLENBQUMsQ0FBQztJQUN4QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksdUJBQXVCO1FBQzVCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyx1QkFBdUIsQ0FBQyxDQUFDO0lBQzFDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxZQUFZO1FBQ2pCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxZQUFZLENBQUMsQ0FBQztJQUMvQixDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksaUJBQWlCO1FBQ3RCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO0lBQ3BDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSx5QkFBeUI7UUFDOUIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHlCQUF5QixDQUFDLENBQUM7SUFDNUMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLDRCQUE0QjtRQUNqQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsNEJBQTRCLENBQUMsQ0FBQztJQUMvQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksY0FBYztRQUNuQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsY0FBYyxDQUFDLENBQUM7SUFDakMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLG1CQUFtQjtRQUN4QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsbUJBQW1CLENBQUMsQ0FBQztJQUN0QyxDQUFDO0lBNEZEOzs7Ozs7OztPQVFHO0lBQ0ksY0FBYyxDQUFDLEVBQVUsRUFBRSxPQUFnQixFQUFFLFNBQWtCO1FBQ3BFLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxPQUFRLFNBQVMsSUFBSSxJQUFJLENBQUMsZ0JBQWlCLFNBQVUsT0FBTyxJQUFJLElBQUksQ0FBQyxjQUFlLGlCQUFrQixFQUFHLEVBQUUsQ0FBQyxDQUFDO0lBQzlILENBQUM7SUFFRDs7Ozs7Ozs7T0FRRztJQUNJLE9BQU8sQ0FBQyxFQUFVLEVBQUUsT0FBZ0IsRUFBRSxTQUFrQjtRQUM3RCxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsT0FBUSxTQUFTLElBQUksSUFBSSxDQUFDLGdCQUFpQixTQUFVLE9BQU8sSUFBSSxJQUFJLENBQUMsY0FBZSxVQUFXLEVBQUcsRUFBRSxDQUFDLENBQUM7SUFDdkgsQ0FBQztJQUVEOzs7Ozs7Ozs7OztPQVdHO0lBQ0ksZUFBZSxDQUFDLEVBQVUsRUFBRSxPQUFnQixFQUFFLFNBQWtCO1FBQ3JFLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxPQUFRLFNBQVMsSUFBSSxJQUFJLENBQUMsZ0JBQWlCLFNBQV