@aws-cdk/toolkit-lib 0.3.1 → 0.3.3

package/lib/api/diff/diff-formatter.js

@@ -0,0 +1,225 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DiffFormatter = void 0;
+const node_util_1 = require("node:util");
+const cxschema = require("@aws-cdk/cloud-assembly-schema");
+const cloudformation_diff_1 = require("@aws-cdk/cloudformation-diff");
+const chalk = require("chalk");
+const payloads_1 = require("../../payloads");
+const private_1 = require("../io/private");
+const streams_1 = require("../streams");
+/**
+ * Class for formatting the diff output
+ */
+class DiffFormatter {
+    ioHelper;
+    oldTemplate;
+    newTemplate;
+    stackName;
+    changeSet;
+    nestedStacks;
+    isImport;
+    /**
+     * Stores the TemplateDiffs that get calculated in this DiffFormatter,
+     * indexed by the stack name.
+     */
+    _diffs = {};
+    constructor(props) {
+        this.ioHelper = props.ioHelper;
+        this.oldTemplate = props.templateInfo.oldTemplate;
+        this.newTemplate = props.templateInfo.newTemplate;
+        this.stackName = props.templateInfo.newTemplate.stackName;
+        this.changeSet = props.templateInfo.changeSet;
+        this.nestedStacks = props.templateInfo.nestedStacks;
+        this.isImport = props.templateInfo.isImport ?? false;
+    }
+    get diffs() {
+        return this._diffs;
+    }
+    /**
+     * Get or creates the diff of a stack.
+     * If it creates the diff, it stores the result in a map for
+     * easier retreval later.
+     */
+    diff(stackName, oldTemplate) {
+        const realStackName = stackName ?? this.stackName;
+        if (!this._diffs[realStackName]) {
+            this._diffs[realStackName] = (0, cloudformation_diff_1.fullDiff)(oldTemplate ?? this.oldTemplate, this.newTemplate.template, this.changeSet, this.isImport);
+        }
+        return this._diffs[realStackName];
+    }
+    /**
+     * Return whether the diff has security-impacting changes that need confirmation.
+     *
+     * If no stackName is given, then the root stack name is used.
+     */
+    permissionType(stackName) {
+        const diff = this.diff(stackName);
+        if (diff.permissionsBroadened) {
+            return payloads_1.PermissionChangeType.BROADENING;
+        }
+        else if (diff.permissionsAnyChanges) {
+            return payloads_1.PermissionChangeType.NON_BROADENING;
+        }
+        else {
+            return payloads_1.PermissionChangeType.NONE;
+        }
+    }
+    /**
+     * Format the stack diff
+     */
+    formatStackDiff(options = {}) {
+        const ioDefaultHelper = new private_1.IoDefaultMessages(this.ioHelper);
+        return this.formatStackDiffHelper(this.oldTemplate, this.stackName, this.nestedStacks, {
+            ...options,
+            ioDefaultHelper,
+        });
+    }
+    formatStackDiffHelper(oldTemplate, stackName, nestedStackTemplates, options) {
+        let diff = this.diff(stackName, oldTemplate);
+        // The stack diff is formatted via `Formatter`, which takes in a stream
+        // and sends its output directly to that stream. To faciliate use of the
+        // global CliIoHost, we create our own stream to capture the output of
+        // `Formatter` and return the output as a string for the consumer of
+        // `formatStackDiff` to decide what to do with it.
+        const stream = new streams_1.StringWriteStream();
+        let numStacksWithChanges = 0;
+        let formattedDiff = '';
+        let filteredChangesCount = 0;
+        try {
+            // must output the stack name if there are differences, even if quiet
+            if (stackName && (!options.quiet || !diff.isEmpty)) {
+                stream.write((0, node_util_1.format)(`Stack ${chalk.bold(stackName)}\n`));
+            }
+            if (!options.quiet && this.isImport) {
+                stream.write('Parameters and rules created during migration do not affect resource configuration.\n');
+            }
+            // detect and filter out mangled characters from the diff
+            if (diff.differenceCount && !options.strict) {
+                const mangledNewTemplate = JSON.parse((0, cloudformation_diff_1.mangleLikeCloudFormation)(JSON.stringify(this.newTemplate.template)));
+                const mangledDiff = (0, cloudformation_diff_1.fullDiff)(this.oldTemplate, mangledNewTemplate, this.changeSet);
+                filteredChangesCount = Math.max(0, diff.differenceCount - mangledDiff.differenceCount);
+                if (filteredChangesCount > 0) {
+                    diff = mangledDiff;
+                }
+            }
+            // filter out 'AWS::CDK::Metadata' resources from the template
+            // filter out 'CheckBootstrapVersion' rules from the template
+            if (!options.strict) {
+                obscureDiff(diff);
+            }
+            if (!diff.isEmpty) {
+                numStacksWithChanges++;
+                // formatDifferences updates the stream with the formatted stack diff
+                (0, cloudformation_diff_1.formatDifferences)(stream, diff, {
+                    ...logicalIdMapFromTemplate(this.oldTemplate),
+                    ...buildLogicalToPathMap(this.newTemplate),
+                }, options.context);
+            }
+            else if (!options.quiet) {
+                stream.write(chalk.green('There were no differences\n'));
+            }
+            if (filteredChangesCount > 0) {
+                stream.write(chalk.yellow(`Omitted ${filteredChangesCount} changes because they are likely mangled non-ASCII characters. Use --strict to print them.\n`));
+            }
+        }
+        finally {
+            // store the stream containing a formatted stack diff
+            formattedDiff = stream.toString();
+            stream.end();
+        }
+        for (const nestedStackLogicalId of Object.keys(nestedStackTemplates ?? {})) {
+            if (!nestedStackTemplates) {
+                break;
+            }
+            const nestedStack = nestedStackTemplates[nestedStackLogicalId];
+            this.newTemplate._template = nestedStack.generatedTemplate;
+            const nextDiff = this.formatStackDiffHelper(nestedStack.deployedTemplate, nestedStack.physicalName ?? nestedStackLogicalId, nestedStack.nestedStackTemplates, options);
+            numStacksWithChanges += nextDiff.numStacksWithChanges;
+            formattedDiff += nextDiff.formattedDiff;
+        }
+        return {
+            numStacksWithChanges,
+            formattedDiff,
+        };
+    }
+    /**
+     * Format the security diff
+     */
+    formatSecurityDiff() {
+        const diff = this.diff();
+        // The security diff is formatted via `Formatter`, which takes in a stream
+        // and sends its output directly to that stream. To faciliate use of the
+        // global CliIoHost, we create our own stream to capture the output of
+        // `Formatter` and return the output as a string for the consumer of
+        // `formatSecurityDiff` to decide what to do with it.
+        const stream = new streams_1.StringWriteStream();
+        stream.write((0, node_util_1.format)(`Stack ${chalk.bold(this.stackName)}\n`));
+        try {
+            // formatSecurityChanges updates the stream with the formatted security diff
+            (0, cloudformation_diff_1.formatSecurityChanges)(stream, diff, buildLogicalToPathMap(this.newTemplate));
+        }
+        finally {
+            stream.end();
+        }
+        // store the stream containing a formatted stack diff
+        const formattedDiff = stream.toString();
+        return { formattedDiff, permissionChangeType: this.permissionType() };
+    }
+}
+exports.DiffFormatter = DiffFormatter;
+function buildLogicalToPathMap(stack) {
+    const map = {};
+    for (const md of stack.findMetadataByType(cxschema.ArtifactMetadataEntryType.LOGICAL_ID)) {
+        map[md.data] = md.path;
+    }
+    return map;
+}
+function logicalIdMapFromTemplate(template) {
+    const ret = {};
+    for (const [logicalId, resource] of Object.entries(template.Resources ?? {})) {
+        const path = resource?.Metadata?.['aws:cdk:path'];
+        if (path) {
+            ret[logicalId] = path;
+        }
+    }
+    return ret;
+}
+/**
+ * Remove any template elements that we don't want to show users.
+ * This is currently:
+ * - AWS::CDK::Metadata resource
+ * - CheckBootstrapVersion Rule
+ */
+function obscureDiff(diff) {
+    if (diff.unknown) {
+        // see https://github.com/aws/aws-cdk/issues/17942
+        diff.unknown = diff.unknown.filter(change => {
+            if (!change) {
+                return true;
+            }
+            if (change.newValue?.CheckBootstrapVersion) {
+                return false;
+            }
+            if (change.oldValue?.CheckBootstrapVersion) {
+                return false;
+            }
+            return true;
+        });
+    }
+    if (diff.resources) {
+        diff.resources = diff.resources.filter(change => {
+            if (!change) {
+                return true;
+            }
+            if (change.newResourceType === 'AWS::CDK::Metadata') {
+                return false;
+            }
+            if (change.oldResourceType === 'AWS::CDK::Metadata') {
+                return false;
+            }
+            return true;
+        });
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZGlmZi1mb3JtYXR0ZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJkaWZmLWZvcm1hdHRlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSx5Q0FBbUM7QUFDbkMsMkRBQTJEO0FBQzNELHNFQU1zQztBQUV0QywrQkFBK0I7QUFDL0IsNkNBQXNEO0FBR3RELDJDQUFrRDtBQUNsRCx3Q0FBK0M7QUF1SC9DOztHQUVHO0FBQ0gsTUFBYSxhQUFhO0lBQ1AsUUFBUSxDQUFXO0lBQ25CLFdBQVcsQ0FBTTtJQUNqQixXQUFXLENBQW9DO0lBQy9DLFNBQVMsQ0FBUztJQUNsQixTQUFTLENBQU87SUFDaEIsWUFBWSxDQUF1RTtJQUNuRixRQUFRLENBQVU7SUFFbkM7OztPQUdHO0lBQ0ssTUFBTSxHQUFxQyxFQUFFLENBQUM7SUFFdEQsWUFBWSxLQUF5QjtRQUNuQyxJQUFJLENBQUMsUUFBUSxHQUFHLEtBQUssQ0FBQyxRQUFRLENBQUM7UUFDL0IsSUFBSSxDQUFDLFdBQVcsR0FBRyxLQUFLLENBQUMsWUFBWSxDQUFDLFdBQVcsQ0FBQztRQUNsRCxJQUFJLENBQUMsV0FBVyxHQUFHLEtBQUssQ0FBQyxZQUFZLENBQUMsV0FBVyxDQUFDO1FBQ2xELElBQUksQ0FBQyxTQUFTLEdBQUcsS0FBSyxDQUFDLFlBQVksQ0FBQyxXQUFXLENBQUMsU0FBUyxDQUFDO1FBQzFELElBQUksQ0FBQyxTQUFTLEdBQUcsS0FBSyxDQUFDLFlBQVksQ0FBQyxTQUFTLENBQUM7UUFDOUMsSUFBSSxDQUFDLFlBQVksR0FBRyxLQUFLLENBQUMsWUFBWSxDQUFDLFlBQVksQ0FBQztRQUNwRCxJQUFJLENBQUMsUUFBUSxHQUFHLEtBQUssQ0FBQyxZQUFZLENBQUMsUUFBUSxJQUFJLEtBQUssQ0FBQztJQUN2RCxDQUFDO0lBRUQsSUFBVyxLQUFLO1FBQ2QsT0FBTyxJQUFJLENBQUMsTUFBTSxDQUFDO0lBQ3JCLENBQUM7SUFFRDs7OztPQUlHO0lBQ0ssSUFBSSxDQUFDLFNBQWtCLEVBQUUsV0FBaUI7UUFDaEQsTUFBTSxhQUFhLEdBQUcsU0FBUyxJQUFJLElBQUksQ0FBQyxTQUFTLENBQUM7UUFFbEQsSUFBSSxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsYUFBYSxDQUFDLEVBQUUsQ0FBQztZQUNoQyxJQUFJLENBQUMsTUFBTSxDQUFDLGFBQWEsQ0FBQyxHQUFHLElBQUEsOEJBQVEsRUFDbkMsV0FBVyxJQUFJLElBQUksQ0FBQyxXQUFXLEVBQy9CLElBQUksQ0FBQyxXQUFXLENBQUMsUUFBUSxFQUN6QixJQUFJLENBQUMsU0FBUyxFQUNkLElBQUksQ0FBQyxRQUFRLENBQ2QsQ0FBQztRQUNKLENBQUM7UUFDRCxPQUFPLElBQUksQ0FBQyxNQUFNLENBQUMsYUFBYSxDQUFDLENBQUM7SUFDcEMsQ0FBQztJQUVEOzs7O09BSUc7SUFDSyxjQUFjLENBQUMsU0FBa0I7UUFDdkMsTUFBTSxJQUFJLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsQ0FBQztRQUVsQyxJQUFJLElBQUksQ0FBQyxvQkFBb0IsRUFBRSxDQUFDO1lBQzlCLE9BQU8sK0JBQW9CLENBQUMsVUFBVSxDQUFDO1FBQ3pDLENBQUM7YUFBTSxJQUFJLElBQUksQ0FBQyxxQkFBcUIsRUFBRSxDQUFDO1lBQ3RDLE9BQU8sK0JBQW9CLENBQUMsY0FBYyxDQUFDO1FBQzdDLENBQUM7YUFBTSxDQUFDO1lBQ04sT0FBTywrQkFBb0IsQ0FBQyxJQUFJLENBQUM7UUFDbkMsQ0FBQztJQUNILENBQUM7SUFFRDs7T0FFRztJQUNJLGVBQWUsQ0FBQyxVQUFrQyxFQUFFO1FBQ3pELE1BQU0sZUFBZSxHQUFHLElBQUksMkJBQWlCLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQzdELE9BQU8sSUFBSSxDQUFDLHFCQUFxQixDQUMvQixJQUFJLENBQUMsV0FBVyxFQUNoQixJQUFJLENBQUMsU0FBUyxFQUNkLElBQUksQ0FBQyxZQUFZLEVBQ2pCO1lBQ0UsR0FBRyxPQUFPO1lBQ1YsZUFBZTtTQUNoQixDQUNGLENBQUM7SUFDSixDQUFDO0lBRU8scUJBQXFCLENBQzNCLFdBQWdCLEVBQ2hCLFNBQWlCLEVBQ2pCLG9CQUEwRixFQUMxRixPQUFpQztRQUVqQyxJQUFJLElBQUksR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDLFNBQVMsRUFBRSxXQUFXLENBQUMsQ0FBQztRQUU3Qyx1RUFBdUU7UUFDdkUsd0VBQXdFO1FBQ3hFLHNFQUFzRTtRQUN0RSxvRUFBb0U7UUFDcEUsa0RBQWtEO1FBQ2xELE1BQU0sTUFBTSxHQUFHLElBQUksMkJBQWlCLEVBQUUsQ0FBQztRQUV2QyxJQUFJLG9CQUFvQixHQUFHLENBQUMsQ0FBQztRQUM3QixJQUFJLGFBQWEsR0FBRyxFQUFFLENBQUM7UUFDdkIsSUFBSSxvQkFBb0IsR0FBRyxDQUFDLENBQUM7UUFDN0IsSUFBSSxDQUFDO1lBQ0gscUVBQXFFO1lBQ3JFLElBQUksU0FBUyxJQUFJLENBQUMsQ0FBQyxPQUFPLENBQUMsS0FBSyxJQUFJLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7Z0JBQ25ELE1BQU0sQ0FBQyxLQUFLLENBQUMsSUFBQSxrQkFBTSxFQUFDLFNBQVMsS0FBSyxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQztZQUMzRCxDQUFDO1lBRUQsSUFBSSxDQUFDLE9BQU8sQ0FBQyxLQUFLLElBQUksSUFBSSxDQUFDLFFBQVEsRUFBRSxDQUFDO2dCQUNwQyxNQUFNLENBQUMsS0FBSyxDQUFDLHVGQUF1RixDQUFDLENBQUM7WUFDeEcsQ0FBQztZQUVELHlEQUF5RDtZQUN6RCxJQUFJLElBQUksQ0FBQyxlQUFlLElBQUksQ0FBQyxPQUFPLENBQUMsTUFBTSxFQUFFLENBQUM7Z0JBQzVDLE1BQU0sa0JBQWtCLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFBLDhDQUF3QixFQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxRQUFRLENBQUMsQ0FBQyxDQUFDLENBQUM7Z0JBQzNHLE1BQU0sV0FBVyxHQUFHLElBQUEsOEJBQVEsRUFBQyxJQUFJLENBQUMsV0FBVyxFQUFFLGtCQUFrQixFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsQ0FBQztnQkFDbkYsb0JBQW9CLEdBQUcsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFDLEVBQUUsSUFBSSxDQUFDLGVBQWUsR0FBRyxXQUFXLENBQUMsZUFBZSxDQUFDLENBQUM7Z0JBQ3ZGLElBQUksb0JBQW9CLEdBQUcsQ0FBQyxFQUFFLENBQUM7b0JBQzdCLElBQUksR0FBRyxXQUFXLENBQUM7Z0JBQ3JCLENBQUM7WUFDSCxDQUFDO1lBRUQsOERBQThEO1lBQzlELDZEQUE2RDtZQUM3RCxJQUFJLENBQUMsT0FBTyxDQUFDLE1BQU0sRUFBRSxDQUFDO2dCQUNwQixXQUFXLENBQUMsSUFBSSxDQUFDLENBQUM7WUFDcEIsQ0FBQztZQUVELElBQUksQ0FBQyxJQUFJLENBQUMsT0FBTyxFQUFFLENBQUM7Z0JBQ2xCLG9CQUFvQixFQUFFLENBQUM7Z0JBRXZCLHFFQUFxRTtnQkFDckUsSUFBQSx1Q0FBaUIsRUFBQyxNQUFNLEVBQUUsSUFBSSxFQUFFO29CQUM5QixHQUFHLHdCQUF3QixDQUFDLElBQUksQ0FBQyxXQUFXLENBQUM7b0JBQzdDLEdBQUcscUJBQXFCLENBQUMsSUFBSSxDQUFDLFdBQVcsQ0FBQztpQkFDM0MsRUFBRSxPQUFPLENBQUMsT0FBTyxDQUFDLENBQUM7WUFDdEIsQ0FBQztpQkFBTSxJQUFJLENBQUMsT0FBTyxDQUFDLEtBQUssRUFBRSxDQUFDO2dCQUMxQixNQUFNLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsNkJBQTZCLENBQUMsQ0FBQyxDQUFDO1lBQzNELENBQUM7WUFFRCxJQUFJLG9CQUFvQixHQUFHLENBQUMsRUFBRSxDQUFDO2dCQUM3QixNQUFNLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxNQUFNLENBQUMsV0FBVyxvQkFBb0IsOEZBQThGLENBQUMsQ0FBQyxDQUFDO1lBQzVKLENBQUM7UUFDSCxDQUFDO2dCQUFTLENBQUM7WUFDVCxxREFBcUQ7WUFDckQsYUFBYSxHQUFHLE1BQU0sQ0FBQyxRQUFRLEVBQUUsQ0FBQztZQUNsQyxNQUFNLENBQUMsR0FBRyxFQUFFLENBQUM7UUFDZixDQUFDO1FBRUQsS0FBSyxNQUFNLG9CQUFvQixJQUFJLE1BQU0sQ0FBQyxJQUFJLENBQUMsb0JBQW9CLElBQUksRUFBRSxDQUFDLEVBQUUsQ0FBQztZQUMzRSxJQUFJLENBQUMsb0JBQW9CLEVBQUUsQ0FBQztnQkFDMUIsTUFBTTtZQUNSLENBQUM7WUFDRCxNQUFNLFdBQVcsR0FBRyxvQkFBb0IsQ0FBQyxvQkFBb0IsQ0FBQyxDQUFDO1lBRTlELElBQUksQ0FBQyxXQUFtQixDQUFDLFNBQVMsR0FBRyxXQUFXLENBQUMsaUJBQWlCLENBQUM7WUFDcEUsTUFBTSxRQUFRLEdBQUcsSUFBSSxDQUFDLHFCQUFxQixDQUN6QyxXQUFXLENBQUMsZ0JBQWdCLEVBQzVCLFdBQVcsQ0FBQyxZQUFZLElBQUksb0JBQW9CLEVBQ2hELFdBQVcsQ0FBQyxvQkFBb0IsRUFDaEMsT0FBTyxDQUNSLENBQUM7WUFDRixvQkFBb0IsSUFBSSxRQUFRLENBQUMsb0JBQW9CLENBQUM7WUFDdEQsYUFBYSxJQUFJLFFBQVEsQ0FBQyxhQUFhLENBQUM7UUFDMUMsQ0FBQztRQUVELE9BQU87WUFDTCxvQkFBb0I7WUFDcEIsYUFBYTtTQUNkLENBQUM7SUFDSixDQUFDO0lBRUQ7O09BRUc7SUFDSSxrQkFBa0I7UUFDdkIsTUFBTSxJQUFJLEdBQUcsSUFBSSxDQUFDLElBQUksRUFBRSxDQUFDO1FBRXpCLDBFQUEwRTtRQUMxRSx3RUFBd0U7UUFDeEUsc0VBQXNFO1FBQ3RFLG9FQUFvRTtRQUNwRSxxREFBcUQ7UUFDckQsTUFBTSxNQUFNLEdBQUcsSUFBSSwyQkFBaUIsRUFBRSxDQUFDO1FBRXZDLE1BQU0sQ0FBQyxLQUFLLENBQUMsSUFBQSxrQkFBTSxFQUFDLFNBQVMsS0FBSyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUM7UUFFOUQsSUFBSSxDQUFDO1lBQ0gsNEVBQTRFO1lBQzVFLElBQUEsMkNBQXFCLEVBQUMsTUFBTSxFQUFFLElBQUksRUFBRSxxQkFBcUIsQ0FBQyxJQUFJLENBQUMsV0FBVyxDQUFDLENBQUMsQ0FBQztRQUMvRSxDQUFDO2dCQUFTLENBQUM7WUFDVCxNQUFNLENBQUMsR0FBRyxFQUFFLENBQUM7UUFDZixDQUFDO1FBQ0QscURBQXFEO1FBQ3JELE1BQU0sYUFBYSxHQUFHLE1BQU0sQ0FBQyxRQUFRLEVBQUUsQ0FBQztRQUN4QyxPQUFPLEVBQUUsYUFBYSxFQUFFLG9CQUFvQixFQUFFLElBQUksQ0FBQyxjQUFjLEVBQUUsRUFBRSxDQUFDO0lBQ3hFLENBQUM7Q0FDRjtBQWxNRCxzQ0FrTUM7QUFFRCxTQUFTLHFCQUFxQixDQUFDLEtBQXdDO0lBQ3JFLE1BQU0sR0FBRyxHQUE2QixFQUFFLENBQUM7SUFDekMsS0FBSyxNQUFNLEVBQUUsSUFBSSxLQUFLLENBQUMsa0JBQWtCLENBQUMsUUFBUSxDQUFDLHlCQUF5QixDQUFDLFVBQVUsQ0FBQyxFQUFFLENBQUM7UUFDekYsR0FBRyxDQUFDLEVBQUUsQ0FBQyxJQUFjLENBQUMsR0FBRyxFQUFFLENBQUMsSUFBSSxDQUFDO0lBQ25DLENBQUM7SUFDRCxPQUFPLEdBQUcsQ0FBQztBQUNiLENBQUM7QUFFRCxTQUFTLHdCQUF3QixDQUFDLFFBQWE7SUFDN0MsTUFBTSxHQUFHLEdBQTJCLEVBQUUsQ0FBQztJQUV2QyxLQUFLLE1BQU0sQ0FBQyxTQUFTLEVBQUUsUUFBUSxDQUFDLElBQUksTUFBTSxDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsU0FBUyxJQUFJLEVBQUUsQ0FBQyxFQUFFLENBQUM7UUFDN0UsTUFBTSxJQUFJLEdBQUksUUFBZ0IsRUFBRSxRQUFRLEVBQUUsQ0FBQyxjQUFjLENBQUMsQ0FBQztRQUMzRCxJQUFJLElBQUksRUFBRSxDQUFDO1lBQ1QsR0FBRyxDQUFDLFNBQVMsQ0FBQyxHQUFHLElBQUksQ0FBQztRQUN4QixDQUFDO0lBQ0gsQ0FBQztJQUNELE9BQU8sR0FBRyxDQUFDO0FBQ2IsQ0FBQztBQUVEOzs7OztHQUtHO0FBQ0gsU0FBUyxXQUFXLENBQUMsSUFBa0I7SUFDckMsSUFBSSxJQUFJLENBQUMsT0FBTyxFQUFFLENBQUM7UUFDakIsa0RBQWtEO1FBQ2xELElBQUksQ0FBQyxPQUFPLEdBQUcsSUFBSSxDQUFDLE9BQU8sQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLEVBQUU7WUFDMUMsSUFBSSxDQUFDLE1BQU0sRUFBRSxDQUFDO2dCQUNaLE9BQU8sSUFBSSxDQUFDO1lBQ2QsQ0FBQztZQUNELElBQUksTUFBTSxDQUFDLFFBQVEsRUFBRSxxQkFBcUIsRUFBRSxDQUFDO2dCQUMzQyxPQUFPLEtBQUssQ0FBQztZQUNmLENBQUM7WUFDRCxJQUFJLE1BQU0sQ0FBQyxRQUFRLEVBQUUscUJBQXFCLEVBQUUsQ0FBQztnQkFDM0MsT0FBTyxLQUFLLENBQUM7WUFDZixDQUFDO1lBQ0QsT0FBTyxJQUFJLENBQUM7UUFDZCxDQUFDLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRCxJQUFJLElBQUksQ0FBQyxTQUFTLEVBQUUsQ0FBQztRQUNuQixJQUFJLENBQUMsU0FBUyxHQUFHLElBQUksQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxFQUFFO1lBQzlDLElBQUksQ0FBQyxNQUFNLEVBQUUsQ0FBQztnQkFDWixPQUFPLElBQUksQ0FBQztZQUNkLENBQUM7WUFDRCxJQUFJLE1BQU0sQ0FBQyxlQUFlLEtBQUssb0JBQW9CLEVBQUUsQ0FBQztnQkFDcEQsT0FBTyxLQUFLLENBQUM7WUFDZixDQUFDO1lBQ0QsSUFBSSxNQUFNLENBQUMsZUFBZSxLQUFLLG9CQUFvQixFQUFFLENBQUM7Z0JBQ3BELE9BQU8sS0FBSyxDQUFDO1lBQ2YsQ0FBQztZQUNELE9BQU8sSUFBSSxDQUFDO1FBQ2QsQ0FBQyxDQUFDLENBQUM7SUFDTCxDQUFDO0FBQ0gsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IGZvcm1hdCB9IGZyb20gJ25vZGU6dXRpbCc7XG5pbXBvcnQgKiBhcyBjeHNjaGVtYSBmcm9tICdAYXdzLWNkay9jbG91ZC1hc3NlbWJseS1zY2hlbWEnO1xuaW1wb3J0IHtcbiAgZm9ybWF0RGlmZmVyZW5jZXMsXG4gIGZvcm1hdFNlY3VyaXR5Q2hhbmdlcyxcbiAgZnVsbERpZmYsXG4gIG1hbmdsZUxpa2VDbG91ZEZvcm1hdGlvbixcbiAgdHlwZSBUZW1wbGF0ZURpZmYsXG59IGZyb20gJ0Bhd3MtY2RrL2Nsb3VkZm9ybWF0aW9uLWRpZmYnO1xuaW1wb3J0IHR5cGUgKiBhcyBjeGFwaSBmcm9tICdAYXdzLWNkay9jeC1hcGknO1xuaW1wb3J0ICogYXMgY2hhbGsgZnJvbSAnY2hhbGsnO1xuaW1wb3J0IHsgUGVybWlzc2lvbkNoYW5nZVR5cGUgfSBmcm9tICcuLi8uLi9wYXlsb2Fkcyc7XG5pbXBvcnQgdHlwZSB7IE5lc3RlZFN0YWNrVGVtcGxhdGVzIH0gZnJvbSAnLi4vY2xvdWRmb3JtYXRpb24nO1xuaW1wb3J0IHR5cGUgeyBJb0hlbHBlciB9IGZyb20gJy4uL2lvL3ByaXZhdGUnO1xuaW1wb3J0IHsgSW9EZWZhdWx0TWVzc2FnZXMgfSBmcm9tICcuLi9pby9wcml2YXRlJztcbmltcG9ydCB7IFN0cmluZ1dyaXRlU3RyZWFtIH0gZnJvbSAnLi4vc3RyZWFtcyc7XG5cbi8qKlxuICogT3V0cHV0IG9mIGZvcm1hdFNlY3VyaXR5RGlmZlxuICovXG5pbnRlcmZhY2UgRm9ybWF0U2VjdXJpdHlEaWZmT3V0cHV0IHtcbiAgLyoqXG4gICAqIENvbXBsZXRlIGZvcm1hdHRlZCBzZWN1cml0eSBkaWZmXG4gICAqL1xuICByZWFkb25seSBmb3JtYXR0ZWREaWZmOiBzdHJpbmc7XG5cbiAgLyoqXG4gICAqIFRoZSB0eXBlIG9mIHBlcm1pc3Npb24gY2hhbmdlcyBpbiB0aGUgc2VjdXJpdHkgZGlmZi5cbiAgICogVGhlIElvSG9zdCB3aWxsIHVzZSB0aGlzIHRvIGRlY2lkZSB3aGV0aGVyIG9yIG5vdCB0byBwcmludC5cbiAgICovXG4gIHJlYWRvbmx5IHBlcm1pc3Npb25DaGFuZ2VUeXBlOiBQZXJtaXNzaW9uQ2hhbmdlVHlwZTtcbn1cblxuLyoqXG4gKiBPdXRwdXQgb2YgZm9ybWF0U3RhY2tEaWZmXG4gKi9cbmludGVyZmFjZSBGb3JtYXRTdGFja0RpZmZPdXRwdXQge1xuICAvKipcbiAgICogTnVtYmVyIG9mIHN0YWNrcyB3aXRoIGRpZmYgY2hhbmdlc1xuICAgKi9cbiAgcmVhZG9ubHkgbnVtU3RhY2tzV2l0aENoYW5nZXM6IG51bWJlcjtcblxuICAvKipcbiAgICogQ29tcGxldGUgZm9ybWF0dGVkIGRpZmZcbiAgICovXG4gIHJlYWRvbmx5IGZvcm1hdHRlZERpZmY6IHN0cmluZztcbn1cblxuLyoqXG4gKiBQcm9wcyBmb3IgdGhlIERpZmYgRm9ybWF0dGVyXG4gKi9cbmludGVyZmFjZSBEaWZmRm9ybWF0dGVyUHJvcHMge1xuICAvKipcbiAgICogSGVscGVyIGZvciB0aGUgSW9Ib3N0IGNsYXNzXG4gICAqL1xuICByZWFkb25seSBpb0hlbHBlcjogSW9IZWxwZXI7XG5cbiAgLyoqXG4gICAqIFRoZSByZWxldmFudCBpbmZvcm1hdGlvbiBmb3IgdGhlIFRlbXBsYXRlIHRoYXQgaXMgYmVpbmcgZGlmZmVkLlxuICAgKiBJbmNsdWRlcyB0aGUgb2xkL2N1cnJlbnQgc3RhdGUgb2YgdGhlIHN0YWNrIGFzIHdlbGwgYXMgdGhlIG5ldyBzdGF0ZS5cbiAgICovXG4gIHJlYWRvbmx5IHRlbXBsYXRlSW5mbzogVGVtcGxhdGVJbmZvO1xufVxuXG4vKipcbiAqIFBSb3BlcnRpZXMgc3BlY2lmaWMgdG8gZm9ybWF0dGluZyB0aGUgc3RhY2sgZGlmZlxuICovXG5pbnRlcmZhY2UgRm9ybWF0U3RhY2tEaWZmT3B0aW9ucyB7XG4gIC8qKlxuICAgKiBkbyBub3QgZmlsdGVyIG91dCBBV1M6OkNESzo6TWV0YWRhdGEgb3IgUnVsZXNcbiAgICpcbiAgICogQGRlZmF1bHQgZmFsc2VcbiAgICovXG4gIHJlYWRvbmx5IHN0cmljdD86IGJvb2xlYW47XG5cbiAgLyoqXG4gICAqIGxpbmVzIG9mIGNvbnRleHQgdG8gdXNlIGluIGFyYml0cmFyeSBKU09OIGRpZmZcbiAgICpcbiAgICogQGRlZmF1bHQgM1xuICAgKi9cbiAgcmVhZG9ubHkgY29udGV4dD86IG51bWJlcjtcblxuICAvKipcbiAgICogc2lsZW5jZXMgXFwnVGhlcmUgd2VyZSBubyBkaWZmZXJlbmNlc1xcJyBtZXNzYWdlc1xuICAgKlxuICAgKiBAZGVmYXVsdCBmYWxzZVxuICAgKi9cbiAgcmVhZG9ubHkgcXVpZXQ/OiBib29sZWFuO1xufVxuXG5pbnRlcmZhY2UgUmV1c2FibGVTdGFja0RpZmZPcHRpb25zIGV4dGVuZHMgRm9ybWF0U3RhY2tEaWZmT3B0aW9ucyB7XG4gIHJlYWRvbmx5IGlvRGVmYXVsdEhlbHBlcjogSW9EZWZhdWx0TWVzc2FnZXM7XG59XG5cbi8qKlxuICogSW5mb3JtYXRpb24gb24gYSB0ZW1wbGF0ZSdzIG9sZC9uZXcgc3RhdGVcbiAqIHRoYXQgaXMgdXNlZCBmb3IgZGlmZi5cbiAqL1xuZXhwb3J0IGludGVyZmFjZSBUZW1wbGF0ZUluZm8ge1xuICAvKipcbiAgICogVGhlIG9sZC9leGlzdGluZyB0ZW1wbGF0ZVxuICAgKi9cbiAgcmVhZG9ubHkgb2xkVGVtcGxhdGU6IGFueTtcblxuICAvKipcbiAgICogVGhlIG5ldyB0ZW1wbGF0ZVxuICAgKi9cbiAgcmVhZG9ubHkgbmV3VGVtcGxhdGU6IGN4YXBpLkNsb3VkRm9ybWF0aW9uU3RhY2tBcnRpZmFjdDtcblxuICAvKipcbiAgICogQSBDbG91ZEZvcm1hdGlvbiBDaGFuZ2VTZXQgdG8gaGVscCB0aGUgZGlmZiBvcGVyYXRpb24uXG4gICAqIFByb2JhYmx5IGNyZWF0ZWQgdmlhIGBjcmVhdGVEaWZmQ2hhbmdlU2V0YC5cbiAgICpcbiAgICogQGRlZmF1bHQgdW5kZWZpbmVkXG4gICAqL1xuICByZWFkb25seSBjaGFuZ2VTZXQ/OiBhbnk7XG5cbiAgLyoqXG4gICAqIFdoZXRoZXIgb3Igbm90IHRoZXJlIGFyZSBhbnkgaW1wb3J0ZWQgcmVzb3VyY2VzXG4gICAqXG4gICAqIEBkZWZhdWx0IGZhbHNlXG4gICAqL1xuICByZWFkb25seSBpc0ltcG9ydD86IGJvb2xlYW47XG5cbiAgLyoqXG4gICAqIEFueSBuZXN0ZWQgc3RhY2tzIGluY2x1ZGVkIGluIHRoZSB0ZW1wbGF0ZVxuICAgKlxuICAgKiBAZGVmYXVsdCB7fVxuICAgKi9cbiAgcmVhZG9ubHkgbmVzdGVkU3RhY2tzPzoge1xuICAgIFtuZXN0ZWRTdGFja0xvZ2ljYWxJZDogc3RyaW5nXTogTmVzdGVkU3RhY2tUZW1wbGF0ZXM7XG4gIH07XG59XG5cbi8qKlxuICogQ2xhc3MgZm9yIGZvcm1hdHRpbmcgdGhlIGRpZmYgb3V0cHV0XG4gKi9cbmV4cG9ydCBjbGFzcyBEaWZmRm9ybWF0dGVyIHtcbiAgcHJpdmF0ZSByZWFkb25seSBpb0hlbHBlcjogSW9IZWxwZXI7XG4gIHByaXZhdGUgcmVhZG9ubHkgb2xkVGVtcGxhdGU6IGFueTtcbiAgcHJpdmF0ZSByZWFkb25seSBuZXdUZW1wbGF0ZTogY3hhcGkuQ2xvdWRGb3JtYXRpb25TdGFja0FydGlmYWN0O1xuICBwcml2YXRlIHJlYWRvbmx5IHN0YWNrTmFtZTogc3RyaW5nO1xuICBwcml2YXRlIHJlYWRvbmx5IGNoYW5nZVNldD86IGFueTtcbiAgcHJpdmF0ZSByZWFkb25seSBuZXN0ZWRTdGFja3M6IHsgW25lc3RlZFN0YWNrTG9naWNhbElkOiBzdHJpbmddOiBOZXN0ZWRTdGFja1RlbXBsYXRlcyB9IHwgdW5kZWZpbmVkO1xuICBwcml2YXRlIHJlYWRvbmx5IGlzSW1wb3J0OiBib29sZWFuO1xuXG4gIC8qKlxuICAgKiBTdG9yZXMgdGhlIFRlbXBsYXRlRGlmZnMgdGhhdCBnZXQgY2FsY3VsYXRlZCBpbiB0aGlzIERpZmZGb3JtYXR0ZXIsXG4gICAqIGluZGV4ZWQgYnkgdGhlIHN0YWNrIG5hbWUuXG4gICAqL1xuICBwcml2YXRlIF9kaWZmczogeyBbbmFtZTogc3RyaW5nXTogVGVtcGxhdGVEaWZmIH0gPSB7fTtcblxuICBjb25zdHJ1Y3Rvcihwcm9wczogRGlmZkZvcm1hdHRlclByb3BzKSB7XG4gICAgdGhpcy5pb0hlbHBlciA9IHByb3BzLmlvSGVscGVyO1xuICAgIHRoaXMub2xkVGVtcGxhdGUgPSBwcm9wcy50ZW1wbGF0ZUluZm8ub2xkVGVtcGxhdGU7XG4gICAgdGhpcy5uZXdUZW1wbGF0ZSA9IHByb3BzLnRlbXBsYXRlSW5mby5uZXdUZW1wbGF0ZTtcbiAgICB0aGlzLnN0YWNrTmFtZSA9IHByb3BzLnRlbXBsYXRlSW5mby5uZXdUZW1wbGF0ZS5zdGFja05hbWU7XG4gICAgdGhpcy5jaGFuZ2VTZXQgPSBwcm9wcy50ZW1wbGF0ZUluZm8uY2hhbmdlU2V0O1xuICAgIHRoaXMubmVzdGVkU3RhY2tzID0gcHJvcHMudGVtcGxhdGVJbmZvLm5lc3RlZFN0YWNrcztcbiAgICB0aGlzLmlzSW1wb3J0ID0gcHJvcHMudGVtcGxhdGVJbmZvLmlzSW1wb3J0ID8/IGZhbHNlO1xuICB9XG5cbiAgcHVibGljIGdldCBkaWZmcygpIHtcbiAgICByZXR1cm4gdGhpcy5fZGlmZnM7XG4gIH1cblxuICAvKipcbiAgICogR2V0IG9yIGNyZWF0ZXMgdGhlIGRpZmYgb2YgYSBzdGFjay5cbiAgICogSWYgaXQgY3JlYXRlcyB0aGUgZGlmZiwgaXQgc3RvcmVzIHRoZSByZXN1bHQgaW4gYSBtYXAgZm9yXG4gICAqIGVhc2llciByZXRyZXZhbCBsYXRlci5cbiAgICovXG4gIHByaXZhdGUgZGlmZihzdGFja05hbWU/OiBzdHJpbmcsIG9sZFRlbXBsYXRlPzogYW55KSB7XG4gICAgY29uc3QgcmVhbFN0YWNrTmFtZSA9IHN0YWNrTmFtZSA/PyB0aGlzLnN0YWNrTmFtZTtcblxuICAgIGlmICghdGhpcy5fZGlmZnNbcmVhbFN0YWNrTmFtZV0pIHtcbiAgICAgIHRoaXMuX2RpZmZzW3JlYWxTdGFja05hbWVdID0gZnVsbERpZmYoXG4gICAgICAgIG9sZFRlbXBsYXRlID8/IHRoaXMub2xkVGVtcGxhdGUsXG4gICAgICAgIHRoaXMubmV3VGVtcGxhdGUudGVtcGxhdGUsXG4gICAgICAgIHRoaXMuY2hhbmdlU2V0LFxuICAgICAgICB0aGlzLmlzSW1wb3J0LFxuICAgICAgKTtcbiAgICB9XG4gICAgcmV0dXJuIHRoaXMuX2RpZmZzW3JlYWxTdGFja05hbWVdO1xuICB9XG5cbiAgLyoqXG4gICAqIFJldHVybiB3aGV0aGVyIHRoZSBkaWZmIGhhcyBzZWN1cml0eS1pbXBhY3RpbmcgY2hhbmdlcyB0aGF0IG5lZWQgY29uZmlybWF0aW9uLlxuICAgKlxuICAgKiBJZiBubyBzdGFja05hbWUgaXMgZ2l2ZW4sIHRoZW4gdGhlIHJvb3Qgc3RhY2sgbmFtZSBpcyB1c2VkLlxuICAgKi9cbiAgcHJpdmF0ZSBwZXJtaXNzaW9uVHlwZShzdGFja05hbWU/OiBzdHJpbmcpOiBQZXJtaXNzaW9uQ2hhbmdlVHlwZSB7XG4gICAgY29uc3QgZGlmZiA9IHRoaXMuZGlmZihzdGFja05hbWUpO1xuXG4gICAgaWYgKGRpZmYucGVybWlzc2lvbnNCcm9hZGVuZWQpIHtcbiAgICAgIHJldHVybiBQZXJtaXNzaW9uQ2hhbmdlVHlwZS5CUk9BREVOSU5HO1xuICAgIH0gZWxzZSBpZiAoZGlmZi5wZXJtaXNzaW9uc0FueUNoYW5nZXMpIHtcbiAgICAgIHJldHVybiBQZXJtaXNzaW9uQ2hhbmdlVHlwZS5OT05fQlJPQURFTklORztcbiAgICB9IGVsc2Uge1xuICAgICAgcmV0dXJuIFBlcm1pc3Npb25DaGFuZ2VUeXBlLk5PTkU7XG4gICAgfVxuICB9XG5cbiAgLyoqXG4gICAqIEZvcm1hdCB0aGUgc3RhY2sgZGlmZlxuICAgKi9cbiAgcHVibGljIGZvcm1hdFN0YWNrRGlmZihvcHRpb25zOiBGb3JtYXRTdGFja0RpZmZPcHRpb25zID0ge30pOiBGb3JtYXRTdGFja0RpZmZPdXRwdXQge1xuICAgIGNvbnN0IGlvRGVmYXVsdEhlbHBlciA9IG5ldyBJb0RlZmF1bHRNZXNzYWdlcyh0aGlzLmlvSGVscGVyKTtcbiAgICByZXR1cm4gdGhpcy5mb3JtYXRTdGFja0RpZmZIZWxwZXIoXG4gICAgICB0aGlzLm9sZFRlbXBsYXRlLFxuICAgICAgdGhpcy5zdGFja05hbWUsXG4gICAgICB0aGlzLm5lc3RlZFN0YWNrcyxcbiAgICAgIHtcbiAgICAgICAgLi4ub3B0aW9ucyxcbiAgICAgICAgaW9EZWZhdWx0SGVscGVyLFxuICAgICAgfSxcbiAgICApO1xuICB9XG5cbiAgcHJpdmF0ZSBmb3JtYXRTdGFja0RpZmZIZWxwZXIoXG4gICAgb2xkVGVtcGxhdGU6IGFueSxcbiAgICBzdGFja05hbWU6IHN0cmluZyxcbiAgICBuZXN0ZWRTdGFja1RlbXBsYXRlczogeyBbbmVzdGVkU3RhY2tMb2dpY2FsSWQ6IHN0cmluZ106IE5lc3RlZFN0YWNrVGVtcGxhdGVzIH0gfCB1bmRlZmluZWQsXG4gICAgb3B0aW9uczogUmV1c2FibGVTdGFja0RpZmZPcHRpb25zLFxuICApIHtcbiAgICBsZXQgZGlmZiA9IHRoaXMuZGlmZihzdGFja05hbWUsIG9sZFRlbXBsYXRlKTtcblxuICAgIC8vIFRoZSBzdGFjayBkaWZmIGlzIGZvcm1hdHRlZCB2aWEgYEZvcm1hdHRlcmAsIHdoaWNoIHRha2VzIGluIGEgc3RyZWFtXG4gICAgLy8gYW5kIHNlbmRzIGl0cyBvdXRwdXQgZGlyZWN0bHkgdG8gdGhhdCBzdHJlYW0uIFRvIGZhY2lsaWF0ZSB1c2Ugb2YgdGhlXG4gICAgLy8gZ2xvYmFsIENsaUlvSG9zdCwgd2UgY3JlYXRlIG91ciBvd24gc3RyZWFtIHRvIGNhcHR1cmUgdGhlIG91dHB1dCBvZlxuICAgIC8vIGBGb3JtYXR0ZXJgIGFuZCByZXR1cm4gdGhlIG91dHB1dCBhcyBhIHN0cmluZyBmb3IgdGhlIGNvbnN1bWVyIG9mXG4gICAgLy8gYGZvcm1hdFN0YWNrRGlmZmAgdG8gZGVjaWRlIHdoYXQgdG8gZG8gd2l0aCBpdC5cbiAgICBjb25zdCBzdHJlYW0gPSBuZXcgU3RyaW5nV3JpdGVTdHJlYW0oKTtcblxuICAgIGxldCBudW1TdGFja3NXaXRoQ2hhbmdlcyA9IDA7XG4gICAgbGV0IGZvcm1hdHRlZERpZmYgPSAnJztcbiAgICBsZXQgZmlsdGVyZWRDaGFuZ2VzQ291bnQgPSAwO1xuICAgIHRyeSB7XG4gICAgICAvLyBtdXN0IG91dHB1dCB0aGUgc3RhY2sgbmFtZSBpZiB0aGVyZSBhcmUgZGlmZmVyZW5jZXMsIGV2ZW4gaWYgcXVpZXRcbiAgICAgIGlmIChzdGFja05hbWUgJiYgKCFvcHRpb25zLnF1aWV0IHx8ICFkaWZmLmlzRW1wdHkpKSB7XG4gICAgICAgIHN0cmVhbS53cml0ZShmb3JtYXQoYFN0YWNrICR7Y2hhbGsuYm9sZChzdGFja05hbWUpfVxcbmApKTtcbiAgICAgIH1cblxuICAgICAgaWYgKCFvcHRpb25zLnF1aWV0ICYmIHRoaXMuaXNJbXBvcnQpIHtcbiAgICAgICAgc3RyZWFtLndyaXRlKCdQYXJhbWV0ZXJzIGFuZCBydWxlcyBjcmVhdGVkIGR1cmluZyBtaWdyYXRpb24gZG8gbm90IGFmZmVjdCByZXNvdXJjZSBjb25maWd1cmF0aW9uLlxcbicpO1xuICAgICAgfVxuXG4gICAgICAvLyBkZXRlY3QgYW5kIGZpbHRlciBvdXQgbWFuZ2xlZCBjaGFyYWN0ZXJzIGZyb20gdGhlIGRpZmZcbiAgICAgIGlmIChkaWZmLmRpZmZlcmVuY2VDb3VudCAmJiAhb3B0aW9ucy5zdHJpY3QpIHtcbiAgICAgICAgY29uc3QgbWFuZ2xlZE5ld1RlbXBsYXRlID0gSlNPTi5wYXJzZShtYW5nbGVMaWtlQ2xvdWRGb3JtYXRpb24oSlNPTi5zdHJpbmdpZnkodGhpcy5uZXdUZW1wbGF0ZS50ZW1wbGF0ZSkpKTtcbiAgICAgICAgY29uc3QgbWFuZ2xlZERpZmYgPSBmdWxsRGlmZih0aGlzLm9sZFRlbXBsYXRlLCBtYW5nbGVkTmV3VGVtcGxhdGUsIHRoaXMuY2hhbmdlU2V0KTtcbiAgICAgICAgZmlsdGVyZWRDaGFuZ2VzQ291bnQgPSBNYXRoLm1heCgwLCBkaWZmLmRpZmZlcmVuY2VDb3VudCAtIG1hbmdsZWREaWZmLmRpZmZlcmVuY2VDb3VudCk7XG4gICAgICAgIGlmIChmaWx0ZXJlZENoYW5nZXNDb3VudCA+IDApIHtcbiAgICAgICAgICBkaWZmID0gbWFuZ2xlZERpZmY7XG4gICAgICAgIH1cbiAgICAgIH1cblxuICAgICAgLy8gZmlsdGVyIG91dCAnQVdTOjpDREs6Ok1ldGFkYXRhJyByZXNvdXJjZXMgZnJvbSB0aGUgdGVtcGxhdGVcbiAgICAgIC8vIGZpbHRlciBvdXQgJ0NoZWNrQm9vdHN0cmFwVmVyc2lvbicgcnVsZXMgZnJvbSB0aGUgdGVtcGxhdGVcbiAgICAgIGlmICghb3B0aW9ucy5zdHJpY3QpIHtcbiAgICAgICAgb2JzY3VyZURpZmYoZGlmZik7XG4gICAgICB9XG5cbiAgICAgIGlmICghZGlmZi5pc0VtcHR5KSB7XG4gICAgICAgIG51bVN0YWNrc1dpdGhDaGFuZ2VzKys7XG5cbiAgICAgICAgLy8gZm9ybWF0RGlmZmVyZW5jZXMgdXBkYXRlcyB0aGUgc3RyZWFtIHdpdGggdGhlIGZvcm1hdHRlZCBzdGFjayBkaWZmXG4gICAgICAgIGZvcm1hdERpZmZlcmVuY2VzKHN0cmVhbSwgZGlmZiwge1xuICAgICAgICAgIC4uLmxvZ2ljYWxJZE1hcEZyb21UZW1wbGF0ZSh0aGlzLm9sZFRlbXBsYXRlKSxcbiAgICAgICAgICAuLi5idWlsZExvZ2ljYWxUb1BhdGhNYXAodGhpcy5uZXdUZW1wbGF0ZSksXG4gICAgICAgIH0sIG9wdGlvbnMuY29udGV4dCk7XG4gICAgICB9IGVsc2UgaWYgKCFvcHRpb25zLnF1aWV0KSB7XG4gICAgICAgIHN0cmVhbS53cml0ZShjaGFsay5ncmVlbignVGhlcmUgd2VyZSBubyBkaWZmZXJlbmNlc1xcbicpKTtcbiAgICAgIH1cblxuICAgICAgaWYgKGZpbHRlcmVkQ2hhbmdlc0NvdW50ID4gMCkge1xuICAgICAgICBzdHJlYW0ud3JpdGUoY2hhbGsueWVsbG93KGBPbWl0dGVkICR7ZmlsdGVyZWRDaGFuZ2VzQ291bnR9IGNoYW5nZXMgYmVjYXVzZSB0aGV5IGFyZSBsaWtlbHkgbWFuZ2xlZCBub24tQVNDSUkgY2hhcmFjdGVycy4gVXNlIC0tc3RyaWN0IHRvIHByaW50IHRoZW0uXFxuYCkpO1xuICAgICAgfVxuICAgIH0gZmluYWxseSB7XG4gICAgICAvLyBzdG9yZSB0aGUgc3RyZWFtIGNvbnRhaW5pbmcgYSBmb3JtYXR0ZWQgc3RhY2sgZGlmZlxuICAgICAgZm9ybWF0dGVkRGlmZiA9IHN0cmVhbS50b1N0cmluZygpO1xuICAgICAgc3RyZWFtLmVuZCgpO1xuICAgIH1cblxuICAgIGZvciAoY29uc3QgbmVzdGVkU3RhY2tMb2dpY2FsSWQgb2YgT2JqZWN0LmtleXMobmVzdGVkU3RhY2tUZW1wbGF0ZXMgPz8ge30pKSB7XG4gICAgICBpZiAoIW5lc3RlZFN0YWNrVGVtcGxhdGVzKSB7XG4gICAgICAgIGJyZWFrO1xuICAgICAgfVxuICAgICAgY29uc3QgbmVzdGVkU3RhY2sgPSBuZXN0ZWRTdGFja1RlbXBsYXRlc1tuZXN0ZWRTdGFja0xvZ2ljYWxJZF07XG5cbiAgICAgICh0aGlzLm5ld1RlbXBsYXRlIGFzIGFueSkuX3RlbXBsYXRlID0gbmVzdGVkU3RhY2suZ2VuZXJhdGVkVGVtcGxhdGU7XG4gICAgICBjb25zdCBuZXh0RGlmZiA9IHRoaXMuZm9ybWF0U3RhY2tEaWZmSGVscGVyKFxuICAgICAgICBuZXN0ZWRTdGFjay5kZXBsb3llZFRlbXBsYXRlLFxuICAgICAgICBuZXN0ZWRTdGFjay5waHlzaWNhbE5hbWUgPz8gbmVzdGVkU3RhY2tMb2dpY2FsSWQsXG4gICAgICAgIG5lc3RlZFN0YWNrLm5lc3RlZFN0YWNrVGVtcGxhdGVzLFxuICAgICAgICBvcHRpb25zLFxuICAgICAgKTtcbiAgICAgIG51bVN0YWNrc1dpdGhDaGFuZ2VzICs9IG5leHREaWZmLm51bVN0YWNrc1dpdGhDaGFuZ2VzO1xuICAgICAgZm9ybWF0dGVkRGlmZiArPSBuZXh0RGlmZi5mb3JtYXR0ZWREaWZmO1xuICAgIH1cblxuICAgIHJldHVybiB7XG4gICAgICBudW1TdGFja3NXaXRoQ2hhbmdlcyxcbiAgICAgIGZvcm1hdHRlZERpZmYsXG4gICAgfTtcbiAgfVxuXG4gIC8qKlxuICAgKiBGb3JtYXQgdGhlIHNlY3VyaXR5IGRpZmZcbiAgICovXG4gIHB1YmxpYyBmb3JtYXRTZWN1cml0eURpZmYoKTogRm9ybWF0U2VjdXJpdHlEaWZmT3V0cHV0IHtcbiAgICBjb25zdCBkaWZmID0gdGhpcy5kaWZmKCk7XG5cbiAgICAvLyBUaGUgc2VjdXJpdHkgZGlmZiBpcyBmb3JtYXR0ZWQgdmlhIGBGb3JtYXR0ZXJgLCB3aGljaCB0YWtlcyBpbiBhIHN0cmVhbVxuICAgIC8vIGFuZCBzZW5kcyBpdHMgb3V0cHV0IGRpcmVjdGx5IHRvIHRoYXQgc3RyZWFtLiBUbyBmYWNpbGlhdGUgdXNlIG9mIHRoZVxuICAgIC8vIGdsb2JhbCBDbGlJb0hvc3QsIHdlIGNyZWF0ZSBvdXIgb3duIHN0cmVhbSB0byBjYXB0dXJlIHRoZSBvdXRwdXQgb2ZcbiAgICAvLyBgRm9ybWF0dGVyYCBhbmQgcmV0dXJuIHRoZSBvdXRwdXQgYXMgYSBzdHJpbmcgZm9yIHRoZSBjb25zdW1lciBvZlxuICAgIC8vIGBmb3JtYXRTZWN1cml0eURpZmZgIHRvIGRlY2lkZSB3aGF0IHRvIGRvIHdpdGggaXQuXG4gICAgY29uc3Qgc3RyZWFtID0gbmV3IFN0cmluZ1dyaXRlU3RyZWFtKCk7XG5cbiAgICBzdHJlYW0ud3JpdGUoZm9ybWF0KGBTdGFjayAke2NoYWxrLmJvbGQodGhpcy5zdGFja05hbWUpfVxcbmApKTtcblxuICAgIHRyeSB7XG4gICAgICAvLyBmb3JtYXRTZWN1cml0eUNoYW5nZXMgdXBkYXRlcyB0aGUgc3RyZWFtIHdpdGggdGhlIGZvcm1hdHRlZCBzZWN1cml0eSBkaWZmXG4gICAgICBmb3JtYXRTZWN1cml0eUNoYW5nZXMoc3RyZWFtLCBkaWZmLCBidWlsZExvZ2ljYWxUb1BhdGhNYXAodGhpcy5uZXdUZW1wbGF0ZSkpO1xuICAgIH0gZmluYWxseSB7XG4gICAgICBzdHJlYW0uZW5kKCk7XG4gICAgfVxuICAgIC8vIHN0b3JlIHRoZSBzdHJlYW0gY29udGFpbmluZyBhIGZvcm1hdHRlZCBzdGFjayBkaWZmXG4gICAgY29uc3QgZm9ybWF0dGVkRGlmZiA9IHN0cmVhbS50b1N0cmluZygpO1xuICAgIHJldHVybiB7IGZvcm1hdHRlZERpZmYsIHBlcm1pc3Npb25DaGFuZ2VUeXBlOiB0aGlzLnBlcm1pc3Npb25UeXBlKCkgfTtcbiAgfVxufVxuXG5mdW5jdGlvbiBidWlsZExvZ2ljYWxUb1BhdGhNYXAoc3RhY2s6IGN4YXBpLkNsb3VkRm9ybWF0aW9uU3RhY2tBcnRpZmFjdCkge1xuICBjb25zdCBtYXA6IHsgW2lkOiBzdHJpbmddOiBzdHJpbmcgfSA9IHt9O1xuICBmb3IgKGNvbnN0IG1kIG9mIHN0YWNrLmZpbmRNZXRhZGF0YUJ5VHlwZShjeHNjaGVtYS5BcnRpZmFjdE1ldGFkYXRhRW50cnlUeXBlLkxPR0lDQUxfSUQpKSB7XG4gICAgbWFwW21kLmRhdGEgYXMgc3RyaW5nXSA9IG1kLnBhdGg7XG4gIH1cbiAgcmV0dXJuIG1hcDtcbn1cblxuZnVuY3Rpb24gbG9naWNhbElkTWFwRnJvbVRlbXBsYXRlKHRlbXBsYXRlOiBhbnkpIHtcbiAgY29uc3QgcmV0OiBSZWNvcmQ8c3RyaW5nLCBzdHJpbmc+ID0ge307XG5cbiAgZm9yIChjb25zdCBbbG9naWNhbElkLCByZXNvdXJjZV0gb2YgT2JqZWN0LmVudHJpZXModGVtcGxhdGUuUmVzb3VyY2VzID8/IHt9KSkge1xuICAgIGNvbnN0IHBhdGggPSAocmVzb3VyY2UgYXMgYW55KT8uTWV0YWRhdGE/LlsnYXdzOmNkazpwYXRoJ107XG4gICAgaWYgKHBhdGgpIHtcbiAgICAgIHJldFtsb2dpY2FsSWRdID0gcGF0aDtcbiAgICB9XG4gIH1cbiAgcmV0dXJuIHJldDtcbn1cblxuLyoqXG4gKiBSZW1vdmUgYW55IHRlbXBsYXRlIGVsZW1lbnRzIHRoYXQgd2UgZG9uJ3Qgd2FudCB0byBzaG93IHVzZXJzLlxuICogVGhpcyBpcyBjdXJyZW50bHk6XG4gKiAtIEFXUzo6Q0RLOjpNZXRhZGF0YSByZXNvdXJjZVxuICogLSBDaGVja0Jvb3RzdHJhcFZlcnNpb24gUnVsZVxuICovXG5mdW5jdGlvbiBvYnNjdXJlRGlmZihkaWZmOiBUZW1wbGF0ZURpZmYpIHtcbiAgaWYgKGRpZmYudW5rbm93bikge1xuICAgIC8vIHNlZSBodHRwczovL2dpdGh1Yi5jb20vYXdzL2F3cy1jZGsvaXNzdWVzLzE3OTQyXG4gICAgZGlmZi51bmtub3duID0gZGlmZi51bmtub3duLmZpbHRlcihjaGFuZ2UgPT4ge1xuICAgICAgaWYgKCFjaGFuZ2UpIHtcbiAgICAgICAgcmV0dXJuIHRydWU7XG4gICAgICB9XG4gICAgICBpZiAoY2hhbmdlLm5ld1ZhbHVlPy5DaGVja0Jvb3RzdHJhcFZlcnNpb24pIHtcbiAgICAgICAgcmV0dXJuIGZhbHNlO1xuICAgICAgfVxuICAgICAgaWYgKGNoYW5nZS5vbGRWYWx1ZT8uQ2hlY2tCb290c3RyYXBWZXJzaW9uKSB7XG4gICAgICAgIHJldHVybiBmYWxzZTtcbiAgICAgIH1cbiAgICAgIHJldHVybiB0cnVlO1xuICAgIH0pO1xuICB9XG5cbiAgaWYgKGRpZmYucmVzb3VyY2VzKSB7XG4gICAgZGlmZi5yZXNvdXJjZXMgPSBkaWZmLnJlc291cmNlcy5maWx0ZXIoY2hhbmdlID0+IHtcbiAgICAgIGlmICghY2hhbmdlKSB7XG4gICAgICAgIHJldHVybiB0cnVlO1xuICAgICAgfVxuICAgICAgaWYgKGNoYW5nZS5uZXdSZXNvdXJjZVR5cGUgPT09ICdBV1M6OkNESzo6TWV0YWRhdGEnKSB7XG4gICAgICAgIHJldHVybiBmYWxzZTtcbiAgICAgIH1cbiAgICAgIGlmIChjaGFuZ2Uub2xkUmVzb3VyY2VUeXBlID09PSAnQVdTOjpDREs6Ok1ldGFkYXRhJykge1xuICAgICAgICByZXR1cm4gZmFsc2U7XG4gICAgICB9XG4gICAgICByZXR1cm4gdHJ1ZTtcbiAgICB9KTtcbiAgfVxufVxuIl19

package/lib/api/diff/index.d.ts

@@ -0,0 +1 @@
+export * from './diff-formatter';

package/lib/api/diff/index.js

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./diff-formatter"), exports);
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJpbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsbURBQWlDIiwic291cmNlc0NvbnRlbnQiOlsiZXhwb3J0ICogZnJvbSAnLi9kaWZmLWZvcm1hdHRlcic7XG4iXX0=

package/lib/api/environment/environment-access.d.ts

@@ -0,0 +1,139 @@
+import type * as cxapi from '@aws-cdk/cx-api';
+import type { EnvironmentResources } from './environment-resources';
+import type { StringWithoutPlaceholders } from './placeholders';
+import type { SDK, SdkProvider } from '../aws-auth/private';
+import { type IoHelper } from '../io/private';
+/**
+ * Access particular AWS resources, based on information from the CX manifest
+ *
+ * It is not possible to grab direct access to AWS credentials; 9 times out of 10
+ * we have to allow for role assumption, and role assumption can only work if
+ * there is a CX Manifest that contains a role ARN.
+ *
+ * This class exists so new code isn't tempted to go and get SDK credentials directly.
+ */
+export declare class EnvironmentAccess {
+    private readonly sdkProvider;
+    private readonly sdkCache;
+    private readonly environmentResources;
+    private readonly ioHelper;
+    constructor(sdkProvider: SdkProvider, toolkitStackName: string, ioHelper: IoHelper);
+    /**
+     * Resolves the environment for a stack.
+     */
+    resolveStackEnvironment(stack: cxapi.CloudFormationStackArtifact): Promise<cxapi.Environment>;
+    /**
+     * Get an SDK to access the given stack's environment for stack operations
+     *
+     * Will ask plugins for readonly credentials if available, use the default
+     * AWS credentials if not.
+     *
+     * Will assume the deploy role if configured on the stack. Check the default `deploy-role`
+     * policies to see what you can do with this role.
+     */
+    accessStackForReadOnlyStackOperations(stack: cxapi.CloudFormationStackArtifact): Promise<TargetEnvironment>;
+    /**
+     * Get an SDK to access the given stack's environment for stack operations
+     *
+     * Will ask plugins for mutating credentials if available, use the default AWS
+     * credentials if not.  The `mode` parameter is only used for querying
+     * plugins.
+     *
+     * Will assume the deploy role if configured on the stack. Check the default `deploy-role`
+     * policies to see what you can do with this role.
+     */
+    accessStackForMutableStackOperations(stack: cxapi.CloudFormationStackArtifact): Promise<TargetEnvironment>;
+    /**
+     * Get an SDK to access the given stack's environment for environmental lookups
+     *
+     * Will use a plugin if available, use the default AWS credentials if not.
+     * The `mode` parameter is only used for querying plugins.
+     *
+     * Will assume the lookup role if configured on the stack. Check the default `lookup-role`
+     * policies to see what you can do with this role. It can generally read everything
+     * in the account that does not require KMS access.
+     *
+     * ---
+     *
+     * For backwards compatibility reasons, there are some scenarios that are handled here:
+     *
+     *  1. The lookup role may not exist (it was added in bootstrap stack version 7). If so:
+     *     a. Return the default credentials if the default credentials are for the stack account
+     *        (you will notice this as `isFallbackCredentials=true`).
+     *     b. Throw an error if the default credentials are not for the stack account.
+     *
+     *  2. The lookup role may not have the correct permissions (for example, ReadOnlyAccess was added in
+     *     bootstrap stack version 8); the stack will have a minimum version number on it.
+     *     a. If it does not we throw an error which should be handled in the calling
+     *        function (and fallback to use a different role, etc)
+     *
+     * Upon success, caller will have an SDK for the right account, which may or may not have
+     * the right permissions.
+     */
+    accessStackForLookup(stack: cxapi.CloudFormationStackArtifact): Promise<TargetEnvironment>;
+    /**
+     * Get an SDK to access the given stack's environment for reading stack attributes
+     *
+     * Will use a plugin if available, use the default AWS credentials if not.
+     * The `mode` parameter is only used for querying plugins.
+     *
+     * Will try to assume the lookup role if given, will use the regular stack operations
+     * access (deploy-role) otherwise. When calling this, you should assume that you will get
+     * the least privileged role, so don't try to use it for anything the `deploy-role`
+     * wouldn't be able to do. Also you cannot rely on being able to read encrypted anything.
+     */
+    accessStackForLookupBestEffort(stack: cxapi.CloudFormationStackArtifact): Promise<TargetEnvironment>;
+    /**
+     * Get an SDK to access the given stack's environment for stack operations
+     *
+     * Will use a plugin if available, use the default AWS credentials if not.
+     * The `mode` parameter is only used for querying plugins.
+     *
+     * Will assume the deploy role if configured on the stack. Check the default `deploy-role`
+     * policies to see what you can do with this role.
+     */
+    private accessStackForStackOperations;
+    /**
+     * Prepare an SDK for use in the given environment and optionally with a role assumed.
+     */
+    private prepareSdk;
+    private cachedSdkForEnvironment;
+}
+/**
+ * SDK obtained by assuming the deploy role
+ * for a given environment
+ */
+export interface TargetEnvironment {
+    /**
+     * The SDK for the given environment
+     */
+    readonly sdk: SDK;
+    /**
+     * The resolved environment for the stack
+     * (no more 'unknown-account/unknown-region')
+     */
+    readonly resolvedEnvironment: cxapi.Environment;
+    /**
+     * Access class for environmental resources to help the deployment
+     */
+    readonly resources: EnvironmentResources;
+    /**
+     * Whether or not we assumed a role in the process of getting these credentials
+     */
+    readonly didAssumeRole: boolean;
+    /**
+     * Whether or not these are fallback credentials
+     *
+     * Fallback credentials means that assuming the intended role failed, but the
+     * base credentials happen to be for the right account so we just picked those
+     * and hope the future SDK calls succeed.
+     *
+     * This is a backwards compatibility mechanism from around the time we introduced
+     * deployment roles.
+     */
+    readonly isFallbackCredentials: boolean;
+    /**
+     * Replace environment placeholders according to the current environment
+     */
+    replacePlaceholders(x: string | undefined): Promise<StringWithoutPlaceholders | undefined>;
+}