iam-floyd
Version:
AWS IAM policy statement generator with fluent interface
965 lines • 88.3 kB
JavaScript
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.Secretsmanager = void 0;
const shared_1 = require("../../shared");
/**
* Statement provider for service [secretsmanager](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
class Secretsmanager extends shared_1.PolicyStatement {
/**
* Statement provider for service [secretsmanager](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
constructor(sid) {
super(sid);
this.servicePrefix = 'secretsmanager';
this.accessLevelList = {
List: [
'BatchGetSecretValue',
'ListSecrets'
],
Write: [
'CancelRotateSecret',
'CreateSecret',
'DeleteSecret',
'PutSecretValue',
'RemoveRegionsFromReplication',
'ReplicateSecretToRegions',
'RestoreSecret',
'RotateSecret',
'StopReplicationToReplica',
'UpdateSecret',
'UpdateSecretVersionStage'
],
'Permissions management': [
'DeleteResourcePolicy',
'PutResourcePolicy',
'ValidateResourcePolicy'
],
Read: [
'DescribeSecret',
'GetRandomPassword',
'GetResourcePolicy',
'GetSecretValue',
'ListSecretVersionIds'
],
Tagging: [
'TagResource',
'UntagResource'
]
};
}
/**
* Grants permission to retrieve and decrypt a list of secrets
*
* Access Level: List
*
* https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_BatchGetSecretValue.html
*/
toBatchGetSecretValue() {
return this.to('BatchGetSecretValue');
}
/**
* Grants permission to cancel an in-progress secret rotation
*
* Access Level: Write
*
* Possible conditions:
* - .ifSecretId()
* - .ifResource()
* - .ifResourceTag()
* - .ifAwsResourceTag()
* - .ifSecretPrimaryRegion()
* - .ifResourceType()
*
* https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_CancelRotateSecret.html
*/
toCancelRotateSecret() {
return this.to('CancelRotateSecret');
}
/**
* Grants permission to create a secret that stores encrypted data that can be queried and rotated
*
* Access Level: Write
*
* Possible conditions:
* - .ifName()
* - .ifDescription()
* - .ifKmsKeyArn()
* - .ifKmsKeyId()
* - .ifAwsRequestTag()
* - .ifAwsResourceTag()
* - .ifAwsTagKeys()
* - .ifResourceTag()
* - .ifAddReplicaRegions()
* - .ifForceOverwriteReplicaSecret()
* - .ifType()
*
* https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_CreateSecret.html
*/
toCreateSecret() {
return this.to('CreateSecret');
}
/**
* Grants permission to delete the resource policy attached to a secret
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifSecretId()
* - .ifResource()
* - .ifResourceTag()
* - .ifAwsResourceTag()
* - .ifSecretPrimaryRegion()
* - .ifResourceType()
*
* https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteResourcePolicy.html
*/
toDeleteResourcePolicy() {
return this.to('DeleteResourcePolicy');
}
/**
* Grants permission to delete a secret
*
* Access Level: Write
*
* Possible conditions:
* - .ifSecretId()
* - .ifResource()
* - .ifRecoveryWindowInDays()
* - .ifForceDeleteWithoutRecovery()
* - .ifResourceTag()
* - .ifAwsResourceTag()
* - .ifSecretPrimaryRegion()
* - .ifResourceType()
*
* https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html
*/
toDeleteSecret() {
return this.to('DeleteSecret');
}
/**
* Grants permission to retrieve the metadata about a secret, but not the encrypted data
*
* Access Level: Read
*
* Possible conditions:
* - .ifSecretId()
* - .ifResource()
* - .ifResourceTag()
* - .ifAwsResourceTag()
* - .ifSecretPrimaryRegion()
* - .ifResourceType()
*
* https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DescribeSecret.html
*/
toDescribeSecret() {
return this.to('DescribeSecret');
}
/**
* Grants permission to generate a random string for use in password creation
*
* Access Level: Read
*
* https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetRandomPassword.html
*/
toGetRandomPassword() {
return this.to('GetRandomPassword');
}
/**
* Grants permission to get the resource policy attached to a secret
*
* Access Level: Read
*
* Possible conditions:
* - .ifSecretId()
* - .ifResource()
* - .ifResourceTag()
* - .ifAwsResourceTag()
* - .ifSecretPrimaryRegion()
* - .ifResourceType()
*
* https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetResourcePolicy.html
*/
toGetResourcePolicy() {
return this.to('GetResourcePolicy');
}
/**
* Grants permission to retrieve and decrypt the encrypted data
*
* Access Level: Read
*
* Possible conditions:
* - .ifSecretId()
* - .ifVersionId()
* - .ifVersionStage()
* - .ifResource()
* - .ifResourceTag()
* - .ifAwsResourceTag()
* - .ifSecretPrimaryRegion()
* - .ifResourceType()
*
* https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html
*/
toGetSecretValue() {
return this.to('GetSecretValue');
}
/**
* Grants permission to list the available versions of a secret
*
* Access Level: Read
*
* Possible conditions:
* - .ifSecretId()
* - .ifResource()
* - .ifResourceTag()
* - .ifAwsResourceTag()
* - .ifSecretPrimaryRegion()
* - .ifResourceType()
*
* https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_ListSecretVersionIds.html
*/
toListSecretVersionIds() {
return this.to('ListSecretVersionIds');
}
/**
* Grants permission to list the available secrets
*
* Access Level: List
*
* https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_ListSecrets.html
*/
toListSecrets() {
return this.to('ListSecrets');
}
/**
* Grants permission to attach a resource policy to a secret
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifSecretId()
* - .ifResource()
* - .ifResourceTag()
* - .ifAwsResourceTag()
* - .ifBlockPublicPolicy()
* - .ifSecretPrimaryRegion()
* - .ifResourceType()
*
* https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_PutResourcePolicy.html
*/
toPutResourcePolicy() {
return this.to('PutResourcePolicy');
}
/**
* Grants permission to create a new version of the secret with new encrypted data
*
* Access Level: Write
*
* Possible conditions:
* - .ifSecretId()
* - .ifResource()
* - .ifResourceTag()
* - .ifAwsResourceTag()
* - .ifSecretPrimaryRegion()
* - .ifResourceType()
*
* https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_PutSecretValue.html
*/
toPutSecretValue() {
return this.to('PutSecretValue');
}
/**
* Grants permission to remove regions from replication
*
* Access Level: Write
*
* Possible conditions:
* - .ifSecretId()
* - .ifResource()
* - .ifResourceTag()
* - .ifAwsResourceTag()
* - .ifSecretPrimaryRegion()
* - .ifResourceType()
*
* https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_RemoveRegionsFromReplication.html
*/
toRemoveRegionsFromReplication() {
return this.to('RemoveRegionsFromReplication');
}
/**
* Grants permission to convert an existing secret to a multi-Region secret and begin replicating the secret to a list of new regions
*
* Access Level: Write
*
* Possible conditions:
* - .ifSecretId()
* - .ifResource()
* - .ifResourceTag()
* - .ifAwsResourceTag()
* - .ifSecretPrimaryRegion()
* - .ifAddReplicaRegions()
* - .ifForceOverwriteReplicaSecret()
* - .ifResourceType()
*
* https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_ReplicateSecretToRegions.html
*/
toReplicateSecretToRegions() {
return this.to('ReplicateSecretToRegions');
}
/**
* Grants permission to cancel deletion of a secret
*
* Access Level: Write
*
* Possible conditions:
* - .ifSecretId()
* - .ifResource()
* - .ifResourceTag()
* - .ifAwsResourceTag()
* - .ifSecretPrimaryRegion()
* - .ifResourceType()
*
* https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_RestoreSecret.html
*/
toRestoreSecret() {
return this.to('RestoreSecret');
}
/**
* Grants permission to start rotation of a secret
*
* Access Level: Write
*
* Possible conditions:
* - .ifSecretId()
* - .ifRotationLambdaARN()
* - .ifResource()
* - .ifResourceTag()
* - .ifAwsResourceTag()
* - .ifSecretPrimaryRegion()
* - .ifModifyRotationRules()
* - .ifRotateImmediately()
* - .ifResourceType()
* - .ifExternalSecretRotationRoleArn()
*
* https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_RotateSecret.html
*/
toRotateSecret() {
return this.to('RotateSecret');
}
/**
* Grants permission to remove the secret from replication and promote the secret to a regional secret in the replica Region
*
* Access Level: Write
*
* Possible conditions:
* - .ifSecretId()
* - .ifResource()
* - .ifResourceTag()
* - .ifAwsResourceTag()
* - .ifSecretPrimaryRegion()
* - .ifResourceType()
*
* https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_StopReplicationToReplica.html
*/
toStopReplicationToReplica() {
return this.to('StopReplicationToReplica');
}
/**
* Grants permission to add tags to a secret
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifSecretId()
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifResource()
* - .ifResourceTag()
* - .ifAwsResourceTag()
* - .ifSecretPrimaryRegion()
* - .ifResourceType()
*
* https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_TagResource.html
*/
toTagResource() {
return this.to('TagResource');
}
/**
* Grants permission to remove tags from a secret
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifSecretId()
* - .ifAwsTagKeys()
* - .ifResource()
* - .ifResourceTag()
* - .ifAwsResourceTag()
* - .ifSecretPrimaryRegion()
* - .ifResourceType()
*
* https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_UntagResource.html
*/
toUntagResource() {
return this.to('UntagResource');
}
/**
* Grants permission to update a secret with new metadata or with a new version of the encrypted data
*
* Access Level: Write
*
* Possible conditions:
* - .ifSecretId()
* - .ifDescription()
* - .ifKmsKeyArn()
* - .ifKmsKeyId()
* - .ifResource()
* - .ifResourceTag()
* - .ifAwsResourceTag()
* - .ifSecretPrimaryRegion()
* - .ifType()
* - .ifResourceType()
*
* https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_UpdateSecret.html
*/
toUpdateSecret() {
return this.to('UpdateSecret');
}
/**
* Grants permission to move a stage from one secret to another
*
* Access Level: Write
*
* Possible conditions:
* - .ifSecretId()
* - .ifVersionStage()
* - .ifResource()
* - .ifResourceTag()
* - .ifAwsResourceTag()
* - .ifSecretPrimaryRegion()
* - .ifResourceType()
*
* https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_UpdateSecretVersionStage.html
*/
toUpdateSecretVersionStage() {
return this.to('UpdateSecretVersionStage');
}
/**
* Grants permission to validate a resource policy before attaching policy
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifSecretId()
* - .ifResource()
* - .ifResourceTag()
* - .ifAwsResourceTag()
* - .ifSecretPrimaryRegion()
* - .ifResourceType()
*
* https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_ValidateResourcePolicy.html
*/
toValidateResourcePolicy() {
return this.to('ValidateResourcePolicy');
}
/**
* Adds a resource of type Secret to the statement
*
* https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-resources-for-iam-policies
*
* @param secretId - Identifier for the secretId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsResourceTag()
* - .ifAwsTagKeys()
* - .ifResourceTag()
* - .ifResource()
* - .ifResourceType()
*/
onSecret(secretId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:secretsmanager:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:secret:${secretId}`);
}
/**
* Filters access by a key that is present in the request the user makes to the Secrets Manager service
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag
*
* Applies to actions:
* - .toCreateSecret()
* - .toTagResource()
*
* Applies to resource types:
* - Secret
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsRequestTag(tagKey, value, operator) {
return this.if(`aws:RequestTag/${tagKey}`, value, operator ?? 'StringLike');
}
/**
* Filters access by the tags associated with the resource
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag
*
* Applies to actions:
* - .toCancelRotateSecret()
* - .toCreateSecret()
* - .toDeleteResourcePolicy()
* - .toDeleteSecret()
* - .toDescribeSecret()
* - .toGetResourcePolicy()
* - .toGetSecretValue()
* - .toListSecretVersionIds()
* - .toPutResourcePolicy()
* - .toPutSecretValue()
* - .toRemoveRegionsFromReplication()
* - .toReplicateSecretToRegions()
* - .toRestoreSecret()
* - .toRotateSecret()
* - .toStopReplicationToReplica()
* - .toTagResource()
* - .toUntagResource()
* - .toUpdateSecret()
* - .toUpdateSecretVersionStage()
* - .toValidateResourcePolicy()
*
* Applies to resource types:
* - Secret
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsResourceTag(tagKey, value, operator) {
return this.if(`aws:ResourceTag/${tagKey}`, value, operator ?? 'StringLike');
}
/**
* Filters access by the list of all the tag key names present in the request the user makes to the Secrets Manager service
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys
*
* Applies to actions:
* - .toCreateSecret()
* - .toTagResource()
* - .toUntagResource()
*
* Applies to resource types:
* - Secret
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsTagKeys(value, operator) {
return this.if(`aws:TagKeys`, value, operator ?? 'StringLike');
}
/**
* Filters access by the list of Regions in which to replicate the secret
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html
*
* Applies to actions:
* - .toCreateSecret()
* - .toReplicateSecretToRegions()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAddReplicaRegions(value, operator) {
return this.if(`AddReplicaRegions`, value, operator ?? 'StringLike');
}
/**
* Filters access by whether the resource policy blocks broad AWS account access
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html
*
* Applies to actions:
* - .toPutResourcePolicy()
*
* @param value `true` or `false`. **Default:** `true`
*/
ifBlockPublicPolicy(value) {
return this.if(`BlockPublicPolicy`, (typeof value !== 'undefined' ? value : true), 'Bool');
}
/**
* Filters access by the description text in the request
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html
*
* Applies to actions:
* - .toCreateSecret()
* - .toUpdateSecret()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifDescription(value, operator) {
return this.if(`Description`, value, operator ?? 'StringLike');
}
/**
* Filters access by the managed external secret rotation role ARN in the request
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html
*
* Applies to actions:
* - .toRotateSecret()
*
* @param value The value(s) to check
* @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike`
*/
ifExternalSecretRotationRoleArn(value, operator) {
return this.if(`ExternalSecretRotationRoleArn`, value, operator ?? 'ArnLike');
}
/**
* Filters access by whether the secret is to be deleted immediately without any recovery window
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html
*
* Applies to actions:
* - .toDeleteSecret()
*
* @param value `true` or `false`. **Default:** `true`
*/
ifForceDeleteWithoutRecovery(value) {
return this.if(`ForceDeleteWithoutRecovery`, (typeof value !== 'undefined' ? value : true), 'Bool');
}
/**
* Filters access by whether to overwrite a secret with the same name in the destination Region
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html
*
* Applies to actions:
* - .toCreateSecret()
* - .toReplicateSecretToRegions()
*
* @param value `true` or `false`. **Default:** `true`
*/
ifForceOverwriteReplicaSecret(value) {
return this.if(`ForceOverwriteReplicaSecret`, (typeof value !== 'undefined' ? value : true), 'Bool');
}
/**
* Filters access by the key ARN of the KMS key in the request
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html
*
* Applies to actions:
* - .toCreateSecret()
* - .toUpdateSecret()
*
* @param value The value(s) to check
* @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike`
*/
ifKmsKeyArn(value, operator) {
return this.if(`KmsKeyArn`, value, operator ?? 'ArnLike');
}
/**
* Filters access by the key identifier of the KMS key in the request. Deprecated: Use secretsmanager:KmsKeyArn
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html
*
* Applies to actions:
* - .toCreateSecret()
* - .toUpdateSecret()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifKmsKeyId(value, operator) {
return this.if(`KmsKeyId`, value, operator ?? 'StringLike');
}
/**
* Filters access by whether the rotation rules of the secret are to be modified
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html
*
* Applies to actions:
* - .toRotateSecret()
*
* @param value `true` or `false`. **Default:** `true`
*/
ifModifyRotationRules(value) {
return this.if(`ModifyRotationRules`, (typeof value !== 'undefined' ? value : true), 'Bool');
}
/**
* Filters access by the friendly name of the secret in the request
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html
*
* Applies to actions:
* - .toCreateSecret()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifName(value, operator) {
return this.if(`Name`, value, operator ?? 'StringLike');
}
/**
* Filters access by the number of days that Secrets Manager waits before it can delete the secret
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html
*
* Applies to actions:
* - .toDeleteSecret()
*
* @param value The value(s) to check
* @param operator Works with [numeric operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_Numeric). **Default:** `NumericEquals`
*/
ifRecoveryWindowInDays(value, operator) {
return this.if(`RecoveryWindowInDays`, value, operator ?? 'NumericEquals');
}
/**
* Filters access by a tag key and value pair
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html
*
* Applies to actions:
* - .toCancelRotateSecret()
* - .toCreateSecret()
* - .toDeleteResourcePolicy()
* - .toDeleteSecret()
* - .toDescribeSecret()
* - .toGetResourcePolicy()
* - .toGetSecretValue()
* - .toListSecretVersionIds()
* - .toPutResourcePolicy()
* - .toPutSecretValue()
* - .toRemoveRegionsFromReplication()
* - .toReplicateSecretToRegions()
* - .toRestoreSecret()
* - .toRotateSecret()
* - .toStopReplicationToReplica()
* - .toTagResource()
* - .toUntagResource()
* - .toUpdateSecret()
* - .toUpdateSecretVersionStage()
* - .toValidateResourcePolicy()
*
* Applies to resource types:
* - Secret
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifResourceTag(tagKey, value, operator) {
return this.if(`ResourceTag/${tagKey}`, value, operator ?? 'StringLike');
}
/**
* Filters access by whether the secret is to be rotated immediately
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html
*
* Applies to actions:
* - .toRotateSecret()
*
* @param value `true` or `false`. **Default:** `true`
*/
ifRotateImmediately(value) {
return this.if(`RotateImmediately`, (typeof value !== 'undefined' ? value : true), 'Bool');
}
/**
* Filters access by the ARN of the rotation Lambda function in the request
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html
*
* Applies to actions:
* - .toRotateSecret()
*
* @param value The value(s) to check
* @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike`
*/
ifRotationLambdaARN(value, operator) {
return this.if(`RotationLambdaARN`, value, operator ?? 'ArnLike');
}
/**
* Filters access by the SecretID value in the request
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html
*
* Applies to actions:
* - .toCancelRotateSecret()
* - .toDeleteResourcePolicy()
* - .toDeleteSecret()
* - .toDescribeSecret()
* - .toGetResourcePolicy()
* - .toGetSecretValue()
* - .toListSecretVersionIds()
* - .toPutResourcePolicy()
* - .toPutSecretValue()
* - .toRemoveRegionsFromReplication()
* - .toReplicateSecretToRegions()
* - .toRestoreSecret()
* - .toRotateSecret()
* - .toStopReplicationToReplica()
* - .toTagResource()
* - .toUntagResource()
* - .toUpdateSecret()
* - .toUpdateSecretVersionStage()
* - .toValidateResourcePolicy()
*
* @param value The value(s) to check
* @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike`
*/
ifSecretId(value, operator) {
return this.if(`SecretId`, value, operator ?? 'ArnLike');
}
/**
* Filters access by primary region in which the secret is created if the secret is a multi-Region secret
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html
*
* Applies to actions:
* - .toCancelRotateSecret()
* - .toDeleteResourcePolicy()
* - .toDeleteSecret()
* - .toDescribeSecret()
* - .toGetResourcePolicy()
* - .toGetSecretValue()
* - .toListSecretVersionIds()
* - .toPutResourcePolicy()
* - .toPutSecretValue()
* - .toRemoveRegionsFromReplication()
* - .toReplicateSecretToRegions()
* - .toRestoreSecret()
* - .toRotateSecret()
* - .toStopReplicationToReplica()
* - .toTagResource()
* - .toUntagResource()
* - .toUpdateSecret()
* - .toUpdateSecretVersionStage()
* - .toValidateResourcePolicy()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSecretPrimaryRegion(value, operator) {
return this.if(`SecretPrimaryRegion`, value, operator ?? 'StringLike');
}
/**
* Filters access by the managed external secret type in the request
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html
*
* Applies to actions:
* - .toCreateSecret()
* - .toUpdateSecret()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifType(value, operator) {
return this.if(`Type`, value, operator ?? 'StringLike');
}
/**
* Filters access by the unique identifier of the version of the secret in the request
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html
*
* Applies to actions:
* - .toGetSecretValue()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifVersionId(value, operator) {
return this.if(`VersionId`, value, operator ?? 'StringLike');
}
/**
* Filters access by the list of version stages in the request
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html
*
* Applies to actions:
* - .toGetSecretValue()
* - .toUpdateSecretVersionStage()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifVersionStage(value, operator) {
return this.if(`VersionStage`, value, operator ?? 'StringLike');
}
/**
* Filters access by the ARN of the rotation Lambda function associated with the secret
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html
*
* Applies to actions:
* - .toCancelRotateSecret()
* - .toDeleteResourcePolicy()
* - .toDeleteSecret()
* - .toDescribeSecret()
* - .toGetResourcePolicy()
* - .toGetSecretValue()
* - .toListSecretVersionIds()
* - .toPutResourcePolicy()
* - .toPutSecretValue()
* - .toRemoveRegionsFromReplication()
* - .toReplicateSecretToRegions()
* - .toRestoreSecret()
* - .toRotateSecret()
* - .toStopReplicationToReplica()
* - .toTagResource()
* - .toUntagResource()
* - .toUpdateSecret()
* - .toUpdateSecretVersionStage()
* - .toValidateResourcePolicy()
*
* Applies to resource types:
* - Secret
*
* @param allowRotationLambdaArn The tag key to check
* @param value The value(s) to check
* @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike`
*/
ifResource(allowRotationLambdaArn, value, operator) {
return this.if(`resource/${allowRotationLambdaArn}`, value, operator ?? 'ArnLike');
}
/**
* Filters access by the managed external secret type associated with the secret
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html
*
* Applies to actions:
* - .toCancelRotateSecret()
* - .toDeleteResourcePolicy()
* - .toDeleteSecret()
* - .toDescribeSecret()
* - .toGetResourcePolicy()
* - .toGetSecretValue()
* - .toListSecretVersionIds()
* - .toPutResourcePolicy()
* - .toPutSecretValue()
* - .toRemoveRegionsFromReplication()
* - .toReplicateSecretToRegions()
* - .toRestoreSecret()
* - .toRotateSecret()
* - .toStopReplicationToReplica()
* - .toTagResource()
* - .toUntagResource()
* - .toUpdateSecret()
* - .toUpdateSecretVersionStage()
* - .toValidateResourcePolicy()
*
* Applies to resource types:
* - Secret
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifResourceType(value, operator) {
return this.if(`resource/Type`, value, operator ?? 'StringLike');
}
}
exports.Secretsmanager = Secretsmanager;
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2VjcmV0c21hbmFnZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJzZWNyZXRzbWFuYWdlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFDQSx5Q0FBeUQ7QUFFekQ7Ozs7R0FJRztBQUNILE1BQWEsY0FBZSxTQUFRLHdCQUFlO0lBR2pEOzs7O09BSUc7SUFDSCxZQUFZLEdBQVk7UUFDdEIsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBUk4sa0JBQWEsR0FBRyxnQkFBZ0IsQ0FBQztRQWdjOUIsb0JBQWUsR0FBb0I7WUFDM0MsSUFBSSxFQUFFO2dCQUNKLHFCQUFxQjtnQkFDckIsYUFBYTthQUNkO1lBQ0QsS0FBSyxFQUFFO2dCQUNMLG9CQUFvQjtnQkFDcEIsY0FBYztnQkFDZCxjQUFjO2dCQUNkLGdCQUFnQjtnQkFDaEIsOEJBQThCO2dCQUM5QiwwQkFBMEI7Z0JBQzFCLGVBQWU7Z0JBQ2YsY0FBYztnQkFDZCwwQkFBMEI7Z0JBQzFCLGNBQWM7Z0JBQ2QsMEJBQTBCO2FBQzNCO1lBQ0Qsd0JBQXdCLEVBQUU7Z0JBQ3hCLHNCQUFzQjtnQkFDdEIsbUJBQW1CO2dCQUNuQix3QkFBd0I7YUFDekI7WUFDRCxJQUFJLEVBQUU7Z0JBQ0osZ0JBQWdCO2dCQUNoQixtQkFBbUI7Z0JBQ25CLG1CQUFtQjtnQkFDbkIsZ0JBQWdCO2dCQUNoQixzQkFBc0I7YUFDdkI7WUFDRCxPQUFPLEVBQUU7Z0JBQ1AsYUFBYTtnQkFDYixlQUFlO2FBQ2hCO1NBQ0YsQ0FBQztJQXpkRixDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0kscUJBQXFCO1FBQzFCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxxQkFBcUIsQ0FBQyxDQUFDO0lBQ3hDLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7Ozs7T0FjRztJQUNJLG9CQUFvQjtRQUN6QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsb0JBQW9CLENBQUMsQ0FBQztJQUN2QyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7T0FtQkc7SUFDSSxjQUFjO1FBQ25CLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxjQUFjLENBQUMsQ0FBQztJQUNqQyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7O09BY0c7SUFDSSxzQkFBc0I7UUFDM0IsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHNCQUFzQixDQUFDLENBQUM7SUFDekMsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7Ozs7O09BZ0JHO0lBQ0ksY0FBYztRQUNuQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsY0FBYyxDQUFDLENBQUM7SUFDakMsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7OztPQWNHO0lBQ0ksZ0JBQWdCO1FBQ3JCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO0lBQ25DLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxtQkFBbUI7UUFDeEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLG1CQUFtQixDQUFDLENBQUM7SUFDdEMsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7OztPQWNHO0lBQ0ksbUJBQW1CO1FBQ3hCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxtQkFBbUIsQ0FBQyxDQUFDO0lBQ3RDLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7Ozs7OztPQWdCRztJQUNJLGdCQUFnQjtRQUNyQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztJQUNuQyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7O09BY0c7SUFDSSxzQkFBc0I7UUFDM0IsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHNCQUFzQixDQUFDLENBQUM7SUFDekMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGFBQWE7UUFDbEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGFBQWEsQ0FBQyxDQUFDO0lBQ2hDLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7Ozs7O09BZUc7SUFDSSxtQkFBbUI7UUFDeEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLG1CQUFtQixDQUFDLENBQUM7SUFDdEMsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7OztPQWNHO0lBQ0ksZ0JBQWdCO1FBQ3JCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO0lBQ25DLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7Ozs7T0FjRztJQUNJLDhCQUE4QjtRQUNuQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsOEJBQThCLENBQUMsQ0FBQztJQUNqRCxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7Ozs7T0FnQkc7SUFDSSwwQkFBMEI7UUFDL0IsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLDBCQUEwQixDQUFDLENBQUM7SUFDN0MsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7OztPQWNHO0lBQ0ksZUFBZTtRQUNwQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsZUFBZSxDQUFDLENBQUM7SUFDbEMsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7Ozs7Ozs7T0FrQkc7SUFDSSxjQUFjO1FBQ25CLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxjQUFjLENBQUMsQ0FBQztJQUNqQyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7O09BY0c7SUFDSSwwQkFBMEI7UUFDL0IsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLDBCQUEwQixDQUFDLENBQUM7SUFDN0MsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7Ozs7O09BZ0JHO0lBQ0ksYUFBYTtRQUNsQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsYUFBYSxDQUFDLENBQUM7SUFDaEMsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7Ozs7T0FlRztJQUNJLGVBQWU7UUFDcEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGVBQWUsQ0FBQyxDQUFDO0lBQ2xDLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7Ozs7Ozs7O09Ba0JHO0lBQ0ksY0FBYztRQUNuQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsY0FBYyxDQUFDLENBQUM7SUFDakMsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7Ozs7T0FlRztJQUNJLDBCQUEwQjtRQUMvQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsMEJBQTBCLENBQUMsQ0FBQztJQUM3QyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7O09BY0c7SUFDSSx3QkFBd0I7UUFDN0IsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHdCQUF3QixDQUFDLENBQUM7SUFDM0MsQ0FBQztJQXNDRDs7Ozs7Ozs7Ozs7Ozs7Ozs7T0FpQkc7SUFDSSxRQUFRLENBQUMsUUFBZ0IsRUFBRSxPQUFnQixFQUFFLE1BQWUsRUFBRSxTQUFrQjtRQUNyRixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsT0FBUSxTQUFTLElBQUksSUFBSSxDQUFDLGdCQUFpQixtQkFBb0IsTUFBTSxJQUFJLElBQUksQ0FBQyxhQUFjLElBQUssT0FBTyxJQUFJLElBQUksQ0FBQyxjQUFlLFdBQVksUUFBUyxFQUFFLENBQUMsQ0FBQztJQUMxSyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7OztPQWVHO0lBQ0ksZUFBZSxDQUFDLE1BQWMsRUFBRSxLQUF3QixFQUFFLFFBQTRCO1FBQzNGLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxrQkFBbUIsTUFBTyxFQUFFLEVBQUUsS0FBSyxFQUFFLFFBQVEsSUFBSSxZQUFZLENBQUMsQ0FBQztJQUNoRixDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztPQWlDRztJQUNJLGdCQUFnQixDQUFDLE1BQWMsRUFBRSxLQUF3QixFQUFFLFFBQTRCO1FBQzVGLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxtQkFBb0IsTUFBTyxFQUFFLEVBQUUsS0FBSyxFQUFFLFFBQVEsSUFBSSxZQUFZLENBQUMsQ0FBQztJQUNqRixDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7OztPQWVHO0lBQ0ksWUFBWSxDQUFDLEtBQXdCLEVBQUUsUUFBNEI7UUFDeEUsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGFBQWEsRUFBRSxLQUFLLEVBQUUsUUFBUSxJQUFJLFlBQVksQ0FBQyxDQUFDO0lBQ2pFLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7T0FXRztJQUNJLG1CQUFtQixDQUFDLEtBQXdCLEVBQUUsUUFBNEI7UUFDL0UsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLG1CQUFtQixFQUFFLEtBQUssRUFBRSxRQUFRLElBQUksWUFBWSxDQUFDLENBQUM7SUFDdkUsQ0FBQztJQUVEOzs7Ozs7Ozs7T0FTRztJQUNJLG1CQUFtQixDQUFDLEtBQWU7UUFDeEMsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLG1CQUFtQixFQUFFLENBQUMsT0FBTyxLQUFLLEtBQUssV0FBVyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxFQUFFLE1BQU0sQ0FBQyxDQUFDO0lBQzdGLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7T0FXRztJQUNJLGFBQWEsQ0FBQyxLQUF3QixFQUFFLFFBQTRCO1FBQ3pFLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxhQUFhLEVBQUUsS0FBSyxFQUFFLFFBQVEsSUFBSSxZQUFZLENBQUMsQ0FBQztJQUNqRSxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7T0FVRztJQUNJLCtCQUErQixDQUFDLEtBQXdCLEVBQUUsUUFBNEI7UUFDM0YsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLCtCQUErQixFQUFFLEtBQUssRUFBRSxRQUFRLElBQUksU0FBUyxDQUFDLENBQUM7SUFDaEYsQ0FBQztJQUVEOzs7Ozs7Ozs7T0FTRztJQUNJLDRCQUE0QixDQUFDLEtBQWU7UUFDakQsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLDRCQUE0QixFQUFFLENBQUMsT0FBTyxLQUFLLEtBQUssV0FBVyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxFQUFFLE1BQU0sQ0FBQyxDQUFDO0lBQ3RHLENBQUM7SUFFRDs7Ozs7Ozs7OztPQVVHO0lBQ0ksNkJBQTZCLENBQUMsS0FBZTtRQUNsRCxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsNkJBQTZCLEVBQUUsQ0FBQyxPQUFPLEtBQUssS0FBSyxXQUFXLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLEVBQUUsTUFBTSxDQUFDLENBQUM7SUFDdkcsQ0FBQztJQUVEOzs7Ozs7Ozs7OztPQVdHO0lBQ0ksV0FBVyxDQUFDLEtBQXdCLEVBQUUsUUFBNEI7UUFDdkUsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLFdBQVcsRUFBRSxLQUFLLEVBQUUsUUFBUSxJQUFJLFNBQVMsQ0FBQyxDQUFDO0lBQzVELENBQUM7SUFFRDs7Ozs7Ozs7Ozs7T0FXRztJQUNJLFVBQVUsQ0FBQyxLQUF3QixFQUFFLFFBQTRCO1FBQ3RFLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxVQUFVLEVBQUUsS0FBSyxFQUFFLFFBQVEsSUFBSSxZQUFZLENBQUMsQ0FBQztJQUM5RCxDQUFDO0lBRUQ7Ozs7Ozs7OztPQVNHO0lBQ0kscUJBQXFCLENBQUMsS0FBZTtRQUMxQyxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMscUJBQXFCLEVBQUUsQ0FBQyxPQUFPLEtBQUssS0FBSyxXQUFXLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLEVBQUUsTUFBTSxDQUFDLENBQUM7SUFDL0YsQ0FBQztJQUVEOzs7Ozs7Ozs7O09BVUc7SUFDSSxNQUFNLENBQUMsS0FBd0IsRUFBRSxRQUE0QjtRQUNsRSxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsTUFBTSxFQUFFLEtBQUssRUFBRSxRQUFRLElBQUksWUFBWSxDQUFDLENBQUM7SUFDMUQsQ0FBQztJQUVEOzs7Ozs7Ozs7O09BVUc7SUFDSSxzQkFBc0IsQ0FBQyxLQUF3QixFQUFFLFFBQTRCO1FBQ2xGLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxzQkFBc0IsRUFBRSxLQUFLLEVBQUUsUUFBUSxJQUFJLGVBQWUsQ0FBQyxDQUFDO0lBQzdFLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O09BaUNHO0lBQ0ksYUFBYSxDQUFDLE1BQWMsRUFBRSxLQUF3QixFQUFFLFFBQTRCO1FBQ3pGLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxlQUFnQixNQUFPLEVBQUUsRUFBRSxLQUFLLEVBQUUsUUFBUSxJQUFJLFlBQVksQ0FBQyxDQUFDO0lBQzdFLENBQUM7SUFFRDs7Ozs7Ozs7O09BU0c7SUFDSSxtQkFBbUIsQ0FBQyxLQUFlO1FBQ3hDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxtQkFBbUIsRUFBRSxDQUFDLE9BQU8sS0FBSyxLQUFLLFdBQVcsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsRUFBRSxNQUFNLENBQUMsQ0FBQztJQUM3RixDQUFDO0lBRUQ7Ozs7Ozs7Ozs7T0FVRztJQUNJLG1CQUFtQixDQUFDLEtBQXdCLEVBQUUsUUFBNEI7UUFDL0UsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLG1CQUFtQixFQUFFLEtBQUssRUFBRSxRQUFRLElBQUksU0FBUyxDQUFDLENBQUM7SUFDcEUsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O09BNEJHO0lBQ0ksVUFBVSxDQUFDLEtBQXdCLEVBQUUsUUFBNEI7UUFDdEUsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLFVBQVUsRUFBRSxLQUFLLEVBQUUsUUFBUSxJQUFJLFNBQVMsQ0FBQyxDQUFDO0lBQzNELENBQUM7SUFFRDs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztPQTRCRztJQUNJLHFCQUFxQixDQUFDLEtBQXdCLEVBQUUsUUFBNEI7UUFDakYsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHFCQUFxQixFQUFFLEtBQUssRUFBRSxRQUFRLElBQUksWUFBWSxDQUFDLENBQUM7SUFDekUsQ0FBQztJQUVEOzs7Ozs7Ozs7OztPQVdHO0lBQ0ksTUFBTSxDQUFDLEtBQXdCLEVBQUUsUUFBNEI7UUFDbEUsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLE1BQU0sRUFBRSxLQUFLLEVBQUUsUUFBUSxJQUFJLFlBQVksQ0FBQyxDQUFDO0lBQzFELENBQUM7SUFFRDs7Ozs7Ozs7OztPQVVHO0lBQ0ksV0FBVyxDQUFDLEtBQXdCLEVBQUUsUUFBNEI7UUFDdkUsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLFdBQVcsRUFBRSxLQUFLLEVBQUUsUUFBUSxJQUFJLFlBQVksQ0FBQyxDQUFDO0lBQy9ELENBQUM7SUFFRDs7Ozs7Ozs7Ozs7T0FXRztJQUNJLGNBQWMsQ0FBQyxLQUF3QixFQUFFLFFBQTRCO1FBQzFFLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxjQUFjLEVBQUUsS0FBSyxFQUFFLFFBQVEsSUFBSSxZQUFZLENBQUMsQ0FBQztJQUNsRSxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O09BZ0NHO0lBQ0ksVUFBVSxDQUFDLHNCQUE4QixFQUFFLEtBQXdCLEVBQUUsUUFBNEI7UUFDdEcsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLFlBQWEsc0JBQXVCLEVBQUUsRUFBRSxLQUFLLEVBQUUsUUFBUSxJQUFJLFNBQVMsQ0FBQyxDQUFDO0lBQ3ZGLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztPQStCRztJQUNJLGNBQWMsQ0FBQyxLQUF3QixFQUFFLFFBQTRCO1FBQzFFLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxlQUFlLEVBQUUsS0FBSyxFQUFFLFFBQVEsSUFBSSxZQUFZLENBQUMsQ0FBQztJQUNuRSxDQUFDO0NBQ0Y7QUEzK0JELHdDQTIrQkMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBBY2Nlc3NMZXZlbExpc3QgfSBmcm9tICcuLi8uLi9zaGFyZWQvYWNjZXNzLWxldmVsJztcbmltcG9ydCB7IFBvbGljeVN0YXRlbWVudCwgT3BlcmF0b3IgfSBmcm9tICcuLi8uLi9zaGFyZWQnO1xuXG4vKipcbiAqIFN0YXRlbWVudCBwcm92aWRlciBmb3Igc2VydmljZSBbc2VjcmV0c21hbmFnZXJdKGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9zZXJ2aWNlLWF1dGhvcml6YXRpb24vbGF0ZXN0L3JlZmVyZW5jZS9saXN0X2F3c3NlY3JldHNtYW5hZ2VyLmh0bWwpLlxuICpcbiAqIEBwYXJhbSBzaWQgW1NJRF0oaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL0lBTS9sYXRlc3QvVXNlckd1aWRlL3JlZmVyZW5jZV9wb2xpY2llc19lbGVtZW50c19zaWQuaHRtbCkgb2YgdGhlIHN0YXRlbWVudFxuICovXG5leHBvcnQgY2xhc3MgU2VjcmV0c21hbmFnZXIgZXh0ZW5kcyBQb2xpY3lTdGF0ZW1lbnQge1xuICBwdWJsaWMgc2VydmljZVByZWZpeCA9ICdzZWNyZXRzbWFuYWdlcic7XG5cbiAgLyoqXG4gICAqIFN0YXRlbWVudCBwcm92aWRlciBmb3Igc2VydmljZSBbc2VjcmV0c21hbmFnZXJdKGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9zZXJ2aWNlLWF1dGhvcml6YXRpb24vbGF0ZXN0L3JlZmVyZW5jZS9saXN0X2F3c3NlY3JldHNtYW5hZ2VyLmh0bWwpLlxuICAgKlxuICAgKiBAcGFyYW0gc2lkIFtTSURdKGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9JQU0vbGF0ZXN0L1VzZXJHdWlkZS9yZWZlcmVuY2VfcG9saWNpZXNfZWxlbWVudHNfc2lkLmh0bWwpIG9mIHRoZSBzdGF0ZW1lbnRcbiAgICovXG4gIGNvbnN0cnVjdG9yKHNpZD86IHN0cmluZykge1xuICAgIHN1cGVyKHNpZCk7XG4gIH1cblxuICAvKipcbiAgICogR3JhbnRzIHBlcm1pc3Npb24gdG8gcmV0cmlldmUgYW5kIGRlY3J5cHQgYSBsaXN0IG9mIHNlY3JldHNcbiAgICpcbiAgICogQWNjZXNzIExldmVsOiBMaXN0XG4gICAqXG4gICAqIGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9zZWNyZXRzbWFuYWdlci9sYXRlc3QvYXBpcmVmZXJlbmNlL0FQSV9CYXRjaEdldFNlY3JldFZhbHVlLmh0bWxcbiAgICovXG4gIHB1YmxpYyB0b0JhdGNoR2V0U2VjcmV0VmFsdWUoKSB7XG4gICAgcmV0dXJuIHRoaXMudG8oJ0JhdGNoR2V0U2VjcmV0VmFsdWUnKTtcbiAgfVxuXG4gIC8qKlxuICAgKiBHcmFudHMgcGVybWlzc2lvbiB0byBjYW5jZWwgYW4gaW4tcHJvZ3Jlc3Mgc2VjcmV0IHJvdGF0aW9uXG4gICAqXG4gICAqIEFjY2VzcyBMZXZlbDogV3JpdGVcbiAgICpcbiAgICogUG9zc2libGUgY29uZGl0aW9uczpcbiAgICogLSAuaWZTZWNyZXRJZCgpXG4gICAqIC0gLmlmUmVzb3VyY2UoKVxuICAgKiAtIC5pZlJlc291cmNlVGFnKClcbiAgICogLSAuaWZBd3NSZXNvdXJjZVRhZygpXG4gICAqIC0gLmlmU2VjcmV0UHJpbWFyeVJlZ2lvbigpXG4gICAqIC0gLmlmUmVzb3VyY2VUeXBlKClcbiAgICpcbiAgICogaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL3NlY3JldHNtYW5hZ2VyL2xhdGVzdC9hcGlyZWZlcmVuY2UvQVBJX0NhbmNlbFJvdGF0ZVNlY3JldC5odG1sXG4gICAqL1xuICBwdWJsaWMgdG9DYW5jZWxSb3RhdGVTZWNyZXQoKSB7XG4gICAgcmV0dXJuIHRoaXMudG8oJ0NhbmNlbFJvdGF0ZVNlY3JldCcpO1xuICB9XG5cbiAgLyoqXG4gICAqIEdyYW50cyBwZXJtaXNzaW9uIHRvIGNyZWF0ZSBhIHNlY3JldCB0aGF0IHN0b3JlcyBlbmNyeXB0ZWQgZGF0YSB0aGF0IGNhbiBiZSBxdWVyaWVkIGFuZCByb3RhdGVkXG4gICAqXG4gICAqIEFjY2VzcyBMZXZlbDogV3JpdGVcbiAgICpcbiAgICogUG9zc2libGUgY29uZGl0aW9uczpcbiAgICogLSAuaWZOYW1lKClcbiAgICogLSAuaWZEZXNjcmlwdGlvbigpXG4gICAqIC0gLmlmS21zS2V5QXJuKClcbiAgICogLSAuaWZLbXNLZXlJZCgpXG4gICAqIC0gLmlmQXdzUmVxdWVzdFRhZygpXG4gICAqIC0gLmlmQXdzUmVzb3VyY2VUYWcoKVxuICAgKiAtIC5pZkF3c1RhZ0tleXMoKVxuICAgKiAtIC5pZlJlc291cmNlVGFnKClcbiAgICogLSAuaWZBZGRSZXBsaWNhUmVnaW9ucygpXG4gICAqIC0gLmlmRm9yY2VPdmVyd3JpdGVSZXBsaWNhU2VjcmV0KClcbiAgICogLSAuaWZUeXBlKClcbiAgICpcbiAgICogaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL3NlY3JldHNtYW5hZ2VyL2xhdGVzdC9hcGlyZWZlcmVuY2UvQVBJX0NyZWF0ZVNlY3JldC5odG1sXG4gICAqL1xuICBwdWJsaWMgdG9DcmVhdGVTZWNyZXQoKSB7XG4gICAgcmV0dXJuIHRoaXMudG8oJ0NyZWF0ZVNlY3JldCcpO1xuICB9XG5cbiAgLyoqXG4gICAqIEdyYW50cyBwZXJtaXNzaW9uIHRvIGRlbGV0ZSB0aGUgcmVzb3VyY2UgcG9saWN5IGF0dGFjaGVkIHRvIGEgc2VjcmV0XG4gICAqXG4gICAqIEFjY2VzcyBMZXZlbDogUGVybWlzc2lvbnMgbWFuYWdlbWVudFxuICAgKlxuICAgKiBQb3NzaWJsZSBjb25kaXRpb25zOlxuICAgKiAtIC5pZlNlY3JldElkKClcbiAgICogLSAuaWZSZXNvdXJjZSgpXG4gICAqIC0gLmlmUmVzb3VyY2VUYWcoKVxuICAgKiAtIC5pZkF3c1Jlc291cmNlVGFnKClcbiAgICogLSAuaWZTZWNyZXRQcmltYXJ5UmVnaW9uKClcbiAgICogLSAuaWZSZXNvdXJjZVR5cGUoKVxuICAgKlxuICAgKiBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vc2VjcmV0c21hbmFnZXIvbGF0ZXN0L2FwaXJlZmVyZW5jZS9BUElfRGVsZXRlUmVzb3VyY2VQb2xpY3kuaHRtbFxuICAgKi9cbiAgcHVibGljIHRvRGVsZXRlUmVzb3VyY2VQb2xpY3koKSB7XG4gICAgcmV0dXJuIHRoaXMudG8oJ0RlbGV0ZVJlc291cmNlUG9saWN5Jyk7XG4gIH1cblxuICAvKipcbiAgICogR3JhbnRzIHBlcm1pc3Npb24gdG8gZGVsZXRlIGEgc2VjcmV0XG4gICAqXG4gICAqIEFjY2VzcyBMZXZlbDogV3JpdGVcbiAgICpcbiAgICogUG9zc2libGUgY29uZGl0aW9uczpcbiAgICogLSAuaWZTZWNyZXRJZCgpXG4gICAqIC0gLmlmUmVzb3VyY2UoKVxuICAgKiAtIC5pZlJlY292ZXJ5V2luZG93SW5EYXlzKClcbiAgICogLSAuaWZGb3JjZURlbGV0ZVdpdGhvdXRSZWNvdmVyeSgpXG4gICAqIC0gLmlmUmVzb3VyY2VUYWcoKVxuICAgKiAtIC5pZkF3c1Jlc291cmNlVGFnKClcbiAgICogLSAuaWZTZWNyZXRQcmltYXJ5UmVnaW9uKClcbiAgICogLSAuaWZSZXNvdXJjZVR5cGUoKVxuICAgKlxuICAgKiBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vc2VjcmV0c21hbmFnZXIvbGF0ZXN0L2FwaXJlZmVyZW5jZS9BUElfRGVsZXRlU2VjcmV0Lmh0bWxcbiAgICovXG4gIHB1YmxpYyB0b0RlbGV0ZVNlY3JldCgpIHtcbiAgICByZXR1cm4gdGhpcy50bygnRGVsZXRlU2VjcmV0Jyk7XG4gIH1cblxuICAvKipcbiAgICogR3JhbnRzIHBlcm1pc3Npb24gdG8gcmV0cmlldmUgdGhlIG1ldGFkYXRhIGFib3V0IGEgc2VjcmV0LCBidXQgbm90IHRoZSBlbmNyeXB0ZWQgZGF0YVxuICAgKlxuICAgKiBBY2Nlc3MgTGV2ZWw6IFJlYWRcbiAgICpcbiAgICogUG9zc2libGUgY29uZGl0aW9uczpcbiAgICogLSAuaWZTZWNyZXRJZCgpXG4gICAqIC0gLmlmUmVzb3VyY2UoKVxuICAgKiAtIC5pZlJlc291cmNlVGFnKClcbiAgICogLSAuaWZBd3NSZXNvdXJjZVRhZygpXG4gICAqIC0gLmlmU2VjcmV0UHJpbWFyeVJlZ2lvbigpXG4gICAqIC0gLmlmUmVzb3VyY2VUeXBlKClcbiAgICpcbiAgICogaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL3NlY3JldHNtYW5hZ2VyL2xhdGVzdC9hcGlyZWZlcmVuY2UvQVBJX0Rlc2NyaWJlU2VjcmV0Lmh0bWxcbiAgICovXG4gIHB1YmxpYyB0b0Rlc2NyaWJlU2VjcmV0KCkge1xuICAgIHJldHVybiB0aGlzLnRvKCdEZXNjcmliZVNlY3JldCcpO1xuICB9XG5cbiAgLyoqXG4gICAqIEdyYW50cyBwZXJtaXNzaW9uIHRvIGdlbmVyYXRlIGEgcmFuZG9tIHN0cmluZyBmb3IgdXNlIGluIHBhc3N3b3JkIGNyZWF0aW9uXG4gICAqXG4gICAqIEFjY2VzcyBMZXZlbDogUmVhZFxuICAgKlxuICAgKiBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vc2VjcmV0c21hbmFnZXIvbGF0ZXN0L2FwaXJlZmVyZW5jZS9BUElfR2V0UmFuZG9tUGFzc3dvcmQuaHRtbFxuICAgKi9cbiAgcHVibGljIHRvR2V0UmFuZG9tUGFzc3dvcmQoKSB7XG4gICAgcmV0dXJuIHRoaXMudG8oJ0dldFJhbmRvbVBhc3N3b3JkJyk7XG4gIH1cblxuICAvKipcbiAgICogR3JhbnRzIHBlcm1pc3Npb24gdG8gZ2V0IHRoZSByZXNvdXJjZSBwb2xpY3kgYXR0YWNoZWQgdG8gYSBzZWNyZXRcbiAgICpcbiAgICogQWNjZXNzIExldmVsOiBSZWFkXG4gICAqXG4gICAqIFBvc3NpYmxlIGNvbmRpdGlvbnM6XG4gICAqIC0gLmlmU2VjcmV0SWQoKVxuICAgKiAtIC5pZlJlc291cmNlKClcbiAgICogLSAuaWZSZXNvdXJjZVRhZygpXG4gICAqIC0gLmlmQXdzUmVzb3VyY2VUYWcoKVxuICAgKiAtIC5pZlNlY3JldFByaW1hcnlSZWdpb24oKVxuICAgKiAtIC5pZlJlc291cmNlVHlwZSgpXG4gICAqXG4gICAqIGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9zZWNyZXRzbWFuYWdlci9sYXRlc3QvYXBpcmVmZXJlbmNlL0FQSV9HZXRSZXNvdXJjZVBvbGljeS5odG1sXG4gICAqL1xuICBwdWJsaWMgdG9HZXRSZXNvdXJjZVBvbGljeSgpIHtcbiAgICByZXR1cm4gdGhpcy50bygnR2V0UmVzb3VyY2VQb2xpY3knKTtcbiAgfVxuXG4gIC8qKlxuICAgKiBHcmFudHMgcGVybWlzc2lvbiB0byByZXRyaWV2ZSBhbmQgZGVjcnlwdCB0aGUgZW5jcnlwdGVkIGRhdGFcbiAgICpcbiAgICogQWNjZXNzIExldmVsOiBSZWFkXG4gICAqXG4gICAqIFBvc3NpYmxlIGNvbmRpdGlvbnM6XG4gICAqIC0gLmlmU2VjcmV0SWQoKVxuICAgKiAtIC5pZlZlcnNpb25JZCgpXG4gICAqIC0gLmlmVmVyc2lvblN0YWdlKClcbiAgICogLSAuaWZSZXNvdXJjZSgpXG4gICAqIC0gLmlmUmVzb3VyY2VUYWcoKVxuICAgKiAtIC5pZkF3c1Jlc291cmNlVGFnKClcbiAgICogLSAuaWZTZWNyZXRQcmltYXJ5UmVnaW9uKClcbiAgICogLSAuaWZSZXNvdXJjZVR5cGUoKVxuICAgKlxuICAgKiBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vc2VjcmV0c21hbmFnZXIvbGF0ZXN0L2FwaXJlZmVyZW5jZS9BUElfR2V0U2VjcmV0VmFsdWUuaHRtbFxuICAgKi9cbiAgcHVibGljIHRvR2V0U2VjcmV0VmFsdWUoKSB7XG4gICAgcmV0dXJuIHRoaXMu