npm - @aws-mdaa/dataops-job-l3-construct - Versions diffs - 1.5.0 → 1.6.0 - Mend

@aws-mdaa/dataops-job-l3-construct 1.5.0 → 1.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (90) hide show

package/node_modules/@aws-mdaa/s3-bucketpolicy-helper/lib/index.js DELETED Viewed

@@ -1,198 +0,0 @@
-"use strict";
-/*!
- * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
- * SPDX-License-Identifier: Apache-2.0
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.RestrictBucketToRoles = exports.RestrictObjectPrefixToRoles = void 0;
-const aws_iam_1 = require("aws-cdk-lib/aws-iam");
-/** Helper class for generating S3 bucket policy statements which grant access to specific object prefixes */
-class RestrictObjectPrefixToRoles {
-    constructor(props) {
-        this._readStatements = [];
-        this._readWriteStatements = [];
-        this._readWriteSuperStatements = [];
-        this._formattedPrefix = '/' + this.formatS3Prefix(props.s3Prefix) + '/*';
-        // Covers our case where two / get resolved because our prefix is actually /
-        this._formattedPrefix = this._formattedPrefix.replace(/\/\//, '/');
-        // FEDERATED / READ
-        if (props.readRoleIds != undefined && props.readRoleIds.length > 0) {
-            // Construct our User:Id roles for read
-            const statement = this._readStatementScaffold(props);
-            statement.addCondition('StringLike', { 'aws:userId': props.readRoleIds.map(x => `${x}:*`) });
-            statement.addAnyPrincipal();
-            this._readStatements.push(statement);
-        }
-        // FEDERATED / READWRITE
-        if (props.readWriteRoleIds != undefined && props.readWriteRoleIds.length > 0) {
-            const statement = this._readWriteStatementScaffold(props);
-            statement.addCondition('StringLike', { 'aws:userId': props.readWriteRoleIds.map(x => `${x}:*`) });
-            statement.addAnyPrincipal();
-            this._readWriteStatements.push(statement);
-        }
-        // FEDERATED / READWRITESUPER
-        if (props.readWriteSuperRoleIds != undefined && props.readWriteSuperRoleIds.length > 0) {
-            const statement = this._readWriteSuperStatementScaffold(props);
-            statement.addCondition('StringLike', { 'aws:userId': props.readWriteSuperRoleIds.map(x => `${x}:*`) });
-            statement.addAnyPrincipal();
-            this._readWriteSuperStatements.push(statement);
-        }
-        // NONFEDERATED / READ
-        if (props.readPrincipals != undefined && props.readPrincipals.length > 0) {
-            const statement = this._readStatementScaffold(props);
-            props.readPrincipals.forEach(principal => {
-                statement.addPrincipals(principal);
-            });
-            this._readStatements.push(statement);
-        }
-        // NONFEDERATED / READWRITE
-        if (props.readWritePrincipals != undefined && props.readWritePrincipals.length > 0) {
-            const statement = this._readWriteStatementScaffold(props);
-            props.readWritePrincipals.forEach(principal => {
-                statement.addPrincipals(principal);
-            });
-            this._readWriteStatements.push(statement);
-        }
-        // NONFEDERATED / READWRITESUPER
-        if (props.readWriteSuperPrincipals != undefined && props.readWriteSuperPrincipals.length > 0) {
-            const statement = this._readWriteSuperStatementScaffold(props);
-            props.readWriteSuperPrincipals.forEach(principal => {
-                statement.addPrincipals(principal);
-            });
-            this._readWriteSuperStatements.push(statement);
-        }
-    }
-    _readStatementScaffold(props) {
-        return new aws_iam_1.PolicyStatement({
-            sid: `${props.s3Prefix.replace(/\\W/g, '')}_Read`,
-            effect: aws_iam_1.Effect.ALLOW,
-            resources: [props.s3Bucket.bucketArn + this._formattedPrefix],
-            actions: RestrictObjectPrefixToRoles.READ_ACTIONS,
-        });
-    }
-    _readWriteStatementScaffold(props) {
-        return new aws_iam_1.PolicyStatement({
-            sid: `${props.s3Prefix.replace(/\\W/g, '')}_ReadWrite`,
-            effect: aws_iam_1.Effect.ALLOW,
-            resources: [props.s3Bucket.bucketArn + this._formattedPrefix],
-            actions: RestrictObjectPrefixToRoles.READ_WRITE_ACTIONS,
-        });
-    }
-    _readWriteSuperStatementScaffold(props) {
-        return new aws_iam_1.PolicyStatement({
-            sid: `${props.s3Prefix.replace(/\\W/g, '')}_ReadWriteSuper`,
-            effect: aws_iam_1.Effect.ALLOW,
-            resources: [props.s3Bucket.bucketArn + this._formattedPrefix],
-            actions: RestrictObjectPrefixToRoles.READ_WRITE_SUPER_ACTIONS,
-        });
-    }
-    readStatements() {
-        return this._readStatements;
-    }
-    readWriteStatements() {
-        return this._readWriteStatements;
-    }
-    readWriteSuperStatements() {
-        return this._readWriteSuperStatements;
-    }
-    statements() {
-        return [...this._readStatements, ...this._readWriteStatements, ...this._readWriteSuperStatements];
-    }
-    formatS3Prefix(prefix) {
-        let rawPrefix = prefix;
-        // Removes trailing slashes
-        rawPrefix = rawPrefix.endsWith('/') ? rawPrefix.slice(0, -1) : rawPrefix;
-        // Removes leading slashes
-        rawPrefix = rawPrefix.startsWith('/') ? rawPrefix.substring(1) : rawPrefix;
-        return rawPrefix;
-    }
-}
-exports.RestrictObjectPrefixToRoles = RestrictObjectPrefixToRoles;
-RestrictObjectPrefixToRoles.READ_ACTIONS = ['s3:GetObject*'];
-RestrictObjectPrefixToRoles.READ_WRITE_ACTIONS = [
-    ...RestrictObjectPrefixToRoles.READ_ACTIONS,
-    's3:PutObject',
-    's3:PutObjectTagging',
-    's3:DeleteObject',
-];
-RestrictObjectPrefixToRoles.READ_WRITE_SUPER_ACTIONS = [
-    ...RestrictObjectPrefixToRoles.READ_WRITE_ACTIONS,
-    's3:DeleteObjectVersion',
-];
-RestrictObjectPrefixToRoles.BUCKET_ALLOW_ACTIONS = ['s3:List*', 's3:GetBucket*'];
-RestrictObjectPrefixToRoles.BUCKET_DENY_ACTIONS = ['s3:PutObject*', 's3:GetObject*', 's3:DeleteObject*'];
-/** Helper class for generating bucket policy statements
- * which allow or deny access to an entire bucket. Used to
- * create bucket-level default deny statements to block accesses
- * not granted in the bucket policy. */
-class RestrictBucketToRoles {
-    constructor(props) {
-        this.resource = [];
-        this.notResource = [];
-        this.denyConditionalNotEquals = {};
-        // Statement allowing access to the bucket for the AROAs
-        this.allowStatement = new aws_iam_1.PolicyStatement({
-            sid: `BucketAllow`,
-            effect: aws_iam_1.Effect.ALLOW,
-            resources: [props.s3Bucket.bucketArn + '/*', props.s3Bucket.bucketArn],
-            actions: RestrictObjectPrefixToRoles.BUCKET_ALLOW_ACTIONS,
-        });
-        this.allowStatement.addAnyPrincipal();
-        this.allowStatement.addCondition('StringLike', { 'aws:userId': props.roleExcludeIds.map(x => `${x}:*`) });
-        // Constuct our deny statement.
-        // prefixIncludes denotes we want to include a prefix in our deny meaning Resource
-        if (props.prefixIncludes) {
-            this.resource = props.prefixIncludes.map(prefix => {
-                return `${props.s3Bucket.bucketArn}/${this.formatS3Prefix(prefix)}`;
-            });
-        }
-        else {
-            this.resource = [props.s3Bucket.bucketArn + '/*'];
-        }
-        // prefixExcludes denote we want to exclude a prefix in our deny meaning notResource
-        if (props.prefixExcludes) {
-            this.notResource = props.prefixExcludes.map(prefix => {
-                return `${props.s3Bucket.bucketArn}/${this.formatS3Prefix(prefix)}`;
-            });
-        }
-        if (this.notResource.length > 0) {
-            this.denyStatement = new aws_iam_1.PolicyStatement({
-                sid: `BucketDeny`,
-                effect: aws_iam_1.Effect.DENY,
-                notResources: this.notResource,
-                actions: RestrictObjectPrefixToRoles.BUCKET_DENY_ACTIONS,
-            });
-        }
-        else {
-            this.denyStatement = new aws_iam_1.PolicyStatement({
-                sid: `BucketDeny`,
-                effect: aws_iam_1.Effect.DENY,
-                resources: this.resource,
-                actions: RestrictObjectPrefixToRoles.BUCKET_DENY_ACTIONS,
-            });
-        }
-        this.denyStatement.addAnyPrincipal();
-        // Build our conditionals.
-        this.denyConditionalNotEquals['aws:userId'] = props.roleExcludeIds.map(x => `${x}:*`);
-        if (props.principalExcludes && props.principalExcludes.length > 0) {
-            this.denyConditionalNotEquals['aws:PrincipalArn'] = [...new Set(props.principalExcludes)].sort((a, b) => a.localeCompare(b));
-        }
-        // Construct our conditional for our deny
-        if (Object.keys(this.denyConditionalNotEquals).length == 1) {
-            this.denyStatement.addCondition('StringNotLike', this.denyConditionalNotEquals);
-        }
-        else {
-            this.denyStatement.addCondition('ForAnyValue:StringNotLike', this.denyConditionalNotEquals);
-        }
-    }
-    formatS3Prefix(prefix) {
-        let rawPrefix = prefix;
-        // Removes trailing slashes
-        rawPrefix = rawPrefix.endsWith('/') ? rawPrefix.slice(0, -1) : rawPrefix;
-        // Removes leading slashes
-        rawPrefix = rawPrefix.startsWith('/') ? rawPrefix.substring(1) : rawPrefix;
-        return `${rawPrefix}/*`;
-    }
-}
-exports.RestrictBucketToRoles = RestrictBucketToRoles;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJpbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiO0FBQUE7OztHQUdHOzs7QUFFSCxpREFBMEU7QUFzQjFFLDZHQUE2RztBQUM3RyxNQUFhLDJCQUEyQjtJQW9CdEMsWUFBWSxLQUFtQztRQUx2QyxvQkFBZSxHQUFzQixFQUFFLENBQUM7UUFDeEMseUJBQW9CLEdBQXNCLEVBQUUsQ0FBQztRQUM3Qyw4QkFBeUIsR0FBc0IsRUFBRSxDQUFDO1FBSXhELElBQUksQ0FBQyxnQkFBZ0IsR0FBRyxHQUFHLEdBQUcsSUFBSSxDQUFDLGNBQWMsQ0FBQyxLQUFLLENBQUMsUUFBUSxDQUFDLEdBQUcsSUFBSSxDQUFDO1FBQ3pFLDRFQUE0RTtRQUM1RSxJQUFJLENBQUMsZ0JBQWdCLEdBQUcsSUFBSSxDQUFDLGdCQUFnQixDQUFDLE9BQU8sQ0FBQyxNQUFNLEVBQUUsR0FBRyxDQUFDLENBQUM7UUFFbkUsbUJBQW1CO1FBQ25CLElBQUksS0FBSyxDQUFDLFdBQVcsSUFBSSxTQUFTLElBQUksS0FBSyxDQUFDLFdBQVcsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDbkUsdUNBQXVDO1lBQ3ZDLE1BQU0sU0FBUyxHQUFHLElBQUksQ0FBQyxzQkFBc0IsQ0FBQyxLQUFLLENBQUMsQ0FBQztZQUNyRCxTQUFTLENBQUMsWUFBWSxDQUFDLFlBQVksRUFBRSxFQUFFLFlBQVksRUFBRSxLQUFLLENBQUMsV0FBVyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLENBQUM7WUFDN0YsU0FBUyxDQUFDLGVBQWUsRUFBRSxDQUFDO1lBQzVCLElBQUksQ0FBQyxlQUFlLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxDQUFDO1FBQ3ZDLENBQUM7UUFDRCx3QkFBd0I7UUFDeEIsSUFBSSxLQUFLLENBQUMsZ0JBQWdCLElBQUksU0FBUyxJQUFJLEtBQUssQ0FBQyxnQkFBZ0IsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDN0UsTUFBTSxTQUFTLEdBQUcsSUFBSSxDQUFDLDJCQUEyQixDQUFDLEtBQUssQ0FBQyxDQUFDO1lBQzFELFNBQVMsQ0FBQyxZQUFZLENBQUMsWUFBWSxFQUFFLEVBQUUsWUFBWSxFQUFFLEtBQUssQ0FBQyxnQkFBZ0IsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1lBQ2xHLFNBQVMsQ0FBQyxlQUFlLEVBQUUsQ0FBQztZQUM1QixJQUFJLENBQUMsb0JBQW9CLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxDQUFDO1FBQzVDLENBQUM7UUFFRCw2QkFBNkI7UUFDN0IsSUFBSSxLQUFLLENBQUMscUJBQXFCLElBQUksU0FBUyxJQUFJLEtBQUssQ0FBQyxxQkFBcUIsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDdkYsTUFBTSxTQUFTLEdBQUcsSUFBSSxDQUFDLGdDQUFnQyxDQUFDLEtBQUssQ0FBQyxDQUFDO1lBQy9ELFNBQVMsQ0FBQyxZQUFZLENBQUMsWUFBWSxFQUFFLEVBQUUsWUFBWSxFQUFFLEtBQUssQ0FBQyxxQkFBcUIsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1lBQ3ZHLFNBQVMsQ0FBQyxlQUFlLEVBQUUsQ0FBQztZQUM1QixJQUFJLENBQUMseUJBQXlCLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxDQUFDO1FBQ2pELENBQUM7UUFFRCxzQkFBc0I7UUFDdEIsSUFBSSxLQUFLLENBQUMsY0FBYyxJQUFJLFNBQVMsSUFBSSxLQUFLLENBQUMsY0FBYyxDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUN6RSxNQUFNLFNBQVMsR0FBRyxJQUFJLENBQUMsc0JBQXNCLENBQUMsS0FBSyxDQUFDLENBQUM7WUFDckQsS0FBSyxDQUFDLGNBQWMsQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLEVBQUU7Z0JBQ3ZDLFNBQVMsQ0FBQyxhQUFhLENBQUMsU0FBUyxDQUFDLENBQUM7WUFDckMsQ0FBQyxDQUFDLENBQUM7WUFDSCxJQUFJLENBQUMsZUFBZSxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsQ0FBQztRQUN2QyxDQUFDO1FBQ0QsMkJBQTJCO1FBQzNCLElBQUksS0FBSyxDQUFDLG1CQUFtQixJQUFJLFNBQVMsSUFBSSxLQUFLLENBQUMsbUJBQW1CLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQ25GLE1BQU0sU0FBUyxHQUFHLElBQUksQ0FBQywyQkFBMkIsQ0FBQyxLQUFLLENBQUMsQ0FBQztZQUMxRCxLQUFLLENBQUMsbUJBQW1CLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxFQUFFO2dCQUM1QyxTQUFTLENBQUMsYUFBYSxDQUFDLFNBQVMsQ0FBQyxDQUFDO1lBQ3JDLENBQUMsQ0FBQyxDQUFDO1lBQ0gsSUFBSSxDQUFDLG9CQUFvQixDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsQ0FBQztRQUM1QyxDQUFDO1FBQ0QsZ0NBQWdDO1FBQ2hDLElBQUksS0FBSyxDQUFDLHdCQUF3QixJQUFJLFNBQVMsSUFBSSxLQUFLLENBQUMsd0JBQXdCLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQzdGLE1BQU0sU0FBUyxHQUFHLElBQUksQ0FBQyxnQ0FBZ0MsQ0FBQyxLQUFLLENBQUMsQ0FBQztZQUMvRCxLQUFLLENBQUMsd0JBQXdCLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxFQUFFO2dCQUNqRCxTQUFTLENBQUMsYUFBYSxDQUFDLFNBQVMsQ0FBQyxDQUFDO1lBQ3JDLENBQUMsQ0FBQyxDQUFDO1lBQ0gsSUFBSSxDQUFDLHlCQUF5QixDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsQ0FBQztRQUNqRCxDQUFDO0lBQ0gsQ0FBQztJQUVPLHNCQUFzQixDQUFDLEtBQW1DO1FBQ2hFLE9BQU8sSUFBSSx5QkFBZSxDQUFDO1lBQ3pCLEdBQUcsRUFBRSxHQUFHLEtBQUssQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsT0FBTztZQUNqRCxNQUFNLEVBQUUsZ0JBQU0sQ0FBQyxLQUFLO1lBQ3BCLFNBQVMsRUFBRSxDQUFDLEtBQUssQ0FBQyxRQUFRLENBQUMsU0FBUyxHQUFHLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQztZQUM3RCxPQUFPLEVBQUUsMkJBQTJCLENBQUMsWUFBWTtTQUNsRCxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRU8sMkJBQTJCLENBQUMsS0FBbUM7UUFDckUsT0FBTyxJQUFJLHlCQUFlLENBQUM7WUFDekIsR0FBRyxFQUFFLEdBQUcsS0FBSyxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsTUFBTSxFQUFFLEVBQUUsQ0FBQyxZQUFZO1lBQ3RELE1BQU0sRUFBRSxnQkFBTSxDQUFDLEtBQUs7WUFDcEIsU0FBUyxFQUFFLENBQUMsS0FBSyxDQUFDLFFBQVEsQ0FBQyxTQUFTLEdBQUcsSUFBSSxDQUFDLGdCQUFnQixDQUFDO1lBQzdELE9BQU8sRUFBRSwyQkFBMkIsQ0FBQyxrQkFBa0I7U0FDeEQsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVPLGdDQUFnQyxDQUFDLEtBQW1DO1FBQzFFLE9BQU8sSUFBSSx5QkFBZSxDQUFDO1lBQ3pCLEdBQUcsRUFBRSxHQUFHLEtBQUssQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsaUJBQWlCO1lBQzNELE1BQU0sRUFBRSxnQkFBTSxDQUFDLEtBQUs7WUFDcEIsU0FBUyxFQUFFLENBQUMsS0FBSyxDQUFDLFFBQVEsQ0FBQyxTQUFTLEdBQUcsSUFBSSxDQUFDLGdCQUFnQixDQUFDO1lBQzdELE9BQU8sRUFBRSwyQkFBMkIsQ0FBQyx3QkFBd0I7U0FDOUQsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVNLGNBQWM7UUFDbkIsT0FBTyxJQUFJLENBQUMsZUFBZSxDQUFDO0lBQzlCLENBQUM7SUFFTSxtQkFBbUI7UUFDeEIsT0FBTyxJQUFJLENBQUMsb0JBQW9CLENBQUM7SUFDbkMsQ0FBQztJQUVNLHdCQUF3QjtRQUM3QixPQUFPLElBQUksQ0FBQyx5QkFBeUIsQ0FBQztJQUN4QyxDQUFDO0lBRU0sVUFBVTtRQUNmLE9BQU8sQ0FBQyxHQUFHLElBQUksQ0FBQyxlQUFlLEVBQUUsR0FBRyxJQUFJLENBQUMsb0JBQW9CLEVBQUUsR0FBRyxJQUFJLENBQUMseUJBQXlCLENBQUMsQ0FBQztJQUNwRyxDQUFDO0lBRU0sY0FBYyxDQUFDLE1BQWM7UUFDbEMsSUFBSSxTQUFTLEdBQUcsTUFBTSxDQUFDO1FBRXZCLDJCQUEyQjtRQUMzQixTQUFTLEdBQUcsU0FBUyxDQUFDLFFBQVEsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUMsU0FBUyxDQUFDLEtBQUssQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsU0FBUyxDQUFDO1FBQ3pFLDBCQUEwQjtRQUMxQixTQUFTLEdBQUcsU0FBUyxDQUFDLFVBQVUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUMsU0FBUyxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsU0FBUyxDQUFDO1FBQzNFLE9BQU8sU0FBUyxDQUFDO0lBQ25CLENBQUM7O0FBOUhILGtFQStIQztBQTlIaUIsd0NBQVksR0FBRyxDQUFDLGVBQWUsQ0FBQyxBQUFwQixDQUFxQjtBQUNqQyw4Q0FBa0IsR0FBRztJQUNuQyxHQUFHLDJCQUEyQixDQUFDLFlBQVk7SUFDM0MsY0FBYztJQUNkLHFCQUFxQjtJQUNyQixpQkFBaUI7Q0FDbEIsQUFMaUMsQ0FLaEM7QUFDYyxvREFBd0IsR0FBRztJQUN6QyxHQUFHLDJCQUEyQixDQUFDLGtCQUFrQjtJQUNqRCx3QkFBd0I7Q0FDekIsQUFIdUMsQ0FHdEM7QUFDYyxnREFBb0IsR0FBRyxDQUFDLFVBQVUsRUFBRSxlQUFlLENBQUMsQUFBaEMsQ0FBaUM7QUFDckQsK0NBQW1CLEdBQUcsQ0FBQyxlQUFlLEVBQUUsZUFBZSxFQUFFLGtCQUFrQixDQUFDLEFBQXpELENBQTBEO0FBb0gvRjs7O3VDQUd1QztBQUN2QyxNQUFhLHFCQUFxQjtJQVVoQyxZQUFZLEtBQTZCO1FBUGpDLGFBQVEsR0FBYSxFQUFFLENBQUM7UUFDeEIsZ0JBQVcsR0FBYSxFQUFFLENBQUM7UUFDM0IsNkJBQXdCLEdBRzVCLEVBQUUsQ0FBQztRQUdMLHdEQUF3RDtRQUN4RCxJQUFJLENBQUMsY0FBYyxHQUFHLElBQUkseUJBQWUsQ0FBQztZQUN4QyxHQUFHLEVBQUUsYUFBYTtZQUNsQixNQUFNLEVBQUUsZ0JBQU0sQ0FBQyxLQUFLO1lBQ3BCLFNBQVMsRUFBRSxDQUFDLEtBQUssQ0FBQyxRQUFRLENBQUMsU0FBUyxHQUFHLElBQUksRUFBRSxLQUFLLENBQUMsUUFBUSxDQUFDLFNBQVMsQ0FBQztZQUN0RSxPQUFPLEVBQUUsMkJBQTJCLENBQUMsb0JBQW9CO1NBQzFELENBQUMsQ0FBQztRQUNILElBQUksQ0FBQyxjQUFjLENBQUMsZUFBZSxFQUFFLENBQUM7UUFDdEMsSUFBSSxDQUFDLGNBQWMsQ0FBQyxZQUFZLENBQUMsWUFBWSxFQUFFLEVBQUUsWUFBWSxFQUFFLEtBQUssQ0FBQyxjQUFjLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsQ0FBQztRQUUxRywrQkFBK0I7UUFDL0Isa0ZBQWtGO1FBQ2xGLElBQUksS0FBSyxDQUFDLGNBQWMsRUFBRSxDQUFDO1lBQ3pCLElBQUksQ0FBQyxRQUFRLEdBQUcsS0FBSyxDQUFDLGNBQWMsQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLEVBQUU7Z0JBQ2hELE9BQU8sR0FBRyxLQUFLLENBQUMsUUFBUSxDQUFDLFNBQVMsSUFBSSxJQUFJLENBQUMsY0FBYyxDQUFDLE1BQU0sQ0FBQyxFQUFFLENBQUM7WUFDdEUsQ0FBQyxDQUFDLENBQUM7UUFDTCxDQUFDO2FBQU0sQ0FBQztZQUNOLElBQUksQ0FBQyxRQUFRLEdBQUcsQ0FBQyxLQUFLLENBQUMsUUFBUSxDQUFDLFNBQVMsR0FBRyxJQUFJLENBQUMsQ0FBQztRQUNwRCxDQUFDO1FBQ0Qsb0ZBQW9GO1FBQ3BGLElBQUksS0FBSyxDQUFDLGNBQWMsRUFBRSxDQUFDO1lBQ3pCLElBQUksQ0FBQyxXQUFXLEdBQUcsS0FBSyxDQUFDLGNBQWMsQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLEVBQUU7Z0JBQ25ELE9BQU8sR0FBRyxLQUFLLENBQUMsUUFBUSxDQUFDLFNBQVMsSUFBSSxJQUFJLENBQUMsY0FBYyxDQUFDLE1BQU0sQ0FBQyxFQUFFLENBQUM7WUFDdEUsQ0FBQyxDQUFDLENBQUM7UUFDTCxDQUFDO1FBRUQsSUFBSSxJQUFJLENBQUMsV0FBVyxDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUNoQyxJQUFJLENBQUMsYUFBYSxHQUFHLElBQUkseUJBQWUsQ0FBQztnQkFDdkMsR0FBRyxFQUFFLFlBQVk7Z0JBQ2pCLE1BQU0sRUFBRSxnQkFBTSxDQUFDLElBQUk7Z0JBQ25CLFlBQVksRUFBRSxJQUFJLENBQUMsV0FBVztnQkFDOUIsT0FBTyxFQUFFLDJCQUEyQixDQUFDLG1CQUFtQjthQUN6RCxDQUFDLENBQUM7UUFDTCxDQUFDO2FBQU0sQ0FBQztZQUNOLElBQUksQ0FBQyxhQUFhLEdBQUcsSUFBSSx5QkFBZSxDQUFDO2dCQUN2QyxHQUFHLEVBQUUsWUFBWTtnQkFDakIsTUFBTSxFQUFFLGdCQUFNLENBQUMsSUFBSTtnQkFDbkIsU0FBUyxFQUFFLElBQUksQ0FBQyxRQUFRO2dCQUN4QixPQUFPLEVBQUUsMkJBQTJCLENBQUMsbUJBQW1CO2FBQ3pELENBQUMsQ0FBQztRQUNMLENBQUM7UUFDRCxJQUFJLENBQUMsYUFBYSxDQUFDLGVBQWUsRUFBRSxDQUFDO1FBRXJDLDBCQUEwQjtRQUMxQixJQUFJLENBQUMsd0JBQXdCLENBQUMsWUFBWSxDQUFDLEdBQUcsS0FBSyxDQUFDLGNBQWMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDdEYsSUFBSSxLQUFLLENBQUMsaUJBQWlCLElBQUksS0FBSyxDQUFDLGlCQUFpQixDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUNsRSxJQUFJLENBQUMsd0JBQXdCLENBQUMsa0JBQWtCLENBQUMsR0FBRyxDQUFDLEdBQUcsSUFBSSxHQUFHLENBQUMsS0FBSyxDQUFDLGlCQUFpQixDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FDdEcsQ0FBQyxDQUFDLGFBQWEsQ0FBQyxDQUFDLENBQUMsQ0FDbkIsQ0FBQztRQUNKLENBQUM7UUFFRCx5Q0FBeUM7UUFDekMsSUFBSSxNQUFNLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyx3QkFBd0IsQ0FBQyxDQUFDLE1BQU0sSUFBSSxDQUFDLEVBQUUsQ0FBQztZQUMzRCxJQUFJLENBQUMsYUFBYSxDQUFDLFlBQVksQ0FBQyxlQUFlLEVBQUUsSUFBSSxDQUFDLHdCQUF3QixDQUFDLENBQUM7UUFDbEYsQ0FBQzthQUFNLENBQUM7WUFDTixJQUFJLENBQUMsYUFBYSxDQUFDLFlBQVksQ0FBQywyQkFBMkIsRUFBRSxJQUFJLENBQUMsd0JBQXdCLENBQUMsQ0FBQztRQUM5RixDQUFDO0lBQ0gsQ0FBQztJQUVPLGNBQWMsQ0FBQyxNQUFjO1FBQ25DLElBQUksU0FBUyxHQUFHLE1BQU0sQ0FBQztRQUV2QiwyQkFBMkI7UUFDM0IsU0FBUyxHQUFHLFNBQVMsQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxDQUFDLFNBQVMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLFNBQVMsQ0FBQztRQUN6RSwwQkFBMEI7UUFDMUIsU0FBUyxHQUFHLFNBQVMsQ0FBQyxVQUFVLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxDQUFDLFNBQVMsQ0FBQyxTQUFTLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLFNBQVMsQ0FBQztRQUMzRSxPQUFPLEdBQUcsU0FBUyxJQUFJLENBQUM7SUFDMUIsQ0FBQztDQUNGO0FBL0VELHNEQStFQyIsInNvdXJjZXNDb250ZW50IjpbIi8qIVxuICogQ29weXJpZ2h0IEFtYXpvbi5jb20sIEluYy4gb3IgaXRzIGFmZmlsaWF0ZXMuIEFsbCBSaWdodHMgUmVzZXJ2ZWQuXG4gKiBTUERYLUxpY2Vuc2UtSWRlbnRpZmllcjogQXBhY2hlLTIuMFxuICovXG5cbmltcG9ydCB7IElQcmluY2lwYWwsIFBvbGljeVN0YXRlbWVudCwgRWZmZWN0IH0gZnJvbSAnYXdzLWNkay1saWIvYXdzLWlhbSc7XG5pbXBvcnQgeyBJQnVja2V0IH0gZnJvbSAnYXdzLWNkay1saWIvYXdzLXMzJztcblxuZXhwb3J0IGludGVyZmFjZSBJUmVzdHJpY3RPYmplY3RQcmVmaXhUb1JvbGVzIHtcbiAgcmVhZG9ubHkgczNCdWNrZXQ6IElCdWNrZXQ7XG4gIHJlYWRvbmx5IHMzUHJlZml4OiBzdHJpbmc7XG4gIHJlYWRvbmx5IHJlYWRSb2xlSWRzPzogc3RyaW5nW107XG4gIHJlYWRvbmx5IHJlYWRXcml0ZVJvbGVJZHM/OiBzdHJpbmdbXTtcbiAgcmVhZG9ubHkgcmVhZFdyaXRlU3VwZXJSb2xlSWRzPzogc3RyaW5nW107XG4gIHJlYWRvbmx5IHJlYWRQcmluY2lwYWxzPzogSVByaW5jaXBhbFtdO1xuICByZWFkb25seSByZWFkV3JpdGVQcmluY2lwYWxzPzogSVByaW5jaXBhbFtdO1xuICByZWFkb25seSByZWFkV3JpdGVTdXBlclByaW5jaXBhbHM/OiBJUHJpbmNpcGFsW107XG59XG5cbmV4cG9ydCBpbnRlcmZhY2UgSVJlc3RyaWN0QnVja2V0VG9Sb2xlcyB7XG4gIHJlYWRvbmx5IHMzQnVja2V0OiBJQnVja2V0O1xuICByZWFkb25seSByb2xlRXhjbHVkZUlkczogc3RyaW5nW107XG4gIHJlYWRvbmx5IHByaW5jaXBhbEV4Y2x1ZGVzPzogc3RyaW5nW107XG4gIHJlYWRvbmx5IHByZWZpeEV4Y2x1ZGVzPzogc3RyaW5nW107XG4gIHJlYWRvbmx5IHByZWZpeEluY2x1ZGVzPzogc3RyaW5nW107XG59XG5cbi8qKiBIZWxwZXIgY2xhc3MgZm9yIGdlbmVyYXRpbmcgUzMgYnVja2V0IHBvbGljeSBzdGF0ZW1lbnRzIHdoaWNoIGdyYW50IGFjY2VzcyB0byBzcGVjaWZpYyBvYmplY3QgcHJlZml4ZXMgKi9cbmV4cG9ydCBjbGFzcyBSZXN0cmljdE9iamVjdFByZWZpeFRvUm9sZXMge1xuICBzdGF0aWMgcmVhZG9ubHkgUkVBRF9BQ1RJT05TID0gWydzMzpHZXRPYmplY3QqJ107XG4gIHN0YXRpYyByZWFkb25seSBSRUFEX1dSSVRFX0FDVElPTlMgPSBbXG4gICAgLi4uUmVzdHJpY3RPYmplY3RQcmVmaXhUb1JvbGVzLlJFQURfQUNUSU9OUyxcbiAgICAnczM6UHV0T2JqZWN0JyxcbiAgICAnczM6UHV0T2JqZWN0VGFnZ2luZycsXG4gICAgJ3MzOkRlbGV0ZU9iamVjdCcsXG4gIF07XG4gIHN0YXRpYyByZWFkb25seSBSRUFEX1dSSVRFX1NVUEVSX0FDVElPTlMgPSBbXG4gICAgLi4uUmVzdHJpY3RPYmplY3RQcmVmaXhUb1JvbGVzLlJFQURfV1JJVEVfQUNUSU9OUyxcbiAgICAnczM6RGVsZXRlT2JqZWN0VmVyc2lvbicsXG4gIF07XG4gIHN0YXRpYyByZWFkb25seSBCVUNLRVRfQUxMT1dfQUNUSU9OUyA9IFsnczM6TGlzdConLCAnczM6R2V0QnVja2V0KiddO1xuICBzdGF0aWMgcmVhZG9ubHkgQlVDS0VUX0RFTllfQUNUSU9OUyA9IFsnczM6UHV0T2JqZWN0KicsICdzMzpHZXRPYmplY3QqJywgJ3MzOkRlbGV0ZU9iamVjdConXTtcblxuICBwcml2YXRlIF9yZWFkU3RhdGVtZW50czogUG9saWN5U3RhdGVtZW50W10gPSBbXTtcbiAgcHJpdmF0ZSBfcmVhZFdyaXRlU3RhdGVtZW50czogUG9saWN5U3RhdGVtZW50W10gPSBbXTtcbiAgcHJpdmF0ZSBfcmVhZFdyaXRlU3VwZXJTdGF0ZW1lbnRzOiBQb2xpY3lTdGF0ZW1lbnRbXSA9IFtdO1xuICBwcml2YXRlIF9mb3JtYXR0ZWRQcmVmaXg6IHN0cmluZztcblxuICBjb25zdHJ1Y3Rvcihwcm9wczogSVJlc3RyaWN0T2JqZWN0UHJlZml4VG9Sb2xlcykge1xuICAgIHRoaXMuX2Zvcm1hdHRlZFByZWZpeCA9ICcvJyArIHRoaXMuZm9ybWF0UzNQcmVmaXgocHJvcHMuczNQcmVmaXgpICsgJy8qJztcbiAgICAvLyBDb3ZlcnMgb3VyIGNhc2Ugd2hlcmUgdHdvIC8gZ2V0IHJlc29sdmVkIGJlY2F1c2Ugb3VyIHByZWZpeCBpcyBhY3R1YWxseSAvXG4gICAgdGhpcy5fZm9ybWF0dGVkUHJlZml4ID0gdGhpcy5fZm9ybWF0dGVkUHJlZml4LnJlcGxhY2UoL1xcL1xcLy8sICcvJyk7XG5cbiAgICAvLyBGRURFUkFURUQgLyBSRUFEXG4gICAgaWYgKHByb3BzLnJlYWRSb2xlSWRzICE9IHVuZGVmaW5lZCAmJiBwcm9wcy5yZWFkUm9sZUlkcy5sZW5ndGggPiAwKSB7XG4gICAgICAvLyBDb25zdHJ1Y3Qgb3VyIFVzZXI6SWQgcm9sZXMgZm9yIHJlYWRcbiAgICAgIGNvbnN0IHN0YXRlbWVudCA9IHRoaXMuX3JlYWRTdGF0ZW1lbnRTY2FmZm9sZChwcm9wcyk7XG4gICAgICBzdGF0ZW1lbnQuYWRkQ29uZGl0aW9uKCdTdHJpbmdMaWtlJywgeyAnYXdzOnVzZXJJZCc6IHByb3BzLnJlYWRSb2xlSWRzLm1hcCh4ID0+IGAke3h9OipgKSB9KTtcbiAgICAgIHN0YXRlbWVudC5hZGRBbnlQcmluY2lwYWwoKTtcbiAgICAgIHRoaXMuX3JlYWRTdGF0ZW1lbnRzLnB1c2goc3RhdGVtZW50KTtcbiAgICB9XG4gICAgLy8gRkVERVJBVEVEIC8gUkVBRFdSSVRFXG4gICAgaWYgKHByb3BzLnJlYWRXcml0ZVJvbGVJZHMgIT0gdW5kZWZpbmVkICYmIHByb3BzLnJlYWRXcml0ZVJvbGVJZHMubGVuZ3RoID4gMCkge1xuICAgICAgY29uc3Qgc3RhdGVtZW50ID0gdGhpcy5fcmVhZFdyaXRlU3RhdGVtZW50U2NhZmZvbGQocHJvcHMpO1xuICAgICAgc3RhdGVtZW50LmFkZENvbmRpdGlvbignU3RyaW5nTGlrZScsIHsgJ2F3czp1c2VySWQnOiBwcm9wcy5yZWFkV3JpdGVSb2xlSWRzLm1hcCh4ID0+IGAke3h9OipgKSB9KTtcbiAgICAgIHN0YXRlbWVudC5hZGRBbnlQcmluY2lwYWwoKTtcbiAgICAgIHRoaXMuX3JlYWRXcml0ZVN0YXRlbWVudHMucHVzaChzdGF0ZW1lbnQpO1xuICAgIH1cblxuICAgIC8vIEZFREVSQVRFRCAvIFJFQURXUklURVNVUEVSXG4gICAgaWYgKHByb3BzLnJlYWRXcml0ZVN1cGVyUm9sZUlkcyAhPSB1bmRlZmluZWQgJiYgcHJvcHMucmVhZFdyaXRlU3VwZXJSb2xlSWRzLmxlbmd0aCA+IDApIHtcbiAgICAgIGNvbnN0IHN0YXRlbWVudCA9IHRoaXMuX3JlYWRXcml0ZVN1cGVyU3RhdGVtZW50U2NhZmZvbGQocHJvcHMpO1xuICAgICAgc3RhdGVtZW50LmFkZENvbmRpdGlvbignU3RyaW5nTGlrZScsIHsgJ2F3czp1c2VySWQnOiBwcm9wcy5yZWFkV3JpdGVTdXBlclJvbGVJZHMubWFwKHggPT4gYCR7eH06KmApIH0pO1xuICAgICAgc3RhdGVtZW50LmFkZEFueVByaW5jaXBhbCgpO1xuICAgICAgdGhpcy5fcmVhZFdyaXRlU3VwZXJTdGF0ZW1lbnRzLnB1c2goc3RhdGVtZW50KTtcbiAgICB9XG5cbiAgICAvLyBOT05GRURFUkFURUQgLyBSRUFEXG4gICAgaWYgKHByb3BzLnJlYWRQcmluY2lwYWxzICE9IHVuZGVmaW5lZCAmJiBwcm9wcy5yZWFkUHJpbmNpcGFscy5sZW5ndGggPiAwKSB7XG4gICAgICBjb25zdCBzdGF0ZW1lbnQgPSB0aGlzLl9yZWFkU3RhdGVtZW50U2NhZmZvbGQocHJvcHMpO1xuICAgICAgcHJvcHMucmVhZFByaW5jaXBhbHMuZm9yRWFjaChwcmluY2lwYWwgPT4ge1xuICAgICAgICBzdGF0ZW1lbnQuYWRkUHJpbmNpcGFscyhwcmluY2lwYWwpO1xuICAgICAgfSk7XG4gICAgICB0aGlzLl9yZWFkU3RhdGVtZW50cy5wdXNoKHN0YXRlbWVudCk7XG4gICAgfVxuICAgIC8vIE5PTkZFREVSQVRFRCAvIFJFQURXUklURVxuICAgIGlmIChwcm9wcy5yZWFkV3JpdGVQcmluY2lwYWxzICE9IHVuZGVmaW5lZCAmJiBwcm9wcy5yZWFkV3JpdGVQcmluY2lwYWxzLmxlbmd0aCA+IDApIHtcbiAgICAgIGNvbnN0IHN0YXRlbWVudCA9IHRoaXMuX3JlYWRXcml0ZVN0YXRlbWVudFNjYWZmb2xkKHByb3BzKTtcbiAgICAgIHByb3BzLnJlYWRXcml0ZVByaW5jaXBhbHMuZm9yRWFjaChwcmluY2lwYWwgPT4ge1xuICAgICAgICBzdGF0ZW1lbnQuYWRkUHJpbmNpcGFscyhwcmluY2lwYWwpO1xuICAgICAgfSk7XG4gICAgICB0aGlzLl9yZWFkV3JpdGVTdGF0ZW1lbnRzLnB1c2goc3RhdGVtZW50KTtcbiAgICB9XG4gICAgLy8gTk9ORkVERVJBVEVEIC8gUkVBRFdSSVRFU1VQRVJcbiAgICBpZiAocHJvcHMucmVhZFdyaXRlU3VwZXJQcmluY2lwYWxzICE9IHVuZGVmaW5lZCAmJiBwcm9wcy5yZWFkV3JpdGVTdXBlclByaW5jaXBhbHMubGVuZ3RoID4gMCkge1xuICAgICAgY29uc3Qgc3RhdGVtZW50ID0gdGhpcy5fcmVhZFdyaXRlU3VwZXJTdGF0ZW1lbnRTY2FmZm9sZChwcm9wcyk7XG4gICAgICBwcm9wcy5yZWFkV3JpdGVTdXBlclByaW5jaXBhbHMuZm9yRWFjaChwcmluY2lwYWwgPT4ge1xuICAgICAgICBzdGF0ZW1lbnQuYWRkUHJpbmNpcGFscyhwcmluY2lwYWwpO1xuICAgICAgfSk7XG4gICAgICB0aGlzLl9yZWFkV3JpdGVTdXBlclN0YXRlbWVudHMucHVzaChzdGF0ZW1lbnQpO1xuICAgIH1cbiAgfVxuXG4gIHByaXZhdGUgX3JlYWRTdGF0ZW1lbnRTY2FmZm9sZChwcm9wczogSVJlc3RyaWN0T2JqZWN0UHJlZml4VG9Sb2xlcyk6IFBvbGljeVN0YXRlbWVudCB7XG4gICAgcmV0dXJuIG5ldyBQb2xpY3lTdGF0ZW1lbnQoe1xuICAgICAgc2lkOiBgJHtwcm9wcy5zM1ByZWZpeC5yZXBsYWNlKC9cXFxcVy9nLCAnJyl9X1JlYWRgLFxuICAgICAgZWZmZWN0OiBFZmZlY3QuQUxMT1csXG4gICAgICByZXNvdXJjZXM6IFtwcm9wcy5zM0J1Y2tldC5idWNrZXRBcm4gKyB0aGlzLl9mb3JtYXR0ZWRQcmVmaXhdLFxuICAgICAgYWN0aW9uczogUmVzdHJpY3RPYmplY3RQcmVmaXhUb1JvbGVzLlJFQURfQUNUSU9OUyxcbiAgICB9KTtcbiAgfVxuXG4gIHByaXZhdGUgX3JlYWRXcml0ZVN0YXRlbWVudFNjYWZmb2xkKHByb3BzOiBJUmVzdHJpY3RPYmplY3RQcmVmaXhUb1JvbGVzKTogUG9saWN5U3RhdGVtZW50IHtcbiAgICByZXR1cm4gbmV3IFBvbGljeVN0YXRlbWVudCh7XG4gICAgICBzaWQ6IGAke3Byb3BzLnMzUHJlZml4LnJlcGxhY2UoL1xcXFxXL2csICcnKX1fUmVhZFdyaXRlYCxcbiAgICAgIGVmZmVjdDogRWZmZWN0LkFMTE9XLFxuICAgICAgcmVzb3VyY2VzOiBbcHJvcHMuczNCdWNrZXQuYnVja2V0QXJuICsgdGhpcy5fZm9ybWF0dGVkUHJlZml4XSxcbiAgICAgIGFjdGlvbnM6IFJlc3RyaWN0T2JqZWN0UHJlZml4VG9Sb2xlcy5SRUFEX1dSSVRFX0FDVElPTlMsXG4gICAgfSk7XG4gIH1cblxuICBwcml2YXRlIF9yZWFkV3JpdGVTdXBlclN0YXRlbWVudFNjYWZmb2xkKHByb3BzOiBJUmVzdHJpY3RPYmplY3RQcmVmaXhUb1JvbGVzKTogUG9saWN5U3RhdGVtZW50IHtcbiAgICByZXR1cm4gbmV3IFBvbGljeVN0YXRlbWVudCh7XG4gICAgICBzaWQ6IGAke3Byb3BzLnMzUHJlZml4LnJlcGxhY2UoL1xcXFxXL2csICcnKX1fUmVhZFdyaXRlU3VwZXJgLFxuICAgICAgZWZmZWN0OiBFZmZlY3QuQUxMT1csXG4gICAgICByZXNvdXJjZXM6IFtwcm9wcy5zM0J1Y2tldC5idWNrZXRBcm4gKyB0aGlzLl9mb3JtYXR0ZWRQcmVmaXhdLFxuICAgICAgYWN0aW9uczogUmVzdHJpY3RPYmplY3RQcmVmaXhUb1JvbGVzLlJFQURfV1JJVEVfU1VQRVJfQUNUSU9OUyxcbiAgICB9KTtcbiAgfVxuXG4gIHB1YmxpYyByZWFkU3RhdGVtZW50cygpOiBQb2xpY3lTdGF0ZW1lbnRbXSB7XG4gICAgcmV0dXJuIHRoaXMuX3JlYWRTdGF0ZW1lbnRzO1xuICB9XG5cbiAgcHVibGljIHJlYWRXcml0ZVN0YXRlbWVudHMoKTogUG9saWN5U3RhdGVtZW50W10ge1xuICAgIHJldHVybiB0aGlzLl9yZWFkV3JpdGVTdGF0ZW1lbnRzO1xuICB9XG5cbiAgcHVibGljIHJlYWRXcml0ZVN1cGVyU3RhdGVtZW50cygpOiBQb2xpY3lTdGF0ZW1lbnRbXSB7XG4gICAgcmV0dXJuIHRoaXMuX3JlYWRXcml0ZVN1cGVyU3RhdGVtZW50cztcbiAgfVxuXG4gIHB1YmxpYyBzdGF0ZW1lbnRzKCk6IFBvbGljeVN0YXRlbWVudFtdIHtcbiAgICByZXR1cm4gWy4uLnRoaXMuX3JlYWRTdGF0ZW1lbnRzLCAuLi50aGlzLl9yZWFkV3JpdGVTdGF0ZW1lbnRzLCAuLi50aGlzLl9yZWFkV3JpdGVTdXBlclN0YXRlbWVudHNdO1xuICB9XG5cbiAgcHVibGljIGZvcm1hdFMzUHJlZml4KHByZWZpeDogc3RyaW5nKTogc3RyaW5nIHtcbiAgICBsZXQgcmF3UHJlZml4ID0gcHJlZml4O1xuXG4gICAgLy8gUmVtb3ZlcyB0cmFpbGluZyBzbGFzaGVzXG4gICAgcmF3UHJlZml4ID0gcmF3UHJlZml4LmVuZHNXaXRoKCcvJykgPyByYXdQcmVmaXguc2xpY2UoMCwgLTEpIDogcmF3UHJlZml4O1xuICAgIC8vIFJlbW92ZXMgbGVhZGluZyBzbGFzaGVzXG4gICAgcmF3UHJlZml4ID0gcmF3UHJlZml4LnN0YXJ0c1dpdGgoJy8nKSA/IHJhd1ByZWZpeC5zdWJzdHJpbmcoMSkgOiByYXdQcmVmaXg7XG4gICAgcmV0dXJuIHJhd1ByZWZpeDtcbiAgfVxufVxuXG4vKiogSGVscGVyIGNsYXNzIGZvciBnZW5lcmF0aW5nIGJ1Y2tldCBwb2xpY3kgc3RhdGVtZW50c1xuICogd2hpY2ggYWxsb3cgb3IgZGVueSBhY2Nlc3MgdG8gYW4gZW50aXJlIGJ1Y2tldC4gVXNlZCB0b1xuICogY3JlYXRlIGJ1Y2tldC1sZXZlbCBkZWZhdWx0IGRlbnkgc3RhdGVtZW50cyB0byBibG9jayBhY2Nlc3Nlc1xuICogbm90IGdyYW50ZWQgaW4gdGhlIGJ1Y2tldCBwb2xpY3kuICovXG5leHBvcnQgY2xhc3MgUmVzdHJpY3RCdWNrZXRUb1JvbGVzIHtcbiAgcHVibGljIHJlYWRvbmx5IGRlbnlTdGF0ZW1lbnQ6IFBvbGljeVN0YXRlbWVudDtcbiAgcHVibGljIHJlYWRvbmx5IGFsbG93U3RhdGVtZW50OiBQb2xpY3lTdGF0ZW1lbnQ7XG4gIHByaXZhdGUgcmVzb3VyY2U6IHN0cmluZ1tdID0gW107XG4gIHByaXZhdGUgbm90UmVzb3VyY2U6IHN0cmluZ1tdID0gW107XG4gIHByaXZhdGUgZGVueUNvbmRpdGlvbmFsTm90RXF1YWxzOiB7XG4gICAgJ2F3czp1c2VySWQnPzogc3RyaW5nW107XG4gICAgJ2F3czpQcmluY2lwYWxBcm4nPzogc3RyaW5nW107XG4gIH0gPSB7fTtcblxuICBjb25zdHJ1Y3Rvcihwcm9wczogSVJlc3RyaWN0QnVja2V0VG9Sb2xlcykge1xuICAgIC8vIFN0YXRlbWVudCBhbGxvd2luZyBhY2Nlc3MgdG8gdGhlIGJ1Y2tldCBmb3IgdGhlIEFST0FzXG4gICAgdGhpcy5hbGxvd1N0YXRlbWVudCA9IG5ldyBQb2xpY3lTdGF0ZW1lbnQoe1xuICAgICAgc2lkOiBgQnVja2V0QWxsb3dgLFxuICAgICAgZWZmZWN0OiBFZmZlY3QuQUxMT1csXG4gICAgICByZXNvdXJjZXM6IFtwcm9wcy5zM0J1Y2tldC5idWNrZXRBcm4gKyAnLyonLCBwcm9wcy5zM0J1Y2tldC5idWNrZXRBcm5dLFxuICAgICAgYWN0aW9uczogUmVzdHJpY3RPYmplY3RQcmVmaXhUb1JvbGVzLkJVQ0tFVF9BTExPV19BQ1RJT05TLFxuICAgIH0pO1xuICAgIHRoaXMuYWxsb3dTdGF0ZW1lbnQuYWRkQW55UHJpbmNpcGFsKCk7XG4gICAgdGhpcy5hbGxvd1N0YXRlbWVudC5hZGRDb25kaXRpb24oJ1N0cmluZ0xpa2UnLCB7ICdhd3M6dXNlcklkJzogcHJvcHMucm9sZUV4Y2x1ZGVJZHMubWFwKHggPT4gYCR7eH06KmApIH0pO1xuXG4gICAgLy8gQ29uc3R1Y3Qgb3VyIGRlbnkgc3RhdGVtZW50LlxuICAgIC8vIHByZWZpeEluY2x1ZGVzIGRlbm90ZXMgd2Ugd2FudCB0byBpbmNsdWRlIGEgcHJlZml4IGluIG91ciBkZW55IG1lYW5pbmcgUmVzb3VyY2VcbiAgICBpZiAocHJvcHMucHJlZml4SW5jbHVkZXMpIHtcbiAgICAgIHRoaXMucmVzb3VyY2UgPSBwcm9wcy5wcmVmaXhJbmNsdWRlcy5tYXAocHJlZml4ID0+IHtcbiAgICAgICAgcmV0dXJuIGAke3Byb3BzLnMzQnVja2V0LmJ1Y2tldEFybn0vJHt0aGlzLmZvcm1hdFMzUHJlZml4KHByZWZpeCl9YDtcbiAgICAgIH0pO1xuICAgIH0gZWxzZSB7XG4gICAgICB0aGlzLnJlc291cmNlID0gW3Byb3BzLnMzQnVja2V0LmJ1Y2tldEFybiArICcvKiddO1xuICAgIH1cbiAgICAvLyBwcmVmaXhFeGNsdWRlcyBkZW5vdGUgd2Ugd2FudCB0byBleGNsdWRlIGEgcHJlZml4IGluIG91ciBkZW55IG1lYW5pbmcgbm90UmVzb3VyY2VcbiAgICBpZiAocHJvcHMucHJlZml4RXhjbHVkZXMpIHtcbiAgICAgIHRoaXMubm90UmVzb3VyY2UgPSBwcm9wcy5wcmVmaXhFeGNsdWRlcy5tYXAocHJlZml4ID0+IHtcbiAgICAgICAgcmV0dXJuIGAke3Byb3BzLnMzQnVja2V0LmJ1Y2tldEFybn0vJHt0aGlzLmZvcm1hdFMzUHJlZml4KHByZWZpeCl9YDtcbiAgICAgIH0pO1xuICAgIH1cblxuICAgIGlmICh0aGlzLm5vdFJlc291cmNlLmxlbmd0aCA+IDApIHtcbiAgICAgIHRoaXMuZGVueVN0YXRlbWVudCA9IG5ldyBQb2xpY3lTdGF0ZW1lbnQoe1xuICAgICAgICBzaWQ6IGBCdWNrZXREZW55YCxcbiAgICAgICAgZWZmZWN0OiBFZmZlY3QuREVOWSxcbiAgICAgICAgbm90UmVzb3VyY2VzOiB0aGlzLm5vdFJlc291cmNlLFxuICAgICAgICBhY3Rpb25zOiBSZXN0cmljdE9iamVjdFByZWZpeFRvUm9sZXMuQlVDS0VUX0RFTllfQUNUSU9OUyxcbiAgICAgIH0pO1xuICAgIH0gZWxzZSB7XG4gICAgICB0aGlzLmRlbnlTdGF0ZW1lbnQgPSBuZXcgUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgc2lkOiBgQnVja2V0RGVueWAsXG4gICAgICAgIGVmZmVjdDogRWZmZWN0LkRFTlksXG4gICAgICAgIHJlc291cmNlczogdGhpcy5yZXNvdXJjZSxcbiAgICAgICAgYWN0aW9uczogUmVzdHJpY3RPYmplY3RQcmVmaXhUb1JvbGVzLkJVQ0tFVF9ERU5ZX0FDVElPTlMsXG4gICAgICB9KTtcbiAgICB9XG4gICAgdGhpcy5kZW55U3RhdGVtZW50LmFkZEFueVByaW5jaXBhbCgpO1xuXG4gICAgLy8gQnVpbGQgb3VyIGNvbmRpdGlvbmFscy5cbiAgICB0aGlzLmRlbnlDb25kaXRpb25hbE5vdEVxdWFsc1snYXdzOnVzZXJJZCddID0gcHJvcHMucm9sZUV4Y2x1ZGVJZHMubWFwKHggPT4gYCR7eH06KmApO1xuICAgIGlmIChwcm9wcy5wcmluY2lwYWxFeGNsdWRlcyAmJiBwcm9wcy5wcmluY2lwYWxFeGNsdWRlcy5sZW5ndGggPiAwKSB7XG4gICAgICB0aGlzLmRlbnlDb25kaXRpb25hbE5vdEVxdWFsc1snYXdzOlByaW5jaXBhbEFybiddID0gWy4uLm5ldyBTZXQocHJvcHMucHJpbmNpcGFsRXhjbHVkZXMpXS5zb3J0KChhLCBiKSA9PlxuICAgICAgICBhLmxvY2FsZUNvbXBhcmUoYiksXG4gICAgICApO1xuICAgIH1cblxuICAgIC8vIENvbnN0cnVjdCBvdXIgY29uZGl0aW9uYWwgZm9yIG91ciBkZW55XG4gICAgaWYgKE9iamVjdC5rZXlzKHRoaXMuZGVueUNvbmRpdGlvbmFsTm90RXF1YWxzKS5sZW5ndGggPT0gMSkge1xuICAgICAgdGhpcy5kZW55U3RhdGVtZW50LmFkZENvbmRpdGlvbignU3RyaW5nTm90TGlrZScsIHRoaXMuZGVueUNvbmRpdGlvbmFsTm90RXF1YWxzKTtcbiAgICB9IGVsc2Uge1xuICAgICAgdGhpcy5kZW55U3RhdGVtZW50LmFkZENvbmRpdGlvbignRm9yQW55VmFsdWU6U3RyaW5nTm90TGlrZScsIHRoaXMuZGVueUNvbmRpdGlvbmFsTm90RXF1YWxzKTtcbiAgICB9XG4gIH1cblxuICBwcml2YXRlIGZvcm1hdFMzUHJlZml4KHByZWZpeDogc3RyaW5nKTogc3RyaW5nIHtcbiAgICBsZXQgcmF3UHJlZml4ID0gcHJlZml4O1xuXG4gICAgLy8gUmVtb3ZlcyB0cmFpbGluZyBzbGFzaGVzXG4gICAgcmF3UHJlZml4ID0gcmF3UHJlZml4LmVuZHNXaXRoKCcvJykgPyByYXdQcmVmaXguc2xpY2UoMCwgLTEpIDogcmF3UHJlZml4O1xuICAgIC8vIFJlbW92ZXMgbGVhZGluZyBzbGFzaGVzXG4gICAgcmF3UHJlZml4ID0gcmF3UHJlZml4LnN0YXJ0c1dpdGgoJy8nKSA/IHJhd1ByZWZpeC5zdWJzdHJpbmcoMSkgOiByYXdQcmVmaXg7XG4gICAgcmV0dXJuIGAke3Jhd1ByZWZpeH0vKmA7XG4gIH1cbn1cbiJdfQ==

package/node_modules/@aws-mdaa/s3-bucketpolicy-helper/lib/index.ts DELETED Viewed

@@ -1,241 +0,0 @@
-/*!
- * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
- * SPDX-License-Identifier: Apache-2.0
- */
-import { IPrincipal, PolicyStatement, Effect } from 'aws-cdk-lib/aws-iam';
-import { IBucket } from 'aws-cdk-lib/aws-s3';
-export interface IRestrictObjectPrefixToRoles {
-  readonly s3Bucket: IBucket;
-  readonly s3Prefix: string;
-  readonly readRoleIds?: string[];
-  readonly readWriteRoleIds?: string[];
-  readonly readWriteSuperRoleIds?: string[];
-  readonly readPrincipals?: IPrincipal[];
-  readonly readWritePrincipals?: IPrincipal[];
-  readonly readWriteSuperPrincipals?: IPrincipal[];
-}
-export interface IRestrictBucketToRoles {
-  readonly s3Bucket: IBucket;
-  readonly roleExcludeIds: string[];
-  readonly principalExcludes?: string[];
-  readonly prefixExcludes?: string[];
-  readonly prefixIncludes?: string[];
-}
-/** Helper class for generating S3 bucket policy statements which grant access to specific object prefixes */
-export class RestrictObjectPrefixToRoles {
-  static readonly READ_ACTIONS = ['s3:GetObject*'];
-  static readonly READ_WRITE_ACTIONS = [
-    ...RestrictObjectPrefixToRoles.READ_ACTIONS,
-    's3:PutObject',
-    's3:PutObjectTagging',
-    's3:DeleteObject',
-  ];
-  static readonly READ_WRITE_SUPER_ACTIONS = [
-    ...RestrictObjectPrefixToRoles.READ_WRITE_ACTIONS,
-    's3:DeleteObjectVersion',
-  ];
-  static readonly BUCKET_ALLOW_ACTIONS = ['s3:List*', 's3:GetBucket*'];
-  static readonly BUCKET_DENY_ACTIONS = ['s3:PutObject*', 's3:GetObject*', 's3:DeleteObject*'];
-  private _readStatements: PolicyStatement[] = [];
-  private _readWriteStatements: PolicyStatement[] = [];
-  private _readWriteSuperStatements: PolicyStatement[] = [];
-  private _formattedPrefix: string;
-  constructor(props: IRestrictObjectPrefixToRoles) {
-    this._formattedPrefix = '/' + this.formatS3Prefix(props.s3Prefix) + '/*';
-    // Covers our case where two / get resolved because our prefix is actually /
-    this._formattedPrefix = this._formattedPrefix.replace(/\/\//, '/');
-    // FEDERATED / READ
-    if (props.readRoleIds != undefined && props.readRoleIds.length > 0) {
-      // Construct our User:Id roles for read
-      const statement = this._readStatementScaffold(props);
-      statement.addCondition('StringLike', { 'aws:userId': props.readRoleIds.map(x => `${x}:*`) });
-      statement.addAnyPrincipal();
-      this._readStatements.push(statement);
-    }
-    // FEDERATED / READWRITE
-    if (props.readWriteRoleIds != undefined && props.readWriteRoleIds.length > 0) {
-      const statement = this._readWriteStatementScaffold(props);
-      statement.addCondition('StringLike', { 'aws:userId': props.readWriteRoleIds.map(x => `${x}:*`) });
-      statement.addAnyPrincipal();
-      this._readWriteStatements.push(statement);
-    }
-    // FEDERATED / READWRITESUPER
-    if (props.readWriteSuperRoleIds != undefined && props.readWriteSuperRoleIds.length > 0) {
-      const statement = this._readWriteSuperStatementScaffold(props);
-      statement.addCondition('StringLike', { 'aws:userId': props.readWriteSuperRoleIds.map(x => `${x}:*`) });
-      statement.addAnyPrincipal();
-      this._readWriteSuperStatements.push(statement);
-    }
-    // NONFEDERATED / READ
-    if (props.readPrincipals != undefined && props.readPrincipals.length > 0) {
-      const statement = this._readStatementScaffold(props);
-      props.readPrincipals.forEach(principal => {
-        statement.addPrincipals(principal);
-      });
-      this._readStatements.push(statement);
-    }
-    // NONFEDERATED / READWRITE
-    if (props.readWritePrincipals != undefined && props.readWritePrincipals.length > 0) {
-      const statement = this._readWriteStatementScaffold(props);
-      props.readWritePrincipals.forEach(principal => {
-        statement.addPrincipals(principal);
-      });
-      this._readWriteStatements.push(statement);
-    }
-    // NONFEDERATED / READWRITESUPER
-    if (props.readWriteSuperPrincipals != undefined && props.readWriteSuperPrincipals.length > 0) {
-      const statement = this._readWriteSuperStatementScaffold(props);
-      props.readWriteSuperPrincipals.forEach(principal => {
-        statement.addPrincipals(principal);
-      });
-      this._readWriteSuperStatements.push(statement);
-    }
-  }
-  private _readStatementScaffold(props: IRestrictObjectPrefixToRoles): PolicyStatement {
-    return new PolicyStatement({
-      sid: `${props.s3Prefix.replace(/\\W/g, '')}_Read`,
-      effect: Effect.ALLOW,
-      resources: [props.s3Bucket.bucketArn + this._formattedPrefix],
-      actions: RestrictObjectPrefixToRoles.READ_ACTIONS,
-    });
-  }
-  private _readWriteStatementScaffold(props: IRestrictObjectPrefixToRoles): PolicyStatement {
-    return new PolicyStatement({
-      sid: `${props.s3Prefix.replace(/\\W/g, '')}_ReadWrite`,
-      effect: Effect.ALLOW,
-      resources: [props.s3Bucket.bucketArn + this._formattedPrefix],
-      actions: RestrictObjectPrefixToRoles.READ_WRITE_ACTIONS,
-    });
-  }
-  private _readWriteSuperStatementScaffold(props: IRestrictObjectPrefixToRoles): PolicyStatement {
-    return new PolicyStatement({
-      sid: `${props.s3Prefix.replace(/\\W/g, '')}_ReadWriteSuper`,
-      effect: Effect.ALLOW,
-      resources: [props.s3Bucket.bucketArn + this._formattedPrefix],
-      actions: RestrictObjectPrefixToRoles.READ_WRITE_SUPER_ACTIONS,
-    });
-  }
-  public readStatements(): PolicyStatement[] {
-    return this._readStatements;
-  }
-  public readWriteStatements(): PolicyStatement[] {
-    return this._readWriteStatements;
-  }
-  public readWriteSuperStatements(): PolicyStatement[] {
-    return this._readWriteSuperStatements;
-  }
-  public statements(): PolicyStatement[] {
-    return [...this._readStatements, ...this._readWriteStatements, ...this._readWriteSuperStatements];
-  }
-  public formatS3Prefix(prefix: string): string {
-    let rawPrefix = prefix;
-    // Removes trailing slashes
-    rawPrefix = rawPrefix.endsWith('/') ? rawPrefix.slice(0, -1) : rawPrefix;
-    // Removes leading slashes
-    rawPrefix = rawPrefix.startsWith('/') ? rawPrefix.substring(1) : rawPrefix;
-    return rawPrefix;
-  }
-}
-/** Helper class for generating bucket policy statements
- * which allow or deny access to an entire bucket. Used to
- * create bucket-level default deny statements to block accesses
- * not granted in the bucket policy. */
-export class RestrictBucketToRoles {
-  public readonly denyStatement: PolicyStatement;
-  public readonly allowStatement: PolicyStatement;
-  private resource: string[] = [];
-  private notResource: string[] = [];
-  private denyConditionalNotEquals: {
-    'aws:userId'?: string[];
-    'aws:PrincipalArn'?: string[];
-  } = {};
-  constructor(props: IRestrictBucketToRoles) {
-    // Statement allowing access to the bucket for the AROAs
-    this.allowStatement = new PolicyStatement({
-      sid: `BucketAllow`,
-      effect: Effect.ALLOW,
-      resources: [props.s3Bucket.bucketArn + '/*', props.s3Bucket.bucketArn],
-      actions: RestrictObjectPrefixToRoles.BUCKET_ALLOW_ACTIONS,
-    });
-    this.allowStatement.addAnyPrincipal();
-    this.allowStatement.addCondition('StringLike', { 'aws:userId': props.roleExcludeIds.map(x => `${x}:*`) });
-    // Constuct our deny statement.
-    // prefixIncludes denotes we want to include a prefix in our deny meaning Resource
-    if (props.prefixIncludes) {
-      this.resource = props.prefixIncludes.map(prefix => {
-        return `${props.s3Bucket.bucketArn}/${this.formatS3Prefix(prefix)}`;
-      });
-    } else {
-      this.resource = [props.s3Bucket.bucketArn + '/*'];
-    }
-    // prefixExcludes denote we want to exclude a prefix in our deny meaning notResource
-    if (props.prefixExcludes) {
-      this.notResource = props.prefixExcludes.map(prefix => {
-        return `${props.s3Bucket.bucketArn}/${this.formatS3Prefix(prefix)}`;
-      });
-    }
-    if (this.notResource.length > 0) {
-      this.denyStatement = new PolicyStatement({
-        sid: `BucketDeny`,
-        effect: Effect.DENY,
-        notResources: this.notResource,
-        actions: RestrictObjectPrefixToRoles.BUCKET_DENY_ACTIONS,
-      });
-    } else {
-      this.denyStatement = new PolicyStatement({
-        sid: `BucketDeny`,
-        effect: Effect.DENY,
-        resources: this.resource,
-        actions: RestrictObjectPrefixToRoles.BUCKET_DENY_ACTIONS,
-      });
-    }
-    this.denyStatement.addAnyPrincipal();
-    // Build our conditionals.
-    this.denyConditionalNotEquals['aws:userId'] = props.roleExcludeIds.map(x => `${x}:*`);
-    if (props.principalExcludes && props.principalExcludes.length > 0) {
-      this.denyConditionalNotEquals['aws:PrincipalArn'] = [...new Set(props.principalExcludes)].sort((a, b) =>
-        a.localeCompare(b),
-      );
-    }
-    // Construct our conditional for our deny
-    if (Object.keys(this.denyConditionalNotEquals).length == 1) {
-      this.denyStatement.addCondition('StringNotLike', this.denyConditionalNotEquals);
-    } else {
-      this.denyStatement.addCondition('ForAnyValue:StringNotLike', this.denyConditionalNotEquals);
-    }
-  }
-  private formatS3Prefix(prefix: string): string {
-    let rawPrefix = prefix;
-    // Removes trailing slashes
-    rawPrefix = rawPrefix.endsWith('/') ? rawPrefix.slice(0, -1) : rawPrefix;
-    // Removes leading slashes
-    rawPrefix = rawPrefix.startsWith('/') ? rawPrefix.substring(1) : rawPrefix;
-    return `${rawPrefix}/*`;
-  }
-}

package/node_modules/@aws-mdaa/s3-bucketpolicy-helper/package.json DELETED Viewed

@@ -1,44 +0,0 @@
-{
-  "name": "@aws-mdaa/s3-bucketpolicy-helper",
-  "description": "MDAA s3-bucketpolicy-helper utility",
-  "author": {
-    "name": "Amazon Web Services",
-    "url": "https://aws.amazon.com/solutions"
-  },
-  "version": "1.5.0",
-  "license": "Apache-2.0",
-  "main": "lib/index.js",
-  "types": "lib/index.d.ts",
-  "scripts": {
-    "build": "tsc",
-    "watch": "tsc -w",
-    "test": "jest --passWithNoTests --testPathIgnorePatterns='.*\\.snapshot\\.test\\.ts'",
-    "lint": "eslint --max-warnings 0 -c ../../../eslint.config.mjs",
-    "test:coverage": "jest --passWithNoTests --coverage --testPathIgnorePatterns='.*\\.snapshot\\.test\\.ts'",
-    "test:snapshots": "jest --passWithNoTests --testPathPattern='.*\\.snapshot\\.test\\.ts'",
-    "test:snapshots:update": "jest --passWithNoTests --testPathPattern='.*\\.snapshot\\.test\\.ts' --updateSnapshot"
-  },
-  "devDependencies": {
-    "@aws-mdaa/testing": "1.5.0",
-    "@types/jest": "29.5.14",
-    "@types/node": "22.9.0",
-    "@types/prettier": "2.6.0",
-    "jest": "29.7.0",
-    "ts-jest": "29.4.6",
-    "ts-node": "10.9.2",
-    "typescript": "5.9.3",
-    "typescript-json-schema": "0.67.1"
-  },
-  "dependencies": {
-    "@aws-mdaa/iam-role-helper": "1.5.0",
-    "@aws-mdaa/naming": "1.5.0",
-    "aws-cdk-lib": "2.220.0",
-    "cdk-nag": "2.37.55",
-    "constructs": "10.0.96"
-  },
-  "gitHead": "8b49a2b371014baec046605ffdbfe38951099c31",
-  "repository": {
-    "type": "git",
-    "url": "https://github.com/aws/modern-data-architecture-accelerator"
-  }
-}