@aws-cdk/toolkit-lib 0.3.2 → 0.3.3

package/lib/api/environment/environment-access.js

@@ -0,0 +1,205 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EnvironmentAccess = void 0;
+const toolkit_error_1 = require("../toolkit-error");
+const environment_resources_1 = require("./environment-resources");
+const placeholders_1 = require("./placeholders");
+const util_1 = require("../../util");
+const private_1 = require("../io/private");
+const plugin_1 = require("../plugin");
+/**
+ * Access particular AWS resources, based on information from the CX manifest
+ *
+ * It is not possible to grab direct access to AWS credentials; 9 times out of 10
+ * we have to allow for role assumption, and role assumption can only work if
+ * there is a CX Manifest that contains a role ARN.
+ *
+ * This class exists so new code isn't tempted to go and get SDK credentials directly.
+ */
+class EnvironmentAccess {
+    sdkProvider;
+    sdkCache = new Map();
+    environmentResources;
+    ioHelper;
+    constructor(sdkProvider, toolkitStackName, ioHelper) {
+        this.sdkProvider = sdkProvider;
+        this.environmentResources = new environment_resources_1.EnvironmentResourcesRegistry(toolkitStackName);
+        this.ioHelper = ioHelper;
+    }
+    /**
+     * Resolves the environment for a stack.
+     */
+    async resolveStackEnvironment(stack) {
+        return this.sdkProvider.resolveEnvironment(stack.environment);
+    }
+    /**
+     * Get an SDK to access the given stack's environment for stack operations
+     *
+     * Will ask plugins for readonly credentials if available, use the default
+     * AWS credentials if not.
+     *
+     * Will assume the deploy role if configured on the stack. Check the default `deploy-role`
+     * policies to see what you can do with this role.
+     */
+    async accessStackForReadOnlyStackOperations(stack) {
+        return this.accessStackForStackOperations(stack, plugin_1.Mode.ForReading);
+    }
+    /**
+     * Get an SDK to access the given stack's environment for stack operations
+     *
+     * Will ask plugins for mutating credentials if available, use the default AWS
+     * credentials if not.  The `mode` parameter is only used for querying
+     * plugins.
+     *
+     * Will assume the deploy role if configured on the stack. Check the default `deploy-role`
+     * policies to see what you can do with this role.
+     */
+    async accessStackForMutableStackOperations(stack) {
+        return this.accessStackForStackOperations(stack, plugin_1.Mode.ForWriting);
+    }
+    /**
+     * Get an SDK to access the given stack's environment for environmental lookups
+     *
+     * Will use a plugin if available, use the default AWS credentials if not.
+     * The `mode` parameter is only used for querying plugins.
+     *
+     * Will assume the lookup role if configured on the stack. Check the default `lookup-role`
+     * policies to see what you can do with this role. It can generally read everything
+     * in the account that does not require KMS access.
+     *
+     * ---
+     *
+     * For backwards compatibility reasons, there are some scenarios that are handled here:
+     *
+     *  1. The lookup role may not exist (it was added in bootstrap stack version 7). If so:
+     *     a. Return the default credentials if the default credentials are for the stack account
+     *        (you will notice this as `isFallbackCredentials=true`).
+     *     b. Throw an error if the default credentials are not for the stack account.
+     *
+     *  2. The lookup role may not have the correct permissions (for example, ReadOnlyAccess was added in
+     *     bootstrap stack version 8); the stack will have a minimum version number on it.
+     *     a. If it does not we throw an error which should be handled in the calling
+     *        function (and fallback to use a different role, etc)
+     *
+     * Upon success, caller will have an SDK for the right account, which may or may not have
+     * the right permissions.
+     */
+    async accessStackForLookup(stack) {
+        if (!stack.environment) {
+            throw new toolkit_error_1.ToolkitError(`The stack ${stack.displayName} does not have an environment`);
+        }
+        const lookupEnv = await this.prepareSdk({
+            environment: stack.environment,
+            mode: plugin_1.Mode.ForReading,
+            assumeRoleArn: stack.lookupRole?.arn,
+            assumeRoleExternalId: stack.lookupRole?.assumeRoleExternalId,
+            assumeRoleAdditionalOptions: stack.lookupRole?.assumeRoleAdditionalOptions,
+        });
+        // if we succeed in assuming the lookup role, make sure we have the correct bootstrap stack version
+        if (lookupEnv.didAssumeRole && stack.lookupRole?.bootstrapStackVersionSsmParameter && stack.lookupRole.requiresBootstrapStackVersion) {
+            const version = await lookupEnv.resources.versionFromSsmParameter(stack.lookupRole.bootstrapStackVersionSsmParameter);
+            if (version < stack.lookupRole.requiresBootstrapStackVersion) {
+                throw new toolkit_error_1.ToolkitError(`Bootstrap stack version '${stack.lookupRole.requiresBootstrapStackVersion}' is required, found version '${version}'. To get rid of this error, please upgrade to bootstrap version >= ${stack.lookupRole.requiresBootstrapStackVersion}`);
+            }
+        }
+        if (lookupEnv.isFallbackCredentials) {
+            const arn = await lookupEnv.replacePlaceholders(stack.lookupRole?.arn);
+            await this.ioHelper.notify(private_1.IO.DEFAULT_TOOLKIT_WARN.msg(`Lookup role ${arn} was not assumed. Proceeding with default credentials.`));
+        }
+        return lookupEnv;
+    }
+    /**
+     * Get an SDK to access the given stack's environment for reading stack attributes
+     *
+     * Will use a plugin if available, use the default AWS credentials if not.
+     * The `mode` parameter is only used for querying plugins.
+     *
+     * Will try to assume the lookup role if given, will use the regular stack operations
+     * access (deploy-role) otherwise. When calling this, you should assume that you will get
+     * the least privileged role, so don't try to use it for anything the `deploy-role`
+     * wouldn't be able to do. Also you cannot rely on being able to read encrypted anything.
+     */
+    async accessStackForLookupBestEffort(stack) {
+        if (!stack.environment) {
+            throw new toolkit_error_1.ToolkitError(`The stack ${stack.displayName} does not have an environment`);
+        }
+        try {
+            return await this.accessStackForLookup(stack);
+        }
+        catch (e) {
+            await this.ioHelper.notify(private_1.IO.DEFAULT_TOOLKIT_WARN.msg(`${(0, util_1.formatErrorMessage)(e)}`));
+        }
+        return this.accessStackForStackOperations(stack, plugin_1.Mode.ForReading);
+    }
+    /**
+     * Get an SDK to access the given stack's environment for stack operations
+     *
+     * Will use a plugin if available, use the default AWS credentials if not.
+     * The `mode` parameter is only used for querying plugins.
+     *
+     * Will assume the deploy role if configured on the stack. Check the default `deploy-role`
+     * policies to see what you can do with this role.
+     */
+    async accessStackForStackOperations(stack, mode) {
+        if (!stack.environment) {
+            throw new toolkit_error_1.ToolkitError(`The stack ${stack.displayName} does not have an environment`);
+        }
+        return this.prepareSdk({
+            environment: stack.environment,
+            mode,
+            assumeRoleArn: stack.assumeRoleArn,
+            assumeRoleExternalId: stack.assumeRoleExternalId,
+            assumeRoleAdditionalOptions: stack.assumeRoleAdditionalOptions,
+        });
+    }
+    /**
+     * Prepare an SDK for use in the given environment and optionally with a role assumed.
+     */
+    async prepareSdk(options) {
+        const resolvedEnvironment = await this.sdkProvider.resolveEnvironment(options.environment);
+        // Substitute any placeholders with information about the current environment
+        const { assumeRoleArn } = await (0, placeholders_1.replaceEnvPlaceholders)({
+            assumeRoleArn: options.assumeRoleArn,
+        }, resolvedEnvironment, this.sdkProvider);
+        const stackSdk = await this.cachedSdkForEnvironment(resolvedEnvironment, options.mode, {
+            assumeRoleArn,
+            assumeRoleExternalId: options.assumeRoleExternalId,
+            assumeRoleAdditionalOptions: options.assumeRoleAdditionalOptions,
+        });
+        return {
+            sdk: stackSdk.sdk,
+            resolvedEnvironment,
+            resources: this.environmentResources.for(resolvedEnvironment, stackSdk.sdk, this.ioHelper),
+            // If we asked for a role, did not successfully assume it, and yet got here without an exception: that
+            // means we must have fallback credentials.
+            isFallbackCredentials: !stackSdk.didAssumeRole && !!assumeRoleArn,
+            didAssumeRole: stackSdk.didAssumeRole,
+            replacePlaceholders: async (str) => {
+                const ret = await (0, placeholders_1.replaceEnvPlaceholders)({ str }, resolvedEnvironment, this.sdkProvider);
+                return ret.str;
+            },
+        };
+    }
+    async cachedSdkForEnvironment(environment, mode, options) {
+        const cacheKeyElements = [
+            environment.account,
+            environment.region,
+            `${mode}`,
+            options?.assumeRoleArn ?? '',
+            options?.assumeRoleExternalId ?? '',
+        ];
+        if (options?.assumeRoleAdditionalOptions) {
+            cacheKeyElements.push(JSON.stringify(options.assumeRoleAdditionalOptions));
+        }
+        const cacheKey = cacheKeyElements.join(':');
+        const existing = this.sdkCache.get(cacheKey);
+        if (existing) {
+            return existing;
+        }
+        const ret = await this.sdkProvider.forEnvironment(environment, mode, options);
+        this.sdkCache.set(cacheKey, ret);
+        return ret;
+    }
+}
+exports.EnvironmentAccess = EnvironmentAccess;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZW52aXJvbm1lbnQtYWNjZXNzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiZW52aXJvbm1lbnQtYWNjZXNzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUNBLG9EQUFnRDtBQUVoRCxtRUFBdUU7QUFFdkUsaURBQXdEO0FBQ3hELHFDQUFnRDtBQUVoRCwyQ0FBa0Q7QUFDbEQsc0NBQWlDO0FBRWpDOzs7Ozs7OztHQVFHO0FBQ0gsTUFBYSxpQkFBaUI7SUFLQztJQUpaLFFBQVEsR0FBRyxJQUFJLEdBQUcsRUFBNkIsQ0FBQztJQUNoRCxvQkFBb0IsQ0FBK0I7SUFDbkQsUUFBUSxDQUFXO0lBRXBDLFlBQTZCLFdBQXdCLEVBQUUsZ0JBQXdCLEVBQUUsUUFBa0I7UUFBdEUsZ0JBQVcsR0FBWCxXQUFXLENBQWE7UUFDbkQsSUFBSSxDQUFDLG9CQUFvQixHQUFHLElBQUksb0RBQTRCLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztRQUMvRSxJQUFJLENBQUMsUUFBUSxHQUFHLFFBQVEsQ0FBQztJQUMzQixDQUFDO0lBRUQ7O09BRUc7SUFDSSxLQUFLLENBQUMsdUJBQXVCLENBQUMsS0FBd0M7UUFDM0UsT0FBTyxJQUFJLENBQUMsV0FBVyxDQUFDLGtCQUFrQixDQUFDLEtBQUssQ0FBQyxXQUFXLENBQUMsQ0FBQztJQUNoRSxDQUFDO0lBRUQ7Ozs7Ozs7O09BUUc7SUFDSSxLQUFLLENBQUMscUNBQXFDLENBQUMsS0FBd0M7UUFDekYsT0FBTyxJQUFJLENBQUMsNkJBQTZCLENBQUMsS0FBSyxFQUFFLGFBQUksQ0FBQyxVQUFVLENBQUMsQ0FBQztJQUNwRSxDQUFDO0lBRUQ7Ozs7Ozs7OztPQVNHO0lBQ0ksS0FBSyxDQUFDLG9DQUFvQyxDQUFDLEtBQXdDO1FBQ3hGLE9BQU8sSUFBSSxDQUFDLDZCQUE2QixDQUFDLEtBQUssRUFBRSxhQUFJLENBQUMsVUFBVSxDQUFDLENBQUM7SUFDcEUsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztPQTBCRztJQUNJLEtBQUssQ0FBQyxvQkFBb0IsQ0FBQyxLQUF3QztRQUN4RSxJQUFJLENBQUMsS0FBSyxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQ3ZCLE1BQU0sSUFBSSw0QkFBWSxDQUFDLGFBQWEsS0FBSyxDQUFDLFdBQVcsK0JBQStCLENBQUMsQ0FBQztRQUN4RixDQUFDO1FBRUQsTUFBTSxTQUFTLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDO1lBQ3RDLFdBQVcsRUFBRSxLQUFLLENBQUMsV0FBVztZQUM5QixJQUFJLEVBQUUsYUFBSSxDQUFDLFVBQVU7WUFDckIsYUFBYSxFQUFFLEtBQUssQ0FBQyxVQUFVLEVBQUUsR0FBRztZQUNwQyxvQkFBb0IsRUFBRSxLQUFLLENBQUMsVUFBVSxFQUFFLG9CQUFvQjtZQUM1RCwyQkFBMkIsRUFBRSxLQUFLLENBQUMsVUFBVSxFQUFFLDJCQUEyQjtTQUMzRSxDQUFDLENBQUM7UUFFSCxtR0FBbUc7UUFDbkcsSUFBSSxTQUFTLENBQUMsYUFBYSxJQUFJLEtBQUssQ0FBQyxVQUFVLEVBQUUsaUNBQWlDLElBQUksS0FBSyxDQUFDLFVBQVUsQ0FBQyw2QkFBNkIsRUFBRSxDQUFDO1lBQ3JJLE1BQU0sT0FBTyxHQUFHLE1BQU0sU0FBUyxDQUFDLFNBQVMsQ0FBQyx1QkFBdUIsQ0FBQyxLQUFLLENBQUMsVUFBVSxDQUFDLGlDQUFpQyxDQUFDLENBQUM7WUFDdEgsSUFBSSxPQUFPLEdBQUcsS0FBSyxDQUFDLFVBQVUsQ0FBQyw2QkFBNkIsRUFBRSxDQUFDO2dCQUM3RCxNQUFNLElBQUksNEJBQVksQ0FBQyw0QkFBNEIsS0FBSyxDQUFDLFVBQVUsQ0FBQyw2QkFBNkIsaUNBQWlDLE9BQU8sdUVBQXVFLEtBQUssQ0FBQyxVQUFVLENBQUMsNkJBQTZCLEVBQUUsQ0FBQyxDQUFDO1lBQ3BRLENBQUM7UUFDSCxDQUFDO1FBQ0QsSUFBSSxTQUFTLENBQUMscUJBQXFCLEVBQUUsQ0FBQztZQUNwQyxNQUFNLEdBQUcsR0FBRyxNQUFNLFNBQVMsQ0FBQyxtQkFBbUIsQ0FBQyxLQUFLLENBQUMsVUFBVSxFQUFFLEdBQUcsQ0FBQyxDQUFDO1lBQ3ZFLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsWUFBRSxDQUFDLG9CQUFvQixDQUFDLEdBQUcsQ0FBQyxlQUFlLEdBQUcsd0RBQXdELENBQUMsQ0FBQyxDQUFDO1FBQ3RJLENBQUM7UUFDRCxPQUFPLFNBQVMsQ0FBQztJQUNuQixDQUFDO0lBRUQ7Ozs7Ozs7Ozs7T0FVRztJQUNJLEtBQUssQ0FBQyw4QkFBOEIsQ0FBQyxLQUF3QztRQUNsRixJQUFJLENBQUMsS0FBSyxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQ3ZCLE1BQU0sSUFBSSw0QkFBWSxDQUFDLGFBQWEsS0FBSyxDQUFDLFdBQVcsK0JBQStCLENBQUMsQ0FBQztRQUN4RixDQUFDO1FBRUQsSUFBSSxDQUFDO1lBQ0gsT0FBTyxNQUFNLElBQUksQ0FBQyxvQkFBb0IsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUNoRCxDQUFDO1FBQUMsT0FBTyxDQUFNLEVBQUUsQ0FBQztZQUNoQixNQUFNLElBQUksQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDLFlBQUUsQ0FBQyxvQkFBb0IsQ0FBQyxHQUFHLENBQUMsR0FBRyxJQUFBLHlCQUFrQixFQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDO1FBQ3RGLENBQUM7UUFDRCxPQUFPLElBQUksQ0FBQyw2QkFBNkIsQ0FBQyxLQUFLLEVBQUUsYUFBSSxDQUFDLFVBQVUsQ0FBQyxDQUFDO0lBQ3BFLENBQUM7SUFFRDs7Ozs7Ozs7T0FRRztJQUNLLEtBQUssQ0FBQyw2QkFBNkIsQ0FBQyxLQUF3QyxFQUFFLElBQVU7UUFDOUYsSUFBSSxDQUFDLEtBQUssQ0FBQyxXQUFXLEVBQUUsQ0FBQztZQUN2QixNQUFNLElBQUksNEJBQVksQ0FBQyxhQUFhLEtBQUssQ0FBQyxXQUFXLCtCQUErQixDQUFDLENBQUM7UUFDeEYsQ0FBQztRQUVELE9BQU8sSUFBSSxDQUFDLFVBQVUsQ0FBQztZQUNyQixXQUFXLEVBQUUsS0FBSyxDQUFDLFdBQVc7WUFDOUIsSUFBSTtZQUNKLGFBQWEsRUFBRSxLQUFLLENBQUMsYUFBYTtZQUNsQyxvQkFBb0IsRUFBRSxLQUFLLENBQUMsb0JBQW9CO1lBQ2hELDJCQUEyQixFQUFFLEtBQUssQ0FBQywyQkFBMkI7U0FDL0QsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVEOztPQUVHO0lBQ0ssS0FBSyxDQUFDLFVBQVUsQ0FDdEIsT0FBOEI7UUFFOUIsTUFBTSxtQkFBbUIsR0FBRyxNQUFNLElBQUksQ0FBQyxXQUFXLENBQUMsa0JBQWtCLENBQUMsT0FBTyxDQUFDLFdBQVcsQ0FBQyxDQUFDO1FBRTNGLDZFQUE2RTtRQUM3RSxNQUFNLEVBQUUsYUFBYSxFQUFFLEdBQUcsTUFBTSxJQUFBLHFDQUFzQixFQUFDO1lBQ3JELGFBQWEsRUFBRSxPQUFPLENBQUMsYUFBYTtTQUNyQyxFQUFFLG1CQUFtQixFQUFFLElBQUksQ0FBQyxXQUFXLENBQUMsQ0FBQztRQUUxQyxNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyx1QkFBdUIsQ0FBQyxtQkFBbUIsRUFBRSxPQUFPLENBQUMsSUFBSSxFQUFFO1lBQ3JGLGFBQWE7WUFDYixvQkFBb0IsRUFBRSxPQUFPLENBQUMsb0JBQW9CO1lBQ2xELDJCQUEyQixFQUFFLE9BQU8sQ0FBQywyQkFBMkI7U0FDakUsQ0FBQyxDQUFDO1FBRUgsT0FBTztZQUNMLEdBQUcsRUFBRSxRQUFRLENBQUMsR0FBRztZQUNqQixtQkFBbUI7WUFDbkIsU0FBUyxFQUFFLElBQUksQ0FBQyxvQkFBb0IsQ0FBQyxHQUFHLENBQUMsbUJBQW1CLEVBQUUsUUFBUSxDQUFDLEdBQUcsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDO1lBQzFGLHNHQUFzRztZQUN0RywyQ0FBMkM7WUFDM0MscUJBQXFCLEVBQUUsQ0FBQyxRQUFRLENBQUMsYUFBYSxJQUFJLENBQUMsQ0FBQyxhQUFhO1lBQ2pFLGFBQWEsRUFBRSxRQUFRLENBQUMsYUFBYTtZQUNyQyxtQkFBbUIsRUFBRSxLQUFLLEVBQWdDLEdBQU0sRUFBRSxFQUFFO2dCQUNsRSxNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUEscUNBQXNCLEVBQUMsRUFBRSxHQUFHLEVBQUUsRUFBRSxtQkFBbUIsRUFBRSxJQUFJLENBQUMsV0FBVyxDQUFDLENBQUM7Z0JBQ3pGLE9BQU8sR0FBRyxDQUFDLEdBQUcsQ0FBQztZQUNqQixDQUFDO1NBQ0YsQ0FBQztJQUNKLENBQUM7SUFFTyxLQUFLLENBQUMsdUJBQXVCLENBQ25DLFdBQThCLEVBQzlCLElBQVUsRUFDVixPQUE0QjtRQUU1QixNQUFNLGdCQUFnQixHQUFHO1lBQ3ZCLFdBQVcsQ0FBQyxPQUFPO1lBQ25CLFdBQVcsQ0FBQyxNQUFNO1lBQ2xCLEdBQUcsSUFBSSxFQUFFO1lBQ1QsT0FBTyxFQUFFLGFBQWEsSUFBSSxFQUFFO1lBQzVCLE9BQU8sRUFBRSxvQkFBb0IsSUFBSSxFQUFFO1NBQ3BDLENBQUM7UUFFRixJQUFJLE9BQU8sRUFBRSwyQkFBMkIsRUFBRSxDQUFDO1lBQ3pDLGdCQUFnQixDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLE9BQU8sQ0FBQywyQkFBMkIsQ0FBQyxDQUFDLENBQUM7UUFDN0UsQ0FBQztRQUVELE1BQU0sUUFBUSxHQUFHLGdCQUFnQixDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUM1QyxNQUFNLFFBQVEsR0FBRyxJQUFJLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUM3QyxJQUFJLFFBQVEsRUFBRSxDQUFDO1lBQ2IsT0FBTyxRQUFRLENBQUM7UUFDbEIsQ0FBQztRQUNELE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLFdBQVcsQ0FBQyxjQUFjLENBQUMsV0FBVyxFQUFFLElBQUksRUFBRSxPQUFPLENBQUMsQ0FBQztRQUM5RSxJQUFJLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxRQUFRLEVBQUUsR0FBRyxDQUFDLENBQUM7UUFDakMsT0FBTyxHQUFHLENBQUM7SUFDYixDQUFDO0NBQ0Y7QUE3TUQsOENBNk1DIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHR5cGUgKiBhcyBjeGFwaSBmcm9tICdAYXdzLWNkay9jeC1hcGknO1xuaW1wb3J0IHsgVG9vbGtpdEVycm9yIH0gZnJvbSAnLi4vdG9vbGtpdC1lcnJvcic7XG5pbXBvcnQgdHlwZSB7IEVudmlyb25tZW50UmVzb3VyY2VzIH0gZnJvbSAnLi9lbnZpcm9ubWVudC1yZXNvdXJjZXMnO1xuaW1wb3J0IHsgRW52aXJvbm1lbnRSZXNvdXJjZXNSZWdpc3RyeSB9IGZyb20gJy4vZW52aXJvbm1lbnQtcmVzb3VyY2VzJztcbmltcG9ydCB0eXBlIHsgU3RyaW5nV2l0aG91dFBsYWNlaG9sZGVycyB9IGZyb20gJy4vcGxhY2Vob2xkZXJzJztcbmltcG9ydCB7IHJlcGxhY2VFbnZQbGFjZWhvbGRlcnMgfSBmcm9tICcuL3BsYWNlaG9sZGVycyc7XG5pbXBvcnQgeyBmb3JtYXRFcnJvck1lc3NhZ2UgfSBmcm9tICcuLi8uLi91dGlsJztcbmltcG9ydCB0eXBlIHsgU0RLLCBDcmVkZW50aWFsc09wdGlvbnMsIFNka0ZvckVudmlyb25tZW50LCBTZGtQcm92aWRlciB9IGZyb20gJy4uL2F3cy1hdXRoL3ByaXZhdGUnO1xuaW1wb3J0IHsgSU8sIHR5cGUgSW9IZWxwZXIgfSBmcm9tICcuLi9pby9wcml2YXRlJztcbmltcG9ydCB7IE1vZGUgfSBmcm9tICcuLi9wbHVnaW4nO1xuXG4vKipcbiAqIEFjY2VzcyBwYXJ0aWN1bGFyIEFXUyByZXNvdXJjZXMsIGJhc2VkIG9uIGluZm9ybWF0aW9uIGZyb20gdGhlIENYIG1hbmlmZXN0XG4gKlxuICogSXQgaXMgbm90IHBvc3NpYmxlIHRvIGdyYWIgZGlyZWN0IGFjY2VzcyB0byBBV1MgY3JlZGVudGlhbHM7IDkgdGltZXMgb3V0IG9mIDEwXG4gKiB3ZSBoYXZlIHRvIGFsbG93IGZvciByb2xlIGFzc3VtcHRpb24sIGFuZCByb2xlIGFzc3VtcHRpb24gY2FuIG9ubHkgd29yayBpZlxuICogdGhlcmUgaXMgYSBDWCBNYW5pZmVzdCB0aGF0IGNvbnRhaW5zIGEgcm9sZSBBUk4uXG4gKlxuICogVGhpcyBjbGFzcyBleGlzdHMgc28gbmV3IGNvZGUgaXNuJ3QgdGVtcHRlZCB0byBnbyBhbmQgZ2V0IFNESyBjcmVkZW50aWFscyBkaXJlY3RseS5cbiAqL1xuZXhwb3J0IGNsYXNzIEVudmlyb25tZW50QWNjZXNzIHtcbiAgcHJpdmF0ZSByZWFkb25seSBzZGtDYWNoZSA9IG5ldyBNYXA8c3RyaW5nLCBTZGtGb3JFbnZpcm9ubWVudD4oKTtcbiAgcHJpdmF0ZSByZWFkb25seSBlbnZpcm9ubWVudFJlc291cmNlczogRW52aXJvbm1lbnRSZXNvdXJjZXNSZWdpc3RyeTtcbiAgcHJpdmF0ZSByZWFkb25seSBpb0hlbHBlcjogSW9IZWxwZXI7XG5cbiAgY29uc3RydWN0b3IocHJpdmF0ZSByZWFkb25seSBzZGtQcm92aWRlcjogU2RrUHJvdmlkZXIsIHRvb2xraXRTdGFja05hbWU6IHN0cmluZywgaW9IZWxwZXI6IElvSGVscGVyKSB7XG4gICAgdGhpcy5lbnZpcm9ubWVudFJlc291cmNlcyA9IG5ldyBFbnZpcm9ubWVudFJlc291cmNlc1JlZ2lzdHJ5KHRvb2xraXRTdGFja05hbWUpO1xuICAgIHRoaXMuaW9IZWxwZXIgPSBpb0hlbHBlcjtcbiAgfVxuXG4gIC8qKlxuICAgKiBSZXNvbHZlcyB0aGUgZW52aXJvbm1lbnQgZm9yIGEgc3RhY2suXG4gICAqL1xuICBwdWJsaWMgYXN5bmMgcmVzb2x2ZVN0YWNrRW52aXJvbm1lbnQoc3RhY2s6IGN4YXBpLkNsb3VkRm9ybWF0aW9uU3RhY2tBcnRpZmFjdCk6IFByb21pc2U8Y3hhcGkuRW52aXJvbm1lbnQ+IHtcbiAgICByZXR1cm4gdGhpcy5zZGtQcm92aWRlci5yZXNvbHZlRW52aXJvbm1lbnQoc3RhY2suZW52aXJvbm1lbnQpO1xuICB9XG5cbiAgLyoqXG4gICAqIEdldCBhbiBTREsgdG8gYWNjZXNzIHRoZSBnaXZlbiBzdGFjaydzIGVudmlyb25tZW50IGZvciBzdGFjayBvcGVyYXRpb25zXG4gICAqXG4gICAqIFdpbGwgYXNrIHBsdWdpbnMgZm9yIHJlYWRvbmx5IGNyZWRlbnRpYWxzIGlmIGF2YWlsYWJsZSwgdXNlIHRoZSBkZWZhdWx0XG4gICAqIEFXUyBjcmVkZW50aWFscyBpZiBub3QuXG4gICAqXG4gICAqIFdpbGwgYXNzdW1lIHRoZSBkZXBsb3kgcm9sZSBpZiBjb25maWd1cmVkIG9uIHRoZSBzdGFjay4gQ2hlY2sgdGhlIGRlZmF1bHQgYGRlcGxveS1yb2xlYFxuICAgKiBwb2xpY2llcyB0byBzZWUgd2hhdCB5b3UgY2FuIGRvIHdpdGggdGhpcyByb2xlLlxuICAgKi9cbiAgcHVibGljIGFzeW5jIGFjY2Vzc1N0YWNrRm9yUmVhZE9ubHlTdGFja09wZXJhdGlvbnMoc3RhY2s6IGN4YXBpLkNsb3VkRm9ybWF0aW9uU3RhY2tBcnRpZmFjdCk6IFByb21pc2U8VGFyZ2V0RW52aXJvbm1lbnQ+IHtcbiAgICByZXR1cm4gdGhpcy5hY2Nlc3NTdGFja0ZvclN0YWNrT3BlcmF0aW9ucyhzdGFjaywgTW9kZS5Gb3JSZWFkaW5nKTtcbiAgfVxuXG4gIC8qKlxuICAgKiBHZXQgYW4gU0RLIHRvIGFjY2VzcyB0aGUgZ2l2ZW4gc3RhY2sncyBlbnZpcm9ubWVudCBmb3Igc3RhY2sgb3BlcmF0aW9uc1xuICAgKlxuICAgKiBXaWxsIGFzayBwbHVnaW5zIGZvciBtdXRhdGluZyBjcmVkZW50aWFscyBpZiBhdmFpbGFibGUsIHVzZSB0aGUgZGVmYXVsdCBBV1NcbiAgICogY3JlZGVudGlhbHMgaWYgbm90LiAgVGhlIGBtb2RlYCBwYXJhbWV0ZXIgaXMgb25seSB1c2VkIGZvciBxdWVyeWluZ1xuICAgKiBwbHVnaW5zLlxuICAgKlxuICAgKiBXaWxsIGFzc3VtZSB0aGUgZGVwbG95IHJvbGUgaWYgY29uZmlndXJlZCBvbiB0aGUgc3RhY2suIENoZWNrIHRoZSBkZWZhdWx0IGBkZXBsb3ktcm9sZWBcbiAgICogcG9saWNpZXMgdG8gc2VlIHdoYXQgeW91IGNhbiBkbyB3aXRoIHRoaXMgcm9sZS5cbiAgICovXG4gIHB1YmxpYyBhc3luYyBhY2Nlc3NTdGFja0Zvck11dGFibGVTdGFja09wZXJhdGlvbnMoc3RhY2s6IGN4YXBpLkNsb3VkRm9ybWF0aW9uU3RhY2tBcnRpZmFjdCk6IFByb21pc2U8VGFyZ2V0RW52aXJvbm1lbnQ+IHtcbiAgICByZXR1cm4gdGhpcy5hY2Nlc3NTdGFja0ZvclN0YWNrT3BlcmF0aW9ucyhzdGFjaywgTW9kZS5Gb3JXcml0aW5nKTtcbiAgfVxuXG4gIC8qKlxuICAgKiBHZXQgYW4gU0RLIHRvIGFjY2VzcyB0aGUgZ2l2ZW4gc3RhY2sncyBlbnZpcm9ubWVudCBmb3IgZW52aXJvbm1lbnRhbCBsb29rdXBzXG4gICAqXG4gICAqIFdpbGwgdXNlIGEgcGx1Z2luIGlmIGF2YWlsYWJsZSwgdXNlIHRoZSBkZWZhdWx0IEFXUyBjcmVkZW50aWFscyBpZiBub3QuXG4gICAqIFRoZSBgbW9kZWAgcGFyYW1ldGVyIGlzIG9ubHkgdXNlZCBmb3IgcXVlcnlpbmcgcGx1Z2lucy5cbiAgICpcbiAgICogV2lsbCBhc3N1bWUgdGhlIGxvb2t1cCByb2xlIGlmIGNvbmZpZ3VyZWQgb24gdGhlIHN0YWNrLiBDaGVjayB0aGUgZGVmYXVsdCBgbG9va3VwLXJvbGVgXG4gICAqIHBvbGljaWVzIHRvIHNlZSB3aGF0IHlvdSBjYW4gZG8gd2l0aCB0aGlzIHJvbGUuIEl0IGNhbiBnZW5lcmFsbHkgcmVhZCBldmVyeXRoaW5nXG4gICAqIGluIHRoZSBhY2NvdW50IHRoYXQgZG9lcyBub3QgcmVxdWlyZSBLTVMgYWNjZXNzLlxuICAgKlxuICAgKiAtLS1cbiAgICpcbiAgICogRm9yIGJhY2t3YXJkcyBjb21wYXRpYmlsaXR5IHJlYXNvbnMsIHRoZXJlIGFyZSBzb21lIHNjZW5hcmlvcyB0aGF0IGFyZSBoYW5kbGVkIGhlcmU6XG4gICAqXG4gICAqICAxLiBUaGUgbG9va3VwIHJvbGUgbWF5IG5vdCBleGlzdCAoaXQgd2FzIGFkZGVkIGluIGJvb3RzdHJhcCBzdGFjayB2ZXJzaW9uIDcpLiBJZiBzbzpcbiAgICogICAgIGEuIFJldHVybiB0aGUgZGVmYXVsdCBjcmVkZW50aWFscyBpZiB0aGUgZGVmYXVsdCBjcmVkZW50aWFscyBhcmUgZm9yIHRoZSBzdGFjayBhY2NvdW50XG4gICAqICAgICAgICAoeW91IHdpbGwgbm90aWNlIHRoaXMgYXMgYGlzRmFsbGJhY2tDcmVkZW50aWFscz10cnVlYCkuXG4gICAqICAgICBiLiBUaHJvdyBhbiBlcnJvciBpZiB0aGUgZGVmYXVsdCBjcmVkZW50aWFscyBhcmUgbm90IGZvciB0aGUgc3RhY2sgYWNjb3VudC5cbiAgICpcbiAgICogIDIuIFRoZSBsb29rdXAgcm9sZSBtYXkgbm90IGhhdmUgdGhlIGNvcnJlY3QgcGVybWlzc2lvbnMgKGZvciBleGFtcGxlLCBSZWFkT25seUFjY2VzcyB3YXMgYWRkZWQgaW5cbiAgICogICAgIGJvb3RzdHJhcCBzdGFjayB2ZXJzaW9uIDgpOyB0aGUgc3RhY2sgd2lsbCBoYXZlIGEgbWluaW11bSB2ZXJzaW9uIG51bWJlciBvbiBpdC5cbiAgICogICAgIGEuIElmIGl0IGRvZXMgbm90IHdlIHRocm93IGFuIGVycm9yIHdoaWNoIHNob3VsZCBiZSBoYW5kbGVkIGluIHRoZSBjYWxsaW5nXG4gICAqICAgICAgICBmdW5jdGlvbiAoYW5kIGZhbGxiYWNrIHRvIHVzZSBhIGRpZmZlcmVudCByb2xlLCBldGMpXG4gICAqXG4gICAqIFVwb24gc3VjY2VzcywgY2FsbGVyIHdpbGwgaGF2ZSBhbiBTREsgZm9yIHRoZSByaWdodCBhY2NvdW50LCB3aGljaCBtYXkgb3IgbWF5IG5vdCBoYXZlXG4gICAqIHRoZSByaWdodCBwZXJtaXNzaW9ucy5cbiAgICovXG4gIHB1YmxpYyBhc3luYyBhY2Nlc3NTdGFja0Zvckxvb2t1cChzdGFjazogY3hhcGkuQ2xvdWRGb3JtYXRpb25TdGFja0FydGlmYWN0KTogUHJvbWlzZTxUYXJnZXRFbnZpcm9ubWVudD4ge1xuICAgIGlmICghc3RhY2suZW52aXJvbm1lbnQpIHtcbiAgICAgIHRocm93IG5ldyBUb29sa2l0RXJyb3IoYFRoZSBzdGFjayAke3N0YWNrLmRpc3BsYXlOYW1lfSBkb2VzIG5vdCBoYXZlIGFuIGVudmlyb25tZW50YCk7XG4gICAgfVxuXG4gICAgY29uc3QgbG9va3VwRW52ID0gYXdhaXQgdGhpcy5wcmVwYXJlU2RrKHtcbiAgICAgIGVudmlyb25tZW50OiBzdGFjay5lbnZpcm9ubWVudCxcbiAgICAgIG1vZGU6IE1vZGUuRm9yUmVhZGluZyxcbiAgICAgIGFzc3VtZVJvbGVBcm46IHN0YWNrLmxvb2t1cFJvbGU/LmFybixcbiAgICAgIGFzc3VtZVJvbGVFeHRlcm5hbElkOiBzdGFjay5sb29rdXBSb2xlPy5hc3N1bWVSb2xlRXh0ZXJuYWxJZCxcbiAgICAgIGFzc3VtZVJvbGVBZGRpdGlvbmFsT3B0aW9uczogc3RhY2subG9va3VwUm9sZT8uYXNzdW1lUm9sZUFkZGl0aW9uYWxPcHRpb25zLFxuICAgIH0pO1xuXG4gICAgLy8gaWYgd2Ugc3VjY2VlZCBpbiBhc3N1bWluZyB0aGUgbG9va3VwIHJvbGUsIG1ha2Ugc3VyZSB3ZSBoYXZlIHRoZSBjb3JyZWN0IGJvb3RzdHJhcCBzdGFjayB2ZXJzaW9uXG4gICAgaWYgKGxvb2t1cEVudi5kaWRBc3N1bWVSb2xlICYmIHN0YWNrLmxvb2t1cFJvbGU/LmJvb3RzdHJhcFN0YWNrVmVyc2lvblNzbVBhcmFtZXRlciAmJiBzdGFjay5sb29rdXBSb2xlLnJlcXVpcmVzQm9vdHN0cmFwU3RhY2tWZXJzaW9uKSB7XG4gICAgICBjb25zdCB2ZXJzaW9uID0gYXdhaXQgbG9va3VwRW52LnJlc291cmNlcy52ZXJzaW9uRnJvbVNzbVBhcmFtZXRlcihzdGFjay5sb29rdXBSb2xlLmJvb3RzdHJhcFN0YWNrVmVyc2lvblNzbVBhcmFtZXRlcik7XG4gICAgICBpZiAodmVyc2lvbiA8IHN0YWNrLmxvb2t1cFJvbGUucmVxdWlyZXNCb290c3RyYXBTdGFja1ZlcnNpb24pIHtcbiAgICAgICAgdGhyb3cgbmV3IFRvb2xraXRFcnJvcihgQm9vdHN0cmFwIHN0YWNrIHZlcnNpb24gJyR7c3RhY2subG9va3VwUm9sZS5yZXF1aXJlc0Jvb3RzdHJhcFN0YWNrVmVyc2lvbn0nIGlzIHJlcXVpcmVkLCBmb3VuZCB2ZXJzaW9uICcke3ZlcnNpb259Jy4gVG8gZ2V0IHJpZCBvZiB0aGlzIGVycm9yLCBwbGVhc2UgdXBncmFkZSB0byBib290c3RyYXAgdmVyc2lvbiA+PSAke3N0YWNrLmxvb2t1cFJvbGUucmVxdWlyZXNCb290c3RyYXBTdGFja1ZlcnNpb259YCk7XG4gICAgICB9XG4gICAgfVxuICAgIGlmIChsb29rdXBFbnYuaXNGYWxsYmFja0NyZWRlbnRpYWxzKSB7XG4gICAgICBjb25zdCBhcm4gPSBhd2FpdCBsb29rdXBFbnYucmVwbGFjZVBsYWNlaG9sZGVycyhzdGFjay5sb29rdXBSb2xlPy5hcm4pO1xuICAgICAgYXdhaXQgdGhpcy5pb0hlbHBlci5ub3RpZnkoSU8uREVGQVVMVF9UT09MS0lUX1dBUk4ubXNnKGBMb29rdXAgcm9sZSAke2Fybn0gd2FzIG5vdCBhc3N1bWVkLiBQcm9jZWVkaW5nIHdpdGggZGVmYXVsdCBjcmVkZW50aWFscy5gKSk7XG4gICAgfVxuICAgIHJldHVybiBsb29rdXBFbnY7XG4gIH1cblxuICAvKipcbiAgICogR2V0IGFuIFNESyB0byBhY2Nlc3MgdGhlIGdpdmVuIHN0YWNrJ3MgZW52aXJvbm1lbnQgZm9yIHJlYWRpbmcgc3RhY2sgYXR0cmlidXRlc1xuICAgKlxuICAgKiBXaWxsIHVzZSBhIHBsdWdpbiBpZiBhdmFpbGFibGUsIHVzZSB0aGUgZGVmYXVsdCBBV1MgY3JlZGVudGlhbHMgaWYgbm90LlxuICAgKiBUaGUgYG1vZGVgIHBhcmFtZXRlciBpcyBvbmx5IHVzZWQgZm9yIHF1ZXJ5aW5nIHBsdWdpbnMuXG4gICAqXG4gICAqIFdpbGwgdHJ5IHRvIGFzc3VtZSB0aGUgbG9va3VwIHJvbGUgaWYgZ2l2ZW4sIHdpbGwgdXNlIHRoZSByZWd1bGFyIHN0YWNrIG9wZXJhdGlvbnNcbiAgICogYWNjZXNzIChkZXBsb3ktcm9sZSkgb3RoZXJ3aXNlLiBXaGVuIGNhbGxpbmcgdGhpcywgeW91IHNob3VsZCBhc3N1bWUgdGhhdCB5b3Ugd2lsbCBnZXRcbiAgICogdGhlIGxlYXN0IHByaXZpbGVnZWQgcm9sZSwgc28gZG9uJ3QgdHJ5IHRvIHVzZSBpdCBmb3IgYW55dGhpbmcgdGhlIGBkZXBsb3ktcm9sZWBcbiAgICogd291bGRuJ3QgYmUgYWJsZSB0byBkby4gQWxzbyB5b3UgY2Fubm90IHJlbHkgb24gYmVpbmcgYWJsZSB0byByZWFkIGVuY3J5cHRlZCBhbnl0aGluZy5cbiAgICovXG4gIHB1YmxpYyBhc3luYyBhY2Nlc3NTdGFja0Zvckxvb2t1cEJlc3RFZmZvcnQoc3RhY2s6IGN4YXBpLkNsb3VkRm9ybWF0aW9uU3RhY2tBcnRpZmFjdCk6IFByb21pc2U8VGFyZ2V0RW52aXJvbm1lbnQ+IHtcbiAgICBpZiAoIXN0YWNrLmVudmlyb25tZW50KSB7XG4gICAgICB0aHJvdyBuZXcgVG9vbGtpdEVycm9yKGBUaGUgc3RhY2sgJHtzdGFjay5kaXNwbGF5TmFtZX0gZG9lcyBub3QgaGF2ZSBhbiBlbnZpcm9ubWVudGApO1xuICAgIH1cblxuICAgIHRyeSB7XG4gICAgICByZXR1cm4gYXdhaXQgdGhpcy5hY2Nlc3NTdGFja0Zvckxvb2t1cChzdGFjayk7XG4gICAgfSBjYXRjaCAoZTogYW55KSB7XG4gICAgICBhd2FpdCB0aGlzLmlvSGVscGVyLm5vdGlmeShJTy5ERUZBVUxUX1RPT0xLSVRfV0FSTi5tc2coYCR7Zm9ybWF0RXJyb3JNZXNzYWdlKGUpfWApKTtcbiAgICB9XG4gICAgcmV0dXJuIHRoaXMuYWNjZXNzU3RhY2tGb3JTdGFja09wZXJhdGlvbnMoc3RhY2ssIE1vZGUuRm9yUmVhZGluZyk7XG4gIH1cblxuICAvKipcbiAgICogR2V0IGFuIFNESyB0byBhY2Nlc3MgdGhlIGdpdmVuIHN0YWNrJ3MgZW52aXJvbm1lbnQgZm9yIHN0YWNrIG9wZXJhdGlvbnNcbiAgICpcbiAgICogV2lsbCB1c2UgYSBwbHVnaW4gaWYgYXZhaWxhYmxlLCB1c2UgdGhlIGRlZmF1bHQgQVdTIGNyZWRlbnRpYWxzIGlmIG5vdC5cbiAgICogVGhlIGBtb2RlYCBwYXJhbWV0ZXIgaXMgb25seSB1c2VkIGZvciBxdWVyeWluZyBwbHVnaW5zLlxuICAgKlxuICAgKiBXaWxsIGFzc3VtZSB0aGUgZGVwbG95IHJvbGUgaWYgY29uZmlndXJlZCBvbiB0aGUgc3RhY2suIENoZWNrIHRoZSBkZWZhdWx0IGBkZXBsb3ktcm9sZWBcbiAgICogcG9saWNpZXMgdG8gc2VlIHdoYXQgeW91IGNhbiBkbyB3aXRoIHRoaXMgcm9sZS5cbiAgICovXG4gIHByaXZhdGUgYXN5bmMgYWNjZXNzU3RhY2tGb3JTdGFja09wZXJhdGlvbnMoc3RhY2s6IGN4YXBpLkNsb3VkRm9ybWF0aW9uU3RhY2tBcnRpZmFjdCwgbW9kZTogTW9kZSk6IFByb21pc2U8VGFyZ2V0RW52aXJvbm1lbnQ+IHtcbiAgICBpZiAoIXN0YWNrLmVudmlyb25tZW50KSB7XG4gICAgICB0aHJvdyBuZXcgVG9vbGtpdEVycm9yKGBUaGUgc3RhY2sgJHtzdGFjay5kaXNwbGF5TmFtZX0gZG9lcyBub3QgaGF2ZSBhbiBlbnZpcm9ubWVudGApO1xuICAgIH1cblxuICAgIHJldHVybiB0aGlzLnByZXBhcmVTZGsoe1xuICAgICAgZW52aXJvbm1lbnQ6IHN0YWNrLmVudmlyb25tZW50LFxuICAgICAgbW9kZSxcbiAgICAgIGFzc3VtZVJvbGVBcm46IHN0YWNrLmFzc3VtZVJvbGVBcm4sXG4gICAgICBhc3N1bWVSb2xlRXh0ZXJuYWxJZDogc3RhY2suYXNzdW1lUm9sZUV4dGVybmFsSWQsXG4gICAgICBhc3N1bWVSb2xlQWRkaXRpb25hbE9wdGlvbnM6IHN0YWNrLmFzc3VtZVJvbGVBZGRpdGlvbmFsT3B0aW9ucyxcbiAgICB9KTtcbiAgfVxuXG4gIC8qKlxuICAgKiBQcmVwYXJlIGFuIFNESyBmb3IgdXNlIGluIHRoZSBnaXZlbiBlbnZpcm9ubWVudCBhbmQgb3B0aW9uYWxseSB3aXRoIGEgcm9sZSBhc3N1bWVkLlxuICAgKi9cbiAgcHJpdmF0ZSBhc3luYyBwcmVwYXJlU2RrKFxuICAgIG9wdGlvbnM6IFByZXBhcmVTZGtSb2xlT3B0aW9ucyxcbiAgKTogUHJvbWlzZTxUYXJnZXRFbnZpcm9ubWVudD4ge1xuICAgIGNvbnN0IHJlc29sdmVkRW52aXJvbm1lbnQgPSBhd2FpdCB0aGlzLnNka1Byb3ZpZGVyLnJlc29sdmVFbnZpcm9ubWVudChvcHRpb25zLmVudmlyb25tZW50KTtcblxuICAgIC8vIFN1YnN0aXR1dGUgYW55IHBsYWNlaG9sZGVycyB3aXRoIGluZm9ybWF0aW9uIGFib3V0IHRoZSBjdXJyZW50IGVudmlyb25tZW50XG4gICAgY29uc3QgeyBhc3N1bWVSb2xlQXJuIH0gPSBhd2FpdCByZXBsYWNlRW52UGxhY2Vob2xkZXJzKHtcbiAgICAgIGFzc3VtZVJvbGVBcm46IG9wdGlvbnMuYXNzdW1lUm9sZUFybixcbiAgICB9LCByZXNvbHZlZEVudmlyb25tZW50LCB0aGlzLnNka1Byb3ZpZGVyKTtcblxuICAgIGNvbnN0IHN0YWNrU2RrID0gYXdhaXQgdGhpcy5jYWNoZWRTZGtGb3JFbnZpcm9ubWVudChyZXNvbHZlZEVudmlyb25tZW50LCBvcHRpb25zLm1vZGUsIHtcbiAgICAgIGFzc3VtZVJvbGVBcm4sXG4gICAgICBhc3N1bWVSb2xlRXh0ZXJuYWxJZDogb3B0aW9ucy5hc3N1bWVSb2xlRXh0ZXJuYWxJZCxcbiAgICAgIGFzc3VtZVJvbGVBZGRpdGlvbmFsT3B0aW9uczogb3B0aW9ucy5hc3N1bWVSb2xlQWRkaXRpb25hbE9wdGlvbnMsXG4gICAgfSk7XG5cbiAgICByZXR1cm4ge1xuICAgICAgc2RrOiBzdGFja1Nkay5zZGssXG4gICAgICByZXNvbHZlZEVudmlyb25tZW50LFxuICAgICAgcmVzb3VyY2VzOiB0aGlzLmVudmlyb25tZW50UmVzb3VyY2VzLmZvcihyZXNvbHZlZEVudmlyb25tZW50LCBzdGFja1Nkay5zZGssIHRoaXMuaW9IZWxwZXIpLFxuICAgICAgLy8gSWYgd2UgYXNrZWQgZm9yIGEgcm9sZSwgZGlkIG5vdCBzdWNjZXNzZnVsbHkgYXNzdW1lIGl0LCBhbmQgeWV0IGdvdCBoZXJlIHdpdGhvdXQgYW4gZXhjZXB0aW9uOiB0aGF0XG4gICAgICAvLyBtZWFucyB3ZSBtdXN0IGhhdmUgZmFsbGJhY2sgY3JlZGVudGlhbHMuXG4gICAgICBpc0ZhbGxiYWNrQ3JlZGVudGlhbHM6ICFzdGFja1Nkay5kaWRBc3N1bWVSb2xlICYmICEhYXNzdW1lUm9sZUFybixcbiAgICAgIGRpZEFzc3VtZVJvbGU6IHN0YWNrU2RrLmRpZEFzc3VtZVJvbGUsXG4gICAgICByZXBsYWNlUGxhY2Vob2xkZXJzOiBhc3luYyA8QSBleHRlbmRzIHN0cmluZyB8IHVuZGVmaW5lZD4oc3RyOiBBKSA9PiB7XG4gICAgICAgIGNvbnN0IHJldCA9IGF3YWl0IHJlcGxhY2VFbnZQbGFjZWhvbGRlcnMoeyBzdHIgfSwgcmVzb2x2ZWRFbnZpcm9ubWVudCwgdGhpcy5zZGtQcm92aWRlcik7XG4gICAgICAgIHJldHVybiByZXQuc3RyO1xuICAgICAgfSxcbiAgICB9O1xuICB9XG5cbiAgcHJpdmF0ZSBhc3luYyBjYWNoZWRTZGtGb3JFbnZpcm9ubWVudChcbiAgICBlbnZpcm9ubWVudDogY3hhcGkuRW52aXJvbm1lbnQsXG4gICAgbW9kZTogTW9kZSxcbiAgICBvcHRpb25zPzogQ3JlZGVudGlhbHNPcHRpb25zLFxuICApIHtcbiAgICBjb25zdCBjYWNoZUtleUVsZW1lbnRzID0gW1xuICAgICAgZW52aXJvbm1lbnQuYWNjb3VudCxcbiAgICAgIGVudmlyb25tZW50LnJlZ2lvbixcbiAgICAgIGAke21vZGV9YCxcbiAgICAgIG9wdGlvbnM/LmFzc3VtZVJvbGVBcm4gPz8gJycsXG4gICAgICBvcHRpb25zPy5hc3N1bWVSb2xlRXh0ZXJuYWxJZCA/PyAnJyxcbiAgICBdO1xuXG4gICAgaWYgKG9wdGlvbnM/LmFzc3VtZVJvbGVBZGRpdGlvbmFsT3B0aW9ucykge1xuICAgICAgY2FjaGVLZXlFbGVtZW50cy5wdXNoKEpTT04uc3RyaW5naWZ5KG9wdGlvbnMuYXNzdW1lUm9sZUFkZGl0aW9uYWxPcHRpb25zKSk7XG4gICAgfVxuXG4gICAgY29uc3QgY2FjaGVLZXkgPSBjYWNoZUtleUVsZW1lbnRzLmpvaW4oJzonKTtcbiAgICBjb25zdCBleGlzdGluZyA9IHRoaXMuc2RrQ2FjaGUuZ2V0KGNhY2hlS2V5KTtcbiAgICBpZiAoZXhpc3RpbmcpIHtcbiAgICAgIHJldHVybiBleGlzdGluZztcbiAgICB9XG4gICAgY29uc3QgcmV0ID0gYXdhaXQgdGhpcy5zZGtQcm92aWRlci5mb3JFbnZpcm9ubWVudChlbnZpcm9ubWVudCwgbW9kZSwgb3B0aW9ucyk7XG4gICAgdGhpcy5zZGtDYWNoZS5zZXQoY2FjaGVLZXksIHJldCk7XG4gICAgcmV0dXJuIHJldDtcbiAgfVxufVxuXG4vKipcbiAqIFNESyBvYnRhaW5lZCBieSBhc3N1bWluZyB0aGUgZGVwbG95IHJvbGVcbiAqIGZvciBhIGdpdmVuIGVudmlyb25tZW50XG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgVGFyZ2V0RW52aXJvbm1lbnQge1xuICAvKipcbiAgICogVGhlIFNESyBmb3IgdGhlIGdpdmVuIGVudmlyb25tZW50XG4gICAqL1xuICByZWFkb25seSBzZGs6IFNESztcblxuICAvKipcbiAgICogVGhlIHJlc29sdmVkIGVudmlyb25tZW50IGZvciB0aGUgc3RhY2tcbiAgICogKG5vIG1vcmUgJ3Vua25vd24tYWNjb3VudC91bmtub3duLXJlZ2lvbicpXG4gICAqL1xuICByZWFkb25seSByZXNvbHZlZEVudmlyb25tZW50OiBjeGFwaS5FbnZpcm9ubWVudDtcblxuICAvKipcbiAgICogQWNjZXNzIGNsYXNzIGZvciBlbnZpcm9ubWVudGFsIHJlc291cmNlcyB0byBoZWxwIHRoZSBkZXBsb3ltZW50XG4gICAqL1xuICByZWFkb25seSByZXNvdXJjZXM6IEVudmlyb25tZW50UmVzb3VyY2VzO1xuXG4gIC8qKlxuICAgKiBXaGV0aGVyIG9yIG5vdCB3ZSBhc3N1bWVkIGEgcm9sZSBpbiB0aGUgcHJvY2VzcyBvZiBnZXR0aW5nIHRoZXNlIGNyZWRlbnRpYWxzXG4gICAqL1xuICByZWFkb25seSBkaWRBc3N1bWVSb2xlOiBib29sZWFuO1xuXG4gIC8qKlxuICAgKiBXaGV0aGVyIG9yIG5vdCB0aGVzZSBhcmUgZmFsbGJhY2sgY3JlZGVudGlhbHNcbiAgICpcbiAgICogRmFsbGJhY2sgY3JlZGVudGlhbHMgbWVhbnMgdGhhdCBhc3N1bWluZyB0aGUgaW50ZW5kZWQgcm9sZSBmYWlsZWQsIGJ1dCB0aGVcbiAgICogYmFzZSBjcmVkZW50aWFscyBoYXBwZW4gdG8gYmUgZm9yIHRoZSByaWdodCBhY2NvdW50IHNvIHdlIGp1c3QgcGlja2VkIHRob3NlXG4gICAqIGFuZCBob3BlIHRoZSBmdXR1cmUgU0RLIGNhbGxzIHN1Y2NlZWQuXG4gICAqXG4gICAqIFRoaXMgaXMgYSBiYWNrd2FyZHMgY29tcGF0aWJpbGl0eSBtZWNoYW5pc20gZnJvbSBhcm91bmQgdGhlIHRpbWUgd2UgaW50cm9kdWNlZFxuICAgKiBkZXBsb3ltZW50IHJvbGVzLlxuICAgKi9cbiAgcmVhZG9ubHkgaXNGYWxsYmFja0NyZWRlbnRpYWxzOiBib29sZWFuO1xuXG4gIC8qKlxuICAgKiBSZXBsYWNlIGVudmlyb25tZW50IHBsYWNlaG9sZGVycyBhY2NvcmRpbmcgdG8gdGhlIGN1cnJlbnQgZW52aXJvbm1lbnRcbiAgICovXG4gIHJlcGxhY2VQbGFjZWhvbGRlcnMoeDogc3RyaW5nIHwgdW5kZWZpbmVkKTogUHJvbWlzZTxTdHJpbmdXaXRob3V0UGxhY2Vob2xkZXJzIHwgdW5kZWZpbmVkPjtcbn1cblxuaW50ZXJmYWNlIFByZXBhcmVTZGtSb2xlT3B0aW9ucyB7XG4gIHJlYWRvbmx5IGVudmlyb25tZW50OiBjeGFwaS5FbnZpcm9ubWVudDtcbiAgcmVhZG9ubHkgbW9kZTogTW9kZTtcbiAgcmVhZG9ubHkgYXNzdW1lUm9sZUFybj86IHN0cmluZztcbiAgcmVhZG9ubHkgYXNzdW1lUm9sZUV4dGVybmFsSWQ/OiBzdHJpbmc7XG4gIHJlYWRvbmx5IGFzc3VtZVJvbGVBZGRpdGlvbmFsT3B0aW9ucz86IHsgW2tleTogc3RyaW5nXTogYW55IH07XG59XG4iXX0=

package/lib/api/environment/environment-resources.d.ts

@@ -0,0 +1,75 @@
+import type { Environment } from '@aws-cdk/cx-api';
+import type { SDK } from '../aws-auth/private';
+import { type IoHelper } from '../io/private';
+import { type EcrRepositoryInfo, ToolkitInfo } from '../toolkit-info';
+/**
+ * Registry class for `EnvironmentResources`.
+ *
+ * The state management of this class is a bit non-standard. We want to cache
+ * data related to toolkit stacks and SSM parameters, but we are not in charge
+ * of ensuring caching of SDKs. Since `EnvironmentResources` needs an SDK to
+ * function, we treat it as an ephemeral class, and store the actual cached data
+ * in `EnvironmentResourcesRegistry`.
+ */
+export declare class EnvironmentResourcesRegistry {
+    private readonly toolkitStackName?;
+    private readonly cache;
+    constructor(toolkitStackName?: string | undefined);
+    for(resolvedEnvironment: Environment, sdk: SDK, ioHelper: IoHelper): EnvironmentResources;
+}
+/**
+ * Interface with the account and region we're deploying into
+ *
+ * Manages lookups for bootstrapped resources, falling back to the legacy "CDK Toolkit"
+ * original bootstrap stack if necessary.
+ *
+ * The state management of this class is a bit non-standard. We want to cache
+ * data related to toolkit stacks and SSM parameters, but we are not in charge
+ * of ensuring caching of SDKs. Since `EnvironmentResources` needs an SDK to
+ * function, we treat it as an ephemeral class, and store the actual cached data
+ * in `EnvironmentResourcesRegistry`.
+ */
+export declare class EnvironmentResources {
+    readonly environment: Environment;
+    private readonly sdk;
+    private readonly ioHelper;
+    private readonly cache;
+    private readonly toolkitStackName?;
+    constructor(environment: Environment, sdk: SDK, ioHelper: IoHelper, cache: EnvironmentCache, toolkitStackName?: string | undefined);
+    /**
+     * Look up the toolkit for a given environment, using a given SDK
+     */
+    lookupToolkit(): Promise<ToolkitInfo>;
+    /**
+     * Validate that the bootstrap stack version matches or exceeds the expected version
+     *
+     * Use the SSM parameter name to read the version number if given, otherwise use the version
+     * discovered on the bootstrap stack.
+     *
+     * Pass in the SSM parameter name so we can cache the lookups an don't need to do the same
+     * lookup again and again for every artifact.
+     */
+    validateVersion(expectedVersion: number | undefined, ssmParameterName: string | undefined): Promise<void>;
+    /**
+     * Read a version from an SSM parameter, cached
+     */
+    versionFromSsmParameter(parameterName: string): Promise<number>;
+    prepareEcrRepository(repositoryName: string): Promise<EcrRepositoryInfo>;
+}
+export declare class NoBootstrapStackEnvironmentResources extends EnvironmentResources {
+    constructor(environment: Environment, sdk: SDK, ioHelper: IoHelper);
+    /**
+     * Look up the toolkit for a given environment, using a given SDK
+     */
+    lookupToolkit(): Promise<ToolkitInfo>;
+}
+/**
+ * Data that is cached on a per-environment level
+ *
+ * This cache may be shared between different instances of the `EnvironmentResources` class.
+ */
+interface EnvironmentCache {
+    readonly ssmParameters: Map<string, number>;
+    toolkitInfo?: ToolkitInfo;
+}
+export {};

package/lib/api/environment/environment-resources.js

@@ -0,0 +1,213 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.NoBootstrapStackEnvironmentResources = exports.EnvironmentResources = exports.EnvironmentResourcesRegistry = void 0;
+const util_1 = require("../../util");
+const private_1 = require("../io/private");
+const notices_1 = require("../notices");
+const toolkit_error_1 = require("../toolkit-error");
+const toolkit_info_1 = require("../toolkit-info");
+/**
+ * Registry class for `EnvironmentResources`.
+ *
+ * The state management of this class is a bit non-standard. We want to cache
+ * data related to toolkit stacks and SSM parameters, but we are not in charge
+ * of ensuring caching of SDKs. Since `EnvironmentResources` needs an SDK to
+ * function, we treat it as an ephemeral class, and store the actual cached data
+ * in `EnvironmentResourcesRegistry`.
+ */
+class EnvironmentResourcesRegistry {
+    toolkitStackName;
+    cache = new Map();
+    constructor(toolkitStackName) {
+        this.toolkitStackName = toolkitStackName;
+    }
+    for(resolvedEnvironment, sdk, ioHelper) {
+        const key = `${resolvedEnvironment.account}:${resolvedEnvironment.region}`;
+        let envCache = this.cache.get(key);
+        if (!envCache) {
+            envCache = emptyCache();
+            this.cache.set(key, envCache);
+        }
+        return new EnvironmentResources(resolvedEnvironment, sdk, ioHelper, envCache, this.toolkitStackName);
+    }
+}
+exports.EnvironmentResourcesRegistry = EnvironmentResourcesRegistry;
+/**
+ * Interface with the account and region we're deploying into
+ *
+ * Manages lookups for bootstrapped resources, falling back to the legacy "CDK Toolkit"
+ * original bootstrap stack if necessary.
+ *
+ * The state management of this class is a bit non-standard. We want to cache
+ * data related to toolkit stacks and SSM parameters, but we are not in charge
+ * of ensuring caching of SDKs. Since `EnvironmentResources` needs an SDK to
+ * function, we treat it as an ephemeral class, and store the actual cached data
+ * in `EnvironmentResourcesRegistry`.
+ */
+class EnvironmentResources {
+    environment;
+    sdk;
+    ioHelper;
+    cache;
+    toolkitStackName;
+    constructor(environment, sdk, ioHelper, cache, toolkitStackName) {
+        this.environment = environment;
+        this.sdk = sdk;
+        this.ioHelper = ioHelper;
+        this.cache = cache;
+        this.toolkitStackName = toolkitStackName;
+    }
+    /**
+     * Look up the toolkit for a given environment, using a given SDK
+     */
+    async lookupToolkit() {
+        if (!this.cache.toolkitInfo) {
+            this.cache.toolkitInfo = await toolkit_info_1.ToolkitInfo.lookup(this.environment, this.sdk, this.ioHelper, this.toolkitStackName);
+        }
+        return this.cache.toolkitInfo;
+    }
+    /**
+     * Validate that the bootstrap stack version matches or exceeds the expected version
+     *
+     * Use the SSM parameter name to read the version number if given, otherwise use the version
+     * discovered on the bootstrap stack.
+     *
+     * Pass in the SSM parameter name so we can cache the lookups an don't need to do the same
+     * lookup again and again for every artifact.
+     */
+    async validateVersion(expectedVersion, ssmParameterName) {
+        if (expectedVersion === undefined) {
+            // No requirement
+            return;
+        }
+        const defExpectedVersion = expectedVersion;
+        if (ssmParameterName !== undefined) {
+            try {
+                doValidate(await this.versionFromSsmParameter(ssmParameterName), this.environment);
+                return;
+            }
+            catch (e) {
+                if (e.name !== 'AccessDeniedException') {
+                    throw e;
+                }
+                // This is a fallback! The bootstrap template that goes along with this change introduces
+                // a new 'ssm:GetParameter' permission, but when run using the previous bootstrap template we
+                // won't have the permissions yet to read the version, so we won't be able to show the
+                // message telling the user they need to update! When we see an AccessDeniedException, fall
+                // back to the version we read from Stack Outputs; but ONLY if the version we discovered via
+                // outputs is legitimately an old version. If it's newer than that, something else must be broken,
+                // so let it fail as it would if we didn't have this fallback.
+                const bootstrapStack = await this.lookupToolkit();
+                if (bootstrapStack.found && bootstrapStack.version < BOOTSTRAP_TEMPLATE_VERSION_INTRODUCING_GETPARAMETER) {
+                    await this.ioHelper.notify(private_1.IO.DEFAULT_TOOLKIT_WARN.msg(`Could not read SSM parameter ${ssmParameterName}: ${(0, util_1.formatErrorMessage)(e)}, falling back to version from ${bootstrapStack}`));
+                    doValidate(bootstrapStack.version, this.environment);
+                    return;
+                }
+                throw new toolkit_error_1.ToolkitError(`This CDK deployment requires bootstrap stack version '${expectedVersion}', but during the confirmation via SSM parameter ${ssmParameterName} the following error occurred: ${e}`);
+            }
+        }
+        // No SSM parameter
+        const bootstrapStack = await this.lookupToolkit();
+        doValidate(bootstrapStack.version, this.environment);
+        function doValidate(version, environment) {
+            const notices = notices_1.Notices.get();
+            if (notices) {
+                // if `Notices` hasn't been initialized there is probably a good
+                // reason for it. handle gracefully.
+                notices.addBootstrappedEnvironment({ bootstrapStackVersion: version, environment });
+            }
+            if (defExpectedVersion > version) {
+                throw new toolkit_error_1.ToolkitError(`This CDK deployment requires bootstrap stack version '${expectedVersion}', found '${version}'. Please run 'cdk bootstrap'.`);
+            }
+        }
+    }
+    /**
+     * Read a version from an SSM parameter, cached
+     */
+    async versionFromSsmParameter(parameterName) {
+        const existing = this.cache.ssmParameters.get(parameterName);
+        if (existing !== undefined) {
+            return existing;
+        }
+        const ssm = this.sdk.ssm();
+        try {
+            const result = await ssm.getParameter({ Name: parameterName });
+            const asNumber = parseInt(`${result.Parameter?.Value}`, 10);
+            if (isNaN(asNumber)) {
+                throw new toolkit_error_1.ToolkitError(`SSM parameter ${parameterName} not a number: ${result.Parameter?.Value}`);
+            }
+            this.cache.ssmParameters.set(parameterName, asNumber);
+            return asNumber;
+        }
+        catch (e) {
+            if (e.name === 'ParameterNotFound') {
+                throw new toolkit_error_1.ToolkitError(`SSM parameter ${parameterName} not found. Has the environment been bootstrapped? Please run \'cdk bootstrap\' (see https://docs.aws.amazon.com/cdk/latest/guide/bootstrapping.html)`);
+            }
+            throw e;
+        }
+    }
+    async prepareEcrRepository(repositoryName) {
+        if (!this.sdk) {
+            throw new toolkit_error_1.ToolkitError('ToolkitInfo needs to have been initialized with an sdk to call prepareEcrRepository');
+        }
+        const ecr = this.sdk.ecr();
+        // check if repo already exists
+        try {
+            await this.ioHelper.notify(private_1.IO.DEFAULT_TOOLKIT_DEBUG.msg(`${repositoryName}: checking if ECR repository already exists`));
+            const describeResponse = await ecr.describeRepositories({
+                repositoryNames: [repositoryName],
+            });
+            const existingRepositoryUri = describeResponse.repositories[0]?.repositoryUri;
+            if (existingRepositoryUri) {
+                return { repositoryUri: existingRepositoryUri };
+            }
+        }
+        catch (e) {
+            if (e.name !== 'RepositoryNotFoundException') {
+                throw e;
+            }
+        }
+        // create the repo (tag it so it will be easier to garbage collect in the future)
+        await this.ioHelper.notify(private_1.IO.DEFAULT_TOOLKIT_DEBUG.msg(`${repositoryName}: creating ECR repository`));
+        const assetTag = { Key: 'awscdk:asset', Value: 'true' };
+        const response = await ecr.createRepository({
+            repositoryName,
+            tags: [assetTag],
+        });
+        const repositoryUri = response.repository?.repositoryUri;
+        if (!repositoryUri) {
+            throw new toolkit_error_1.ToolkitError(`CreateRepository did not return a repository URI for ${repositoryUri}`);
+        }
+        // configure image scanning on push (helps in identifying software vulnerabilities, no additional charge)
+        await this.ioHelper.notify(private_1.IO.DEFAULT_TOOLKIT_DEBUG.msg(`${repositoryName}: enable image scanning`));
+        await ecr.putImageScanningConfiguration({
+            repositoryName,
+            imageScanningConfiguration: { scanOnPush: true },
+        });
+        return { repositoryUri };
+    }
+}
+exports.EnvironmentResources = EnvironmentResources;
+class NoBootstrapStackEnvironmentResources extends EnvironmentResources {
+    constructor(environment, sdk, ioHelper) {
+        super(environment, sdk, ioHelper, emptyCache());
+    }
+    /**
+     * Look up the toolkit for a given environment, using a given SDK
+     */
+    async lookupToolkit() {
+        throw new toolkit_error_1.ToolkitError('Trying to perform an operation that requires a bootstrap stack; you should not see this error, this is a bug in the CDK CLI.');
+    }
+}
+exports.NoBootstrapStackEnvironmentResources = NoBootstrapStackEnvironmentResources;
+function emptyCache() {
+    return {
+        ssmParameters: new Map(),
+        toolkitInfo: undefined,
+    };
+}
+/**
+ * The bootstrap template version that introduced ssm:GetParameter
+ */
+const BOOTSTRAP_TEMPLATE_VERSION_INTRODUCING_GETPARAMETER = 5;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZW52aXJvbm1lbnQtcmVzb3VyY2VzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiZW52aXJvbm1lbnQtcmVzb3VyY2VzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUNBLHFDQUFnRDtBQUVoRCwyQ0FBa0Q7QUFDbEQsd0NBQXFDO0FBQ3JDLG9EQUFnRDtBQUNoRCxrREFBc0U7QUFFdEU7Ozs7Ozs7O0dBUUc7QUFDSCxNQUFhLDRCQUE0QjtJQUdWO0lBRlosS0FBSyxHQUFHLElBQUksR0FBRyxFQUE0QixDQUFDO0lBRTdELFlBQTZCLGdCQUF5QjtRQUF6QixxQkFBZ0IsR0FBaEIsZ0JBQWdCLENBQVM7SUFDdEQsQ0FBQztJQUVNLEdBQUcsQ0FBQyxtQkFBZ0MsRUFBRSxHQUFRLEVBQUUsUUFBa0I7UUFDdkUsTUFBTSxHQUFHLEdBQUcsR0FBRyxtQkFBbUIsQ0FBQyxPQUFPLElBQUksbUJBQW1CLENBQUMsTUFBTSxFQUFFLENBQUM7UUFDM0UsSUFBSSxRQUFRLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDbkMsSUFBSSxDQUFDLFFBQVEsRUFBRSxDQUFDO1lBQ2QsUUFBUSxHQUFHLFVBQVUsRUFBRSxDQUFDO1lBQ3hCLElBQUksQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLEdBQUcsRUFBRSxRQUFRLENBQUMsQ0FBQztRQUNoQyxDQUFDO1FBQ0QsT0FBTyxJQUFJLG9CQUFvQixDQUFDLG1CQUFtQixFQUFFLEdBQUcsRUFBRSxRQUFRLEVBQUUsUUFBUSxFQUFFLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO0lBQ3ZHLENBQUM7Q0FDRjtBQWZELG9FQWVDO0FBRUQ7Ozs7Ozs7Ozs7O0dBV0c7QUFDSCxNQUFhLG9CQUFvQjtJQUViO0lBQ0M7SUFDQTtJQUNBO0lBQ0E7SUFMbkIsWUFDa0IsV0FBd0IsRUFDdkIsR0FBUSxFQUNSLFFBQWtCLEVBQ2xCLEtBQXVCLEVBQ3ZCLGdCQUF5QjtRQUoxQixnQkFBVyxHQUFYLFdBQVcsQ0FBYTtRQUN2QixRQUFHLEdBQUgsR0FBRyxDQUFLO1FBQ1IsYUFBUSxHQUFSLFFBQVEsQ0FBVTtRQUNsQixVQUFLLEdBQUwsS0FBSyxDQUFrQjtRQUN2QixxQkFBZ0IsR0FBaEIsZ0JBQWdCLENBQVM7SUFFNUMsQ0FBQztJQUVEOztPQUVHO0lBQ0ksS0FBSyxDQUFDLGFBQWE7UUFDeEIsSUFBSSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsV0FBVyxFQUFFLENBQUM7WUFDNUIsSUFBSSxDQUFDLEtBQUssQ0FBQyxXQUFXLEdBQUcsTUFBTSwwQkFBVyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsV0FBVyxFQUFFLElBQUksQ0FBQyxHQUFHLEVBQUUsSUFBSSxDQUFDLFFBQVEsRUFBRSxJQUFJLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztRQUN0SCxDQUFDO1FBQ0QsT0FBTyxJQUFJLENBQUMsS0FBSyxDQUFDLFdBQVcsQ0FBQztJQUNoQyxDQUFDO0lBRUQ7Ozs7Ozs7O09BUUc7SUFDSSxLQUFLLENBQUMsZUFBZSxDQUFDLGVBQW1DLEVBQUUsZ0JBQW9DO1FBQ3BHLElBQUksZUFBZSxLQUFLLFNBQVMsRUFBRSxDQUFDO1lBQ2xDLGlCQUFpQjtZQUNqQixPQUFPO1FBQ1QsQ0FBQztRQUNELE1BQU0sa0JBQWtCLEdBQUcsZUFBZSxDQUFDO1FBRTNDLElBQUksZ0JBQWdCLEtBQUssU0FBUyxFQUFFLENBQUM7WUFDbkMsSUFBSSxDQUFDO2dCQUNILFVBQVUsQ0FBQyxNQUFNLElBQUksQ0FBQyx1QkFBdUIsQ0FBQyxnQkFBZ0IsQ0FBQyxFQUFFLElBQUksQ0FBQyxXQUFXLENBQUMsQ0FBQztnQkFDbkYsT0FBTztZQUNULENBQUM7WUFBQyxPQUFPLENBQU0sRUFBRSxDQUFDO2dCQUNoQixJQUFJLENBQUMsQ0FBQyxJQUFJLEtBQUssdUJBQXVCLEVBQUUsQ0FBQztvQkFDdkMsTUFBTSxDQUFDLENBQUM7Z0JBQ1YsQ0FBQztnQkFFRCx5RkFBeUY7Z0JBQ3pGLDZGQUE2RjtnQkFDN0Ysc0ZBQXNGO2dCQUN0RiwyRkFBMkY7Z0JBQzNGLDRGQUE0RjtnQkFDNUYsa0dBQWtHO2dCQUNsRyw4REFBOEQ7Z0JBQzlELE1BQU0sY0FBYyxHQUFHLE1BQU0sSUFBSSxDQUFDLGFBQWEsRUFBRSxDQUFDO2dCQUNsRCxJQUFJLGNBQWMsQ0FBQyxLQUFLLElBQUksY0FBYyxDQUFDLE9BQU8sR0FBRyxtREFBbUQsRUFBRSxDQUFDO29CQUN6RyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDLFlBQUUsQ0FBQyxvQkFBb0IsQ0FBQyxHQUFHLENBQ3BELGdDQUFnQyxnQkFBZ0IsS0FBSyxJQUFBLHlCQUFrQixFQUFDLENBQUMsQ0FBQyxrQ0FBa0MsY0FBYyxFQUFFLENBQzdILENBQUMsQ0FBQztvQkFDSCxVQUFVLENBQUMsY0FBYyxDQUFDLE9BQU8sRUFBRSxJQUFJLENBQUMsV0FBVyxDQUFDLENBQUM7b0JBQ3JELE9BQU87Z0JBQ1QsQ0FBQztnQkFFRCxNQUFNLElBQUksNEJBQVksQ0FDcEIseURBQXlELGVBQWUsb0RBQW9ELGdCQUFnQixrQ0FBa0MsQ0FBQyxFQUFFLENBQ2xMLENBQUM7WUFDSixDQUFDO1FBQ0gsQ0FBQztRQUVELG1CQUFtQjtRQUNuQixNQUFNLGNBQWMsR0FBRyxNQUFNLElBQUksQ0FBQyxhQUFhLEVBQUUsQ0FBQztRQUNsRCxVQUFVLENBQUMsY0FBYyxDQUFDLE9BQU8sRUFBRSxJQUFJLENBQUMsV0FBVyxDQUFDLENBQUM7UUFFckQsU0FBUyxVQUFVLENBQUMsT0FBZSxFQUFFLFdBQXdCO1lBQzNELE1BQU0sT0FBTyxHQUFHLGlCQUFPLENBQUMsR0FBRyxFQUFFLENBQUM7WUFDOUIsSUFBSSxPQUFPLEVBQUUsQ0FBQztnQkFDWixnRUFBZ0U7Z0JBQ2hFLG9DQUFvQztnQkFDcEMsT0FBTyxDQUFDLDBCQUEwQixDQUFDLEVBQUUscUJBQXFCLEVBQUUsT0FBTyxFQUFFLFdBQVcsRUFBRSxDQUFDLENBQUM7WUFDdEYsQ0FBQztZQUNELElBQUksa0JBQWtCLEdBQUcsT0FBTyxFQUFFLENBQUM7Z0JBQ2pDLE1BQU0sSUFBSSw0QkFBWSxDQUNwQix5REFBeUQsZUFBZSxhQUFhLE9BQU8sZ0NBQWdDLENBQzdILENBQUM7WUFDSixDQUFDO1FBQ0gsQ0FBQztJQUNILENBQUM7SUFFRDs7T0FFRztJQUNJLEtBQUssQ0FBQyx1QkFBdUIsQ0FBQyxhQUFxQjtRQUN4RCxNQUFNLFFBQVEsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLGFBQWEsQ0FBQyxHQUFHLENBQUMsYUFBYSxDQUFDLENBQUM7UUFDN0QsSUFBSSxRQUFRLEtBQUssU0FBUyxFQUFFLENBQUM7WUFDM0IsT0FBTyxRQUFRLENBQUM7UUFDbEIsQ0FBQztRQUVELE1BQU0sR0FBRyxHQUFHLElBQUksQ0FBQyxHQUFHLENBQUMsR0FBRyxFQUFFLENBQUM7UUFFM0IsSUFBSSxDQUFDO1lBQ0gsTUFBTSxNQUFNLEdBQUcsTUFBTSxHQUFHLENBQUMsWUFBWSxDQUFDLEVBQUUsSUFBSSxFQUFFLGFBQWEsRUFBRSxDQUFDLENBQUM7WUFFL0QsTUFBTSxRQUFRLEdBQUcsUUFBUSxDQUFDLEdBQUcsTUFBTSxDQUFDLFNBQVMsRUFBRSxLQUFLLEVBQUUsRUFBRSxFQUFFLENBQUMsQ0FBQztZQUM1RCxJQUFJLEtBQUssQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDO2dCQUNwQixNQUFNLElBQUksNEJBQVksQ0FBQyxpQkFBaUIsYUFBYSxrQkFBa0IsTUFBTSxDQUFDLFNBQVMsRUFBRSxLQUFLLEVBQUUsQ0FBQyxDQUFDO1lBQ3BHLENBQUM7WUFFRCxJQUFJLENBQUMsS0FBSyxDQUFDLGFBQWEsQ0FBQyxHQUFHLENBQUMsYUFBYSxFQUFFLFFBQVEsQ0FBQyxDQUFDO1lBQ3RELE9BQU8sUUFBUSxDQUFDO1FBQ2xCLENBQUM7UUFBQyxPQUFPLENBQU0sRUFBRSxDQUFDO1lBQ2hCLElBQUksQ0FBQyxDQUFDLElBQUksS0FBSyxtQkFBbUIsRUFBRSxDQUFDO2dCQUNuQyxNQUFNLElBQUksNEJBQVksQ0FDcEIsaUJBQWlCLGFBQWEsdUpBQXVKLENBQ3RMLENBQUM7WUFDSixDQUFDO1lBQ0QsTUFBTSxDQUFDLENBQUM7UUFDVixDQUFDO0lBQ0gsQ0FBQztJQUVNLEtBQUssQ0FBQyxvQkFBb0IsQ0FBQyxjQUFzQjtRQUN0RCxJQUFJLENBQUMsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDO1lBQ2QsTUFBTSxJQUFJLDRCQUFZLENBQUMscUZBQXFGLENBQUMsQ0FBQztRQUNoSCxDQUFDO1FBQ0QsTUFBTSxHQUFHLEdBQUcsSUFBSSxDQUFDLEdBQUcsQ0FBQyxHQUFHLEVBQUUsQ0FBQztRQUUzQiwrQkFBK0I7UUFDL0IsSUFBSSxDQUFDO1lBQ0gsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxZQUFFLENBQUMscUJBQXFCLENBQUMsR0FBRyxDQUFDLEdBQUcsY0FBYyw2Q0FBNkMsQ0FBQyxDQUFDLENBQUM7WUFDekgsTUFBTSxnQkFBZ0IsR0FBRyxNQUFNLEdBQUcsQ0FBQyxvQkFBb0IsQ0FBQztnQkFDdEQsZUFBZSxFQUFFLENBQUMsY0FBYyxDQUFDO2FBQ2xDLENBQUMsQ0FBQztZQUNILE1BQU0scUJBQXFCLEdBQUcsZ0JBQWdCLENBQUMsWUFBYSxDQUFDLENBQUMsQ0FBQyxFQUFFLGFBQWEsQ0FBQztZQUMvRSxJQUFJLHFCQUFxQixFQUFFLENBQUM7Z0JBQzFCLE9BQU8sRUFBRSxhQUFhLEVBQUUscUJBQXFCLEVBQUUsQ0FBQztZQUNsRCxDQUFDO1FBQ0gsQ0FBQztRQUFDLE9BQU8sQ0FBTSxFQUFFLENBQUM7WUFDaEIsSUFBSSxDQUFDLENBQUMsSUFBSSxLQUFLLDZCQUE2QixFQUFFLENBQUM7Z0JBQzdDLE1BQU0sQ0FBQyxDQUFDO1lBQ1YsQ0FBQztRQUNILENBQUM7UUFFRCxpRkFBaUY7UUFDakYsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxZQUFFLENBQUMscUJBQXFCLENBQUMsR0FBRyxDQUFDLEdBQUcsY0FBYywyQkFBMkIsQ0FBQyxDQUFDLENBQUM7UUFDdkcsTUFBTSxRQUFRLEdBQUcsRUFBRSxHQUFHLEVBQUUsY0FBYyxFQUFFLEtBQUssRUFBRSxNQUFNLEVBQUUsQ0FBQztRQUN4RCxNQUFNLFFBQVEsR0FBRyxNQUFNLEdBQUcsQ0FBQyxnQkFBZ0IsQ0FBQztZQUMxQyxjQUFjO1lBQ2QsSUFBSSxFQUFFLENBQUMsUUFBUSxDQUFDO1NBQ2pCLENBQUMsQ0FBQztRQUNILE1BQU0sYUFBYSxHQUFHLFFBQVEsQ0FBQyxVQUFVLEVBQUUsYUFBYSxDQUFDO1FBQ3pELElBQUksQ0FBQyxhQUFhLEVBQUUsQ0FBQztZQUNuQixNQUFNLElBQUksNEJBQVksQ0FBQyx3REFBd0QsYUFBYSxFQUFFLENBQUMsQ0FBQztRQUNsRyxDQUFDO1FBRUQseUdBQXlHO1FBQ3pHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsWUFBRSxDQUFDLHFCQUFxQixDQUFDLEdBQUcsQ0FBQyxHQUFHLGNBQWMseUJBQXlCLENBQUMsQ0FBQyxDQUFDO1FBQ3JHLE1BQU0sR0FBRyxDQUFDLDZCQUE2QixDQUFDO1lBQ3RDLGNBQWM7WUFDZCwwQkFBMEIsRUFBRSxFQUFFLFVBQVUsRUFBRSxJQUFJLEVBQUU7U0FDakQsQ0FBQyxDQUFDO1FBRUgsT0FBTyxFQUFFLGFBQWEsRUFBRSxDQUFDO0lBQzNCLENBQUM7Q0FDRjtBQWhLRCxvREFnS0M7QUFFRCxNQUFhLG9DQUFxQyxTQUFRLG9CQUFvQjtJQUM1RSxZQUFZLFdBQXdCLEVBQUUsR0FBUSxFQUFFLFFBQWtCO1FBQ2hFLEtBQUssQ0FBQyxXQUFXLEVBQUUsR0FBRyxFQUFFLFFBQVEsRUFBRSxVQUFVLEVBQUUsQ0FBQyxDQUFDO0lBQ2xELENBQUM7SUFFRDs7T0FFRztJQUNJLEtBQUssQ0FBQyxhQUFhO1FBQ3hCLE1BQU0sSUFBSSw0QkFBWSxDQUNwQiw4SEFBOEgsQ0FDL0gsQ0FBQztJQUNKLENBQUM7Q0FDRjtBQWJELG9GQWFDO0FBWUQsU0FBUyxVQUFVO0lBQ2pCLE9BQU87UUFDTCxhQUFhLEVBQUUsSUFBSSxHQUFHLEVBQUU7UUFDeEIsV0FBVyxFQUFFLFNBQVM7S0FDdkIsQ0FBQztBQUNKLENBQUM7QUFFRDs7R0FFRztBQUNILE1BQU0sbURBQW1ELEdBQUcsQ0FBQyxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHR5cGUgeyBFbnZpcm9ubWVudCB9IGZyb20gJ0Bhd3MtY2RrL2N4LWFwaSc7XG5pbXBvcnQgeyBmb3JtYXRFcnJvck1lc3NhZ2UgfSBmcm9tICcuLi8uLi91dGlsJztcbmltcG9ydCB0eXBlIHsgU0RLIH0gZnJvbSAnLi4vYXdzLWF1dGgvcHJpdmF0ZSc7XG5pbXBvcnQgeyBJTywgdHlwZSBJb0hlbHBlciB9IGZyb20gJy4uL2lvL3ByaXZhdGUnO1xuaW1wb3J0IHsgTm90aWNlcyB9IGZyb20gJy4uL25vdGljZXMnO1xuaW1wb3J0IHsgVG9vbGtpdEVycm9yIH0gZnJvbSAnLi4vdG9vbGtpdC1lcnJvcic7XG5pbXBvcnQgeyB0eXBlIEVjclJlcG9zaXRvcnlJbmZvLCBUb29sa2l0SW5mbyB9IGZyb20gJy4uL3Rvb2xraXQtaW5mbyc7XG5cbi8qKlxuICogUmVnaXN0cnkgY2xhc3MgZm9yIGBFbnZpcm9ubWVudFJlc291cmNlc2AuXG4gKlxuICogVGhlIHN0YXRlIG1hbmFnZW1lbnQgb2YgdGhpcyBjbGFzcyBpcyBhIGJpdCBub24tc3RhbmRhcmQuIFdlIHdhbnQgdG8gY2FjaGVcbiAqIGRhdGEgcmVsYXRlZCB0byB0b29sa2l0IHN0YWNrcyBhbmQgU1NNIHBhcmFtZXRlcnMsIGJ1dCB3ZSBhcmUgbm90IGluIGNoYXJnZVxuICogb2YgZW5zdXJpbmcgY2FjaGluZyBvZiBTREtzLiBTaW5jZSBgRW52aXJvbm1lbnRSZXNvdXJjZXNgIG5lZWRzIGFuIFNESyB0b1xuICogZnVuY3Rpb24sIHdlIHRyZWF0IGl0IGFzIGFuIGVwaGVtZXJhbCBjbGFzcywgYW5kIHN0b3JlIHRoZSBhY3R1YWwgY2FjaGVkIGRhdGFcbiAqIGluIGBFbnZpcm9ubWVudFJlc291cmNlc1JlZ2lzdHJ5YC5cbiAqL1xuZXhwb3J0IGNsYXNzIEVudmlyb25tZW50UmVzb3VyY2VzUmVnaXN0cnkge1xuICBwcml2YXRlIHJlYWRvbmx5IGNhY2hlID0gbmV3IE1hcDxzdHJpbmcsIEVudmlyb25tZW50Q2FjaGU+KCk7XG5cbiAgY29uc3RydWN0b3IocHJpdmF0ZSByZWFkb25seSB0b29sa2l0U3RhY2tOYW1lPzogc3RyaW5nKSB7XG4gIH1cblxuICBwdWJsaWMgZm9yKHJlc29sdmVkRW52aXJvbm1lbnQ6IEVudmlyb25tZW50LCBzZGs6IFNESywgaW9IZWxwZXI6IElvSGVscGVyKSB7XG4gICAgY29uc3Qga2V5ID0gYCR7cmVzb2x2ZWRFbnZpcm9ubWVudC5hY2NvdW50fToke3Jlc29sdmVkRW52aXJvbm1lbnQucmVnaW9ufWA7XG4gICAgbGV0IGVudkNhY2hlID0gdGhpcy5jYWNoZS5nZXQoa2V5KTtcbiAgICBpZiAoIWVudkNhY2hlKSB7XG4gICAgICBlbnZDYWNoZSA9IGVtcHR5Q2FjaGUoKTtcbiAgICAgIHRoaXMuY2FjaGUuc2V0KGtleSwgZW52Q2FjaGUpO1xuICAgIH1cbiAgICByZXR1cm4gbmV3IEVudmlyb25tZW50UmVzb3VyY2VzKHJlc29sdmVkRW52aXJvbm1lbnQsIHNkaywgaW9IZWxwZXIsIGVudkNhY2hlLCB0aGlzLnRvb2xraXRTdGFja05hbWUpO1xuICB9XG59XG5cbi8qKlxuICogSW50ZXJmYWNlIHdpdGggdGhlIGFjY291bnQgYW5kIHJlZ2lvbiB3ZSdyZSBkZXBsb3lpbmcgaW50b1xuICpcbiAqIE1hbmFnZXMgbG9va3VwcyBmb3IgYm9vdHN0cmFwcGVkIHJlc291cmNlcywgZmFsbGluZyBiYWNrIHRvIHRoZSBsZWdhY3kgXCJDREsgVG9vbGtpdFwiXG4gKiBvcmlnaW5hbCBib290c3RyYXAgc3RhY2sgaWYgbmVjZXNzYXJ5LlxuICpcbiAqIFRoZSBzdGF0ZSBtYW5hZ2VtZW50IG9mIHRoaXMgY2xhc3MgaXMgYSBiaXQgbm9uLXN0YW5kYXJkLiBXZSB3YW50IHRvIGNhY2hlXG4gKiBkYXRhIHJlbGF0ZWQgdG8gdG9vbGtpdCBzdGFja3MgYW5kIFNTTSBwYXJhbWV0ZXJzLCBidXQgd2UgYXJlIG5vdCBpbiBjaGFyZ2VcbiAqIG9mIGVuc3VyaW5nIGNhY2hpbmcgb2YgU0RLcy4gU2luY2UgYEVudmlyb25tZW50UmVzb3VyY2VzYCBuZWVkcyBhbiBTREsgdG9cbiAqIGZ1bmN0aW9uLCB3ZSB0cmVhdCBpdCBhcyBhbiBlcGhlbWVyYWwgY2xhc3MsIGFuZCBzdG9yZSB0aGUgYWN0dWFsIGNhY2hlZCBkYXRhXG4gKiBpbiBgRW52aXJvbm1lbnRSZXNvdXJjZXNSZWdpc3RyeWAuXG4gKi9cbmV4cG9ydCBjbGFzcyBFbnZpcm9ubWVudFJlc291cmNlcyB7XG4gIGNvbnN0cnVjdG9yKFxuICAgIHB1YmxpYyByZWFkb25seSBlbnZpcm9ubWVudDogRW52aXJvbm1lbnQsXG4gICAgcHJpdmF0ZSByZWFkb25seSBzZGs6IFNESyxcbiAgICBwcml2YXRlIHJlYWRvbmx5IGlvSGVscGVyOiBJb0hlbHBlcixcbiAgICBwcml2YXRlIHJlYWRvbmx5IGNhY2hlOiBFbnZpcm9ubWVudENhY2hlLFxuICAgIHByaXZhdGUgcmVhZG9ubHkgdG9vbGtpdFN0YWNrTmFtZT86IHN0cmluZyxcbiAgKSB7XG4gIH1cblxuICAvKipcbiAgICogTG9vayB1cCB0aGUgdG9vbGtpdCBmb3IgYSBnaXZlbiBlbnZpcm9ubWVudCwgdXNpbmcgYSBnaXZlbiBTREtcbiAgICovXG4gIHB1YmxpYyBhc3luYyBsb29rdXBUb29sa2l0KCkge1xuICAgIGlmICghdGhpcy5jYWNoZS50b29sa2l0SW5mbykge1xuICAgICAgdGhpcy5jYWNoZS50b29sa2l0SW5mbyA9IGF3YWl0IFRvb2xraXRJbmZvLmxvb2t1cCh0aGlzLmVudmlyb25tZW50LCB0aGlzLnNkaywgdGhpcy5pb0hlbHBlciwgdGhpcy50b29sa2l0U3RhY2tOYW1lKTtcbiAgICB9XG4gICAgcmV0dXJuIHRoaXMuY2FjaGUudG9vbGtpdEluZm87XG4gIH1cblxuICAvKipcbiAgICogVmFsaWRhdGUgdGhhdCB0aGUgYm9vdHN0cmFwIHN0YWNrIHZlcnNpb24gbWF0Y2hlcyBvciBleGNlZWRzIHRoZSBleHBlY3RlZCB2ZXJzaW9uXG4gICAqXG4gICAqIFVzZSB0aGUgU1NNIHBhcmFtZXRlciBuYW1lIHRvIHJlYWQgdGhlIHZlcnNpb24gbnVtYmVyIGlmIGdpdmVuLCBvdGhlcndpc2UgdXNlIHRoZSB2ZXJzaW9uXG4gICAqIGRpc2NvdmVyZWQgb24gdGhlIGJvb3RzdHJhcCBzdGFjay5cbiAgICpcbiAgICogUGFzcyBpbiB0aGUgU1NNIHBhcmFtZXRlciBuYW1lIHNvIHdlIGNhbiBjYWNoZSB0aGUgbG9va3VwcyBhbiBkb24ndCBuZWVkIHRvIGRvIHRoZSBzYW1lXG4gICAqIGxvb2t1cCBhZ2FpbiBhbmQgYWdhaW4gZm9yIGV2ZXJ5IGFydGlmYWN0LlxuICAgKi9cbiAgcHVibGljIGFzeW5jIHZhbGlkYXRlVmVyc2lvbihleHBlY3RlZFZlcnNpb246IG51bWJlciB8IHVuZGVmaW5lZCwgc3NtUGFyYW1ldGVyTmFtZTogc3RyaW5nIHwgdW5kZWZpbmVkKSB7XG4gICAgaWYgKGV4cGVjdGVkVmVyc2lvbiA9PT0gdW5kZWZpbmVkKSB7XG4gICAgICAvLyBObyByZXF1aXJlbWVudFxuICAgICAgcmV0dXJuO1xuICAgIH1cbiAgICBjb25zdCBkZWZFeHBlY3RlZFZlcnNpb24gPSBleHBlY3RlZFZlcnNpb247XG5cbiAgICBpZiAoc3NtUGFyYW1ldGVyTmFtZSAhPT0gdW5kZWZpbmVkKSB7XG4gICAgICB0cnkge1xuICAgICAgICBkb1ZhbGlkYXRlKGF3YWl0IHRoaXMudmVyc2lvbkZyb21Tc21QYXJhbWV0ZXIoc3NtUGFyYW1ldGVyTmFtZSksIHRoaXMuZW52aXJvbm1lbnQpO1xuICAgICAgICByZXR1cm47XG4gICAgICB9IGNhdGNoIChlOiBhbnkpIHtcbiAgICAgICAgaWYgKGUubmFtZSAhPT0gJ0FjY2Vzc0RlbmllZEV4Y2VwdGlvbicpIHtcbiAgICAgICAgICB0aHJvdyBlO1xuICAgICAgICB9XG5cbiAgICAgICAgLy8gVGhpcyBpcyBhIGZhbGxiYWNrISBUaGUgYm9vdHN0cmFwIHRlbXBsYXRlIHRoYXQgZ29lcyBhbG9uZyB3aXRoIHRoaXMgY2hhbmdlIGludHJvZHVjZXNcbiAgICAgICAgLy8gYSBuZXcgJ3NzbTpHZXRQYXJhbWV0ZXInIHBlcm1pc3Npb24sIGJ1dCB3aGVuIHJ1biB1c2luZyB0aGUgcHJldmlvdXMgYm9vdHN0cmFwIHRlbXBsYXRlIHdlXG4gICAgICAgIC8vIHdvbid0IGhhdmUgdGhlIHBlcm1pc3Npb25zIHlldCB0byByZWFkIHRoZSB2ZXJzaW9uLCBzbyB3ZSB3b24ndCBiZSBhYmxlIHRvIHNob3cgdGhlXG4gICAgICAgIC8vIG1lc3NhZ2UgdGVsbGluZyB0aGUgdXNlciB0aGV5IG5lZWQgdG8gdXBkYXRlISBXaGVuIHdlIHNlZSBhbiBBY2Nlc3NEZW5pZWRFeGNlcHRpb24sIGZhbGxcbiAgICAgICAgLy8gYmFjayB0byB0aGUgdmVyc2lvbiB3ZSByZWFkIGZyb20gU3RhY2sgT3V0cHV0czsgYnV0IE9OTFkgaWYgdGhlIHZlcnNpb24gd2UgZGlzY292ZXJlZCB2aWFcbiAgICAgICAgLy8gb3V0cHV0cyBpcyBsZWdpdGltYXRlbHkgYW4gb2xkIHZlcnNpb24uIElmIGl0J3MgbmV3ZXIgdGhhbiB0aGF0LCBzb21ldGhpbmcgZWxzZSBtdXN0IGJlIGJyb2tlbixcbiAgICAgICAgLy8gc28gbGV0IGl0IGZhaWwgYXMgaXQgd291bGQgaWYgd2UgZGlkbid0IGhhdmUgdGhpcyBmYWxsYmFjay5cbiAgICAgICAgY29uc3QgYm9vdHN0cmFwU3RhY2sgPSBhd2FpdCB0aGlzLmxvb2t1cFRvb2xraXQoKTtcbiAgICAgICAgaWYgKGJvb3RzdHJhcFN0YWNrLmZvdW5kICYmIGJvb3RzdHJhcFN0YWNrLnZlcnNpb24gPCBCT09UU1RSQVBfVEVNUExBVEVfVkVSU0lPTl9JTlRST0RVQ0lOR19HRVRQQVJBTUVURVIpIHtcbiAgICAgICAgICBhd2FpdCB0aGlzLmlvSGVscGVyLm5vdGlmeShJTy5ERUZBVUxUX1RPT0xLSVRfV0FSTi5tc2coXG4gICAgICAgICAgICBgQ291bGQgbm90IHJlYWQgU1NNIHBhcmFtZXRlciAke3NzbVBhcmFtZXRlck5hbWV9OiAke2Zvcm1hdEVycm9yTWVzc2FnZShlKX0sIGZhbGxpbmcgYmFjayB0byB2ZXJzaW9uIGZyb20gJHtib290c3RyYXBTdGFja31gLFxuICAgICAgICAgICkpO1xuICAgICAgICAgIGRvVmFsaWRhdGUoYm9vdHN0cmFwU3RhY2sudmVyc2lvbiwgdGhpcy5lbnZpcm9ubWVudCk7XG4gICAgICAgICAgcmV0dXJuO1xuICAgICAgICB9XG5cbiAgICAgICAgdGhyb3cgbmV3IFRvb2xraXRFcnJvcihcbiAgICAgICAgICBgVGhpcyBDREsgZGVwbG95bWVudCByZXF1aXJlcyBib290c3RyYXAgc3RhY2sgdmVyc2lvbiAnJHtleHBlY3RlZFZlcnNpb259JywgYnV0IGR1cmluZyB0aGUgY29uZmlybWF0aW9uIHZpYSBTU00gcGFyYW1ldGVyICR7c3NtUGFyYW1ldGVyTmFtZX0gdGhlIGZvbGxvd2luZyBlcnJvciBvY2N1cnJlZDogJHtlfWAsXG4gICAgICAgICk7XG4gICAgICB9XG4gICAgfVxuXG4gICAgLy8gTm8gU1NNIHBhcmFtZXRlclxuICAgIGNvbnN0IGJvb3RzdHJhcFN0YWNrID0gYXdhaXQgdGhpcy5sb29rdXBUb29sa2l0KCk7XG4gICAgZG9WYWxpZGF0ZShib290c3RyYXBTdGFjay52ZXJzaW9uLCB0aGlzLmVudmlyb25tZW50KTtcblxuICAgIGZ1bmN0aW9uIGRvVmFsaWRhdGUodmVyc2lvbjogbnVtYmVyLCBlbnZpcm9ubWVudDogRW52aXJvbm1lbnQpIHtcbiAgICAgIGNvbnN0IG5vdGljZXMgPSBOb3RpY2VzLmdldCgpO1xuICAgICAgaWYgKG5vdGljZXMpIHtcbiAgICAgICAgLy8gaWYgYE5vdGljZXNgIGhhc24ndCBiZWVuIGluaXRpYWxpemVkIHRoZXJlIGlzIHByb2JhYmx5IGEgZ29vZFxuICAgICAgICAvLyByZWFzb24gZm9yIGl0LiBoYW5kbGUgZ3JhY2VmdWxseS5cbiAgICAgICAgbm90aWNlcy5hZGRCb290c3RyYXBwZWRFbnZpcm9ubWVudCh7IGJvb3RzdHJhcFN0YWNrVmVyc2lvbjogdmVyc2lvbiwgZW52aXJvbm1lbnQgfSk7XG4gICAgICB9XG4gICAgICBpZiAoZGVmRXhwZWN0ZWRWZXJzaW9uID4gdmVyc2lvbikge1xuICAgICAgICB0aHJvdyBuZXcgVG9vbGtpdEVycm9yKFxuICAgICAgICAgIGBUaGlzIENESyBkZXBsb3ltZW50IHJlcXVpcmVzIGJvb3RzdHJhcCBzdGFjayB2ZXJzaW9uICcke2V4cGVjdGVkVmVyc2lvbn0nLCBmb3VuZCAnJHt2ZXJzaW9ufScuIFBsZWFzZSBydW4gJ2NkayBib290c3RyYXAnLmAsXG4gICAgICAgICk7XG4gICAgICB9XG4gICAgfVxuICB9XG5cbiAgLyoqXG4gICAqIFJlYWQgYSB2ZXJzaW9uIGZyb20gYW4gU1NNIHBhcmFtZXRlciwgY2FjaGVkXG4gICAqL1xuICBwdWJsaWMgYXN5bmMgdmVyc2lvbkZyb21Tc21QYXJhbWV0ZXIocGFyYW1ldGVyTmFtZTogc3RyaW5nKTogUHJvbWlzZTxudW1iZXI+IHtcbiAgICBjb25zdCBleGlzdGluZyA9IHRoaXMuY2FjaGUuc3NtUGFyYW1ldGVycy5nZXQocGFyYW1ldGVyTmFtZSk7XG4gICAgaWYgKGV4aXN0aW5nICE9PSB1bmRlZmluZWQpIHtcbiAgICAgIHJldHVybiBleGlzdGluZztcbiAgICB9XG5cbiAgICBjb25zdCBzc20gPSB0aGlzLnNkay5zc20oKTtcblxuICAgIHRyeSB7XG4gICAgICBjb25zdCByZXN1bHQgPSBhd2FpdCBzc20uZ2V0UGFyYW1ldGVyKHsgTmFtZTogcGFyYW1ldGVyTmFtZSB9KTtcblxuICAgICAgY29uc3QgYXNOdW1iZXIgPSBwYXJzZUludChgJHtyZXN1bHQuUGFyYW1ldGVyPy5WYWx1ZX1gLCAxMCk7XG4gICAgICBpZiAoaXNOYU4oYXNOdW1iZXIpKSB7XG4gICAgICAgIHRocm93IG5ldyBUb29sa2l0RXJyb3IoYFNTTSBwYXJhbWV0ZXIgJHtwYXJhbWV0ZXJOYW1lfSBub3QgYSBudW1iZXI6ICR7cmVzdWx0LlBhcmFtZXRlcj8uVmFsdWV9YCk7XG4gICAgICB9XG5cbiAgICAgIHRoaXMuY2FjaGUuc3NtUGFyYW1ldGVycy5zZXQocGFyYW1ldGVyTmFtZSwgYXNOdW1iZXIpO1xuICAgICAgcmV0dXJuIGFzTnVtYmVyO1xuICAgIH0gY2F0Y2ggKGU6IGFueSkge1xuICAgICAgaWYgKGUubmFtZSA9PT0gJ1BhcmFtZXRlck5vdEZvdW5kJykge1xuICAgICAgICB0aHJvdyBuZXcgVG9vbGtpdEVycm9yKFxuICAgICAgICAgIGBTU00gcGFyYW1ldGVyICR7cGFyYW1ldGVyTmFtZX0gbm90IGZvdW5kLiBIYXMgdGhlIGVudmlyb25tZW50IGJlZW4gYm9vdHN0cmFwcGVkPyBQbGVhc2UgcnVuIFxcJ2NkayBib290c3RyYXBcXCcgKHNlZSBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vY2RrL2xhdGVzdC9ndWlkZS9ib290c3RyYXBwaW5nLmh0bWwpYCxcbiAgICAgICAgKTtcbiAgICAgIH1cbiAgICAgIHRocm93IGU7XG4gICAgfVxuICB9XG5cbiAgcHVibGljIGFzeW5jIHByZXBhcmVFY3JSZXBvc2l0b3J5KHJlcG9zaXRvcnlOYW1lOiBzdHJpbmcpOiBQcm9taXNlPEVjclJlcG9zaXRvcnlJbmZvPiB7XG4gICAgaWYgKCF0aGlzLnNkaykge1xuICAgICAgdGhyb3cgbmV3IFRvb2xraXRFcnJvcignVG9vbGtpdEluZm8gbmVlZHMgdG8gaGF2ZSBiZWVuIGluaXRpYWxpemVkIHdpdGggYW4gc2RrIHRvIGNhbGwgcHJlcGFyZUVjclJlcG9zaXRvcnknKTtcbiAgICB9XG4gICAgY29uc3QgZWNyID0gdGhpcy5zZGsuZWNyKCk7XG5cbiAgICAvLyBjaGVjayBpZiByZXBvIGFscmVhZHkgZXhpc3RzXG4gICAgdHJ5IHtcbiAgICAgIGF3YWl0IHRoaXMuaW9IZWxwZXIubm90aWZ5KElPLkRFRkFVTFRfVE9PTEtJVF9ERUJVRy5tc2coYCR7cmVwb3NpdG9yeU5hbWV9OiBjaGVja2luZyBpZiBFQ1IgcmVwb3NpdG9yeSBhbHJlYWR5IGV4aXN0c2ApKTtcbiAgICAgIGNvbnN0IGRlc2NyaWJlUmVzcG9uc2UgPSBhd2FpdCBlY3IuZGVzY3JpYmVSZXBvc2l0b3JpZXMoe1xuICAgICAgICByZXBvc2l0b3J5TmFtZXM6IFtyZXBvc2l0b3J5TmFtZV0sXG4gICAgICB9KTtcbiAgICAgIGNvbnN0IGV4aXN0aW5nUmVwb3NpdG9yeVVyaSA9IGRlc2NyaWJlUmVzcG9uc2UucmVwb3NpdG9yaWVzIVswXT8ucmVwb3NpdG9yeVVyaTtcbiAgICAgIGlmIChleGlzdGluZ1JlcG9zaXRvcnlVcmkpIHtcbiAgICAgICAgcmV0dXJuIHsgcmVwb3NpdG9yeVVyaTogZXhpc3RpbmdSZXBvc2l0b3J5VXJpIH07XG4gICAgICB9XG4gICAgfSBjYXRjaCAoZTogYW55KSB7XG4gICAgICBpZiAoZS5uYW1lICE9PSAnUmVwb3NpdG9yeU5vdEZvdW5kRXhjZXB0aW9uJykge1xuICAgICAgICB0aHJvdyBlO1xuICAgICAgfVxuICAgIH1cblxuICAgIC8vIGNyZWF0ZSB0aGUgcmVwbyAodGFnIGl0IHNvIGl0IHdpbGwgYmUgZWFzaWVyIHRvIGdhcmJhZ2UgY29sbGVjdCBpbiB0aGUgZnV0dXJlKVxuICAgIGF3YWl0IHRoaXMuaW9IZWxwZXIubm90aWZ5KElPLkRFRkFVTFRfVE9PTEtJVF9ERUJVRy5tc2coYCR7cmVwb3NpdG9yeU5hbWV9OiBjcmVhdGluZyBFQ1IgcmVwb3NpdG9yeWApKTtcbiAgICBjb25zdCBhc3NldFRhZyA9IHsgS2V5OiAnYXdzY2RrOmFzc2V0JywgVmFsdWU6ICd0cnVlJyB9O1xuICAgIGNvbnN0IHJlc3BvbnNlID0gYXdhaXQgZWNyLmNyZWF0ZVJlcG9zaXRvcnkoe1xuICAgICAgcmVwb3NpdG9yeU5hbWUsXG4gICAgICB0YWdzOiBbYXNzZXRUYWddLFxuICAgIH0pO1xuICAgIGNvbnN0IHJlcG9zaXRvcnlVcmkgPSByZXNwb25zZS5yZXBvc2l0b3J5Py5yZXBvc2l0b3J5VXJpO1xuICAgIGlmICghcmVwb3NpdG9yeVVyaSkge1xuICAgICAgdGhyb3cgbmV3IFRvb2xraXRFcnJvcihgQ3JlYXRlUmVwb3NpdG9yeSBkaWQgbm90IHJldHVybiBhIHJlcG9zaXRvcnkgVVJJIGZvciAke3JlcG9zaXRvcnlVcml9YCk7XG4gICAgfVxuXG4gICAgLy8gY29uZmlndXJlIGltYWdlIHNjYW5uaW5nIG9uIHB1c2ggKGhlbHBzIGluIGlkZW50aWZ5aW5nIHNvZnR3YXJlIHZ1bG5lcmFiaWxpdGllcywgbm8gYWRkaXRpb25hbCBjaGFyZ2UpXG4gICAgYXdhaXQgdGhpcy5pb0hlbHBlci5ub3RpZnkoSU8uREVGQVVMVF9UT09MS0lUX0RFQlVHLm1zZyhgJHtyZXBvc2l0b3J5TmFtZX06IGVuYWJsZSBpbWFnZSBzY2FubmluZ2ApKTtcbiAgICBhd2FpdCBlY3IucHV0SW1hZ2VTY2FubmluZ0NvbmZpZ3VyYXRpb24oe1xuICAgICAgcmVwb3NpdG9yeU5hbWUsXG4gICAgICBpbWFnZVNjYW5uaW5nQ29uZmlndXJhdGlvbjogeyBzY2FuT25QdXNoOiB0cnVlIH0sXG4gICAgfSk7XG5cbiAgICByZXR1cm4geyByZXBvc2l0b3J5VXJpIH07XG4gIH1cbn1cblxuZXhwb3J0IGNsYXNzIE5vQm9vdHN0cmFwU3RhY2tFbnZpcm9ubWVudFJlc291cmNlcyBleHRlbmRzIEVudmlyb25tZW50UmVzb3VyY2VzIHtcbiAgY29uc3RydWN0b3IoZW52aXJvbm1lbnQ6IEVudmlyb25tZW50LCBzZGs6IFNESywgaW9IZWxwZXI6IElvSGVscGVyKSB7XG4gICAgc3VwZXIoZW52aXJvbm1lbnQsIHNkaywgaW9IZWxwZXIsIGVtcHR5Q2FjaGUoKSk7XG4gIH1cblxuICAvKipcbiAgICogTG9vayB1cCB0aGUgdG9vbGtpdCBmb3IgYSBnaXZlbiBlbnZpcm9ubWVudCwgdXNpbmcgYSBnaXZlbiBTREtcbiAgICovXG4gIHB1YmxpYyBhc3luYyBsb29rdXBUb29sa2l0KCk6IFByb21pc2U8VG9vbGtpdEluZm8+IHtcbiAgICB0aHJvdyBuZXcgVG9vbGtpdEVycm9yKFxuICAgICAgJ1RyeWluZyB0byBwZXJmb3JtIGFuIG9wZXJhdGlvbiB0aGF0IHJlcXVpcmVzIGEgYm9vdHN0cmFwIHN0YWNrOyB5b3Ugc2hvdWxkIG5vdCBzZWUgdGhpcyBlcnJvciwgdGhpcyBpcyBhIGJ1ZyBpbiB0aGUgQ0RLIENMSS4nLFxuICAgICk7XG4gIH1cbn1cblxuLyoqXG4gKiBEYXRhIHRoYXQgaXMgY2FjaGVkIG9uIGEgcGVyLWVudmlyb25tZW50IGxldmVsXG4gKlxuICogVGhpcyBjYWNoZSBtYXkgYmUgc2hhcmVkIGJldHdlZW4gZGlmZmVyZW50IGluc3RhbmNlcyBvZiB0aGUgYEVudmlyb25tZW50UmVzb3VyY2VzYCBjbGFzcy5cbiAqL1xuaW50ZXJmYWNlIEVudmlyb25tZW50Q2FjaGUge1xuICByZWFkb25seSBzc21QYXJhbWV0ZXJzOiBNYXA8c3RyaW5nLCBudW1iZXI+O1xuICB0b29sa2l0SW5mbz86IFRvb2xraXRJbmZvO1xufVxuXG5mdW5jdGlvbiBlbXB0eUNhY2hlKCk6IEVudmlyb25tZW50Q2FjaGUge1xuICByZXR1cm4ge1xuICAgIHNzbVBhcmFtZXRlcnM6IG5ldyBNYXAoKSxcbiAgICB0b29sa2l0SW5mbzogdW5kZWZpbmVkLFxuICB9O1xufVxuXG4vKipcbiAqIFRoZSBib290c3RyYXAgdGVtcGxhdGUgdmVyc2lvbiB0aGF0IGludHJvZHVjZWQgc3NtOkdldFBhcmFtZXRlclxuICovXG5jb25zdCBCT09UU1RSQVBfVEVNUExBVEVfVkVSU0lPTl9JTlRST0RVQ0lOR19HRVRQQVJBTUVURVIgPSA1O1xuIl19

package/lib/api/environment/index.d.ts

@@ -0,0 +1,3 @@
+export * from './environment-access';
+export * from './environment-resources';
+export * from './placeholders';

package/lib/api/environment/index.js

@@ -0,0 +1,20 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./environment-access"), exports);
+__exportStar(require("./environment-resources"), exports);
+__exportStar(require("./placeholders"), exports);
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJpbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsdURBQXFDO0FBQ3JDLDBEQUF3QztBQUN4QyxpREFBK0IiLCJzb3VyY2VzQ29udGVudCI6WyJleHBvcnQgKiBmcm9tICcuL2Vudmlyb25tZW50LWFjY2Vzcyc7XG5leHBvcnQgKiBmcm9tICcuL2Vudmlyb25tZW50LXJlc291cmNlcyc7XG5leHBvcnQgKiBmcm9tICcuL3BsYWNlaG9sZGVycyc7XG4iXX0=

package/lib/api/environment/placeholders.d.ts

@@ -0,0 +1,10 @@
+import { type Environment } from '@aws-cdk/cx-api';
+import type { Branded } from '../../util';
+import type { SdkProvider } from '../aws-auth/private';
+/**
+ * Replace the {ACCOUNT} and {REGION} placeholders in all strings found in a complex object.
+ */
+export declare function replaceEnvPlaceholders<A extends Record<string, string | undefined>>(object: A, env: Environment, sdkProvider: SdkProvider): Promise<{
+    [k in keyof A]: StringWithoutPlaceholders | undefined;
+}>;
+export type StringWithoutPlaceholders = Branded<string, 'NoPlaceholders'>;

package/lib/api/environment/placeholders.js

@@ -0,0 +1,23 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.replaceEnvPlaceholders = replaceEnvPlaceholders;
+const cx_api_1 = require("@aws-cdk/cx-api");
+const plugin_1 = require("../plugin");
+/**
+ * Replace the {ACCOUNT} and {REGION} placeholders in all strings found in a complex object.
+ */
+async function replaceEnvPlaceholders(object, env, sdkProvider) {
+    return cx_api_1.EnvironmentPlaceholders.replaceAsync(object, {
+        accountId: () => Promise.resolve(env.account),
+        region: () => Promise.resolve(env.region),
+        partition: async () => {
+            // There's no good way to get the partition!
+            // We should have had it already, except we don't.
+            //
+            // Best we can do is ask the "base credentials" for this environment for their partition. Cross-partition
+            // AssumeRole'ing will never work anyway, so this answer won't be wrong (it will just be slow!)
+            return (await sdkProvider.baseCredentialsPartition(env, plugin_1.Mode.ForReading)) ?? 'aws';
+        },
+    });
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGxhY2Vob2xkZXJzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsicGxhY2Vob2xkZXJzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBUUEsd0RBaUJDO0FBekJELDRDQUE0RTtBQUc1RSxzQ0FBaUM7QUFFakM7O0dBRUc7QUFDSSxLQUFLLFVBQVUsc0JBQXNCLENBQzFDLE1BQVMsRUFDVCxHQUFnQixFQUNoQixXQUF3QjtJQUV4QixPQUFPLGdDQUF1QixDQUFDLFlBQVksQ0FBQyxNQUFNLEVBQUU7UUFDbEQsU0FBUyxFQUFFLEdBQUcsRUFBRSxDQUFDLE9BQU8sQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLE9BQU8sQ0FBQztRQUM3QyxNQUFNLEVBQUUsR0FBRyxFQUFFLENBQUMsT0FBTyxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDO1FBQ3pDLFNBQVMsRUFBRSxLQUFLLElBQUksRUFBRTtZQUNwQiw0Q0FBNEM7WUFDNUMsa0RBQWtEO1lBQ2xELEVBQUU7WUFDRix5R0FBeUc7WUFDekcsK0ZBQStGO1lBQy9GLE9BQU8sQ0FBQyxNQUFNLFdBQVcsQ0FBQyx3QkFBd0IsQ0FBQyxHQUFHLEVBQUUsYUFBSSxDQUFDLFVBQVUsQ0FBQyxDQUFDLElBQUksS0FBSyxDQUFDO1FBQ3JGLENBQUM7S0FDRixDQUFDLENBQUM7QUFDTCxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgdHlwZSBFbnZpcm9ubWVudCwgRW52aXJvbm1lbnRQbGFjZWhvbGRlcnMgfSBmcm9tICdAYXdzLWNkay9jeC1hcGknO1xuaW1wb3J0IHR5cGUgeyBCcmFuZGVkIH0gZnJvbSAnLi4vLi4vdXRpbCc7XG5pbXBvcnQgdHlwZSB7IFNka1Byb3ZpZGVyIH0gZnJvbSAnLi4vYXdzLWF1dGgvcHJpdmF0ZSc7XG5pbXBvcnQgeyBNb2RlIH0gZnJvbSAnLi4vcGx1Z2luJztcblxuLyoqXG4gKiBSZXBsYWNlIHRoZSB7QUNDT1VOVH0gYW5kIHtSRUdJT059IHBsYWNlaG9sZGVycyBpbiBhbGwgc3RyaW5ncyBmb3VuZCBpbiBhIGNvbXBsZXggb2JqZWN0LlxuICovXG5leHBvcnQgYXN5bmMgZnVuY3Rpb24gcmVwbGFjZUVudlBsYWNlaG9sZGVyczxBIGV4dGVuZHMgUmVjb3JkPHN0cmluZywgc3RyaW5nIHwgdW5kZWZpbmVkPj4oXG4gIG9iamVjdDogQSxcbiAgZW52OiBFbnZpcm9ubWVudCxcbiAgc2RrUHJvdmlkZXI6IFNka1Byb3ZpZGVyLFxuKTogUHJvbWlzZTx7W2sgaW4ga2V5b2YgQV06IFN0cmluZ1dpdGhvdXRQbGFjZWhvbGRlcnMgfCB1bmRlZmluZWR9PiB7XG4gIHJldHVybiBFbnZpcm9ubWVudFBsYWNlaG9sZGVycy5yZXBsYWNlQXN5bmMob2JqZWN0LCB7XG4gICAgYWNjb3VudElkOiAoKSA9PiBQcm9taXNlLnJlc29sdmUoZW52LmFjY291bnQpLFxuICAgIHJlZ2lvbjogKCkgPT4gUHJvbWlzZS5yZXNvbHZlKGVudi5yZWdpb24pLFxuICAgIHBhcnRpdGlvbjogYXN5bmMgKCkgPT4ge1xuICAgICAgLy8gVGhlcmUncyBubyBnb29kIHdheSB0byBnZXQgdGhlIHBhcnRpdGlvbiFcbiAgICAgIC8vIFdlIHNob3VsZCBoYXZlIGhhZCBpdCBhbHJlYWR5LCBleGNlcHQgd2UgZG9uJ3QuXG4gICAgICAvL1xuICAgICAgLy8gQmVzdCB3ZSBjYW4gZG8gaXMgYXNrIHRoZSBcImJhc2UgY3JlZGVudGlhbHNcIiBmb3IgdGhpcyBlbnZpcm9ubWVudCBmb3IgdGhlaXIgcGFydGl0aW9uLiBDcm9zcy1wYXJ0aXRpb25cbiAgICAgIC8vIEFzc3VtZVJvbGUnaW5nIHdpbGwgbmV2ZXIgd29yayBhbnl3YXksIHNvIHRoaXMgYW5zd2VyIHdvbid0IGJlIHdyb25nIChpdCB3aWxsIGp1c3QgYmUgc2xvdyEpXG4gICAgICByZXR1cm4gKGF3YWl0IHNka1Byb3ZpZGVyLmJhc2VDcmVkZW50aWFsc1BhcnRpdGlvbihlbnYsIE1vZGUuRm9yUmVhZGluZykpID8/ICdhd3MnO1xuICAgIH0sXG4gIH0pO1xufVxuXG5leHBvcnQgdHlwZSBTdHJpbmdXaXRob3V0UGxhY2Vob2xkZXJzID0gQnJhbmRlZDxzdHJpbmcsICdOb1BsYWNlaG9sZGVycyc+O1xuIl19