/*******************************************************************************
* Copyright 2012-2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use
* this file except in compliance with the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file.
* This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
* *****************************************************************************
*
* AWS Tools for Windows (TM) PowerShell (TM)
*
*/
using System;
using System.Collections.Generic;
using System.Linq;
using System.Management.Automation;
using System.Text;
using Amazon.PowerShell.Common;
using Amazon.Runtime;
using Amazon.IdentityManagement;
using Amazon.IdentityManagement.Model;
namespace Amazon.PowerShell.Cmdlets.IAM
{
///
/// Simulate how a set of IAM policies and optionally a resource-based policy works with
/// a list of API operations and Amazon Web Services resources to determine the policies'
/// effective permissions. The policies are provided as strings.
///
///
///
/// The simulation does not perform the API operations; it only checks the authorization
/// to determine if the simulated policies allow or deny the operations. You can simulate
/// resources that don't exist in your account.
///
/// If you want to simulate existing policies that are attached to an IAM user, group,
/// or role, use SimulatePrincipalPolicy instead.
///
/// Context keys are variables that are maintained by Amazon Web Services and its services
/// and which provide details about the context of an API query request. You can use the
/// Condition element of an IAM policy to evaluate context keys. To get the
/// list of context keys that the policies require for correct simulation, use GetContextKeysForCustomPolicy.
///
/// If the output is long, you can use MaxItems and Marker parameters
/// to paginate the results.
///
/// The IAM policy simulator evaluates statements in the identity-based policy and the
/// inputs that you provide during simulation. The policy simulator results can differ
/// from your live Amazon Web Services environment. We recommend that you check your policies
/// against your live Amazon Web Services environment after testing using the policy simulator
/// to confirm that you have the desired results. For more information about using the
/// policy simulator, see Testing
/// IAM policies with the IAM policy simulator in the IAM User Guide.
///
This cmdlet automatically pages all available results to the pipeline - parameters related to iteration are only needed if you want to manually control the paginated output. To disable autopagination, use -NoAutoIteration.
///
[Cmdlet("Test", "IAMCustomPolicy")]
[OutputType("Amazon.IdentityManagement.Model.EvaluationResult")]
[AWSCmdlet("Calls the AWS Identity and Access Management SimulateCustomPolicy API operation.", Operation = new[] {"SimulateCustomPolicy"}, SelectReturnType = typeof(Amazon.IdentityManagement.Model.SimulateCustomPolicyResponse))]
[AWSCmdletOutput("Amazon.IdentityManagement.Model.EvaluationResult or Amazon.IdentityManagement.Model.SimulateCustomPolicyResponse",
"This cmdlet returns a collection of Amazon.IdentityManagement.Model.EvaluationResult objects.",
"The service call response (type Amazon.IdentityManagement.Model.SimulateCustomPolicyResponse) can also be referenced from properties attached to the cmdlet entry in the $AWSHistory stack."
)]
public partial class TestIAMCustomPolicyCmdlet : AmazonIdentityManagementServiceClientCmdlet, IExecutor
{
#region Parameter ActionName
///
///
/// A list of names of API operations to evaluate in the simulation. Each operation is
/// evaluated against each resource. Each operation must include the service identifier,
/// such as iam:CreateUser. This operation does not support using wildcards
/// (*) in an action name.
///
///
#if !MODULAR
[System.Management.Automation.Parameter(ValueFromPipelineByPropertyName = true)]
#else
[System.Management.Automation.Parameter(ValueFromPipelineByPropertyName = true, Mandatory = true)]
[System.Management.Automation.AllowEmptyCollection]
[System.Management.Automation.AllowNull]
#endif
[Amazon.PowerShell.Common.AWSRequiredParameter]
[Alias("ActionNames")]
public System.String[] ActionName { get; set; }
#endregion
#region Parameter CallerArn
///
///
/// The ARN of the IAM user that you want to use as the simulated caller of the API operations.
/// CallerArn is required if you include a ResourcePolicy so
/// that the policy's Principal element has a value to use in evaluating
/// the policy.You can specify only the ARN of an IAM user. You cannot specify the ARN of an assumed
/// role, federated user, or a service principal.
///
///
[System.Management.Automation.Parameter(ValueFromPipelineByPropertyName = true)]
public System.String CallerArn { get; set; }
#endregion
#region Parameter ContextEntry
///
///
/// A list of context keys and corresponding values for the simulation to use. Whenever
/// a context key is evaluated in one of the simulated IAM permissions policies, the corresponding
/// value is supplied.
///
///
[System.Management.Automation.Parameter(ValueFromPipelineByPropertyName = true)]
[Alias("ContextEntries")]
public Amazon.IdentityManagement.Model.ContextEntry[] ContextEntry { get; set; }
#endregion
#region Parameter PermissionsBoundaryPolicyInputList
///
///
/// The IAM permissions boundary policy to simulate. The permissions boundary sets the
/// maximum permissions that an IAM entity can have. You can input only one permissions
/// boundary when you pass a policy to this operation. For more information about permissions
/// boundaries, see Permissions
/// boundaries for IAM entities in the IAM User Guide. The policy input is
/// specified as a string that contains the complete, valid JSON text of a permissions
/// boundary policy.The maximum length of the policy document that you can pass in this operation, including
/// whitespace, is listed below. To view the maximum character counts of a managed policy
/// with no whitespaces, see IAM
/// and STS character quotas.The regex pattern used to validate this
/// parameter is a string of characters consisting of the following:- Any printable ASCII character ranging from the space character (
\u0020)
/// through the end of the ASCII character range - The printable characters in the Basic Latin and Latin-1 Supplement character set (through
///
\u00FF) - The special characters tab (
\u0009), line feed (\u000A),
/// and carriage return (\u000D)
///
///
[System.Management.Automation.Parameter(ValueFromPipelineByPropertyName = true)]
public System.String[] PermissionsBoundaryPolicyInputList { get; set; }
#endregion
#region Parameter PolicyInputList
///
///
/// A list of policy documents to include in the simulation. Each document is specified
/// as a string containing the complete, valid JSON text of an IAM policy. Do not include
/// any resource-based policies in this parameter. Any resource-based policy must be submitted
/// with the ResourcePolicy parameter. The policies cannot be "scope-down"
/// policies, such as you could include in a call to GetFederationToken
/// or one of the AssumeRole
/// API operations. In other words, do not use policies designed to restrict what a user
/// can do while using the temporary credentials.The maximum length of the policy document that you can pass in this operation, including
/// whitespace, is listed below. To view the maximum character counts of a managed policy
/// with no whitespaces, see IAM
/// and STS character quotas.The regex pattern used to validate this
/// parameter is a string of characters consisting of the following:- Any printable ASCII character ranging from the space character (
\u0020)
/// through the end of the ASCII character range - The printable characters in the Basic Latin and Latin-1 Supplement character set (through
///
\u00FF) - The special characters tab (
\u0009), line feed (\u000A),
/// and carriage return (\u000D)
///
///
#if !MODULAR
[System.Management.Automation.Parameter(ValueFromPipelineByPropertyName = true)]
#else
[System.Management.Automation.Parameter(ValueFromPipelineByPropertyName = true, Mandatory = true)]
[System.Management.Automation.AllowEmptyCollection]
[System.Management.Automation.AllowNull]
#endif
[Amazon.PowerShell.Common.AWSRequiredParameter]
public System.String[] PolicyInputList { get; set; }
#endregion
#region Parameter ResourceArn
///
///
/// A list of ARNs of Amazon Web Services resources to include in the simulation. If this
/// parameter is not provided, then the value defaults to * (all resources).
/// Each API in the ActionNames parameter is evaluated for each resource
/// in this list. The simulation determines the access result (allowed or denied) of each
/// combination and reports it in the response. You can simulate resources that don't
/// exist in your account.The simulation does not automatically retrieve policies for the specified resources.
/// If you want to include a resource policy in the simulation, then you must include
/// the policy as a string in the ResourcePolicy parameter.If you include a ResourcePolicy, then it must be applicable to all of
/// the resources included in the simulation or you receive an invalid input error.For more information about ARNs, see Amazon
/// Resource Names (ARNs) in the Amazon Web Services General Reference.Simulation of resource-based policies isn't supported for IAM roles.
///
///
[System.Management.Automation.Parameter(ValueFromPipelineByPropertyName = true)]
[Alias("ResourceArns")]
public System.String[] ResourceArn { get; set; }
#endregion
#region Parameter ResourceHandlingOption
///
///
/// Specifies the type of simulation to run. Different API operations that support resource-based
/// policies require different combinations of resources. By specifying the type of simulation
/// to run, you enable the policy simulator to enforce the presence of the required resources
/// to ensure reliable simulation results. If your simulation does not match one of the
/// following scenarios, then you can omit this parameter. The following list shows each
/// of the supported scenario values and the resources that you must define to run the
/// simulation.Each of the EC2 scenarios requires that you specify instance, image, and security
/// group resources. If your scenario includes an EBS volume, then you must specify that
/// volume as a resource. If the EC2 scenario includes VPC, then you must supply the network
/// interface resource. If it includes an IP subnet, then you must specify the subnet
/// resource. For more information on the EC2 scenario options, see Supported
/// platforms in the Amazon EC2 User Guide.- EC2-VPC-InstanceStoreinstance, image, security group, network interface
- EC2-VPC-InstanceStore-Subnetinstance, image, security group, network interface, subnet
- EC2-VPC-EBSinstance, image, security group, network interface, volume
- EC2-VPC-EBS-Subnetinstance, image, security group, network interface, subnet, volume
///
///
[System.Management.Automation.Parameter(ValueFromPipelineByPropertyName = true)]
public System.String ResourceHandlingOption { get; set; }
#endregion
#region Parameter ResourceOwner
///
///
/// An ARN representing the Amazon Web Services account ID that specifies the owner of
/// any simulated resource that does not identify its owner in the resource ARN. Examples
/// of resource ARNs include an S3 bucket or object. If ResourceOwner is
/// specified, it is also used as the account owner of any ResourcePolicy
/// included in the simulation. If the ResourceOwner parameter is not specified,
/// then the owner of the resources and the resource policy defaults to the account of
/// the identity provided in CallerArn. This parameter is required only if
/// you specify a resource-based policy and account that owns the resource is different
/// from the account that owns the simulated calling user CallerArn.The ARN for an account uses the following syntax: arn:aws:iam::AWS-account-ID:root.
/// For example, to represent the account with the 112233445566 ID, use the following
/// ARN: arn:aws:iam::112233445566-ID:root.
///
///
[System.Management.Automation.Parameter(ValueFromPipelineByPropertyName = true)]
public System.String ResourceOwner { get; set; }
#endregion
#region Parameter ResourcePolicy
///
///
/// A resource-based policy to include in the simulation provided as a string. Each resource
/// in the simulation is treated as if it had this policy attached. You can include only
/// one resource-based policy in a simulation.The maximum length of the policy document that you can pass in this operation, including
/// whitespace, is listed below. To view the maximum character counts of a managed policy
/// with no whitespaces, see IAM
/// and STS character quotas.The regex pattern used to validate this
/// parameter is a string of characters consisting of the following:- Any printable ASCII character ranging from the space character (
\u0020)
/// through the end of the ASCII character range - The printable characters in the Basic Latin and Latin-1 Supplement character set (through
///
\u00FF) - The special characters tab (
\u0009), line feed (\u000A),
/// and carriage return (\u000D)
Simulation of resource-based policies isn't supported for IAM roles.
///
///
[System.Management.Automation.Parameter(ValueFromPipelineByPropertyName = true)]
public System.String ResourcePolicy { get; set; }
#endregion
#region Parameter Marker
///
///
/// Use this parameter only when paginating results and only after you receive a response
/// indicating that the results are truncated. Set it to the value of the Marker
/// element in the response that you received to indicate where the next call should start.
///
///
///
Note: This parameter is only used if you are manually controlling output pagination of the service API call.
///
In order to manually control output pagination, use '-Marker $null' for the first call and '-Marker $AWSHistory.LastServiceResponse.Marker' for subsequent calls.
///
///
[System.Management.Automation.Parameter(ValueFromPipelineByPropertyName = true)]
[Alias("NextToken")]
public System.String Marker { get; set; }
#endregion
#region Parameter MaxItem
///
///
/// Use this only when paginating results to indicate the maximum number of items you
/// want in the response. If additional items exist beyond the maximum you specify, the
/// IsTruncated response element is true.If you do not include this parameter, the number of items defaults to 100. Note that
/// IAM might return fewer results, even when there are more results available. In that
/// case, the IsTruncated response element returns true, and
/// Marker contains a value to include in the subsequent call that tells
/// the service where to continue from.
///
///
///
Note: In AWSPowerShell and AWSPowerShell.NetCore this parameter is used to limit the total number of items returned by the cmdlet.
///
In AWS.Tools this parameter is simply passed to the service to specify how many items should be returned by each service call.
///
Pipe the output of this cmdlet into Select-Object -First to terminate retrieving data pages early and control the number of items returned.
///
///
[System.Management.Automation.Parameter(ValueFromPipelineByPropertyName = true)]
[Alias("MaxItems")]
public int? MaxItem { get; set; }
#endregion
#region Parameter Select
///
/// Use the -Select parameter to control the cmdlet output. The default value is 'EvaluationResults'.
/// Specifying -Select '*' will result in the cmdlet returning the whole service response (Amazon.IdentityManagement.Model.SimulateCustomPolicyResponse).
/// Specifying the name of a property of type Amazon.IdentityManagement.Model.SimulateCustomPolicyResponse will result in that property being returned.
/// Specifying -Select '^ParameterName' will result in the cmdlet returning the selected cmdlet parameter value.
///
[System.Management.Automation.Parameter(ValueFromPipelineByPropertyName = true)]
public string Select { get; set; } = "EvaluationResults";
#endregion
#region Parameter NoAutoIteration
///
/// By default the cmdlet will auto-iterate and retrieve all results to the pipeline by performing multiple
/// service calls. If set, the cmdlet will retrieve only the next 'page' of results using the value of Marker
/// as the start point.
///
[System.Management.Automation.Parameter(ValueFromPipelineByPropertyName = true)]
public SwitchParameter NoAutoIteration { get; set; }
#endregion
protected override void ProcessRecord()
{
this._AWSSignerType = "v4";
base.ProcessRecord();
var context = new CmdletContext();
// allow for manipulation of parameters prior to loading into context
PreExecutionContextLoad(context);
if (ParameterWasBound(nameof(this.Select)))
{
context.Select = CreateSelectDelegate(Select) ??
throw new System.ArgumentException("Invalid value for -Select parameter.", nameof(this.Select));
}
if (this.ActionName != null)
{
context.ActionName = new List(this.ActionName);
}
#if MODULAR
if (this.ActionName == null && ParameterWasBound(nameof(this.ActionName)))
{
WriteWarning("You are passing $null as a value for parameter ActionName which is marked as required. In case you believe this parameter was incorrectly marked as required, report this by opening an issue at https://github.com/aws/aws-tools-for-powershell/issues.");
}
#endif
context.CallerArn = this.CallerArn;
if (this.ContextEntry != null)
{
context.ContextEntry = new List(this.ContextEntry);
}
context.Marker = this.Marker;
context.MaxItem = this.MaxItem;
#if !MODULAR
if (ParameterWasBound(nameof(this.MaxItem)) && this.MaxItem.HasValue)
{
WriteWarning("AWSPowerShell and AWSPowerShell.NetCore use the MaxItem parameter to limit the total number of items returned by the cmdlet." +
" This behavior is obsolete and will be removed in a future version of these modules. Pipe the output of this cmdlet into Select-Object -First to terminate" +
" retrieving data pages early and control the number of items returned. AWS.Tools already implements the new behavior of simply passing MaxItem" +
" to the service to specify how many items should be returned by each service call.");
}
#endif
if (this.PermissionsBoundaryPolicyInputList != null)
{
context.PermissionsBoundaryPolicyInputList = new List(this.PermissionsBoundaryPolicyInputList);
}
if (this.PolicyInputList != null)
{
context.PolicyInputList = new List(this.PolicyInputList);
}
#if MODULAR
if (this.PolicyInputList == null && ParameterWasBound(nameof(this.PolicyInputList)))
{
WriteWarning("You are passing $null as a value for parameter PolicyInputList which is marked as required. In case you believe this parameter was incorrectly marked as required, report this by opening an issue at https://github.com/aws/aws-tools-for-powershell/issues.");
}
#endif
if (this.ResourceArn != null)
{
context.ResourceArn = new List(this.ResourceArn);
}
context.ResourceHandlingOption = this.ResourceHandlingOption;
context.ResourceOwner = this.ResourceOwner;
context.ResourcePolicy = this.ResourcePolicy;
// allow further manipulation of loaded context prior to processing
PostExecutionContextLoad(context);
var output = Execute(context) as CmdletOutput;
ProcessOutput(output);
}
#region IExecutor Members
#if MODULAR
public object Execute(ExecutorContext context)
{
var cmdletContext = context as CmdletContext;
var useParameterSelect = this.Select.StartsWith("^");
// create request and set iteration invariants
var request = new Amazon.IdentityManagement.Model.SimulateCustomPolicyRequest();
if (cmdletContext.ActionName != null)
{
request.ActionNames = cmdletContext.ActionName;
}
if (cmdletContext.CallerArn != null)
{
request.CallerArn = cmdletContext.CallerArn;
}
if (cmdletContext.ContextEntry != null)
{
request.ContextEntries = cmdletContext.ContextEntry;
}
if (cmdletContext.MaxItem != null)
{
request.MaxItems = AutoIterationHelpers.ConvertEmitLimitToServiceTypeInt32(cmdletContext.MaxItem.Value);
}
if (cmdletContext.PermissionsBoundaryPolicyInputList != null)
{
request.PermissionsBoundaryPolicyInputList = cmdletContext.PermissionsBoundaryPolicyInputList;
}
if (cmdletContext.PolicyInputList != null)
{
request.PolicyInputList = cmdletContext.PolicyInputList;
}
if (cmdletContext.ResourceArn != null)
{
request.ResourceArns = cmdletContext.ResourceArn;
}
if (cmdletContext.ResourceHandlingOption != null)
{
request.ResourceHandlingOption = cmdletContext.ResourceHandlingOption;
}
if (cmdletContext.ResourceOwner != null)
{
request.ResourceOwner = cmdletContext.ResourceOwner;
}
if (cmdletContext.ResourcePolicy != null)
{
request.ResourcePolicy = cmdletContext.ResourcePolicy;
}
// Initialize loop variant and commence piping
var _nextToken = cmdletContext.Marker;
var _userControllingPaging = this.NoAutoIteration.IsPresent || ParameterWasBound(nameof(this.Marker));
var client = Client ?? CreateClient(_CurrentCredentials, _RegionEndpoint);
do
{
request.Marker = _nextToken;
CmdletOutput output;
try
{
var response = CallAWSServiceOperation(client, request);
object pipelineOutput = null;
if (!useParameterSelect)
{
pipelineOutput = cmdletContext.Select(response, this);
}
output = new CmdletOutput
{
PipelineOutput = pipelineOutput,
ServiceResponse = response
};
_nextToken = response.Marker;
}
catch (Exception e)
{
output = new CmdletOutput { ErrorResponse = e };
}
ProcessOutput(output);
} while (!_userControllingPaging && AutoIterationHelpers.HasValue(_nextToken));
if (useParameterSelect)
{
WriteObject(cmdletContext.Select(null, this));
}
return null;
}
#else
public object Execute(ExecutorContext context)
{
var cmdletContext = context as CmdletContext;
var useParameterSelect = this.Select.StartsWith("^");
// create request and set iteration invariants
var request = new Amazon.IdentityManagement.Model.SimulateCustomPolicyRequest();
if (cmdletContext.ActionName != null)
{
request.ActionNames = cmdletContext.ActionName;
}
if (cmdletContext.CallerArn != null)
{
request.CallerArn = cmdletContext.CallerArn;
}
if (cmdletContext.ContextEntry != null)
{
request.ContextEntries = cmdletContext.ContextEntry;
}
if (cmdletContext.PermissionsBoundaryPolicyInputList != null)
{
request.PermissionsBoundaryPolicyInputList = cmdletContext.PermissionsBoundaryPolicyInputList;
}
if (cmdletContext.PolicyInputList != null)
{
request.PolicyInputList = cmdletContext.PolicyInputList;
}
if (cmdletContext.ResourceArn != null)
{
request.ResourceArns = cmdletContext.ResourceArn;
}
if (cmdletContext.ResourceHandlingOption != null)
{
request.ResourceHandlingOption = cmdletContext.ResourceHandlingOption;
}
if (cmdletContext.ResourceOwner != null)
{
request.ResourceOwner = cmdletContext.ResourceOwner;
}
if (cmdletContext.ResourcePolicy != null)
{
request.ResourcePolicy = cmdletContext.ResourcePolicy;
}
// Initialize loop variants and commence piping
System.String _nextToken = null;
int? _emitLimit = null;
int _retrievedSoFar = 0;
if (AutoIterationHelpers.HasValue(cmdletContext.Marker))
{
_nextToken = cmdletContext.Marker;
}
if (cmdletContext.MaxItem.HasValue)
{
// The service has a maximum page size of 1000. If the user has
// asked for more items than page max, and there is no page size
// configured, we rely on the service ignoring the set maximum
// and giving us 1000 items back. If a page size is set, that will
// be used to configure the pagination.
// We'll make further calls to satisfy the user's request.
_emitLimit = cmdletContext.MaxItem;
}
var _userControllingPaging = this.NoAutoIteration.IsPresent || ParameterWasBound(nameof(this.Marker));
var client = Client ?? CreateClient(_CurrentCredentials, _RegionEndpoint);
do
{
request.Marker = _nextToken;
if (_emitLimit.HasValue)
{
int correctPageSize = Math.Min(1000, _emitLimit.Value);
request.MaxItems = AutoIterationHelpers.ConvertEmitLimitToInt32(correctPageSize);
}
CmdletOutput output;
try
{
var response = CallAWSServiceOperation(client, request);
object pipelineOutput = null;
if (!useParameterSelect)
{
pipelineOutput = cmdletContext.Select(response, this);
}
output = new CmdletOutput
{
PipelineOutput = pipelineOutput,
ServiceResponse = response
};
int _receivedThisCall = response.EvaluationResults.Count;
_nextToken = response.Marker;
_retrievedSoFar += _receivedThisCall;
if (_emitLimit.HasValue)
{
_emitLimit -= _receivedThisCall;
}
}
catch (Exception e)
{
if (_retrievedSoFar == 0 || !_emitLimit.HasValue)
{
output = new CmdletOutput { ErrorResponse = e };
}
else
{
break;
}
}
ProcessOutput(output);
} while (!_userControllingPaging && AutoIterationHelpers.HasValue(_nextToken) && (!_emitLimit.HasValue || _emitLimit.Value >= 1));
if (useParameterSelect)
{
WriteObject(cmdletContext.Select(null, this));
}
return null;
}
#endif
public ExecutorContext CreateContext()
{
return new CmdletContext();
}
#endregion
#region AWS Service Operation Call
private Amazon.IdentityManagement.Model.SimulateCustomPolicyResponse CallAWSServiceOperation(IAmazonIdentityManagementService client, Amazon.IdentityManagement.Model.SimulateCustomPolicyRequest request)
{
Utils.Common.WriteVerboseEndpointMessage(this, client.Config, "AWS Identity and Access Management", "SimulateCustomPolicy");
try
{
#if DESKTOP
return client.SimulateCustomPolicy(request);
#elif CORECLR
return client.SimulateCustomPolicyAsync(request).GetAwaiter().GetResult();
#else
#error "Unknown build edition"
#endif
}
catch (AmazonServiceException exc)
{
var webException = exc.InnerException as System.Net.WebException;
if (webException != null)
{
throw new Exception(Utils.Common.FormatNameResolutionFailureMessage(client.Config, webException.Message), webException);
}
throw;
}
}
#endregion
internal partial class CmdletContext : ExecutorContext
{
public List ActionName { get; set; }
public System.String CallerArn { get; set; }
public List ContextEntry { get; set; }
public System.String Marker { get; set; }
public int? MaxItem { get; set; }
public List PermissionsBoundaryPolicyInputList { get; set; }
public List PolicyInputList { get; set; }
public List ResourceArn { get; set; }
public System.String ResourceHandlingOption { get; set; }
public System.String ResourceOwner { get; set; }
public System.String ResourcePolicy { get; set; }
public System.Func Select { get; set; } =
(response, cmdlet) => response.EvaluationResults;
}
}
}