@aws-cdk/toolkit-lib 0.3.1 → 0.3.3

package/lib/api/bootstrap/bootstrap-environment.js

@@ -0,0 +1,323 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Bootstrapper = void 0;
+const path = require("path");
+const deploy_bootstrap_1 = require("./deploy-bootstrap");
+const legacy_template_1 = require("./legacy-template");
+const util_1 = require("../../util");
+const private_1 = require("../io/private");
+const plugin_1 = require("../plugin");
+const toolkit_error_1 = require("../toolkit-error");
+const toolkit_info_1 = require("../toolkit-info");
+class Bootstrapper {
+    source;
+    ioHelper;
+    constructor(source = { source: 'default' }, ioHelper) {
+        this.source = source;
+        this.ioHelper = ioHelper;
+    }
+    bootstrapEnvironment(environment, sdkProvider, options = {}) {
+        switch (this.source.source) {
+            case 'legacy':
+                return this.legacyBootstrap(environment, sdkProvider, options);
+            case 'default':
+                return this.modernBootstrap(environment, sdkProvider, options);
+            case 'custom':
+                return this.customBootstrap(environment, sdkProvider, options);
+        }
+    }
+    async showTemplate(json) {
+        const template = await this.loadTemplate();
+        process.stdout.write(`${(0, util_1.serializeStructure)(template, json)}\n`);
+    }
+    /**
+     * Deploy legacy bootstrap stack
+     *
+     */
+    async legacyBootstrap(environment, sdkProvider, options = {}) {
+        const params = options.parameters ?? {};
+        if (params.trustedAccounts?.length) {
+            throw new toolkit_error_1.ToolkitError('--trust can only be passed for the modern bootstrap experience.');
+        }
+        if (params.cloudFormationExecutionPolicies?.length) {
+            throw new toolkit_error_1.ToolkitError('--cloudformation-execution-policies can only be passed for the modern bootstrap experience.');
+        }
+        if (params.createCustomerMasterKey !== undefined) {
+            throw new toolkit_error_1.ToolkitError('--bootstrap-customer-key can only be passed for the modern bootstrap experience.');
+        }
+        if (params.qualifier) {
+            throw new toolkit_error_1.ToolkitError('--qualifier can only be passed for the modern bootstrap experience.');
+        }
+        const toolkitStackName = options.toolkitStackName ?? toolkit_info_1.DEFAULT_TOOLKIT_STACK_NAME;
+        const current = await deploy_bootstrap_1.BootstrapStack.lookup(sdkProvider, environment, toolkitStackName, this.ioHelper);
+        return current.update(await this.loadTemplate(params), {}, {
+            ...options,
+            terminationProtection: options.terminationProtection ?? current.terminationProtection,
+        });
+    }
+    /**
+     * Deploy CI/CD-ready bootstrap stack from template
+     *
+     */
+    async modernBootstrap(environment, sdkProvider, options = {}) {
+        const params = options.parameters ?? {};
+        const bootstrapTemplate = await this.loadTemplate();
+        const toolkitStackName = options.toolkitStackName ?? toolkit_info_1.DEFAULT_TOOLKIT_STACK_NAME;
+        const current = await deploy_bootstrap_1.BootstrapStack.lookup(sdkProvider, environment, toolkitStackName, this.ioHelper);
+        const partition = await current.partition();
+        if (params.createCustomerMasterKey !== undefined && params.kmsKeyId) {
+            throw new toolkit_error_1.ToolkitError("You cannot pass '--bootstrap-kms-key-id' and '--bootstrap-customer-key' together. Specify one or the other");
+        }
+        // If people re-bootstrap, existing parameter values are reused so that people don't accidentally change the configuration
+        // on their bootstrap stack (this happens automatically in deployStack). However, to do proper validation on the
+        // combined arguments (such that if --trust has been given, --cloudformation-execution-policies is necessary as well)
+        // we need to take this parameter reuse into account.
+        //
+        // Ideally we'd do this inside the template, but the `Rules` section of CFN
+        // templates doesn't seem to be able to express the conditions that we need
+        // (can't use Fn::Join or reference Conditions) so we do it here instead.
+        const allTrusted = new Set([
+            ...params.trustedAccounts ?? [],
+            ...params.trustedAccountsForLookup ?? [],
+        ]);
+        const invalid = intersection(allTrusted, new Set(params.untrustedAccounts));
+        if (invalid.size > 0) {
+            throw new toolkit_error_1.ToolkitError(`Accounts cannot be both trusted and untrusted. Found: ${[...invalid].join(',')}`);
+        }
+        const removeUntrusted = (accounts) => accounts.filter(acc => !params.untrustedAccounts?.map(String).includes(String(acc)));
+        const trustedAccounts = removeUntrusted(params.trustedAccounts ?? splitCfnArray(current.parameters.TrustedAccounts));
+        await this.ioHelper.notify(private_1.IO.DEFAULT_TOOLKIT_INFO.msg(`Trusted accounts for deployment: ${trustedAccounts.length > 0 ? trustedAccounts.join(', ') : '(none)'}`));
+        const trustedAccountsForLookup = removeUntrusted(params.trustedAccountsForLookup ?? splitCfnArray(current.parameters.TrustedAccountsForLookup));
+        await this.ioHelper.notify(private_1.IO.DEFAULT_TOOLKIT_INFO.msg(`Trusted accounts for lookup: ${trustedAccountsForLookup.length > 0 ? trustedAccountsForLookup.join(', ') : '(none)'}`));
+        const cloudFormationExecutionPolicies = params.cloudFormationExecutionPolicies ?? splitCfnArray(current.parameters.CloudFormationExecutionPolicies);
+        if (trustedAccounts.length === 0 && cloudFormationExecutionPolicies.length === 0) {
+            // For self-trust it's okay to default to AdministratorAccess, and it improves the usability of bootstrapping a lot.
+            //
+            // We don't actually make the implicitly policy a physical parameter. The template will infer it instead,
+            // we simply do the UI advertising that behavior here.
+            //
+            // If we DID make it an explicit parameter, we wouldn't be able to tell the difference between whether
+            // we inferred it or whether the user told us, and the sequence:
+            //
+            // $ cdk bootstrap
+            // $ cdk bootstrap --trust 1234
+            //
+            // Would leave AdministratorAccess policies with a trust relationship, without the user explicitly
+            // approving the trust policy.
+            const implicitPolicy = `arn:${partition}:iam::aws:policy/AdministratorAccess`;
+            await this.ioHelper.notify(private_1.IO.DEFAULT_TOOLKIT_WARN.msg(`Using default execution policy of '${implicitPolicy}'. Pass '--cloudformation-execution-policies' to customize.`));
+        }
+        else if (cloudFormationExecutionPolicies.length === 0) {
+            throw new toolkit_error_1.ToolkitError(`Please pass \'--cloudformation-execution-policies\' when using \'--trust\' to specify deployment permissions. Try a managed policy of the form \'arn:${partition}:iam::aws:policy/<PolicyName>\'.`);
+        }
+        else {
+            // Remind people what the current settings are
+            await this.ioHelper.notify(private_1.IO.DEFAULT_TOOLKIT_INFO.msg(`Execution policies: ${cloudFormationExecutionPolicies.join(', ')}`));
+        }
+        // * If an ARN is given, that ARN. Otherwise:
+        //   * '-' if customerKey = false
+        //   * '' if customerKey = true
+        //   * if customerKey is also not given
+        //     * undefined if we already had a value in place (reusing what we had)
+        //     * '-' if this is the first time we're deploying this stack (or upgrading from old to new bootstrap)
+        const currentKmsKeyId = current.parameters.FileAssetsBucketKmsKeyId;
+        const kmsKeyId = params.kmsKeyId ??
+            (params.createCustomerMasterKey === true
+                ? CREATE_NEW_KEY
+                : params.createCustomerMasterKey === false || currentKmsKeyId === undefined
+                    ? USE_AWS_MANAGED_KEY
+                    : undefined);
+        /* A permissions boundary can be provided via:
+         *    - the flag indicating the example one should be used
+         *    - the name indicating the custom permissions boundary to be used
+         * Re-bootstrapping will NOT be blocked by either tightening or relaxing the permissions' boundary.
+         */
+        // InputPermissionsBoundary is an `any` type and if it is not defined it
+        // appears as an empty string ''. We need to force it to evaluate an empty string
+        // as undefined
+        const currentPermissionsBoundary = current.parameters.InputPermissionsBoundary || undefined;
+        const inputPolicyName = params.examplePermissionsBoundary
+            ? CDK_BOOTSTRAP_PERMISSIONS_BOUNDARY
+            : params.customPermissionsBoundary;
+        let policyName;
+        if (inputPolicyName) {
+            // If the example policy is not already in place, it must be created.
+            const sdk = (await sdkProvider.forEnvironment(environment, plugin_1.Mode.ForWriting)).sdk;
+            policyName = await this.getPolicyName(environment, sdk, inputPolicyName, partition, params);
+        }
+        if (currentPermissionsBoundary !== policyName) {
+            if (!currentPermissionsBoundary) {
+                await this.ioHelper.notify(private_1.IO.DEFAULT_TOOLKIT_WARN.msg(`Adding new permissions boundary ${policyName}`));
+            }
+            else if (!policyName) {
+                await this.ioHelper.notify(private_1.IO.DEFAULT_TOOLKIT_WARN.msg(`Removing existing permissions boundary ${currentPermissionsBoundary}`));
+            }
+            else {
+                await this.ioHelper.notify(private_1.IO.DEFAULT_TOOLKIT_WARN.msg(`Changing permissions boundary from ${currentPermissionsBoundary} to ${policyName}`));
+            }
+        }
+        return current.update(bootstrapTemplate, {
+            FileAssetsBucketName: params.bucketName,
+            FileAssetsBucketKmsKeyId: kmsKeyId,
+            // Empty array becomes empty string
+            TrustedAccounts: trustedAccounts.join(','),
+            TrustedAccountsForLookup: trustedAccountsForLookup.join(','),
+            CloudFormationExecutionPolicies: cloudFormationExecutionPolicies.join(','),
+            Qualifier: params.qualifier,
+            PublicAccessBlockConfiguration: params.publicAccessBlockConfiguration || params.publicAccessBlockConfiguration === undefined
+                ? 'true'
+                : 'false',
+            InputPermissionsBoundary: policyName,
+        }, {
+            ...options,
+            terminationProtection: options.terminationProtection ?? current.terminationProtection,
+        });
+    }
+    async getPolicyName(environment, sdk, permissionsBoundary, partition, params) {
+        if (permissionsBoundary !== CDK_BOOTSTRAP_PERMISSIONS_BOUNDARY) {
+            this.validatePolicyName(permissionsBoundary);
+            return Promise.resolve(permissionsBoundary);
+        }
+        // if no Qualifier is supplied, resort to the default one
+        const arn = await this.getExamplePermissionsBoundary(params.qualifier ?? 'hnb659fds', partition, environment.account, sdk);
+        const policyName = arn.split('/').pop();
+        if (!policyName) {
+            throw new toolkit_error_1.ToolkitError('Could not retrieve the example permission boundary!');
+        }
+        return Promise.resolve(policyName);
+    }
+    async getExamplePermissionsBoundary(qualifier, partition, account, sdk) {
+        const iam = sdk.iam();
+        let policyName = `cdk-${qualifier}-permissions-boundary`;
+        const arn = `arn:${partition}:iam::${account}:policy/${policyName}`;
+        try {
+            let getPolicyResp = await iam.getPolicy({ PolicyArn: arn });
+            if (getPolicyResp.Policy) {
+                return arn;
+            }
+        }
+        catch (e) {
+            // https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicy.html#API_GetPolicy_Errors
+            if (e.name === 'NoSuchEntity') {
+                // noop, proceed with creating the policy
+            }
+            else {
+                throw e;
+            }
+        }
+        const policyDoc = {
+            Version: '2012-10-17',
+            Statement: [
+                {
+                    Action: ['*'],
+                    Resource: '*',
+                    Effect: 'Allow',
+                    Sid: 'ExplicitAllowAll',
+                },
+                {
+                    Condition: {
+                        StringEquals: {
+                            'iam:PermissionsBoundary': `arn:${partition}:iam::${account}:policy/cdk-${qualifier}-permissions-boundary`,
+                        },
+                    },
+                    Action: [
+                        'iam:CreateUser',
+                        'iam:CreateRole',
+                        'iam:PutRolePermissionsBoundary',
+                        'iam:PutUserPermissionsBoundary',
+                    ],
+                    Resource: '*',
+                    Effect: 'Allow',
+                    Sid: 'DenyAccessIfRequiredPermBoundaryIsNotBeingApplied',
+                },
+                {
+                    Action: [
+                        'iam:CreatePolicyVersion',
+                        'iam:DeletePolicy',
+                        'iam:DeletePolicyVersion',
+                        'iam:SetDefaultPolicyVersion',
+                    ],
+                    Resource: `arn:${partition}:iam::${account}:policy/cdk-${qualifier}-permissions-boundary`,
+                    Effect: 'Deny',
+                    Sid: 'DenyPermBoundaryIAMPolicyAlteration',
+                },
+                {
+                    Action: ['iam:DeleteUserPermissionsBoundary', 'iam:DeleteRolePermissionsBoundary'],
+                    Resource: '*',
+                    Effect: 'Deny',
+                    Sid: 'DenyRemovalOfPermBoundaryFromAnyUserOrRole',
+                },
+            ],
+        };
+        const request = {
+            PolicyName: policyName,
+            PolicyDocument: JSON.stringify(policyDoc),
+        };
+        const createPolicyResponse = await iam.createPolicy(request);
+        if (createPolicyResponse.Policy?.Arn) {
+            return createPolicyResponse.Policy.Arn;
+        }
+        else {
+            throw new toolkit_error_1.ToolkitError(`Could not retrieve the example permission boundary ${arn}!`);
+        }
+    }
+    validatePolicyName(permissionsBoundary) {
+        // https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html
+        // Added support for policy names with a path
+        // See https://github.com/aws/aws-cdk/issues/26320
+        const regexp = /[\w+\/=,.@-]+/;
+        const matches = regexp.exec(permissionsBoundary);
+        if (!(matches && matches.length === 1 && matches[0] === permissionsBoundary)) {
+            throw new toolkit_error_1.ToolkitError(`The permissions boundary name ${permissionsBoundary} does not match the IAM conventions.`);
+        }
+    }
+    async customBootstrap(environment, sdkProvider, options = {}) {
+        // Look at the template, decide whether it's most likely a legacy or modern bootstrap
+        // template, and use the right bootstrapper for that.
+        const version = (0, deploy_bootstrap_1.bootstrapVersionFromTemplate)(await this.loadTemplate());
+        if (version === 0) {
+            return this.legacyBootstrap(environment, sdkProvider, options);
+        }
+        else {
+            return this.modernBootstrap(environment, sdkProvider, options);
+        }
+    }
+    async loadTemplate(params = {}) {
+        switch (this.source.source) {
+            case 'custom':
+                return (0, util_1.loadStructuredFile)(this.source.templateFile);
+            case 'default':
+                return (0, util_1.loadStructuredFile)(path.join((0, util_1.bundledPackageRootDir)(__dirname), 'lib', 'api', 'bootstrap', 'bootstrap-template.yaml'));
+            case 'legacy':
+                return (0, legacy_template_1.legacyBootstrapTemplate)(params);
+        }
+    }
+}
+exports.Bootstrapper = Bootstrapper;
+/**
+ * Magic parameter value that will cause the bootstrap-template.yml to NOT create a CMK but use the default key
+ */
+const USE_AWS_MANAGED_KEY = 'AWS_MANAGED_KEY';
+/**
+ * Magic parameter value that will cause the bootstrap-template.yml to create a CMK
+ */
+const CREATE_NEW_KEY = '';
+/**
+ * Parameter value indicating the use of the default, CDK provided permissions boundary for bootstrap-template.yml
+ */
+const CDK_BOOTSTRAP_PERMISSIONS_BOUNDARY = 'CDK_BOOTSTRAP_PERMISSIONS_BOUNDARY';
+/**
+ * Split an array-like CloudFormation parameter on ,
+ *
+ * An empty string is the empty array (instead of `['']`).
+ */
+function splitCfnArray(xs) {
+    if (xs === '' || xs === undefined) {
+        return [];
+    }
+    return xs.split(',');
+}
+function intersection(xs, ys) {
+    return new Set(Array.from(xs).filter(x => ys.has(x)));
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYm9vdHN0cmFwLWVudmlyb25tZW50LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiYm9vdHN0cmFwLWVudmlyb25tZW50LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLDZCQUE2QjtBQUc3Qix5REFBa0Y7QUFDbEYsdURBQTREO0FBQzVELHFDQUEyRjtBQUczRiwyQ0FBa0Q7QUFDbEQsc0NBQWlDO0FBQ2pDLG9EQUFnRDtBQUNoRCxrREFBNkQ7QUFJN0QsTUFBYSxZQUFZO0lBSUo7SUFIRixRQUFRLENBQVc7SUFFcEMsWUFDbUIsU0FBMEIsRUFBRSxNQUFNLEVBQUUsU0FBUyxFQUFFLEVBQ2hFLFFBQWtCO1FBREQsV0FBTSxHQUFOLE1BQU0sQ0FBeUM7UUFHaEUsSUFBSSxDQUFDLFFBQVEsR0FBRyxRQUFRLENBQUM7SUFDM0IsQ0FBQztJQUVNLG9CQUFvQixDQUN6QixXQUE4QixFQUM5QixXQUF3QixFQUN4QixVQUF1QyxFQUFFO1FBRXpDLFFBQVEsSUFBSSxDQUFDLE1BQU0sQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUMzQixLQUFLLFFBQVE7Z0JBQ1gsT0FBTyxJQUFJLENBQUMsZUFBZSxDQUFDLFdBQVcsRUFBRSxXQUFXLEVBQUUsT0FBTyxDQUFDLENBQUM7WUFDakUsS0FBSyxTQUFTO2dCQUNaLE9BQU8sSUFBSSxDQUFDLGVBQWUsQ0FBQyxXQUFXLEVBQUUsV0FBVyxFQUFFLE9BQU8sQ0FBQyxDQUFDO1lBQ2pFLEtBQUssUUFBUTtnQkFDWCxPQUFPLElBQUksQ0FBQyxlQUFlLENBQUMsV0FBVyxFQUFFLFdBQVcsRUFBRSxPQUFPLENBQUMsQ0FBQztRQUNuRSxDQUFDO0lBQ0gsQ0FBQztJQUVNLEtBQUssQ0FBQyxZQUFZLENBQUMsSUFBYTtRQUNyQyxNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxZQUFZLEVBQUUsQ0FBQztRQUMzQyxPQUFPLENBQUMsTUFBTSxDQUFDLEtBQUssQ0FBQyxHQUFHLElBQUEseUJBQWtCLEVBQUMsUUFBUSxFQUFFLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQztJQUNsRSxDQUFDO0lBRUQ7OztPQUdHO0lBQ0ssS0FBSyxDQUFDLGVBQWUsQ0FDM0IsV0FBOEIsRUFDOUIsV0FBd0IsRUFDeEIsVUFBdUMsRUFBRTtRQUV6QyxNQUFNLE1BQU0sR0FBRyxPQUFPLENBQUMsVUFBVSxJQUFJLEVBQUUsQ0FBQztRQUV4QyxJQUFJLE1BQU0sQ0FBQyxlQUFlLEVBQUUsTUFBTSxFQUFFLENBQUM7WUFDbkMsTUFBTSxJQUFJLDRCQUFZLENBQUMsaUVBQWlFLENBQUMsQ0FBQztRQUM1RixDQUFDO1FBQ0QsSUFBSSxNQUFNLENBQUMsK0JBQStCLEVBQUUsTUFBTSxFQUFFLENBQUM7WUFDbkQsTUFBTSxJQUFJLDRCQUFZLENBQUMsNkZBQTZGLENBQUMsQ0FBQztRQUN4SCxDQUFDO1FBQ0QsSUFBSSxNQUFNLENBQUMsdUJBQXVCLEtBQUssU0FBUyxFQUFFLENBQUM7WUFDakQsTUFBTSxJQUFJLDRCQUFZLENBQUMsa0ZBQWtGLENBQUMsQ0FBQztRQUM3RyxDQUFDO1FBQ0QsSUFBSSxNQUFNLENBQUMsU0FBUyxFQUFFLENBQUM7WUFDckIsTUFBTSxJQUFJLDRCQUFZLENBQUMscUVBQXFFLENBQUMsQ0FBQztRQUNoRyxDQUFDO1FBRUQsTUFBTSxnQkFBZ0IsR0FBRyxPQUFPLENBQUMsZ0JBQWdCLElBQUkseUNBQTBCLENBQUM7UUFDaEYsTUFBTSxPQUFPLEdBQUcsTUFBTSxpQ0FBYyxDQUFDLE1BQU0sQ0FBQyxXQUFXLEVBQUUsV0FBVyxFQUFFLGdCQUFnQixFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUN2RyxPQUFPLE9BQU8sQ0FBQyxNQUFNLENBQ25CLE1BQU0sSUFBSSxDQUFDLFlBQVksQ0FBQyxNQUFNLENBQUMsRUFDL0IsRUFBRSxFQUNGO1lBQ0UsR0FBRyxPQUFPO1lBQ1YscUJBQXFCLEVBQUUsT0FBTyxDQUFDLHFCQUFxQixJQUFJLE9BQU8sQ0FBQyxxQkFBcUI7U0FDdEYsQ0FDRixDQUFDO0lBQ0osQ0FBQztJQUVEOzs7T0FHRztJQUNLLEtBQUssQ0FBQyxlQUFlLENBQzNCLFdBQThCLEVBQzlCLFdBQXdCLEVBQ3hCLFVBQXVDLEVBQUU7UUFFekMsTUFBTSxNQUFNLEdBQUcsT0FBTyxDQUFDLFVBQVUsSUFBSSxFQUFFLENBQUM7UUFFeEMsTUFBTSxpQkFBaUIsR0FBRyxNQUFNLElBQUksQ0FBQyxZQUFZLEVBQUUsQ0FBQztRQUVwRCxNQUFNLGdCQUFnQixHQUFHLE9BQU8sQ0FBQyxnQkFBZ0IsSUFBSSx5Q0FBMEIsQ0FBQztRQUNoRixNQUFNLE9BQU8sR0FBRyxNQUFNLGlDQUFjLENBQUMsTUFBTSxDQUFDLFdBQVcsRUFBRSxXQUFXLEVBQUUsZ0JBQWdCLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQ3ZHLE1BQU0sU0FBUyxHQUFHLE1BQU0sT0FBTyxDQUFDLFNBQVMsRUFBRSxDQUFDO1FBRTVDLElBQUksTUFBTSxDQUFDLHVCQUF1QixLQUFLLFNBQVMsSUFBSSxNQUFNLENBQUMsUUFBUSxFQUFFLENBQUM7WUFDcEUsTUFBTSxJQUFJLDRCQUFZLENBQ3BCLDRHQUE0RyxDQUM3RyxDQUFDO1FBQ0osQ0FBQztRQUVELDBIQUEwSDtRQUMxSCxnSEFBZ0g7UUFDaEgscUhBQXFIO1FBQ3JILHFEQUFxRDtRQUNyRCxFQUFFO1FBQ0YsMkVBQTJFO1FBQzNFLDJFQUEyRTtRQUMzRSx5RUFBeUU7UUFDekUsTUFBTSxVQUFVLEdBQUcsSUFBSSxHQUFHLENBQUM7WUFDekIsR0FBRyxNQUFNLENBQUMsZUFBZSxJQUFJLEVBQUU7WUFDL0IsR0FBRyxNQUFNLENBQUMsd0JBQXdCLElBQUksRUFBRTtTQUN6QyxDQUFDLENBQUM7UUFDSCxNQUFNLE9BQU8sR0FBRyxZQUFZLENBQUMsVUFBVSxFQUFFLElBQUksR0FBRyxDQUFDLE1BQU0sQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDLENBQUM7UUFDNUUsSUFBSSxPQUFPLENBQUMsSUFBSSxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQ3JCLE1BQU0sSUFBSSw0QkFBWSxDQUFDLHlEQUF5RCxDQUFDLEdBQUcsT0FBTyxDQUFDLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUMsQ0FBQztRQUM1RyxDQUFDO1FBRUQsTUFBTSxlQUFlLEdBQUcsQ0FBQyxRQUFrQixFQUFFLEVBQUUsQ0FDN0MsUUFBUSxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLENBQUMsTUFBTSxDQUFDLGlCQUFpQixFQUFFLEdBQUcsQ0FBQyxNQUFNLENBQUMsQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUV2RixNQUFNLGVBQWUsR0FBRyxlQUFlLENBQUMsTUFBTSxDQUFDLGVBQWUsSUFBSSxhQUFhLENBQUMsT0FBTyxDQUFDLFVBQVUsQ0FBQyxlQUFlLENBQUMsQ0FBQyxDQUFDO1FBQ3JILE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsWUFBRSxDQUFDLG9CQUFvQixDQUFDLEdBQUcsQ0FDcEQsb0NBQW9DLGVBQWUsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxlQUFlLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsQ0FBQyxRQUFRLEVBQUUsQ0FDekcsQ0FBQyxDQUFDO1FBRUgsTUFBTSx3QkFBd0IsR0FBRyxlQUFlLENBQzlDLE1BQU0sQ0FBQyx3QkFBd0IsSUFBSSxhQUFhLENBQUMsT0FBTyxDQUFDLFVBQVUsQ0FBQyx3QkFBd0IsQ0FBQyxDQUM5RixDQUFDO1FBQ0YsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxZQUFFLENBQUMsb0JBQW9CLENBQUMsR0FBRyxDQUNwRCxnQ0FBZ0Msd0JBQXdCLENBQUMsTUFBTSxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUMsd0JBQXdCLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsQ0FBQyxRQUFRLEVBQUUsQ0FDdkgsQ0FBQyxDQUFDO1FBRUgsTUFBTSwrQkFBK0IsR0FDbkMsTUFBTSxDQUFDLCtCQUErQixJQUFJLGFBQWEsQ0FBQyxPQUFPLENBQUMsVUFBVSxDQUFDLCtCQUErQixDQUFDLENBQUM7UUFDOUcsSUFBSSxlQUFlLENBQUMsTUFBTSxLQUFLLENBQUMsSUFBSSwrQkFBK0IsQ0FBQyxNQUFNLEtBQUssQ0FBQyxFQUFFLENBQUM7WUFDakYsb0hBQW9IO1lBQ3BILEVBQUU7WUFDRix5R0FBeUc7WUFDekcsc0RBQXNEO1lBQ3RELEVBQUU7WUFDRixzR0FBc0c7WUFDdEcsZ0VBQWdFO1lBQ2hFLEVBQUU7WUFDRixrQkFBa0I7WUFDbEIsK0JBQStCO1lBQy9CLEVBQUU7WUFDRixrR0FBa0c7WUFDbEcsOEJBQThCO1lBQzlCLE1BQU0sY0FBYyxHQUFHLE9BQU8sU0FBUyxzQ0FBc0MsQ0FBQztZQUM5RSxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDLFlBQUUsQ0FBQyxvQkFBb0IsQ0FBQyxHQUFHLENBQ3BELHNDQUFzQyxjQUFjLDZEQUE2RCxDQUNsSCxDQUFDLENBQUM7UUFDTCxDQUFDO2FBQU0sSUFBSSwrQkFBK0IsQ0FBQyxNQUFNLEtBQUssQ0FBQyxFQUFFLENBQUM7WUFDeEQsTUFBTSxJQUFJLDRCQUFZLENBQ3BCLHdKQUF3SixTQUFTLGtDQUFrQyxDQUNwTSxDQUFDO1FBQ0osQ0FBQzthQUFNLENBQUM7WUFDTiw4Q0FBOEM7WUFDOUMsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxZQUFFLENBQUMsb0JBQW9CLENBQUMsR0FBRyxDQUFDLHVCQUF1QiwrQkFBK0IsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUM7UUFDL0gsQ0FBQztRQUVELDZDQUE2QztRQUM3QyxpQ0FBaUM7UUFDakMsK0JBQStCO1FBQy9CLHVDQUF1QztRQUN2QywyRUFBMkU7UUFDM0UsMEdBQTBHO1FBQzFHLE1BQU0sZUFBZSxHQUFHLE9BQU8sQ0FBQyxVQUFVLENBQUMsd0JBQXdCLENBQUM7UUFDcEUsTUFBTSxRQUFRLEdBQ1osTUFBTSxDQUFDLFFBQVE7WUFDZixDQUFDLE1BQU0sQ0FBQyx1QkFBdUIsS0FBSyxJQUFJO2dCQUN0QyxDQUFDLENBQUMsY0FBYztnQkFDaEIsQ0FBQyxDQUFDLE1BQU0sQ0FBQyx1QkFBdUIsS0FBSyxLQUFLLElBQUksZUFBZSxLQUFLLFNBQVM7b0JBQ3pFLENBQUMsQ0FBQyxtQkFBbUI7b0JBQ3JCLENBQUMsQ0FBQyxTQUFTLENBQUMsQ0FBQztRQUVuQjs7OztXQUlHO1FBRUgsd0VBQXdFO1FBQ3hFLGlGQUFpRjtRQUNqRixlQUFlO1FBQ2YsTUFBTSwwQkFBMEIsR0FBdUIsT0FBTyxDQUFDLFVBQVUsQ0FBQyx3QkFBd0IsSUFBSSxTQUFTLENBQUM7UUFDaEgsTUFBTSxlQUFlLEdBQUcsTUFBTSxDQUFDLDBCQUEwQjtZQUN2RCxDQUFDLENBQUMsa0NBQWtDO1lBQ3BDLENBQUMsQ0FBQyxNQUFNLENBQUMseUJBQXlCLENBQUM7UUFDckMsSUFBSSxVQUE4QixDQUFDO1FBQ25DLElBQUksZUFBZSxFQUFFLENBQUM7WUFDcEIscUVBQXFFO1lBQ3JFLE1BQU0sR0FBRyxHQUFHLENBQUMsTUFBTSxXQUFXLENBQUMsY0FBYyxDQUFDLFdBQVcsRUFBRSxhQUFJLENBQUMsVUFBVSxDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUM7WUFDakYsVUFBVSxHQUFHLE1BQU0sSUFBSSxDQUFDLGFBQWEsQ0FBQyxXQUFXLEVBQUUsR0FBRyxFQUFFLGVBQWUsRUFBRSxTQUFTLEVBQUUsTUFBTSxDQUFDLENBQUM7UUFDOUYsQ0FBQztRQUNELElBQUksMEJBQTBCLEtBQUssVUFBVSxFQUFFLENBQUM7WUFDOUMsSUFBSSxDQUFDLDBCQUEwQixFQUFFLENBQUM7Z0JBQ2hDLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsWUFBRSxDQUFDLG9CQUFvQixDQUFDLEdBQUcsQ0FDcEQsbUNBQW1DLFVBQVUsRUFBRSxDQUNoRCxDQUFDLENBQUM7WUFDTCxDQUFDO2lCQUFNLElBQUksQ0FBQyxVQUFVLEVBQUUsQ0FBQztnQkFDdkIsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxZQUFFLENBQUMsb0JBQW9CLENBQUMsR0FBRyxDQUNwRCwwQ0FBMEMsMEJBQTBCLEVBQUUsQ0FDdkUsQ0FBQyxDQUFDO1lBQ0wsQ0FBQztpQkFBTSxDQUFDO2dCQUNOLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsWUFBRSxDQUFDLG9CQUFvQixDQUFDLEdBQUcsQ0FDcEQsc0NBQXNDLDBCQUEwQixPQUFPLFVBQVUsRUFBRSxDQUNwRixDQUFDLENBQUM7WUFDTCxDQUFDO1FBQ0gsQ0FBQztRQUVELE9BQU8sT0FBTyxDQUFDLE1BQU0sQ0FDbkIsaUJBQWlCLEVBQ2pCO1lBQ0Usb0JBQW9CLEVBQUUsTUFBTSxDQUFDLFVBQVU7WUFDdkMsd0JBQXdCLEVBQUUsUUFBUTtZQUNsQyxtQ0FBbUM7WUFDbkMsZUFBZSxFQUFFLGVBQWUsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDO1lBQzFDLHdCQUF3QixFQUFFLHdCQUF3QixDQUFDLElBQUksQ0FBQyxHQUFHLENBQUM7WUFDNUQsK0JBQStCLEVBQUUsK0JBQStCLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQztZQUMxRSxTQUFTLEVBQUUsTUFBTSxDQUFDLFNBQVM7WUFDM0IsOEJBQThCLEVBQzVCLE1BQU0sQ0FBQyw4QkFBOEIsSUFBSSxNQUFNLENBQUMsOEJBQThCLEtBQUssU0FBUztnQkFDMUYsQ0FBQyxDQUFDLE1BQU07Z0JBQ1IsQ0FBQyxDQUFDLE9BQU87WUFDYix3QkFBd0IsRUFBRSxVQUFVO1NBQ3JDLEVBQ0Q7WUFDRSxHQUFHLE9BQU87WUFDVixxQkFBcUIsRUFBRSxPQUFPLENBQUMscUJBQXFCLElBQUksT0FBTyxDQUFDLHFCQUFxQjtTQUN0RixDQUNGLENBQUM7SUFDSixDQUFDO0lBRU8sS0FBSyxDQUFDLGFBQWEsQ0FDekIsV0FBOEIsRUFDOUIsR0FBUSxFQUNSLG1CQUEyQixFQUMzQixTQUFpQixFQUNqQixNQUErQjtRQUUvQixJQUFJLG1CQUFtQixLQUFLLGtDQUFrQyxFQUFFLENBQUM7WUFDL0QsSUFBSSxDQUFDLGtCQUFrQixDQUFDLG1CQUFtQixDQUFDLENBQUM7WUFDN0MsT0FBTyxPQUFPLENBQUMsT0FBTyxDQUFDLG1CQUFtQixDQUFDLENBQUM7UUFDOUMsQ0FBQztRQUNELHlEQUF5RDtRQUN6RCxNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyw2QkFBNkIsQ0FDbEQsTUFBTSxDQUFDLFNBQVMsSUFBSSxXQUFXLEVBQy9CLFNBQVMsRUFDVCxXQUFXLENBQUMsT0FBTyxFQUNuQixHQUFHLENBQ0osQ0FBQztRQUNGLE1BQU0sVUFBVSxHQUFHLEdBQUcsQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUMsR0FBRyxFQUFFLENBQUM7UUFDeEMsSUFBSSxDQUFDLFVBQVUsRUFBRSxDQUFDO1lBQ2hCLE1BQU0sSUFBSSw0QkFBWSxDQUFDLHFEQUFxRCxDQUFDLENBQUM7UUFDaEYsQ0FBQztRQUNELE9BQU8sT0FBTyxDQUFDLE9BQU8sQ0FBQyxVQUFVLENBQUMsQ0FBQztJQUNyQyxDQUFDO0lBRU8sS0FBSyxDQUFDLDZCQUE2QixDQUN6QyxTQUFpQixFQUNqQixTQUFpQixFQUNqQixPQUFlLEVBQ2YsR0FBUTtRQUVSLE1BQU0sR0FBRyxHQUFHLEdBQUcsQ0FBQyxHQUFHLEVBQUUsQ0FBQztRQUV0QixJQUFJLFVBQVUsR0FBRyxPQUFPLFNBQVMsdUJBQXVCLENBQUM7UUFDekQsTUFBTSxHQUFHLEdBQUcsT0FBTyxTQUFTLFNBQVMsT0FBTyxXQUFXLFVBQVUsRUFBRSxDQUFDO1FBRXBFLElBQUksQ0FBQztZQUNILElBQUksYUFBYSxHQUFHLE1BQU0sR0FBRyxDQUFDLFNBQVMsQ0FBQyxFQUFFLFNBQVMsRUFBRSxHQUFHLEVBQUUsQ0FBQyxDQUFDO1lBQzVELElBQUksYUFBYSxDQUFDLE1BQU0sRUFBRSxDQUFDO2dCQUN6QixPQUFPLEdBQUcsQ0FBQztZQUNiLENBQUM7UUFDSCxDQUFDO1FBQUMsT0FBTyxDQUFNLEVBQUUsQ0FBQztZQUNoQiw4RkFBOEY7WUFDOUYsSUFBSSxDQUFDLENBQUMsSUFBSSxLQUFLLGNBQWMsRUFBRSxDQUFDO2dCQUM5Qix5Q0FBeUM7WUFDM0MsQ0FBQztpQkFBTSxDQUFDO2dCQUNOLE1BQU0sQ0FBQyxDQUFDO1lBQ1YsQ0FBQztRQUNILENBQUM7UUFFRCxNQUFNLFNBQVMsR0FBRztZQUNoQixPQUFPLEVBQUUsWUFBWTtZQUNyQixTQUFTLEVBQUU7Z0JBQ1Q7b0JBQ0UsTUFBTSxFQUFFLENBQUMsR0FBRyxDQUFDO29CQUNiLFFBQVEsRUFBRSxHQUFHO29CQUNiLE1BQU0sRUFBRSxPQUFPO29CQUNmLEdBQUcsRUFBRSxrQkFBa0I7aUJBQ3hCO2dCQUNEO29CQUNFLFNBQVMsRUFBRTt3QkFDVCxZQUFZLEVBQUU7NEJBQ1oseUJBQXlCLEVBQUUsT0FBTyxTQUFTLFNBQVMsT0FBTyxlQUFlLFNBQVMsdUJBQXVCO3lCQUMzRztxQkFDRjtvQkFDRCxNQUFNLEVBQUU7d0JBQ04sZ0JBQWdCO3dCQUNoQixnQkFBZ0I7d0JBQ2hCLGdDQUFnQzt3QkFDaEMsZ0NBQWdDO3FCQUNqQztvQkFDRCxRQUFRLEVBQUUsR0FBRztvQkFDYixNQUFNLEVBQUUsT0FBTztvQkFDZixHQUFHLEVBQUUsbURBQW1EO2lCQUN6RDtnQkFDRDtvQkFDRSxNQUFNLEVBQUU7d0JBQ04seUJBQXlCO3dCQUN6QixrQkFBa0I7d0JBQ2xCLHlCQUF5Qjt3QkFDekIsNkJBQTZCO3FCQUM5QjtvQkFDRCxRQUFRLEVBQUUsT0FBTyxTQUFTLFNBQVMsT0FBTyxlQUFlLFNBQVMsdUJBQXVCO29CQUN6RixNQUFNLEVBQUUsTUFBTTtvQkFDZCxHQUFHLEVBQUUscUNBQXFDO2lCQUMzQztnQkFDRDtvQkFDRSxNQUFNLEVBQUUsQ0FBQyxtQ0FBbUMsRUFBRSxtQ0FBbUMsQ0FBQztvQkFDbEYsUUFBUSxFQUFFLEdBQUc7b0JBQ2IsTUFBTSxFQUFFLE1BQU07b0JBQ2QsR0FBRyxFQUFFLDRDQUE0QztpQkFDbEQ7YUFDRjtTQUNGLENBQUM7UUFDRixNQUFNLE9BQU8sR0FBRztZQUNkLFVBQVUsRUFBRSxVQUFVO1lBQ3RCLGNBQWMsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLFNBQVMsQ0FBQztTQUMxQyxDQUFDO1FBQ0YsTUFBTSxvQkFBb0IsR0FBRyxNQUFNLEdBQUcsQ0FBQyxZQUFZLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDN0QsSUFBSSxvQkFBb0IsQ0FBQyxNQUFNLEVBQUUsR0FBRyxFQUFFLENBQUM7WUFDckMsT0FBTyxvQkFBb0IsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDO1FBQ3pDLENBQUM7YUFBTSxDQUFDO1lBQ04sTUFBTSxJQUFJLDRCQUFZLENBQUMsc0RBQXNELEdBQUcsR0FBRyxDQUFDLENBQUM7UUFDdkYsQ0FBQztJQUNILENBQUM7SUFFTyxrQkFBa0IsQ0FBQyxtQkFBMkI7UUFDcEQsNEVBQTRFO1FBQzVFLDZDQUE2QztRQUM3QyxrREFBa0Q7UUFDbEQsTUFBTSxNQUFNLEdBQVcsZUFBZSxDQUFDO1FBQ3ZDLE1BQU0sT0FBTyxHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMsbUJBQW1CLENBQUMsQ0FBQztRQUNqRCxJQUFJLENBQUMsQ0FBQyxPQUFPLElBQUksT0FBTyxDQUFDLE1BQU0sS0FBSyxDQUFDLElBQUksT0FBTyxDQUFDLENBQUMsQ0FBQyxLQUFLLG1CQUFtQixDQUFDLEVBQUUsQ0FBQztZQUM3RSxNQUFNLElBQUksNEJBQVksQ0FBQyxpQ0FBaUMsbUJBQW1CLHNDQUFzQyxDQUFDLENBQUM7UUFDckgsQ0FBQztJQUNILENBQUM7SUFFTyxLQUFLLENBQUMsZUFBZSxDQUMzQixXQUE4QixFQUM5QixXQUF3QixFQUN4QixVQUF1QyxFQUFFO1FBRXpDLHFGQUFxRjtRQUNyRixxREFBcUQ7UUFDckQsTUFBTSxPQUFPLEdBQUcsSUFBQSwrQ0FBNEIsRUFBQyxNQUFNLElBQUksQ0FBQyxZQUFZLEVBQUUsQ0FBQyxDQUFDO1FBQ3hFLElBQUksT0FBTyxLQUFLLENBQUMsRUFBRSxDQUFDO1lBQ2xCLE9BQU8sSUFBSSxDQUFDLGVBQWUsQ0FBQyxXQUFXLEVBQUUsV0FBVyxFQUFFLE9BQU8sQ0FBQyxDQUFDO1FBQ2pFLENBQUM7YUFBTSxDQUFDO1lBQ04sT0FBTyxJQUFJLENBQUMsZUFBZSxDQUFDLFdBQVcsRUFBRSxXQUFXLEVBQUUsT0FBTyxDQUFDLENBQUM7UUFDakUsQ0FBQztJQUNILENBQUM7SUFFTyxLQUFLLENBQUMsWUFBWSxDQUFDLFNBQWtDLEVBQUU7UUFDN0QsUUFBUSxJQUFJLENBQUMsTUFBTSxDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQzNCLEtBQUssUUFBUTtnQkFDWCxPQUFPLElBQUEseUJBQWtCLEVBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxZQUFZLENBQUMsQ0FBQztZQUN0RCxLQUFLLFNBQVM7Z0JBQ1osT0FBTyxJQUFBLHlCQUFrQixFQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBQSw0QkFBcUIsRUFBQyxTQUFTLENBQUMsRUFBRSxLQUFLLEVBQUUsS0FBSyxFQUFFLFdBQVcsRUFBRSx5QkFBeUIsQ0FBQyxDQUFDLENBQUM7WUFDL0gsS0FBSyxRQUFRO2dCQUNYLE9BQU8sSUFBQSx5Q0FBdUIsRUFBQyxNQUFNLENBQUMsQ0FBQztRQUMzQyxDQUFDO0lBQ0gsQ0FBQztDQUNGO0FBN1dELG9DQTZXQztBQUVEOztHQUVHO0FBQ0gsTUFBTSxtQkFBbUIsR0FBRyxpQkFBaUIsQ0FBQztBQUU5Qzs7R0FFRztBQUNILE1BQU0sY0FBYyxHQUFHLEVBQUUsQ0FBQztBQUMxQjs7R0FFRztBQUNILE1BQU0sa0NBQWtDLEdBQUcsb0NBQW9DLENBQUM7QUFFaEY7Ozs7R0FJRztBQUNILFNBQVMsYUFBYSxDQUFDLEVBQXNCO0lBQzNDLElBQUksRUFBRSxLQUFLLEVBQUUsSUFBSSxFQUFFLEtBQUssU0FBUyxFQUFFLENBQUM7UUFDbEMsT0FBTyxFQUFFLENBQUM7SUFDWixDQUFDO0lBQ0QsT0FBTyxFQUFFLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDO0FBQ3ZCLENBQUM7QUFFRCxTQUFTLFlBQVksQ0FBSSxFQUFVLEVBQUUsRUFBVTtJQUM3QyxPQUFPLElBQUksR0FBRyxDQUFJLEtBQUssQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsRUFBRSxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7QUFDM0QsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCAqIGFzIHBhdGggZnJvbSAncGF0aCc7XG5pbXBvcnQgdHlwZSAqIGFzIGN4YXBpIGZyb20gJ0Bhd3MtY2RrL2N4LWFwaSc7XG5pbXBvcnQgdHlwZSB7IEJvb3RzdHJhcEVudmlyb25tZW50T3B0aW9ucywgQm9vdHN0cmFwcGluZ1BhcmFtZXRlcnMgfSBmcm9tICcuL2Jvb3RzdHJhcC1wcm9wcyc7XG5pbXBvcnQgeyBCb290c3RyYXBTdGFjaywgYm9vdHN0cmFwVmVyc2lvbkZyb21UZW1wbGF0ZSB9IGZyb20gJy4vZGVwbG95LWJvb3RzdHJhcCc7XG5pbXBvcnQgeyBsZWdhY3lCb290c3RyYXBUZW1wbGF0ZSB9IGZyb20gJy4vbGVnYWN5LXRlbXBsYXRlJztcbmltcG9ydCB7IGJ1bmRsZWRQYWNrYWdlUm9vdERpciwgbG9hZFN0cnVjdHVyZWRGaWxlLCBzZXJpYWxpemVTdHJ1Y3R1cmUgfSBmcm9tICcuLi8uLi91dGlsJztcbmltcG9ydCB0eXBlIHsgU0RLLCBTZGtQcm92aWRlciB9IGZyb20gJy4uL2F3cy1hdXRoL3ByaXZhdGUnO1xuaW1wb3J0IHR5cGUgeyBTdWNjZXNzZnVsRGVwbG95U3RhY2tSZXN1bHQgfSBmcm9tICcuLi9kZXBsb3ltZW50cyc7XG5pbXBvcnQgeyBJTywgdHlwZSBJb0hlbHBlciB9IGZyb20gJy4uL2lvL3ByaXZhdGUnO1xuaW1wb3J0IHsgTW9kZSB9IGZyb20gJy4uL3BsdWdpbic7XG5pbXBvcnQgeyBUb29sa2l0RXJyb3IgfSBmcm9tICcuLi90b29sa2l0LWVycm9yJztcbmltcG9ydCB7IERFRkFVTFRfVE9PTEtJVF9TVEFDS19OQU1FIH0gZnJvbSAnLi4vdG9vbGtpdC1pbmZvJztcblxuZXhwb3J0IHR5cGUgQm9vdHN0cmFwU291cmNlID0geyBzb3VyY2U6ICdsZWdhY3knIH0gfCB7IHNvdXJjZTogJ2RlZmF1bHQnIH0gfCB7IHNvdXJjZTogJ2N1c3RvbSc7IHRlbXBsYXRlRmlsZTogc3RyaW5nIH07XG5cbmV4cG9ydCBjbGFzcyBCb290c3RyYXBwZXIge1xuICBwcml2YXRlIHJlYWRvbmx5IGlvSGVscGVyOiBJb0hlbHBlcjtcblxuICBjb25zdHJ1Y3RvcihcbiAgICBwcml2YXRlIHJlYWRvbmx5IHNvdXJjZTogQm9vdHN0cmFwU291cmNlID0geyBzb3VyY2U6ICdkZWZhdWx0JyB9LFxuICAgIGlvSGVscGVyOiBJb0hlbHBlcixcbiAgKSB7XG4gICAgdGhpcy5pb0hlbHBlciA9IGlvSGVscGVyO1xuICB9XG5cbiAgcHVibGljIGJvb3RzdHJhcEVudmlyb25tZW50KFxuICAgIGVudmlyb25tZW50OiBjeGFwaS5FbnZpcm9ubWVudCxcbiAgICBzZGtQcm92aWRlcjogU2RrUHJvdmlkZXIsXG4gICAgb3B0aW9uczogQm9vdHN0cmFwRW52aXJvbm1lbnRPcHRpb25zID0ge30sXG4gICk6IFByb21pc2U8U3VjY2Vzc2Z1bERlcGxveVN0YWNrUmVzdWx0PiB7XG4gICAgc3dpdGNoICh0aGlzLnNvdXJjZS5zb3VyY2UpIHtcbiAgICAgIGNhc2UgJ2xlZ2FjeSc6XG4gICAgICAgIHJldHVybiB0aGlzLmxlZ2FjeUJvb3RzdHJhcChlbnZpcm9ubWVudCwgc2RrUHJvdmlkZXIsIG9wdGlvbnMpO1xuICAgICAgY2FzZSAnZGVmYXVsdCc6XG4gICAgICAgIHJldHVybiB0aGlzLm1vZGVybkJvb3RzdHJhcChlbnZpcm9ubWVudCwgc2RrUHJvdmlkZXIsIG9wdGlvbnMpO1xuICAgICAgY2FzZSAnY3VzdG9tJzpcbiAgICAgICAgcmV0dXJuIHRoaXMuY3VzdG9tQm9vdHN0cmFwKGVudmlyb25tZW50LCBzZGtQcm92aWRlciwgb3B0aW9ucyk7XG4gICAgfVxuICB9XG5cbiAgcHVibGljIGFzeW5jIHNob3dUZW1wbGF0ZShqc29uOiBib29sZWFuKSB7XG4gICAgY29uc3QgdGVtcGxhdGUgPSBhd2FpdCB0aGlzLmxvYWRUZW1wbGF0ZSgpO1xuICAgIHByb2Nlc3Muc3Rkb3V0LndyaXRlKGAke3NlcmlhbGl6ZVN0cnVjdHVyZSh0ZW1wbGF0ZSwganNvbil9XFxuYCk7XG4gIH1cblxuICAvKipcbiAgICogRGVwbG95IGxlZ2FjeSBib290c3RyYXAgc3RhY2tcbiAgICpcbiAgICovXG4gIHByaXZhdGUgYXN5bmMgbGVnYWN5Qm9vdHN0cmFwKFxuICAgIGVudmlyb25tZW50OiBjeGFwaS5FbnZpcm9ubWVudCxcbiAgICBzZGtQcm92aWRlcjogU2RrUHJvdmlkZXIsXG4gICAgb3B0aW9uczogQm9vdHN0cmFwRW52aXJvbm1lbnRPcHRpb25zID0ge30sXG4gICk6IFByb21pc2U8U3VjY2Vzc2Z1bERlcGxveVN0YWNrUmVzdWx0PiB7XG4gICAgY29uc3QgcGFyYW1zID0gb3B0aW9ucy5wYXJhbWV0ZXJzID8/IHt9O1xuXG4gICAgaWYgKHBhcmFtcy50cnVzdGVkQWNjb3VudHM/Lmxlbmd0aCkge1xuICAgICAgdGhyb3cgbmV3IFRvb2xraXRFcnJvcignLS10cnVzdCBjYW4gb25seSBiZSBwYXNzZWQgZm9yIHRoZSBtb2Rlcm4gYm9vdHN0cmFwIGV4cGVyaWVuY2UuJyk7XG4gICAgfVxuICAgIGlmIChwYXJhbXMuY2xvdWRGb3JtYXRpb25FeGVjdXRpb25Qb2xpY2llcz8ubGVuZ3RoKSB7XG4gICAgICB0aHJvdyBuZXcgVG9vbGtpdEVycm9yKCctLWNsb3VkZm9ybWF0aW9uLWV4ZWN1dGlvbi1wb2xpY2llcyBjYW4gb25seSBiZSBwYXNzZWQgZm9yIHRoZSBtb2Rlcm4gYm9vdHN0cmFwIGV4cGVyaWVuY2UuJyk7XG4gICAgfVxuICAgIGlmIChwYXJhbXMuY3JlYXRlQ3VzdG9tZXJNYXN0ZXJLZXkgIT09IHVuZGVmaW5lZCkge1xuICAgICAgdGhyb3cgbmV3IFRvb2xraXRFcnJvcignLS1ib290c3RyYXAtY3VzdG9tZXIta2V5IGNhbiBvbmx5IGJlIHBhc3NlZCBmb3IgdGhlIG1vZGVybiBib290c3RyYXAgZXhwZXJpZW5jZS4nKTtcbiAgICB9XG4gICAgaWYgKHBhcmFtcy5xdWFsaWZpZXIpIHtcbiAgICAgIHRocm93IG5ldyBUb29sa2l0RXJyb3IoJy0tcXVhbGlmaWVyIGNhbiBvbmx5IGJlIHBhc3NlZCBmb3IgdGhlIG1vZGVybiBib290c3RyYXAgZXhwZXJpZW5jZS4nKTtcbiAgICB9XG5cbiAgICBjb25zdCB0b29sa2l0U3RhY2tOYW1lID0gb3B0aW9ucy50b29sa2l0U3RhY2tOYW1lID8/IERFRkFVTFRfVE9PTEtJVF9TVEFDS19OQU1FO1xuICAgIGNvbnN0IGN1cnJlbnQgPSBhd2FpdCBCb290c3RyYXBTdGFjay5sb29rdXAoc2RrUHJvdmlkZXIsIGVudmlyb25tZW50LCB0b29sa2l0U3RhY2tOYW1lLCB0aGlzLmlvSGVscGVyKTtcbiAgICByZXR1cm4gY3VycmVudC51cGRhdGUoXG4gICAgICBhd2FpdCB0aGlzLmxvYWRUZW1wbGF0ZShwYXJhbXMpLFxuICAgICAge30sXG4gICAgICB7XG4gICAgICAgIC4uLm9wdGlvbnMsXG4gICAgICAgIHRlcm1pbmF0aW9uUHJvdGVjdGlvbjogb3B0aW9ucy50ZXJtaW5hdGlvblByb3RlY3Rpb24gPz8gY3VycmVudC50ZXJtaW5hdGlvblByb3RlY3Rpb24sXG4gICAgICB9LFxuICAgICk7XG4gIH1cblxuICAvKipcbiAgICogRGVwbG95IENJL0NELXJlYWR5IGJvb3RzdHJhcCBzdGFjayBmcm9tIHRlbXBsYXRlXG4gICAqXG4gICAqL1xuICBwcml2YXRlIGFzeW5jIG1vZGVybkJvb3RzdHJhcChcbiAgICBlbnZpcm9ubWVudDogY3hhcGkuRW52aXJvbm1lbnQsXG4gICAgc2RrUHJvdmlkZXI6IFNka1Byb3ZpZGVyLFxuICAgIG9wdGlvbnM6IEJvb3RzdHJhcEVudmlyb25tZW50T3B0aW9ucyA9IHt9LFxuICApOiBQcm9taXNlPFN1Y2Nlc3NmdWxEZXBsb3lTdGFja1Jlc3VsdD4ge1xuICAgIGNvbnN0IHBhcmFtcyA9IG9wdGlvbnMucGFyYW1ldGVycyA/PyB7fTtcblxuICAgIGNvbnN0IGJvb3RzdHJhcFRlbXBsYXRlID0gYXdhaXQgdGhpcy5sb2FkVGVtcGxhdGUoKTtcblxuICAgIGNvbnN0IHRvb2xraXRTdGFja05hbWUgPSBvcHRpb25zLnRvb2xraXRTdGFja05hbWUgPz8gREVGQVVMVF9UT09MS0lUX1NUQUNLX05BTUU7XG4gICAgY29uc3QgY3VycmVudCA9IGF3YWl0IEJvb3RzdHJhcFN0YWNrLmxvb2t1cChzZGtQcm92aWRlciwgZW52aXJvbm1lbnQsIHRvb2xraXRTdGFja05hbWUsIHRoaXMuaW9IZWxwZXIpO1xuICAgIGNvbnN0IHBhcnRpdGlvbiA9IGF3YWl0IGN1cnJlbnQucGFydGl0aW9uKCk7XG5cbiAgICBpZiAocGFyYW1zLmNyZWF0ZUN1c3RvbWVyTWFzdGVyS2V5ICE9PSB1bmRlZmluZWQgJiYgcGFyYW1zLmttc0tleUlkKSB7XG4gICAgICB0aHJvdyBuZXcgVG9vbGtpdEVycm9yKFxuICAgICAgICBcIllvdSBjYW5ub3QgcGFzcyAnLS1ib290c3RyYXAta21zLWtleS1pZCcgYW5kICctLWJvb3RzdHJhcC1jdXN0b21lci1rZXknIHRvZ2V0aGVyLiBTcGVjaWZ5IG9uZSBvciB0aGUgb3RoZXJcIixcbiAgICAgICk7XG4gICAgfVxuXG4gICAgLy8gSWYgcGVvcGxlIHJlLWJvb3RzdHJhcCwgZXhpc3RpbmcgcGFyYW1ldGVyIHZhbHVlcyBhcmUgcmV1c2VkIHNvIHRoYXQgcGVvcGxlIGRvbid0IGFjY2lkZW50YWxseSBjaGFuZ2UgdGhlIGNvbmZpZ3VyYXRpb25cbiAgICAvLyBvbiB0aGVpciBib290c3RyYXAgc3RhY2sgKHRoaXMgaGFwcGVucyBhdXRvbWF0aWNhbGx5IGluIGRlcGxveVN0YWNrKS4gSG93ZXZlciwgdG8gZG8gcHJvcGVyIHZhbGlkYXRpb24gb24gdGhlXG4gICAgLy8gY29tYmluZWQgYXJndW1lbnRzIChzdWNoIHRoYXQgaWYgLS10cnVzdCBoYXMgYmVlbiBnaXZlbiwgLS1jbG91ZGZvcm1hdGlvbi1leGVjdXRpb24tcG9saWNpZXMgaXMgbmVjZXNzYXJ5IGFzIHdlbGwpXG4gICAgLy8gd2UgbmVlZCB0byB0YWtlIHRoaXMgcGFyYW1ldGVyIHJldXNlIGludG8gYWNjb3VudC5cbiAgICAvL1xuICAgIC8vIElkZWFsbHkgd2UnZCBkbyB0aGlzIGluc2lkZSB0aGUgdGVtcGxhdGUsIGJ1dCB0aGUgYFJ1bGVzYCBzZWN0aW9uIG9mIENGTlxuICAgIC8vIHRlbXBsYXRlcyBkb2Vzbid0IHNlZW0gdG8gYmUgYWJsZSB0byBleHByZXNzIHRoZSBjb25kaXRpb25zIHRoYXQgd2UgbmVlZFxuICAgIC8vIChjYW4ndCB1c2UgRm46OkpvaW4gb3IgcmVmZXJlbmNlIENvbmRpdGlvbnMpIHNvIHdlIGRvIGl0IGhlcmUgaW5zdGVhZC5cbiAgICBjb25zdCBhbGxUcnVzdGVkID0gbmV3IFNldChbXG4gICAgICAuLi5wYXJhbXMudHJ1c3RlZEFjY291bnRzID8/IFtdLFxuICAgICAgLi4ucGFyYW1zLnRydXN0ZWRBY2NvdW50c0Zvckxvb2t1cCA/PyBbXSxcbiAgICBdKTtcbiAgICBjb25zdCBpbnZhbGlkID0gaW50ZXJzZWN0aW9uKGFsbFRydXN0ZWQsIG5ldyBTZXQocGFyYW1zLnVudHJ1c3RlZEFjY291bnRzKSk7XG4gICAgaWYgKGludmFsaWQuc2l6ZSA+IDApIHtcbiAgICAgIHRocm93IG5ldyBUb29sa2l0RXJyb3IoYEFjY291bnRzIGNhbm5vdCBiZSBib3RoIHRydXN0ZWQgYW5kIHVudHJ1c3RlZC4gRm91bmQ6ICR7Wy4uLmludmFsaWRdLmpvaW4oJywnKX1gKTtcbiAgICB9XG5cbiAgICBjb25zdCByZW1vdmVVbnRydXN0ZWQgPSAoYWNjb3VudHM6IHN0cmluZ1tdKSA9PlxuICAgICAgYWNjb3VudHMuZmlsdGVyKGFjYyA9PiAhcGFyYW1zLnVudHJ1c3RlZEFjY291bnRzPy5tYXAoU3RyaW5nKS5pbmNsdWRlcyhTdHJpbmcoYWNjKSkpO1xuXG4gICAgY29uc3QgdHJ1c3RlZEFjY291bnRzID0gcmVtb3ZlVW50cnVzdGVkKHBhcmFtcy50cnVzdGVkQWNjb3VudHMgPz8gc3BsaXRDZm5BcnJheShjdXJyZW50LnBhcmFtZXRlcnMuVHJ1c3RlZEFjY291bnRzKSk7XG4gICAgYXdhaXQgdGhpcy5pb0hlbHBlci5ub3RpZnkoSU8uREVGQVVMVF9UT09MS0lUX0lORk8ubXNnKFxuICAgICAgYFRydXN0ZWQgYWNjb3VudHMgZm9yIGRlcGxveW1lbnQ6ICR7dHJ1c3RlZEFjY291bnRzLmxlbmd0aCA+IDAgPyB0cnVzdGVkQWNjb3VudHMuam9pbignLCAnKSA6ICcobm9uZSknfWAsXG4gICAgKSk7XG5cbiAgICBjb25zdCB0cnVzdGVkQWNjb3VudHNGb3JMb29rdXAgPSByZW1vdmVVbnRydXN0ZWQoXG4gICAgICBwYXJhbXMudHJ1c3RlZEFjY291bnRzRm9yTG9va3VwID8/IHNwbGl0Q2ZuQXJyYXkoY3VycmVudC5wYXJhbWV0ZXJzLlRydXN0ZWRBY2NvdW50c0Zvckxvb2t1cCksXG4gICAgKTtcbiAgICBhd2FpdCB0aGlzLmlvSGVscGVyLm5vdGlmeShJTy5ERUZBVUxUX1RPT0xLSVRfSU5GTy5tc2coXG4gICAgICBgVHJ1c3RlZCBhY2NvdW50cyBmb3IgbG9va3VwOiAke3RydXN0ZWRBY2NvdW50c0Zvckxvb2t1cC5sZW5ndGggPiAwID8gdHJ1c3RlZEFjY291bnRzRm9yTG9va3VwLmpvaW4oJywgJykgOiAnKG5vbmUpJ31gLFxuICAgICkpO1xuXG4gICAgY29uc3QgY2xvdWRGb3JtYXRpb25FeGVjdXRpb25Qb2xpY2llcyA9XG4gICAgICBwYXJhbXMuY2xvdWRGb3JtYXRpb25FeGVjdXRpb25Qb2xpY2llcyA/PyBzcGxpdENmbkFycmF5KGN1cnJlbnQucGFyYW1ldGVycy5DbG91ZEZvcm1hdGlvbkV4ZWN1dGlvblBvbGljaWVzKTtcbiAgICBpZiAodHJ1c3RlZEFjY291bnRzLmxlbmd0aCA9PT0gMCAmJiBjbG91ZEZvcm1hdGlvbkV4ZWN1dGlvblBvbGljaWVzLmxlbmd0aCA9PT0gMCkge1xuICAgICAgLy8gRm9yIHNlbGYtdHJ1c3QgaXQncyBva2F5IHRvIGRlZmF1bHQgdG8gQWRtaW5pc3RyYXRvckFjY2VzcywgYW5kIGl0IGltcHJvdmVzIHRoZSB1c2FiaWxpdHkgb2YgYm9vdHN0cmFwcGluZyBhIGxvdC5cbiAgICAgIC8vXG4gICAgICAvLyBXZSBkb24ndCBhY3R1YWxseSBtYWtlIHRoZSBpbXBsaWNpdGx5IHBvbGljeSBhIHBoeXNpY2FsIHBhcmFtZXRlci4gVGhlIHRlbXBsYXRlIHdpbGwgaW5mZXIgaXQgaW5zdGVhZCxcbiAgICAgIC8vIHdlIHNpbXBseSBkbyB0aGUgVUkgYWR2ZXJ0aXNpbmcgdGhhdCBiZWhhdmlvciBoZXJlLlxuICAgICAgLy9cbiAgICAgIC8vIElmIHdlIERJRCBtYWtlIGl0IGFuIGV4cGxpY2l0IHBhcmFtZXRlciwgd2Ugd291bGRuJ3QgYmUgYWJsZSB0byB0ZWxsIHRoZSBkaWZmZXJlbmNlIGJldHdlZW4gd2hldGhlclxuICAgICAgLy8gd2UgaW5mZXJyZWQgaXQgb3Igd2hldGhlciB0aGUgdXNlciB0b2xkIHVzLCBhbmQgdGhlIHNlcXVlbmNlOlxuICAgICAgLy9cbiAgICAgIC8vICQgY2RrIGJvb3RzdHJhcFxuICAgICAgLy8gJCBjZGsgYm9vdHN0cmFwIC0tdHJ1c3QgMTIzNFxuICAgICAgLy9cbiAgICAgIC8vIFdvdWxkIGxlYXZlIEFkbWluaXN0cmF0b3JBY2Nlc3MgcG9saWNpZXMgd2l0aCBhIHRydXN0IHJlbGF0aW9uc2hpcCwgd2l0aG91dCB0aGUgdXNlciBleHBsaWNpdGx5XG4gICAgICAvLyBhcHByb3ZpbmcgdGhlIHRydXN0IHBvbGljeS5cbiAgICAgIGNvbnN0IGltcGxpY2l0UG9saWN5ID0gYGFybjoke3BhcnRpdGlvbn06aWFtOjphd3M6cG9saWN5L0FkbWluaXN0cmF0b3JBY2Nlc3NgO1xuICAgICAgYXdhaXQgdGhpcy5pb0hlbHBlci5ub3RpZnkoSU8uREVGQVVMVF9UT09MS0lUX1dBUk4ubXNnKFxuICAgICAgICBgVXNpbmcgZGVmYXVsdCBleGVjdXRpb24gcG9saWN5IG9mICcke2ltcGxpY2l0UG9saWN5fScuIFBhc3MgJy0tY2xvdWRmb3JtYXRpb24tZXhlY3V0aW9uLXBvbGljaWVzJyB0byBjdXN0b21pemUuYCxcbiAgICAgICkpO1xuICAgIH0gZWxzZSBpZiAoY2xvdWRGb3JtYXRpb25FeGVjdXRpb25Qb2xpY2llcy5sZW5ndGggPT09IDApIHtcbiAgICAgIHRocm93IG5ldyBUb29sa2l0RXJyb3IoXG4gICAgICAgIGBQbGVhc2UgcGFzcyBcXCctLWNsb3VkZm9ybWF0aW9uLWV4ZWN1dGlvbi1wb2xpY2llc1xcJyB3aGVuIHVzaW5nIFxcJy0tdHJ1c3RcXCcgdG8gc3BlY2lmeSBkZXBsb3ltZW50IHBlcm1pc3Npb25zLiBUcnkgYSBtYW5hZ2VkIHBvbGljeSBvZiB0aGUgZm9ybSBcXCdhcm46JHtwYXJ0aXRpb259OmlhbTo6YXdzOnBvbGljeS88UG9saWN5TmFtZT5cXCcuYCxcbiAgICAgICk7XG4gICAgfSBlbHNlIHtcbiAgICAgIC8vIFJlbWluZCBwZW9wbGUgd2hhdCB0aGUgY3VycmVudCBzZXR0aW5ncyBhcmVcbiAgICAgIGF3YWl0IHRoaXMuaW9IZWxwZXIubm90aWZ5KElPLkRFRkFVTFRfVE9PTEtJVF9JTkZPLm1zZyhgRXhlY3V0aW9uIHBvbGljaWVzOiAke2Nsb3VkRm9ybWF0aW9uRXhlY3V0aW9uUG9saWNpZXMuam9pbignLCAnKX1gKSk7XG4gICAgfVxuXG4gICAgLy8gKiBJZiBhbiBBUk4gaXMgZ2l2ZW4sIHRoYXQgQVJOLiBPdGhlcndpc2U6XG4gICAgLy8gICAqICctJyBpZiBjdXN0b21lcktleSA9IGZhbHNlXG4gICAgLy8gICAqICcnIGlmIGN1c3RvbWVyS2V5ID0gdHJ1ZVxuICAgIC8vICAgKiBpZiBjdXN0b21lcktleSBpcyBhbHNvIG5vdCBnaXZlblxuICAgIC8vICAgICAqIHVuZGVmaW5lZCBpZiB3ZSBhbHJlYWR5IGhhZCBhIHZhbHVlIGluIHBsYWNlIChyZXVzaW5nIHdoYXQgd2UgaGFkKVxuICAgIC8vICAgICAqICctJyBpZiB0aGlzIGlzIHRoZSBmaXJzdCB0aW1lIHdlJ3JlIGRlcGxveWluZyB0aGlzIHN0YWNrIChvciB1cGdyYWRpbmcgZnJvbSBvbGQgdG8gbmV3IGJvb3RzdHJhcClcbiAgICBjb25zdCBjdXJyZW50S21zS2V5SWQgPSBjdXJyZW50LnBhcmFtZXRlcnMuRmlsZUFzc2V0c0J1Y2tldEttc0tleUlkO1xuICAgIGNvbnN0IGttc0tleUlkID1cbiAgICAgIHBhcmFtcy5rbXNLZXlJZCA/P1xuICAgICAgKHBhcmFtcy5jcmVhdGVDdXN0b21lck1hc3RlcktleSA9PT0gdHJ1ZVxuICAgICAgICA/IENSRUFURV9ORVdfS0VZXG4gICAgICAgIDogcGFyYW1zLmNyZWF0ZUN1c3RvbWVyTWFzdGVyS2V5ID09PSBmYWxzZSB8fCBjdXJyZW50S21zS2V5SWQgPT09IHVuZGVmaW5lZFxuICAgICAgICAgID8gVVNFX0FXU19NQU5BR0VEX0tFWVxuICAgICAgICAgIDogdW5kZWZpbmVkKTtcblxuICAgIC8qIEEgcGVybWlzc2lvbnMgYm91bmRhcnkgY2FuIGJlIHByb3ZpZGVkIHZpYTpcbiAgICAgKiAgICAtIHRoZSBmbGFnIGluZGljYXRpbmcgdGhlIGV4YW1wbGUgb25lIHNob3VsZCBiZSB1c2VkXG4gICAgICogICAgLSB0aGUgbmFtZSBpbmRpY2F0aW5nIHRoZSBjdXN0b20gcGVybWlzc2lvbnMgYm91bmRhcnkgdG8gYmUgdXNlZFxuICAgICAqIFJlLWJvb3RzdHJhcHBpbmcgd2lsbCBOT1QgYmUgYmxvY2tlZCBieSBlaXRoZXIgdGlnaHRlbmluZyBvciByZWxheGluZyB0aGUgcGVybWlzc2lvbnMnIGJvdW5kYXJ5LlxuICAgICAqL1xuXG4gICAgLy8gSW5wdXRQZXJtaXNzaW9uc0JvdW5kYXJ5IGlzIGFuIGBhbnlgIHR5cGUgYW5kIGlmIGl0IGlzIG5vdCBkZWZpbmVkIGl0XG4gICAgLy8gYXBwZWFycyBhcyBhbiBlbXB0eSBzdHJpbmcgJycuIFdlIG5lZWQgdG8gZm9yY2UgaXQgdG8gZXZhbHVhdGUgYW4gZW1wdHkgc3RyaW5nXG4gICAgLy8gYXMgdW5kZWZpbmVkXG4gICAgY29uc3QgY3VycmVudFBlcm1pc3Npb25zQm91bmRhcnk6IHN0cmluZyB8IHVuZGVmaW5lZCA9IGN1cnJlbnQucGFyYW1ldGVycy5JbnB1dFBlcm1pc3Npb25zQm91bmRhcnkgfHwgdW5kZWZpbmVkO1xuICAgIGNvbnN0IGlucHV0UG9saWN5TmFtZSA9IHBhcmFtcy5leGFtcGxlUGVybWlzc2lvbnNCb3VuZGFyeVxuICAgICAgPyBDREtfQk9PVFNUUkFQX1BFUk1JU1NJT05TX0JPVU5EQVJZXG4gICAgICA6IHBhcmFtcy5jdXN0b21QZXJtaXNzaW9uc0JvdW5kYXJ5O1xuICAgIGxldCBwb2xpY3lOYW1lOiBzdHJpbmcgfCB1bmRlZmluZWQ7XG4gICAgaWYgKGlucHV0UG9saWN5TmFtZSkge1xuICAgICAgLy8gSWYgdGhlIGV4YW1wbGUgcG9saWN5IGlzIG5vdCBhbHJlYWR5IGluIHBsYWNlLCBpdCBtdXN0IGJlIGNyZWF0ZWQuXG4gICAgICBjb25zdCBzZGsgPSAoYXdhaXQgc2RrUHJvdmlkZXIuZm9yRW52aXJvbm1lbnQoZW52aXJvbm1lbnQsIE1vZGUuRm9yV3JpdGluZykpLnNkaztcbiAgICAgIHBvbGljeU5hbWUgPSBhd2FpdCB0aGlzLmdldFBvbGljeU5hbWUoZW52aXJvbm1lbnQsIHNkaywgaW5wdXRQb2xpY3lOYW1lLCBwYXJ0aXRpb24sIHBhcmFtcyk7XG4gICAgfVxuICAgIGlmIChjdXJyZW50UGVybWlzc2lvbnNCb3VuZGFyeSAhPT0gcG9saWN5TmFtZSkge1xuICAgICAgaWYgKCFjdXJyZW50UGVybWlzc2lvbnNCb3VuZGFyeSkge1xuICAgICAgICBhd2FpdCB0aGlzLmlvSGVscGVyLm5vdGlmeShJTy5ERUZBVUxUX1RPT0xLSVRfV0FSTi5tc2coXG4gICAgICAgICAgYEFkZGluZyBuZXcgcGVybWlzc2lvbnMgYm91bmRhcnkgJHtwb2xpY3lOYW1lfWAsXG4gICAgICAgICkpO1xuICAgICAgfSBlbHNlIGlmICghcG9saWN5TmFtZSkge1xuICAgICAgICBhd2FpdCB0aGlzLmlvSGVscGVyLm5vdGlmeShJTy5ERUZBVUxUX1RPT0xLSVRfV0FSTi5tc2coXG4gICAgICAgICAgYFJlbW92aW5nIGV4aXN0aW5nIHBlcm1pc3Npb25zIGJvdW5kYXJ5ICR7Y3VycmVudFBlcm1pc3Npb25zQm91bmRhcnl9YCxcbiAgICAgICAgKSk7XG4gICAgICB9IGVsc2Uge1xuICAgICAgICBhd2FpdCB0aGlzLmlvSGVscGVyLm5vdGlmeShJTy5ERUZBVUxUX1RPT0xLSVRfV0FSTi5tc2coXG4gICAgICAgICAgYENoYW5naW5nIHBlcm1pc3Npb25zIGJvdW5kYXJ5IGZyb20gJHtjdXJyZW50UGVybWlzc2lvbnNCb3VuZGFyeX0gdG8gJHtwb2xpY3lOYW1lfWAsXG4gICAgICAgICkpO1xuICAgICAgfVxuICAgIH1cblxuICAgIHJldHVybiBjdXJyZW50LnVwZGF0ZShcbiAgICAgIGJvb3RzdHJhcFRlbXBsYXRlLFxuICAgICAge1xuICAgICAgICBGaWxlQXNzZXRzQnVja2V0TmFtZTogcGFyYW1zLmJ1Y2tldE5hbWUsXG4gICAgICAgIEZpbGVBc3NldHNCdWNrZXRLbXNLZXlJZDoga21zS2V5SWQsXG4gICAgICAgIC8vIEVtcHR5IGFycmF5IGJlY29tZXMgZW1wdHkgc3RyaW5nXG4gICAgICAgIFRydXN0ZWRBY2NvdW50czogdHJ1c3RlZEFjY291bnRzLmpvaW4oJywnKSxcbiAgICAgICAgVHJ1c3RlZEFjY291bnRzRm9yTG9va3VwOiB0cnVzdGVkQWNjb3VudHNGb3JMb29rdXAuam9pbignLCcpLFxuICAgICAgICBDbG91ZEZvcm1hdGlvbkV4ZWN1dGlvblBvbGljaWVzOiBjbG91ZEZvcm1hdGlvbkV4ZWN1dGlvblBvbGljaWVzLmpvaW4oJywnKSxcbiAgICAgICAgUXVhbGlmaWVyOiBwYXJhbXMucXVhbGlmaWVyLFxuICAgICAgICBQdWJsaWNBY2Nlc3NCbG9ja0NvbmZpZ3VyYXRpb246XG4gICAgICAgICAgcGFyYW1zLnB1YmxpY0FjY2Vzc0Jsb2NrQ29uZmlndXJhdGlvbiB8fCBwYXJhbXMucHVibGljQWNjZXNzQmxvY2tDb25maWd1cmF0aW9uID09PSB1bmRlZmluZWRcbiAgICAgICAgICAgID8gJ3RydWUnXG4gICAgICAgICAgICA6ICdmYWxzZScsXG4gICAgICAgIElucHV0UGVybWlzc2lvbnNCb3VuZGFyeTogcG9saWN5TmFtZSxcbiAgICAgIH0sXG4gICAgICB7XG4gICAgICAgIC4uLm9wdGlvbnMsXG4gICAgICAgIHRlcm1pbmF0aW9uUHJvdGVjdGlvbjogb3B0aW9ucy50ZXJtaW5hdGlvblByb3RlY3Rpb24gPz8gY3VycmVudC50ZXJtaW5hdGlvblByb3RlY3Rpb24sXG4gICAgICB9LFxuICAgICk7XG4gIH1cblxuICBwcml2YXRlIGFzeW5jIGdldFBvbGljeU5hbWUoXG4gICAgZW52aXJvbm1lbnQ6IGN4YXBpLkVudmlyb25tZW50LFxuICAgIHNkazogU0RLLFxuICAgIHBlcm1pc3Npb25zQm91bmRhcnk6IHN0cmluZyxcbiAgICBwYXJ0aXRpb246IHN0cmluZyxcbiAgICBwYXJhbXM6IEJvb3RzdHJhcHBpbmdQYXJhbWV0ZXJzLFxuICApOiBQcm9taXNlPHN0cmluZz4ge1xuICAgIGlmIChwZXJtaXNzaW9uc0JvdW5kYXJ5ICE9PSBDREtfQk9PVFNUUkFQX1BFUk1JU1NJT05TX0JPVU5EQVJZKSB7XG4gICAgICB0aGlzLnZhbGlkYXRlUG9saWN5TmFtZShwZXJtaXNzaW9uc0JvdW5kYXJ5KTtcbiAgICAgIHJldHVybiBQcm9taXNlLnJlc29sdmUocGVybWlzc2lvbnNCb3VuZGFyeSk7XG4gICAgfVxuICAgIC8vIGlmIG5vIFF1YWxpZmllciBpcyBzdXBwbGllZCwgcmVzb3J0IHRvIHRoZSBkZWZhdWx0IG9uZVxuICAgIGNvbnN0IGFybiA9IGF3YWl0IHRoaXMuZ2V0RXhhbXBsZVBlcm1pc3Npb25zQm91bmRhcnkoXG4gICAgICBwYXJhbXMucXVhbGlmaWVyID8/ICdobmI2NTlmZHMnLFxuICAgICAgcGFydGl0aW9uLFxuICAgICAgZW52aXJvbm1lbnQuYWNjb3VudCxcbiAgICAgIHNkayxcbiAgICApO1xuICAgIGNvbnN0IHBvbGljeU5hbWUgPSBhcm4uc3BsaXQoJy8nKS5wb3AoKTtcbiAgICBpZiAoIXBvbGljeU5hbWUpIHtcbiAgICAgIHRocm93IG5ldyBUb29sa2l0RXJyb3IoJ0NvdWxkIG5vdCByZXRyaWV2ZSB0aGUgZXhhbXBsZSBwZXJtaXNzaW9uIGJvdW5kYXJ5IScpO1xuICAgIH1cbiAgICByZXR1cm4gUHJvbWlzZS5yZXNvbHZlKHBvbGljeU5hbWUpO1xuICB9XG5cbiAgcHJpdmF0ZSBhc3luYyBnZXRFeGFtcGxlUGVybWlzc2lvbnNCb3VuZGFyeShcbiAgICBxdWFsaWZpZXI6IHN0cmluZyxcbiAgICBwYXJ0aXRpb246IHN0cmluZyxcbiAgICBhY2NvdW50OiBzdHJpbmcsXG4gICAgc2RrOiBTREssXG4gICk6IFByb21pc2U8c3RyaW5nPiB7XG4gICAgY29uc3QgaWFtID0gc2RrLmlhbSgpO1xuXG4gICAgbGV0IHBvbGljeU5hbWUgPSBgY2RrLSR7cXVhbGlmaWVyfS1wZXJtaXNzaW9ucy1ib3VuZGFyeWA7XG4gICAgY29uc3QgYXJuID0gYGFybjoke3BhcnRpdGlvbn06aWFtOjoke2FjY291bnR9OnBvbGljeS8ke3BvbGljeU5hbWV9YDtcblxuICAgIHRyeSB7XG4gICAgICBsZXQgZ2V0UG9saWN5UmVzcCA9IGF3YWl0IGlhbS5nZXRQb2xpY3koeyBQb2xpY3lBcm46IGFybiB9KTtcbiAgICAgIGlmIChnZXRQb2xpY3lSZXNwLlBvbGljeSkge1xuICAgICAgICByZXR1cm4gYXJuO1xuICAgICAgfVxuICAgIH0gY2F0Y2ggKGU6IGFueSkge1xuICAgICAgLy8gaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL0lBTS9sYXRlc3QvQVBJUmVmZXJlbmNlL0FQSV9HZXRQb2xpY3kuaHRtbCNBUElfR2V0UG9saWN5X0Vycm9yc1xuICAgICAgaWYgKGUubmFtZSA9PT0gJ05vU3VjaEVudGl0eScpIHtcbiAgICAgICAgLy8gbm9vcCwgcHJvY2VlZCB3aXRoIGNyZWF0aW5nIHRoZSBwb2xpY3lcbiAgICAgIH0gZWxzZSB7XG4gICAgICAgIHRocm93IGU7XG4gICAgICB9XG4gICAgfVxuXG4gICAgY29uc3QgcG9saWN5RG9jID0ge1xuICAgICAgVmVyc2lvbjogJzIwMTItMTAtMTcnLFxuICAgICAgU3RhdGVtZW50OiBbXG4gICAgICAgIHtcbiAgICAgICAgICBBY3Rpb246IFsnKiddLFxuICAgICAgICAgIFJlc291cmNlOiAnKicsXG4gICAgICAgICAgRWZmZWN0OiAnQWxsb3cnLFxuICAgICAgICAgIFNpZDogJ0V4cGxpY2l0QWxsb3dBbGwnLFxuICAgICAgICB9LFxuICAgICAgICB7XG4gICAgICAgICAgQ29uZGl0aW9uOiB7XG4gICAgICAgICAgICBTdHJpbmdFcXVhbHM6IHtcbiAgICAgICAgICAgICAgJ2lhbTpQZXJtaXNzaW9uc0JvdW5kYXJ5JzogYGFybjoke3BhcnRpdGlvbn06aWFtOjoke2FjY291bnR9OnBvbGljeS9jZGstJHtxdWFsaWZpZXJ9LXBlcm1pc3Npb25zLWJvdW5kYXJ5YCxcbiAgICAgICAgICAgIH0sXG4gICAgICAgICAgfSxcbiAgICAgICAgICBBY3Rpb246IFtcbiAgICAgICAgICAgICdpYW06Q3JlYXRlVXNlcicsXG4gICAgICAgICAgICAnaWFtOkNyZWF0ZVJvbGUnLFxuICAgICAgICAgICAgJ2lhbTpQdXRSb2xlUGVybWlzc2lvbnNCb3VuZGFyeScsXG4gICAgICAgICAgICAnaWFtOlB1dFVzZXJQZXJtaXNzaW9uc0JvdW5kYXJ5JyxcbiAgICAgICAgICBdLFxuICAgICAgICAgIFJlc291cmNlOiAnKicsXG4gICAgICAgICAgRWZmZWN0OiAnQWxsb3cnLFxuICAgICAgICAgIFNpZDogJ0RlbnlBY2Nlc3NJZlJlcXVpcmVkUGVybUJvdW5kYXJ5SXNOb3RCZWluZ0FwcGxpZWQnLFxuICAgICAgICB9LFxuICAgICAgICB7XG4gICAgICAgICAgQWN0aW9uOiBbXG4gICAgICAgICAgICAnaWFtOkNyZWF0ZVBvbGljeVZlcnNpb24nLFxuICAgICAgICAgICAgJ2lhbTpEZWxldGVQb2xpY3knLFxuICAgICAgICAgICAgJ2lhbTpEZWxldGVQb2xpY3lWZXJzaW9uJyxcbiAgICAgICAgICAgICdpYW06U2V0RGVmYXVsdFBvbGljeVZlcnNpb24nLFxuICAgICAgICAgIF0sXG4gICAgICAgICAgUmVzb3VyY2U6IGBhcm46JHtwYXJ0aXRpb259OmlhbTo6JHthY2NvdW50fTpwb2xpY3kvY2RrLSR7cXVhbGlmaWVyfS1wZXJtaXNzaW9ucy1ib3VuZGFyeWAsXG4gICAgICAgICAgRWZmZWN0OiAnRGVueScsXG4gICAgICAgICAgU2lkOiAnRGVueVBlcm1Cb3VuZGFyeUlBTVBvbGljeUFsdGVyYXRpb24nLFxuICAgICAgICB9LFxuICAgICAgICB7XG4gICAgICAgICAgQWN0aW9uOiBbJ2lhbTpEZWxldGVVc2VyUGVybWlzc2lvbnNCb3VuZGFyeScsICdpYW06RGVsZXRlUm9sZVBlcm1pc3Npb25zQm91bmRhcnknXSxcbiAgICAgICAgICBSZXNvdXJjZTogJyonLFxuICAgICAgICAgIEVmZmVjdDogJ0RlbnknLFxuICAgICAgICAgIFNpZDogJ0RlbnlSZW1vdmFsT2ZQZXJtQm91bmRhcnlGcm9tQW55VXNlck9yUm9sZScsXG4gICAgICAgIH0sXG4gICAgICBdLFxuICAgIH07XG4gICAgY29uc3QgcmVxdWVzdCA9IHtcbiAgICAgIFBvbGljeU5hbWU6IHBvbGljeU5hbWUsXG4gICAgICBQb2xpY3lEb2N1bWVudDogSlNPTi5zdHJpbmdpZnkocG9saWN5RG9jKSxcbiAgICB9O1xuICAgIGNvbnN0IGNyZWF0ZVBvbGljeVJlc3BvbnNlID0gYXdhaXQgaWFtLmNyZWF0ZVBvbGljeShyZXF1ZXN0KTtcbiAgICBpZiAoY3JlYXRlUG9saWN5UmVzcG9uc2UuUG9saWN5Py5Bcm4pIHtcbiAgICAgIHJldHVybiBjcmVhdGVQb2xpY3lSZXNwb25zZS5Qb2xpY3kuQXJuO1xuICAgIH0gZWxzZSB7XG4gICAgICB0aHJvdyBuZXcgVG9vbGtpdEVycm9yKGBDb3VsZCBub3QgcmV0cmlldmUgdGhlIGV4YW1wbGUgcGVybWlzc2lvbiBib3VuZGFyeSAke2Fybn0hYCk7XG4gICAgfVxuICB9XG5cbiAgcHJpdmF0ZSB2YWxpZGF0ZVBvbGljeU5hbWUocGVybWlzc2lvbnNCb3VuZGFyeTogc3RyaW5nKSB7XG4gICAgLy8gaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL0lBTS9sYXRlc3QvQVBJUmVmZXJlbmNlL0FQSV9DcmVhdGVQb2xpY3kuaHRtbFxuICAgIC8vIEFkZGVkIHN1cHBvcnQgZm9yIHBvbGljeSBuYW1lcyB3aXRoIGEgcGF0aFxuICAgIC8vIFNlZSBodHRwczovL2dpdGh1Yi5jb20vYXdzL2F3cy1jZGsvaXNzdWVzLzI2MzIwXG4gICAgY29uc3QgcmVnZXhwOiBSZWdFeHAgPSAvW1xcdytcXC89LC5ALV0rLztcbiAgICBjb25zdCBtYXRjaGVzID0gcmVnZXhwLmV4ZWMocGVybWlzc2lvbnNCb3VuZGFyeSk7XG4gICAgaWYgKCEobWF0Y2hlcyAmJiBtYXRjaGVzLmxlbmd0aCA9PT0gMSAmJiBtYXRjaGVzWzBdID09PSBwZXJtaXNzaW9uc0JvdW5kYXJ5KSkge1xuICAgICAgdGhyb3cgbmV3IFRvb2xraXRFcnJvcihgVGhlIHBlcm1pc3Npb25zIGJvdW5kYXJ5IG5hbWUgJHtwZXJtaXNzaW9uc0JvdW5kYXJ5fSBkb2VzIG5vdCBtYXRjaCB0aGUgSUFNIGNvbnZlbnRpb25zLmApO1xuICAgIH1cbiAgfVxuXG4gIHByaXZhdGUgYXN5bmMgY3VzdG9tQm9vdHN0cmFwKFxuICAgIGVudmlyb25tZW50OiBjeGFwaS5FbnZpcm9ubWVudCxcbiAgICBzZGtQcm92aWRlcjogU2RrUHJvdmlkZXIsXG4gICAgb3B0aW9uczogQm9vdHN0cmFwRW52aXJvbm1lbnRPcHRpb25zID0ge30sXG4gICk6IFByb21pc2U8U3VjY2Vzc2Z1bERlcGxveVN0YWNrUmVzdWx0PiB7XG4gICAgLy8gTG9vayBhdCB0aGUgdGVtcGxhdGUsIGRlY2lkZSB3aGV0aGVyIGl0J3MgbW9zdCBsaWtlbHkgYSBsZWdhY3kgb3IgbW9kZXJuIGJvb3RzdHJhcFxuICAgIC8vIHRlbXBsYXRlLCBhbmQgdXNlIHRoZSByaWdodCBib290c3RyYXBwZXIgZm9yIHRoYXQuXG4gICAgY29uc3QgdmVyc2lvbiA9IGJvb3RzdHJhcFZlcnNpb25Gcm9tVGVtcGxhdGUoYXdhaXQgdGhpcy5sb2FkVGVtcGxhdGUoKSk7XG4gICAgaWYgKHZlcnNpb24gPT09IDApIHtcbiAgICAgIHJldHVybiB0aGlzLmxlZ2FjeUJvb3RzdHJhcChlbnZpcm9ubWVudCwgc2RrUHJvdmlkZXIsIG9wdGlvbnMpO1xuICAgIH0gZWxzZSB7XG4gICAgICByZXR1cm4gdGhpcy5tb2Rlcm5Cb290c3RyYXAoZW52aXJvbm1lbnQsIHNka1Byb3ZpZGVyLCBvcHRpb25zKTtcbiAgICB9XG4gIH1cblxuICBwcml2YXRlIGFzeW5jIGxvYWRUZW1wbGF0ZShwYXJhbXM6IEJvb3RzdHJhcHBpbmdQYXJhbWV0ZXJzID0ge30pOiBQcm9taXNlPGFueT4ge1xuICAgIHN3aXRjaCAodGhpcy5zb3VyY2Uuc291cmNlKSB7XG4gICAgICBjYXNlICdjdXN0b20nOlxuICAgICAgICByZXR1cm4gbG9hZFN0cnVjdHVyZWRGaWxlKHRoaXMuc291cmNlLnRlbXBsYXRlRmlsZSk7XG4gICAgICBjYXNlICdkZWZhdWx0JzpcbiAgICAgICAgcmV0dXJuIGxvYWRTdHJ1Y3R1cmVkRmlsZShwYXRoLmpvaW4oYnVuZGxlZFBhY2thZ2VSb290RGlyKF9fZGlybmFtZSksICdsaWInLCAnYXBpJywgJ2Jvb3RzdHJhcCcsICdib290c3RyYXAtdGVtcGxhdGUueWFtbCcpKTtcbiAgICAgIGNhc2UgJ2xlZ2FjeSc6XG4gICAgICAgIHJldHVybiBsZWdhY3lCb290c3RyYXBUZW1wbGF0ZShwYXJhbXMpO1xuICAgIH1cbiAgfVxufVxuXG4vKipcbiAqIE1hZ2ljIHBhcmFtZXRlciB2YWx1ZSB0aGF0IHdpbGwgY2F1c2UgdGhlIGJvb3RzdHJhcC10ZW1wbGF0ZS55bWwgdG8gTk9UIGNyZWF0ZSBhIENNSyBidXQgdXNlIHRoZSBkZWZhdWx0IGtleVxuICovXG5jb25zdCBVU0VfQVdTX01BTkFHRURfS0VZID0gJ0FXU19NQU5BR0VEX0tFWSc7XG5cbi8qKlxuICogTWFnaWMgcGFyYW1ldGVyIHZhbHVlIHRoYXQgd2lsbCBjYXVzZSB0aGUgYm9vdHN0cmFwLXRlbXBsYXRlLnltbCB0byBjcmVhdGUgYSBDTUtcbiAqL1xuY29uc3QgQ1JFQVRFX05FV19LRVkgPSAnJztcbi8qKlxuICogUGFyYW1ldGVyIHZhbHVlIGluZGljYXRpbmcgdGhlIHVzZSBvZiB0aGUgZGVmYXVsdCwgQ0RLIHByb3ZpZGVkIHBlcm1pc3Npb25zIGJvdW5kYXJ5IGZvciBib290c3RyYXAtdGVtcGxhdGUueW1sXG4gKi9cbmNvbnN0IENES19CT09UU1RSQVBfUEVSTUlTU0lPTlNfQk9VTkRBUlkgPSAnQ0RLX0JPT1RTVFJBUF9QRVJNSVNTSU9OU19CT1VOREFSWSc7XG5cbi8qKlxuICogU3BsaXQgYW4gYXJyYXktbGlrZSBDbG91ZEZvcm1hdGlvbiBwYXJhbWV0ZXIgb24gLFxuICpcbiAqIEFuIGVtcHR5IHN0cmluZyBpcyB0aGUgZW1wdHkgYXJyYXkgKGluc3RlYWQgb2YgYFsnJ11gKS5cbiAqL1xuZnVuY3Rpb24gc3BsaXRDZm5BcnJheSh4czogc3RyaW5nIHwgdW5kZWZpbmVkKTogc3RyaW5nW10ge1xuICBpZiAoeHMgPT09ICcnIHx8IHhzID09PSB1bmRlZmluZWQpIHtcbiAgICByZXR1cm4gW107XG4gIH1cbiAgcmV0dXJuIHhzLnNwbGl0KCcsJyk7XG59XG5cbmZ1bmN0aW9uIGludGVyc2VjdGlvbjxBPih4czogU2V0PEE+LCB5czogU2V0PEE+KTogU2V0PEE+IHtcbiAgcmV0dXJuIG5ldyBTZXQ8QT4oQXJyYXkuZnJvbSh4cykuZmlsdGVyKHggPT4geXMuaGFzKHgpKSk7XG59XG4iXX0=

package/lib/api/bootstrap/bootstrap-props.d.ts

@@ -0,0 +1,130 @@
+import type { BootstrapSource } from './bootstrap-environment';
+import type { StringWithoutPlaceholders } from '../environment';
+import type { Tag } from '../tags';
+export declare const BUCKET_NAME_OUTPUT = "BucketName";
+export declare const REPOSITORY_NAME_OUTPUT = "ImageRepositoryName";
+export declare const BUCKET_DOMAIN_NAME_OUTPUT = "BucketDomainName";
+export declare const BOOTSTRAP_VERSION_OUTPUT = "BootstrapVersion";
+export declare const BOOTSTRAP_VERSION_RESOURCE = "CdkBootstrapVersion";
+export declare const BOOTSTRAP_VARIANT_PARAMETER = "BootstrapVariant";
+/**
+ * The assumed vendor of a template in case it is not set
+ */
+export declare const DEFAULT_BOOTSTRAP_VARIANT = "AWS CDK: Default Resources";
+/**
+ * Options for the bootstrapEnvironment operation(s)
+ */
+export interface BootstrapEnvironmentOptions {
+    readonly toolkitStackName?: string;
+    readonly roleArn?: StringWithoutPlaceholders;
+    readonly parameters?: BootstrappingParameters;
+    readonly forceDeployment?: boolean;
+    /**
+     * The source of the bootstrap stack
+     *
+     * @default - modern v2-style bootstrapping
+     */
+    readonly source?: BootstrapSource;
+    /**
+     * Whether to execute the changeset or only create it and leave it in review.
+     * @default true
+     */
+    readonly execute?: boolean;
+    /**
+     * Tags for cdktoolkit stack.
+     *
+     * @default - None.
+     */
+    readonly tags?: Tag[];
+    /**
+     * Whether the stacks created by the bootstrap process should be protected from termination.
+     * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-protect-stacks.html
+     * @default true
+     */
+    readonly terminationProtection?: boolean;
+    /**
+     * Use previous values for unspecified parameters
+     *
+     * If not set, all parameters must be specified for every deployment.
+     *
+     * @default true
+     */
+    usePreviousParameters?: boolean;
+}
+/**
+ * Parameters for the bootstrapping template
+ */
+export interface BootstrappingParameters {
+    /**
+     * The name to be given to the CDK Bootstrap bucket.
+     *
+     * @default - a name is generated by CloudFormation.
+     */
+    readonly bucketName?: string;
+    /**
+     * The ID of an existing KMS key to be used for encrypting items in the bucket.
+     *
+     * @default - use the default KMS key or create a custom one
+     */
+    readonly kmsKeyId?: string;
+    /**
+     * Whether or not to create a new customer master key (CMK)
+     *
+     * Only applies to modern bootstrapping. Legacy bootstrapping will never create
+     * a CMK, only use the default S3 key.
+     *
+     * @default false
+     */
+    readonly createCustomerMasterKey?: boolean;
+    /**
+     * The list of AWS account IDs that are trusted to deploy into the environment being bootstrapped.
+     *
+     * @default - only the bootstrapped account can deploy into this environment
+     */
+    readonly trustedAccounts?: string[];
+    /**
+     * The list of AWS account IDs that are trusted to look up values in the environment being bootstrapped.
+     *
+     * @default - only the bootstrapped account can look up values in this environment
+     */
+    readonly trustedAccountsForLookup?: string[];
+    /**
+     * The list of AWS account IDs that should not be trusted by the bootstrapped environment.
+     * If these accounts are already trusted, they will be removed on bootstrapping.
+     *
+     * @default - no account will be untrusted.
+     */
+    readonly untrustedAccounts?: string[];
+    /**
+     * The ARNs of the IAM managed policies that should be attached to the role performing CloudFormation deployments.
+     * In most cases, this will be the AdministratorAccess policy.
+     * At least one policy is required if `trustedAccounts` were passed.
+     *
+     * @default - the role will have no policies attached
+     */
+    readonly cloudFormationExecutionPolicies?: string[];
+    /**
+     * Identifier to distinguish multiple bootstrapped environments
+     *
+     * @default - Default qualifier
+     */
+    readonly qualifier?: string;
+    /**
+     * Whether or not to enable S3 Staging Bucket Public Access Block Configuration
+     *
+     * @default true
+     */
+    readonly publicAccessBlockConfiguration?: boolean;
+    /**
+     * Flag for using the default permissions boundary for bootstrapping
+     *
+     * @default - No value, optional argument
+     */
+    readonly examplePermissionsBoundary?: boolean;
+    /**
+     * Name for the customer's custom permissions boundary for bootstrapping
+     *
+     * @default - No value, optional argument
+     */
+    readonly customPermissionsBoundary?: string;
+}

package/lib/api/bootstrap/bootstrap-props.js

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DEFAULT_BOOTSTRAP_VARIANT = exports.BOOTSTRAP_VARIANT_PARAMETER = exports.BOOTSTRAP_VERSION_RESOURCE = exports.BOOTSTRAP_VERSION_OUTPUT = exports.BUCKET_DOMAIN_NAME_OUTPUT = exports.REPOSITORY_NAME_OUTPUT = exports.BUCKET_NAME_OUTPUT = void 0;
+exports.BUCKET_NAME_OUTPUT = 'BucketName';
+exports.REPOSITORY_NAME_OUTPUT = 'ImageRepositoryName';
+exports.BUCKET_DOMAIN_NAME_OUTPUT = 'BucketDomainName';
+exports.BOOTSTRAP_VERSION_OUTPUT = 'BootstrapVersion';
+exports.BOOTSTRAP_VERSION_RESOURCE = 'CdkBootstrapVersion';
+exports.BOOTSTRAP_VARIANT_PARAMETER = 'BootstrapVariant';
+/**
+ * The assumed vendor of a template in case it is not set
+ */
+exports.DEFAULT_BOOTSTRAP_VARIANT = 'AWS CDK: Default Resources';
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYm9vdHN0cmFwLXByb3BzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiYm9vdHN0cmFwLXByb3BzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUlhLFFBQUEsa0JBQWtCLEdBQUcsWUFBWSxDQUFDO0FBQ2xDLFFBQUEsc0JBQXNCLEdBQUcscUJBQXFCLENBQUM7QUFDL0MsUUFBQSx5QkFBeUIsR0FBRyxrQkFBa0IsQ0FBQztBQUMvQyxRQUFBLHdCQUF3QixHQUFHLGtCQUFrQixDQUFDO0FBQzlDLFFBQUEsMEJBQTBCLEdBQUcscUJBQXFCLENBQUM7QUFDbkQsUUFBQSwyQkFBMkIsR0FBRyxrQkFBa0IsQ0FBQztBQUU5RDs7R0FFRztBQUNVLFFBQUEseUJBQXlCLEdBQUcsNEJBQTRCLENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgdHlwZSB7IEJvb3RzdHJhcFNvdXJjZSB9IGZyb20gJy4vYm9vdHN0cmFwLWVudmlyb25tZW50JztcbmltcG9ydCB0eXBlIHsgU3RyaW5nV2l0aG91dFBsYWNlaG9sZGVycyB9IGZyb20gJy4uL2Vudmlyb25tZW50JztcbmltcG9ydCB0eXBlIHsgVGFnIH0gZnJvbSAnLi4vdGFncyc7XG5cbmV4cG9ydCBjb25zdCBCVUNLRVRfTkFNRV9PVVRQVVQgPSAnQnVja2V0TmFtZSc7XG5leHBvcnQgY29uc3QgUkVQT1NJVE9SWV9OQU1FX09VVFBVVCA9ICdJbWFnZVJlcG9zaXRvcnlOYW1lJztcbmV4cG9ydCBjb25zdCBCVUNLRVRfRE9NQUlOX05BTUVfT1VUUFVUID0gJ0J1Y2tldERvbWFpbk5hbWUnO1xuZXhwb3J0IGNvbnN0IEJPT1RTVFJBUF9WRVJTSU9OX09VVFBVVCA9ICdCb290c3RyYXBWZXJzaW9uJztcbmV4cG9ydCBjb25zdCBCT09UU1RSQVBfVkVSU0lPTl9SRVNPVVJDRSA9ICdDZGtCb290c3RyYXBWZXJzaW9uJztcbmV4cG9ydCBjb25zdCBCT09UU1RSQVBfVkFSSUFOVF9QQVJBTUVURVIgPSAnQm9vdHN0cmFwVmFyaWFudCc7XG5cbi8qKlxuICogVGhlIGFzc3VtZWQgdmVuZG9yIG9mIGEgdGVtcGxhdGUgaW4gY2FzZSBpdCBpcyBub3Qgc2V0XG4gKi9cbmV4cG9ydCBjb25zdCBERUZBVUxUX0JPT1RTVFJBUF9WQVJJQU5UID0gJ0FXUyBDREs6IERlZmF1bHQgUmVzb3VyY2VzJztcblxuLyoqXG4gKiBPcHRpb25zIGZvciB0aGUgYm9vdHN0cmFwRW52aXJvbm1lbnQgb3BlcmF0aW9uKHMpXG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgQm9vdHN0cmFwRW52aXJvbm1lbnRPcHRpb25zIHtcbiAgcmVhZG9ubHkgdG9vbGtpdFN0YWNrTmFtZT86IHN0cmluZztcbiAgcmVhZG9ubHkgcm9sZUFybj86IFN0cmluZ1dpdGhvdXRQbGFjZWhvbGRlcnM7XG4gIHJlYWRvbmx5IHBhcmFtZXRlcnM/OiBCb290c3RyYXBwaW5nUGFyYW1ldGVycztcbiAgcmVhZG9ubHkgZm9yY2VEZXBsb3ltZW50PzogYm9vbGVhbjtcblxuICAvKipcbiAgICogVGhlIHNvdXJjZSBvZiB0aGUgYm9vdHN0cmFwIHN0YWNrXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gbW9kZXJuIHYyLXN0eWxlIGJvb3RzdHJhcHBpbmdcbiAgICovXG4gIHJlYWRvbmx5IHNvdXJjZT86IEJvb3RzdHJhcFNvdXJjZTtcblxuICAvKipcbiAgICogV2hldGhlciB0byBleGVjdXRlIHRoZSBjaGFuZ2VzZXQgb3Igb25seSBjcmVhdGUgaXQgYW5kIGxlYXZlIGl0IGluIHJldmlldy5cbiAgICogQGRlZmF1bHQgdHJ1ZVxuICAgKi9cbiAgcmVhZG9ubHkgZXhlY3V0ZT86IGJvb2xlYW47XG5cbiAgLyoqXG4gICAqIFRhZ3MgZm9yIGNka3Rvb2xraXQgc3RhY2suXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gTm9uZS5cbiAgICovXG4gIHJlYWRvbmx5IHRhZ3M/OiBUYWdbXTtcblxuICAvKipcbiAgICogV2hldGhlciB0aGUgc3RhY2tzIGNyZWF0ZWQgYnkgdGhlIGJvb3RzdHJhcCBwcm9jZXNzIHNob3VsZCBiZSBwcm90ZWN0ZWQgZnJvbSB0ZXJtaW5hdGlvbi5cbiAgICogQHNlZSBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vQVdTQ2xvdWRGb3JtYXRpb24vbGF0ZXN0L1VzZXJHdWlkZS91c2luZy1jZm4tcHJvdGVjdC1zdGFja3MuaHRtbFxuICAgKiBAZGVmYXVsdCB0cnVlXG4gICAqL1xuICByZWFkb25seSB0ZXJtaW5hdGlvblByb3RlY3Rpb24/OiBib29sZWFuO1xuXG4gIC8qKlxuICAgKiBVc2UgcHJldmlvdXMgdmFsdWVzIGZvciB1bnNwZWNpZmllZCBwYXJhbWV0ZXJzXG4gICAqXG4gICAqIElmIG5vdCBzZXQsIGFsbCBwYXJhbWV0ZXJzIG11c3QgYmUgc3BlY2lmaWVkIGZvciBldmVyeSBkZXBsb3ltZW50LlxuICAgKlxuICAgKiBAZGVmYXVsdCB0cnVlXG4gICAqL1xuICB1c2VQcmV2aW91c1BhcmFtZXRlcnM/OiBib29sZWFuO1xufVxuXG4vKipcbiAqIFBhcmFtZXRlcnMgZm9yIHRoZSBib290c3RyYXBwaW5nIHRlbXBsYXRlXG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgQm9vdHN0cmFwcGluZ1BhcmFtZXRlcnMge1xuICAvKipcbiAgICogVGhlIG5hbWUgdG8gYmUgZ2l2ZW4gdG8gdGhlIENESyBCb290c3RyYXAgYnVja2V0LlxuICAgKlxuICAgKiBAZGVmYXVsdCAtIGEgbmFtZSBpcyBnZW5lcmF0ZWQgYnkgQ2xvdWRGb3JtYXRpb24uXG4gICAqL1xuICByZWFkb25seSBidWNrZXROYW1lPzogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBUaGUgSUQgb2YgYW4gZXhpc3RpbmcgS01TIGtleSB0byBiZSB1c2VkIGZvciBlbmNyeXB0aW5nIGl0ZW1zIGluIHRoZSBidWNrZXQuXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gdXNlIHRoZSBkZWZhdWx0IEtNUyBrZXkgb3IgY3JlYXRlIGEgY3VzdG9tIG9uZVxuICAgKi9cbiAgcmVhZG9ubHkga21zS2V5SWQ/OiBzdHJpbmc7XG5cbiAgLyoqXG4gICAqIFdoZXRoZXIgb3Igbm90IHRvIGNyZWF0ZSBhIG5ldyBjdXN0b21lciBtYXN0ZXIga2V5IChDTUspXG4gICAqXG4gICAqIE9ubHkgYXBwbGllcyB0byBtb2Rlcm4gYm9vdHN0cmFwcGluZy4gTGVnYWN5IGJvb3RzdHJhcHBpbmcgd2lsbCBuZXZlciBjcmVhdGVcbiAgICogYSBDTUssIG9ubHkgdXNlIHRoZSBkZWZhdWx0IFMzIGtleS5cbiAgICpcbiAgICogQGRlZmF1bHQgZmFsc2VcbiAgICovXG4gIHJlYWRvbmx5IGNyZWF0ZUN1c3RvbWVyTWFzdGVyS2V5PzogYm9vbGVhbjtcblxuICAvKipcbiAgICogVGhlIGxpc3Qgb2YgQVdTIGFjY291bnQgSURzIHRoYXQgYXJlIHRydXN0ZWQgdG8gZGVwbG95IGludG8gdGhlIGVudmlyb25tZW50IGJlaW5nIGJvb3RzdHJhcHBlZC5cbiAgICpcbiAgICogQGRlZmF1bHQgLSBvbmx5IHRoZSBib290c3RyYXBwZWQgYWNjb3VudCBjYW4gZGVwbG95IGludG8gdGhpcyBlbnZpcm9ubWVudFxuICAgKi9cbiAgcmVhZG9ubHkgdHJ1c3RlZEFjY291bnRzPzogc3RyaW5nW107XG5cbiAgLyoqXG4gICAqIFRoZSBsaXN0IG9mIEFXUyBhY2NvdW50IElEcyB0aGF0IGFyZSB0cnVzdGVkIHRvIGxvb2sgdXAgdmFsdWVzIGluIHRoZSBlbnZpcm9ubWVudCBiZWluZyBib290c3RyYXBwZWQuXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gb25seSB0aGUgYm9vdHN0cmFwcGVkIGFjY291bnQgY2FuIGxvb2sgdXAgdmFsdWVzIGluIHRoaXMgZW52aXJvbm1lbnRcbiAgICovXG4gIHJlYWRvbmx5IHRydXN0ZWRBY2NvdW50c0Zvckxvb2t1cD86IHN0cmluZ1tdO1xuXG4gIC8qKlxuICAgKiBUaGUgbGlzdCBvZiBBV1MgYWNjb3VudCBJRHMgdGhhdCBzaG91bGQgbm90IGJlIHRydXN0ZWQgYnkgdGhlIGJvb3RzdHJhcHBlZCBlbnZpcm9ubWVudC5cbiAgICogSWYgdGhlc2UgYWNjb3VudHMgYXJlIGFscmVhZHkgdHJ1c3RlZCwgdGhleSB3aWxsIGJlIHJlbW92ZWQgb24gYm9vdHN0cmFwcGluZy5cbiAgICpcbiAgICogQGRlZmF1bHQgLSBubyBhY2NvdW50IHdpbGwgYmUgdW50cnVzdGVkLlxuICAgKi9cbiAgcmVhZG9ubHkgdW50cnVzdGVkQWNjb3VudHM/OiBzdHJpbmdbXTtcblxuICAvKipcbiAgICogVGhlIEFSTnMgb2YgdGhlIElBTSBtYW5hZ2VkIHBvbGljaWVzIHRoYXQgc2hvdWxkIGJlIGF0dGFjaGVkIHRvIHRoZSByb2xlIHBlcmZvcm1pbmcgQ2xvdWRGb3JtYXRpb24gZGVwbG95bWVudHMuXG4gICAqIEluIG1vc3QgY2FzZXMsIHRoaXMgd2lsbCBiZSB0aGUgQWRtaW5pc3RyYXRvckFjY2VzcyBwb2xpY3kuXG4gICAqIEF0IGxlYXN0IG9uZSBwb2xpY3kgaXMgcmVxdWlyZWQgaWYgYHRydXN0ZWRBY2NvdW50c2Agd2VyZSBwYXNzZWQuXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gdGhlIHJvbGUgd2lsbCBoYXZlIG5vIHBvbGljaWVzIGF0dGFjaGVkXG4gICAqL1xuICByZWFkb25seSBjbG91ZEZvcm1hdGlvbkV4ZWN1dGlvblBvbGljaWVzPzogc3RyaW5nW107XG5cbiAgLyoqXG4gICAqIElkZW50aWZpZXIgdG8gZGlzdGluZ3Vpc2ggbXVsdGlwbGUgYm9vdHN0cmFwcGVkIGVudmlyb25tZW50c1xuICAgKlxuICAgKiBAZGVmYXVsdCAtIERlZmF1bHQgcXVhbGlmaWVyXG4gICAqL1xuICByZWFkb25seSBxdWFsaWZpZXI/OiBzdHJpbmc7XG5cbiAgLyoqXG4gICAqIFdoZXRoZXIgb3Igbm90IHRvIGVuYWJsZSBTMyBTdGFnaW5nIEJ1Y2tldCBQdWJsaWMgQWNjZXNzIEJsb2NrIENvbmZpZ3VyYXRpb25cbiAgICpcbiAgICogQGRlZmF1bHQgdHJ1ZVxuICAgKi9cbiAgcmVhZG9ubHkgcHVibGljQWNjZXNzQmxvY2tDb25maWd1cmF0aW9uPzogYm9vbGVhbjtcblxuICAvKipcbiAgICogRmxhZyBmb3IgdXNpbmcgdGhlIGRlZmF1bHQgcGVybWlzc2lvbnMgYm91bmRhcnkgZm9yIGJvb3RzdHJhcHBpbmdcbiAgICpcbiAgICogQGRlZmF1bHQgLSBObyB2YWx1ZSwgb3B0aW9uYWwgYXJndW1lbnRcbiAgICovXG4gIHJlYWRvbmx5IGV4YW1wbGVQZXJtaXNzaW9uc0JvdW5kYXJ5PzogYm9vbGVhbjtcblxuICAvKipcbiAgICogTmFtZSBmb3IgdGhlIGN1c3RvbWVyJ3MgY3VzdG9tIHBlcm1pc3Npb25zIGJvdW5kYXJ5IGZvciBib290c3RyYXBwaW5nXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gTm8gdmFsdWUsIG9wdGlvbmFsIGFyZ3VtZW50XG4gICAqL1xuICByZWFkb25seSBjdXN0b21QZXJtaXNzaW9uc0JvdW5kYXJ5Pzogc3RyaW5nO1xufVxuIl19

package/lib/api/bootstrap/deploy-bootstrap.d.ts

@@ -0,0 +1,39 @@
+import type { Environment } from '@aws-cdk/cx-api';
+import type { BootstrapEnvironmentOptions } from './bootstrap-props';
+import type { SDK, SdkProvider } from '../aws-auth/private';
+import type { SuccessfulDeployStackResult } from '../deployments';
+import { type IoHelper } from '../io/private';
+import { ToolkitInfo } from '../toolkit-info';
+/**
+ * A class to hold state around stack bootstrapping
+ *
+ * This class exists so we can break bootstrapping into 2 phases:
+ *
+ * ```ts
+ * const current = BootstrapStack.lookup(...);
+ * // ...
+ * current.update(newTemplate, ...);
+ * ```
+ *
+ * And do something in between the two phases (such as look at the
+ * current bootstrap stack and doing something intelligent).
+ */
+export declare class BootstrapStack {
+    private readonly sdkProvider;
+    private readonly sdk;
+    private readonly resolvedEnvironment;
+    private readonly toolkitStackName;
+    private readonly currentToolkitInfo;
+    private readonly ioHelper;
+    static lookup(sdkProvider: SdkProvider, environment: Environment, toolkitStackName: string, ioHelper: IoHelper): Promise<BootstrapStack>;
+    protected constructor(sdkProvider: SdkProvider, sdk: SDK, resolvedEnvironment: Environment, toolkitStackName: string, currentToolkitInfo: ToolkitInfo, ioHelper: IoHelper);
+    get parameters(): Record<string, string>;
+    get terminationProtection(): boolean | undefined;
+    partition(): Promise<string>;
+    /**
+     * Perform the actual deployment of a bootstrap stack, given a template and some parameters
+     */
+    update(template: any, parameters: Record<string, string | undefined>, options: Omit<BootstrapEnvironmentOptions, 'parameters'>): Promise<SuccessfulDeployStackResult>;
+}
+export declare function bootstrapVersionFromTemplate(template: any): number;
+export declare function bootstrapVariantFromTemplate(template: any): string;