npm - @aws-mdaa/dataops-job-l3-construct - Versions diffs - 1.5.0 → 1.6.0 - Mend

@aws-mdaa/dataops-job-l3-construct 1.5.0 → 1.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (90) hide show

package/node_modules/@aws-mdaa/s3-bucketpolicy-helper/test/bucketpolicy-helper.test.js DELETED Viewed

@@ -1,200 +0,0 @@
-"use strict";
-/*!
- * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
- * SPDX-License-Identifier: Apache-2.0
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-const testing_1 = require("@aws-mdaa/testing");
-const lib_1 = require("../lib");
-const aws_s3_1 = require("aws-cdk-lib/aws-s3");
-const aws_iam_1 = require("aws-cdk-lib/aws-iam");
-describe('Test BucketPolicy Helper', () => {
-    const testApp = new testing_1.MdaaTestApp();
-    const testBucket = aws_s3_1.Bucket.fromBucketName(testApp.testStack, 'test-bucket', 'test-bucket');
-    describe('RestrictPrefix', () => {
-        const baseTestProps = {
-            s3Bucket: testBucket,
-            s3Prefix: 'test-prefix',
-        };
-        test('Read Role Ids', () => {
-            const testProps = {
-                ...baseTestProps,
-                readRoleIds: ['test-role-id-1', 'test-role-id-2'],
-            };
-            const restriction = new lib_1.RestrictObjectPrefixToRoles(testProps);
-            // console.log( JSON.stringify( restriction.statements()[ 0 ], undefined, 2 ) )
-            expect(restriction.statements().length).toBe(1);
-            expect(restriction.readStatements().length).toBe(1);
-            expect(restriction.readWriteSuperStatements().length).toBe(0);
-            expect(restriction.readWriteStatements().length).toBe(0);
-            expect(restriction.readStatements()[0].actions).toStrictEqual(['s3:GetObject*']);
-            expect(restriction.readStatements()[0].conditions).toStrictEqual({
-                StringLike: {
-                    'aws:userId': ['test-role-id-1:*', 'test-role-id-2:*'],
-                },
-            });
-            expect(restriction.readStatements()[0].effect).toBe('Allow');
-            expect(restriction.readStatements()[0].resources).toStrictEqual([
-                'arn:test-partition:s3:::test-bucket/test-prefix/*',
-            ]);
-        });
-        test('ReadWrite Role Ids', () => {
-            const testProps = {
-                ...baseTestProps,
-                readWriteRoleIds: ['test-role-id-1', 'test-role-id-2'],
-            };
-            const restriction = new lib_1.RestrictObjectPrefixToRoles(testProps);
-            // console.log( JSON.stringify( restriction.statements()[ 0 ], undefined, 2 ) )
-            expect(restriction.statements().length).toBe(1);
-            expect(restriction.readWriteStatements().length).toBe(1);
-            expect(restriction.readStatements().length).toBe(0);
-            expect(restriction.readWriteSuperStatements().length).toBe(0);
-            expect(restriction.readWriteStatements()[0].actions).toStrictEqual([
-                's3:GetObject*',
-                's3:PutObject',
-                's3:PutObjectTagging',
-                's3:DeleteObject',
-            ]);
-            expect(restriction.readWriteStatements()[0].conditions).toStrictEqual({
-                StringLike: {
-                    'aws:userId': ['test-role-id-1:*', 'test-role-id-2:*'],
-                },
-            });
-        });
-        test('ReadWriteSuper Role Ids', () => {
-            const testProps = {
-                ...baseTestProps,
-                readWriteSuperRoleIds: ['test-role-id-1', 'test-role-id-2'],
-            };
-            const restriction = new lib_1.RestrictObjectPrefixToRoles(testProps);
-            // console.log( JSON.stringify( restriction.statements()[ 0 ], undefined, 2 ) )
-            expect(restriction.statements().length).toBe(1);
-            expect(restriction.readWriteSuperStatements().length).toBe(1);
-            expect(restriction.readStatements().length).toBe(0);
-            expect(restriction.readWriteStatements().length).toBe(0);
-            expect(restriction.readWriteSuperStatements()[0].actions).toStrictEqual([
-                's3:GetObject*',
-                's3:PutObject',
-                's3:PutObjectTagging',
-                's3:DeleteObject',
-                's3:DeleteObjectVersion',
-            ]);
-            expect(restriction.readWriteSuperStatements()[0].conditions).toStrictEqual({
-                StringLike: {
-                    'aws:userId': ['test-role-id-1:*', 'test-role-id-2:*'],
-                },
-            });
-        });
-        test('Read Principals', () => {
-            const testProps = {
-                ...baseTestProps,
-                readPrincipals: [new aws_iam_1.ArnPrincipal('test-role-arn-1')],
-            };
-            const restriction = new lib_1.RestrictObjectPrefixToRoles(testProps);
-            // console.log( JSON.stringify( restriction.statements()[ 0 ], undefined, 2 ) )
-            expect(restriction.statements().length).toBe(1);
-            expect(restriction.readStatements().length).toBe(1);
-            expect(restriction.readWriteSuperStatements().length).toBe(0);
-            expect(restriction.readWriteStatements().length).toBe(0);
-            expect(restriction.readStatements()[0].actions).toStrictEqual(['s3:GetObject*']);
-            expect(restriction.readStatements()[0].effect).toBe('Allow');
-            expect(restriction.readStatements()[0].resources).toStrictEqual([
-                'arn:test-partition:s3:::test-bucket/test-prefix/*',
-            ]);
-            expect(restriction.readStatements()[0].principals.length).toBe(1);
-            expect(JSON.stringify(restriction.readStatements()[0].principals[0])).toStrictEqual(JSON.stringify({ AWS: ['test-role-arn-1'] }));
-        });
-        test('ReadWrite Principals', () => {
-            const testProps = {
-                ...baseTestProps,
-                readWritePrincipals: [new aws_iam_1.ArnPrincipal('test-role-arn-1')],
-            };
-            const restriction = new lib_1.RestrictObjectPrefixToRoles(testProps);
-            // console.log( JSON.stringify( restriction.statements()[ 0 ], undefined, 2 ) )
-            expect(restriction.statements().length).toBe(1);
-            expect(restriction.readWriteStatements().length).toBe(1);
-            expect(restriction.readStatements().length).toBe(0);
-            expect(restriction.readWriteSuperStatements().length).toBe(0);
-            expect(restriction.readWriteStatements()[0].actions).toStrictEqual([
-                's3:GetObject*',
-                's3:PutObject',
-                's3:PutObjectTagging',
-                's3:DeleteObject',
-            ]);
-            expect(restriction.readWriteStatements()[0].effect).toBe('Allow');
-            expect(restriction.readWriteStatements()[0].resources).toStrictEqual([
-                'arn:test-partition:s3:::test-bucket/test-prefix/*',
-            ]);
-            expect(restriction.readWriteStatements()[0].principals.length).toBe(1);
-            expect(JSON.stringify(restriction.readWriteStatements()[0].principals[0])).toStrictEqual(JSON.stringify({ AWS: ['test-role-arn-1'] }));
-        });
-        test('ReadWriteSuper Principals', () => {
-            const testProps = {
-                ...baseTestProps,
-                readWriteSuperPrincipals: [new aws_iam_1.ArnPrincipal('test-role-arn-1')],
-            };
-            const restriction = new lib_1.RestrictObjectPrefixToRoles(testProps);
-            // console.log( JSON.stringify( restriction.statements()[ 0 ], undefined, 2 ) )
-            expect(restriction.statements().length).toBe(1);
-            expect(restriction.readStatements().length).toBe(0);
-            expect(restriction.readWriteStatements().length).toBe(0);
-            expect(restriction.readWriteSuperStatements().length).toBe(1);
-            expect(restriction.readWriteSuperStatements()[0].actions).toStrictEqual([
-                's3:GetObject*',
-                's3:PutObject',
-                's3:PutObjectTagging',
-                's3:DeleteObject',
-                's3:DeleteObjectVersion',
-            ]);
-            expect(restriction.readWriteSuperStatements()[0].effect).toBe('Allow');
-            expect(restriction.readWriteSuperStatements()[0].resources).toStrictEqual([
-                'arn:test-partition:s3:::test-bucket/test-prefix/*',
-            ]);
-            expect(restriction.readWriteSuperStatements()[0].principals.length).toBe(1);
-            expect(JSON.stringify(restriction.readWriteSuperStatements()[0].principals[0])).toStrictEqual(JSON.stringify({ AWS: ['test-role-arn-1'] }));
-        });
-    });
-    describe('RestrictBucket', () => {
-        const baseTestProps = {
-            s3Bucket: testBucket,
-            roleExcludeIds: ['test-role-id-1', 'test-role-id-2'],
-            principalExcludes: ['test-arn'],
-            prefixExcludes: ['exclude-prefix'],
-            prefixIncludes: ['exclude-prefix'],
-        };
-        test('Base Allow', () => {
-            const testProps = {
-                ...baseTestProps,
-            };
-            const restriction = new lib_1.RestrictBucketToRoles(testProps);
-            console.log(JSON.stringify(restriction.allowStatement, undefined, 2));
-            expect(restriction.allowStatement.actions).toStrictEqual(['s3:List*', 's3:GetBucket*']);
-            expect(restriction.allowStatement.effect).toBe('Allow');
-            expect(restriction.allowStatement.conditions).toStrictEqual({
-                StringLike: {
-                    'aws:userId': ['test-role-id-1:*', 'test-role-id-2:*'],
-                },
-            });
-            expect(restriction.allowStatement.resources).toStrictEqual([
-                'arn:test-partition:s3:::test-bucket/*',
-                'arn:test-partition:s3:::test-bucket',
-            ]);
-        });
-        test('Base Deny', () => {
-            const testProps = {
-                ...baseTestProps,
-            };
-            const restriction = new lib_1.RestrictBucketToRoles(testProps);
-            console.log(JSON.stringify(restriction.denyStatement, undefined, 2));
-            expect(restriction.denyStatement.actions).toStrictEqual(['s3:PutObject*', 's3:GetObject*', 's3:DeleteObject*']);
-            expect(restriction.denyStatement.effect).toBe('Deny');
-            expect(restriction.denyStatement.conditions).toStrictEqual({
-                'ForAnyValue:StringNotLike': {
-                    'aws:userId': ['test-role-id-1:*', 'test-role-id-2:*'],
-                    'aws:PrincipalArn': ['test-arn'],
-                },
-            });
-        });
-    });
-});
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYnVja2V0cG9saWN5LWhlbHBlci50ZXN0LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiYnVja2V0cG9saWN5LWhlbHBlci50ZXN0LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFBQTs7O0dBR0c7O0FBRUgsK0NBQWdEO0FBQ2hELGdDQUtnQjtBQUNoQiwrQ0FBNEM7QUFDNUMsaURBQW1EO0FBRW5ELFFBQVEsQ0FBQywwQkFBMEIsRUFBRSxHQUFHLEVBQUU7SUFDeEMsTUFBTSxPQUFPLEdBQUcsSUFBSSxxQkFBVyxFQUFFLENBQUM7SUFDbEMsTUFBTSxVQUFVLEdBQUcsZUFBTSxDQUFDLGNBQWMsQ0FBQyxPQUFPLENBQUMsU0FBUyxFQUFFLGFBQWEsRUFBRSxhQUFhLENBQUMsQ0FBQztJQUMxRixRQUFRLENBQUMsZ0JBQWdCLEVBQUUsR0FBRyxFQUFFO1FBQzlCLE1BQU0sYUFBYSxHQUFpQztZQUNsRCxRQUFRLEVBQUUsVUFBVTtZQUNwQixRQUFRLEVBQUUsYUFBYTtTQUN4QixDQUFDO1FBQ0YsSUFBSSxDQUFDLGVBQWUsRUFBRSxHQUFHLEVBQUU7WUFDekIsTUFBTSxTQUFTLEdBQWlDO2dCQUM5QyxHQUFHLGFBQWE7Z0JBQ2hCLFdBQVcsRUFBRSxDQUFDLGdCQUFnQixFQUFFLGdCQUFnQixDQUFDO2FBQ2xELENBQUM7WUFDRixNQUFNLFdBQVcsR0FBRyxJQUFJLGlDQUEyQixDQUFDLFNBQVMsQ0FBQyxDQUFDO1lBQy9ELCtFQUErRTtZQUMvRSxNQUFNLENBQUMsV0FBVyxDQUFDLFVBQVUsRUFBRSxDQUFDLE1BQU0sQ0FBQyxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsQ0FBQztZQUNoRCxNQUFNLENBQUMsV0FBVyxDQUFDLGNBQWMsRUFBRSxDQUFDLE1BQU0sQ0FBQyxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsQ0FBQztZQUNwRCxNQUFNLENBQUMsV0FBVyxDQUFDLHdCQUF3QixFQUFFLENBQUMsTUFBTSxDQUFDLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDO1lBQzlELE1BQU0sQ0FBQyxXQUFXLENBQUMsbUJBQW1CLEVBQUUsQ0FBQyxNQUFNLENBQUMsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUM7WUFDekQsTUFBTSxDQUFDLFdBQVcsQ0FBQyxjQUFjLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxPQUFPLENBQUMsQ0FBQyxhQUFhLENBQUMsQ0FBQyxlQUFlLENBQUMsQ0FBQyxDQUFDO1lBQ2pGLE1BQU0sQ0FBQyxXQUFXLENBQUMsY0FBYyxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUMsVUFBVSxDQUFDLENBQUMsYUFBYSxDQUFDO2dCQUMvRCxVQUFVLEVBQUU7b0JBQ1YsWUFBWSxFQUFFLENBQUMsa0JBQWtCLEVBQUUsa0JBQWtCLENBQUM7aUJBQ3ZEO2FBQ0YsQ0FBQyxDQUFDO1lBQ0gsTUFBTSxDQUFDLFdBQVcsQ0FBQyxjQUFjLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxNQUFNLENBQUMsQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLENBQUM7WUFDN0QsTUFBTSxDQUFDLFdBQVcsQ0FBQyxjQUFjLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxTQUFTLENBQUMsQ0FBQyxhQUFhLENBQUM7Z0JBQzlELG1EQUFtRDthQUNwRCxDQUFDLENBQUM7UUFDTCxDQUFDLENBQUMsQ0FBQztRQUVILElBQUksQ0FBQyxvQkFBb0IsRUFBRSxHQUFHLEVBQUU7WUFDOUIsTUFBTSxTQUFTLEdBQWlDO2dCQUM5QyxHQUFHLGFBQWE7Z0JBQ2hCLGdCQUFnQixFQUFFLENBQUMsZ0JBQWdCLEVBQUUsZ0JBQWdCLENBQUM7YUFDdkQsQ0FBQztZQUNGLE1BQU0sV0FBVyxHQUFHLElBQUksaUNBQTJCLENBQUMsU0FBUyxDQUFDLENBQUM7WUFDL0QsK0VBQStFO1lBQy9FLE1BQU0sQ0FBQyxXQUFXLENBQUMsVUFBVSxFQUFFLENBQUMsTUFBTSxDQUFDLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDO1lBQ2hELE1BQU0sQ0FBQyxXQUFXLENBQUMsbUJBQW1CLEVBQUUsQ0FBQyxNQUFNLENBQUMsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUM7WUFDekQsTUFBTSxDQUFDLFdBQVcsQ0FBQyxjQUFjLEVBQUUsQ0FBQyxNQUFNLENBQUMsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUM7WUFDcEQsTUFBTSxDQUFDLFdBQVcsQ0FBQyx3QkFBd0IsRUFBRSxDQUFDLE1BQU0sQ0FBQyxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsQ0FBQztZQUM5RCxNQUFNLENBQUMsV0FBVyxDQUFDLG1CQUFtQixFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDLENBQUMsYUFBYSxDQUFDO2dCQUNqRSxlQUFlO2dCQUNmLGNBQWM7Z0JBQ2QscUJBQXFCO2dCQUNyQixpQkFBaUI7YUFDbEIsQ0FBQyxDQUFDO1lBQ0gsTUFBTSxDQUFDLFdBQVcsQ0FBQyxtQkFBbUIsRUFBRSxDQUFDLENBQUMsQ0FBQyxDQUFDLFVBQVUsQ0FBQyxDQUFDLGFBQWEsQ0FBQztnQkFDcEUsVUFBVSxFQUFFO29CQUNWLFlBQVksRUFBRSxDQUFDLGtCQUFrQixFQUFFLGtCQUFrQixDQUFDO2lCQUN2RDthQUNGLENBQUMsQ0FBQztRQUNMLENBQUMsQ0FBQyxDQUFDO1FBRUgsSUFBSSxDQUFDLHlCQUF5QixFQUFFLEdBQUcsRUFBRTtZQUNuQyxNQUFNLFNBQVMsR0FBaUM7Z0JBQzlDLEdBQUcsYUFBYTtnQkFDaEIscUJBQXFCLEVBQUUsQ0FBQyxnQkFBZ0IsRUFBRSxnQkFBZ0IsQ0FBQzthQUM1RCxDQUFDO1lBQ0YsTUFBTSxXQUFXLEdBQUcsSUFBSSxpQ0FBMkIsQ0FBQyxTQUFTLENBQUMsQ0FBQztZQUMvRCwrRUFBK0U7WUFDL0UsTUFBTSxDQUFDLFdBQVcsQ0FBQyxVQUFVLEVBQUUsQ0FBQyxNQUFNLENBQUMsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUM7WUFDaEQsTUFBTSxDQUFDLFdBQVcsQ0FBQyx3QkFBd0IsRUFBRSxDQUFDLE1BQU0sQ0FBQyxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsQ0FBQztZQUM5RCxNQUFNLENBQUMsV0FBVyxDQUFDLGNBQWMsRUFBRSxDQUFDLE1BQU0sQ0FBQyxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsQ0FBQztZQUNwRCxNQUFNLENBQUMsV0FBVyxDQUFDLG1CQUFtQixFQUFFLENBQUMsTUFBTSxDQUFDLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDO1lBQ3pELE1BQU0sQ0FBQyxXQUFXLENBQUMsd0JBQXdCLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxPQUFPLENBQUMsQ0FBQyxhQUFhLENBQUM7Z0JBQ3RFLGVBQWU7Z0JBQ2YsY0FBYztnQkFDZCxxQkFBcUI7Z0JBQ3JCLGlCQUFpQjtnQkFDakIsd0JBQXdCO2FBQ3pCLENBQUMsQ0FBQztZQUNILE1BQU0sQ0FBQyxXQUFXLENBQUMsd0JBQXdCLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxVQUFVLENBQUMsQ0FBQyxhQUFhLENBQUM7Z0JBQ3pFLFVBQVUsRUFBRTtvQkFDVixZQUFZLEVBQUUsQ0FBQyxrQkFBa0IsRUFBRSxrQkFBa0IsQ0FBQztpQkFDdkQ7YUFDRixDQUFDLENBQUM7UUFDTCxDQUFDLENBQUMsQ0FBQztRQUVILElBQUksQ0FBQyxpQkFBaUIsRUFBRSxHQUFHLEVBQUU7WUFDM0IsTUFBTSxTQUFTLEdBQWlDO2dCQUM5QyxHQUFHLGFBQWE7Z0JBQ2hCLGNBQWMsRUFBRSxDQUFDLElBQUksc0JBQVksQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO2FBQ3RELENBQUM7WUFDRixNQUFNLFdBQVcsR0FBRyxJQUFJLGlDQUEyQixDQUFDLFNBQVMsQ0FBQyxDQUFDO1lBQy9ELCtFQUErRTtZQUMvRSxNQUFNLENBQUMsV0FBVyxDQUFDLFVBQVUsRUFBRSxDQUFDLE1BQU0sQ0FBQyxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsQ0FBQztZQUNoRCxNQUFNLENBQUMsV0FBVyxDQUFDLGNBQWMsRUFBRSxDQUFDLE1BQU0sQ0FBQyxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsQ0FBQztZQUNwRCxNQUFNLENBQUMsV0FBVyxDQUFDLHdCQUF3QixFQUFFLENBQUMsTUFBTSxDQUFDLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDO1lBQzlELE1BQU0sQ0FBQyxXQUFXLENBQUMsbUJBQW1CLEVBQUUsQ0FBQyxNQUFNLENBQUMsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUM7WUFDekQsTUFBTSxDQUFDLFdBQVcsQ0FBQyxjQUFjLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxPQUFPLENBQUMsQ0FBQyxhQUFhLENBQUMsQ0FBQyxlQUFlLENBQUMsQ0FBQyxDQUFDO1lBQ2pGLE1BQU0sQ0FBQyxXQUFXLENBQUMsY0FBYyxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxDQUFDO1lBQzdELE1BQU0sQ0FBQyxXQUFXLENBQUMsY0FBYyxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUMsU0FBUyxDQUFDLENBQUMsYUFBYSxDQUFDO2dCQUM5RCxtREFBbUQ7YUFDcEQsQ0FBQyxDQUFDO1lBQ0gsTUFBTSxDQUFDLFdBQVcsQ0FBQyxjQUFjLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxVQUFVLENBQUMsTUFBTSxDQUFDLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDO1lBQ2xFLE1BQU0sQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLFdBQVcsQ0FBQyxjQUFjLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLGFBQWEsQ0FDakYsSUFBSSxDQUFDLFNBQVMsQ0FBQyxFQUFFLEdBQUcsRUFBRSxDQUFDLGlCQUFpQixDQUFDLEVBQUUsQ0FBQyxDQUM3QyxDQUFDO1FBQ0osQ0FBQyxDQUFDLENBQUM7UUFFSCxJQUFJLENBQUMsc0JBQXNCLEVBQUUsR0FBRyxFQUFFO1lBQ2hDLE1BQU0sU0FBUyxHQUFpQztnQkFDOUMsR0FBRyxhQUFhO2dCQUNoQixtQkFBbUIsRUFBRSxDQUFDLElBQUksc0JBQVksQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO2FBQzNELENBQUM7WUFDRixNQUFNLFdBQVcsR0FBRyxJQUFJLGlDQUEyQixDQUFDLFNBQVMsQ0FBQyxDQUFDO1lBQy9ELCtFQUErRTtZQUMvRSxNQUFNLENBQUMsV0FBVyxDQUFDLFVBQVUsRUFBRSxDQUFDLE1BQU0sQ0FBQyxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsQ0FBQztZQUNoRCxNQUFNLENBQUMsV0FBVyxDQUFDLG1CQUFtQixFQUFFLENBQUMsTUFBTSxDQUFDLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDO1lBQ3pELE1BQU0sQ0FBQyxXQUFXLENBQUMsY0FBYyxFQUFFLENBQUMsTUFBTSxDQUFDLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDO1lBQ3BELE1BQU0sQ0FBQyxXQUFXLENBQUMsd0JBQXdCLEVBQUUsQ0FBQyxNQUFNLENBQUMsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUM7WUFDOUQsTUFBTSxDQUFDLFdBQVcsQ0FBQyxtQkFBbUIsRUFBRSxDQUFDLENBQUMsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxDQUFDLGFBQWEsQ0FBQztnQkFDakUsZUFBZTtnQkFDZixjQUFjO2dCQUNkLHFCQUFxQjtnQkFDckIsaUJBQWlCO2FBQ2xCLENBQUMsQ0FBQztZQUNILE1BQU0sQ0FBQyxXQUFXLENBQUMsbUJBQW1CLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxNQUFNLENBQUMsQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLENBQUM7WUFDbEUsTUFBTSxDQUFDLFdBQVcsQ0FBQyxtQkFBbUIsRUFBRSxDQUFDLENBQUMsQ0FBQyxDQUFDLFNBQVMsQ0FBQyxDQUFDLGFBQWEsQ0FBQztnQkFDbkUsbURBQW1EO2FBQ3BELENBQUMsQ0FBQztZQUNILE1BQU0sQ0FBQyxXQUFXLENBQUMsbUJBQW1CLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxVQUFVLENBQUMsTUFBTSxDQUFDLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDO1lBQ3ZFLE1BQU0sQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLFdBQVcsQ0FBQyxtQkFBbUIsRUFBRSxDQUFDLENBQUMsQ0FBQyxDQUFDLFVBQVUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsYUFBYSxDQUN0RixJQUFJLENBQUMsU0FBUyxDQUFDLEVBQUUsR0FBRyxFQUFFLENBQUMsaUJBQWlCLENBQUMsRUFBRSxDQUFDLENBQzdDLENBQUM7UUFDSixDQUFDLENBQUMsQ0FBQztRQUVILElBQUksQ0FBQywyQkFBMkIsRUFBRSxHQUFHLEVBQUU7WUFDckMsTUFBTSxTQUFTLEdBQWlDO2dCQUM5QyxHQUFHLGFBQWE7Z0JBQ2hCLHdCQUF3QixFQUFFLENBQUMsSUFBSSxzQkFBWSxDQUFDLGlCQUFpQixDQUFDLENBQUM7YUFDaEUsQ0FBQztZQUNGLE1BQU0sV0FBVyxHQUFHLElBQUksaUNBQTJCLENBQUMsU0FBUyxDQUFDLENBQUM7WUFDL0QsK0VBQStFO1lBQy9FLE1BQU0sQ0FBQyxXQUFXLENBQUMsVUFBVSxFQUFFLENBQUMsTUFBTSxDQUFDLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDO1lBQ2hELE1BQU0sQ0FBQyxXQUFXLENBQUMsY0FBYyxFQUFFLENBQUMsTUFBTSxDQUFDLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDO1lBQ3BELE1BQU0sQ0FBQyxXQUFXLENBQUMsbUJBQW1CLEVBQUUsQ0FBQyxNQUFNLENBQUMsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUM7WUFDekQsTUFBTSxDQUFDLFdBQVcsQ0FBQyx3QkFBd0IsRUFBRSxDQUFDLE1BQU0sQ0FBQyxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsQ0FBQztZQUM5RCxNQUFNLENBQUMsV0FBVyxDQUFDLHdCQUF3QixFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDLENBQUMsYUFBYSxDQUFDO2dCQUN0RSxlQUFlO2dCQUNmLGNBQWM7Z0JBQ2QscUJBQXFCO2dCQUNyQixpQkFBaUI7Z0JBQ2pCLHdCQUF3QjthQUN6QixDQUFDLENBQUM7WUFDSCxNQUFNLENBQUMsV0FBVyxDQUFDLHdCQUF3QixFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxDQUFDO1lBQ3ZFLE1BQU0sQ0FBQyxXQUFXLENBQUMsd0JBQXdCLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxTQUFTLENBQUMsQ0FBQyxhQUFhLENBQUM7Z0JBQ3hFLG1EQUFtRDthQUNwRCxDQUFDLENBQUM7WUFDSCxNQUFNLENBQUMsV0FBVyxDQUFDLHdCQUF3QixFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUMsVUFBVSxDQUFDLE1BQU0sQ0FBQyxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsQ0FBQztZQUM1RSxNQUFNLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxXQUFXLENBQUMsd0JBQXdCLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLGFBQWEsQ0FDM0YsSUFBSSxDQUFDLFNBQVMsQ0FBQyxFQUFFLEdBQUcsRUFBRSxDQUFDLGlCQUFpQixDQUFDLEVBQUUsQ0FBQyxDQUM3QyxDQUFDO1FBQ0osQ0FBQyxDQUFDLENBQUM7SUFDTCxDQUFDLENBQUMsQ0FBQztJQUNILFFBQVEsQ0FBQyxnQkFBZ0IsRUFBRSxHQUFHLEVBQUU7UUFDOUIsTUFBTSxhQUFhLEdBQTJCO1lBQzVDLFFBQVEsRUFBRSxVQUFVO1lBQ3BCLGNBQWMsRUFBRSxDQUFDLGdCQUFnQixFQUFFLGdCQUFnQixDQUFDO1lBQ3BELGlCQUFpQixFQUFFLENBQUMsVUFBVSxDQUFDO1lBQy9CLGNBQWMsRUFBRSxDQUFDLGdCQUFnQixDQUFDO1lBQ2xDLGNBQWMsRUFBRSxDQUFDLGdCQUFnQixDQUFDO1NBQ25DLENBQUM7UUFDRixJQUFJLENBQUMsWUFBWSxFQUFFLEdBQUcsRUFBRTtZQUN0QixNQUFNLFNBQVMsR0FBMkI7Z0JBQ3hDLEdBQUcsYUFBYTthQUNqQixDQUFDO1lBQ0YsTUFBTSxXQUFXLEdBQUcsSUFBSSwyQkFBcUIsQ0FBQyxTQUFTLENBQUMsQ0FBQztZQUN6RCxPQUFPLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsV0FBVyxDQUFDLGNBQWMsRUFBRSxTQUFTLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQztZQUN0RSxNQUFNLENBQUMsV0FBVyxDQUFDLGNBQWMsQ0FBQyxPQUFPLENBQUMsQ0FBQyxhQUFhLENBQUMsQ0FBQyxVQUFVLEVBQUUsZUFBZSxDQUFDLENBQUMsQ0FBQztZQUN4RixNQUFNLENBQUMsV0FBVyxDQUFDLGNBQWMsQ0FBQyxNQUFNLENBQUMsQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLENBQUM7WUFDeEQsTUFBTSxDQUFDLFdBQVcsQ0FBQyxjQUFjLENBQUMsVUFBVSxDQUFDLENBQUMsYUFBYSxDQUFDO2dCQUMxRCxVQUFVLEVBQUU7b0JBQ1YsWUFBWSxFQUFFLENBQUMsa0JBQWtCLEVBQUUsa0JBQWtCLENBQUM7aUJBQ3ZEO2FBQ0YsQ0FBQyxDQUFDO1lBQ0gsTUFBTSxDQUFDLFdBQVcsQ0FBQyxjQUFjLENBQUMsU0FBUyxDQUFDLENBQUMsYUFBYSxDQUFDO2dCQUN6RCx1Q0FBdUM7Z0JBQ3ZDLHFDQUFxQzthQUN0QyxDQUFDLENBQUM7UUFDTCxDQUFDLENBQUMsQ0FBQztRQUNILElBQUksQ0FBQyxXQUFXLEVBQUUsR0FBRyxFQUFFO1lBQ3JCLE1BQU0sU0FBUyxHQUEyQjtnQkFDeEMsR0FBRyxhQUFhO2FBQ2pCLENBQUM7WUFDRixNQUFNLFdBQVcsR0FBRyxJQUFJLDJCQUFxQixDQUFDLFNBQVMsQ0FBQyxDQUFDO1lBQ3pELE9BQU8sQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxXQUFXLENBQUMsYUFBYSxFQUFFLFNBQVMsRUFBRSxDQUFDLENBQUMsQ0FBQyxDQUFDO1lBQ3JFLE1BQU0sQ0FBQyxXQUFXLENBQUMsYUFBYSxDQUFDLE9BQU8sQ0FBQyxDQUFDLGFBQWEsQ0FBQyxDQUFDLGVBQWUsRUFBRSxlQUFlLEVBQUUsa0JBQWtCLENBQUMsQ0FBQyxDQUFDO1lBQ2hILE1BQU0sQ0FBQyxXQUFXLENBQUMsYUFBYSxDQUFDLE1BQU0sQ0FBQyxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsQ0FBQztZQUN0RCxNQUFNLENBQUMsV0FBVyxDQUFDLGFBQWEsQ0FBQyxVQUFVLENBQUMsQ0FBQyxhQUFhLENBQUM7Z0JBQ3pELDJCQUEyQixFQUFFO29CQUMzQixZQUFZLEVBQUUsQ0FBQyxrQkFBa0IsRUFBRSxrQkFBa0IsQ0FBQztvQkFDdEQsa0JBQWtCLEVBQUUsQ0FBQyxVQUFVLENBQUM7aUJBQ2pDO2FBQ0YsQ0FBQyxDQUFDO1FBQ0wsQ0FBQyxDQUFDLENBQUM7SUFDTCxDQUFDLENBQUMsQ0FBQztBQUNMLENBQUMsQ0FBQyxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiLyohXG4gKiBDb3B5cmlnaHQgQW1hem9uLmNvbSwgSW5jLiBvciBpdHMgYWZmaWxpYXRlcy4gQWxsIFJpZ2h0cyBSZXNlcnZlZC5cbiAqIFNQRFgtTGljZW5zZS1JZGVudGlmaWVyOiBBcGFjaGUtMi4wXG4gKi9cblxuaW1wb3J0IHsgTWRhYVRlc3RBcHAgfSBmcm9tICdAYXdzLW1kYWEvdGVzdGluZyc7XG5pbXBvcnQge1xuICBJUmVzdHJpY3RCdWNrZXRUb1JvbGVzLFxuICBJUmVzdHJpY3RPYmplY3RQcmVmaXhUb1JvbGVzLFxuICBSZXN0cmljdEJ1Y2tldFRvUm9sZXMsXG4gIFJlc3RyaWN0T2JqZWN0UHJlZml4VG9Sb2xlcyxcbn0gZnJvbSAnLi4vbGliJztcbmltcG9ydCB7IEJ1Y2tldCB9IGZyb20gJ2F3cy1jZGstbGliL2F3cy1zMyc7XG5pbXBvcnQgeyBBcm5QcmluY2lwYWwgfSBmcm9tICdhd3MtY2RrLWxpYi9hd3MtaWFtJztcblxuZGVzY3JpYmUoJ1Rlc3QgQnVja2V0UG9saWN5IEhlbHBlcicsICgpID0+IHtcbiAgY29uc3QgdGVzdEFwcCA9IG5ldyBNZGFhVGVzdEFwcCgpO1xuICBjb25zdCB0ZXN0QnVja2V0ID0gQnVja2V0LmZyb21CdWNrZXROYW1lKHRlc3RBcHAudGVzdFN0YWNrLCAndGVzdC1idWNrZXQnLCAndGVzdC1idWNrZXQnKTtcbiAgZGVzY3JpYmUoJ1Jlc3RyaWN0UHJlZml4JywgKCkgPT4ge1xuICAgIGNvbnN0IGJhc2VUZXN0UHJvcHM6IElSZXN0cmljdE9iamVjdFByZWZpeFRvUm9sZXMgPSB7XG4gICAgICBzM0J1Y2tldDogdGVzdEJ1Y2tldCxcbiAgICAgIHMzUHJlZml4OiAndGVzdC1wcmVmaXgnLFxuICAgIH07XG4gICAgdGVzdCgnUmVhZCBSb2xlIElkcycsICgpID0+IHtcbiAgICAgIGNvbnN0IHRlc3RQcm9wczogSVJlc3RyaWN0T2JqZWN0UHJlZml4VG9Sb2xlcyA9IHtcbiAgICAgICAgLi4uYmFzZVRlc3RQcm9wcyxcbiAgICAgICAgcmVhZFJvbGVJZHM6IFsndGVzdC1yb2xlLWlkLTEnLCAndGVzdC1yb2xlLWlkLTInXSxcbiAgICAgIH07XG4gICAgICBjb25zdCByZXN0cmljdGlvbiA9IG5ldyBSZXN0cmljdE9iamVjdFByZWZpeFRvUm9sZXModGVzdFByb3BzKTtcbiAgICAgIC8vIGNvbnNvbGUubG9nKCBKU09OLnN0cmluZ2lmeSggcmVzdHJpY3Rpb24uc3RhdGVtZW50cygpWyAwIF0sIHVuZGVmaW5lZCwgMiApIClcbiAgICAgIGV4cGVjdChyZXN0cmljdGlvbi5zdGF0ZW1lbnRzKCkubGVuZ3RoKS50b0JlKDEpO1xuICAgICAgZXhwZWN0KHJlc3RyaWN0aW9uLnJlYWRTdGF0ZW1lbnRzKCkubGVuZ3RoKS50b0JlKDEpO1xuICAgICAgZXhwZWN0KHJlc3RyaWN0aW9uLnJlYWRXcml0ZVN1cGVyU3RhdGVtZW50cygpLmxlbmd0aCkudG9CZSgwKTtcbiAgICAgIGV4cGVjdChyZXN0cmljdGlvbi5yZWFkV3JpdGVTdGF0ZW1lbnRzKCkubGVuZ3RoKS50b0JlKDApO1xuICAgICAgZXhwZWN0KHJlc3RyaWN0aW9uLnJlYWRTdGF0ZW1lbnRzKClbMF0uYWN0aW9ucykudG9TdHJpY3RFcXVhbChbJ3MzOkdldE9iamVjdConXSk7XG4gICAgICBleHBlY3QocmVzdHJpY3Rpb24ucmVhZFN0YXRlbWVudHMoKVswXS5jb25kaXRpb25zKS50b1N0cmljdEVxdWFsKHtcbiAgICAgICAgU3RyaW5nTGlrZToge1xuICAgICAgICAgICdhd3M6dXNlcklkJzogWyd0ZXN0LXJvbGUtaWQtMToqJywgJ3Rlc3Qtcm9sZS1pZC0yOionXSxcbiAgICAgICAgfSxcbiAgICAgIH0pO1xuICAgICAgZXhwZWN0KHJlc3RyaWN0aW9uLnJlYWRTdGF0ZW1lbnRzKClbMF0uZWZmZWN0KS50b0JlKCdBbGxvdycpO1xuICAgICAgZXhwZWN0KHJlc3RyaWN0aW9uLnJlYWRTdGF0ZW1lbnRzKClbMF0ucmVzb3VyY2VzKS50b1N0cmljdEVxdWFsKFtcbiAgICAgICAgJ2Fybjp0ZXN0LXBhcnRpdGlvbjpzMzo6OnRlc3QtYnVja2V0L3Rlc3QtcHJlZml4LyonLFxuICAgICAgXSk7XG4gICAgfSk7XG5cbiAgICB0ZXN0KCdSZWFkV3JpdGUgUm9sZSBJZHMnLCAoKSA9PiB7XG4gICAgICBjb25zdCB0ZXN0UHJvcHM6IElSZXN0cmljdE9iamVjdFByZWZpeFRvUm9sZXMgPSB7XG4gICAgICAgIC4uLmJhc2VUZXN0UHJvcHMsXG4gICAgICAgIHJlYWRXcml0ZVJvbGVJZHM6IFsndGVzdC1yb2xlLWlkLTEnLCAndGVzdC1yb2xlLWlkLTInXSxcbiAgICAgIH07XG4gICAgICBjb25zdCByZXN0cmljdGlvbiA9IG5ldyBSZXN0cmljdE9iamVjdFByZWZpeFRvUm9sZXModGVzdFByb3BzKTtcbiAgICAgIC8vIGNvbnNvbGUubG9nKCBKU09OLnN0cmluZ2lmeSggcmVzdHJpY3Rpb24uc3RhdGVtZW50cygpWyAwIF0sIHVuZGVmaW5lZCwgMiApIClcbiAgICAgIGV4cGVjdChyZXN0cmljdGlvbi5zdGF0ZW1lbnRzKCkubGVuZ3RoKS50b0JlKDEpO1xuICAgICAgZXhwZWN0KHJlc3RyaWN0aW9uLnJlYWRXcml0ZVN0YXRlbWVudHMoKS5sZW5ndGgpLnRvQmUoMSk7XG4gICAgICBleHBlY3QocmVzdHJpY3Rpb24ucmVhZFN0YXRlbWVudHMoKS5sZW5ndGgpLnRvQmUoMCk7XG4gICAgICBleHBlY3QocmVzdHJpY3Rpb24ucmVhZFdyaXRlU3VwZXJTdGF0ZW1lbnRzKCkubGVuZ3RoKS50b0JlKDApO1xuICAgICAgZXhwZWN0KHJlc3RyaWN0aW9uLnJlYWRXcml0ZVN0YXRlbWVudHMoKVswXS5hY3Rpb25zKS50b1N0cmljdEVxdWFsKFtcbiAgICAgICAgJ3MzOkdldE9iamVjdConLFxuICAgICAgICAnczM6UHV0T2JqZWN0JyxcbiAgICAgICAgJ3MzOlB1dE9iamVjdFRhZ2dpbmcnLFxuICAgICAgICAnczM6RGVsZXRlT2JqZWN0JyxcbiAgICAgIF0pO1xuICAgICAgZXhwZWN0KHJlc3RyaWN0aW9uLnJlYWRXcml0ZVN0YXRlbWVudHMoKVswXS5jb25kaXRpb25zKS50b1N0cmljdEVxdWFsKHtcbiAgICAgICAgU3RyaW5nTGlrZToge1xuICAgICAgICAgICdhd3M6dXNlcklkJzogWyd0ZXN0LXJvbGUtaWQtMToqJywgJ3Rlc3Qtcm9sZS1pZC0yOionXSxcbiAgICAgICAgfSxcbiAgICAgIH0pO1xuICAgIH0pO1xuXG4gICAgdGVzdCgnUmVhZFdyaXRlU3VwZXIgUm9sZSBJZHMnLCAoKSA9PiB7XG4gICAgICBjb25zdCB0ZXN0UHJvcHM6IElSZXN0cmljdE9iamVjdFByZWZpeFRvUm9sZXMgPSB7XG4gICAgICAgIC4uLmJhc2VUZXN0UHJvcHMsXG4gICAgICAgIHJlYWRXcml0ZVN1cGVyUm9sZUlkczogWyd0ZXN0LXJvbGUtaWQtMScsICd0ZXN0LXJvbGUtaWQtMiddLFxuICAgICAgfTtcbiAgICAgIGNvbnN0IHJlc3RyaWN0aW9uID0gbmV3IFJlc3RyaWN0T2JqZWN0UHJlZml4VG9Sb2xlcyh0ZXN0UHJvcHMpO1xuICAgICAgLy8gY29uc29sZS5sb2coIEpTT04uc3RyaW5naWZ5KCByZXN0cmljdGlvbi5zdGF0ZW1lbnRzKClbIDAgXSwgdW5kZWZpbmVkLCAyICkgKVxuICAgICAgZXhwZWN0KHJlc3RyaWN0aW9uLnN0YXRlbWVudHMoKS5sZW5ndGgpLnRvQmUoMSk7XG4gICAgICBleHBlY3QocmVzdHJpY3Rpb24ucmVhZFdyaXRlU3VwZXJTdGF0ZW1lbnRzKCkubGVuZ3RoKS50b0JlKDEpO1xuICAgICAgZXhwZWN0KHJlc3RyaWN0aW9uLnJlYWRTdGF0ZW1lbnRzKCkubGVuZ3RoKS50b0JlKDApO1xuICAgICAgZXhwZWN0KHJlc3RyaWN0aW9uLnJlYWRXcml0ZVN0YXRlbWVudHMoKS5sZW5ndGgpLnRvQmUoMCk7XG4gICAgICBleHBlY3QocmVzdHJpY3Rpb24ucmVhZFdyaXRlU3VwZXJTdGF0ZW1lbnRzKClbMF0uYWN0aW9ucykudG9TdHJpY3RFcXVhbChbXG4gICAgICAgICdzMzpHZXRPYmplY3QqJyxcbiAgICAgICAgJ3MzOlB1dE9iamVjdCcsXG4gICAgICAgICdzMzpQdXRPYmplY3RUYWdnaW5nJyxcbiAgICAgICAgJ3MzOkRlbGV0ZU9iamVjdCcsXG4gICAgICAgICdzMzpEZWxldGVPYmplY3RWZXJzaW9uJyxcbiAgICAgIF0pO1xuICAgICAgZXhwZWN0KHJlc3RyaWN0aW9uLnJlYWRXcml0ZVN1cGVyU3RhdGVtZW50cygpWzBdLmNvbmRpdGlvbnMpLnRvU3RyaWN0RXF1YWwoe1xuICAgICAgICBTdHJpbmdMaWtlOiB7XG4gICAgICAgICAgJ2F3czp1c2VySWQnOiBbJ3Rlc3Qtcm9sZS1pZC0xOionLCAndGVzdC1yb2xlLWlkLTI6KiddLFxuICAgICAgICB9LFxuICAgICAgfSk7XG4gICAgfSk7XG5cbiAgICB0ZXN0KCdSZWFkIFByaW5jaXBhbHMnLCAoKSA9PiB7XG4gICAgICBjb25zdCB0ZXN0UHJvcHM6IElSZXN0cmljdE9iamVjdFByZWZpeFRvUm9sZXMgPSB7XG4gICAgICAgIC4uLmJhc2VUZXN0UHJvcHMsXG4gICAgICAgIHJlYWRQcmluY2lwYWxzOiBbbmV3IEFyblByaW5jaXBhbCgndGVzdC1yb2xlLWFybi0xJyldLFxuICAgICAgfTtcbiAgICAgIGNvbnN0IHJlc3RyaWN0aW9uID0gbmV3IFJlc3RyaWN0T2JqZWN0UHJlZml4VG9Sb2xlcyh0ZXN0UHJvcHMpO1xuICAgICAgLy8gY29uc29sZS5sb2coIEpTT04uc3RyaW5naWZ5KCByZXN0cmljdGlvbi5zdGF0ZW1lbnRzKClbIDAgXSwgdW5kZWZpbmVkLCAyICkgKVxuICAgICAgZXhwZWN0KHJlc3RyaWN0aW9uLnN0YXRlbWVudHMoKS5sZW5ndGgpLnRvQmUoMSk7XG4gICAgICBleHBlY3QocmVzdHJpY3Rpb24ucmVhZFN0YXRlbWVudHMoKS5sZW5ndGgpLnRvQmUoMSk7XG4gICAgICBleHBlY3QocmVzdHJpY3Rpb24ucmVhZFdyaXRlU3VwZXJTdGF0ZW1lbnRzKCkubGVuZ3RoKS50b0JlKDApO1xuICAgICAgZXhwZWN0KHJlc3RyaWN0aW9uLnJlYWRXcml0ZVN0YXRlbWVudHMoKS5sZW5ndGgpLnRvQmUoMCk7XG4gICAgICBleHBlY3QocmVzdHJpY3Rpb24ucmVhZFN0YXRlbWVudHMoKVswXS5hY3Rpb25zKS50b1N0cmljdEVxdWFsKFsnczM6R2V0T2JqZWN0KiddKTtcbiAgICAgIGV4cGVjdChyZXN0cmljdGlvbi5yZWFkU3RhdGVtZW50cygpWzBdLmVmZmVjdCkudG9CZSgnQWxsb3cnKTtcbiAgICAgIGV4cGVjdChyZXN0cmljdGlvbi5yZWFkU3RhdGVtZW50cygpWzBdLnJlc291cmNlcykudG9TdHJpY3RFcXVhbChbXG4gICAgICAgICdhcm46dGVzdC1wYXJ0aXRpb246czM6Ojp0ZXN0LWJ1Y2tldC90ZXN0LXByZWZpeC8qJyxcbiAgICAgIF0pO1xuICAgICAgZXhwZWN0KHJlc3RyaWN0aW9uLnJlYWRTdGF0ZW1lbnRzKClbMF0ucHJpbmNpcGFscy5sZW5ndGgpLnRvQmUoMSk7XG4gICAgICBleHBlY3QoSlNPTi5zdHJpbmdpZnkocmVzdHJpY3Rpb24ucmVhZFN0YXRlbWVudHMoKVswXS5wcmluY2lwYWxzWzBdKSkudG9TdHJpY3RFcXVhbChcbiAgICAgICAgSlNPTi5zdHJpbmdpZnkoeyBBV1M6IFsndGVzdC1yb2xlLWFybi0xJ10gfSksXG4gICAgICApO1xuICAgIH0pO1xuXG4gICAgdGVzdCgnUmVhZFdyaXRlIFByaW5jaXBhbHMnLCAoKSA9PiB7XG4gICAgICBjb25zdCB0ZXN0UHJvcHM6IElSZXN0cmljdE9iamVjdFByZWZpeFRvUm9sZXMgPSB7XG4gICAgICAgIC4uLmJhc2VUZXN0UHJvcHMsXG4gICAgICAgIHJlYWRXcml0ZVByaW5jaXBhbHM6IFtuZXcgQXJuUHJpbmNpcGFsKCd0ZXN0LXJvbGUtYXJuLTEnKV0sXG4gICAgICB9O1xuICAgICAgY29uc3QgcmVzdHJpY3Rpb24gPSBuZXcgUmVzdHJpY3RPYmplY3RQcmVmaXhUb1JvbGVzKHRlc3RQcm9wcyk7XG4gICAgICAvLyBjb25zb2xlLmxvZyggSlNPTi5zdHJpbmdpZnkoIHJlc3RyaWN0aW9uLnN0YXRlbWVudHMoKVsgMCBdLCB1bmRlZmluZWQsIDIgKSApXG4gICAgICBleHBlY3QocmVzdHJpY3Rpb24uc3RhdGVtZW50cygpLmxlbmd0aCkudG9CZSgxKTtcbiAgICAgIGV4cGVjdChyZXN0cmljdGlvbi5yZWFkV3JpdGVTdGF0ZW1lbnRzKCkubGVuZ3RoKS50b0JlKDEpO1xuICAgICAgZXhwZWN0KHJlc3RyaWN0aW9uLnJlYWRTdGF0ZW1lbnRzKCkubGVuZ3RoKS50b0JlKDApO1xuICAgICAgZXhwZWN0KHJlc3RyaWN0aW9uLnJlYWRXcml0ZVN1cGVyU3RhdGVtZW50cygpLmxlbmd0aCkudG9CZSgwKTtcbiAgICAgIGV4cGVjdChyZXN0cmljdGlvbi5yZWFkV3JpdGVTdGF0ZW1lbnRzKClbMF0uYWN0aW9ucykudG9TdHJpY3RFcXVhbChbXG4gICAgICAgICdzMzpHZXRPYmplY3QqJyxcbiAgICAgICAgJ3MzOlB1dE9iamVjdCcsXG4gICAgICAgICdzMzpQdXRPYmplY3RUYWdnaW5nJyxcbiAgICAgICAgJ3MzOkRlbGV0ZU9iamVjdCcsXG4gICAgICBdKTtcbiAgICAgIGV4cGVjdChyZXN0cmljdGlvbi5yZWFkV3JpdGVTdGF0ZW1lbnRzKClbMF0uZWZmZWN0KS50b0JlKCdBbGxvdycpO1xuICAgICAgZXhwZWN0KHJlc3RyaWN0aW9uLnJlYWRXcml0ZVN0YXRlbWVudHMoKVswXS5yZXNvdXJjZXMpLnRvU3RyaWN0RXF1YWwoW1xuICAgICAgICAnYXJuOnRlc3QtcGFydGl0aW9uOnMzOjo6dGVzdC1idWNrZXQvdGVzdC1wcmVmaXgvKicsXG4gICAgICBdKTtcbiAgICAgIGV4cGVjdChyZXN0cmljdGlvbi5yZWFkV3JpdGVTdGF0ZW1lbnRzKClbMF0ucHJpbmNpcGFscy5sZW5ndGgpLnRvQmUoMSk7XG4gICAgICBleHBlY3QoSlNPTi5zdHJpbmdpZnkocmVzdHJpY3Rpb24ucmVhZFdyaXRlU3RhdGVtZW50cygpWzBdLnByaW5jaXBhbHNbMF0pKS50b1N0cmljdEVxdWFsKFxuICAgICAgICBKU09OLnN0cmluZ2lmeSh7IEFXUzogWyd0ZXN0LXJvbGUtYXJuLTEnXSB9KSxcbiAgICAgICk7XG4gICAgfSk7XG5cbiAgICB0ZXN0KCdSZWFkV3JpdGVTdXBlciBQcmluY2lwYWxzJywgKCkgPT4ge1xuICAgICAgY29uc3QgdGVzdFByb3BzOiBJUmVzdHJpY3RPYmplY3RQcmVmaXhUb1JvbGVzID0ge1xuICAgICAgICAuLi5iYXNlVGVzdFByb3BzLFxuICAgICAgICByZWFkV3JpdGVTdXBlclByaW5jaXBhbHM6IFtuZXcgQXJuUHJpbmNpcGFsKCd0ZXN0LXJvbGUtYXJuLTEnKV0sXG4gICAgICB9O1xuICAgICAgY29uc3QgcmVzdHJpY3Rpb24gPSBuZXcgUmVzdHJpY3RPYmplY3RQcmVmaXhUb1JvbGVzKHRlc3RQcm9wcyk7XG4gICAgICAvLyBjb25zb2xlLmxvZyggSlNPTi5zdHJpbmdpZnkoIHJlc3RyaWN0aW9uLnN0YXRlbWVudHMoKVsgMCBdLCB1bmRlZmluZWQsIDIgKSApXG4gICAgICBleHBlY3QocmVzdHJpY3Rpb24uc3RhdGVtZW50cygpLmxlbmd0aCkudG9CZSgxKTtcbiAgICAgIGV4cGVjdChyZXN0cmljdGlvbi5yZWFkU3RhdGVtZW50cygpLmxlbmd0aCkudG9CZSgwKTtcbiAgICAgIGV4cGVjdChyZXN0cmljdGlvbi5yZWFkV3JpdGVTdGF0ZW1lbnRzKCkubGVuZ3RoKS50b0JlKDApO1xuICAgICAgZXhwZWN0KHJlc3RyaWN0aW9uLnJlYWRXcml0ZVN1cGVyU3RhdGVtZW50cygpLmxlbmd0aCkudG9CZSgxKTtcbiAgICAgIGV4cGVjdChyZXN0cmljdGlvbi5yZWFkV3JpdGVTdXBlclN0YXRlbWVudHMoKVswXS5hY3Rpb25zKS50b1N0cmljdEVxdWFsKFtcbiAgICAgICAgJ3MzOkdldE9iamVjdConLFxuICAgICAgICAnczM6UHV0T2JqZWN0JyxcbiAgICAgICAgJ3MzOlB1dE9iamVjdFRhZ2dpbmcnLFxuICAgICAgICAnczM6RGVsZXRlT2JqZWN0JyxcbiAgICAgICAgJ3MzOkRlbGV0ZU9iamVjdFZlcnNpb24nLFxuICAgICAgXSk7XG4gICAgICBleHBlY3QocmVzdHJpY3Rpb24ucmVhZFdyaXRlU3VwZXJTdGF0ZW1lbnRzKClbMF0uZWZmZWN0KS50b0JlKCdBbGxvdycpO1xuICAgICAgZXhwZWN0KHJlc3RyaWN0aW9uLnJlYWRXcml0ZVN1cGVyU3RhdGVtZW50cygpWzBdLnJlc291cmNlcykudG9TdHJpY3RFcXVhbChbXG4gICAgICAgICdhcm46dGVzdC1wYXJ0aXRpb246czM6Ojp0ZXN0LWJ1Y2tldC90ZXN0LXByZWZpeC8qJyxcbiAgICAgIF0pO1xuICAgICAgZXhwZWN0KHJlc3RyaWN0aW9uLnJlYWRXcml0ZVN1cGVyU3RhdGVtZW50cygpWzBdLnByaW5jaXBhbHMubGVuZ3RoKS50b0JlKDEpO1xuICAgICAgZXhwZWN0KEpTT04uc3RyaW5naWZ5KHJlc3RyaWN0aW9uLnJlYWRXcml0ZVN1cGVyU3RhdGVtZW50cygpWzBdLnByaW5jaXBhbHNbMF0pKS50b1N0cmljdEVxdWFsKFxuICAgICAgICBKU09OLnN0cmluZ2lmeSh7IEFXUzogWyd0ZXN0LXJvbGUtYXJuLTEnXSB9KSxcbiAgICAgICk7XG4gICAgfSk7XG4gIH0pO1xuICBkZXNjcmliZSgnUmVzdHJpY3RCdWNrZXQnLCAoKSA9PiB7XG4gICAgY29uc3QgYmFzZVRlc3RQcm9wczogSVJlc3RyaWN0QnVja2V0VG9Sb2xlcyA9IHtcbiAgICAgIHMzQnVja2V0OiB0ZXN0QnVja2V0LFxuICAgICAgcm9sZUV4Y2x1ZGVJZHM6IFsndGVzdC1yb2xlLWlkLTEnLCAndGVzdC1yb2xlLWlkLTInXSxcbiAgICAgIHByaW5jaXBhbEV4Y2x1ZGVzOiBbJ3Rlc3QtYXJuJ10sXG4gICAgICBwcmVmaXhFeGNsdWRlczogWydleGNsdWRlLXByZWZpeCddLFxuICAgICAgcHJlZml4SW5jbHVkZXM6IFsnZXhjbHVkZS1wcmVmaXgnXSxcbiAgICB9O1xuICAgIHRlc3QoJ0Jhc2UgQWxsb3cnLCAoKSA9PiB7XG4gICAgICBjb25zdCB0ZXN0UHJvcHM6IElSZXN0cmljdEJ1Y2tldFRvUm9sZXMgPSB7XG4gICAgICAgIC4uLmJhc2VUZXN0UHJvcHMsXG4gICAgICB9O1xuICAgICAgY29uc3QgcmVzdHJpY3Rpb24gPSBuZXcgUmVzdHJpY3RCdWNrZXRUb1JvbGVzKHRlc3RQcm9wcyk7XG4gICAgICBjb25zb2xlLmxvZyhKU09OLnN0cmluZ2lmeShyZXN0cmljdGlvbi5hbGxvd1N0YXRlbWVudCwgdW5kZWZpbmVkLCAyKSk7XG4gICAgICBleHBlY3QocmVzdHJpY3Rpb24uYWxsb3dTdGF0ZW1lbnQuYWN0aW9ucykudG9TdHJpY3RFcXVhbChbJ3MzOkxpc3QqJywgJ3MzOkdldEJ1Y2tldConXSk7XG4gICAgICBleHBlY3QocmVzdHJpY3Rpb24uYWxsb3dTdGF0ZW1lbnQuZWZmZWN0KS50b0JlKCdBbGxvdycpO1xuICAgICAgZXhwZWN0KHJlc3RyaWN0aW9uLmFsbG93U3RhdGVtZW50LmNvbmRpdGlvbnMpLnRvU3RyaWN0RXF1YWwoe1xuICAgICAgICBTdHJpbmdMaWtlOiB7XG4gICAgICAgICAgJ2F3czp1c2VySWQnOiBbJ3Rlc3Qtcm9sZS1pZC0xOionLCAndGVzdC1yb2xlLWlkLTI6KiddLFxuICAgICAgICB9LFxuICAgICAgfSk7XG4gICAgICBleHBlY3QocmVzdHJpY3Rpb24uYWxsb3dTdGF0ZW1lbnQucmVzb3VyY2VzKS50b1N0cmljdEVxdWFsKFtcbiAgICAgICAgJ2Fybjp0ZXN0LXBhcnRpdGlvbjpzMzo6OnRlc3QtYnVja2V0LyonLFxuICAgICAgICAnYXJuOnRlc3QtcGFydGl0aW9uOnMzOjo6dGVzdC1idWNrZXQnLFxuICAgICAgXSk7XG4gICAgfSk7XG4gICAgdGVzdCgnQmFzZSBEZW55JywgKCkgPT4ge1xuICAgICAgY29uc3QgdGVzdFByb3BzOiBJUmVzdHJpY3RCdWNrZXRUb1JvbGVzID0ge1xuICAgICAgICAuLi5iYXNlVGVzdFByb3BzLFxuICAgICAgfTtcbiAgICAgIGNvbnN0IHJlc3RyaWN0aW9uID0gbmV3IFJlc3RyaWN0QnVja2V0VG9Sb2xlcyh0ZXN0UHJvcHMpO1xuICAgICAgY29uc29sZS5sb2coSlNPTi5zdHJpbmdpZnkocmVzdHJpY3Rpb24uZGVueVN0YXRlbWVudCwgdW5kZWZpbmVkLCAyKSk7XG4gICAgICBleHBlY3QocmVzdHJpY3Rpb24uZGVueVN0YXRlbWVudC5hY3Rpb25zKS50b1N0cmljdEVxdWFsKFsnczM6UHV0T2JqZWN0KicsICdzMzpHZXRPYmplY3QqJywgJ3MzOkRlbGV0ZU9iamVjdConXSk7XG4gICAgICBleHBlY3QocmVzdHJpY3Rpb24uZGVueVN0YXRlbWVudC5lZmZlY3QpLnRvQmUoJ0RlbnknKTtcbiAgICAgIGV4cGVjdChyZXN0cmljdGlvbi5kZW55U3RhdGVtZW50LmNvbmRpdGlvbnMpLnRvU3RyaWN0RXF1YWwoe1xuICAgICAgICAnRm9yQW55VmFsdWU6U3RyaW5nTm90TGlrZSc6IHtcbiAgICAgICAgICAnYXdzOnVzZXJJZCc6IFsndGVzdC1yb2xlLWlkLTE6KicsICd0ZXN0LXJvbGUtaWQtMjoqJ10sXG4gICAgICAgICAgJ2F3czpQcmluY2lwYWxBcm4nOiBbJ3Rlc3QtYXJuJ10sXG4gICAgICAgIH0sXG4gICAgICB9KTtcbiAgICB9KTtcbiAgfSk7XG59KTtcbiJdfQ==

package/node_modules/@aws-mdaa/s3-bucketpolicy-helper/test/bucketpolicy-helper.test.ts DELETED Viewed

@@ -1,215 +0,0 @@
-/*!
- * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
- * SPDX-License-Identifier: Apache-2.0
- */
-import { MdaaTestApp } from '@aws-mdaa/testing';
-import {
-  IRestrictBucketToRoles,
-  IRestrictObjectPrefixToRoles,
-  RestrictBucketToRoles,
-  RestrictObjectPrefixToRoles,
-} from '../lib';
-import { Bucket } from 'aws-cdk-lib/aws-s3';
-import { ArnPrincipal } from 'aws-cdk-lib/aws-iam';
-describe('Test BucketPolicy Helper', () => {
-  const testApp = new MdaaTestApp();
-  const testBucket = Bucket.fromBucketName(testApp.testStack, 'test-bucket', 'test-bucket');
-  describe('RestrictPrefix', () => {
-    const baseTestProps: IRestrictObjectPrefixToRoles = {
-      s3Bucket: testBucket,
-      s3Prefix: 'test-prefix',
-    };
-    test('Read Role Ids', () => {
-      const testProps: IRestrictObjectPrefixToRoles = {
-        ...baseTestProps,
-        readRoleIds: ['test-role-id-1', 'test-role-id-2'],
-      };
-      const restriction = new RestrictObjectPrefixToRoles(testProps);
-      // console.log( JSON.stringify( restriction.statements()[ 0 ], undefined, 2 ) )
-      expect(restriction.statements().length).toBe(1);
-      expect(restriction.readStatements().length).toBe(1);
-      expect(restriction.readWriteSuperStatements().length).toBe(0);
-      expect(restriction.readWriteStatements().length).toBe(0);
-      expect(restriction.readStatements()[0].actions).toStrictEqual(['s3:GetObject*']);
-      expect(restriction.readStatements()[0].conditions).toStrictEqual({
-        StringLike: {
-          'aws:userId': ['test-role-id-1:*', 'test-role-id-2:*'],
-        },
-      });
-      expect(restriction.readStatements()[0].effect).toBe('Allow');
-      expect(restriction.readStatements()[0].resources).toStrictEqual([
-        'arn:test-partition:s3:::test-bucket/test-prefix/*',
-      ]);
-    });
-    test('ReadWrite Role Ids', () => {
-      const testProps: IRestrictObjectPrefixToRoles = {
-        ...baseTestProps,
-        readWriteRoleIds: ['test-role-id-1', 'test-role-id-2'],
-      };
-      const restriction = new RestrictObjectPrefixToRoles(testProps);
-      // console.log( JSON.stringify( restriction.statements()[ 0 ], undefined, 2 ) )
-      expect(restriction.statements().length).toBe(1);
-      expect(restriction.readWriteStatements().length).toBe(1);
-      expect(restriction.readStatements().length).toBe(0);
-      expect(restriction.readWriteSuperStatements().length).toBe(0);
-      expect(restriction.readWriteStatements()[0].actions).toStrictEqual([
-        's3:GetObject*',
-        's3:PutObject',
-        's3:PutObjectTagging',
-        's3:DeleteObject',
-      ]);
-      expect(restriction.readWriteStatements()[0].conditions).toStrictEqual({
-        StringLike: {
-          'aws:userId': ['test-role-id-1:*', 'test-role-id-2:*'],
-        },
-      });
-    });
-    test('ReadWriteSuper Role Ids', () => {
-      const testProps: IRestrictObjectPrefixToRoles = {
-        ...baseTestProps,
-        readWriteSuperRoleIds: ['test-role-id-1', 'test-role-id-2'],
-      };
-      const restriction = new RestrictObjectPrefixToRoles(testProps);
-      // console.log( JSON.stringify( restriction.statements()[ 0 ], undefined, 2 ) )
-      expect(restriction.statements().length).toBe(1);
-      expect(restriction.readWriteSuperStatements().length).toBe(1);
-      expect(restriction.readStatements().length).toBe(0);
-      expect(restriction.readWriteStatements().length).toBe(0);
-      expect(restriction.readWriteSuperStatements()[0].actions).toStrictEqual([
-        's3:GetObject*',
-        's3:PutObject',
-        's3:PutObjectTagging',
-        's3:DeleteObject',
-        's3:DeleteObjectVersion',
-      ]);
-      expect(restriction.readWriteSuperStatements()[0].conditions).toStrictEqual({
-        StringLike: {
-          'aws:userId': ['test-role-id-1:*', 'test-role-id-2:*'],
-        },
-      });
-    });
-    test('Read Principals', () => {
-      const testProps: IRestrictObjectPrefixToRoles = {
-        ...baseTestProps,
-        readPrincipals: [new ArnPrincipal('test-role-arn-1')],
-      };
-      const restriction = new RestrictObjectPrefixToRoles(testProps);
-      // console.log( JSON.stringify( restriction.statements()[ 0 ], undefined, 2 ) )
-      expect(restriction.statements().length).toBe(1);
-      expect(restriction.readStatements().length).toBe(1);
-      expect(restriction.readWriteSuperStatements().length).toBe(0);
-      expect(restriction.readWriteStatements().length).toBe(0);
-      expect(restriction.readStatements()[0].actions).toStrictEqual(['s3:GetObject*']);
-      expect(restriction.readStatements()[0].effect).toBe('Allow');
-      expect(restriction.readStatements()[0].resources).toStrictEqual([
-        'arn:test-partition:s3:::test-bucket/test-prefix/*',
-      ]);
-      expect(restriction.readStatements()[0].principals.length).toBe(1);
-      expect(JSON.stringify(restriction.readStatements()[0].principals[0])).toStrictEqual(
-        JSON.stringify({ AWS: ['test-role-arn-1'] }),
-      );
-    });
-    test('ReadWrite Principals', () => {
-      const testProps: IRestrictObjectPrefixToRoles = {
-        ...baseTestProps,
-        readWritePrincipals: [new ArnPrincipal('test-role-arn-1')],
-      };
-      const restriction = new RestrictObjectPrefixToRoles(testProps);
-      // console.log( JSON.stringify( restriction.statements()[ 0 ], undefined, 2 ) )
-      expect(restriction.statements().length).toBe(1);
-      expect(restriction.readWriteStatements().length).toBe(1);
-      expect(restriction.readStatements().length).toBe(0);
-      expect(restriction.readWriteSuperStatements().length).toBe(0);
-      expect(restriction.readWriteStatements()[0].actions).toStrictEqual([
-        's3:GetObject*',
-        's3:PutObject',
-        's3:PutObjectTagging',
-        's3:DeleteObject',
-      ]);
-      expect(restriction.readWriteStatements()[0].effect).toBe('Allow');
-      expect(restriction.readWriteStatements()[0].resources).toStrictEqual([
-        'arn:test-partition:s3:::test-bucket/test-prefix/*',
-      ]);
-      expect(restriction.readWriteStatements()[0].principals.length).toBe(1);
-      expect(JSON.stringify(restriction.readWriteStatements()[0].principals[0])).toStrictEqual(
-        JSON.stringify({ AWS: ['test-role-arn-1'] }),
-      );
-    });
-    test('ReadWriteSuper Principals', () => {
-      const testProps: IRestrictObjectPrefixToRoles = {
-        ...baseTestProps,
-        readWriteSuperPrincipals: [new ArnPrincipal('test-role-arn-1')],
-      };
-      const restriction = new RestrictObjectPrefixToRoles(testProps);
-      // console.log( JSON.stringify( restriction.statements()[ 0 ], undefined, 2 ) )
-      expect(restriction.statements().length).toBe(1);
-      expect(restriction.readStatements().length).toBe(0);
-      expect(restriction.readWriteStatements().length).toBe(0);
-      expect(restriction.readWriteSuperStatements().length).toBe(1);
-      expect(restriction.readWriteSuperStatements()[0].actions).toStrictEqual([
-        's3:GetObject*',
-        's3:PutObject',
-        's3:PutObjectTagging',
-        's3:DeleteObject',
-        's3:DeleteObjectVersion',
-      ]);
-      expect(restriction.readWriteSuperStatements()[0].effect).toBe('Allow');
-      expect(restriction.readWriteSuperStatements()[0].resources).toStrictEqual([
-        'arn:test-partition:s3:::test-bucket/test-prefix/*',
-      ]);
-      expect(restriction.readWriteSuperStatements()[0].principals.length).toBe(1);
-      expect(JSON.stringify(restriction.readWriteSuperStatements()[0].principals[0])).toStrictEqual(
-        JSON.stringify({ AWS: ['test-role-arn-1'] }),
-      );
-    });
-  });
-  describe('RestrictBucket', () => {
-    const baseTestProps: IRestrictBucketToRoles = {
-      s3Bucket: testBucket,
-      roleExcludeIds: ['test-role-id-1', 'test-role-id-2'],
-      principalExcludes: ['test-arn'],
-      prefixExcludes: ['exclude-prefix'],
-      prefixIncludes: ['exclude-prefix'],
-    };
-    test('Base Allow', () => {
-      const testProps: IRestrictBucketToRoles = {
-        ...baseTestProps,
-      };
-      const restriction = new RestrictBucketToRoles(testProps);
-      console.log(JSON.stringify(restriction.allowStatement, undefined, 2));
-      expect(restriction.allowStatement.actions).toStrictEqual(['s3:List*', 's3:GetBucket*']);
-      expect(restriction.allowStatement.effect).toBe('Allow');
-      expect(restriction.allowStatement.conditions).toStrictEqual({
-        StringLike: {
-          'aws:userId': ['test-role-id-1:*', 'test-role-id-2:*'],
-        },
-      });
-      expect(restriction.allowStatement.resources).toStrictEqual([
-        'arn:test-partition:s3:::test-bucket/*',
-        'arn:test-partition:s3:::test-bucket',
-      ]);
-    });
-    test('Base Deny', () => {
-      const testProps: IRestrictBucketToRoles = {
-        ...baseTestProps,
-      };
-      const restriction = new RestrictBucketToRoles(testProps);
-      console.log(JSON.stringify(restriction.denyStatement, undefined, 2));
-      expect(restriction.denyStatement.actions).toStrictEqual(['s3:PutObject*', 's3:GetObject*', 's3:DeleteObject*']);
-      expect(restriction.denyStatement.effect).toBe('Deny');
-      expect(restriction.denyStatement.conditions).toStrictEqual({
-        'ForAnyValue:StringNotLike': {
-          'aws:userId': ['test-role-id-1:*', 'test-role-id-2:*'],
-          'aws:PrincipalArn': ['test-arn'],
-        },
-      });
-    });
-  });
-});