@alliander-opensource/aws-jwt-sts 0.2.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE.txt +201 -0
- package/README.md +130 -0
- package/dist/index.d.ts +78 -0
- package/dist/index.js +451 -0
- package/dist/index.keyrotate.d.ts +1 -0
- package/dist/index.keyrotate.js +193 -0
- package/dist/index.sign.d.ts +2 -0
- package/dist/index.sign.js +120 -0
- package/dist/test/index.keyrotate.test.d.ts +1 -0
- package/dist/test/index.keyrotate.test.js +152 -0
- package/dist/test/index.sign.test.d.ts +1 -0
- package/dist/test/index.sign.test.js +146 -0
- package/dist/test/index.test.d.ts +1 -0
- package/dist/test/index.test.js +62 -0
- package/dist/tsconfig.tsbuildinfo +1 -0
- package/package.json +56 -0
- package/src/index.keyrotate.ts +228 -0
- package/src/index.sign.ts +145 -0
- package/src/index.ts +597 -0
- package/src/test/index.keyrotate.test.ts +168 -0
- package/src/test/index.sign.test.ts +187 -0
- package/src/test/index.test.ts +72 -0
|
@@ -0,0 +1,146 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
// SPDX-FileCopyrightText: 2023 Alliander NV
|
|
3
|
+
//
|
|
4
|
+
// SPDX-License-Identifier: Apache-2.0
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
const aws_sdk_client_mock_1 = require("aws-sdk-client-mock");
|
|
7
|
+
/* eslint-disable camelcase */
|
|
8
|
+
const jwt_decode_1 = require("jwt-decode");
|
|
9
|
+
const client_kms_1 = require("@aws-sdk/client-kms");
|
|
10
|
+
const index_sign_1 = require("../index.sign");
|
|
11
|
+
const kmsMock = (0, aws_sdk_client_mock_1.mockClient)(client_kms_1.KMSClient);
|
|
12
|
+
const VALID_IDENTITY_USER_ARN = 'arn:aws:sts:eu-central-1:123456789012:assumed-role/this-is-my-role-name/this-is-my-username';
|
|
13
|
+
const VALID_EVENT = {
|
|
14
|
+
requestContext: {
|
|
15
|
+
identity: {
|
|
16
|
+
userArn: VALID_IDENTITY_USER_ARN
|
|
17
|
+
}
|
|
18
|
+
}
|
|
19
|
+
};
|
|
20
|
+
const CONTEXT = {};
|
|
21
|
+
describe('handlers/sign/sign.ts', () => {
|
|
22
|
+
const OLD_ENV = process.env;
|
|
23
|
+
beforeEach(() => {
|
|
24
|
+
jest.resetModules();
|
|
25
|
+
kmsMock.reset();
|
|
26
|
+
process.env = { ...OLD_ENV };
|
|
27
|
+
});
|
|
28
|
+
afterEach(() => {
|
|
29
|
+
kmsMock.reset();
|
|
30
|
+
process.env = OLD_ENV;
|
|
31
|
+
});
|
|
32
|
+
test('it should respond bad request if no userIdentity is passed', async () => {
|
|
33
|
+
const event = {
|
|
34
|
+
requestContext: {}
|
|
35
|
+
};
|
|
36
|
+
const response = await (0, index_sign_1.handler)(event, CONTEXT);
|
|
37
|
+
expect(response.statusCode).toEqual(400);
|
|
38
|
+
expect(response.body).toEqual('Unable to resolve identity');
|
|
39
|
+
});
|
|
40
|
+
test('it should respond bad request if an invalid userIdentity is passed', async () => {
|
|
41
|
+
const invalidServiceResponse = await (0, index_sign_1.handler)({
|
|
42
|
+
requestContext: {
|
|
43
|
+
identity: {
|
|
44
|
+
userArn: 'arn:aws:invalid-service:eu-central-1:123456789012:assumed-role/this-is-my-role-name/this-is-my-username'
|
|
45
|
+
}
|
|
46
|
+
}
|
|
47
|
+
}, CONTEXT);
|
|
48
|
+
expect(invalidServiceResponse.statusCode).toEqual(400);
|
|
49
|
+
expect(invalidServiceResponse.body).toEqual('Unable to resolve identity');
|
|
50
|
+
const invalidAccountIdResponse = await (0, index_sign_1.handler)({
|
|
51
|
+
requestContext: {
|
|
52
|
+
identity: {
|
|
53
|
+
userArn: 'arn:aws:sts:eu-central-1:account-id:assumed-role/this-is-my-role-name/this-is-my-username'
|
|
54
|
+
}
|
|
55
|
+
}
|
|
56
|
+
}, CONTEXT);
|
|
57
|
+
expect(invalidAccountIdResponse.statusCode).toEqual(400);
|
|
58
|
+
expect(invalidAccountIdResponse.body).toEqual('Unable to resolve identity');
|
|
59
|
+
const completelyInvalidArn = await (0, index_sign_1.handler)({
|
|
60
|
+
requestContext: {
|
|
61
|
+
identity: {
|
|
62
|
+
userArn: 'i-am-not-even-trying'
|
|
63
|
+
}
|
|
64
|
+
}
|
|
65
|
+
}, CONTEXT);
|
|
66
|
+
expect(completelyInvalidArn.statusCode).toEqual(400);
|
|
67
|
+
expect(completelyInvalidArn.body).toEqual('Unable to resolve identity');
|
|
68
|
+
});
|
|
69
|
+
test('it should respond internal server error if no tag is present on the KMS key', async () => {
|
|
70
|
+
kmsMock
|
|
71
|
+
.on(client_kms_1.DescribeKeyCommand).resolves({
|
|
72
|
+
KeyMetadata: {
|
|
73
|
+
KeyId: 'key-1'
|
|
74
|
+
}
|
|
75
|
+
})
|
|
76
|
+
.on(client_kms_1.ListResourceTagsCommand).resolves({
|
|
77
|
+
Tags: [
|
|
78
|
+
{
|
|
79
|
+
TagKey: 'NotTheKid',
|
|
80
|
+
TagValue: 'I won\'t be resolved'
|
|
81
|
+
}
|
|
82
|
+
]
|
|
83
|
+
});
|
|
84
|
+
const response = await (0, index_sign_1.handler)(VALID_EVENT, CONTEXT);
|
|
85
|
+
expect(response.statusCode).toEqual(500);
|
|
86
|
+
expect(response.body).toEqual('KMS key is not correctly tagged');
|
|
87
|
+
});
|
|
88
|
+
test('it should respond internal server error if the KeyId is not in the metadata', async () => {
|
|
89
|
+
kmsMock
|
|
90
|
+
.on(client_kms_1.DescribeKeyCommand).resolves({});
|
|
91
|
+
const response = await (0, index_sign_1.handler)(VALID_EVENT, CONTEXT);
|
|
92
|
+
expect(response.statusCode).toEqual(500);
|
|
93
|
+
expect(response.body).toEqual('KMS key could not be retrieved');
|
|
94
|
+
});
|
|
95
|
+
test('should sign correctly', async () => {
|
|
96
|
+
jest
|
|
97
|
+
.useFakeTimers()
|
|
98
|
+
.setSystemTime(new Date('2020-01-01'));
|
|
99
|
+
const b64Signature = Buffer.from('i-am-a-signature').toString('base64');
|
|
100
|
+
const signature = base64ToArrayBuffer(b64Signature);
|
|
101
|
+
kmsMock
|
|
102
|
+
.on(client_kms_1.DescribeKeyCommand).resolves({
|
|
103
|
+
KeyMetadata: {
|
|
104
|
+
KeyId: 'key-1'
|
|
105
|
+
}
|
|
106
|
+
})
|
|
107
|
+
.on(client_kms_1.ListResourceTagsCommand).resolves({
|
|
108
|
+
Tags: [
|
|
109
|
+
{
|
|
110
|
+
TagKey: 'jwk_kid',
|
|
111
|
+
TagValue: 'I am the KID from the JWK'
|
|
112
|
+
}
|
|
113
|
+
]
|
|
114
|
+
})
|
|
115
|
+
.on(client_kms_1.SignCommand).resolves({
|
|
116
|
+
Signature: signature
|
|
117
|
+
});
|
|
118
|
+
process.env.ISSUER = 'https://test-issuer.com';
|
|
119
|
+
process.env.DEFAULT_AUDIENCE = 'api://default-aud';
|
|
120
|
+
const response = await (0, index_sign_1.handler)(VALID_EVENT, CONTEXT);
|
|
121
|
+
expect(response.statusCode).toEqual(200);
|
|
122
|
+
const responseBody = JSON.parse(response.body);
|
|
123
|
+
const token = responseBody.token;
|
|
124
|
+
const decodedHeader = (0, jwt_decode_1.default)(token, { header: true });
|
|
125
|
+
expect(decodedHeader.alg).toEqual('RS256');
|
|
126
|
+
expect(decodedHeader.typ).toEqual('JWT');
|
|
127
|
+
expect(decodedHeader.kid).toEqual('I am the KID from the JWK');
|
|
128
|
+
const decodedToken = (0, jwt_decode_1.default)(token);
|
|
129
|
+
expect(decodedToken.sub).toEqual('arn:aws:iam:eu-central-1:123456789012:role/this-is-my-role-name');
|
|
130
|
+
expect(decodedToken.aud).toEqual('api://default-aud');
|
|
131
|
+
expect(decodedToken.iss).toEqual('https://test-issuer.com');
|
|
132
|
+
expect(decodedToken.exp - decodedToken.iat).toEqual(3600);
|
|
133
|
+
expect(decodedToken.iat - decodedToken.nbf).toEqual(300);
|
|
134
|
+
const tokenParts = responseBody.token.split('.');
|
|
135
|
+
expect(tokenParts[2]).toEqual(`${b64Signature.replace('==', '')}`);
|
|
136
|
+
});
|
|
137
|
+
});
|
|
138
|
+
function base64ToArrayBuffer(b64) {
|
|
139
|
+
const byteString = atob(b64);
|
|
140
|
+
const byteArray = new Uint8Array(byteString.length);
|
|
141
|
+
for (let i = 0; i < byteString.length; i++) {
|
|
142
|
+
byteArray[i] = byteString.charCodeAt(i);
|
|
143
|
+
}
|
|
144
|
+
return byteArray;
|
|
145
|
+
}
|
|
146
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguc2lnbi50ZXN0LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL3Rlc3QvaW5kZXguc2lnbi50ZXN0LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFBQSw0Q0FBNEM7QUFDNUMsRUFBRTtBQUNGLHNDQUFzQzs7QUFHdEMsNkRBQWdEO0FBQ2hELDhCQUE4QjtBQUM5QiwyQ0FBbUM7QUFFbkMsb0RBSzRCO0FBRTVCLDhDQUF1QztBQUV2QyxNQUFNLE9BQU8sR0FBRyxJQUFBLGdDQUFVLEVBQUMsc0JBQVMsQ0FBQyxDQUFBO0FBRXJDLE1BQU0sdUJBQXVCLEdBQUcsNkZBQTZGLENBQUE7QUFFN0gsTUFBTSxXQUFXLEdBQXlCO0lBQ3hDLGNBQWMsRUFBRTtRQUNkLFFBQVEsRUFBRTtZQUNSLE9BQU8sRUFBRSx1QkFBdUI7U0FDakM7S0FDRjtDQUNLLENBQUE7QUFFUixNQUFNLE9BQU8sR0FBWSxFQUFTLENBQUE7QUFFbEMsUUFBUSxDQUFDLHVCQUF1QixFQUFFLEdBQUcsRUFBRTtJQUNyQyxNQUFNLE9BQU8sR0FBRyxPQUFPLENBQUMsR0FBRyxDQUFBO0lBRTNCLFVBQVUsQ0FBQyxHQUFHLEVBQUU7UUFDZCxJQUFJLENBQUMsWUFBWSxFQUFFLENBQUE7UUFDbkIsT0FBTyxDQUFDLEtBQUssRUFBRSxDQUFBO1FBQ2YsT0FBTyxDQUFDLEdBQUcsR0FBRyxFQUFFLEdBQUcsT0FBTyxFQUFFLENBQUE7SUFDOUIsQ0FBQyxDQUFDLENBQUE7SUFFRixTQUFTLENBQUMsR0FBRyxFQUFFO1FBQ2IsT0FBTyxDQUFDLEtBQUssRUFBRSxDQUFBO1FBQ2YsT0FBTyxDQUFDLEdBQUcsR0FBRyxPQUFPLENBQUE7SUFDdkIsQ0FBQyxDQUFDLENBQUE7SUFFRixJQUFJLENBQUMsNERBQTRELEVBQUUsS0FBSyxJQUFJLEVBQUU7UUFDNUUsTUFBTSxLQUFLLEdBQXlCO1lBQ2xDLGNBQWMsRUFBRSxFQUNmO1NBQ0ssQ0FBQTtRQUVSLE1BQU0sUUFBUSxHQUFHLE1BQU0sSUFBQSxvQkFBTyxFQUFDLEtBQUssRUFBRSxPQUFPLENBQUMsQ0FBQTtRQUU5QyxNQUFNLENBQUMsUUFBUSxDQUFDLFVBQVUsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsQ0FBQTtRQUN4QyxNQUFNLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxDQUFDLE9BQU8sQ0FBQyw0QkFBNEIsQ0FBQyxDQUFBO0lBQzdELENBQUMsQ0FBQyxDQUFBO0lBRUYsSUFBSSxDQUFDLG9FQUFvRSxFQUFFLEtBQUssSUFBSSxFQUFFO1FBQ3BGLE1BQU0sc0JBQXNCLEdBQUcsTUFBTSxJQUFBLG9CQUFPLEVBQUM7WUFDM0MsY0FBYyxFQUFFO2dCQUNkLFFBQVEsRUFBRTtvQkFDUixPQUFPLEVBQUUseUdBQXlHO2lCQUNuSDthQUNGO1NBQ0ssRUFBRSxPQUFPLENBQUMsQ0FBQTtRQUVsQixNQUFNLENBQUMsc0JBQXNCLENBQUMsVUFBVSxDQUFDLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxDQUFBO1FBQ3RELE1BQU0sQ0FBQyxzQkFBc0IsQ0FBQyxJQUFJLENBQUMsQ0FBQyxPQUFPLENBQUMsNEJBQTRCLENBQUMsQ0FBQTtRQUV6RSxNQUFNLHdCQUF3QixHQUFHLE1BQU0sSUFBQSxvQkFBTyxFQUFDO1lBQzdDLGNBQWMsRUFBRTtnQkFDZCxRQUFRLEVBQUU7b0JBQ1IsT0FBTyxFQUFFLDJGQUEyRjtpQkFDckc7YUFDRjtTQUNLLEVBQUUsT0FBTyxDQUFDLENBQUE7UUFFbEIsTUFBTSxDQUFDLHdCQUF3QixDQUFDLFVBQVUsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsQ0FBQTtRQUN4RCxNQUFNLENBQUMsd0JBQXdCLENBQUMsSUFBSSxDQUFDLENBQUMsT0FBTyxDQUFDLDRCQUE0QixDQUFDLENBQUE7UUFFM0UsTUFBTSxvQkFBb0IsR0FBRyxNQUFNLElBQUEsb0JBQU8sRUFBQztZQUN6QyxjQUFjLEVBQUU7Z0JBQ2QsUUFBUSxFQUFFO29CQUNSLE9BQU8sRUFBRSxzQkFBc0I7aUJBQ2hDO2FBQ0Y7U0FDSyxFQUFFLE9BQU8sQ0FBQyxDQUFBO1FBRWxCLE1BQU0sQ0FBQyxvQkFBb0IsQ0FBQyxVQUFVLENBQUMsQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLENBQUE7UUFDcEQsTUFBTSxDQUFDLG9CQUFvQixDQUFDLElBQUksQ0FBQyxDQUFDLE9BQU8sQ0FBQyw0QkFBNEIsQ0FBQyxDQUFBO0lBQ3pFLENBQUMsQ0FBQyxDQUFBO0lBRUYsSUFBSSxDQUFDLDZFQUE2RSxFQUFFLEtBQUssSUFBSSxFQUFFO1FBQzdGLE9BQU87YUFDSixFQUFFLENBQUMsK0JBQWtCLENBQUMsQ0FBQyxRQUFRLENBQUM7WUFDL0IsV0FBVyxFQUFFO2dCQUNYLEtBQUssRUFBRSxPQUFPO2FBQ2Y7U0FDRixDQUFDO2FBQ0QsRUFBRSxDQUFDLG9DQUF1QixDQUFDLENBQUMsUUFBUSxDQUFDO1lBQ3BDLElBQUksRUFBRTtnQkFDSjtvQkFDRSxNQUFNLEVBQUUsV0FBVztvQkFDbkIsUUFBUSxFQUFFLHNCQUFzQjtpQkFDakM7YUFDRjtTQUNGLENBQUMsQ0FBQTtRQUVKLE1BQU0sUUFBUSxHQUFHLE1BQU0sSUFBQSxvQkFBTyxFQUFDLFdBQVcsRUFBRSxPQUFPLENBQUMsQ0FBQTtRQUVwRCxNQUFNLENBQUMsUUFBUSxDQUFDLFVBQVUsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsQ0FBQTtRQUN4QyxNQUFNLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxDQUFDLE9BQU8sQ0FBQyxpQ0FBaUMsQ0FBQyxDQUFBO0lBQ2xFLENBQUMsQ0FBQyxDQUFBO0lBRUYsSUFBSSxDQUFDLDZFQUE2RSxFQUFFLEtBQUssSUFBSSxFQUFFO1FBQzdGLE9BQU87YUFDSixFQUFFLENBQUMsK0JBQWtCLENBQUMsQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDLENBQUE7UUFFdEMsTUFBTSxRQUFRLEdBQUcsTUFBTSxJQUFBLG9CQUFPLEVBQUMsV0FBVyxFQUFFLE9BQU8sQ0FBQyxDQUFBO1FBRXBELE1BQU0sQ0FBQyxRQUFRLENBQUMsVUFBVSxDQUFDLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxDQUFBO1FBQ3hDLE1BQU0sQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLENBQUMsT0FBTyxDQUFDLGdDQUFnQyxDQUFDLENBQUE7SUFDakUsQ0FBQyxDQUFDLENBQUE7SUFFRixJQUFJLENBQUMsdUJBQXVCLEVBQUUsS0FBSyxJQUFJLEVBQUU7UUFDdkMsSUFBSTthQUNELGFBQWEsRUFBRTthQUNmLGFBQWEsQ0FBQyxJQUFJLElBQUksQ0FBQyxZQUFZLENBQUMsQ0FBQyxDQUFBO1FBRXhDLE1BQU0sWUFBWSxHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMsa0JBQWtCLENBQUMsQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLENBQUE7UUFDdkUsTUFBTSxTQUFTLEdBQUcsbUJBQW1CLENBQUMsWUFBWSxDQUFDLENBQUE7UUFFbkQsT0FBTzthQUNKLEVBQUUsQ0FBQywrQkFBa0IsQ0FBQyxDQUFDLFFBQVEsQ0FBQztZQUMvQixXQUFXLEVBQUU7Z0JBQ1gsS0FBSyxFQUFFLE9BQU87YUFDZjtTQUNGLENBQUM7YUFDRCxFQUFFLENBQUMsb0NBQXVCLENBQUMsQ0FBQyxRQUFRLENBQUM7WUFDcEMsSUFBSSxFQUFFO2dCQUNKO29CQUNFLE1BQU0sRUFBRSxTQUFTO29CQUNqQixRQUFRLEVBQUUsMkJBQTJCO2lCQUN0QzthQUNGO1NBQ0YsQ0FBQzthQUNELEVBQUUsQ0FBQyx3QkFBVyxDQUFDLENBQUMsUUFBUSxDQUFDO1lBQ3hCLFNBQVMsRUFBRSxTQUFTO1NBQ3JCLENBQUMsQ0FBQTtRQUVKLE9BQU8sQ0FBQyxHQUFHLENBQUMsTUFBTSxHQUFHLHlCQUF5QixDQUFBO1FBQzlDLE9BQU8sQ0FBQyxHQUFHLENBQUMsZ0JBQWdCLEdBQUcsbUJBQW1CLENBQUE7UUFFbEQsTUFBTSxRQUFRLEdBQUcsTUFBTSxJQUFBLG9CQUFPLEVBQUMsV0FBVyxFQUFFLE9BQU8sQ0FBQyxDQUFBO1FBRXBELE1BQU0sQ0FBQyxRQUFRLENBQUMsVUFBVSxDQUFDLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxDQUFBO1FBQ3hDLE1BQU0sWUFBWSxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxDQUFBO1FBQzlDLE1BQU0sS0FBSyxHQUFHLFlBQVksQ0FBQyxLQUFLLENBQUE7UUFFaEMsTUFBTSxhQUFhLEdBQVEsSUFBQSxvQkFBVSxFQUFDLEtBQUssRUFBRSxFQUFFLE1BQU0sRUFBRSxJQUFJLEVBQUUsQ0FBQyxDQUFBO1FBRTlELE1BQU0sQ0FBQyxhQUFhLENBQUMsR0FBRyxDQUFDLENBQUMsT0FBTyxDQUFDLE9BQU8sQ0FBQyxDQUFBO1FBQzFDLE1BQU0sQ0FBQyxhQUFhLENBQUMsR0FBRyxDQUFDLENBQUMsT0FBTyxDQUFDLEtBQUssQ0FBQyxDQUFBO1FBQ3hDLE1BQU0sQ0FBQyxhQUFhLENBQUMsR0FBRyxDQUFDLENBQUMsT0FBTyxDQUFDLDJCQUEyQixDQUFDLENBQUE7UUFFOUQsTUFBTSxZQUFZLEdBQVEsSUFBQSxvQkFBVSxFQUFDLEtBQUssQ0FBQyxDQUFBO1FBQzNDLE1BQU0sQ0FBQyxZQUFZLENBQUMsR0FBRyxDQUFDLENBQUMsT0FBTyxDQUFDLGlFQUFpRSxDQUFDLENBQUE7UUFDbkcsTUFBTSxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsQ0FBQyxPQUFPLENBQUMsbUJBQW1CLENBQUMsQ0FBQTtRQUNyRCxNQUFNLENBQUMsWUFBWSxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sQ0FBQyx5QkFBeUIsQ0FBQyxDQUFBO1FBQzNELE1BQU0sQ0FBQyxZQUFZLENBQUMsR0FBRyxHQUFHLFlBQVksQ0FBQyxHQUFHLENBQUMsQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLENBQUE7UUFDekQsTUFBTSxDQUFDLFlBQVksQ0FBQyxHQUFHLEdBQUcsWUFBWSxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsQ0FBQTtRQUV4RCxNQUFNLFVBQVUsR0FBRyxZQUFZLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQTtRQUNoRCxNQUFNLENBQUMsVUFBVSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDLEdBQUcsWUFBWSxDQUFDLE9BQU8sQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLEVBQUUsQ0FBQyxDQUFBO0lBQ3BFLENBQUMsQ0FBQyxDQUFBO0FBQ0osQ0FBQyxDQUFDLENBQUE7QUFFRixTQUFTLG1CQUFtQixDQUFFLEdBQVc7SUFDdkMsTUFBTSxVQUFVLEdBQUcsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFBO0lBQzVCLE1BQU0sU0FBUyxHQUFHLElBQUksVUFBVSxDQUFDLFVBQVUsQ0FBQyxNQUFNLENBQUMsQ0FBQTtJQUNuRCxLQUFLLElBQUksQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLEdBQUcsVUFBVSxDQUFDLE1BQU0sRUFBRSxDQUFDLEVBQUUsRUFBRTtRQUMxQyxTQUFTLENBQUMsQ0FBQyxDQUFDLEdBQUcsVUFBVSxDQUFDLFVBQVUsQ0FBQyxDQUFDLENBQUMsQ0FBQTtLQUN4QztJQUVELE9BQU8sU0FBUyxDQUFBO0FBQ2xCLENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyIvLyBTUERYLUZpbGVDb3B5cmlnaHRUZXh0OiAyMDIzIEFsbGlhbmRlciBOVlxuLy9cbi8vIFNQRFgtTGljZW5zZS1JZGVudGlmaWVyOiBBcGFjaGUtMi4wXG5cbmltcG9ydCB7IEFQSUdhdGV3YXlQcm94eUV2ZW50LCBDb250ZXh0IH0gZnJvbSAnYXdzLWxhbWJkYSdcbmltcG9ydCB7IG1vY2tDbGllbnQgfSBmcm9tICdhd3Mtc2RrLWNsaWVudC1tb2NrJ1xuLyogZXNsaW50LWRpc2FibGUgY2FtZWxjYXNlICovXG5pbXBvcnQgand0X2RlY29kZSBmcm9tICdqd3QtZGVjb2RlJ1xuXG5pbXBvcnQge1xuICBLTVNDbGllbnQsXG4gIERlc2NyaWJlS2V5Q29tbWFuZCxcbiAgTGlzdFJlc291cmNlVGFnc0NvbW1hbmQsXG4gIFNpZ25Db21tYW5kXG59IGZyb20gJ0Bhd3Mtc2RrL2NsaWVudC1rbXMnXG5cbmltcG9ydCB7IGhhbmRsZXIgfSBmcm9tICcuLi9pbmRleC5zaWduJ1xuXG5jb25zdCBrbXNNb2NrID0gbW9ja0NsaWVudChLTVNDbGllbnQpXG5cbmNvbnN0IFZBTElEX0lERU5USVRZX1VTRVJfQVJOID0gJ2Fybjphd3M6c3RzOmV1LWNlbnRyYWwtMToxMjM0NTY3ODkwMTI6YXNzdW1lZC1yb2xlL3RoaXMtaXMtbXktcm9sZS1uYW1lL3RoaXMtaXMtbXktdXNlcm5hbWUnXG5cbmNvbnN0IFZBTElEX0VWRU5UOiBBUElHYXRld2F5UHJveHlFdmVudCA9IHtcbiAgcmVxdWVzdENvbnRleHQ6IHtcbiAgICBpZGVudGl0eToge1xuICAgICAgdXNlckFybjogVkFMSURfSURFTlRJVFlfVVNFUl9BUk5cbiAgICB9XG4gIH1cbn0gYXMgYW55XG5cbmNvbnN0IENPTlRFWFQ6IENvbnRleHQgPSB7fSBhcyBhbnlcblxuZGVzY3JpYmUoJ2hhbmRsZXJzL3NpZ24vc2lnbi50cycsICgpID0+IHtcbiAgY29uc3QgT0xEX0VOViA9IHByb2Nlc3MuZW52XG5cbiAgYmVmb3JlRWFjaCgoKSA9PiB7XG4gICAgamVzdC5yZXNldE1vZHVsZXMoKVxuICAgIGttc01vY2sucmVzZXQoKVxuICAgIHByb2Nlc3MuZW52ID0geyAuLi5PTERfRU5WIH1cbiAgfSlcblxuICBhZnRlckVhY2goKCkgPT4ge1xuICAgIGttc01vY2sucmVzZXQoKVxuICAgIHByb2Nlc3MuZW52ID0gT0xEX0VOVlxuICB9KVxuXG4gIHRlc3QoJ2l0IHNob3VsZCByZXNwb25kIGJhZCByZXF1ZXN0IGlmIG5vIHVzZXJJZGVudGl0eSBpcyBwYXNzZWQnLCBhc3luYyAoKSA9PiB7XG4gICAgY29uc3QgZXZlbnQ6IEFQSUdhdGV3YXlQcm94eUV2ZW50ID0ge1xuICAgICAgcmVxdWVzdENvbnRleHQ6IHtcbiAgICAgIH1cbiAgICB9IGFzIGFueVxuXG4gICAgY29uc3QgcmVzcG9uc2UgPSBhd2FpdCBoYW5kbGVyKGV2ZW50LCBDT05URVhUKVxuXG4gICAgZXhwZWN0KHJlc3BvbnNlLnN0YXR1c0NvZGUpLnRvRXF1YWwoNDAwKVxuICAgIGV4cGVjdChyZXNwb25zZS5ib2R5KS50b0VxdWFsKCdVbmFibGUgdG8gcmVzb2x2ZSBpZGVudGl0eScpXG4gIH0pXG5cbiAgdGVzdCgnaXQgc2hvdWxkIHJlc3BvbmQgYmFkIHJlcXVlc3QgaWYgYW4gaW52YWxpZCB1c2VySWRlbnRpdHkgaXMgcGFzc2VkJywgYXN5bmMgKCkgPT4ge1xuICAgIGNvbnN0IGludmFsaWRTZXJ2aWNlUmVzcG9uc2UgPSBhd2FpdCBoYW5kbGVyKHtcbiAgICAgIHJlcXVlc3RDb250ZXh0OiB7XG4gICAgICAgIGlkZW50aXR5OiB7XG4gICAgICAgICAgdXNlckFybjogJ2Fybjphd3M6aW52YWxpZC1zZXJ2aWNlOmV1LWNlbnRyYWwtMToxMjM0NTY3ODkwMTI6YXNzdW1lZC1yb2xlL3RoaXMtaXMtbXktcm9sZS1uYW1lL3RoaXMtaXMtbXktdXNlcm5hbWUnXG4gICAgICAgIH1cbiAgICAgIH1cbiAgICB9IGFzIGFueSwgQ09OVEVYVClcblxuICAgIGV4cGVjdChpbnZhbGlkU2VydmljZVJlc3BvbnNlLnN0YXR1c0NvZGUpLnRvRXF1YWwoNDAwKVxuICAgIGV4cGVjdChpbnZhbGlkU2VydmljZVJlc3BvbnNlLmJvZHkpLnRvRXF1YWwoJ1VuYWJsZSB0byByZXNvbHZlIGlkZW50aXR5JylcblxuICAgIGNvbnN0IGludmFsaWRBY2NvdW50SWRSZXNwb25zZSA9IGF3YWl0IGhhbmRsZXIoe1xuICAgICAgcmVxdWVzdENvbnRleHQ6IHtcbiAgICAgICAgaWRlbnRpdHk6IHtcbiAgICAgICAgICB1c2VyQXJuOiAnYXJuOmF3czpzdHM6ZXUtY2VudHJhbC0xOmFjY291bnQtaWQ6YXNzdW1lZC1yb2xlL3RoaXMtaXMtbXktcm9sZS1uYW1lL3RoaXMtaXMtbXktdXNlcm5hbWUnXG4gICAgICAgIH1cbiAgICAgIH1cbiAgICB9IGFzIGFueSwgQ09OVEVYVClcblxuICAgIGV4cGVjdChpbnZhbGlkQWNjb3VudElkUmVzcG9uc2Uuc3RhdHVzQ29kZSkudG9FcXVhbCg0MDApXG4gICAgZXhwZWN0KGludmFsaWRBY2NvdW50SWRSZXNwb25zZS5ib2R5KS50b0VxdWFsKCdVbmFibGUgdG8gcmVzb2x2ZSBpZGVudGl0eScpXG5cbiAgICBjb25zdCBjb21wbGV0ZWx5SW52YWxpZEFybiA9IGF3YWl0IGhhbmRsZXIoe1xuICAgICAgcmVxdWVzdENvbnRleHQ6IHtcbiAgICAgICAgaWRlbnRpdHk6IHtcbiAgICAgICAgICB1c2VyQXJuOiAnaS1hbS1ub3QtZXZlbi10cnlpbmcnXG4gICAgICAgIH1cbiAgICAgIH1cbiAgICB9IGFzIGFueSwgQ09OVEVYVClcblxuICAgIGV4cGVjdChjb21wbGV0ZWx5SW52YWxpZEFybi5zdGF0dXNDb2RlKS50b0VxdWFsKDQwMClcbiAgICBleHBlY3QoY29tcGxldGVseUludmFsaWRBcm4uYm9keSkudG9FcXVhbCgnVW5hYmxlIHRvIHJlc29sdmUgaWRlbnRpdHknKVxuICB9KVxuXG4gIHRlc3QoJ2l0IHNob3VsZCByZXNwb25kIGludGVybmFsIHNlcnZlciBlcnJvciBpZiBubyB0YWcgaXMgcHJlc2VudCBvbiB0aGUgS01TIGtleScsIGFzeW5jICgpID0+IHtcbiAgICBrbXNNb2NrXG4gICAgICAub24oRGVzY3JpYmVLZXlDb21tYW5kKS5yZXNvbHZlcyh7XG4gICAgICAgIEtleU1ldGFkYXRhOiB7XG4gICAgICAgICAgS2V5SWQ6ICdrZXktMSdcbiAgICAgICAgfVxuICAgICAgfSlcbiAgICAgIC5vbihMaXN0UmVzb3VyY2VUYWdzQ29tbWFuZCkucmVzb2x2ZXMoe1xuICAgICAgICBUYWdzOiBbXG4gICAgICAgICAge1xuICAgICAgICAgICAgVGFnS2V5OiAnTm90VGhlS2lkJyxcbiAgICAgICAgICAgIFRhZ1ZhbHVlOiAnSSB3b25cXCd0IGJlIHJlc29sdmVkJ1xuICAgICAgICAgIH1cbiAgICAgICAgXVxuICAgICAgfSlcblxuICAgIGNvbnN0IHJlc3BvbnNlID0gYXdhaXQgaGFuZGxlcihWQUxJRF9FVkVOVCwgQ09OVEVYVClcblxuICAgIGV4cGVjdChyZXNwb25zZS5zdGF0dXNDb2RlKS50b0VxdWFsKDUwMClcbiAgICBleHBlY3QocmVzcG9uc2UuYm9keSkudG9FcXVhbCgnS01TIGtleSBpcyBub3QgY29ycmVjdGx5IHRhZ2dlZCcpXG4gIH0pXG5cbiAgdGVzdCgnaXQgc2hvdWxkIHJlc3BvbmQgaW50ZXJuYWwgc2VydmVyIGVycm9yIGlmIHRoZSBLZXlJZCBpcyBub3QgaW4gdGhlIG1ldGFkYXRhJywgYXN5bmMgKCkgPT4ge1xuICAgIGttc01vY2tcbiAgICAgIC5vbihEZXNjcmliZUtleUNvbW1hbmQpLnJlc29sdmVzKHt9KVxuXG4gICAgY29uc3QgcmVzcG9uc2UgPSBhd2FpdCBoYW5kbGVyKFZBTElEX0VWRU5ULCBDT05URVhUKVxuXG4gICAgZXhwZWN0KHJlc3BvbnNlLnN0YXR1c0NvZGUpLnRvRXF1YWwoNTAwKVxuICAgIGV4cGVjdChyZXNwb25zZS5ib2R5KS50b0VxdWFsKCdLTVMga2V5IGNvdWxkIG5vdCBiZSByZXRyaWV2ZWQnKVxuICB9KVxuXG4gIHRlc3QoJ3Nob3VsZCBzaWduIGNvcnJlY3RseScsIGFzeW5jICgpID0+IHtcbiAgICBqZXN0XG4gICAgICAudXNlRmFrZVRpbWVycygpXG4gICAgICAuc2V0U3lzdGVtVGltZShuZXcgRGF0ZSgnMjAyMC0wMS0wMScpKVxuXG4gICAgY29uc3QgYjY0U2lnbmF0dXJlID0gQnVmZmVyLmZyb20oJ2ktYW0tYS1zaWduYXR1cmUnKS50b1N0cmluZygnYmFzZTY0JylcbiAgICBjb25zdCBzaWduYXR1cmUgPSBiYXNlNjRUb0FycmF5QnVmZmVyKGI2NFNpZ25hdHVyZSlcblxuICAgIGttc01vY2tcbiAgICAgIC5vbihEZXNjcmliZUtleUNvbW1hbmQpLnJlc29sdmVzKHtcbiAgICAgICAgS2V5TWV0YWRhdGE6IHtcbiAgICAgICAgICBLZXlJZDogJ2tleS0xJ1xuICAgICAgICB9XG4gICAgICB9KVxuICAgICAgLm9uKExpc3RSZXNvdXJjZVRhZ3NDb21tYW5kKS5yZXNvbHZlcyh7XG4gICAgICAgIFRhZ3M6IFtcbiAgICAgICAgICB7XG4gICAgICAgICAgICBUYWdLZXk6ICdqd2tfa2lkJyxcbiAgICAgICAgICAgIFRhZ1ZhbHVlOiAnSSBhbSB0aGUgS0lEIGZyb20gdGhlIEpXSydcbiAgICAgICAgICB9XG4gICAgICAgIF1cbiAgICAgIH0pXG4gICAgICAub24oU2lnbkNvbW1hbmQpLnJlc29sdmVzKHtcbiAgICAgICAgU2lnbmF0dXJlOiBzaWduYXR1cmVcbiAgICAgIH0pXG5cbiAgICBwcm9jZXNzLmVudi5JU1NVRVIgPSAnaHR0cHM6Ly90ZXN0LWlzc3Vlci5jb20nXG4gICAgcHJvY2Vzcy5lbnYuREVGQVVMVF9BVURJRU5DRSA9ICdhcGk6Ly9kZWZhdWx0LWF1ZCdcblxuICAgIGNvbnN0IHJlc3BvbnNlID0gYXdhaXQgaGFuZGxlcihWQUxJRF9FVkVOVCwgQ09OVEVYVClcblxuICAgIGV4cGVjdChyZXNwb25zZS5zdGF0dXNDb2RlKS50b0VxdWFsKDIwMClcbiAgICBjb25zdCByZXNwb25zZUJvZHkgPSBKU09OLnBhcnNlKHJlc3BvbnNlLmJvZHkpXG4gICAgY29uc3QgdG9rZW4gPSByZXNwb25zZUJvZHkudG9rZW5cblxuICAgIGNvbnN0IGRlY29kZWRIZWFkZXI6IGFueSA9IGp3dF9kZWNvZGUodG9rZW4sIHsgaGVhZGVyOiB0cnVlIH0pXG5cbiAgICBleHBlY3QoZGVjb2RlZEhlYWRlci5hbGcpLnRvRXF1YWwoJ1JTMjU2JylcbiAgICBleHBlY3QoZGVjb2RlZEhlYWRlci50eXApLnRvRXF1YWwoJ0pXVCcpXG4gICAgZXhwZWN0KGRlY29kZWRIZWFkZXIua2lkKS50b0VxdWFsKCdJIGFtIHRoZSBLSUQgZnJvbSB0aGUgSldLJylcblxuICAgIGNvbnN0IGRlY29kZWRUb2tlbjogYW55ID0gand0X2RlY29kZSh0b2tlbilcbiAgICBleHBlY3QoZGVjb2RlZFRva2VuLnN1YikudG9FcXVhbCgnYXJuOmF3czppYW06ZXUtY2VudHJhbC0xOjEyMzQ1Njc4OTAxMjpyb2xlL3RoaXMtaXMtbXktcm9sZS1uYW1lJylcbiAgICBleHBlY3QoZGVjb2RlZFRva2VuLmF1ZCkudG9FcXVhbCgnYXBpOi8vZGVmYXVsdC1hdWQnKVxuICAgIGV4cGVjdChkZWNvZGVkVG9rZW4uaXNzKS50b0VxdWFsKCdodHRwczovL3Rlc3QtaXNzdWVyLmNvbScpXG4gICAgZXhwZWN0KGRlY29kZWRUb2tlbi5leHAgLSBkZWNvZGVkVG9rZW4uaWF0KS50b0VxdWFsKDM2MDApXG4gICAgZXhwZWN0KGRlY29kZWRUb2tlbi5pYXQgLSBkZWNvZGVkVG9rZW4ubmJmKS50b0VxdWFsKDMwMClcblxuICAgIGNvbnN0IHRva2VuUGFydHMgPSByZXNwb25zZUJvZHkudG9rZW4uc3BsaXQoJy4nKVxuICAgIGV4cGVjdCh0b2tlblBhcnRzWzJdKS50b0VxdWFsKGAke2I2NFNpZ25hdHVyZS5yZXBsYWNlKCc9PScsICcnKX1gKVxuICB9KVxufSlcblxuZnVuY3Rpb24gYmFzZTY0VG9BcnJheUJ1ZmZlciAoYjY0OiBzdHJpbmcpIHtcbiAgY29uc3QgYnl0ZVN0cmluZyA9IGF0b2IoYjY0KVxuICBjb25zdCBieXRlQXJyYXkgPSBuZXcgVWludDhBcnJheShieXRlU3RyaW5nLmxlbmd0aClcbiAgZm9yIChsZXQgaSA9IDA7IGkgPCBieXRlU3RyaW5nLmxlbmd0aDsgaSsrKSB7XG4gICAgYnl0ZUFycmF5W2ldID0gYnl0ZVN0cmluZy5jaGFyQ29kZUF0KGkpXG4gIH1cblxuICByZXR1cm4gYnl0ZUFycmF5XG59XG4iXX0=
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -0,0 +1,62 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
// SPDX-FileCopyrightText: 2023 Alliander NV
|
|
3
|
+
//
|
|
4
|
+
// SPDX-License-Identifier: Apache-2.0
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
/* eslint-disable no-new */
|
|
7
|
+
const cdk = require("aws-cdk-lib");
|
|
8
|
+
const assertions_1 = require("aws-cdk-lib/assertions");
|
|
9
|
+
const index_1 = require("../index");
|
|
10
|
+
test('creates sts construct correctly', () => {
|
|
11
|
+
const stack = new cdk.Stack();
|
|
12
|
+
new index_1.AwsJwtSts(stack, 'AllianderIngress', {
|
|
13
|
+
defaultAudience: 'api://default-aud'
|
|
14
|
+
});
|
|
15
|
+
const template = assertions_1.Template.fromStack(stack);
|
|
16
|
+
template.hasResourceProperties('AWS::Lambda::Function', assertions_1.Match.objectLike({
|
|
17
|
+
Runtime: 'nodejs18.x'
|
|
18
|
+
}));
|
|
19
|
+
template.hasResourceProperties('AWS::Events::Rule', assertions_1.Match.objectLike({
|
|
20
|
+
EventPattern: {
|
|
21
|
+
'detail-type': ['CloudFormation Stack Status Change']
|
|
22
|
+
},
|
|
23
|
+
State: 'ENABLED'
|
|
24
|
+
}));
|
|
25
|
+
});
|
|
26
|
+
test('creates sts construct with key rotation on create/update disabled', () => {
|
|
27
|
+
const stack = new cdk.Stack();
|
|
28
|
+
new index_1.AwsJwtSts(stack, 'AllianderIngress', {
|
|
29
|
+
defaultAudience: 'api://default-aud',
|
|
30
|
+
disableKeyRotateOnCreate: true
|
|
31
|
+
});
|
|
32
|
+
const template = assertions_1.Template.fromStack(stack);
|
|
33
|
+
template.resourcePropertiesCountIs('AWS::Events::Rule', assertions_1.Match.objectLike({
|
|
34
|
+
EventPattern: {
|
|
35
|
+
'detail-type': ['CloudFormation Stack Status Change']
|
|
36
|
+
}
|
|
37
|
+
}), 0);
|
|
38
|
+
});
|
|
39
|
+
test('creates sts construct with custom alarm names', () => {
|
|
40
|
+
const stack = new cdk.Stack();
|
|
41
|
+
new index_1.AwsJwtSts(stack, 'AllianderIngress', {
|
|
42
|
+
defaultAudience: 'api://default-aud',
|
|
43
|
+
alarmNameApiGateway5xx: 'alarm-api-gw-5xx',
|
|
44
|
+
alarmNameKeyRotationLambdaFailed: 'alarm-key-rotation-lambda-failed',
|
|
45
|
+
alarmNameKeyRotationStepFunctionFailed: 'alarm-step-functions-failed',
|
|
46
|
+
alarmNameSignLambdaFailed: 'alarm-sign-lambda-failed'
|
|
47
|
+
});
|
|
48
|
+
const template = assertions_1.Template.fromStack(stack);
|
|
49
|
+
template.hasResourceProperties('AWS::CloudWatch::Alarm', assertions_1.Match.objectLike({
|
|
50
|
+
AlarmName: 'alarm-api-gw-5xx'
|
|
51
|
+
}));
|
|
52
|
+
template.hasResourceProperties('AWS::CloudWatch::Alarm', assertions_1.Match.objectLike({
|
|
53
|
+
AlarmName: 'alarm-key-rotation-lambda-failed'
|
|
54
|
+
}));
|
|
55
|
+
template.hasResourceProperties('AWS::CloudWatch::Alarm', assertions_1.Match.objectLike({
|
|
56
|
+
AlarmName: 'alarm-step-functions-failed'
|
|
57
|
+
}));
|
|
58
|
+
template.hasResourceProperties('AWS::CloudWatch::Alarm', assertions_1.Match.objectLike({
|
|
59
|
+
AlarmName: 'alarm-sign-lambda-failed'
|
|
60
|
+
}));
|
|
61
|
+
});
|
|
62
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXgudGVzdC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy90ZXN0L2luZGV4LnRlc3QudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IjtBQUFBLDRDQUE0QztBQUM1QyxFQUFFO0FBQ0Ysc0NBQXNDOztBQUV0QywyQkFBMkI7QUFDM0IsbUNBQWtDO0FBQ2xDLHVEQUF3RDtBQUN4RCxvQ0FBb0M7QUFFcEMsSUFBSSxDQUFDLGlDQUFpQyxFQUFFLEdBQUcsRUFBRTtJQUMzQyxNQUFNLEtBQUssR0FBRyxJQUFJLEdBQUcsQ0FBQyxLQUFLLEVBQUUsQ0FBQTtJQUM3QixJQUFJLGlCQUFTLENBQUMsS0FBSyxFQUFFLGtCQUFrQixFQUFFO1FBQ3ZDLGVBQWUsRUFBRSxtQkFBbUI7S0FDckMsQ0FBQyxDQUFBO0lBRUYsTUFBTSxRQUFRLEdBQUcscUJBQVEsQ0FBQyxTQUFTLENBQUMsS0FBSyxDQUFDLENBQUE7SUFDMUMsUUFBUSxDQUFDLHFCQUFxQixDQUFDLHVCQUF1QixFQUFFLGtCQUFLLENBQUMsVUFBVSxDQUFDO1FBQ3ZFLE9BQU8sRUFBRSxZQUFZO0tBQ3RCLENBQUMsQ0FBQyxDQUFBO0lBRUgsUUFBUSxDQUFDLHFCQUFxQixDQUFDLG1CQUFtQixFQUFFLGtCQUFLLENBQUMsVUFBVSxDQUNsRTtRQUNFLFlBQVksRUFBRTtZQUNaLGFBQWEsRUFBRSxDQUFDLG9DQUFvQyxDQUFDO1NBQ3REO1FBQ0QsS0FBSyxFQUFFLFNBQVM7S0FDakIsQ0FDRixDQUFDLENBQUE7QUFDSixDQUFDLENBQUMsQ0FBQTtBQUVGLElBQUksQ0FBQyxtRUFBbUUsRUFBRSxHQUFHLEVBQUU7SUFDN0UsTUFBTSxLQUFLLEdBQUcsSUFBSSxHQUFHLENBQUMsS0FBSyxFQUFFLENBQUE7SUFDN0IsSUFBSSxpQkFBUyxDQUFDLEtBQUssRUFBRSxrQkFBa0IsRUFBRTtRQUN2QyxlQUFlLEVBQUUsbUJBQW1CO1FBQ3BDLHdCQUF3QixFQUFFLElBQUk7S0FDL0IsQ0FBQyxDQUFBO0lBRUYsTUFBTSxRQUFRLEdBQUcscUJBQVEsQ0FBQyxTQUFTLENBQUMsS0FBSyxDQUFDLENBQUE7SUFFMUMsUUFBUSxDQUFDLHlCQUF5QixDQUFDLG1CQUFtQixFQUFFLGtCQUFLLENBQUMsVUFBVSxDQUN0RTtRQUNFLFlBQVksRUFBRTtZQUNaLGFBQWEsRUFBRSxDQUFDLG9DQUFvQyxDQUFDO1NBQ3REO0tBQ0YsQ0FDRixFQUFFLENBQUMsQ0FBQyxDQUFBO0FBQ1AsQ0FBQyxDQUFDLENBQUE7QUFFRixJQUFJLENBQUMsK0NBQStDLEVBQUUsR0FBRyxFQUFFO0lBQ3pELE1BQU0sS0FBSyxHQUFHLElBQUksR0FBRyxDQUFDLEtBQUssRUFBRSxDQUFBO0lBQzdCLElBQUksaUJBQVMsQ0FBQyxLQUFLLEVBQUUsa0JBQWtCLEVBQUU7UUFDdkMsZUFBZSxFQUFFLG1CQUFtQjtRQUNwQyxzQkFBc0IsRUFBRSxrQkFBa0I7UUFDMUMsZ0NBQWdDLEVBQUUsa0NBQWtDO1FBQ3BFLHNDQUFzQyxFQUFFLDZCQUE2QjtRQUNyRSx5QkFBeUIsRUFBRSwwQkFBMEI7S0FDdEQsQ0FBQyxDQUFBO0lBRUYsTUFBTSxRQUFRLEdBQUcscUJBQVEsQ0FBQyxTQUFTLENBQUMsS0FBSyxDQUFDLENBQUE7SUFDMUMsUUFBUSxDQUFDLHFCQUFxQixDQUFDLHdCQUF3QixFQUFFLGtCQUFLLENBQUMsVUFBVSxDQUFDO1FBQ3hFLFNBQVMsRUFBRSxrQkFBa0I7S0FDOUIsQ0FBQyxDQUFDLENBQUE7SUFDSCxRQUFRLENBQUMscUJBQXFCLENBQUMsd0JBQXdCLEVBQUUsa0JBQUssQ0FBQyxVQUFVLENBQUM7UUFDeEUsU0FBUyxFQUFFLGtDQUFrQztLQUM5QyxDQUFDLENBQUMsQ0FBQTtJQUNILFFBQVEsQ0FBQyxxQkFBcUIsQ0FBQyx3QkFBd0IsRUFBRSxrQkFBSyxDQUFDLFVBQVUsQ0FBQztRQUN4RSxTQUFTLEVBQUUsNkJBQTZCO0tBQ3pDLENBQUMsQ0FBQyxDQUFBO0lBQ0gsUUFBUSxDQUFDLHFCQUFxQixDQUFDLHdCQUF3QixFQUFFLGtCQUFLLENBQUMsVUFBVSxDQUFDO1FBQ3hFLFNBQVMsRUFBRSwwQkFBMEI7S0FDdEMsQ0FBQyxDQUFDLENBQUE7QUFDTCxDQUFDLENBQUMsQ0FBQSIsInNvdXJjZXNDb250ZW50IjpbIi8vIFNQRFgtRmlsZUNvcHlyaWdodFRleHQ6IDIwMjMgQWxsaWFuZGVyIE5WXG4vL1xuLy8gU1BEWC1MaWNlbnNlLUlkZW50aWZpZXI6IEFwYWNoZS0yLjBcblxuLyogZXNsaW50LWRpc2FibGUgbm8tbmV3ICovXG5pbXBvcnQgKiBhcyBjZGsgZnJvbSAnYXdzLWNkay1saWInXG5pbXBvcnQgeyBNYXRjaCwgVGVtcGxhdGUgfSBmcm9tICdhd3MtY2RrLWxpYi9hc3NlcnRpb25zJ1xuaW1wb3J0IHsgQXdzSnd0U3RzIH0gZnJvbSAnLi4vaW5kZXgnXG5cbnRlc3QoJ2NyZWF0ZXMgc3RzIGNvbnN0cnVjdCBjb3JyZWN0bHknLCAoKSA9PiB7XG4gIGNvbnN0IHN0YWNrID0gbmV3IGNkay5TdGFjaygpXG4gIG5ldyBBd3NKd3RTdHMoc3RhY2ssICdBbGxpYW5kZXJJbmdyZXNzJywge1xuICAgIGRlZmF1bHRBdWRpZW5jZTogJ2FwaTovL2RlZmF1bHQtYXVkJ1xuICB9KVxuXG4gIGNvbnN0IHRlbXBsYXRlID0gVGVtcGxhdGUuZnJvbVN0YWNrKHN0YWNrKVxuICB0ZW1wbGF0ZS5oYXNSZXNvdXJjZVByb3BlcnRpZXMoJ0FXUzo6TGFtYmRhOjpGdW5jdGlvbicsIE1hdGNoLm9iamVjdExpa2Uoe1xuICAgIFJ1bnRpbWU6ICdub2RlanMxOC54J1xuICB9KSlcblxuICB0ZW1wbGF0ZS5oYXNSZXNvdXJjZVByb3BlcnRpZXMoJ0FXUzo6RXZlbnRzOjpSdWxlJywgTWF0Y2gub2JqZWN0TGlrZShcbiAgICB7XG4gICAgICBFdmVudFBhdHRlcm46IHtcbiAgICAgICAgJ2RldGFpbC10eXBlJzogWydDbG91ZEZvcm1hdGlvbiBTdGFjayBTdGF0dXMgQ2hhbmdlJ11cbiAgICAgIH0sXG4gICAgICBTdGF0ZTogJ0VOQUJMRUQnXG4gICAgfVxuICApKVxufSlcblxudGVzdCgnY3JlYXRlcyBzdHMgY29uc3RydWN0IHdpdGgga2V5IHJvdGF0aW9uIG9uIGNyZWF0ZS91cGRhdGUgZGlzYWJsZWQnLCAoKSA9PiB7XG4gIGNvbnN0IHN0YWNrID0gbmV3IGNkay5TdGFjaygpXG4gIG5ldyBBd3NKd3RTdHMoc3RhY2ssICdBbGxpYW5kZXJJbmdyZXNzJywge1xuICAgIGRlZmF1bHRBdWRpZW5jZTogJ2FwaTovL2RlZmF1bHQtYXVkJyxcbiAgICBkaXNhYmxlS2V5Um90YXRlT25DcmVhdGU6IHRydWVcbiAgfSlcblxuICBjb25zdCB0ZW1wbGF0ZSA9IFRlbXBsYXRlLmZyb21TdGFjayhzdGFjaylcblxuICB0ZW1wbGF0ZS5yZXNvdXJjZVByb3BlcnRpZXNDb3VudElzKCdBV1M6OkV2ZW50czo6UnVsZScsIE1hdGNoLm9iamVjdExpa2UoXG4gICAge1xuICAgICAgRXZlbnRQYXR0ZXJuOiB7XG4gICAgICAgICdkZXRhaWwtdHlwZSc6IFsnQ2xvdWRGb3JtYXRpb24gU3RhY2sgU3RhdHVzIENoYW5nZSddXG4gICAgICB9XG4gICAgfVxuICApLCAwKVxufSlcblxudGVzdCgnY3JlYXRlcyBzdHMgY29uc3RydWN0IHdpdGggY3VzdG9tIGFsYXJtIG5hbWVzJywgKCkgPT4ge1xuICBjb25zdCBzdGFjayA9IG5ldyBjZGsuU3RhY2soKVxuICBuZXcgQXdzSnd0U3RzKHN0YWNrLCAnQWxsaWFuZGVySW5ncmVzcycsIHtcbiAgICBkZWZhdWx0QXVkaWVuY2U6ICdhcGk6Ly9kZWZhdWx0LWF1ZCcsXG4gICAgYWxhcm1OYW1lQXBpR2F0ZXdheTV4eDogJ2FsYXJtLWFwaS1ndy01eHgnLFxuICAgIGFsYXJtTmFtZUtleVJvdGF0aW9uTGFtYmRhRmFpbGVkOiAnYWxhcm0ta2V5LXJvdGF0aW9uLWxhbWJkYS1mYWlsZWQnLFxuICAgIGFsYXJtTmFtZUtleVJvdGF0aW9uU3RlcEZ1bmN0aW9uRmFpbGVkOiAnYWxhcm0tc3RlcC1mdW5jdGlvbnMtZmFpbGVkJyxcbiAgICBhbGFybU5hbWVTaWduTGFtYmRhRmFpbGVkOiAnYWxhcm0tc2lnbi1sYW1iZGEtZmFpbGVkJ1xuICB9KVxuXG4gIGNvbnN0IHRlbXBsYXRlID0gVGVtcGxhdGUuZnJvbVN0YWNrKHN0YWNrKVxuICB0ZW1wbGF0ZS5oYXNSZXNvdXJjZVByb3BlcnRpZXMoJ0FXUzo6Q2xvdWRXYXRjaDo6QWxhcm0nLCBNYXRjaC5vYmplY3RMaWtlKHtcbiAgICBBbGFybU5hbWU6ICdhbGFybS1hcGktZ3ctNXh4J1xuICB9KSlcbiAgdGVtcGxhdGUuaGFzUmVzb3VyY2VQcm9wZXJ0aWVzKCdBV1M6OkNsb3VkV2F0Y2g6OkFsYXJtJywgTWF0Y2gub2JqZWN0TGlrZSh7XG4gICAgQWxhcm1OYW1lOiAnYWxhcm0ta2V5LXJvdGF0aW9uLWxhbWJkYS1mYWlsZWQnXG4gIH0pKVxuICB0ZW1wbGF0ZS5oYXNSZXNvdXJjZVByb3BlcnRpZXMoJ0FXUzo6Q2xvdWRXYXRjaDo6QWxhcm0nLCBNYXRjaC5vYmplY3RMaWtlKHtcbiAgICBBbGFybU5hbWU6ICdhbGFybS1zdGVwLWZ1bmN0aW9ucy1mYWlsZWQnXG4gIH0pKVxuICB0ZW1wbGF0ZS5oYXNSZXNvdXJjZVByb3BlcnRpZXMoJ0FXUzo6Q2xvdWRXYXRjaDo6QWxhcm0nLCBNYXRjaC5vYmplY3RMaWtlKHtcbiAgICBBbGFybU5hbWU6ICdhbGFybS1zaWduLWxhbWJkYS1mYWlsZWQnXG4gIH0pKVxufSlcbiJdfQ==
|