@aws-cdk-testing/cli-integ 2.173.4 → 3.0.0

package/tests/cli-integ-tests/bootstrapping.integtest.ts

@@ -0,0 +1,493 @@
+/* eslint-disable @cdklabs/no-literal-partition */
+import * as fs from 'fs';
+import * as path from 'path';
+import { DescribeStackResourcesCommand, DescribeStacksCommand } from '@aws-sdk/client-cloudformation';
+import { DescribeRepositoriesCommand } from '@aws-sdk/client-ecr';
+import { CreatePolicyCommand, DeletePolicyCommand, GetRoleCommand } from '@aws-sdk/client-iam';
+import * as yaml from 'yaml';
+import { integTest, randomString, withoutBootstrap } from '../../lib';
+import eventually from '../../lib/eventually';
+
+jest.setTimeout(2 * 60 * 60_000); // Includes the time to acquire locks, worst-case single-threaded runtime
+
+integTest('can bootstrap without execution', withoutBootstrap(async (fixture) => {
+  const bootstrapStackName = fixture.bootstrapStackName;
+
+  await fixture.cdkBootstrapLegacy({
+    toolkitStackName: bootstrapStackName,
+    noExecute: true,
+  });
+
+  const resp = await fixture.aws.cloudFormation.send(
+    new DescribeStacksCommand({
+      StackName: bootstrapStackName,
+    }),
+  );
+
+  expect(resp.Stacks?.[0].StackStatus).toEqual('REVIEW_IN_PROGRESS');
+}));
+
+integTest('upgrade legacy bootstrap stack to new bootstrap stack while in use', withoutBootstrap(async (fixture) => {
+  const bootstrapStackName = fixture.bootstrapStackName;
+
+  const legacyBootstrapBucketName = `aws-cdk-bootstrap-integ-test-legacy-bckt-${randomString()}`;
+  const newBootstrapBucketName = `aws-cdk-bootstrap-integ-test-v2-bckt-${randomString()}`;
+  fixture.rememberToDeleteBucket(legacyBootstrapBucketName); // This one will leak
+  fixture.rememberToDeleteBucket(newBootstrapBucketName); // This one shouldn't leak if the test succeeds, but let's be safe in case it doesn't
+
+  // Legacy bootstrap
+  await fixture.cdkBootstrapLegacy({
+    toolkitStackName: bootstrapStackName,
+    bootstrapBucketName: legacyBootstrapBucketName,
+  });
+
+  // Deploy stack that uses file assets
+  await fixture.cdkDeploy('lambda', {
+    options: [
+      '--context', `bootstrapBucket=${legacyBootstrapBucketName}`,
+      '--context', 'legacySynth=true',
+      '--context', `@aws-cdk/core:bootstrapQualifier=${fixture.qualifier}`,
+      '--toolkit-stack-name', bootstrapStackName,
+    ],
+  });
+
+  // Upgrade bootstrap stack to "new" style
+  await fixture.cdkBootstrapModern({
+    toolkitStackName: bootstrapStackName,
+    bootstrapBucketName: newBootstrapBucketName,
+    cfnExecutionPolicy: 'arn:aws:iam::aws:policy/AdministratorAccess',
+  });
+
+  // (Force) deploy stack again
+  // --force to bypass the check which says that the template hasn't changed.
+  await fixture.cdkDeploy('lambda', {
+    options: [
+      '--context', `bootstrapBucket=${newBootstrapBucketName}`,
+      '--context', `@aws-cdk/core:bootstrapQualifier=${fixture.qualifier}`,
+      '--toolkit-stack-name', bootstrapStackName,
+      '--force',
+    ],
+  });
+}));
+
+integTest('can and deploy if omitting execution policies', withoutBootstrap(async (fixture) => {
+  const bootstrapStackName = fixture.bootstrapStackName;
+
+  await fixture.cdkBootstrapModern({
+    toolkitStackName: bootstrapStackName,
+  });
+
+  // Deploy stack that uses file assets
+  await fixture.cdkDeploy('lambda', {
+    options: [
+      '--toolkit-stack-name', bootstrapStackName,
+      '--context', `@aws-cdk/core:bootstrapQualifier=${fixture.qualifier}`,
+      '--context', '@aws-cdk/core:newStyleStackSynthesis=1',
+    ],
+  });
+}));
+
+integTest('can deploy with session tags on the deploy, lookup, file asset, and image asset publishing roles', withoutBootstrap(async (fixture) => {
+  const bootstrapStackName = fixture.bootstrapStackName;
+
+  await fixture.cdkBootstrapModern({
+    toolkitStackName: bootstrapStackName,
+    bootstrapTemplate: path.join(__dirname, '..', '..', 'resources', 'bootstrap-templates', 'session-tags.all-roles-deny-all.yaml'),
+  });
+
+  await fixture.cdkDeploy('session-tags', {
+    options: [
+      '--toolkit-stack-name', bootstrapStackName,
+      '--context', `@aws-cdk/core:bootstrapQualifier=${fixture.qualifier}`,
+      '--context', '@aws-cdk/core:newStyleStackSynthesis=1',
+    ],
+    modEnv: {
+      ENABLE_VPC_TESTING: 'IMPORT',
+    },
+  });
+}));
+
+integTest('can deploy without execution role and with session tags on deploy role', withoutBootstrap(async (fixture) => {
+  const bootstrapStackName = fixture.bootstrapStackName;
+
+  await fixture.cdkBootstrapModern({
+    toolkitStackName: bootstrapStackName,
+    bootstrapTemplate: path.join(__dirname, '..', '..', 'resources', 'bootstrap-templates', 'session-tags.deploy-role-deny-sqs.yaml'),
+  });
+
+  await fixture.cdkDeploy('session-tags-with-custom-synthesizer', {
+    options: [
+      '--toolkit-stack-name', bootstrapStackName,
+      '--context', `@aws-cdk/core:bootstrapQualifier=${fixture.qualifier}`,
+      '--context', '@aws-cdk/core:newStyleStackSynthesis=1',
+    ],
+  });
+}));
+
+integTest('deploy new style synthesis to new style bootstrap', withoutBootstrap(async (fixture) => {
+  const bootstrapStackName = fixture.bootstrapStackName;
+
+  await fixture.cdkBootstrapModern({
+    toolkitStackName: bootstrapStackName,
+    cfnExecutionPolicy: 'arn:aws:iam::aws:policy/AdministratorAccess',
+  });
+
+  // Deploy stack that uses file assets
+  await fixture.cdkDeploy('lambda', {
+    options: [
+      '--toolkit-stack-name', bootstrapStackName,
+      '--context', `@aws-cdk/core:bootstrapQualifier=${fixture.qualifier}`,
+      '--context', '@aws-cdk/core:newStyleStackSynthesis=1',
+    ],
+  });
+}));
+
+integTest('deploy new style synthesis to new style bootstrap (with docker image)', withoutBootstrap(async (fixture) => {
+  const bootstrapStackName = fixture.bootstrapStackName;
+
+  await fixture.cdkBootstrapModern({
+    toolkitStackName: bootstrapStackName,
+    cfnExecutionPolicy: 'arn:aws:iam::aws:policy/AdministratorAccess',
+  });
+
+  // Deploy stack that uses file assets
+  await fixture.cdkDeploy('docker', {
+    options: [
+      '--toolkit-stack-name', bootstrapStackName,
+      '--context', `@aws-cdk/core:bootstrapQualifier=${fixture.qualifier}`,
+      '--context', '@aws-cdk/core:newStyleStackSynthesis=1',
+    ],
+  });
+}));
+
+integTest('deploy old style synthesis to new style bootstrap', withoutBootstrap(async (fixture) => {
+  const bootstrapStackName = fixture.bootstrapStackName;
+
+  await fixture.cdkBootstrapModern({
+    toolkitStackName: bootstrapStackName,
+    cfnExecutionPolicy: 'arn:aws:iam::aws:policy/AdministratorAccess',
+  });
+
+  // Deploy stack that uses file assets
+  await fixture.cdkDeploy('lambda', {
+    options: [
+      '--context', `@aws-cdk/core:bootstrapQualifier=${fixture.qualifier}`,
+      '--toolkit-stack-name', bootstrapStackName,
+    ],
+  });
+}));
+
+integTest('can create a legacy bootstrap stack with --public-access-block-configuration=false', withoutBootstrap(async (fixture) => {
+  const bootstrapStackName = fixture.bootstrapStackName;
+
+  await fixture.cdkBootstrapLegacy({
+    verbose: true,
+    toolkitStackName: bootstrapStackName,
+    publicAccessBlockConfiguration: false,
+    tags: 'Foo=Bar',
+  });
+
+  const response = await fixture.aws.cloudFormation.send(new DescribeStacksCommand({ StackName: bootstrapStackName }));
+  expect(response.Stacks?.[0].Tags).toEqual([
+    { Key: 'Foo', Value: 'Bar' },
+  ]);
+}));
+
+integTest('can create multiple legacy bootstrap stacks', withoutBootstrap(async (fixture) => {
+  const bootstrapStackName1 = `${fixture.bootstrapStackName}-1`;
+  const bootstrapStackName2 = `${fixture.bootstrapStackName}-2`;
+
+  // deploy two toolkit stacks into the same environment (see #1416)
+  // one with tags
+  await fixture.cdkBootstrapLegacy({
+    verbose: true,
+    toolkitStackName: bootstrapStackName1,
+    tags: 'Foo=Bar',
+  });
+  await fixture.cdkBootstrapLegacy({
+    verbose: true,
+    toolkitStackName: bootstrapStackName2,
+  });
+
+  const response = await fixture.aws.cloudFormation.send(new DescribeStacksCommand({ StackName: bootstrapStackName1 }));
+  expect(response.Stacks?.[0].Tags).toEqual([
+    { Key: 'Foo', Value: 'Bar' },
+  ]);
+}));
+
+integTest('can dump the template, modify and use it to deploy a custom bootstrap stack', withoutBootstrap(async (fixture) => {
+  let template = await fixture.cdkBootstrapModern({
+    // toolkitStackName doesn't matter for this particular invocation
+    toolkitStackName: fixture.bootstrapStackName,
+    showTemplate: true,
+    cliOptions: {
+      captureStderr: false,
+    },
+  });
+
+  expect(template).toContain('BootstrapVersion:');
+
+  template += '\n' + [
+    '  TwiddleDee:',
+    '    Value: Template got twiddled',
+  ].join('\n');
+
+  const filename = path.join(fixture.integTestDir, `${fixture.qualifier}-template.yaml`);
+  fs.writeFileSync(filename, template, { encoding: 'utf-8' });
+  await fixture.cdkBootstrapModern({
+    toolkitStackName: fixture.bootstrapStackName,
+    template: filename,
+    cfnExecutionPolicy: 'arn:aws:iam::aws:policy/AdministratorAccess',
+  });
+}));
+
+integTest('a customized template vendor will not overwrite the default template', withoutBootstrap(async (fixture) => {
+  // Initial bootstrap
+  const toolkitStackName = fixture.bootstrapStackName;
+  await fixture.cdkBootstrapModern({
+    toolkitStackName,
+    cfnExecutionPolicy: 'arn:aws:iam::aws:policy/AdministratorAccess',
+  });
+
+  // Customize template
+  const templateStr = await fixture.cdkBootstrapModern({
+    // toolkitStackName doesn't matter for this particular invocation
+    toolkitStackName,
+    showTemplate: true,
+    cliOptions: {
+      captureStderr: false,
+    },
+  });
+
+  const template = yaml.parse(templateStr, { schema: 'core' });
+  template.Parameters.BootstrapVariant.Default = 'CustomizedVendor';
+  const filename = path.join(fixture.integTestDir, `${fixture.qualifier}-template.yaml`);
+  fs.writeFileSync(filename, yaml.stringify(template, { schema: 'yaml-1.1' }), { encoding: 'utf-8' });
+
+  // Rebootstrap. For some reason, this doesn't cause a failure, it's a successful no-op.
+  const output = await fixture.cdkBootstrapModern({
+    toolkitStackName,
+    template: filename,
+    cfnExecutionPolicy: 'arn:aws:iam::aws:policy/AdministratorAccess',
+    cliOptions: {
+      captureStderr: true,
+    },
+  });
+  expect(output).toContain('Not overwriting it with a template containing');
+}));
+
+integTest('can use the default permissions boundary to bootstrap', withoutBootstrap(async (fixture) => {
+  let template = await fixture.cdkBootstrapModern({
+    // toolkitStackName doesn't matter for this particular invocation
+    toolkitStackName: fixture.bootstrapStackName,
+    showTemplate: true,
+    examplePermissionsBoundary: true,
+  });
+
+  expect(template).toContain('PermissionsBoundary');
+}));
+
+integTest('can use the custom permissions boundary to bootstrap', withoutBootstrap(async (fixture) => {
+  let template = await fixture.cdkBootstrapModern({
+    // toolkitStackName doesn't matter for this particular invocation
+    toolkitStackName: fixture.bootstrapStackName,
+    showTemplate: true,
+    customPermissionsBoundary: 'permission-boundary-name',
+  });
+
+  expect(template).toContain('permission-boundary-name');
+}));
+
+integTest('can use the custom permissions boundary (with slashes) to bootstrap', withoutBootstrap(async (fixture) => {
+  let template = await fixture.cdkBootstrapModern({
+    // toolkitStackName doesn't matter for this particular invocation
+    toolkitStackName: fixture.bootstrapStackName,
+    showTemplate: true,
+    customPermissionsBoundary: 'permission-boundary-name/with/path',
+  });
+
+  expect(template).toContain('permission-boundary-name/with/path');
+}));
+
+integTest('can remove customPermissionsBoundary', withoutBootstrap(async (fixture) => {
+  const bootstrapStackName = fixture.bootstrapStackName;
+  const policyName = `${bootstrapStackName}-pb`;
+  let policyArn;
+  try {
+    const policy = await fixture.aws.iam.send(
+      new CreatePolicyCommand({
+        PolicyName: policyName,
+        PolicyDocument: JSON.stringify({
+          Version: '2012-10-17',
+          Statement: {
+            Action: ['*'],
+            Resource: ['*'],
+            Effect: 'Allow',
+          },
+        }),
+      }),
+    );
+    policyArn = policy.Policy?.Arn;
+
+    // Policy creation and consistency across regions is "almost immediate"
+    // See: https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency
+    // We will put this in an `eventually` block to retry stack creation with a reasonable timeout
+    const createStackWithPermissionBoundary = async (): Promise<void> => {
+      await fixture.cdkBootstrapModern({
+        // toolkitStackName doesn't matter for this particular invocation
+        toolkitStackName: bootstrapStackName,
+        customPermissionsBoundary: policyName,
+      });
+
+      const response = await fixture.aws.cloudFormation.send(
+        new DescribeStacksCommand({ StackName: bootstrapStackName }),
+      );
+      expect(
+        response.Stacks?.[0].Parameters?.some(
+          param => (param.ParameterKey === 'InputPermissionsBoundary' && param.ParameterValue === policyName),
+        )).toEqual(true);
+    };
+
+    await eventually(createStackWithPermissionBoundary, { maxAttempts: 3 });
+
+    await fixture.cdkBootstrapModern({
+      // toolkitStackName doesn't matter for this particular invocation
+      toolkitStackName: bootstrapStackName,
+      usePreviousParameters: false,
+    });
+    const response2 = await fixture.aws.cloudFormation.send(
+      new DescribeStacksCommand({ StackName: bootstrapStackName }),
+    );
+    expect(
+      response2.Stacks?.[0].Parameters?.some(
+        param => (param.ParameterKey === 'InputPermissionsBoundary' && !param.ParameterValue),
+      )).toEqual(true);
+
+    const region = fixture.aws.region;
+    const account = await fixture.aws.account();
+    const role = await fixture.aws.iam.send(
+      new GetRoleCommand({ RoleName: `cdk-${fixture.qualifier}-cfn-exec-role-${account}-${region}` }),
+    );
+    if (!role.Role) {
+      throw new Error('Role not found');
+    }
+    expect(role.Role.PermissionsBoundary).toBeUndefined();
+
+  } finally {
+    if (policyArn) {
+      await fixture.aws.iam.send(new DeletePolicyCommand({ PolicyArn: policyArn }));
+    }
+  }
+}));
+
+integTest('switch on termination protection, switch is left alone on re-bootstrap', withoutBootstrap(async (fixture) => {
+  const bootstrapStackName = fixture.bootstrapStackName;
+
+  await fixture.cdkBootstrapModern({
+    verbose: true,
+    toolkitStackName: bootstrapStackName,
+    terminationProtection: true,
+    cfnExecutionPolicy: 'arn:aws:iam::aws:policy/AdministratorAccess',
+  });
+  await fixture.cdkBootstrapModern({
+    verbose: true,
+    toolkitStackName: bootstrapStackName,
+    force: true,
+  });
+
+  const response = await fixture.aws.cloudFormation.send(new DescribeStacksCommand({ StackName: bootstrapStackName }));
+  expect(response.Stacks?.[0].EnableTerminationProtection).toEqual(true);
+}));
+
+integTest('add tags, left alone on re-bootstrap', withoutBootstrap(async (fixture) => {
+  const bootstrapStackName = fixture.bootstrapStackName;
+
+  await fixture.cdkBootstrapModern({
+    verbose: true,
+    toolkitStackName: bootstrapStackName,
+    tags: 'Foo=Bar',
+    cfnExecutionPolicy: 'arn:aws:iam::aws:policy/AdministratorAccess',
+  });
+  await fixture.cdkBootstrapModern({
+    verbose: true,
+    toolkitStackName: bootstrapStackName,
+    force: true,
+  });
+
+  const response = await fixture.aws.cloudFormation.send(new DescribeStacksCommand({ StackName: bootstrapStackName }));
+  expect(response.Stacks?.[0].Tags).toEqual([
+    { Key: 'Foo', Value: 'Bar' },
+  ]);
+}));
+
+integTest('can add tags then update tags during re-bootstrap', withoutBootstrap(async (fixture) => {
+  const bootstrapStackName = fixture.bootstrapStackName;
+
+  await fixture.cdkBootstrapModern({
+    verbose: true,
+    toolkitStackName: bootstrapStackName,
+    tags: 'Foo=Bar',
+    cfnExecutionPolicy: 'arn:aws:iam::aws:policy/AdministratorAccess',
+  });
+  await fixture.cdkBootstrapModern({
+    verbose: true,
+    toolkitStackName: bootstrapStackName,
+    tags: 'Foo=BarBaz',
+    cfnExecutionPolicy: 'arn:aws:iam::aws:policy/AdministratorAccess',
+    force: true,
+  });
+
+  const response = await fixture.aws.cloudFormation.send(new DescribeStacksCommand({ StackName: bootstrapStackName }));
+  expect(response.Stacks?.[0].Tags).toEqual([
+    { Key: 'Foo', Value: 'BarBaz' },
+  ]);
+}));
+
+integTest('can deploy modern-synthesized stack even if bootstrap stack name is unknown', withoutBootstrap(async (fixture) => {
+  const bootstrapStackName = fixture.bootstrapStackName;
+
+  await fixture.cdkBootstrapModern({
+    toolkitStackName: bootstrapStackName,
+    cfnExecutionPolicy: 'arn:aws:iam::aws:policy/AdministratorAccess',
+  });
+
+  // Deploy stack that uses file assets
+  await fixture.cdkDeploy('lambda', {
+    options: [
+      // Explicity pass a name that's sure to not exist, otherwise the CLI might accidentally find a
+      // default bootstracp stack if that happens to be in the account already.
+      '--toolkit-stack-name', 'DefinitelyDoesNotExist',
+      '--context', `@aws-cdk/core:bootstrapQualifier=${fixture.qualifier}`,
+      '--context', '@aws-cdk/core:newStyleStackSynthesis=1',
+    ],
+  });
+}));
+
+integTest('create ECR with tag IMMUTABILITY to set on', withoutBootstrap(async (fixture) => {
+  const bootstrapStackName = fixture.bootstrapStackName;
+
+  await fixture.cdkBootstrapModern({
+    verbose: true,
+    toolkitStackName: bootstrapStackName,
+  });
+
+  const response = await fixture.aws.cloudFormation.send(
+    new DescribeStackResourcesCommand({
+      StackName: bootstrapStackName,
+    }),
+  );
+  const ecrResource = response.StackResources?.find(resource => resource.LogicalResourceId === 'ContainerAssetsRepository');
+  expect(ecrResource).toBeDefined();
+
+  const ecrResponse = await fixture.aws.ecr.send(
+    new DescribeRepositoriesCommand({
+      repositoryNames: [
+        // This is set, as otherwise we don't end up here
+        ecrResource?.PhysicalResourceId ?? '',
+      ],
+    }),
+  );
+
+  expect(ecrResponse.repositories?.[0].imageTagMutability).toEqual('IMMUTABLE');
+}));
+

package/tests/cli-integ-tests/cli-lib.integtest.js

@@ -25,6 +25,7 @@ jest.setTimeout(2 * 60 * 60000); // Includes the time to acquire locks, worst-ca
     expect(listing).toContain(fixture.fullStackName('simple-1'));
 }));
 (0, lib_1.integTest)('cli-lib deploy', (0, lib_1.withCliLibFixture)(async (fixture) => {
+    var _a;
     const stackName = fixture.fullStackName('simple-1');
     try {
         // deploy the stack
@@ -35,7 +36,7 @@ jest.setTimeout(2 * 60 * 60000); // Includes the time to acquire locks, worst-ca
         const expectedStack = await fixture.aws.cloudFormation.send(new client_cloudformation_1.DescribeStackResourcesCommand({
             StackName: stackName,
         }));
-        expect(expectedStack.StackResources?.length).toEqual(3);
+        expect((_a = expectedStack.StackResources) === null || _a === void 0 ? void 0 : _a.length).toEqual(3);
     }
     finally {
         // delete the stack
@@ -58,4 +59,4 @@ jest.setTimeout(2 * 60 * 60000); // Includes the time to acquire locks, worst-ca
         StackName: fixture.fullStackName('simple-1'),
     }))).rejects.toThrow('does not exist');
 }));
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2xpLWxpYi5pbnRlZ3Rlc3QuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJjbGktbGliLmludGVndGVzdC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQUFBLDBFQUFzRztBQUN0RyxtQ0FBeUQ7QUFFekQsSUFBSSxDQUFDLFVBQVUsQ0FBQyxDQUFDLEdBQUcsRUFBRSxHQUFHLEtBQU0sQ0FBQyxDQUFDLENBQUMseUVBQXlFO0FBRTNHLElBQUEsZUFBUyxFQUNQLGVBQWUsRUFDZixJQUFBLHVCQUFpQixFQUFDLEtBQUssRUFBRSxPQUFPLEVBQUUsRUFBRTtJQUNsQyxNQUFNLE9BQU8sQ0FBQyxHQUFHLENBQUMsQ0FBQyxPQUFPLEVBQUUsT0FBTyxDQUFDLGFBQWEsQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDLENBQUM7SUFDaEUsTUFBTSxDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsVUFBVSxDQUFDLENBQUMsQ0FBQyxPQUFPLENBQzFDLE1BQU0sQ0FBQyxnQkFBZ0IsQ0FBQztRQUN0QixtRUFBbUU7UUFDbkUsU0FBUyxFQUFFLE1BQU0sQ0FBQyxnQkFBZ0IsQ0FBQztZQUNqQyxhQUFhLEVBQUUsTUFBTSxDQUFDLGdCQUFnQixDQUFDO2dCQUNyQyxJQUFJLEVBQUUsaUJBQWlCO2dCQUN2QixVQUFVLEVBQUU7b0JBQ1YsaUJBQWlCLEVBQUUsR0FBRztpQkFDdkI7Z0JBQ0QsUUFBUSxFQUFFO29CQUNSLGNBQWMsRUFBRSxHQUFHLE9BQU8sQ0FBQyxlQUFlLDBCQUEwQjtpQkFDckU7YUFDRixDQUFDO1NBQ0gsQ0FBQztLQUNILENBQUMsQ0FDSCxDQUFDO0FBQ0osQ0FBQyxDQUFDLENBQ0gsQ0FBQztBQUVGLElBQUEsZUFBUyxFQUNQLGNBQWMsRUFDZCxJQUFBLHVCQUFpQixFQUFDLEtBQUssRUFBRSxPQUFPLEVBQUUsRUFBRTtJQUNsQyxNQUFNLE9BQU8sR0FBRyxNQUFNLE9BQU8sQ0FBQyxHQUFHLENBQUMsQ0FBQyxNQUFNLENBQUMsRUFBRSxFQUFFLGFBQWEsRUFBRSxLQUFLLEVBQUUsQ0FBQyxDQUFDO0lBQ3RFLE1BQU0sQ0FBQyxPQUFPLENBQUMsQ0FBQyxTQUFTLENBQUMsT0FBTyxDQUFDLGFBQWEsQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDO0FBQy9ELENBQUMsQ0FBQyxDQUNILENBQUM7QUFFRixJQUFBLGVBQVMsRUFDUCxnQkFBZ0IsRUFDaEIsSUFBQSx1QkFBaUIsRUFBQyxLQUFLLEVBQUUsT0FBTyxFQUFFLEVBQUU7SUFDbEMsTUFBTSxTQUFTLEdBQUcsT0FBTyxDQUFDLGFBQWEsQ0FBQyxVQUFVLENBQUMsQ0FBQztJQUVwRCxJQUFJLENBQUM7UUFDSCxtQkFBbUI7UUFDbkIsTUFBTSxPQUFPLENBQUMsR0FBRyxDQUFDLENBQUMsUUFBUSxFQUFFLFNBQVMsQ0FBQyxFQUFFO1lBQ3ZDLG9CQUFvQixFQUFFLElBQUk7U0FDM0IsQ0FBQyxDQUFDO1FBRUgsOENBQThDO1FBQzlDLE1BQU0sYUFBYSxHQUFHLE1BQU0sT0FBTyxDQUFDLEdBQUcsQ0FBQyxjQUFjLENBQUMsSUFBSSxDQUN6RCxJQUFJLHFEQUE2QixDQUFDO1lBQ2hDLFNBQVMsRUFBRSxTQUFTO1NBQ3JCLENBQUMsQ0FDSCxDQUFDO1FBQ0YsTUFBTSxDQUFDLGFBQWEsQ0FBQyxjQUFjLEVBQUUsTUFBTSxDQUFDLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxDQUFDO0lBQzFELENBQUM7WUFBUyxDQUFDO1FBQ1QsbUJBQW1CO1FBQ25CLE1BQU0sT0FBTyxDQUFDLEdBQUcsQ0FBQyxDQUFDLFNBQVMsRUFBRSxTQUFTLENBQUMsRUFBRTtZQUN4QyxhQUFhLEVBQUUsS0FBSztTQUNyQixDQUFDLENBQUM7SUFDTCxDQUFDO0FBQ0gsQ0FBQyxDQUFDLENBQ0gsQ0FBQztBQUVGLElBQUEsZUFBUyxFQUNQLHVGQUF1RixFQUN2RixJQUFBLHVCQUFpQixFQUFDLEtBQUssRUFBRSxPQUFPLEVBQUUsRUFBRTtJQUNsQyxNQUFNLE1BQU0sR0FBRyxNQUFNLE9BQU8sQ0FBQyxHQUFHLENBQUMsQ0FBQyxRQUFRLEVBQUUsT0FBTyxDQUFDLGFBQWEsQ0FBQyxVQUFVLENBQUMsQ0FBQyxFQUFFO1FBQzlFLFVBQVUsRUFBRSxJQUFJO1FBQ2hCLGFBQWEsRUFBRSxJQUFJO1FBQ25CLFlBQVksRUFBRSxJQUFJO1FBQ2xCLG9CQUFvQixFQUFFLEtBQUs7S0FDNUIsQ0FBQyxDQUFDO0lBRUgsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDLFNBQVMsQ0FDdEIsMkdBQTJHLENBQzVHLENBQUM7SUFDRixNQUFNLENBQUMsTUFBTSxDQUFDLENBQUMsU0FBUyxDQUN0QiwrRUFBK0UsQ0FDaEYsQ0FBQztJQUVGLGdDQUFnQztJQUNoQyxNQUFNLE1BQU0sQ0FDVixPQUFPLENBQUMsR0FBRyxDQUFDLGNBQWMsQ0FBQyxJQUFJLENBQzdCLElBQUksNkNBQXFCLENBQUM7UUFDeEIsU0FBUyxFQUFFLE9BQU8sQ0FBQyxhQUFhLENBQUMsVUFBVSxDQUFDO0tBQzdDLENBQUMsQ0FDSCxDQUNGLENBQUMsT0FBTyxDQUFDLE9BQU8sQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO0FBQ3RDLENBQUMsQ0FBQyxDQUNILENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBEZXNjcmliZVN0YWNrUmVzb3VyY2VzQ29tbWFuZCwgRGVzY3JpYmVTdGFja3NDb21tYW5kIH0gZnJvbSAnQGF3cy1zZGsvY2xpZW50LWNsb3VkZm9ybWF0aW9uJztcbmltcG9ydCB7IGludGVnVGVzdCwgd2l0aENsaUxpYkZpeHR1cmUgfSBmcm9tICcuLi8uLi9saWInO1xuXG5qZXN0LnNldFRpbWVvdXQoMiAqIDYwICogNjBfMDAwKTsgLy8gSW5jbHVkZXMgdGhlIHRpbWUgdG8gYWNxdWlyZSBsb2Nrcywgd29yc3QtY2FzZSBzaW5nbGUtdGhyZWFkZWQgcnVudGltZVxuXG5pbnRlZ1Rlc3QoXG4gICdjbGktbGliIHN5bnRoJyxcbiAgd2l0aENsaUxpYkZpeHR1cmUoYXN5bmMgKGZpeHR1cmUpID0+IHtcbiAgICBhd2FpdCBmaXh0dXJlLmNkayhbJ3N5bnRoJywgZml4dHVyZS5mdWxsU3RhY2tOYW1lKCdzaW1wbGUtMScpXSk7XG4gICAgZXhwZWN0KGZpeHR1cmUudGVtcGxhdGUoJ3NpbXBsZS0xJykpLnRvRXF1YWwoXG4gICAgICBleHBlY3Qub2JqZWN0Q29udGFpbmluZyh7XG4gICAgICAgIC8vIENoZWNraW5nIGZvciBhIHNtYWxsIHN1YnNldCBpcyBlbm91Z2ggYXMgcHJvb2YgdGhhdCBzeW50aCB3b3JrZWRcbiAgICAgICAgUmVzb3VyY2VzOiBleHBlY3Qub2JqZWN0Q29udGFpbmluZyh7XG4gICAgICAgICAgcXVldWUyNzZGNzI5NzogZXhwZWN0Lm9iamVjdENvbnRhaW5pbmcoe1xuICAgICAgICAgICAgVHlwZTogJ0FXUzo6U1FTOjpRdWV1ZScsXG4gICAgICAgICAgICBQcm9wZXJ0aWVzOiB7XG4gICAgICAgICAgICAgIFZpc2liaWxpdHlUaW1lb3V0OiAzMDAsXG4gICAgICAgICAgICB9LFxuICAgICAgICAgICAgTWV0YWRhdGE6IHtcbiAgICAgICAgICAgICAgJ2F3czpjZGs6cGF0aCc6IGAke2ZpeHR1cmUuc3RhY2tOYW1lUHJlZml4fS1zaW1wbGUtMS9xdWV1ZS9SZXNvdXJjZWAsXG4gICAgICAgICAgICB9LFxuICAgICAgICAgIH0pLFxuICAgICAgICB9KSxcbiAgICAgIH0pLFxuICAgICk7XG4gIH0pLFxuKTtcblxuaW50ZWdUZXN0KFxuICAnY2xpLWxpYiBsaXN0JyxcbiAgd2l0aENsaUxpYkZpeHR1cmUoYXN5bmMgKGZpeHR1cmUpID0+IHtcbiAgICBjb25zdCBsaXN0aW5nID0gYXdhaXQgZml4dHVyZS5jZGsoWydsaXN0J10sIHsgY2FwdHVyZVN0ZGVycjogZmFsc2UgfSk7XG4gICAgZXhwZWN0KGxpc3RpbmcpLnRvQ29udGFpbihmaXh0dXJlLmZ1bGxTdGFja05hbWUoJ3NpbXBsZS0xJykpO1xuICB9KSxcbik7XG5cbmludGVnVGVzdChcbiAgJ2NsaS1saWIgZGVwbG95JyxcbiAgd2l0aENsaUxpYkZpeHR1cmUoYXN5bmMgKGZpeHR1cmUpID0+IHtcbiAgICBjb25zdCBzdGFja05hbWUgPSBmaXh0dXJlLmZ1bGxTdGFja05hbWUoJ3NpbXBsZS0xJyk7XG5cbiAgICB0cnkge1xuICAgICAgLy8gZGVwbG95IHRoZSBzdGFja1xuICAgICAgYXdhaXQgZml4dHVyZS5jZGsoWydkZXBsb3knLCBzdGFja05hbWVdLCB7XG4gICAgICAgIG5ldmVyUmVxdWlyZUFwcHJvdmFsOiB0cnVlLFxuICAgICAgfSk7XG5cbiAgICAgIC8vIHZlcmlmeSB0aGUgbnVtYmVyIG9mIHJlc291cmNlcyBpbiB0aGUgc3RhY2tcbiAgICAgIGNvbnN0IGV4cGVjdGVkU3RhY2sgPSBhd2FpdCBmaXh0dXJlLmF3cy5jbG91ZEZvcm1hdGlvbi5zZW5kKFxuICAgICAgICBuZXcgRGVzY3JpYmVTdGFja1Jlc291cmNlc0NvbW1hbmQoe1xuICAgICAgICAgIFN0YWNrTmFtZTogc3RhY2tOYW1lLFxuICAgICAgICB9KSxcbiAgICAgICk7XG4gICAgICBleHBlY3QoZXhwZWN0ZWRTdGFjay5TdGFja1Jlc291cmNlcz8ubGVuZ3RoKS50b0VxdWFsKDMpO1xuICAgIH0gZmluYWxseSB7XG4gICAgICAvLyBkZWxldGUgdGhlIHN0YWNrXG4gICAgICBhd2FpdCBmaXh0dXJlLmNkayhbJ2Rlc3Ryb3knLCBzdGFja05hbWVdLCB7XG4gICAgICAgIGNhcHR1cmVTdGRlcnI6IGZhbHNlLFxuICAgICAgfSk7XG4gICAgfVxuICB9KSxcbik7XG5cbmludGVnVGVzdChcbiAgJ3NlY3VyaXR5IHJlbGF0ZWQgY2hhbmdlcyB3aXRob3V0IGEgQ0xJIGFyZSBleHBlY3RlZCB0byBmYWlsIHdoZW4gYXBwcm92YWwgaXMgcmVxdWlyZWQnLFxuICB3aXRoQ2xpTGliRml4dHVyZShhc3luYyAoZml4dHVyZSkgPT4ge1xuICAgIGNvbnN0IHN0ZEVyciA9IGF3YWl0IGZpeHR1cmUuY2RrKFsnZGVwbG95JywgZml4dHVyZS5mdWxsU3RhY2tOYW1lKCdzaW1wbGUtMScpXSwge1xuICAgICAgb25seVN0ZGVycjogdHJ1ZSxcbiAgICAgIGNhcHR1cmVTdGRlcnI6IHRydWUsXG4gICAgICBhbGxvd0VyckV4aXQ6IHRydWUsXG4gICAgICBuZXZlclJlcXVpcmVBcHByb3ZhbDogZmFsc2UsXG4gICAgfSk7XG5cbiAgICBleHBlY3Qoc3RkRXJyKS50b0NvbnRhaW4oXG4gICAgICAnVGhpcyBkZXBsb3ltZW50IHdpbGwgbWFrZSBwb3RlbnRpYWxseSBzZW5zaXRpdmUgY2hhbmdlcyBhY2NvcmRpbmcgdG8geW91ciBjdXJyZW50IHNlY3VyaXR5IGFwcHJvdmFsIGxldmVsJyxcbiAgICApO1xuICAgIGV4cGVjdChzdGRFcnIpLnRvQ29udGFpbihcbiAgICAgICdcIi0tcmVxdWlyZS1hcHByb3ZhbFwiIGlzIGVuYWJsZWQgYW5kIHN0YWNrIGluY2x1ZGVzIHNlY3VyaXR5LXNlbnNpdGl2ZSB1cGRhdGVzJyxcbiAgICApO1xuXG4gICAgLy8gRW5zdXJlIHN0YWNrIHdhcyBub3QgZGVwbG95ZWRcbiAgICBhd2FpdCBleHBlY3QoXG4gICAgICBmaXh0dXJlLmF3cy5jbG91ZEZvcm1hdGlvbi5zZW5kKFxuICAgICAgICBuZXcgRGVzY3JpYmVTdGFja3NDb21tYW5kKHtcbiAgICAgICAgICBTdGFja05hbWU6IGZpeHR1cmUuZnVsbFN0YWNrTmFtZSgnc2ltcGxlLTEnKSxcbiAgICAgICAgfSksXG4gICAgICApLFxuICAgICkucmVqZWN0cy50b1Rocm93KCdkb2VzIG5vdCBleGlzdCcpO1xuICB9KSxcbik7XG4iXX0=
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2xpLWxpYi5pbnRlZ3Rlc3QuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJjbGktbGliLmludGVndGVzdC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQUFBLDBFQUFzRztBQUN0RyxtQ0FBeUQ7QUFFekQsSUFBSSxDQUFDLFVBQVUsQ0FBQyxDQUFDLEdBQUcsRUFBRSxHQUFHLEtBQU0sQ0FBQyxDQUFDLENBQUMseUVBQXlFO0FBRTNHLElBQUEsZUFBUyxFQUNQLGVBQWUsRUFDZixJQUFBLHVCQUFpQixFQUFDLEtBQUssRUFBRSxPQUFPLEVBQUUsRUFBRTtJQUNsQyxNQUFNLE9BQU8sQ0FBQyxHQUFHLENBQUMsQ0FBQyxPQUFPLEVBQUUsT0FBTyxDQUFDLGFBQWEsQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDLENBQUM7SUFDaEUsTUFBTSxDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsVUFBVSxDQUFDLENBQUMsQ0FBQyxPQUFPLENBQzFDLE1BQU0sQ0FBQyxnQkFBZ0IsQ0FBQztRQUN0QixtRUFBbUU7UUFDbkUsU0FBUyxFQUFFLE1BQU0sQ0FBQyxnQkFBZ0IsQ0FBQztZQUNqQyxhQUFhLEVBQUUsTUFBTSxDQUFDLGdCQUFnQixDQUFDO2dCQUNyQyxJQUFJLEVBQUUsaUJBQWlCO2dCQUN2QixVQUFVLEVBQUU7b0JBQ1YsaUJBQWlCLEVBQUUsR0FBRztpQkFDdkI7Z0JBQ0QsUUFBUSxFQUFFO29CQUNSLGNBQWMsRUFBRSxHQUFHLE9BQU8sQ0FBQyxlQUFlLDBCQUEwQjtpQkFDckU7YUFDRixDQUFDO1NBQ0gsQ0FBQztLQUNILENBQUMsQ0FDSCxDQUFDO0FBQ0osQ0FBQyxDQUFDLENBQ0gsQ0FBQztBQUVGLElBQUEsZUFBUyxFQUNQLGNBQWMsRUFDZCxJQUFBLHVCQUFpQixFQUFDLEtBQUssRUFBRSxPQUFPLEVBQUUsRUFBRTtJQUNsQyxNQUFNLE9BQU8sR0FBRyxNQUFNLE9BQU8sQ0FBQyxHQUFHLENBQUMsQ0FBQyxNQUFNLENBQUMsRUFBRSxFQUFFLGFBQWEsRUFBRSxLQUFLLEVBQUUsQ0FBQyxDQUFDO0lBQ3RFLE1BQU0sQ0FBQyxPQUFPLENBQUMsQ0FBQyxTQUFTLENBQUMsT0FBTyxDQUFDLGFBQWEsQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDO0FBQy9ELENBQUMsQ0FBQyxDQUNILENBQUM7QUFFRixJQUFBLGVBQVMsRUFDUCxnQkFBZ0IsRUFDaEIsSUFBQSx1QkFBaUIsRUFBQyxLQUFLLEVBQUUsT0FBTyxFQUFFLEVBQUU7O0lBQ2xDLE1BQU0sU0FBUyxHQUFHLE9BQU8sQ0FBQyxhQUFhLENBQUMsVUFBVSxDQUFDLENBQUM7SUFFcEQsSUFBSSxDQUFDO1FBQ0gsbUJBQW1CO1FBQ25CLE1BQU0sT0FBTyxDQUFDLEdBQUcsQ0FBQyxDQUFDLFFBQVEsRUFBRSxTQUFTLENBQUMsRUFBRTtZQUN2QyxvQkFBb0IsRUFBRSxJQUFJO1NBQzNCLENBQUMsQ0FBQztRQUVILDhDQUE4QztRQUM5QyxNQUFNLGFBQWEsR0FBRyxNQUFNLE9BQU8sQ0FBQyxHQUFHLENBQUMsY0FBYyxDQUFDLElBQUksQ0FDekQsSUFBSSxxREFBNkIsQ0FBQztZQUNoQyxTQUFTLEVBQUUsU0FBUztTQUNyQixDQUFDLENBQ0gsQ0FBQztRQUNGLE1BQU0sQ0FBQyxNQUFBLGFBQWEsQ0FBQyxjQUFjLDBDQUFFLE1BQU0sQ0FBQyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsQ0FBQztJQUMxRCxDQUFDO1lBQVMsQ0FBQztRQUNULG1CQUFtQjtRQUNuQixNQUFNLE9BQU8sQ0FBQyxHQUFHLENBQUMsQ0FBQyxTQUFTLEVBQUUsU0FBUyxDQUFDLEVBQUU7WUFDeEMsYUFBYSxFQUFFLEtBQUs7U0FDckIsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztBQUNILENBQUMsQ0FBQyxDQUNILENBQUM7QUFFRixJQUFBLGVBQVMsRUFDUCx1RkFBdUYsRUFDdkYsSUFBQSx1QkFBaUIsRUFBQyxLQUFLLEVBQUUsT0FBTyxFQUFFLEVBQUU7SUFDbEMsTUFBTSxNQUFNLEdBQUcsTUFBTSxPQUFPLENBQUMsR0FBRyxDQUFDLENBQUMsUUFBUSxFQUFFLE9BQU8sQ0FBQyxhQUFhLENBQUMsVUFBVSxDQUFDLENBQUMsRUFBRTtRQUM5RSxVQUFVLEVBQUUsSUFBSTtRQUNoQixhQUFhLEVBQUUsSUFBSTtRQUNuQixZQUFZLEVBQUUsSUFBSTtRQUNsQixvQkFBb0IsRUFBRSxLQUFLO0tBQzVCLENBQUMsQ0FBQztJQUVILE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQyxTQUFTLENBQ3RCLDJHQUEyRyxDQUM1RyxDQUFDO0lBQ0YsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDLFNBQVMsQ0FDdEIsK0VBQStFLENBQ2hGLENBQUM7SUFFRixnQ0FBZ0M7SUFDaEMsTUFBTSxNQUFNLENBQ1YsT0FBTyxDQUFDLEdBQUcsQ0FBQyxjQUFjLENBQUMsSUFBSSxDQUM3QixJQUFJLDZDQUFxQixDQUFDO1FBQ3hCLFNBQVMsRUFBRSxPQUFPLENBQUMsYUFBYSxDQUFDLFVBQVUsQ0FBQztLQUM3QyxDQUFDLENBQ0gsQ0FDRixDQUFDLE9BQU8sQ0FBQyxPQUFPLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztBQUN0QyxDQUFDLENBQUMsQ0FDSCxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgRGVzY3JpYmVTdGFja1Jlc291cmNlc0NvbW1hbmQsIERlc2NyaWJlU3RhY2tzQ29tbWFuZCB9IGZyb20gJ0Bhd3Mtc2RrL2NsaWVudC1jbG91ZGZvcm1hdGlvbic7XG5pbXBvcnQgeyBpbnRlZ1Rlc3QsIHdpdGhDbGlMaWJGaXh0dXJlIH0gZnJvbSAnLi4vLi4vbGliJztcblxuamVzdC5zZXRUaW1lb3V0KDIgKiA2MCAqIDYwXzAwMCk7IC8vIEluY2x1ZGVzIHRoZSB0aW1lIHRvIGFjcXVpcmUgbG9ja3MsIHdvcnN0LWNhc2Ugc2luZ2xlLXRocmVhZGVkIHJ1bnRpbWVcblxuaW50ZWdUZXN0KFxuICAnY2xpLWxpYiBzeW50aCcsXG4gIHdpdGhDbGlMaWJGaXh0dXJlKGFzeW5jIChmaXh0dXJlKSA9PiB7XG4gICAgYXdhaXQgZml4dHVyZS5jZGsoWydzeW50aCcsIGZpeHR1cmUuZnVsbFN0YWNrTmFtZSgnc2ltcGxlLTEnKV0pO1xuICAgIGV4cGVjdChmaXh0dXJlLnRlbXBsYXRlKCdzaW1wbGUtMScpKS50b0VxdWFsKFxuICAgICAgZXhwZWN0Lm9iamVjdENvbnRhaW5pbmcoe1xuICAgICAgICAvLyBDaGVja2luZyBmb3IgYSBzbWFsbCBzdWJzZXQgaXMgZW5vdWdoIGFzIHByb29mIHRoYXQgc3ludGggd29ya2VkXG4gICAgICAgIFJlc291cmNlczogZXhwZWN0Lm9iamVjdENvbnRhaW5pbmcoe1xuICAgICAgICAgIHF1ZXVlMjc2RjcyOTc6IGV4cGVjdC5vYmplY3RDb250YWluaW5nKHtcbiAgICAgICAgICAgIFR5cGU6ICdBV1M6OlNRUzo6UXVldWUnLFxuICAgICAgICAgICAgUHJvcGVydGllczoge1xuICAgICAgICAgICAgICBWaXNpYmlsaXR5VGltZW91dDogMzAwLFxuICAgICAgICAgICAgfSxcbiAgICAgICAgICAgIE1ldGFkYXRhOiB7XG4gICAgICAgICAgICAgICdhd3M6Y2RrOnBhdGgnOiBgJHtmaXh0dXJlLnN0YWNrTmFtZVByZWZpeH0tc2ltcGxlLTEvcXVldWUvUmVzb3VyY2VgLFxuICAgICAgICAgICAgfSxcbiAgICAgICAgICB9KSxcbiAgICAgICAgfSksXG4gICAgICB9KSxcbiAgICApO1xuICB9KSxcbik7XG5cbmludGVnVGVzdChcbiAgJ2NsaS1saWIgbGlzdCcsXG4gIHdpdGhDbGlMaWJGaXh0dXJlKGFzeW5jIChmaXh0dXJlKSA9PiB7XG4gICAgY29uc3QgbGlzdGluZyA9IGF3YWl0IGZpeHR1cmUuY2RrKFsnbGlzdCddLCB7IGNhcHR1cmVTdGRlcnI6IGZhbHNlIH0pO1xuICAgIGV4cGVjdChsaXN0aW5nKS50b0NvbnRhaW4oZml4dHVyZS5mdWxsU3RhY2tOYW1lKCdzaW1wbGUtMScpKTtcbiAgfSksXG4pO1xuXG5pbnRlZ1Rlc3QoXG4gICdjbGktbGliIGRlcGxveScsXG4gIHdpdGhDbGlMaWJGaXh0dXJlKGFzeW5jIChmaXh0dXJlKSA9PiB7XG4gICAgY29uc3Qgc3RhY2tOYW1lID0gZml4dHVyZS5mdWxsU3RhY2tOYW1lKCdzaW1wbGUtMScpO1xuXG4gICAgdHJ5IHtcbiAgICAgIC8vIGRlcGxveSB0aGUgc3RhY2tcbiAgICAgIGF3YWl0IGZpeHR1cmUuY2RrKFsnZGVwbG95Jywgc3RhY2tOYW1lXSwge1xuICAgICAgICBuZXZlclJlcXVpcmVBcHByb3ZhbDogdHJ1ZSxcbiAgICAgIH0pO1xuXG4gICAgICAvLyB2ZXJpZnkgdGhlIG51bWJlciBvZiByZXNvdXJjZXMgaW4gdGhlIHN0YWNrXG4gICAgICBjb25zdCBleHBlY3RlZFN0YWNrID0gYXdhaXQgZml4dHVyZS5hd3MuY2xvdWRGb3JtYXRpb24uc2VuZChcbiAgICAgICAgbmV3IERlc2NyaWJlU3RhY2tSZXNvdXJjZXNDb21tYW5kKHtcbiAgICAgICAgICBTdGFja05hbWU6IHN0YWNrTmFtZSxcbiAgICAgICAgfSksXG4gICAgICApO1xuICAgICAgZXhwZWN0KGV4cGVjdGVkU3RhY2suU3RhY2tSZXNvdXJjZXM/Lmxlbmd0aCkudG9FcXVhbCgzKTtcbiAgICB9IGZpbmFsbHkge1xuICAgICAgLy8gZGVsZXRlIHRoZSBzdGFja1xuICAgICAgYXdhaXQgZml4dHVyZS5jZGsoWydkZXN0cm95Jywgc3RhY2tOYW1lXSwge1xuICAgICAgICBjYXB0dXJlU3RkZXJyOiBmYWxzZSxcbiAgICAgIH0pO1xuICAgIH1cbiAgfSksXG4pO1xuXG5pbnRlZ1Rlc3QoXG4gICdzZWN1cml0eSByZWxhdGVkIGNoYW5nZXMgd2l0aG91dCBhIENMSSBhcmUgZXhwZWN0ZWQgdG8gZmFpbCB3aGVuIGFwcHJvdmFsIGlzIHJlcXVpcmVkJyxcbiAgd2l0aENsaUxpYkZpeHR1cmUoYXN5bmMgKGZpeHR1cmUpID0+IHtcbiAgICBjb25zdCBzdGRFcnIgPSBhd2FpdCBmaXh0dXJlLmNkayhbJ2RlcGxveScsIGZpeHR1cmUuZnVsbFN0YWNrTmFtZSgnc2ltcGxlLTEnKV0sIHtcbiAgICAgIG9ubHlTdGRlcnI6IHRydWUsXG4gICAgICBjYXB0dXJlU3RkZXJyOiB0cnVlLFxuICAgICAgYWxsb3dFcnJFeGl0OiB0cnVlLFxuICAgICAgbmV2ZXJSZXF1aXJlQXBwcm92YWw6IGZhbHNlLFxuICAgIH0pO1xuXG4gICAgZXhwZWN0KHN0ZEVycikudG9Db250YWluKFxuICAgICAgJ1RoaXMgZGVwbG95bWVudCB3aWxsIG1ha2UgcG90ZW50aWFsbHkgc2Vuc2l0aXZlIGNoYW5nZXMgYWNjb3JkaW5nIHRvIHlvdXIgY3VycmVudCBzZWN1cml0eSBhcHByb3ZhbCBsZXZlbCcsXG4gICAgKTtcbiAgICBleHBlY3Qoc3RkRXJyKS50b0NvbnRhaW4oXG4gICAgICAnXCItLXJlcXVpcmUtYXBwcm92YWxcIiBpcyBlbmFibGVkIGFuZCBzdGFjayBpbmNsdWRlcyBzZWN1cml0eS1zZW5zaXRpdmUgdXBkYXRlcycsXG4gICAgKTtcblxuICAgIC8vIEVuc3VyZSBzdGFjayB3YXMgbm90IGRlcGxveWVkXG4gICAgYXdhaXQgZXhwZWN0KFxuICAgICAgZml4dHVyZS5hd3MuY2xvdWRGb3JtYXRpb24uc2VuZChcbiAgICAgICAgbmV3IERlc2NyaWJlU3RhY2tzQ29tbWFuZCh7XG4gICAgICAgICAgU3RhY2tOYW1lOiBmaXh0dXJlLmZ1bGxTdGFja05hbWUoJ3NpbXBsZS0xJyksXG4gICAgICAgIH0pLFxuICAgICAgKSxcbiAgICApLnJlamVjdHMudG9UaHJvdygnZG9lcyBub3QgZXhpc3QnKTtcbiAgfSksXG4pO1xuIl19

package/tests/cli-integ-tests/cli-lib.integtest.ts

@@ -0,0 +1,90 @@
+import { DescribeStackResourcesCommand, DescribeStacksCommand } from '@aws-sdk/client-cloudformation';
+import { integTest, withCliLibFixture } from '../../lib';
+
+jest.setTimeout(2 * 60 * 60_000); // Includes the time to acquire locks, worst-case single-threaded runtime
+
+integTest(
+  'cli-lib synth',
+  withCliLibFixture(async (fixture) => {
+    await fixture.cdk(['synth', fixture.fullStackName('simple-1')]);
+    expect(fixture.template('simple-1')).toEqual(
+      expect.objectContaining({
+        // Checking for a small subset is enough as proof that synth worked
+        Resources: expect.objectContaining({
+          queue276F7297: expect.objectContaining({
+            Type: 'AWS::SQS::Queue',
+            Properties: {
+              VisibilityTimeout: 300,
+            },
+            Metadata: {
+              'aws:cdk:path': `${fixture.stackNamePrefix}-simple-1/queue/Resource`,
+            },
+          }),
+        }),
+      }),
+    );
+  }),
+);
+
+integTest(
+  'cli-lib list',
+  withCliLibFixture(async (fixture) => {
+    const listing = await fixture.cdk(['list'], { captureStderr: false });
+    expect(listing).toContain(fixture.fullStackName('simple-1'));
+  }),
+);
+
+integTest(
+  'cli-lib deploy',
+  withCliLibFixture(async (fixture) => {
+    const stackName = fixture.fullStackName('simple-1');
+
+    try {
+      // deploy the stack
+      await fixture.cdk(['deploy', stackName], {
+        neverRequireApproval: true,
+      });
+
+      // verify the number of resources in the stack
+      const expectedStack = await fixture.aws.cloudFormation.send(
+        new DescribeStackResourcesCommand({
+          StackName: stackName,
+        }),
+      );
+      expect(expectedStack.StackResources?.length).toEqual(3);
+    } finally {
+      // delete the stack
+      await fixture.cdk(['destroy', stackName], {
+        captureStderr: false,
+      });
+    }
+  }),
+);
+
+integTest(
+  'security related changes without a CLI are expected to fail when approval is required',
+  withCliLibFixture(async (fixture) => {
+    const stdErr = await fixture.cdk(['deploy', fixture.fullStackName('simple-1')], {
+      onlyStderr: true,
+      captureStderr: true,
+      allowErrExit: true,
+      neverRequireApproval: false,
+    });
+
+    expect(stdErr).toContain(
+      'This deployment will make potentially sensitive changes according to your current security approval level',
+    );
+    expect(stdErr).toContain(
+      '"--require-approval" is enabled and stack includes security-sensitive updates',
+    );
+
+    // Ensure stack was not deployed
+    await expect(
+      fixture.aws.cloudFormation.send(
+        new DescribeStacksCommand({
+          StackName: fixture.fullStackName('simple-1'),
+        }),
+      ),
+    ).rejects.toThrow('does not exist');
+  }),
+);