UNPKG

iam-floyd

Version:

AWS IAM policy statement generator with fluent interface

github.com/udondan/iam-floyd

udondan/iam-floyd

988 lines • 88.6 kB

JavaScript

"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.Cloudtrail = void 0; const shared_1 = require("../../shared"); /** * Statement provider for service [cloudtrail](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awscloudtrail.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ class Cloudtrail extends shared_1.PolicyStatement { /** * Statement provider for service [cloudtrail](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awscloudtrail.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ constructor(sid) { super(sid); this.servicePrefix = 'cloudtrail'; this.accessLevelList = { Tagging: [ 'AddTags', 'RemoveTags' ], Write: [ 'CancelQuery', 'CreateChannel', 'CreateDashboard', 'CreateEventDataStore', 'CreateServiceLinkedChannel', 'CreateTrail', 'DeleteChannel', 'DeleteDashboard', 'DeleteEventDataStore', 'DeleteResourcePolicy', 'DeleteServiceLinkedChannel', 'DeleteTrail', 'DeregisterOrganizationDelegatedAdmin', 'DisableFederation', 'EnableFederation', 'GenerateQuery', 'PutEventConfiguration', 'PutEventSelectors', 'PutInsightSelectors', 'PutResourcePolicy', 'RegisterOrganizationDelegatedAdmin', 'RestoreEventDataStore', 'StartDashboardRefresh', 'StartEventDataStoreIngestion', 'StartImport', 'StartLogging', 'StartQuery', 'StopEventDataStoreIngestion', 'StopImport', 'StopLogging', 'UpdateChannel', 'UpdateDashboard', 'UpdateEventDataStore', 'UpdateServiceLinkedChannel', 'UpdateTrail' ], Read: [ 'DescribeQuery', 'DescribeTrails', 'GenerateQueryResultsSummary', 'GetChannel', 'GetDashboard', 'GetEventConfiguration', 'GetEventDataStore', 'GetEventDataStoreData', 'GetEventSelectors', 'GetImport', 'GetInsightSelectors', 'GetQueryResults', 'GetResourcePolicy', 'GetServiceLinkedChannel', 'GetTrail', 'GetTrailStatus', 'ListImportFailures', 'ListPublicKeys', 'ListTags', 'LookupEvents', 'SearchSampleQueries' ], List: [ 'ListChannels', 'ListDashboards', 'ListEventDataStores', 'ListImports', 'ListInsightsData', 'ListQueries', 'ListServiceLinkedChannels', 'ListTrails' ] }; } /** * Grants permission to add one or more tags to a trail, event data store, channel or dashboard, up to a limit of 50 * * Access Level: Tagging * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_AddTags.html */ toAddTags() { return this.to('AddTags'); } /** * Grants permission to cancel a running query * * Access Level: Write * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_CancelQuery.html */ toCancelQuery() { return this.to('CancelQuery'); } /** * Grants permission to create a channel * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - cloudtrail:AddTags * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_CreateChannel.html */ toCreateChannel() { return this.to('CreateChannel'); } /** * Grants permission to create a dashboard * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - cloudtrail:AddTags * - cloudtrail:StartDashboardRefresh * - cloudtrail:StartQuery * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_CreateDashboard.html */ toCreateDashboard() { return this.to('CreateDashboard'); } /** * Grants permission to create an event data store * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - cloudtrail:AddTags * - iam:CreateServiceLinkedRole * - iam:GetRole * - kms:Decrypt * - kms:GenerateDataKey * - organizations:ListAWSServiceAccessForOrganization * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_CreateEventDataStore.html */ toCreateEventDataStore() { return this.to('CreateEventDataStore'); } /** * Grants permission to create a service-linked channel that specifies the settings for delivery of log data to an AWS service * * Access Level: Write * * https://docs.aws.amazon.com/awscloudtrail/latest/userguide/viewing-service-linked-channels.html#slc-service-events */ toCreateServiceLinkedChannel() { return this.to('CreateServiceLinkedChannel'); } /** * Grants permission to create a trail that specifies the settings for delivery of log data to an Amazon S3 bucket * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - cloudtrail:AddTags * - iam:CreateServiceLinkedRole * - iam:GetRole * - organizations:ListAWSServiceAccessForOrganization * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_CreateTrail.html */ toCreateTrail() { return this.to('CreateTrail'); } /** * Grants permission to delete a channel * * Access Level: Write * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_DeleteChannel.html */ toDeleteChannel() { return this.to('DeleteChannel'); } /** * Grants permission to delete a dashboard * * Access Level: Write * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_DeleteDashboard.html */ toDeleteDashboard() { return this.to('DeleteDashboard'); } /** * Grants permission to delete an event data store * * Access Level: Write * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_DeleteEventDataStore.html */ toDeleteEventDataStore() { return this.to('DeleteEventDataStore'); } /** * Grants permission to delete a resource policy from the provided resource * * Access Level: Write * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_DeleteResourcePolicy.html */ toDeleteResourcePolicy() { return this.to('DeleteResourcePolicy'); } /** * Grants permission to delete a service-linked channel * * Access Level: Write * * https://docs.aws.amazon.com/awscloudtrail/latest/userguide/viewing-service-linked-channels.html#slc-service-events */ toDeleteServiceLinkedChannel() { return this.to('DeleteServiceLinkedChannel'); } /** * Grants permission to delete a trail * * Access Level: Write * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_DeleteTrail.html */ toDeleteTrail() { return this.to('DeleteTrail'); } /** * Grants permission to deregister an AWS Organizations member account as a delegated administrator * * Access Level: Write * * Dependent actions: * - organizations:DeregisterDelegatedAdministrator * - organizations:ListAWSServiceAccessForOrganization * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_DeregisterOrganizationDelegatedAdmin.html */ toDeregisterOrganizationDelegatedAdmin() { return this.to('DeregisterOrganizationDelegatedAdmin'); } /** * Grants permission to list details for the query * * Access Level: Read * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_DescribeQuery.html */ toDescribeQuery() { return this.to('DescribeQuery'); } /** * Grants permission to list settings for the trails associated with the current region for your account * * Access Level: Read * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_DescribeTrails.html */ toDescribeTrails() { return this.to('DescribeTrails'); } /** * Grants permission to disable federation of event data store data by using the AWS Glue Data Catalog * * Access Level: Write * * Dependent actions: * - glue:DeleteDatabase * - glue:DeleteTable * - glue:PassConnection * - lakeformation:DeregisterResource * - lakeformation:RegisterResource * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_DisableFederation.html */ toDisableFederation() { return this.to('DisableFederation'); } /** * Grants permission to enable federation of event data store data by using the AWS Glue Data Catalog * * Access Level: Write * * Dependent actions: * - glue:CreateDatabase * - glue:CreateTable * - iam:GetRole * - iam:PassRole * - lakeformation:DeregisterResource * - lakeformation:RegisterResource * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_EnableFederation.html */ toEnableFederation() { return this.to('EnableFederation'); } /** * Grants permission to generate a query for a specified event data store using the CloudTrail Lake query generator * * Access Level: Write * * https://docs.aws.amazon.com/awscloudtrail/latest/userguide/lake-query-generator.html */ toGenerateQuery() { return this.to('GenerateQuery'); } /** * Grants permission to generate a results summary for specified queries using the CloudTrail natural language generator * * Access Level: Read * * Dependent actions: * - cloudtrail:GetQueryResults * - kms:Decrypt * - kms:GenerateDataKey * * https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-results-summary.html */ toGenerateQueryResultsSummary() { return this.to('GenerateQueryResultsSummary'); } /** * Grants permission to return information about a specific channel * * Access Level: Read * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_GetChannel.html */ toGetChannel() { return this.to('GetChannel'); } /** * Grants permission to list settings for the dashboard * * Access Level: Read * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_GetDashboard.html */ toGetDashboard() { return this.to('GetDashboard'); } /** * Grants permission to list event configurations that are configured for a trail or an event data store * * Access Level: Read * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_GetEventConfiguration.html */ toGetEventConfiguration() { return this.to('GetEventConfiguration'); } /** * Grants permission to list settings for the event data store * * Access Level: Read * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_GetEventDataStore.html */ toGetEventDataStore() { return this.to('GetEventDataStore'); } /** * Grants permission to get data from an event data store by using the AWS Glue Data Catalog * * Access Level: Read * * Dependent actions: * - kms:Decrypt * - kms:GenerateDataKey * * https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-federation.html#query-federation-permissions */ toGetEventDataStoreData() { return this.to('GetEventDataStoreData'); } /** * Grants permission to list settings for event selectors configured for a trail * * Access Level: Read * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_GetEventSelectors.html */ toGetEventSelectors() { return this.to('GetEventSelectors'); } /** * Grants permission to return information about a specific import * * Access Level: Read * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_GetImport.html */ toGetImport() { return this.to('GetImport'); } /** * Grants permission to list CloudTrail Insights selectors that are configured for a trail or event data store * * Access Level: Read * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_GetInsightSelectors.html */ toGetInsightSelectors() { return this.to('GetInsightSelectors'); } /** * Grants permission to fetch results of a complete query * * Access Level: Read * * Dependent actions: * - kms:Decrypt * - kms:GenerateDataKey * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_GetQueryResults.html */ toGetQueryResults() { return this.to('GetQueryResults'); } /** * Grants permission to get the resource policy attached to the provided resource * * Access Level: Read * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_GetResourcePolicy.html */ toGetResourcePolicy() { return this.to('GetResourcePolicy'); } /** * Grants permission to list settings for the service-linked channel * * Access Level: Read * * https://docs.aws.amazon.com/awscloudtrail/latest/userguide/viewing-service-linked-channels.html#slc-service-events */ toGetServiceLinkedChannel() { return this.to('GetServiceLinkedChannel'); } /** * Grants permission to list settings for the trail * * Access Level: Read * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_GetTrail.html */ toGetTrail() { return this.to('GetTrail'); } /** * Grants permission to retrieve a JSON-formatted list of information about the specified trail * * Access Level: Read * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_GetTrailStatus.html */ toGetTrailStatus() { return this.to('GetTrailStatus'); } /** * Grants permission to list the channels in the current account, and their source names * * Access Level: List * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_ListChannels.html */ toListChannels() { return this.to('ListChannels'); } /** * Grants permission to list dashboards associated with the current region for your account * * Access Level: List * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_ListDashboards.html */ toListDashboards() { return this.to('ListDashboards'); } /** * Grants permission to list event data stores associated with the current region for your account * * Access Level: List * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_ListEventDataStores.html */ toListEventDataStores() { return this.to('ListEventDataStores'); } /** * Grants permission to return a list of failures for the specified import * * Access Level: Read * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_ListImportFailures.html */ toListImportFailures() { return this.to('ListImportFailures'); } /** * Grants permission to return information on all imports, or a select set of imports by ImportStatus or Destination * * Access Level: List * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_ListImports.html */ toListImports() { return this.to('ListImports'); } /** * Grants permission to retrieve data captured by CloudTrail Insights * * Access Level: List * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_ListInsightsData.html */ toListInsightsData() { return this.to('ListInsightsData'); } /** * Grants permission to list the public keys whose private keys were used to sign trail digest files within a specified time range * * Access Level: Read * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_ListPublicKeys.html */ toListPublicKeys() { return this.to('ListPublicKeys'); } /** * Grants permission to list queries associated with an event data store * * Access Level: List * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_ListQueries.html */ toListQueries() { return this.to('ListQueries'); } /** * Grants permission to list service-linked channels associated with the current region for a specified account * * Access Level: List * * https://docs.aws.amazon.com/awscloudtrail/latest/userguide/viewing-service-linked-channels.html#slc-service-events */ toListServiceLinkedChannels() { return this.to('ListServiceLinkedChannels'); } /** * Grants permission to list the tags for trails, event data stores, channels or dashboards in the current region * * Access Level: Read * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_ListTags.html */ toListTags() { return this.to('ListTags'); } /** * Grants permission to list trails associated with the current region for your account * * Access Level: List * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_ListTrails.html */ toListTrails() { return this.to('ListTrails'); } /** * Grants permission to look up and retrieve metric data for API activity events captured by CloudTrail that create, update, or delete resources in your account * * Access Level: Read * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_LookupEvents.html */ toLookupEvents() { return this.to('LookupEvents'); } /** * Grants permission to create and update event configurations for a trail or an event data store * * Access Level: Write * * Dependent actions: * - iam:CreateServiceLinkedRole * - iam:GetRole * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_PutEventConfiguration.html */ toPutEventConfiguration() { return this.to('PutEventConfiguration'); } /** * Grants permission to create and update event selectors for a trail * * Access Level: Write * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_PutEventSelectors.html */ toPutEventSelectors() { return this.to('PutEventSelectors'); } /** * Grants permission to create and update CloudTrail Insights selectors for a trail or event data store * * Access Level: Write * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_PutInsightSelectors.html */ toPutInsightSelectors() { return this.to('PutInsightSelectors'); } /** * Grants permission to attach a resource policy to the provided resource * * Access Level: Write * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_PutResourcePolicy.html */ toPutResourcePolicy() { return this.to('PutResourcePolicy'); } /** * Grants permission to register an AWS Organizations member account as a delegated administrator * * Access Level: Write * * Dependent actions: * - iam:CreateServiceLinkedRole * - iam:GetRole * - organizations:ListAWSServiceAccessForOrganization * - organizations:RegisterDelegatedAdministrator * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_RegisterOrganizationDelegatedAdmin.html */ toRegisterOrganizationDelegatedAdmin() { return this.to('RegisterOrganizationDelegatedAdmin'); } /** * Grants permission to remove tags from a trail, event data store, channel or dashboard * * Access Level: Tagging * * Possible conditions: * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_RemoveTags.html */ toRemoveTags() { return this.to('RemoveTags'); } /** * Grants permission to restore an event data store * * Access Level: Write * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_RestoreEventDataStore.html */ toRestoreEventDataStore() { return this.to('RestoreEventDataStore'); } /** * Grants permission to perform semantic search for CloudTrail Lake sample queries * * Access Level: Read * * https://docs.aws.amazon.com/awscloudtrail/latest/userguide/lake-console-queries.html */ toSearchSampleQueries() { return this.to('SearchSampleQueries'); } /** * Grants permission to start a refresh on the specified dashboard * * Access Level: Write * * Dependent actions: * - cloudtrail:StartQuery * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_StartDashboardRefresh.html */ toStartDashboardRefresh() { return this.to('StartDashboardRefresh'); } /** * Grants permission to start ingestion on an event data store * * Access Level: Write * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_StartEventDataStoreIngestion.html */ toStartEventDataStoreIngestion() { return this.to('StartEventDataStoreIngestion'); } /** * Grants permission to start an import of logged trail events from a source S3 bucket to a destination event data store * * Access Level: Write * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_StartImport.html */ toStartImport() { return this.to('StartImport'); } /** * Grants permission to start the recording of AWS API calls and log file delivery for a trail * * Access Level: Write * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_StartLogging.html */ toStartLogging() { return this.to('StartLogging'); } /** * Grants permission to start a new query on a specified event data store * * Access Level: Write * * Dependent actions: * - kms:Decrypt * - kms:GenerateDataKey * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_StartQuery.html */ toStartQuery() { return this.to('StartQuery'); } /** * Grants permission to stop ingestion on an event data store * * Access Level: Write * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_StopEventDataStoreIngestion.html */ toStopEventDataStoreIngestion() { return this.to('StopEventDataStoreIngestion'); } /** * Grants permission to stop a specified import * * Access Level: Write * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_StopImport.html */ toStopImport() { return this.to('StopImport'); } /** * Grants permission to stop the recording of AWS API calls and log file delivery for a trail * * Access Level: Write * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_StopLogging.html */ toStopLogging() { return this.to('StopLogging'); } /** * Grants permission to update a channel * * Access Level: Write * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_UpdateChannel.html */ toUpdateChannel() { return this.to('UpdateChannel'); } /** * Grants permission to update a dashboard * * Access Level: Write * * Dependent actions: * - cloudtrail:StartDashboardRefresh * - cloudtrail:StartQuery * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_UpdateDashboard.html */ toUpdateDashboard() { return this.to('UpdateDashboard'); } /** * Grants permission to update an event data store * * Access Level: Write * * Dependent actions: * - iam:CreateServiceLinkedRole * - iam:GetRole * - kms:Decrypt * - kms:GenerateDataKey * - organizations:ListAWSServiceAccessForOrganization * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_UpdateEventDataStore.html */ toUpdateEventDataStore() { return this.to('UpdateEventDataStore'); } /** * Grants permission to update the service-linked channel settings for delivery of log data to an AWS service * * Access Level: Write * * https://docs.aws.amazon.com/awscloudtrail/latest/userguide/viewing-service-linked-channels.html#slc-service-events */ toUpdateServiceLinkedChannel() { return this.to('UpdateServiceLinkedChannel'); } /** * Grants permission to update the settings that specify delivery of log files * * Access Level: Write * * Dependent actions: * - iam:CreateServiceLinkedRole * - iam:GetRole * - organizations:ListAWSServiceAccessForOrganization * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_UpdateTrail.html */ toUpdateTrail() { return this.to('UpdateTrail'); } /** * Adds a resource of type trail to the statement * * https://docs.aws.amazon.com/awscloudtrail/latest/userguide/how-cloudtrail-works.html#how-cloudtrail-works-trails * * @param trailName - Identifier for the trailName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onTrail(trailName, account, region, partition) { return this.on(`arn:${partition ?? this.defaultPartition}:cloudtrail:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:trail/${trailName}`); } /** * Adds a resource of type eventdatastore to the statement * * https://docs.aws.amazon.com/awscloudtrail/latest/userguide/how-cloudtrail-works.html#how-cloudtrail-works-lake * * @param eventDataStoreId - Identifier for the eventDataStoreId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onEventdatastore(eventDataStoreId, account, region, partition) { return this.on(`arn:${partition ?? this.defaultPartition}:cloudtrail:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:eventdatastore/${eventDataStoreId}`); } /** * Adds a resource of type channel to the statement * * https://docs.aws.amazon.com/awscloudtrail/latest/userguide/how-cloudtrail-works.html#how-cloudtrail-works-channels * * @param channelId - Identifier for the channelId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onChannel(channelId, account, region, partition) { return this.on(`arn:${partition ?? this.defaultPartition}:cloudtrail:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:channel/${channelId}`); } /** * Adds a resource of type dashboard to the statement * * https://docs.aws.amazon.com/awscloudtrail/latest/userguide/lake-dashboard.html * * @param dashboardName - Identifier for the dashboardName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onDashboard(dashboardName, account, region, partition) { return this.on(`arn:${partition ?? this.defaultPartition}:cloudtrail:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:dashboard/${dashboardName}`); } /** * Filters access by the tag key-value pairs in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag * * Applies to actions: * - .toAddTags() * - .toCreateChannel() * - .toCreateDashboard() * - .toCreateEventDataStore() * - .toCreateTrail() * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsRequestTag(tagKey, value, operator) { return this.if(`aws:RequestTag/${tagKey}`, value, operator ?? 'StringLike'); } /** * Filters access by the tags attached to the resource * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag * * Applies to resource types: * - trail * - eventdatastore * - channel * - dashboard * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsResourceTag(tagKey, value, operator) { return this.if(`aws:ResourceTag/${tagKey}`, value, operator ?? 'StringLike'); } /** * Filters access by the tag keys in a request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys * * Applies to actions: * - .toAddTags() * - .toCreateChannel() * - .toCreateDashboard() * - .toCreateEventDataStore() * - .toCreateTrail() * - .toRemoveTags() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsTagKeys(value, operator) { return this.if(`aws:TagKeys`, value, operator ?? 'StringLike'); } } exports.Cloudtrail = Cloudtrail; //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2xvdWR0cmFpbC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbImNsb3VkdHJhaWwudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQ0EseUNBQXlEO0FBRXpEOzs7O0dBSUc7QUFDSCxNQUFhLFVBQVcsU0FBUSx3QkFBZTtJQUc3Qzs7OztPQUlHO0lBQ0gsWUFBWSxHQUFZO1FBQ3RCLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQztRQVJOLGtCQUFhLEdBQUcsWUFBWSxDQUFDO1FBKzBCMUIsb0JBQWUsR0FBb0I7WUFDM0MsT0FBTyxFQUFFO2dCQUNQLFNBQVM7Z0JBQ1QsWUFBWTthQUNiO1lBQ0QsS0FBSyxFQUFFO2dCQUNMLGFBQWE7Z0JBQ2IsZUFBZTtnQkFDZixpQkFBaUI7Z0JBQ2pCLHNCQUFzQjtnQkFDdEIsNEJBQTRCO2dCQUM1QixhQUFhO2dCQUNiLGVBQWU7Z0JBQ2YsaUJBQWlCO2dCQUNqQixzQkFBc0I7Z0JBQ3RCLHNCQUFzQjtnQkFDdEIsNEJBQTRCO2dCQUM1QixhQUFhO2dCQUNiLHNDQUFzQztnQkFDdEMsbUJBQW1CO2dCQUNuQixrQkFBa0I7Z0JBQ2xCLGVBQWU7Z0JBQ2YsdUJBQXVCO2dCQUN2QixtQkFBbUI7Z0JBQ25CLHFCQUFxQjtnQkFDckIsbUJBQW1CO2dCQUNuQixvQ0FBb0M7Z0JBQ3BDLHVCQUF1QjtnQkFDdkIsdUJBQXVCO2dCQUN2Qiw4QkFBOEI7Z0JBQzlCLGFBQWE7Z0JBQ2IsY0FBYztnQkFDZCxZQUFZO2dCQUNaLDZCQUE2QjtnQkFDN0IsWUFBWTtnQkFDWixhQUFhO2dCQUNiLGVBQWU7Z0JBQ2YsaUJBQWlCO2dCQUNqQixzQkFBc0I7Z0JBQ3RCLDRCQUE0QjtnQkFDNUIsYUFBYTthQUNkO1lBQ0QsSUFBSSxFQUFFO2dCQUNKLGVBQWU7Z0JBQ2YsZ0JBQWdCO2dCQUNoQiw2QkFBNkI7Z0JBQzdCLFlBQVk7Z0JBQ1osY0FBYztnQkFDZCx1QkFBdUI7Z0JBQ3ZCLG1CQUFtQjtnQkFDbkIsdUJBQXVCO2dCQUN2QixtQkFBbUI7Z0JBQ25CLFdBQVc7Z0JBQ1gscUJBQXFCO2dCQUNyQixpQkFBaUI7Z0JBQ2pCLG1CQUFtQjtnQkFDbkIseUJBQXlCO2dCQUN6QixVQUFVO2dCQUNWLGdCQUFnQjtnQkFDaEIsb0JBQW9CO2dCQUNwQixnQkFBZ0I7Z0JBQ2hCLFVBQVU7Z0JBQ1YsY0FBYztnQkFDZCxxQkFBcUI7YUFDdEI7WUFDRCxJQUFJLEVBQUU7Z0JBQ0osY0FBYztnQkFDZCxnQkFBZ0I7Z0JBQ2hCLHFCQUFxQjtnQkFDckIsYUFBYTtnQkFDYixrQkFBa0I7Z0JBQ2xCLGFBQWE7Z0JBQ2IsMkJBQTJCO2dCQUMzQixZQUFZO2FBQ2I7U0FDRixDQUFDO0lBajVCRixDQUFDO0lBRUQ7Ozs7Ozs7Ozs7T0FVRztJQUNJLFNBQVM7UUFDZCxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsU0FBUyxDQUFDLENBQUM7SUFDNUIsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGFBQWE7UUFDbEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGFBQWEsQ0FBQyxDQUFDO0lBQ2hDLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7OztPQWFHO0lBQ0ksZUFBZTtRQUNwQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsZUFBZSxDQUFDLENBQUM7SUFDbEMsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7Ozs7T0FlRztJQUNJLGlCQUFpQjtRQUN0QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsaUJBQWlCLENBQUMsQ0FBQztJQUNwQyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7Ozs7OztPQWtCRztJQUNJLHNCQUFzQjtRQUMzQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsc0JBQXNCLENBQUMsQ0FBQztJQUN6QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksNEJBQTRCO1FBQ2pDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyw0QkFBNEIsQ0FBQyxDQUFDO0lBQy9DLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7Ozs7OztPQWdCRztJQUNJLGFBQWE7UUFDbEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGFBQWEsQ0FBQyxDQUFDO0lBQ2hDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxlQUFlO1FBQ3BCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxlQUFlLENBQUMsQ0FBQztJQUNsQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksaUJBQWlCO1FBQ3RCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO0lBQ3BDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxzQkFBc0I7UUFDM0IsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHNCQUFzQixDQUFDLENBQUM7SUFDekMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHNCQUFzQjtRQUMzQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsc0JBQXNCLENBQUMsQ0FBQztJQUN6QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksNEJBQTRCO1FBQ2pDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyw0QkFBNEIsQ0FBQyxDQUFDO0lBQy9DLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxhQUFhO1FBQ2xCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxhQUFhLENBQUMsQ0FBQztJQUNoQyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7T0FVRztJQUNJLHNDQUFzQztRQUMzQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsc0NBQXNDLENBQUMsQ0FBQztJQUN6RCxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksZUFBZTtRQUNwQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsZUFBZSxDQUFDLENBQUM7SUFDbEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGdCQUFnQjtRQUNyQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztJQUNuQyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7T0FhRztJQUNJLG1CQUFtQjtRQUN4QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsbUJBQW1CLENBQUMsQ0FBQztJQUN0QyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7O09BY0c7SUFDSSxrQkFBa0I7UUFDdkIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGtCQUFrQixDQUFDLENBQUM7SUFDckMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGVBQWU7UUFDcEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGVBQWUsQ0FBQyxDQUFDO0lBQ2xDLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7T0FXRztJQUNJLDZCQUE2QjtRQUNsQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsNkJBQTZCLENBQUMsQ0FBQztJQUNoRCxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksWUFBWTtRQUNqQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsWUFBWSxDQUFDLENBQUM7SUFDL0IsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGNBQWM7UUFDbkIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGNBQWMsQ0FBQyxDQUFDO0lBQ2pDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSx1QkFBdUI7UUFDNUIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHVCQUF1QixDQUFDLENBQUM7SUFDMUMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLG1CQUFtQjtRQUN4QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsbUJBQW1CLENBQUMsQ0FBQztJQUN0QyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7T0FVRztJQUNJLHVCQUF1QjtRQUM1QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsdUJBQXVCLENBQUMsQ0FBQztJQUMxQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksbUJBQW1CO1FBQ3hCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxtQkFBbUIsQ0FBQyxDQUFDO0lBQ3RDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxXQUFXO1FBQ2hCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxXQUFXLENBQUMsQ0FBQztJQUM5QixDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0kscUJBQXFCO1FBQzFCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxxQkFBcUIsQ0FBQyxDQUFDO0lBQ3hDLENBQUM7SUFFRDs7Ozs7Ozs7OztPQVVHO0lBQ0ksaUJBQWlCO1FBQ3RCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO0lBQ3BDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxtQkFBbUI7UUFDeEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLG1CQUFtQixDQUFDLENBQUM7SUFDdEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHlCQUF5QjtRQUM5QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMseUJBQXlCLENBQUMsQ0FBQztJQUM1QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksVUFBVTtRQUNmLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxVQUFVLENBQUMsQ0FBQztJQUM3QixDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksZ0JBQWdCO1FBQ3JCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO0lBQ25DLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxjQUFjO1FBQ25CLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxjQUFjLENBQUMsQ0FBQztJQUNqQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksZ0JBQWdCO1FBQ3JCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO0lBQ25DLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxxQkFBcUI7UUFDMUIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHFCQUFxQixDQUFDLENBQUM7SUFDeEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLG9CQUFvQjtRQUN6QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsb0JBQW9CLENBQUMsQ0FBQztJQUN2QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksYUFBYTtRQUNsQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsYUFBYSxDQUFDLENBQUM7SUFDaEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGtCQUFrQjtRQUN2QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsa0JBQWtCLENBQUMsQ0FBQztJQUNyQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksZ0JBQWdCO1FBQ3JCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO0lBQ25DLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxhQUFhO1FBQ2xCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxhQUFhLENBQUMsQ0FBQztJQUNoQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksMkJBQTJCO1FBQ2hDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQywyQkFBMkIsQ0FBQyxDQUFDO0lBQzlDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxVQUFVO1FBQ2YsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLFVBQVUsQ0FBQyxDQUFDO0lBQzdCLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxZQUFZO1FBQ2pCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxZQUFZLENBQUMsQ0FBQztJQUMvQixDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksY0FBYztRQUNuQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsY0FBYyxDQUFDLENBQUM7SUFDakMsQ0FBQztJQUVEOzs7Ozs7Ozs7O09BVUc7SUFDSSx1QkFBdUI7UUFDNUIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHVCQUF1QixDQUFDLENBQUM7SUFDMUMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLG1CQUFtQjtRQUN4QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsbUJBQW1CLENBQUMsQ0FBQztJQUN0QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0kscUJBQXFCO1FBQzFCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxxQkFBcUIsQ0FBQyxDQUFDO0lBQ3hDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxtQkFBbUI7UUFDeEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLG1CQUFtQixDQUFDLENBQUM7SUFDdEMsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7T0FZRztJQUNJLG9DQUFvQztRQUN6QyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsb0NBQW9DLENBQUMsQ0FBQztJQUN2RCxDQUFDO0lBRUQ7Ozs7Ozs7OztPQVNHO0lBQ0ksWUFBWTtRQUNqQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsWUFBWSxDQUFDLENBQUM7SUFDL0IsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHVCQUF1QjtRQUM1QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsdUJBQXVCLENBQUMsQ0FBQztJQUMxQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0kscUJBQXFCO1FBQzFCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxxQkFBcUIsQ0FBQyxDQUFDO0lBQ3hDLENBQUM7SUFFRDs7Ozs7Ozs7O09BU0c7SUFDSSx1QkFBdUI7UUFDNUIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHVCQUF1QixDQUFDLENBQUM7SUFDMUMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLDhCQUE4QjtRQUNuQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsOEJBQThCLENBQUMsQ0FBQztJQUNqRCxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksYUFBYTtRQUNsQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsYUFBYSxDQUFDLENBQUM7SUFDaEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGNBQWM7UUFDbkIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGNBQWMsQ0FBQyxDQUFDO0lBQ2pDLENBQUM7SUFFRDs7Ozs7Ozs7OztPQVVHO0lBQ0ksWUFBWTtRQUNqQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsWUFBWSxDQUFDLENBQUM7SUFDL0IsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLDZCQUE2QjtRQUNsQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsNkJBQTZCLENBQUMsQ0FBQztJQUNoRCxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksWUFBWTtRQUNqQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsWUFBWSxDQUFDLENBQUM7SUFDL0IsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGFBQWE7UUFDbEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGFBQWEsQ0FBQyxDQUFDO0lBQ2hDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxlQUFlO1FBQ3BCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxlQUFlLENBQUMsQ0FBQztJQUNsQyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7T0FVRztJQUNJLGlCQUFpQjtRQUN0QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsaUJBQWlCLENBQUMsQ0FBQztJQUNwQyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7T0FhRztJQUNJLHNCQUFzQjtRQUMzQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsc0JBQXNCLENBQUMsQ0FBQztJQUN6QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksNEJBQTRCO1FBQ2pDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyw0QkFBNEIsQ0FBQyxDQUFDO0lBQy9DLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7T0FXRztJQUNJLGFBQWE7UUFDbEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGFBQWEsQ0FBQyxDQUFDO0lBQ2hDLENBQUM7SUErRUQ7Ozs7Ozs7Ozs7OztPQVlHO0lBQ0ksT0FBTyxDQUFDLFNBQWlCLEVBQUUsT0FBZ0IsRUFBRSxNQUFlLEVBQUUsU0FBa0I7UUFDckYsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLE9BQVEsU0FBUyxJQUFJLElBQUksQ0FBQyxnQkFBaUIsZUFBZ0IsTUFBTSxJQUFJLElBQUksQ0FBQyxhQUFjLElBQUssT0FBTyxJQUFJLElBQUksQ0FBQyxjQUFlLFVBQVcsU0FBVSxFQUFFLENBQUMsQ0FBQztJQUN0SyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7OztPQVlHO0lBQ0ksZ0JBQWdCLENBQUMsZ0JBQXdCLEVBQUUsT0FBZ0IsRUFBRSxNQUFlLEVBQUUsU0FBa0I7UUFDckcsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLE9BQVEsU0FBUyxJQUFJLElBQUksQ0FBQyxnQkFBaUIsZUFBZ0IsTUFBTSxJQUFJLElBQUksQ0FBQyxhQUFjLElBQUssT0FBTyxJQUFJLElBQUksQ0FBQyxjQUFlLG1CQUFvQixnQkFBaUIsRUFBRSxDQUFDLENBQUM7SUFDdEwsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7T0FZRztJQUNJLFNBQVMsQ0FBQyxTQUFpQixFQUFFLE9BQWdCLEVBQUUsTUFBZSxFQUFFLFNBQWtCO1FBQ3ZGLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxPQUFRLFNBQVMsSUFBSSxJQUFJLENBQUMsZ0JBQWlCLGVBQWdCLE1BQU0sSUFBSSxJQUFJLENBQUMsYUFBYyxJQUFLLE9BQU8sSUFBSSxJQUFJLENBQUMsY0FBZSxZQUFhLFNBQVUsRUFBRSxDQUFDLENBQUM7SUFDeEssQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7T0FZRztJQUNJLFdBQVcsQ0FBQyxhQUFxQixFQUFFLE9BQWdCLEVBQUUsTUFBZSxFQUFFLFNBQWtCO1FBQzdGLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxPQUFRLFNBQVMsSUFBSSxJQUFJLENBQUMsZ0JBQWlCLGVBQWdCLE1BQU0sSUFBSSxJQUFJLENBQUMsYUFBYyxJQUFLLE9BQU8sSUFBSSxJQUFJLENBQUMsY0FBZSxjQUFlLGFBQWMsRUFBRSxDQUFDLENBQUM7SUFDOUssQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7Ozs7T0FlRztJQUNJLGVBQWUsQ0FBQyxNQUFjLEVBQUUsS0FBd0IsRUFBRSxRQUE0QjtRQUMzRixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsa0JBQW1CLE1BQU8sRUFBRSxFQUFFLEtBQUssRUFBRSxRQUFRLElBQUksWUFBWSxDQUFDLENBQUM7SUFDaEYsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7OztPQWNHO0lBQ0ksZ0JBQWdCLENBQUMsTUFBYyxFQUFFLEtBQXdCLEVBQUUsUUFBNEI7UUFDNUYsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLG1CQUFvQixNQUFPLEVBQUUsRUFBRSxLQUFLLEVBQUUsUUFBUSxJQUFJLFlBQVksQ0FBQyxDQUFDO0lBQ2pGLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7Ozs7O09BZUc7SUFDSSxZQUFZLENBQUMsS0FBd0IsRUFBRSxRQUE0QjtRQUN4RSxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsYUFBYSxFQUFFLEtBQUssRUFBRSxRQUFRLElBQUksWUFBWSxDQUFDLENBQUM7SUFDakUsQ0FBQztDQUNGO0FBM2hDRCxnQ0EyaENDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgQWNjZXNzTGV2ZWxMaXN0IH0gZnJvbSAnLi4vLi4vc2hhcmVkL2FjY2Vzcy1sZXZlbCc7XG5pbXBvcnQgeyBQb2xpY3lTdGF0ZW1lbnQsIE9wZXJhdG9yIH0gZnJvbSAnLi4vLi4vc2hhcmVkJztcblxuLyoqXG4gKiBTdGF0ZW1lbnQgcHJvdmlkZXIgZm9yIHNlcnZpY2UgW2Nsb3VkdHJhaWxdKGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9zZXJ2aWNlLWF1dGhvcml6YXRpb24vbGF0ZXN0L3JlZmVyZW5jZS9saXN0X2F3c2Nsb3VkdHJhaWwuaHRtbCkuXG4gKlxuICogQHBhcmFtIHNpZCBbU0lEXShodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vSUFNL2xhdGVzdC9Vc2VyR3VpZGUvcmVmZXJlbmNlX3BvbGljaWVzX2VsZW1lbnRzX3NpZC5odG1sKSBvZiB0aGUgc3RhdGVtZW50XG4gKi9cbmV4cG9ydCBjbGFzcyBDbG91ZHRyYWlsIGV4dGVuZHMgUG9saWN5U3RhdGVtZW50IHtcbiAgcHVibGljIHNlcnZpY2VQcmVmaXggPSAnY2xvdWR0cmFpbCc7XG5cbiAgLyoqXG4gICAqIFN0YXRlbWVudCBwcm92aWRlciBmb3Igc2VydmljZSBbY2xvdWR0cmFpbF0oaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL3NlcnZpY2UtYXV0aG9yaXphdGlvbi9sYXRlc3QvcmVmZXJlbmNlL2xpc3RfYXdzY2xvdWR0cmFpbC5odG1sKS5cbiAgICpcbiAgICogQHBhcmFtIHNpZCBbU0lEXShodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vSUFNL2xhdGVzdC9Vc2VyR3VpZGUvcmVmZXJlbmNlX3BvbGljaWVzX2VsZW1lbnRzX3NpZC5odG1sKSBvZiB0aGUgc3RhdGVtZW50XG4gICAqL1xuICBjb25zdHJ1Y3RvcihzaWQ/OiBzdHJpbmcpIHtcbiAgICBzdXBlcihzaWQpO1xuICB9XG5cbiAgLyoqXG4gICAqIEdyYW50cyBwZXJtaXNzaW9uIHRvIGFkZCBvbmUgb3IgbW9yZSB0YWdzIHRvIGEgdHJhaWwsIGV2ZW50IGRhdGEgc3RvcmUsIGNoYW5uZWwgb3IgZGFzaGJvYXJkLCB1cCB0byBhIGxpbWl0IG9mIDUwXG4gICAqXG4gICAqIEFjY2VzcyBMZXZlbDogVGFnZ2luZ1xuICAgKlxuICAgKiBQb3NzaWJsZSBjb25kaXRpb25zOlxuICAgKiAtIC5pZkF3c1JlcXVlc3RUYWcoKVxuICAgKiAtIC5pZkF3c1RhZ0tleXMoKVxuICAgKlxuICAgKiBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vYXdzY2xvdWR0cmFpbC9sYXRlc3QvQVBJUmVmZXJlbmNlL0FQSV9BZGRUYWdzLmh0bWxcbiAgICovXG4gIHB1YmxpYyB0b0FkZFRhZ3MoKSB7XG4gICAgcmV0dXJuIHRoaXMudG8oJ0FkZFRhZ3MnKTtcbiAgfVxuXG4gIC8qKlxuICAgKiBHcmFudHMgcGVybWlzc2lvbiB0byBjYW5jZWwgYSBydW5uaW5nIHF1ZXJ5XG4gICAqXG4gICAqIEFjY2VzcyBMZXZlbDogV3JpdGVcbiAgICpcbiAgICogaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL2F3c2Nsb3VkdHJhaWwvbGF0ZXN0L0FQSVJlZmVyZW5jZS9BUElfQ2FuY2VsUXVlcnkuaHRtbFxuICAgKi9cbiAgcHVibGljIHRvQ2FuY2VsUXVlcnkoKSB7XG4gICAgcmV0dXJuIHRoaXMudG8oJ0NhbmNlbFF1ZXJ5Jyk7XG4gIH1cblxuICAvKipcbiAgICogR3JhbnRzIHBlcm1pc3Npb24gdG8gY3JlYXRlIGEgY2hhbm5lbFxuICAgKlxuICAgKiBBY2Nlc3MgTGV2ZWw6IFdyaXRlXG4gICAqXG4gICAqIFBvc3NpYmxlIGNvbmRpdGlvbnM6XG4gICAqIC0gLmlmQXdzUmVxdWVzdFRhZygpXG4gICAqIC0gLmlmQXdzVGFnS2V5cygpXG4gICAqXG4gICAqIERlcGVuZGVudCBhY3Rpb25zOlxuICAgKiAtIGNsb3VkdHJhaWw6QWRkVGFnc1xuICAgKlxuICAgKiBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vYXdzY2xvdWR0cmFpbC9sYXRlc3QvQVBJUmVmZXJlbmNlL0FQSV9DcmVhdGVDaGFubmVsLmh0bWxcbiAgICovXG4gIHB1YmxpYyB0b0NyZWF0ZUNoYW5uZWwoKSB7XG4gICAgcmV0dXJuIHRoaXMudG8oJ0NyZWF0ZUNoYW5uZWwnKTtcbiAgfVxuXG4gIC8qKlxuICAgKiBHcmFudHMgcGVybWlzc2lvbiB0byBjcmVhdGUgYSBkYXNoYm9hcmRcbiAgICpcbiAgICogQWNjZXNzIExldmVsOiBXcml0ZVxuICAgKlxuICAgKiBQb3NzaWJsZSBjb25kaXRpb25zOlxuICAgKiAtIC5pZkF3c1JlcXVlc3RUYWcoKVxuICAgKiAtIC5pZkF3c1RhZ0tleXMoKVxuICAgKlxuICAgKiBEZXBlbmRlbnQgYWN0aW9uczpcbiAgICogLSBjbG91ZHRyYWlsOkFkZFRhZ3NcbiAgICogLSBjbG91ZHRyYWlsOlN0YXJ0RGFzaGJvYXJkUmVmcmVzaFxuICAgKiAtIGNsb3VkdHJhaWw6U3RhcnRRdWVyeVxuICAgKlxuICAgKiBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vYXdzY2xvdWR0cmFpbC9sYXRlc3QvQVBJUmVmZXJlbmNlL0FQSV9DcmVhdGVEYXNoYm9hcmQuaHRtbFxuICAgKi9cbiAgcHVibGljIHRvQ3JlYXRlRGFzaGJvYXJkKCkge1xuICAgIHJldHVybiB0aGlzLnRvKCdDcmVhdGVEYXNoYm9hcmQnKTtcbiAgfVxuXG4gIC8qKlxuICAgKiBHcmFudHMgcGVybWlzc2lvbiB0byBjcmVhdGUgYW4gZXZlbnQgZGF0YSBzdG9yZVxuICAgKlxuICAgKiBBY2Nlc3MgTGV2ZWw6IFdyaXRlXG4gICAqXG4gICAqIFBvc3NpYmxlIGNvbmRpdGlvbnM6XG4gICAqIC0gLmlmQXdzUmVxdWVzdFRhZygpXG4gICAqIC0gLmlmQXdzVGFnS2V5cygpXG4gICAqXG4gICAqIERlcGVuZGVudCBhY3Rpb25zOlxuICAgKiAtIGNsb3VkdHJhaWw6QWRkVGFnc1xuICAgKiAtIGlhbTpDcmVhdGVTZXJ2aWNlTGlua2VkUm9sZVxuICAgKiAtIGlhbTpHZXRSb2xlXG4gICAqIC0ga21zOkRlY3J5cHRcbiAgICogLSBrbXM6R2VuZXJhdGVEYXRhS2V5XG4gICAqIC0gb3JnYW5pemF0aW9uczpMaXN0QVdTU2VydmljZUFjY2Vzc0Zvck9yZ2FuaXphdGlvblxuICAgKlxuICAgKiBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vYXdzY2xvdWR0cmFpbC9sYXRlc3QvQVBJUmVmZXJlbmNlL0FQSV9DcmVhdGVFdmVudERhdGFTdG9yZS5odG1sXG4gICAqL1xuICBwdWJsaWMgdG9DcmVhdGVFdmVudERhdGFTdG9yZSgpIHtcbiAgICByZXR1cm4gdGhpcy50bygnQ3JlYXRlRXZlbnREYXRhU3RvcmUnKTtcbiAgfVxuXG4gIC8qKlxuICAgKiBHcmFudHMgcGVybWlzc2lvbiB0byBjcmVhdGUgYSBzZXJ2aWNlLWxpbmtlZCBjaGFubmVsIHRoYXQgc3BlY2lmaWVzIHRoZSBzZXR0aW5ncyBmb3IgZGVsaXZlcnkgb2YgbG9nIGRhdGEgdG8gYW4gQVdTIHNlcnZpY2VcbiAgICpcbiAgICogQWNjZXNzIExldmVsOiBXcml0ZVxuICAgKlxuICAgKiBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vYXdzY2xvdWR0cmFpbC9sYXRlc3QvdXNlcmd1aWRlL3ZpZXdpbmctc2VydmljZS1saW5rZWQtY2hhbm5lbHMuaHRtbCNzbGMtc2VydmljZS1ldmVudHNcbiAgICovXG4gIHB1YmxpYyB0b0NyZWF0ZVNlcnZpY2VMaW5rZWRDaGFubmVsKCkge1xuICAgIHJldHVybiB0aGlzLnRvKCdDcmVhdGVTZXJ2aWNlTGlua2VkQ2hhbm5lbCcpO1xuICB9XG5cbiAgLyoqXG4gICAqIEdyYW50cyBwZXJtaXNzaW9uIHRvIGNyZWF0ZSBhIHRyYWlsIHRoYXQgc3BlY2lmaWVzIHRoZSBzZXR0aW5ncyBmb3IgZGVsaXZlcnkgb2YgbG9nIGRhdGEgdG8gYW4gQW1hem9uIFMzIGJ1Y2tldFxuICAgKlxuICAgKiBBY2Nlc3MgTGV2ZWw6IFdyaXRlXG4gICAqXG4gICAqIFBvc3NpYmxlIGNvbmRpdGlvbnM6XG4gICAqIC0gLmlmQXdzUmVxdWVzdFRhZygpXG4gICAqIC0gLmlmQXdzVGFnS2V5cygpXG4gICAqXG4gICAqIERlcGVuZGVudCBhY3Rpb25zOlxuICAgKiAtIGNsb3VkdHJhaWw6QWRkVGFnc1xuICAgKiAtIGlhbTpDcmVhdGVTZXJ2aWNlTGlua2VkUm9sZVxuICAgKiAtIGlhbTpHZXRSb2xlXG4gICAqIC0gb3JnYW5pemF0aW9uczpMaXN0QVdTU2VydmljZUFjY2Vzc0Zvck9yZ2FuaXphdGlvblxuICAgKlxuICAgKiBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vYXdzY2xvdWR0cmFpbC9sYXRlc3QvQVBJUmVmZXJlbmNlL0FQSV9DcmVhdGVUcmF