iam-floyd
Version:
AWS IAM policy statement generator with fluent interface
1,079 lines • 107 kB
JavaScript
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.Fsx = void 0;
const shared_1 = require("../../shared");
/**
* Statement provider for service [fsx](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonfsx.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
class Fsx extends shared_1.PolicyStatement {
/**
* Statement provider for service [fsx](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonfsx.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
constructor(sid) {
super(sid);
this.servicePrefix = 'fsx';
this.accessLevelList = {
Write: [
'AssociateFileGateway',
'AssociateFileSystemAliases',
'CancelDataRepositoryTask',
'CopyBackup',
'CopySnapshotAndUpdateVolume',
'CreateAndAttachS3AccessPoint',
'CreateBackup',
'CreateDataRepositoryAssociation',
'CreateDataRepositoryTask',
'CreateFileCache',
'CreateFileSystem',
'CreateFileSystemFromBackup',
'CreateSnapshot',
'CreateStorageVirtualMachine',
'CreateVolume',
'CreateVolumeFromBackup',
'DeleteBackup',
'DeleteDataRepositoryAssociation',
'DeleteFileCache',
'DeleteFileSystem',
'DeleteSnapshot',
'DeleteStorageVirtualMachine',
'DeleteVolume',
'DetachAndDeleteS3AccessPoint',
'DisassociateFileGateway',
'DisassociateFileSystemAliases',
'ReleaseFileSystemNfsV3Locks',
'RestoreVolumeFromSnapshot',
'StartMisconfiguredStateRecovery',
'UpdateDataRepositoryAssociation',
'UpdateFileCache',
'UpdateFileSystem',
'UpdateSharedVpcConfiguration',
'UpdateSnapshot',
'UpdateStorageVirtualMachine',
'UpdateVolume'
],
'Permissions management': [
'BypassSnaplockEnterpriseRetention',
'DeleteResourcePolicy',
'GetResourcePolicy',
'ManageBackupPrincipalAssociations',
'PutResourcePolicy'
],
Read: [
'DescribeAssociatedFileGateways',
'DescribeBackups',
'DescribeDataRepositoryAssociations',
'DescribeDataRepositoryTasks',
'DescribeFileCaches',
'DescribeFileSystemAliases',
'DescribeFileSystems',
'DescribeS3AccessPointAttachments',
'DescribeSharedVpcConfiguration',
'DescribeSnapshots',
'DescribeStorageVirtualMachines',
'DescribeVolumes',
'ListTagsForResource'
],
Tagging: [
'TagResource',
'UntagResource'
]
};
}
/**
* Grants permission to associate a File Gateway instance with an Amazon FSx for Windows File Server file system
*
* Access Level: Write
*
* https://docs.aws.amazon.com/filegateway/latest/filefsxw/what-is-file-fsxw.html
*/
toAssociateFileGateway() {
return this.to('AssociateFileGateway');
}
/**
* Grants permission to associate DNS aliases with an Amazon FSx for Windows File Server file system
*
* Access Level: Write
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_AssociateFileSystemAliases.html
*/
toAssociateFileSystemAliases() {
return this.to('AssociateFileSystemAliases');
}
/**
* Grants permission to allow deletion of an FSx for ONTAP SnapLock Enterprise volume that contains WORM (write once, read many) files with active retention periods
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/fsx/latest/ONTAPGuide/snaplock-enterprise.html#bypass-enterprise
*/
toBypassSnaplockEnterpriseRetention() {
return this.to('BypassSnaplockEnterpriseRetention');
}
/**
* Grants permission to cancel a data repository task
*
* Access Level: Write
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_CancelDataRepositoryTask.html
*/
toCancelDataRepositoryTask() {
return this.to('CancelDataRepositoryTask');
}
/**
* Grants permission to copy a backup
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - fsx:TagResource
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_CopyBackup.html
*/
toCopyBackup() {
return this.to('CopyBackup');
}
/**
* Grants permission to update an existing volume by using a snapshot from another Amazon FSx for OpenZFS file system
*
* Access Level: Write
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_CopySnapshotAndUpdateVolume.html
*/
toCopySnapshotAndUpdateVolume() {
return this.to('CopySnapshotAndUpdateVolume');
}
/**
* Grants permission to create and attach a S3 Access Point to a FSx File System
*
* Access Level: Write
*
* Dependent actions:
* - s3:CreateAccessPoint
* - s3:GetAccessPoint
* - s3:PutAccessPointPolicy
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_CreateAndAttachS3AccessPoint.html
*/
toCreateAndAttachS3AccessPoint() {
return this.to('CreateAndAttachS3AccessPoint');
}
/**
* Grants permission to create a new backup of an Amazon FSx file system or an Amazon FSx volume
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - fsx:TagResource
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_CreateBackup.html
*/
toCreateBackup() {
return this.to('CreateBackup');
}
/**
* Grants permission to create a new data respository association for an Amazon FSx for Lustre file system
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - fsx:TagResource
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_CreateDataRepositoryAssociation.html
*/
toCreateDataRepositoryAssociation() {
return this.to('CreateDataRepositoryAssociation');
}
/**
* Grants permission to create a new data respository task for an Amazon FSx for Lustre file system
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - fsx:TagResource
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_CreateDataRepositoryTask.html
*/
toCreateDataRepositoryTask() {
return this.to('CreateDataRepositoryTask');
}
/**
* Grants permission to create a new, empty, Amazon file cache
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - ec2:DescribeSecurityGroups
* - ec2:DescribeSubnets
* - ec2:DescribeVpcs
* - ec2:GetSecurityGroupsForVpc
* - fsx:CreateDataRepositoryAssociation
* - fsx:TagResource
* - logs:CreateLogGroup
* - logs:CreateLogStream
* - logs:PutLogEvents
* - s3:ListBucket
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_CreateFileCache.html
*/
toCreateFileCache() {
return this.to('CreateFileCache');
}
/**
* Grants permission to create a new, empty, Amazon FSx file system
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - ec2:GetSecurityGroupsForVpc
* - fsx:TagResource
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_CreateFileSystem.html
*/
toCreateFileSystem() {
return this.to('CreateFileSystem');
}
/**
* Grants permission to create a new Amazon FSx file system from an existing backup
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - ec2:GetSecurityGroupsForVpc
* - fsx:TagResource
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_CreateFileSystemFromBackup.html
*/
toCreateFileSystemFromBackup() {
return this.to('CreateFileSystemFromBackup');
}
/**
* Grants permission to create a new snapshot on a volume
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - fsx:TagResource
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_CreateSnapshot.html
*/
toCreateSnapshot() {
return this.to('CreateSnapshot');
}
/**
* Grants permission to create a new storage virtual machine in an Amazon FSx for Ontap file system
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - fsx:TagResource
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_CreateStorageVirtualMachine.html
*/
toCreateStorageVirtualMachine() {
return this.to('CreateStorageVirtualMachine');
}
/**
* Grants permission to create a new volume
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifStorageVirtualMachineId()
* - .ifParentVolumeId()
*
* Dependent actions:
* - fsx:TagResource
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_CreateVolume.html
*/
toCreateVolume() {
return this.to('CreateVolume');
}
/**
* Grants permission to create a new volume from backup
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifStorageVirtualMachineId()
*
* Dependent actions:
* - fsx:TagResource
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_CreateVolumeFromBackup.html
*/
toCreateVolumeFromBackup() {
return this.to('CreateVolumeFromBackup');
}
/**
* Grants permission to delete a backup, deleting its contents. After deletion, the backup no longer exists, and its data is no longer available
*
* Access Level: Write
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_DeleteBackup.html
*/
toDeleteBackup() {
return this.to('DeleteBackup');
}
/**
* Grants permission to delete a data repository association
*
* Access Level: Write
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_DeleteDataRepositoryAssociation.html
*/
toDeleteDataRepositoryAssociation() {
return this.to('DeleteDataRepositoryAssociation');
}
/**
* Grants permission to delete a file cache, deleting its contents
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - fsx:DeleteDataRepositoryAssociation
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_DeleteFileCache.html
*/
toDeleteFileCache() {
return this.to('DeleteFileCache');
}
/**
* Grants permission to delete a file system, deleting its contents and any existing automatic backups of the file system
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - fsx:CreateBackup
* - fsx:TagResource
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_DeleteFileSystem.html
*/
toDeleteFileSystem() {
return this.to('DeleteFileSystem');
}
/**
* Grants permission to manage cross-account sharing of FSx volumes through AWS Resource Access Manager (RAM). PutResourcePolicy and GetResourcePolicy are also required
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/fsx/latest/OpenZFSGuide/on-demand-replication.html
*/
toDeleteResourcePolicy() {
return this.to('DeleteResourcePolicy');
}
/**
* Grants permission to delete a snapshot on a volume
*
* Access Level: Write
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_DeleteSnapshot.html
*/
toDeleteSnapshot() {
return this.to('DeleteSnapshot');
}
/**
* Grants permission to delete a storage virtual machine, deleting its contents
*
* Access Level: Write
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_DeleteStorageVirtualMachine.html
*/
toDeleteStorageVirtualMachine() {
return this.to('DeleteStorageVirtualMachine');
}
/**
* Grants permission to delete a volume, deleting its contents and any existing automatic backups of the volume
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifStorageVirtualMachineId()
* - .ifParentVolumeId()
*
* Dependent actions:
* - fsx:TagResource
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_DeleteVolume.html
*/
toDeleteVolume() {
return this.to('DeleteVolume');
}
/**
* Grants permission to describe the File Gateway instances associated with an Amazon FSx for Windows File Server file system
*
* Access Level: Read
*
* https://docs.aws.amazon.com/filegateway/latest/filefsxw/what-is-file-fsxw.html
*/
toDescribeAssociatedFileGateways() {
return this.to('DescribeAssociatedFileGateways');
}
/**
* Grants permission to return the descriptions of all backups owned by your AWS account in the AWS Region of the endpoint that you're calling
*
* Access Level: Read
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_DescribeBackups.html
*/
toDescribeBackups() {
return this.to('DescribeBackups');
}
/**
* Grants permission to return the descriptions of all data repository associations owned by your AWS account in the AWS Region of the endpoint that you're calling
*
* Access Level: Read
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_DescribeDataRepositoryAssociations.html
*/
toDescribeDataRepositoryAssociations() {
return this.to('DescribeDataRepositoryAssociations');
}
/**
* Grants permission to return the descriptions of all data repository tasks owned by your AWS account in the AWS Region of the endpoint that you're calling
*
* Access Level: Read
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_DescribeDataRepositoryTasks.html
*/
toDescribeDataRepositoryTasks() {
return this.to('DescribeDataRepositoryTasks');
}
/**
* Grants permission to return the descriptions of all file caches owned by your AWS account in the AWS Region of the endpoint that you're calling
*
* Access Level: Read
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_DescribeFileCaches.html
*/
toDescribeFileCaches() {
return this.to('DescribeFileCaches');
}
/**
* Grants permission to return the description of all DNS aliases owned by your Amazon FSx for Windows File Server file system
*
* Access Level: Read
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_DescribeFileSystemAliases.html
*/
toDescribeFileSystemAliases() {
return this.to('DescribeFileSystemAliases');
}
/**
* Grants permission to return the descriptions of all file systems owned by your AWS account in the AWS Region of the endpoint that you're calling
*
* Access Level: Read
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_DescribeFileSystems.html
*/
toDescribeFileSystems() {
return this.to('DescribeFileSystems');
}
/**
* Grants permission to return the descriptions of S3 Access Point Attachments
*
* Access Level: Read
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_DescribeS3AccessPointAttachments.html
*/
toDescribeS3AccessPointAttachments() {
return this.to('DescribeS3AccessPointAttachments');
}
/**
* Grants permission to return the descriptions of whether FSx route table updates from participant accounts are allowed in your account
*
* Access Level: Read
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_DescribeSharedVpcConfiguration.html
*/
toDescribeSharedVpcConfiguration() {
return this.to('DescribeSharedVpcConfiguration');
}
/**
* Grants permission to return the descriptions of all snapshots owned by your AWS account in the AWS Region of the endpoint you're calling
*
* Access Level: Read
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_DescribeSnapshots.html
*/
toDescribeSnapshots() {
return this.to('DescribeSnapshots');
}
/**
* Grants permission to return the descriptions of all storage virtual machines owned by your AWS account in the AWS Region of the endpoint that you're calling
*
* Access Level: Read
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_DescribeStorageVirtualMachines.html
*/
toDescribeStorageVirtualMachines() {
return this.to('DescribeStorageVirtualMachines');
}
/**
* Grants permission to return the descriptions of all volumes owned by your AWS account in the AWS Region of the endpoint that you're calling
*
* Access Level: Read
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_DescribeVolumes.html
*/
toDescribeVolumes() {
return this.to('DescribeVolumes');
}
/**
* Grants permission to detach an S3 Access Point from an Amazon FSx File System and delete the S3 Access Point
*
* Access Level: Write
*
* Dependent actions:
* - s3:DeleteAccessPoint
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_DetachAndDeleteS3AccessPoint.html
*/
toDetachAndDeleteS3AccessPoint() {
return this.to('DetachAndDeleteS3AccessPoint');
}
/**
* Grants permission to disassociate a File Gateway instance from an Amazon FSx for Windows File Server file system
*
* Access Level: Write
*
* https://docs.aws.amazon.com/filegateway/latest/filefsxw/what-is-file-fsxw.html
*/
toDisassociateFileGateway() {
return this.to('DisassociateFileGateway');
}
/**
* Grants permission to disassociate file system aliases with an Amazon FSx for Windows File Server file system
*
* Access Level: Write
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_DisassociateFileSystemAliases.html
*/
toDisassociateFileSystemAliases() {
return this.to('DisassociateFileSystemAliases');
}
/**
* Grants permission to manage cross-account sharing of FSx volumes through AWS Resource Access Manager (RAM). PutResourcePolicy and DeleteResourcePolicy are also required
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/fsx/latest/OpenZFSGuide/on-demand-replication.html
*/
toGetResourcePolicy() {
return this.to('GetResourcePolicy');
}
/**
* Grants permission to list tags for an Amazon FSx resource
*
* Access Level: Read
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_ListTagsForResource.html
*/
toListTagsForResource() {
return this.to('ListTagsForResource');
}
/**
* Grants permission to manage backup principal associations through AWS Backup
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_CopyBackup.html
*/
toManageBackupPrincipalAssociations() {
return this.to('ManageBackupPrincipalAssociations');
}
/**
* Grants permission to manage cross-account sharing of FSx volumes through AWS Resource Access Manager (RAM). DeleteResourcePolicy and GetResourcePolicy are also required
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/fsx/latest/OpenZFSGuide/on-demand-replication.html
*/
toPutResourcePolicy() {
return this.to('PutResourcePolicy');
}
/**
* Grants permission to release file system NFS V3 locks
*
* Access Level: Write
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_ReleaseFileSystemNfsV3Locks.html
*/
toReleaseFileSystemNfsV3Locks() {
return this.to('ReleaseFileSystemNfsV3Locks');
}
/**
* Grants permission to restore volume state from a snapshot
*
* Access Level: Write
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_RestoreVolumeFromSnapshot.html
*/
toRestoreVolumeFromSnapshot() {
return this.to('RestoreVolumeFromSnapshot');
}
/**
* Grants permission to start misconfigured state recovery
*
* Access Level: Write
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_StartMisconfiguredStateRecovery.html
*/
toStartMisconfiguredStateRecovery() {
return this.to('StartMisconfiguredStateRecovery');
}
/**
* Grants permission to tag an Amazon FSx resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_TagResource.html
*/
toTagResource() {
return this.to('TagResource');
}
/**
* Grants permission to remove a tag from an Amazon FSx resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_UntagResource.html
*/
toUntagResource() {
return this.to('UntagResource');
}
/**
* Grants permission to update data repository association configuration
*
* Access Level: Write
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_UpdateDataRepositoryAssociation.html
*/
toUpdateDataRepositoryAssociation() {
return this.to('UpdateDataRepositoryAssociation');
}
/**
* Grants permission to update file cache configuration
*
* Access Level: Write
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_UpdateFileCache.html
*/
toUpdateFileCache() {
return this.to('UpdateFileCache');
}
/**
* Grants permission to update file system configuration
*
* Access Level: Write
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_UpdateFileSystem.html
*/
toUpdateFileSystem() {
return this.to('UpdateFileSystem');
}
/**
* Grants permission to enable or disable FSx route table updates from participant accounts in your account
*
* Access Level: Write
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_UpdateSharedVpcConfiguration.html
*/
toUpdateSharedVpcConfiguration() {
return this.to('UpdateSharedVpcConfiguration');
}
/**
* Grants permission to update snapshot configuration
*
* Access Level: Write
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_UpdateSnapshot.html
*/
toUpdateSnapshot() {
return this.to('UpdateSnapshot');
}
/**
* Grants permission to update storage virtual machine configuration
*
* Access Level: Write
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_UpdateStorageVirtualMachine.html
*/
toUpdateStorageVirtualMachine() {
return this.to('UpdateStorageVirtualMachine');
}
/**
* Grants permission to update volume configuration
*
* Access Level: Write
*
* Possible conditions:
* - .ifStorageVirtualMachineId()
* - .ifParentVolumeId()
*
* https://docs.aws.amazon.com/fsx/latest/APIReference/API_UpdateVolume.html
*/
toUpdateVolume() {
return this.to('UpdateVolume');
}
/**
* Adds a resource of type file-system to the statement
*
* https://docs.aws.amazon.com/fsx/latest/WindowsGuide/access-control-overview.html#access-control-resources
*
* @param fileSystemId - Identifier for the fileSystemId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onFileSystem(fileSystemId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:fsx:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:file-system/${fileSystemId}`);
}
/**
* Adds a resource of type file-cache to the statement
*
* https://docs.aws.amazon.com/fsx/latest/FileCacheGuide/security-iam.html
*
* @param fileCacheId - Identifier for the fileCacheId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onFileCache(fileCacheId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:fsx:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:file-cache/${fileCacheId}`);
}
/**
* Adds a resource of type backup to the statement
*
* https://docs.aws.amazon.com/fsx/latest/WindowsGuide/access-control-overview.html#access-control-resources
*
* @param backupId - Identifier for the backupId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onBackup(backupId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:fsx:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:backup/${backupId}`);
}
/**
* Adds a resource of type storage-virtual-machine to the statement
*
* https://docs.aws.amazon.com/fsx/latest/ONTAPGuide/security-iam.html
*
* @param fileSystemId - Identifier for the fileSystemId.
* @param storageVirtualMachineId - Identifier for the storageVirtualMachineId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onStorageVirtualMachine(fileSystemId, storageVirtualMachineId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:fsx:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:storage-virtual-machine/${fileSystemId}/${storageVirtualMachineId}`);
}
/**
* Adds a resource of type task to the statement
*
* https://docs.aws.amazon.com/fsx/latest/LustreGuide/access-control-overview.html#access-control-resources
*
* @param taskId - Identifier for the taskId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onTask(taskId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:fsx:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:task/${taskId}`);
}
/**
* Adds a resource of type association to the statement
*
* https://docs.aws.amazon.com/fsx/latest/LustreGuide/access-control-overview.html#access-control-resources
*
* @param fileSystemIdOrFileCacheId - Identifier for the fileSystemIdOrFileCacheId.
* @param dataRepositoryAssociationId - Identifier for the dataRepositoryAssociationId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onAssociation(fileSystemIdOrFileCacheId, dataRepositoryAssociationId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:fsx:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:association/${fileSystemIdOrFileCacheId}/${dataRepositoryAssociationId}`);
}
/**
* Adds a resource of type volume to the statement
*
* https://docs.aws.amazon.com/fsx/latest/ONTAPGuide/security-iam.html
*
* @param fileSystemId - Identifier for the fileSystemId.
* @param volumeId - Identifier for the volumeId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onVolume(fileSystemId, volumeId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:fsx:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:volume/${fileSystemId}/${volumeId}`);
}
/**
* Adds a resource of type snapshot to the statement
*
* https://docs.aws.amazon.com/fsx/latest/OpenZFSGuide/access-control-overview.html#access-control-resources
*
* @param volumeId - Identifier for the volumeId.
* @param snapshotId - Identifier for the snapshotId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onSnapshot(volumeId, snapshotId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:fsx:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:snapshot/${volumeId}/${snapshotId}`);
}
/**
* Filters access by the tags that are passed in the request
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag
*
* Applies to actions:
* - .toCopyBackup()
* - .toCreateBackup()
* - .toCreateDataRepositoryAssociation()
* - .toCreateDataRepositoryTask()
* - .toCreateFileCache()
* - .toCreateFileSystem()
* - .toCreateFileSystemFromBackup()
* - .toCreateSnapshot()
* - .toCreateStorageVirtualMachine()
* - .toCreateVolume()
* - .toCreateVolumeFromBackup()
* - .toDeleteFileCache()
* - .toDeleteFileSystem()
* - .toDeleteVolume()
* - .toTagResource()
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsRequestTag(tagKey, value, operator) {
return this.if(`aws:RequestTag/${tagKey}`, value, operator ?? 'StringLike');
}
/**
* Filters access by the tags associated with the resource
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag
*
* Applies to resource types:
* - file-system
* - file-cache
* - backup
* - storage-virtual-machine
* - task
* - association
* - volume
* - snapshot
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsResourceTag(tagKey, value, operator) {
return this.if(`aws:ResourceTag/${tagKey}`, value, operator ?? 'StringLike');
}
/**
* Filters access by the tag keys that are passed in the request
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys
*
* Applies to actions:
* - .toCopyBackup()
* - .toCreateBackup()
* - .toCreateDataRepositoryAssociation()
* - .toCreateDataRepositoryTask()
* - .toCreateFileCache()
* - .toCreateFileSystem()
* - .toCreateFileSystemFromBackup()
* - .toCreateSnapshot()
* - .toCreateStorageVirtualMachine()
* - .toCreateVolume()
* - .toCreateVolumeFromBackup()
* - .toDeleteFileCache()
* - .toDeleteFileSystem()
* - .toDeleteVolume()
* - .toTagResource()
* - .toUntagResource()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsTagKeys(value, operator) {
return this.if(`aws:TagKeys`, value, operator ?? 'StringLike');
}
/**
* Filters access by whether the backup is a destination backup for a CopyBackup operation
*
* https://docs.aws.amazon.com/fsx/latest/WindowsGuide/using-backups.html#copy-backups
*
* @param value `true` or `false`. **Default:** `true`
*/
ifIsBackupCopyDestination(value) {
return this.if(`IsBackupCopyDestination`, (typeof value !== 'undefined' ? value : true), 'Bool');
}
/**
* Filters access by whether the backup is a source backup for a CopyBackup operation
*
* https://docs.aws.amazon.com/fsx/latest/WindowsGuide/using-backups.html#copy-backups
*
* @param value `true` or `false`. **Default:** `true`
*/
ifIsBackupCopySource(value) {
return this.if(`IsBackupCopySource`, (typeof value !== 'undefined' ? value : true), 'Bool');
}
/**
* Filters access by NFS data repositories which support authentication
*
* https://docs.aws.amazon.com/fsx/latest/FileCacheGuide/encryption-in-transit.html
*
* Applies to actions:
* - .toCreateDataRepositoryAssociation()
* - .toCreateFileCache()
* - .toTagResource()
*
* @param value `true` or `false`. **Default:** `true`
*/
ifNfsDataRepositoryAuthenticationEnabled(value) {
return this.if(`NfsDataRepositoryAuthenticationEnabled`, (typeof value !== 'undefined' ? value : true), 'Bool');
}
/**
* Filters access by NFS data repositories which support encryption-in-transit
*
* https://docs.aws.amazon.com/fsx/latest/FileCacheGuide/encryption-in-transit.html
*
* Applies to actions:
* - .toCreateDataRepositoryAssociation()
* - .toCreateFileCache()
* - .toTagResource()
*
* @param value `true` or `false`. **Default:** `true`
*/
ifNfsDataRepositoryEncryptionInTransitEnabled(value) {
return this.if(`NfsDataRepositoryEncryptionInTransitEnabled`, (typeof value !== 'undefined' ? value : true), 'Bool');
}
/**
* Filters access by the containing parent volume for mutating volume operations
*
* https://docs.aws.amazon.com/fsx/latest/OpenZFSGuide/creating-volumes.html
*
* Applies to actions:
* - .toCreateVolume()
* - .toDeleteVolume()
* - .toTagResource()
* - .toUpdateVolume()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifParentVolumeId(value, operator) {
return this.if(`ParentVolumeId`, value, operator ?? 'StringLike');
}
/**
* Filters access by the containing storage virtual machine for a volume for mutating volume operations
*
* https://docs.aws.amazon.com/fsx/latest/ONTAPGuide/creating-volumes.html
*
* Applies to actions:
* - .toCreateVolume()
* - .toCreateVolumeFromBackup()
* - .toDeleteVolume()
* - .toTagResource()
* - .toUpdateVolume()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifStorageVirtualMachineId(value, operator) {
return this.if(`StorageVirtualMachineId`, value, operator ?? 'StringLike');
}
}
exports.Fsx = Fsx;
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZnN4LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiZnN4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUNBLHlDQUF5RDtBQUV6RDs7OztHQUlHO0FBQ0gsTUFBYSxHQUFJLFNBQVEsd0JBQWU7SUFHdEM7Ozs7T0FJRztJQUNILFlBQVksR0FBWTtRQUN0QixLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7UUFSTixrQkFBYSxHQUFHLEtBQUssQ0FBQztRQXl2Qm5CLG9CQUFlLEdBQW9CO1lBQzNDLEtBQUssRUFBRTtnQkFDTCxzQkFBc0I7Z0JBQ3RCLDRCQUE0QjtnQkFDNUIsMEJBQTBCO2dCQUMxQixZQUFZO2dCQUNaLDZCQUE2QjtnQkFDN0IsOEJBQThCO2dCQUM5QixjQUFjO2dCQUNkLGlDQUFpQztnQkFDakMsMEJBQTBCO2dCQUMxQixpQkFBaUI7Z0JBQ2pCLGtCQUFrQjtnQkFDbEIsNEJBQTRCO2dCQUM1QixnQkFBZ0I7Z0JBQ2hCLDZCQUE2QjtnQkFDN0IsY0FBYztnQkFDZCx3QkFBd0I7Z0JBQ3hCLGNBQWM7Z0JBQ2QsaUNBQWlDO2dCQUNqQyxpQkFBaUI7Z0JBQ2pCLGtCQUFrQjtnQkFDbEIsZ0JBQWdCO2dCQUNoQiw2QkFBNkI7Z0JBQzdCLGNBQWM7Z0JBQ2QsOEJBQThCO2dCQUM5Qix5QkFBeUI7Z0JBQ3pCLCtCQUErQjtnQkFDL0IsNkJBQTZCO2dCQUM3QiwyQkFBMkI7Z0JBQzNCLGlDQUFpQztnQkFDakMsaUNBQWlDO2dCQUNqQyxpQkFBaUI7Z0JBQ2pCLGtCQUFrQjtnQkFDbEIsOEJBQThCO2dCQUM5QixnQkFBZ0I7Z0JBQ2hCLDZCQUE2QjtnQkFDN0IsY0FBYzthQUNmO1lBQ0Qsd0JBQXdCLEVBQUU7Z0JBQ3hCLG1DQUFtQztnQkFDbkMsc0JBQXNCO2dCQUN0QixtQkFBbUI7Z0JBQ25CLG1DQUFtQztnQkFDbkMsbUJBQW1CO2FBQ3BCO1lBQ0QsSUFBSSxFQUFFO2dCQUNKLGdDQUFnQztnQkFDaEMsaUJBQWlCO2dCQUNqQixvQ0FBb0M7Z0JBQ3BDLDZCQUE2QjtnQkFDN0Isb0JBQW9CO2dCQUNwQiwyQkFBMkI7Z0JBQzNCLHFCQUFxQjtnQkFDckIsa0NBQWtDO2dCQUNsQyxnQ0FBZ0M7Z0JBQ2hDLG1CQUFtQjtnQkFDbkIsZ0NBQWdDO2dCQUNoQyxpQkFBaUI7Z0JBQ2pCLHFCQUFxQjthQUN0QjtZQUNELE9BQU8sRUFBRTtnQkFDUCxhQUFhO2dCQUNiLGVBQWU7YUFDaEI7U0FDRixDQUFDO0lBanpCRixDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksc0JBQXNCO1FBQzNCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxzQkFBc0IsQ0FBQyxDQUFDO0lBQ3pDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSw0QkFBNEI7UUFDakMsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLDRCQUE0QixDQUFDLENBQUM7SUFDL0MsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLG1DQUFtQztRQUN4QyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsbUNBQW1DLENBQUMsQ0FBQztJQUN0RCxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksMEJBQTBCO1FBQy9CLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQywwQkFBMEIsQ0FBQyxDQUFDO0lBQzdDLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7OztPQWFHO0lBQ0ksWUFBWTtRQUNqQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsWUFBWSxDQUFDLENBQUM7SUFDL0IsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLDZCQUE2QjtRQUNsQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsNkJBQTZCLENBQUMsQ0FBQztJQUNoRCxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7O09BV0c7SUFDSSw4QkFBOEI7UUFDbkMsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLDhCQUE4QixDQUFDLENBQUM7SUFDakQsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7O09BYUc7SUFDSSxjQUFjO1FBQ25CLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxjQUFjLENBQUMsQ0FBQztJQUNqQyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7T0FhRztJQUNJLGlDQUFpQztRQUN0QyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsaUNBQWlDLENBQUMsQ0FBQztJQUNwRCxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7T0FhRztJQUNJLDBCQUEwQjtRQUMvQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsMEJBQTBCLENBQUMsQ0FBQztJQUM3QyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7T0FzQkc7SUFDSSxpQkFBaUI7UUFDdEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGlCQUFpQixDQUFDLENBQUM7SUFDcEMsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7OztPQWNHO0lBQ0ksa0JBQWtCO1FBQ3ZCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDO0lBQ3JDLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7Ozs7T0FjRztJQUNJLDRCQUE0QjtRQUNqQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsNEJBQTRCLENBQUMsQ0FBQztJQUMvQyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7T0FhRztJQUNJLGdCQUFnQjtRQUNyQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztJQUNuQyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7T0FhRztJQUNJLDZCQUE2QjtRQUNsQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsNkJBQTZCLENBQUMsQ0FBQztJQUNoRCxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7OztPQWVHO0lBQ0ksY0FBYztRQUNuQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsY0FBYyxDQUFDLENBQUM7SUFDakMsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7OztPQWNHO0lBQ0ksd0JBQXdCO1FBQzdCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyx3QkFBd0IsQ0FBQyxDQUFDO0lBQzNDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxjQUFjO1FBQ25CLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxjQUFjLENBQUMsQ0FBQztJQUNqQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksaUNBQWlDO1FBQ3RDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxpQ0FBaUMsQ0FBQyxDQUFDO0lBQ3BELENBQUM7SUFFRDs7Ozs7Ozs7Ozs7OztPQWFHO0lBQ0ksaUJBQWlCO1FBQ3RCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO0lBQ3BDLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7Ozs7T0FjRztJQUNJLGtCQUFrQjtRQUN2QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsa0JBQWtCLENBQUMsQ0FBQztJQUNyQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksc0JBQXNCO1FBQzNCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxzQkFBc0IsQ0FBQyxDQUFDO0lBQ3pDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxnQkFBZ0I7UUFDckIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGdCQUFnQixDQUFDLENBQUM7SUFDbkMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLDZCQUE2QjtRQUNsQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsNkJBQTZCLENBQUMsQ0FBQztJQUNoRCxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7OztPQWVHO0lBQ0ksY0FBYztRQUNuQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsY0FBYyxDQUFDLENBQUM7SUFDakMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGdDQUFnQztRQUNyQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsZ0NBQWdDLENBQUMsQ0FBQztJQUNuRCxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksaUJBQWlCO1FBQ3RCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO0lBQ3BDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxvQ0FBb0M7UUFDekMsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLG9DQUFvQyxDQUFDLENBQUM7SUFDdkQsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLDZCQUE2QjtRQUNsQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsNkJBQTZCLENBQUMsQ0FBQztJQUNoRCxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksb0JBQW9CO1FBQ3pCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxvQkFBb0IsQ0FBQyxDQUFDO0lBQ3ZDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSwyQkFBMkI7UUFDaEMsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLDJCQUEyQixDQUFDLENBQUM7SUFDOUMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHFCQUFxQjtRQUMxQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMscUJBQXFCLENBQUMsQ0FBQztJQUN4QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksa0NBQWtDO1FBQ3ZDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxrQ0FBa0MsQ0FBQyxDQUFDO0lBQ3JELENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxnQ0FBZ0M7UUFDckMsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGdDQUFnQyxDQUFDLENBQUM7SUFDbkQsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLG1CQUFtQjtRQUN4QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsbUJBQW1CLENBQUMsQ0FBQztJQUN0QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksZ0NBQWdDO1FBQ3JDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxnQ0FBZ0MsQ0FBQyxDQUFDO0lBQ25ELENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxpQkFBaUI7UUFDdEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGlCQUFpQixDQUFDLENBQUM7SUFDcEMsQ0FBQztJQUVEOzs7Ozs7Ozs7T0FTRztJQUNJLDhCQUE4QjtRQUNuQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsOEJBQThCLENBQUMsQ0FBQztJQUNqRCxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0kseUJBQXlCO1FBQzlCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyx5QkFBeUIsQ0FBQyxDQUFDO0lBQzVDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSwrQkFBK0I7UUFDcEMsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLCtCQUErQixDQUFDLENBQUM7SUFDbEQsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLG1CQUFtQjtRQUN4QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsbUJBQW1CLENBQUMsQ0FBQztJQUN0QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0kscUJBQXFCO1FBQzFCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxxQkFBcUIsQ0FBQyxDQUFDO0lBQ3hDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxtQ0FBbUM7UUFDeEMsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLG1DQUFtQyxDQUFDLENBQUM7SUFDdEQsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLG1CQUFtQjtRQUN4QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsbUJBQW1CLENBQUMsQ0FBQztJQUN0QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksNkJBQTZCO1FBQ2xDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyw2QkFBNkIsQ0FBQyxDQUFDO0lBQ2hELENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSwyQkFBMkI7UUFDaEMsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLDJCQUEyQixDQUFDLENBQUM7SUFDOUMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGlDQUFpQztRQUN0QyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsaUNBQWlDLENBQUMsQ0FBQztJQUNwRCxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7T0FVRztJQUNJLGFBQWE7UUFDbEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGFBQWEsQ0FBQyxDQUFDO0lBQ2hDLENBQUM7SUFFRDs7Ozs7Ozs7O09BU0c7SUFDSSxlQUFlO1FBQ3BCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxlQUFlLENBQUMsQ0FBQztJQUNsQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksaUNBQWlDO1FBQ3RDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxpQ0FBaUMsQ0FBQyxDQUFDO0lBQ3BELENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxpQkFBaUI7UUFDdEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGlCQUFpQixDQUFDLENBQUM7SUFDcEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGtCQUFrQjtRQUN2QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsa0JBQWtCLENBQUMsQ0FBQztJQUNyQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksOEJBQThCO1FBQ25DLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyw4QkFBOEIsQ0FBQyxDQUFDO0lBQ2pELENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxnQkFBZ0I7UUFDckIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGdCQUFnQixDQUFDLENBQUM7SUFDbkMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLDZCQUE2QjtRQUNsQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsNkJBQTZCLENBQUMsQ0FBQztJQUNoRCxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7T0FVRztJQUNJLGNBQWM7UUFDbkIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGNBQWMsQ0FBQyxDQUFDO0lBQ2pDLENBQUM7SUFxRUQ7Ozs7Ozs7Ozs7OztPQVlHO0lBQ0ksWUFBWSxDQUFDLFlBQW9CLEVBQUUsT0FBZ0IsRUFBRSxNQUFlLEVBQUUsU0FBa0I7UUFDN0YsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLE9BQVEsU0FBUyxJQUFJLElBQUksQ0FBQyxnQkFBaUIsUUFBUyxNQUFNLElBQUksSUFBSSxDQUFDLGFBQWMsSUFBSyxPQUFPLElBQUksSUFBSSxDQUFDLGNBQWUsZ0JBQWlCLFlBQWEsRUFBRSxDQUFDLENBQUM7SUFDeEssQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7T0FZRztJQUNJLFdBQVcsQ0FBQyxXQUFtQixFQUFFLE9BQWdCLEVBQUUsTUFBZSxFQUFFLFNBQWtCO1FBQzNGLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxPQUFRLFNBQVMsSUFBSSxJQUFJLENBQUMsZ0JBQWlCLFFBQVMsTUFBTSxJQUFJLElBQUksQ0FBQyxhQUFjLElBQUssT0FBTyxJQUFJLElBQUksQ0FBQyxjQUFlLGVBQWdCLFdBQVksRUFBRSxDQUFDLENBQUM7SUFDdEssQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7T0FZRztJQUNJLFFBQVEsQ0FBQyxRQUFnQixFQUFFLE9BQWdCLEVBQUUsTUFBZSxFQUFFLFNBQWtCO1FBQ3JGLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxPQUFRLFNBQVMsSUFBSSxJQUFJLENBQUMsZ0JBQWlCLFFBQVMsTUFBTSxJQUFJLElBQUksQ0FBQyxhQUFjLElBQUssT0FBTyxJQUFJLElBQUksQ0FBQyxjQUFlLFdBQVksUUFBUyxFQUFFLENBQUMsQ0FBQztJQUMvSixDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7T0FhRztJQUNJLHVCQUF1QixDQUFDLFlBQW9CLEVBQUUsdUJBQStCLEVBQUUsT0FBZ0IsRUFBRSxNQUFlLEVBQUUsU0FBa0I7UUFDekksT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLE9BQVEsU0FBUyxJQUFJLElBQUksQ0FBQyxnQkFBaUIsUUFBUyxNQUFNLElBQUksSUFBSSxDQUFDLGFBQWMsSUFBSyxPQUFPLElBQUksSUFBSSxDQUFDLGNBQWUsNEJBQTZCLFlBQWEsSUFBSyx1QkFBd0IsRUFBRSxDQUFDLENBQUM7SUFDak4sQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7T0FZRztJQUNJLE1BQU0sQ0FBQyxNQUFjLEVBQUUsT0FBZ0IsRUFBRSxNQUFlLEVBQUUsU0FBa0I7UUFDakYsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLE9BQVEsU0FBUyxJQUFJLElBQUksQ0FBQyxnQkFBaU