@aws-solutions-constructs/aws-cloudfront-s3 2.90.3 → 2.91.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (28) hide show
  1. package/.jsii +5 -5
  2. package/lib/index.js +1 -1
  3. package/package.json +8 -8
  4. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/cfn-response.js +0 -1
  5. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/consts.js +0 -1
  6. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/framework.js +0 -3
  7. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/outbound.js +0 -1
  8. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/util.js +0 -1
  9. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.e97825c838d70ceb13ba2f6223a7d94ed35687b70bfb224a0b9128e698e3f28e/index.d.ts +0 -30
  10. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.e97825c838d70ceb13ba2f6223a7d94ed35687b70bfb224a0b9128e698e3f28e/index.js +0 -129
  11. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +0 -1
  12. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +0 -1
  13. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/cfn-response.js +0 -1
  14. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/consts.js +0 -1
  15. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/framework.js +0 -3
  16. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/outbound.js +0 -1
  17. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/util.js +0 -1
  18. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.e97825c838d70ceb13ba2f6223a7d94ed35687b70bfb224a0b9128e698e3f28e/index.d.ts +0 -30
  19. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.e97825c838d70ceb13ba2f6223a7d94ed35687b70bfb224a0b9128e698e3f28e/index.js +0 -129
  20. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +0 -1
  21. package/test/integ.cfts3-custom-headers.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +0 -1
  22. package/test/integ.cfts3-custom-originPath.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +0 -1
  23. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +0 -1
  24. package/test/integ.cfts3-existing-bucket.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +0 -1
  25. package/test/integ.cfts3-no-arguments.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +0 -1
  26. package/test/integ.cfts3-no-cloudfront-s3-access-logs.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +0 -1
  27. package/test/integ.cfts3-no-logging.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +0 -1
  28. package/test/integ.cfts3-no-security-headers.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +0 -1
package/.jsii CHANGED
@@ -8,9 +8,9 @@
8
8
  "url": "https://aws.amazon.com"
9
9
  },
10
10
  "dependencies": {
11
- "@aws-solutions-constructs/core": "2.90.3",
12
- "@aws-solutions-constructs/resources": "2.90.3",
13
- "aws-cdk-lib": "^2.206.0",
11
+ "@aws-solutions-constructs/core": "2.91.0",
12
+ "@aws-solutions-constructs/resources": "2.91.0",
13
+ "aws-cdk-lib": "^2.210.0",
14
14
  "constructs": "^10.0.0"
15
15
  },
16
16
  "dependencyClosure": {
@@ -4489,6 +4489,6 @@
4489
4489
  "symbolId": "lib/index:CloudFrontToS3Props"
4490
4490
  }
4491
4491
  },
4492
- "version": "2.90.3",
4493
- "fingerprint": "QEbipHG5rmhBCk5abRs0q3Mv0auJXHu+RN8tOEF8cX8="
4492
+ "version": "2.91.0",
4493
+ "fingerprint": "UULMH2Facyqr+zDKqWdhdlweDjfxJpYbrtpMSQYh18A="
4494
4494
  }
package/lib/index.js CHANGED
@@ -122,5 +122,5 @@ class CloudFrontToS3 extends constructs_1.Construct {
122
122
  }
123
123
  exports.CloudFrontToS3 = CloudFrontToS3;
124
124
  _a = JSII_RTTI_SYMBOL_1;
125
- CloudFrontToS3[_a] = { fqn: "@aws-solutions-constructs/aws-cloudfront-s3.CloudFrontToS3", version: "2.90.3" };
125
+ CloudFrontToS3[_a] = { fqn: "@aws-solutions-constructs/aws-cloudfront-s3.CloudFrontToS3", version: "2.91.0" };
126
126
  //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJpbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7OztBQUFBOzs7Ozs7Ozs7OztHQVdHO0FBRUgsNkNBQWtDO0FBRWxDLDJDQUEyQztBQUczQywyREFBMkQ7QUFDM0QsaUVBQWlFO0FBQ2pFLHdGQUF3RjtBQUN4RiwyQ0FBdUM7QUFzR3ZDLE1BQWEsY0FBZSxTQUFRLHNCQUFTO0lBVTNDOzs7Ozs7O09BT0c7SUFDSCxZQUFZLEtBQWdCLEVBQUUsRUFBVSxFQUFFLEtBQTBCO1FBQ2xFLEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFFakIsd0VBQXdFO1FBQ3hFLDJEQUEyRDtRQUMzRCxJQUFJLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxpREFBaUQsRUFBRSxJQUFJLENBQUMsQ0FBQztRQUU5RSxRQUFRLENBQUMsWUFBWSxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQzdCLFFBQVEsQ0FBQyxvQkFBb0IsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUNyQyxRQUFRLENBQUMsc0JBQXNCLENBQUMsS0FBSyxDQUFDLENBQUM7UUFFdkMsSUFBSSxZQUF3QixDQUFDO1FBRTdCLElBQUksQ0FBQyxLQUFLLENBQUMsaUJBQWlCLEVBQUUsQ0FBQztZQUM3QixNQUFNLHFCQUFxQixHQUFHLFFBQVEsQ0FBQyxhQUFhLENBQUMsSUFBSSxFQUFFO2dCQUN6RCxXQUFXLEVBQUUsS0FBSyxDQUFDLFdBQVc7Z0JBQzlCLGtCQUFrQixFQUFFLEtBQUssQ0FBQyxrQkFBa0I7Z0JBQzVDLGVBQWUsRUFBRSxLQUFLLENBQUMsZUFBZTthQUN2QyxDQUFDLENBQUM7WUFDSCxJQUFJLENBQUMsUUFBUSxHQUFHLHFCQUFxQixDQUFDLE1BQU0sQ0FBQztZQUM3QyxJQUFJLENBQUMsZUFBZSxHQUFHLHFCQUFxQixDQUFDLGFBQWEsQ0FBQztZQUMzRCxZQUFZLEdBQUcsSUFBSSxDQUFDLFFBQVEsQ0FBQztRQUMvQixDQUFDO2FBQU0sQ0FBQztZQUNOLFlBQVksR0FBRyxLQUFLLENBQUMsaUJBQWlCLENBQUM7UUFDekMsQ0FBQztRQUVELElBQUksQ0FBQyxpQkFBaUIsR0FBRyxZQUFZLENBQUM7UUFFdEMscUNBQXFDO1FBQ3JDLE1BQU0sZ0NBQWdDLEdBQW9EO1lBQ3hGLFlBQVksRUFBRSxJQUFJLENBQUMsaUJBQWlCO1lBQ3BDLDJCQUEyQixFQUFFLEtBQUssQ0FBQywyQkFBMkI7WUFDOUQsbUJBQW1CLEVBQUUsS0FBSyxDQUFDLHlCQUF5QjtZQUNwRCw0QkFBNEIsRUFBRSxLQUFLLENBQUMsNEJBQTRCO1lBQ2hFLDBCQUEwQixFQUFFLEtBQUssQ0FBQywwQkFBMEI7WUFDNUQsNkNBQTZDLEVBQUUsS0FBSyxDQUFDLDJDQUEyQztZQUNoRyxzQkFBc0IsRUFBRSxLQUFLLENBQUMsc0JBQXNCO1NBQ3JELENBQUM7UUFDRixNQUFNLG1DQUFtQyxHQUFHLFFBQVEsQ0FBQyxpQ0FBaUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxFQUFFLGdDQUFnQyxDQUFDLENBQUM7UUFDbkksSUFBSSxDQUFDLHlCQUF5QixHQUFHLG1DQUFtQyxDQUFDLFlBQVksQ0FBQztRQUNsRixJQUFJLENBQUMsa0JBQWtCLEdBQUcsbUNBQW1DLENBQUMsa0JBQWtCLENBQUM7UUFDakYsSUFBSSxDQUFDLHVCQUF1QixHQUFHLG1DQUFtQyxDQUFDLGFBQWEsQ0FBQztRQUNqRixJQUFJLENBQUMsbUJBQW1CLEdBQUcsbUNBQW1DLENBQUMsbUJBQW1CLENBQUM7UUFDbkYsSUFBSSxDQUFDLHNDQUFzQyxHQUFHLG1DQUFtQyxDQUFDLCtCQUErQixDQUFDO1FBRWxILHFHQUFxRztRQUNyRyxNQUFNLHdCQUF3QixHQUFHLElBQUksQ0FBQyx5QkFBeUIsQ0FBQyxJQUFJLENBQUMsWUFBMEMsQ0FBQztRQUNoSCx3QkFBd0IsQ0FBQyxtQkFBbUIsQ0FBQyxvREFBb0QsRUFBRSxJQUFJLENBQUMsbUJBQW1CLEVBQUUsTUFBTSxDQUFDLENBQUM7UUFDckksSUFBSSxLQUFLLENBQUMsVUFBVSxFQUFFLENBQUM7WUFDckIsd0JBQXdCLENBQUMsbUJBQW1CLENBQUMseUNBQXlDLEVBQUUsS0FBSyxDQUFDLFVBQVUsQ0FBQyxDQUFDO1FBQzVHLENBQUM7UUFFRCwyRUFBMkU7UUFDM0UsWUFBWSxDQUFDLG1CQUFtQixDQUM5QixJQUFJLEdBQUcsQ0FBQyxlQUFlLENBQUM7WUFDdEIsTUFBTSxFQUFFLEdBQUcsQ0FBQyxNQUFNLENBQUMsS0FBSztZQUN4QixPQUFPLEVBQUUsQ0FBQyxjQUFjLENBQUM7WUFDekIsVUFBVSxFQUFFLENBQUMsSUFBSSxHQUFHLENBQUMsZ0JBQWdCLENBQUMsMEJBQTBCLENBQUMsQ0FBQztZQUNsRSxTQUFTLEVBQUUsQ0FBQyxZQUFZLENBQUMsYUFBYSxDQUFDLEdBQUcsQ0FBQyxDQUFDO1lBQzVDLFVBQVUsRUFBRTtnQkFDVixZQUFZLEVBQUU7b0JBQ1osZUFBZSxFQUFFLE9BQU8saUJBQUcsQ0FBQyxTQUFTLGdCQUFnQixpQkFBRyxDQUFDLFVBQVUsaUJBQWlCLElBQUksQ0FBQyx5QkFBeUIsQ0FBQyxjQUFjLEVBQUU7aUJBQ3BJO2FBQ0Y7U0FDRixDQUFDLENBQ0gsQ0FBQztRQUVGLFlBQVksQ0FBQyxtQkFBbUIsQ0FDOUIsSUFBSSxHQUFHLENBQUMsZUFBZSxDQUFDO1lBQ3RCLE1BQU0sRUFBRSxHQUFHLENBQUMsTUFBTSxDQUFDLEtBQUs7WUFDeEIsT0FBTyxFQUFFLENBQUMsZUFBZSxDQUFDO1lBQzFCLFVBQVUsRUFBRSxDQUFDLElBQUksR0FBRyxDQUFDLGdCQUFnQixDQUFDLDBCQUEwQixDQUFDLENBQUM7WUFDbEUsU0FBUyxFQUFFLENBQUMsWUFBWSxDQUFDLFNBQVMsQ0FBQztZQUNuQyxVQUFVLEVBQUU7Z0JBQ1YsWUFBWSxFQUFFO29CQUNaLGVBQWUsRUFBRSxPQUFPLGlCQUFHLENBQUMsU0FBUyxnQkFBZ0IsaUJBQUcsQ0FBQyxVQUFVLGlCQUFpQixJQUFJLENBQUMseUJBQXlCLENBQUMsY0FBYyxFQUFFO2lCQUNwSTthQUNGO1NBQ0YsQ0FBQyxDQUNILENBQUM7UUFFRixzRkFBc0Y7UUFDdEYsb0ZBQW9GO1FBQ3BGLHdGQUF3RjtRQUN4RixpRUFBaUU7UUFDakUsMkNBQTJDO1FBQzNDLHdEQUF3RDtRQUN4RCx5REFBeUQ7UUFDekQsSUFBSSxhQUFtQyxDQUFDO1FBQ3hDLElBQUksS0FBSyxDQUFDLFdBQVcsSUFBSSxLQUFLLENBQUMsV0FBVyxDQUFDLGFBQWEsRUFBRSxDQUFDO1lBQ3pELGFBQWEsR0FBRyxLQUFLLENBQUMsV0FBVyxDQUFDLGFBQWEsQ0FBQztRQUNsRCxDQUFDO2FBQU0sSUFBSSxLQUFLLENBQUMsaUJBQWlCLElBQUksS0FBSyxDQUFDLGlCQUFpQixDQUFDLGFBQWEsRUFBRSxDQUFDO1lBQzVFLGFBQWEsR0FBRyxLQUFLLENBQUMsaUJBQWlCLENBQUMsYUFBYSxDQUFDO1FBQ3hELENBQUM7UUFFRCxJQUFJLGFBQWEsRUFBRSxDQUFDO1lBQ2xCLFNBQVMsQ0FBQyxvQ0FBb0MsQ0FBQyxJQUFJLEVBQUUsRUFBRSxFQUFHO2dCQUN4RCxZQUFZLEVBQUUsSUFBSSxDQUFDLHlCQUF5QjtnQkFDNUMsYUFBYTthQUNkLENBQUMsQ0FBQztRQUNMLENBQUM7SUFDSCxDQUFDOztBQXZISCx3Q0F3SEMiLCJzb3VyY2VzQ29udGVudCI6WyIvKipcbiAqICBDb3B5cmlnaHQgQW1hem9uLmNvbSwgSW5jLiBvciBpdHMgYWZmaWxpYXRlcy4gQWxsIFJpZ2h0cyBSZXNlcnZlZC5cbiAqXG4gKiAgTGljZW5zZWQgdW5kZXIgdGhlIEFwYWNoZSBMaWNlbnNlLCBWZXJzaW9uIDIuMCAodGhlIFwiTGljZW5zZVwiKS4gWW91IG1heSBub3QgdXNlIHRoaXMgZmlsZSBleGNlcHQgaW4gY29tcGxpYW5jZVxuICogIHdpdGggdGhlIExpY2Vuc2UuIEEgY29weSBvZiB0aGUgTGljZW5zZSBpcyBsb2NhdGVkIGF0XG4gKlxuICogICAgICBodHRwOi8vd3d3LmFwYWNoZS5vcmcvbGljZW5zZXMvTElDRU5TRS0yLjBcbiAqXG4gKiAgb3IgaW4gdGhlICdsaWNlbnNlJyBmaWxlIGFjY29tcGFueWluZyB0aGlzIGZpbGUuIFRoaXMgZmlsZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAnQVMgSVMnIEJBU0lTLCBXSVRIT1VUIFdBUlJBTlRJRVNcbiAqICBPUiBDT05ESVRJT05TIE9GIEFOWSBLSU5ELCBleHByZXNzIG9yIGltcGxpZWQuIFNlZSB0aGUgTGljZW5zZSBmb3IgdGhlIHNwZWNpZmljIGxhbmd1YWdlIGdvdmVybmluZyBwZXJtaXNzaW9uc1xuICogIGFuZCBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS5cbiAqL1xuXG5pbXBvcnQgeyBBd3MgfSBmcm9tICdhd3MtY2RrLWxpYic7XG5pbXBvcnQgKiBhcyBjbG91ZGZyb250IGZyb20gJ2F3cy1jZGstbGliL2F3cy1jbG91ZGZyb250JztcbmltcG9ydCAqIGFzIGlhbSBmcm9tICdhd3MtY2RrLWxpYi9hd3MtaWFtJztcbmltcG9ydCAqIGFzIGttcyBmcm9tICdhd3MtY2RrLWxpYi9hd3Mta21zJztcbmltcG9ydCAqIGFzIHMzIGZyb20gJ2F3cy1jZGstbGliL2F3cy1zMyc7XG5pbXBvcnQgKiBhcyBkZWZhdWx0cyBmcm9tICdAYXdzLXNvbHV0aW9ucy1jb25zdHJ1Y3RzL2NvcmUnO1xuaW1wb3J0ICogYXMgcmVzb3VyY2VzIGZyb20gJ0Bhd3Mtc29sdXRpb25zLWNvbnN0cnVjdHMvcmVzb3VyY2VzJztcbi8vIE5vdGU6IFRvIGVuc3VyZSBDREt2MiBjb21wYXRpYmlsaXR5LCBrZWVwIHRoZSBpbXBvcnQgc3RhdGVtZW50IGZvciBDb25zdHJ1Y3Qgc2VwYXJhdGVcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gJ2NvbnN0cnVjdHMnO1xuXG4vKipcbiAqIEBzdW1tYXJ5IFRoZSBwcm9wZXJ0aWVzIGZvciB0aGUgQ2xvdWRGcm9udFRvUzMgQ29uc3RydWN0XG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgQ2xvdWRGcm9udFRvUzNQcm9wcyB7XG4gIC8qKlxuICAgKiBPcHRpb25hbCB1c2VyIHByb3ZpZGVkIHByb3BzIHRvIG92ZXJyaWRlIHRoZSBkZWZhdWx0IHByb3BzXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gRGVmYXVsdCBwcm9wcyBhcmUgdXNlZFxuICAgKi9cbiAgcmVhZG9ubHkgY2xvdWRGcm9udERpc3RyaWJ1dGlvblByb3BzPzogY2xvdWRmcm9udC5EaXN0cmlidXRpb25Qcm9wcyB8IGFueSxcbiAgLyoqXG4gICAqIE9wdGlvbmFsIHVzZXIgcHJvdmlkZWQgcHJvcHMgdG8gdHVybiBvbi9vZmYgdGhlIGF1dG9tYXRpYyBpbmplY3Rpb24gb2YgYmVzdCBwcmFjdGljZSBIVFRQXG4gICAqIHNlY3VyaXR5IGhlYWRlcnMgaW4gYWxsIHJlc3BvbnNlcyBmcm9tIGNsb3VkZnJvbnQuXG4gICAqIFR1cm5pbmcgdGhpcyBvbiB3aWxsIGluamVjdCBkZWZhdWx0IGhlYWRlcnMgYW5kIGlzIG11dHVhbGx5IGV4Y2x1c2l2ZSB3aXRoIHBhc3NpbmcgY3VzdG9tIHNlY3VyaXR5IGhlYWRlcnNcbiAgICogdmlhIHRoZSByZXNwb25zZUhlYWRlcnNQb2xpY3lQcm9wcyBwYXJhbWV0ZXIuXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gdHJ1ZVxuICAgKi9cbiAgcmVhZG9ubHkgaW5zZXJ0SHR0cFNlY3VyaXR5SGVhZGVycz86IGJvb2xlYW47XG4gIC8qKlxuICAgKiBPcHRpb25hbCB1c2VyIHByb3ZpZGVkIGNvbmZpZ3VyYXRpb24gdGhhdCBjbG91ZGZyb250IGFwcGxpZXMgdG8gYWxsIGh0dHAgcmVzcG9uc2VzLlxuICAgKiBDYW4gYmUgdXNlZCB0byBwYXNzIGEgY3VzdG9tIFJlc3BvbnNlU2VjdXJpdHlIZWFkZXJzQmVoYXZpb3IsIFJlc3BvbnNlQ3VzdG9tSGVhZGVyc0JlaGF2aW9yIG9yXG4gICAqIFJlc3BvbnNlSGVhZGVyc0NvcnNCZWhhdmlvciB0byB0aGUgY2xvdWRmcm9udCBkaXN0cmlidXRpb24uXG4gICAqXG4gICAqIFBhc3NpbmcgYSBjdXN0b20gUmVzcG9uc2VTZWN1cml0eUhlYWRlcnNCZWhhdmlvciBpcyBtdXR1YWxseSBleGNsdXNpdmUgd2l0aCB0dXJuaW5nIG9uIHRoZSBkZWZhdWx0IHNlY3VyaXR5IGhlYWRlcnNcbiAgICogdmlhIGBpbnNlcnRIdHRwU2VjdXJpdHlIZWFkZXJzYCBwcm9wLiBXaWxsIHRocm93IGFuIGVycm9yIGlmIGJvdGggYGluc2VydEh0dHBTZWN1cml0eUhlYWRlcnNgIGlzIHNldCB0byBgdHJ1ZWBcbiAgICogYW5kIFJlc3BvbnNlU2VjdXJpdHlIZWFkZXJzQmVoYXZpb3IgaXMgcGFzc2VkLlxuICAgKlxuICAgKiBAZGVmYXVsdCAtIHVuZGVmaW5lZFxuICAgKi9cbiAgcmVhZG9ubHkgcmVzcG9uc2VIZWFkZXJzUG9saWN5UHJvcHM/OiBjbG91ZGZyb250LlJlc3BvbnNlSGVhZGVyc1BvbGljeVByb3BzXG4gIC8qKlxuICAgKiBPcHRpb25hbCB1c2VyIHByb3ZpZGVkIHByb3BzIHRvIHByb3ZpZGUgYW4gb3JpZ2luUGF0aCB0aGF0IENsb3VkRnJvbnQgYXBwZW5kcyB0byB0aGVcbiAgICogb3JpZ2luIGRvbWFpbiBuYW1lIHdoZW4gQ2xvdWRGcm9udCByZXF1ZXN0cyBjb250ZW50IGZyb20gdGhlIG9yaWdpbi5cbiAgICogVGhlIHN0cmluZyBzaG91bGQgc3RhcnQgd2l0aCBhIGAvYCwgZm9yIGV4YW1wbGUgYC9wcm9kdWN0aW9uYC5cbiAgICogQGRlZmF1bHQgPSAnLydcbiAgICovXG4gIHJlYWRvbmx5IG9yaWdpblBhdGg/OiBzdHJpbmcsXG5cbiAgLy8gPT09PT09PT09PT09PT09PT09PT09XG4gIC8vIFMzIENvbnRlbnQgQnVja2V0XG4gIC8vID09PT09PT09PT09PT09PT09PT09PVxuICAvKipcbiAgICogRXhpc3RpbmcgaW5zdGFuY2Ugb2YgUzMgQ29udGVudCBCdWNrZXQgb2JqZWN0LCBwcm92aWRpbmcgYm90aCB0aGlzIGFuZCBgYnVja2V0UHJvcHNgIHdpbGwgY2F1c2UgYW4gZXJyb3IuXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gTm9uZVxuICAgKi9cbiAgcmVhZG9ubHkgZXhpc3RpbmdCdWNrZXRPYmo/OiBzMy5JQnVja2V0LFxuICAvKipcbiAgICogT3B0aW9uYWwgdXNlciBwcm92aWRlZCBwcm9wcyB0byBvdmVycmlkZSB0aGUgZGVmYXVsdCBwcm9wcyBmb3IgdGhlIFMzIENvbnRlbnQgQnVja2V0LlxuICAgKlxuICAgKiBAZGVmYXVsdCAtIERlZmF1bHQgcHJvcHMgYXJlIHVzZWRcbiAgICovXG4gIHJlYWRvbmx5IGJ1Y2tldFByb3BzPzogczMuQnVja2V0UHJvcHMsXG5cbiAgLy8gPT09PT09PT09PT09PT09PT09PT09XG4gIC8vIFMzIENvbnRlbnQgQnVja2V0IEFjY2VzcyBMb2dzIEJ1Y2tldFxuICAvLyA9PT09PT09PT09PT09PT09PT09PT1cbiAgLyoqXG4gICAqIE9wdGlvbmFsIC0gV2hldGhlciB0byBtYWludGFpbiBhY2Nlc3MgbG9ncyBmb3IgdGhlIFMzIENvbnRlbnQgYnVja2V0XG4gICAqXG4gICAqIEBkZWZhdWx0IC0gdHJ1ZVxuICAgKi9cbiAgcmVhZG9ubHkgbG9nUzNBY2Nlc3NMb2dzPzogYm9vbGVhbixcbiAgLyoqXG4gICAqIE9wdGlvbmFsIHVzZXIgcHJvdmlkZWQgcHJvcHMgdG8gb3ZlcnJpZGUgdGhlIGRlZmF1bHQgcHJvcHMgZm9yIHRoZSBTMyBDb250ZW50IEJ1Y2tldCBBY2Nlc3MgTG9nIEJ1Y2tldC5cbiAgICpcbiAgICogQGRlZmF1bHQgLSBEZWZhdWx0IHByb3BzIGFyZSB1c2VkXG4gICAqL1xuICByZWFkb25seSBsb2dnaW5nQnVja2V0UHJvcHM/OiBzMy5CdWNrZXRQcm9wcyxcblxuICAvLyA9PT09PT09PT09PT09PT09PT09PT1cbiAgLy8gQ2xvdWRGcm9udCBMb2cgQnVja2V0XG4gIC8vID09PT09PT09PT09PT09PT09PT09PVxuICAvKipcbiAgICogT3B0aW9uYWwgdXNlciBwcm92aWRlZCBwcm9wcyB0byBvdmVycmlkZSB0aGUgZGVmYXVsdCBwcm9wcyBmb3IgdGhlIENsb3VkRnJvbnQgTG9nIEJ1Y2tldC5cbiAgICpcbiAgICogQGRlZmF1bHQgLSBEZWZhdWx0IHByb3BzIGFyZSB1c2VkXG4gICAqL1xuICByZWFkb25seSBjbG91ZEZyb250TG9nZ2luZ0J1Y2tldFByb3BzPzogczMuQnVja2V0UHJvcHMsXG5cbiAgLy8gPT09PT09PT09PT09PT09PT09PT09XG4gIC8vIENsb3VkRnJvbnQgTG9ncyBCdWNrZXQgQWNjZXNzIExvZyBCdWNrZXRcbiAgLy8gPT09PT09PT09PT09PT09PT09PT09XG4gIC8qKlxuICAgKiBPcHRpb25hbCAtIFdoZXRoZXIgdG8gbWFpbnRhaW4gYWNjZXNzIGxvZ3MgZm9yIHRoZSBDbG91ZEZyb250IExvZ2dpbmcgYnVja2V0LiBTcGVjaWZ5aW5nIGZhbHNlIGZvciB0aGlzXG4gICAqIHdoaWxlIHByb3ZpZGluZyBpbmZvIGFib3V0IHRoZSBsb2cgYnVja2V0IHdpbGwgY2F1c2UgYW4gZXJyb3IuXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gdHJ1ZVxuICAgKi9cbiAgcmVhZG9ubHkgbG9nQ2xvdWRGcm9udEFjY2Vzc0xvZz86IGJvb2xlYW4sXG4gIC8qKlxuICAgKiBPcHRpb25hbCB1c2VyIHByb3ZpZGVkIHByb3BzIHRvIG92ZXJyaWRlIHRoZSBkZWZhdWx0IHByb3BzIGZvciB0aGUgQ2xvdWRGcm9udCBMb2cgQnVja2V0IEFjY2VzcyBMb2cgYnVja2V0LlxuICAgKiBQcm92aWRpbmcgYm90aCB0aGlzIGFuZCBgZXhpc3RpbmdjbG91ZEZyb250TG9nZ2luZ0J1Y2tldEFjY2Vzc0xvZ0J1Y2tldGAgd2lsbCBjYXVzZSBhbiBlcnJvclxuICAgKlxuICAgKiBAZGVmYXVsdCAtIERlZmF1bHQgcHJvcHMgYXJlIHVzZWRcbiAgICovXG4gIHJlYWRvbmx5IGNsb3VkRnJvbnRMb2dnaW5nQnVja2V0QWNjZXNzTG9nQnVja2V0UHJvcHM/OiBzMy5CdWNrZXRQcm9wcyxcbn1cblxuZXhwb3J0IGNsYXNzIENsb3VkRnJvbnRUb1MzIGV4dGVuZHMgQ29uc3RydWN0IHtcbiAgcHVibGljIHJlYWRvbmx5IGNsb3VkRnJvbnRXZWJEaXN0cmlidXRpb246IGNsb3VkZnJvbnQuRGlzdHJpYnV0aW9uO1xuICBwdWJsaWMgcmVhZG9ubHkgY2xvdWRGcm9udEZ1bmN0aW9uPzogY2xvdWRmcm9udC5GdW5jdGlvbjtcbiAgcHVibGljIHJlYWRvbmx5IGNsb3VkRnJvbnRMb2dnaW5nQnVja2V0PzogczMuQnVja2V0O1xuICBwdWJsaWMgcmVhZG9ubHkgY2xvdWRGcm9udExvZ2dpbmdCdWNrZXRBY2Nlc3NMb2dCdWNrZXQ/OiBzMy5CdWNrZXQ7XG4gIHB1YmxpYyByZWFkb25seSBzM0J1Y2tldEludGVyZmFjZTogczMuSUJ1Y2tldDtcbiAgcHVibGljIHJlYWRvbmx5IHMzQnVja2V0PzogczMuQnVja2V0O1xuICBwdWJsaWMgcmVhZG9ubHkgczNMb2dnaW5nQnVja2V0PzogczMuQnVja2V0O1xuICBwdWJsaWMgcmVhZG9ubHkgb3JpZ2luQWNjZXNzQ29udHJvbD86IGNsb3VkZnJvbnQuQ2ZuT3JpZ2luQWNjZXNzQ29udHJvbDtcblxuICAvKipcbiAgICogQHN1bW1hcnkgQ29uc3RydWN0cyBhIG5ldyBpbnN0YW5jZSBvZiB0aGUgQ2xvdWRGcm9udFRvUzMgY2xhc3MuXG4gICAqIEBwYXJhbSB7Q29uc3RydWN0fSBzY29wZSAtIHJlcHJlc2VudHMgdGhlIHNjb3BlIGZvciBhbGwgdGhlIHJlc291cmNlcy5cbiAgICogQHBhcmFtIHtzdHJpbmd9IGlkIC0gdGhpcyBpcyBhIGEgc2NvcGUtdW5pcXVlIGlkLlxuICAgKiBAcGFyYW0ge0Nsb3VkRnJvbnRUb1MzUHJvcHN9IHByb3BzIC0gdXNlciBwcm92aWRlZCBwcm9wcyBmb3IgdGhlIGNvbnN0cnVjdFxuICAgKiBAc2luY2UgMC44LjBcbiAgICogQGFjY2VzcyBwdWJsaWNcbiAgICovXG4gIGNvbnN0cnVjdG9yKHNjb3BlOiBDb25zdHJ1Y3QsIGlkOiBzdHJpbmcsIHByb3BzOiBDbG91ZEZyb250VG9TM1Byb3BzKSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkKTtcblxuICAgIC8vIEFsbCBvdXIgdGVzdHMgYXJlIGJhc2VkIHVwb24gdGhpcyBiZWhhdmlvciBiZWluZyBvbiwgc28gd2UncmUgc2V0dGluZ1xuICAgIC8vIGNvbnRleHQgaGVyZSByYXRoZXIgdGhhbiBhc3N1bWluZyB0aGUgY2xpZW50IHdpbGwgc2V0IGl0XG4gICAgdGhpcy5ub2RlLnNldENvbnRleHQoXCJAYXdzLWNkay9hd3MtczM6c2VydmVyQWNjZXNzTG9nc1VzZUJ1Y2tldFBvbGljeVwiLCB0cnVlKTtcblxuICAgIGRlZmF1bHRzLkNoZWNrUzNQcm9wcyhwcm9wcyk7XG4gICAgZGVmYXVsdHMuQ2hlY2tDbG91ZEZyb250UHJvcHMocHJvcHMpO1xuICAgIGRlZmF1bHRzLkNoZWNrQ2xvdWRmcm9udFMzUHJvcHMocHJvcHMpO1xuXG4gICAgbGV0IG9yaWdpbkJ1Y2tldDogczMuSUJ1Y2tldDtcblxuICAgIGlmICghcHJvcHMuZXhpc3RpbmdCdWNrZXRPYmopIHtcbiAgICAgIGNvbnN0IGJ1aWxkUzNCdWNrZXRSZXNwb25zZSA9IGRlZmF1bHRzLmJ1aWxkUzNCdWNrZXQodGhpcywge1xuICAgICAgICBidWNrZXRQcm9wczogcHJvcHMuYnVja2V0UHJvcHMsXG4gICAgICAgIGxvZ2dpbmdCdWNrZXRQcm9wczogcHJvcHMubG9nZ2luZ0J1Y2tldFByb3BzLFxuICAgICAgICBsb2dTM0FjY2Vzc0xvZ3M6IHByb3BzLmxvZ1MzQWNjZXNzTG9nc1xuICAgICAgfSk7XG4gICAgICB0aGlzLnMzQnVja2V0ID0gYnVpbGRTM0J1Y2tldFJlc3BvbnNlLmJ1Y2tldDtcbiAgICAgIHRoaXMuczNMb2dnaW5nQnVja2V0ID0gYnVpbGRTM0J1Y2tldFJlc3BvbnNlLmxvZ2dpbmdCdWNrZXQ7XG4gICAgICBvcmlnaW5CdWNrZXQgPSB0aGlzLnMzQnVja2V0O1xuICAgIH0gZWxzZSB7XG4gICAgICBvcmlnaW5CdWNrZXQgPSBwcm9wcy5leGlzdGluZ0J1Y2tldE9iajtcbiAgICB9XG5cbiAgICB0aGlzLnMzQnVja2V0SW50ZXJmYWNlID0gb3JpZ2luQnVja2V0O1xuXG4gICAgLy8gRGVmaW5lIHRoZSBDbG91ZEZyb250IERpc3RyaWJ1dGlvblxuICAgIGNvbnN0IGNsb3VkRnJvbnREaXN0cmlidXRpb25Gb3JTM1Byb3BzOiBkZWZhdWx0cy5DcmVhdGVDbG91ZEZyb250RGlzdHJpYnV0aW9uRm9yUzNQcm9wcyA9IHtcbiAgICAgIHNvdXJjZUJ1Y2tldDogdGhpcy5zM0J1Y2tldEludGVyZmFjZSxcbiAgICAgIGNsb3VkRnJvbnREaXN0cmlidXRpb25Qcm9wczogcHJvcHMuY2xvdWRGcm9udERpc3RyaWJ1dGlvblByb3BzLFxuICAgICAgaHR0cFNlY3VyaXR5SGVhZGVyczogcHJvcHMuaW5zZXJ0SHR0cFNlY3VyaXR5SGVhZGVycyxcbiAgICAgIGNsb3VkRnJvbnRMb2dnaW5nQnVja2V0UHJvcHM6IHByb3BzLmNsb3VkRnJvbnRMb2dnaW5nQnVja2V0UHJvcHMsXG4gICAgICByZXNwb25zZUhlYWRlcnNQb2xpY3lQcm9wczogcHJvcHMucmVzcG9uc2VIZWFkZXJzUG9saWN5UHJvcHMsXG4gICAgICBjbG91ZEZyb250TG9nZ2luZ0J1Y2tldFMzQWNjZXNzTG9nQnVja2V0UHJvcHM6IHByb3BzLmNsb3VkRnJvbnRMb2dnaW5nQnVja2V0QWNjZXNzTG9nQnVja2V0UHJvcHMsXG4gICAgICBsb2dDbG91ZEZyb250QWNjZXNzTG9nOiBwcm9wcy5sb2dDbG91ZEZyb250QWNjZXNzTG9nXG4gICAgfTtcbiAgICBjb25zdCBjbG91ZEZyb250RGlzdHJpYnV0aW9uRm9yUzNSZXNwb25zZSA9IGRlZmF1bHRzLmNyZWF0ZUNsb3VkRnJvbnREaXN0cmlidXRpb25Gb3JTMyh0aGlzLCBpZCwgY2xvdWRGcm9udERpc3RyaWJ1dGlvbkZvclMzUHJvcHMpO1xuICAgIHRoaXMuY2xvdWRGcm9udFdlYkRpc3RyaWJ1dGlvbiA9IGNsb3VkRnJvbnREaXN0cmlidXRpb25Gb3JTM1Jlc3BvbnNlLmRpc3RyaWJ1dGlvbjtcbiAgICB0aGlzLmNsb3VkRnJvbnRGdW5jdGlvbiA9IGNsb3VkRnJvbnREaXN0cmlidXRpb25Gb3JTM1Jlc3BvbnNlLmNsb3VkZnJvbnRGdW5jdGlvbjtcbiAgICB0aGlzLmNsb3VkRnJvbnRMb2dnaW5nQnVja2V0ID0gY2xvdWRGcm9udERpc3RyaWJ1dGlvbkZvclMzUmVzcG9uc2UubG9nZ2luZ0J1Y2tldDtcbiAgICB0aGlzLm9yaWdpbkFjY2Vzc0NvbnRyb2wgPSBjbG91ZEZyb250RGlzdHJpYnV0aW9uRm9yUzNSZXNwb25zZS5vcmlnaW5BY2Nlc3NDb250cm9sO1xuICAgIHRoaXMuY2xvdWRGcm9udExvZ2dpbmdCdWNrZXRBY2Nlc3NMb2dCdWNrZXQgPSBjbG91ZEZyb250RGlzdHJpYnV0aW9uRm9yUzNSZXNwb25zZS5sb2dnaW5nQnVja2V0UzNBY2Nlc3NzTG9nQnVja2V0O1xuXG4gICAgLy8gQXR0YWNoIHRoZSBPcmlnaW5BY2Nlc3NDb250cm9sIHRvIHRoZSBDbG91ZEZyb250IERpc3RyaWJ1dGlvbiwgYW5kIHJlbW92ZSB0aGUgT3JpZ2luQWNjZXNzSWRlbnRpdHlcbiAgICBjb25zdCBsMUNsb3VkRnJvbnREaXN0cmlidXRpb24gPSB0aGlzLmNsb3VkRnJvbnRXZWJEaXN0cmlidXRpb24ubm9kZS5kZWZhdWx0Q2hpbGQgYXMgY2xvdWRmcm9udC5DZm5EaXN0cmlidXRpb247XG4gICAgbDFDbG91ZEZyb250RGlzdHJpYnV0aW9uLmFkZFByb3BlcnR5T3ZlcnJpZGUoJ0Rpc3RyaWJ1dGlvbkNvbmZpZy5PcmlnaW5zLjAuT3JpZ2luQWNjZXNzQ29udHJvbElkJywgdGhpcy5vcmlnaW5BY2Nlc3NDb250cm9sPy5hdHRySWQpO1xuICAgIGlmIChwcm9wcy5vcmlnaW5QYXRoKSB7XG4gICAgICBsMUNsb3VkRnJvbnREaXN0cmlidXRpb24uYWRkUHJvcGVydHlPdmVycmlkZSgnRGlzdHJpYnV0aW9uQ29uZmlnLk9yaWdpbnMuMC5PcmlnaW5QYXRoJywgcHJvcHMub3JpZ2luUGF0aCk7XG4gICAgfVxuXG4gICAgLy8gR3JhbnQgQ2xvdWRGcm9udCBwZXJtaXNzaW9uIHRvIGdldCB0aGUgb2JqZWN0cyBmcm9tIHRoZSBzMyBidWNrZXQgb3JpZ2luXG4gICAgb3JpZ2luQnVja2V0LmFkZFRvUmVzb3VyY2VQb2xpY3koXG4gICAgICBuZXcgaWFtLlBvbGljeVN0YXRlbWVudCh7XG4gICAgICAgIGVmZmVjdDogaWFtLkVmZmVjdC5BTExPVyxcbiAgICAgICAgYWN0aW9uczogWydzMzpHZXRPYmplY3QnXSxcbiAgICAgICAgcHJpbmNpcGFsczogW25ldyBpYW0uU2VydmljZVByaW5jaXBhbCgnY2xvdWRmcm9udC5hbWF6b25hd3MuY29tJyldLFxuICAgICAgICByZXNvdXJjZXM6IFtvcmlnaW5CdWNrZXQuYXJuRm9yT2JqZWN0cygnKicpXSxcbiAgICAgICAgY29uZGl0aW9uczoge1xuICAgICAgICAgIFN0cmluZ0VxdWFsczoge1xuICAgICAgICAgICAgJ0FXUzpTb3VyY2VBcm4nOiBgYXJuOiR7QXdzLlBBUlRJVElPTn06Y2xvdWRmcm9udDo6JHtBd3MuQUNDT1VOVF9JRH06ZGlzdHJpYnV0aW9uLyR7dGhpcy5jbG91ZEZyb250V2ViRGlzdHJpYnV0aW9uLmRpc3RyaWJ1dGlvbklkfWBcbiAgICAgICAgICB9XG4gICAgICAgIH1cbiAgICAgIH0pXG4gICAgKTtcblxuICAgIG9yaWdpbkJ1Y2tldC5hZGRUb1Jlc291cmNlUG9saWN5KFxuICAgICAgbmV3IGlhbS5Qb2xpY3lTdGF0ZW1lbnQoe1xuICAgICAgICBlZmZlY3Q6IGlhbS5FZmZlY3QuQUxMT1csXG4gICAgICAgIGFjdGlvbnM6IFsnczM6TGlzdEJ1Y2tldCddLFxuICAgICAgICBwcmluY2lwYWxzOiBbbmV3IGlhbS5TZXJ2aWNlUHJpbmNpcGFsKCdjbG91ZGZyb250LmFtYXpvbmF3cy5jb20nKV0sXG4gICAgICAgIHJlc291cmNlczogW29yaWdpbkJ1Y2tldC5idWNrZXRBcm5dLFxuICAgICAgICBjb25kaXRpb25zOiB7XG4gICAgICAgICAgU3RyaW5nRXF1YWxzOiB7XG4gICAgICAgICAgICAnQVdTOlNvdXJjZUFybic6IGBhcm46JHtBd3MuUEFSVElUSU9OfTpjbG91ZGZyb250Ojoke0F3cy5BQ0NPVU5UX0lEfTpkaXN0cmlidXRpb24vJHt0aGlzLmNsb3VkRnJvbnRXZWJEaXN0cmlidXRpb24uZGlzdHJpYnV0aW9uSWR9YFxuICAgICAgICAgIH1cbiAgICAgICAgfVxuICAgICAgfSlcbiAgICApO1xuXG4gICAgLy8gV2UgbmVlZCB0byBjcmVhdGUgYSBjdXN0b20gcmVzb3VyY2UgdG8gaW50cm9kdWNlIHRoZSBpbmRpcmVjdGlvbiBuZWNlc3NhcnkgdG8gYXZvaWRcbiAgICAvLyBhIGNpcmN1bGFyIGRlcGVuZGVuY3kgd2hlbiBncmFudGluZyB0aGUgQ2xvdWRGcm9udCBkaXN0cmlidXRpb24gYWNjZXNzIHRvIHVzZSB0aGVcbiAgICAvLyBLTVMga2V5IHRvIGRlY3J5cHQgb2JqZWN0cy4gV2l0aG91dCB0aGlzIGluZGlyZWN0aW9uLCBpdCBpcyBub3QgcG9zc2libGUgdG8gcmVmZXJlbmNlXG4gICAgLy8gdGhlIENsb3VkRnJvbnQgZGlzdHJpYnV0aW9uIElEIGluIHRoZSBLTVMga2V5IHBvbGljeSBiZWNhdXNlIC1cbiAgICAvLyAgICogVGhlIFMzIGJ1Y2tldCByZWZlcmVuY2VzIHRoZSBLTVMga2V5XG4gICAgLy8gICAqIFRoZSBDbG91ZEZyb250IGRpc3RyaWJ1dGlvbiByZWZlcmVuY2VzIHRoZSBidWNrZXRcbiAgICAvLyAgICogVGhlIEtNUyBrZXkgcmVmZXJlbmNlcyB0aGUgQ2xvdWRGcm9udCBkaXN0cmlidXRpb25cbiAgICBsZXQgZW5jcnlwdGlvbktleToga21zLklLZXkgfCB1bmRlZmluZWQ7XG4gICAgaWYgKHByb3BzLmJ1Y2tldFByb3BzICYmIHByb3BzLmJ1Y2tldFByb3BzLmVuY3J5cHRpb25LZXkpIHtcbiAgICAgIGVuY3J5cHRpb25LZXkgPSBwcm9wcy5idWNrZXRQcm9wcy5lbmNyeXB0aW9uS2V5O1xuICAgIH0gZWxzZSBpZiAocHJvcHMuZXhpc3RpbmdCdWNrZXRPYmogJiYgcHJvcHMuZXhpc3RpbmdCdWNrZXRPYmouZW5jcnlwdGlvbktleSkge1xuICAgICAgZW5jcnlwdGlvbktleSA9IHByb3BzLmV4aXN0aW5nQnVja2V0T2JqLmVuY3J5cHRpb25LZXk7XG4gICAgfVxuXG4gICAgaWYgKGVuY3J5cHRpb25LZXkpIHtcbiAgICAgIHJlc291cmNlcy5jcmVhdGVLZXlQb2xpY3lVcGRhdGVyQ3VzdG9tUmVzb3VyY2UodGhpcywgaWQsICB7XG4gICAgICAgIGRpc3RyaWJ1dGlvbjogdGhpcy5jbG91ZEZyb250V2ViRGlzdHJpYnV0aW9uLFxuICAgICAgICBlbmNyeXB0aW9uS2V5XG4gICAgICB9KTtcbiAgICB9XG4gIH1cbn0iXX0=
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@aws-solutions-constructs/aws-cloudfront-s3",
3
- "version": "2.90.3",
3
+ "version": "2.91.0",
4
4
  "description": "CDK Constructs for AWS Cloudfront to AWS S3 integration.",
5
5
  "main": "lib/index.js",
6
6
  "types": "lib/index.d.ts",
@@ -55,15 +55,15 @@
55
55
  }
56
56
  },
57
57
  "dependencies": {
58
- "@aws-solutions-constructs/core": "2.90.3",
59
- "@aws-solutions-constructs/resources": "2.90.3",
58
+ "@aws-solutions-constructs/core": "2.91.0",
59
+ "@aws-solutions-constructs/resources": "2.91.0",
60
60
  "constructs": "^10.0.0"
61
61
  },
62
62
  "devDependencies": {
63
- "@aws-cdk/integ-tests-alpha": "2.206.0-alpha.0",
63
+ "@aws-cdk/integ-tests-alpha": "2.210.0-alpha.0",
64
64
  "@types/node": "^10.3.0",
65
65
  "constructs": "^10.0.0",
66
- "aws-cdk-lib": "2.206.0"
66
+ "aws-cdk-lib": "2.210.0"
67
67
  },
68
68
  "jest": {
69
69
  "moduleFileExtensions": [
@@ -80,10 +80,10 @@
80
80
  ]
81
81
  },
82
82
  "peerDependencies": {
83
- "@aws-solutions-constructs/core": "2.90.3",
84
- "@aws-solutions-constructs/resources": "2.90.3",
83
+ "@aws-solutions-constructs/core": "2.91.0",
84
+ "@aws-solutions-constructs/resources": "2.91.0",
85
85
  "constructs": "^10.0.0",
86
- "aws-cdk-lib": "^2.206.0"
86
+ "aws-cdk-lib": "^2.210.0"
87
87
  },
88
88
  "keywords": [
89
89
  "aws",
@@ -1 +0,0 @@
1
- "use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.Retry=exports.includeStackTraces=exports.MISSING_PHYSICAL_ID_MARKER=exports.CREATE_FAILED_PHYSICAL_ID_MARKER=void 0,exports.submitResponse=submitResponse,exports.safeHandler=safeHandler,exports.redactDataFromPayload=redactDataFromPayload;const url=require("url"),outbound_1=require("./outbound"),util_1=require("./util");exports.CREATE_FAILED_PHYSICAL_ID_MARKER="AWSCDK::CustomResourceProviderFramework::CREATE_FAILED",exports.MISSING_PHYSICAL_ID_MARKER="AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID";async function submitResponse(status,event,options={}){const json={Status:status,Reason:options.reason||status,StackId:event.StackId,RequestId:event.RequestId,PhysicalResourceId:event.PhysicalResourceId||exports.MISSING_PHYSICAL_ID_MARKER,LogicalResourceId:event.LogicalResourceId,NoEcho:options.noEcho,Data:event.Data},responseBody=JSON.stringify(json),parsedUrl=url.parse(event.ResponseURL),loggingSafeUrl=`${parsedUrl.protocol}//${parsedUrl.hostname}/${parsedUrl.pathname}?***`;options?.noEcho?(0,util_1.log)("submit redacted response to cloudformation",loggingSafeUrl,redactDataFromPayload(json)):(0,util_1.log)("submit response to cloudformation",loggingSafeUrl,json);const retryOptions={attempts:5,sleep:1e3};await(0,util_1.withRetries)(retryOptions,outbound_1.httpRequest)({hostname:parsedUrl.hostname,path:parsedUrl.path,method:"PUT",headers:{"content-type":"","content-length":Buffer.byteLength(responseBody,"utf8")}},responseBody)}exports.includeStackTraces=!0;function safeHandler(block){return async event=>{if(event.RequestType==="Delete"&&event.PhysicalResourceId===exports.CREATE_FAILED_PHYSICAL_ID_MARKER){(0,util_1.log)("ignoring DELETE event caused by a failed CREATE event"),await submitResponse("SUCCESS",event);return}try{await block(event)}catch(e){if(e instanceof Retry)throw(0,util_1.log)("retry requested by handler"),e;event.PhysicalResourceId||(event.RequestType==="Create"?((0,util_1.log)("CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored"),event.PhysicalResourceId=exports.CREATE_FAILED_PHYSICAL_ID_MARKER):(0,util_1.log)(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify({...event,ResponseURL:"..."})}`)),await submitResponse("FAILED",event,{reason:exports.includeStackTraces?e.stack:e.message})}}}function redactDataFromPayload(payload){const redactedPayload=JSON.parse(JSON.stringify(payload));if(redactedPayload.Data){const keys=Object.keys(redactedPayload.Data);for(const key of keys)redactedPayload.Data[key]="*****"}return redactedPayload}class Retry extends Error{}exports.Retry=Retry;
@@ -1 +0,0 @@
1
- "use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.FRAMEWORK_ON_TIMEOUT_HANDLER_NAME=exports.FRAMEWORK_IS_COMPLETE_HANDLER_NAME=exports.FRAMEWORK_ON_EVENT_HANDLER_NAME=exports.WAITER_STATE_MACHINE_ARN_ENV=exports.USER_IS_COMPLETE_FUNCTION_ARN_ENV=exports.USER_ON_EVENT_FUNCTION_ARN_ENV=void 0,exports.USER_ON_EVENT_FUNCTION_ARN_ENV="USER_ON_EVENT_FUNCTION_ARN",exports.USER_IS_COMPLETE_FUNCTION_ARN_ENV="USER_IS_COMPLETE_FUNCTION_ARN",exports.WAITER_STATE_MACHINE_ARN_ENV="WAITER_STATE_MACHINE_ARN",exports.FRAMEWORK_ON_EVENT_HANDLER_NAME="onEvent",exports.FRAMEWORK_IS_COMPLETE_HANDLER_NAME="isComplete",exports.FRAMEWORK_ON_TIMEOUT_HANDLER_NAME="onTimeout";
@@ -1,3 +0,0 @@
1
- "use strict";const cfnResponse=require("./cfn-response"),consts=require("./consts"),outbound_1=require("./outbound"),util_1=require("./util");async function onEvent(cfnRequest){const sanitizedRequest={...cfnRequest,ResponseURL:"..."};(0,util_1.log)("onEventHandler",sanitizedRequest),cfnRequest.ResourceProperties=cfnRequest.ResourceProperties||{};const onEventResult=await invokeUserFunction(consts.USER_ON_EVENT_FUNCTION_ARN_ENV,sanitizedRequest,cfnRequest.ResponseURL);onEventResult?.NoEcho?(0,util_1.log)("redacted onEvent returned:",cfnResponse.redactDataFromPayload(onEventResult)):(0,util_1.log)("onEvent returned:",onEventResult);const resourceEvent=createResponseEvent(cfnRequest,onEventResult),sanitizedEvent={...resourceEvent,ResponseURL:"..."};if(onEventResult?.NoEcho?(0,util_1.log)("readacted event:",cfnResponse.redactDataFromPayload(sanitizedEvent)):(0,util_1.log)("event:",sanitizedEvent),!process.env[consts.USER_IS_COMPLETE_FUNCTION_ARN_ENV])return cfnResponse.submitResponse("SUCCESS",resourceEvent,{noEcho:resourceEvent.NoEcho});const waiter={stateMachineArn:(0,util_1.getEnv)(consts.WAITER_STATE_MACHINE_ARN_ENV),name:resourceEvent.RequestId,input:JSON.stringify(resourceEvent)};(0,util_1.log)("starting waiter",{stateMachineArn:(0,util_1.getEnv)(consts.WAITER_STATE_MACHINE_ARN_ENV),name:resourceEvent.RequestId}),await(0,outbound_1.startExecution)(waiter)}async function isComplete(event){const sanitizedRequest={...event,ResponseURL:"..."};event?.NoEcho?(0,util_1.log)("redacted isComplete request",cfnResponse.redactDataFromPayload(sanitizedRequest)):(0,util_1.log)("isComplete",sanitizedRequest);const isCompleteResult=await invokeUserFunction(consts.USER_IS_COMPLETE_FUNCTION_ARN_ENV,sanitizedRequest,event.ResponseURL);if(event?.NoEcho?(0,util_1.log)("redacted user isComplete returned:",cfnResponse.redactDataFromPayload(isCompleteResult)):(0,util_1.log)("user isComplete returned:",isCompleteResult),!isCompleteResult.IsComplete)throw isCompleteResult.Data&&Object.keys(isCompleteResult.Data).length>0?new Error('"Data" is not allowed if "IsComplete" is "False"'):new cfnResponse.Retry(JSON.stringify(event));const response={...event,...isCompleteResult,Data:{...event.Data,...isCompleteResult.Data}};await cfnResponse.submitResponse("SUCCESS",response,{noEcho:event.NoEcho})}async function onTimeout(timeoutEvent){(0,util_1.log)("timeoutHandler",timeoutEvent);const isCompleteRequest=JSON.parse(JSON.parse(timeoutEvent.Cause).errorMessage);await cfnResponse.submitResponse("FAILED",isCompleteRequest,{reason:"Operation timed out"})}async function invokeUserFunction(functionArnEnv,sanitizedPayload,responseUrl){const functionArn=(0,util_1.getEnv)(functionArnEnv);(0,util_1.log)(`executing user function ${functionArn} with payload`,sanitizedPayload);const resp=await(0,outbound_1.invokeFunction)({FunctionName:functionArn,Payload:JSON.stringify({...sanitizedPayload,ResponseURL:responseUrl})});(0,util_1.log)("user function response:",resp,typeof resp);const jsonPayload=(0,util_1.parseJsonPayload)(resp.Payload);if(resp.FunctionError){(0,util_1.log)("user function threw an error:",resp.FunctionError);const errorMessage=jsonPayload.errorMessage||"error",arn=functionArn.split(":"),functionName=arn[arn.length-1],message=[errorMessage,"",`Logs: /aws/lambda/${functionName}`,""].join(`
2
- `),e=new Error(message);throw jsonPayload.trace&&(e.stack=[message,...jsonPayload.trace.slice(1)].join(`
3
- `)),e}return jsonPayload}function createResponseEvent(cfnRequest,onEventResult){onEventResult=onEventResult||{};const physicalResourceId=onEventResult.PhysicalResourceId||defaultPhysicalResourceId(cfnRequest);if(cfnRequest.RequestType==="Delete"&&physicalResourceId!==cfnRequest.PhysicalResourceId)throw new Error(`DELETE: cannot change the physical resource ID from "${cfnRequest.PhysicalResourceId}" to "${onEventResult.PhysicalResourceId}" during deletion`);return cfnRequest.RequestType==="Update"&&physicalResourceId!==cfnRequest.PhysicalResourceId&&(0,util_1.log)(`UPDATE: changing physical resource ID from "${cfnRequest.PhysicalResourceId}" to "${onEventResult.PhysicalResourceId}"`),{...cfnRequest,...onEventResult,PhysicalResourceId:physicalResourceId}}function defaultPhysicalResourceId(req){switch(req.RequestType){case"Create":return req.RequestId;case"Update":case"Delete":return req.PhysicalResourceId;default:throw new Error(`Invalid "RequestType" in request "${JSON.stringify(req)}"`)}}module.exports={[consts.FRAMEWORK_ON_EVENT_HANDLER_NAME]:cfnResponse.safeHandler(onEvent),[consts.FRAMEWORK_IS_COMPLETE_HANDLER_NAME]:cfnResponse.safeHandler(isComplete),[consts.FRAMEWORK_ON_TIMEOUT_HANDLER_NAME]:onTimeout};
@@ -1 +0,0 @@
1
- "use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.httpRequest=exports.invokeFunction=exports.startExecution=void 0;const https=require("https"),client_lambda_1=require("@aws-sdk/client-lambda"),client_sfn_1=require("@aws-sdk/client-sfn"),FRAMEWORK_HANDLER_TIMEOUT=9e5,awsSdkConfig={httpOptions:{timeout:FRAMEWORK_HANDLER_TIMEOUT}};async function defaultHttpRequest(options,requestBody){return new Promise((resolve,reject)=>{try{const request=https.request(options,response=>{response.resume(),!response.statusCode||response.statusCode>=400?reject(new Error(`Unsuccessful HTTP response: ${response.statusCode}`)):resolve()});request.on("error",reject),request.write(requestBody),request.end()}catch(e){reject(e)}})}let sfn,lambda;async function defaultStartExecution(req){return sfn||(sfn=new client_sfn_1.SFN(awsSdkConfig)),sfn.startExecution(req)}async function defaultInvokeFunction(req){lambda||(lambda=new client_lambda_1.Lambda(awsSdkConfig));try{return await lambda.invoke(req)}catch{return await(0,client_lambda_1.waitUntilFunctionActiveV2)({client:lambda,maxWaitTime:300},{FunctionName:req.FunctionName}),lambda.invoke(req)}}exports.startExecution=defaultStartExecution,exports.invokeFunction=defaultInvokeFunction,exports.httpRequest=defaultHttpRequest;
@@ -1 +0,0 @@
1
- "use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.getEnv=getEnv,exports.log=log,exports.withRetries=withRetries,exports.parseJsonPayload=parseJsonPayload;function getEnv(name){const value=process.env[name];if(!value)throw new Error(`The environment variable "${name}" is not defined`);return value}function log(title,...args){console.log("[provider-framework]",title,...args.map(x=>typeof x=="object"?JSON.stringify(x,void 0,2):x))}function withRetries(options,fn){return async(...xs)=>{let attempts=options.attempts,ms=options.sleep;for(;;)try{return await fn(...xs)}catch(e){if(attempts--<=0)throw e;await sleep(Math.floor(Math.random()*ms)),ms*=2}}}async function sleep(ms){return new Promise(ok=>setTimeout(ok,ms))}function parseJsonPayload(payload){const text=new TextDecoder().decode(Buffer.from(payload??""));if(!text)return{};try{return JSON.parse(text)}catch{throw new Error(`return values from user-handlers must be JSON objects. got: "${text}"`)}}
@@ -1,30 +0,0 @@
1
- /**
2
- * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
3
- *
4
- * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
5
- * with the License. A copy of the License is located at
6
- *
7
- * http://www.apache.org/licenses/LICENSE-2.0
8
- *
9
- * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
10
- * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
11
- * and limitations under the License.
12
- */
13
- export declare const handler: (event: any, context: any) => Promise<{
14
- Status: string;
15
- Reason: string;
16
- PhysicalResourceId: any;
17
- StackId: any;
18
- RequestId: any;
19
- LogicalResourceId: any;
20
- Data: {};
21
- }>;
22
- /**
23
- * Updates a provided key policy with a provided key policy statement. First checks whether the provided key policy statement
24
- * already exists. If an existing key policy is found with a matching sid, the provided key policy will overwrite the existing
25
- * key policy. If no matching key policy is found, the provided key policy will be appended onto the array of policy statements.
26
- * @param keyPolicy - the JSON.parse'd result of the otherwise stringified key policy.
27
- * @param keyPolicyStatement - the key policy statement to be added to the key policy.
28
- * @returns keyPolicy - the updated key policy.
29
- */
30
- export declare const updateKeyPolicy: (keyPolicy: any, keyPolicyStatement: any) => any;
@@ -1,129 +0,0 @@
1
- "use strict";
2
- /**
3
- * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
4
- *
5
- * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
6
- * with the License. A copy of the License is located at
7
- *
8
- * http://www.apache.org/licenses/LICENSE-2.0
9
- *
10
- * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
11
- * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
12
- * and limitations under the License.
13
- */
14
- Object.defineProperty(exports, "__esModule", { value: true });
15
- exports.updateKeyPolicy = exports.handler = void 0;
16
- const client_kms_1 = require("@aws-sdk/client-kms");
17
- const kmsClient = new client_kms_1.KMSClient();
18
- const handler = async (event, context) => {
19
- let status = 'SUCCESS';
20
- let responseData = {};
21
- if (event.RequestType === 'Create' || event.RequestType === 'Update') {
22
- try {
23
- const kmsKeyId = event.ResourceProperties.KmsKeyId;
24
- const cloudFrontDistributionId = event.ResourceProperties.CloudFrontDistributionId;
25
- const accountId = event.ResourceProperties.AccountId;
26
- const region = process.env.AWS_REGION;
27
- const describeKeyCommandResponse = await kmsClient.send(new client_kms_1.DescribeKeyCommand({
28
- KeyId: kmsKeyId
29
- }));
30
- if (describeKeyCommandResponse.KeyMetadata?.KeyManager === client_kms_1.KeyManagerType.AWS) {
31
- return {
32
- Status: 'SUCCESS',
33
- Reason: 'An AWS managed key was provided, no action needed from the custom resource, exiting now.',
34
- PhysicalResourceId: event.PhysicalResourceId ?? context.logStreamName,
35
- StackId: event.StackId,
36
- RequestId: event.RequestId,
37
- LogicalResourceId: event.LogicalResourceId,
38
- Data: 'An AWS managed key was provided, no action needed from the custom resource, exiting now.',
39
- };
40
- }
41
- // The PolicyName is specified as "default" below because that is the only valid name as
42
- // written in the documentation for @aws-sdk/client-kms.GetKeyPolicyCommandInput:
43
- // https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-kms/Interface/GetKeyPolicyCommandInput/
44
- const getKeyPolicyCommandResponse = await kmsClient.send(new client_kms_1.GetKeyPolicyCommand({
45
- KeyId: kmsKeyId,
46
- PolicyName: 'default'
47
- }));
48
- if (!getKeyPolicyCommandResponse.Policy) {
49
- return {
50
- Status: 'FAILED',
51
- Reason: 'An error occurred while retrieving the key policy.',
52
- PhysicalResourceId: event.PhysicalResourceId ?? context.logStreamName,
53
- StackId: event.StackId,
54
- RequestId: event.RequestId,
55
- LogicalResourceId: event.LogicalResourceId,
56
- Data: 'An error occurred while retrieving the key policy.',
57
- };
58
- }
59
- // Define the updated key policy to allow CloudFront access
60
- const keyPolicy = JSON.parse(getKeyPolicyCommandResponse?.Policy);
61
- const keyPolicyStatement = {
62
- Sid: 'Grant-CloudFront-Distribution-Key-Usage',
63
- Effect: 'Allow',
64
- Principal: {
65
- Service: 'cloudfront.amazonaws.com',
66
- },
67
- Action: [
68
- 'kms:Decrypt',
69
- 'kms:Encrypt',
70
- 'kms:GenerateDataKey*',
71
- 'kms:ReEncrypt*'
72
- ],
73
- Resource: `arn:aws:kms:${region}:${accountId}:key/${kmsKeyId}`,
74
- Condition: {
75
- StringEquals: {
76
- 'AWS:SourceArn': `arn:aws:cloudfront::${accountId}:distribution/${cloudFrontDistributionId}`
77
- }
78
- }
79
- };
80
- const updatedKeyPolicy = (0, exports.updateKeyPolicy)(keyPolicy, keyPolicyStatement);
81
- await kmsClient.send(new client_kms_1.PutKeyPolicyCommand({
82
- KeyId: kmsKeyId,
83
- Policy: JSON.stringify(updatedKeyPolicy),
84
- PolicyName: 'default'
85
- }));
86
- }
87
- catch (err) {
88
- status = 'FAILED';
89
- responseData = {
90
- Error: JSON.stringify(err)
91
- };
92
- }
93
- }
94
- return {
95
- Status: status,
96
- Reason: JSON.stringify(responseData),
97
- PhysicalResourceId: event.PhysicalResourceId ?? context.logStreamName,
98
- StackId: event.StackId,
99
- RequestId: event.RequestId,
100
- LogicalResourceId: event.LogicalResourceId,
101
- Data: responseData,
102
- };
103
- };
104
- exports.handler = handler;
105
- /**
106
- * Updates a provided key policy with a provided key policy statement. First checks whether the provided key policy statement
107
- * already exists. If an existing key policy is found with a matching sid, the provided key policy will overwrite the existing
108
- * key policy. If no matching key policy is found, the provided key policy will be appended onto the array of policy statements.
109
- * @param keyPolicy - the JSON.parse'd result of the otherwise stringified key policy.
110
- * @param keyPolicyStatement - the key policy statement to be added to the key policy.
111
- * @returns keyPolicy - the updated key policy.
112
- */
113
- const updateKeyPolicy = (keyPolicy, keyPolicyStatement) => {
114
- // Check to see if a duplicate key policy exists by matching on the sid. This is to prevent duplicate key policies
115
- // from being added/updated in response to a stack being updated one or more times after initial creation.
116
- const existingKeyPolicyIndex = keyPolicy.Statement.findIndex((statement) => statement.Sid === keyPolicyStatement.Sid);
117
- // If a match is found, overwrite the key policy statement...
118
- // Otherwise, push the new key policy to the array of statements
119
- if (existingKeyPolicyIndex > -1) {
120
- keyPolicy.Statement[existingKeyPolicyIndex] = keyPolicyStatement;
121
- }
122
- else {
123
- keyPolicy.Statement.push(keyPolicyStatement);
124
- }
125
- // Return the result
126
- return keyPolicy;
127
- };
128
- exports.updateKeyPolicy = updateKeyPolicy;
129
- //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJpbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiO0FBQUE7Ozs7Ozs7Ozs7O0dBV0c7OztBQUVILG9EQUE4SDtBQUU5SCxNQUFNLFNBQVMsR0FBRyxJQUFJLHNCQUFTLEVBQUUsQ0FBQztBQUUzQixNQUFNLE9BQU8sR0FBRyxLQUFLLEVBQUUsS0FBVSxFQUFFLE9BQVksRUFBRSxFQUFFO0lBRXhELElBQUksTUFBTSxHQUFHLFNBQVMsQ0FBQztJQUN2QixJQUFJLFlBQVksR0FBRyxFQUFFLENBQUM7SUFFdEIsSUFBSSxLQUFLLENBQUMsV0FBVyxLQUFLLFFBQVEsSUFBSSxLQUFLLENBQUMsV0FBVyxLQUFLLFFBQVEsRUFBRSxDQUFDO1FBRXJFLElBQUksQ0FBQztZQUNILE1BQU0sUUFBUSxHQUFHLEtBQUssQ0FBQyxrQkFBa0IsQ0FBQyxRQUFRLENBQUM7WUFDbkQsTUFBTSx3QkFBd0IsR0FBRyxLQUFLLENBQUMsa0JBQWtCLENBQUMsd0JBQXdCLENBQUM7WUFDbkYsTUFBTSxTQUFTLEdBQUcsS0FBSyxDQUFDLGtCQUFrQixDQUFDLFNBQVMsQ0FBQztZQUNyRCxNQUFNLE1BQU0sR0FBRyxPQUFPLENBQUMsR0FBRyxDQUFDLFVBQVUsQ0FBQztZQUV0QyxNQUFNLDBCQUEwQixHQUFHLE1BQU0sU0FBUyxDQUFDLElBQUksQ0FBQyxJQUFJLCtCQUFrQixDQUFDO2dCQUM3RSxLQUFLLEVBQUUsUUFBUTthQUNoQixDQUFDLENBQUMsQ0FBQztZQUVKLElBQUksMEJBQTBCLENBQUMsV0FBVyxFQUFFLFVBQVUsS0FBSywyQkFBYyxDQUFDLEdBQUcsRUFBRSxDQUFDO2dCQUM5RSxPQUFPO29CQUNMLE1BQU0sRUFBRSxTQUFTO29CQUNqQixNQUFNLEVBQUUsMEZBQTBGO29CQUNsRyxrQkFBa0IsRUFBRSxLQUFLLENBQUMsa0JBQWtCLElBQUksT0FBTyxDQUFDLGFBQWE7b0JBQ3JFLE9BQU8sRUFBRSxLQUFLLENBQUMsT0FBTztvQkFDdEIsU0FBUyxFQUFFLEtBQUssQ0FBQyxTQUFTO29CQUMxQixpQkFBaUIsRUFBRSxLQUFLLENBQUMsaUJBQWlCO29CQUMxQyxJQUFJLEVBQUUsMEZBQTBGO2lCQUNqRyxDQUFDO1lBQ0osQ0FBQztZQUVELHdGQUF3RjtZQUN4RixpRkFBaUY7WUFDakYseUhBQXlIO1lBQ3pILE1BQU0sMkJBQTJCLEdBQUcsTUFBTSxTQUFTLENBQUMsSUFBSSxDQUFDLElBQUksZ0NBQW1CLENBQUM7Z0JBQy9FLEtBQUssRUFBRSxRQUFRO2dCQUNmLFVBQVUsRUFBRSxTQUFTO2FBQ3RCLENBQUMsQ0FBQyxDQUFDO1lBRUosSUFBSSxDQUFDLDJCQUEyQixDQUFDLE1BQU0sRUFBRSxDQUFDO2dCQUN4QyxPQUFPO29CQUNMLE1BQU0sRUFBRSxRQUFRO29CQUNoQixNQUFNLEVBQUUsb0RBQW9EO29CQUM1RCxrQkFBa0IsRUFBRSxLQUFLLENBQUMsa0JBQWtCLElBQUksT0FBTyxDQUFDLGFBQWE7b0JBQ3JFLE9BQU8sRUFBRSxLQUFLLENBQUMsT0FBTztvQkFDdEIsU0FBUyxFQUFFLEtBQUssQ0FBQyxTQUFTO29CQUMxQixpQkFBaUIsRUFBRSxLQUFLLENBQUMsaUJBQWlCO29CQUMxQyxJQUFJLEVBQUUsb0RBQW9EO2lCQUMzRCxDQUFDO1lBQ0osQ0FBQztZQUVELDJEQUEyRDtZQUMzRCxNQUFNLFNBQVMsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLDJCQUEyQixFQUFFLE1BQU0sQ0FBQyxDQUFDO1lBQ2xFLE1BQU0sa0JBQWtCLEdBQUc7Z0JBQ3pCLEdBQUcsRUFBRSx5Q0FBeUM7Z0JBQzlDLE1BQU0sRUFBRSxPQUFPO2dCQUNmLFNBQVMsRUFBRTtvQkFDVCxPQUFPLEVBQUUsMEJBQTBCO2lCQUNwQztnQkFDRCxNQUFNLEVBQUU7b0JBQ04sYUFBYTtvQkFDYixhQUFhO29CQUNiLHNCQUFzQjtvQkFDdEIsZ0JBQWdCO2lCQUNqQjtnQkFDRCxRQUFRLEVBQUUsZUFBZSxNQUFNLElBQUksU0FBUyxRQUFRLFFBQVEsRUFBRTtnQkFDOUQsU0FBUyxFQUFFO29CQUNULFlBQVksRUFBRTt3QkFDWixlQUFlLEVBQUUsdUJBQXVCLFNBQVMsaUJBQWlCLHdCQUF3QixFQUFFO3FCQUM3RjtpQkFDRjthQUNGLENBQUM7WUFDRixNQUFNLGdCQUFnQixHQUFHLElBQUEsdUJBQWUsRUFBQyxTQUFTLEVBQUUsa0JBQWtCLENBQUMsQ0FBQztZQUV4RSxNQUFNLFNBQVMsQ0FBQyxJQUFJLENBQUMsSUFBSSxnQ0FBbUIsQ0FBQztnQkFDM0MsS0FBSyxFQUFFLFFBQVE7Z0JBQ2YsTUFBTSxFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsZ0JBQWdCLENBQUM7Z0JBQ3hDLFVBQVUsRUFBRSxTQUFTO2FBQ3RCLENBQUMsQ0FBQyxDQUFDO1FBQ04sQ0FBQztRQUFDLE9BQU8sR0FBRyxFQUFFLENBQUM7WUFDYixNQUFNLEdBQUcsUUFBUSxDQUFDO1lBQ2xCLFlBQVksR0FBRztnQkFDYixLQUFLLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FBQyxHQUFHLENBQUM7YUFDM0IsQ0FBQztRQUNKLENBQUM7SUFDSCxDQUFDO0lBRUQsT0FBTztRQUNMLE1BQU0sRUFBRSxNQUFNO1FBQ2QsTUFBTSxFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsWUFBWSxDQUFDO1FBQ3BDLGtCQUFrQixFQUFFLEtBQUssQ0FBQyxrQkFBa0IsSUFBSSxPQUFPLENBQUMsYUFBYTtRQUNyRSxPQUFPLEVBQUUsS0FBSyxDQUFDLE9BQU87UUFDdEIsU0FBUyxFQUFFLEtBQUssQ0FBQyxTQUFTO1FBQzFCLGlCQUFpQixFQUFFLEtBQUssQ0FBQyxpQkFBaUI7UUFDMUMsSUFBSSxFQUFFLFlBQVk7S0FDbkIsQ0FBQztBQUNKLENBQUMsQ0FBQztBQTlGVyxRQUFBLE9BQU8sV0E4RmxCO0FBRUY7Ozs7Ozs7R0FPRztBQUNJLE1BQU0sZUFBZSxHQUFHLENBQUMsU0FBYyxFQUFFLGtCQUF1QixFQUFFLEVBQUU7SUFDekUsa0hBQWtIO0lBQ2xILDBHQUEwRztJQUMxRyxNQUFNLHNCQUFzQixHQUFHLFNBQVMsQ0FBQyxTQUFTLENBQUMsU0FBUyxDQUFDLENBQUMsU0FBYyxFQUFFLEVBQUUsQ0FBQyxTQUFTLENBQUMsR0FBRyxLQUFLLGtCQUFrQixDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQzNILDZEQUE2RDtJQUM3RCxnRUFBZ0U7SUFDaEUsSUFBSSxzQkFBc0IsR0FBRyxDQUFDLENBQUMsRUFBRSxDQUFDO1FBQ2hDLFNBQVMsQ0FBQyxTQUFTLENBQUMsc0JBQXNCLENBQUMsR0FBRyxrQkFBa0IsQ0FBQztJQUNuRSxDQUFDO1NBQU0sQ0FBQztRQUNOLFNBQVMsQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDLGtCQUFrQixDQUFDLENBQUM7SUFDL0MsQ0FBQztJQUNELG9CQUFvQjtJQUNwQixPQUFPLFNBQVMsQ0FBQztBQUNuQixDQUFDLENBQUM7QUFiVyxRQUFBLGVBQWUsbUJBYTFCIiwic291cmNlc0NvbnRlbnQiOlsiLyoqXG4gKiAgQ29weXJpZ2h0IEFtYXpvbi5jb20sIEluYy4gb3IgaXRzIGFmZmlsaWF0ZXMuIEFsbCBSaWdodHMgUmVzZXJ2ZWQuXG4gKlxuICogIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSBcIkxpY2Vuc2VcIikuIFlvdSBtYXkgbm90IHVzZSB0aGlzIGZpbGUgZXhjZXB0IGluIGNvbXBsaWFuY2VcbiAqICB3aXRoIHRoZSBMaWNlbnNlLiBBIGNvcHkgb2YgdGhlIExpY2Vuc2UgaXMgbG9jYXRlZCBhdFxuICpcbiAqICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzL0xJQ0VOU0UtMi4wXG4gKlxuICogIG9yIGluIHRoZSAnbGljZW5zZScgZmlsZSBhY2NvbXBhbnlpbmcgdGhpcyBmaWxlLiBUaGlzIGZpbGUgaXMgZGlzdHJpYnV0ZWQgb24gYW4gJ0FTIElTJyBCQVNJUywgV0lUSE9VVCBXQVJSQU5USUVTXG4gKiAgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZXhwcmVzcyBvciBpbXBsaWVkLiBTZWUgdGhlIExpY2Vuc2UgZm9yIHRoZSBzcGVjaWZpYyBsYW5ndWFnZSBnb3Zlcm5pbmcgcGVybWlzc2lvbnNcbiAqICBhbmQgbGltaXRhdGlvbnMgdW5kZXIgdGhlIExpY2Vuc2UuXG4gKi9cblxuaW1wb3J0IHsgS01TQ2xpZW50LCBHZXRLZXlQb2xpY3lDb21tYW5kLCBEZXNjcmliZUtleUNvbW1hbmQsIFB1dEtleVBvbGljeUNvbW1hbmQsIEtleU1hbmFnZXJUeXBlIH0gZnJvbSBcIkBhd3Mtc2RrL2NsaWVudC1rbXNcIjtcblxuY29uc3Qga21zQ2xpZW50ID0gbmV3IEtNU0NsaWVudCgpO1xuXG5leHBvcnQgY29uc3QgaGFuZGxlciA9IGFzeW5jIChldmVudDogYW55LCBjb250ZXh0OiBhbnkpID0+IHtcblxuICBsZXQgc3RhdHVzID0gJ1NVQ0NFU1MnO1xuICBsZXQgcmVzcG9uc2VEYXRhID0ge307XG5cbiAgaWYgKGV2ZW50LlJlcXVlc3RUeXBlID09PSAnQ3JlYXRlJyB8fCBldmVudC5SZXF1ZXN0VHlwZSA9PT0gJ1VwZGF0ZScpIHtcblxuICAgIHRyeSB7XG4gICAgICBjb25zdCBrbXNLZXlJZCA9IGV2ZW50LlJlc291cmNlUHJvcGVydGllcy5LbXNLZXlJZDtcbiAgICAgIGNvbnN0IGNsb3VkRnJvbnREaXN0cmlidXRpb25JZCA9IGV2ZW50LlJlc291cmNlUHJvcGVydGllcy5DbG91ZEZyb250RGlzdHJpYnV0aW9uSWQ7XG4gICAgICBjb25zdCBhY2NvdW50SWQgPSBldmVudC5SZXNvdXJjZVByb3BlcnRpZXMuQWNjb3VudElkO1xuICAgICAgY29uc3QgcmVnaW9uID0gcHJvY2Vzcy5lbnYuQVdTX1JFR0lPTjtcblxuICAgICAgY29uc3QgZGVzY3JpYmVLZXlDb21tYW5kUmVzcG9uc2UgPSBhd2FpdCBrbXNDbGllbnQuc2VuZChuZXcgRGVzY3JpYmVLZXlDb21tYW5kKHtcbiAgICAgICAgS2V5SWQ6IGttc0tleUlkXG4gICAgICB9KSk7XG5cbiAgICAgIGlmIChkZXNjcmliZUtleUNvbW1hbmRSZXNwb25zZS5LZXlNZXRhZGF0YT8uS2V5TWFuYWdlciA9PT0gS2V5TWFuYWdlclR5cGUuQVdTKSB7XG4gICAgICAgIHJldHVybiB7XG4gICAgICAgICAgU3RhdHVzOiAnU1VDQ0VTUycsXG4gICAgICAgICAgUmVhc29uOiAnQW4gQVdTIG1hbmFnZWQga2V5IHdhcyBwcm92aWRlZCwgbm8gYWN0aW9uIG5lZWRlZCBmcm9tIHRoZSBjdXN0b20gcmVzb3VyY2UsIGV4aXRpbmcgbm93LicsXG4gICAgICAgICAgUGh5c2ljYWxSZXNvdXJjZUlkOiBldmVudC5QaHlzaWNhbFJlc291cmNlSWQgPz8gY29udGV4dC5sb2dTdHJlYW1OYW1lLFxuICAgICAgICAgIFN0YWNrSWQ6IGV2ZW50LlN0YWNrSWQsXG4gICAgICAgICAgUmVxdWVzdElkOiBldmVudC5SZXF1ZXN0SWQsXG4gICAgICAgICAgTG9naWNhbFJlc291cmNlSWQ6IGV2ZW50LkxvZ2ljYWxSZXNvdXJjZUlkLFxuICAgICAgICAgIERhdGE6ICdBbiBBV1MgbWFuYWdlZCBrZXkgd2FzIHByb3ZpZGVkLCBubyBhY3Rpb24gbmVlZGVkIGZyb20gdGhlIGN1c3RvbSByZXNvdXJjZSwgZXhpdGluZyBub3cuJyxcbiAgICAgICAgfTtcbiAgICAgIH1cblxuICAgICAgLy8gVGhlIFBvbGljeU5hbWUgaXMgc3BlY2lmaWVkIGFzIFwiZGVmYXVsdFwiIGJlbG93IGJlY2F1c2UgdGhhdCBpcyB0aGUgb25seSB2YWxpZCBuYW1lIGFzXG4gICAgICAvLyB3cml0dGVuIGluIHRoZSBkb2N1bWVudGF0aW9uIGZvciBAYXdzLXNkay9jbGllbnQta21zLkdldEtleVBvbGljeUNvbW1hbmRJbnB1dDpcbiAgICAgIC8vIGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9BV1NKYXZhU2NyaXB0U0RLL3YzL2xhdGVzdC9QYWNrYWdlLy1hd3Mtc2RrLWNsaWVudC1rbXMvSW50ZXJmYWNlL0dldEtleVBvbGljeUNvbW1hbmRJbnB1dC9cbiAgICAgIGNvbnN0IGdldEtleVBvbGljeUNvbW1hbmRSZXNwb25zZSA9IGF3YWl0IGttc0NsaWVudC5zZW5kKG5ldyBHZXRLZXlQb2xpY3lDb21tYW5kKHtcbiAgICAgICAgS2V5SWQ6IGttc0tleUlkLFxuICAgICAgICBQb2xpY3lOYW1lOiAnZGVmYXVsdCdcbiAgICAgIH0pKTtcblxuICAgICAgaWYgKCFnZXRLZXlQb2xpY3lDb21tYW5kUmVzcG9uc2UuUG9saWN5KSB7XG4gICAgICAgIHJldHVybiB7XG4gICAgICAgICAgU3RhdHVzOiAnRkFJTEVEJyxcbiAgICAgICAgICBSZWFzb246ICdBbiBlcnJvciBvY2N1cnJlZCB3aGlsZSByZXRyaWV2aW5nIHRoZSBrZXkgcG9saWN5LicsXG4gICAgICAgICAgUGh5c2ljYWxSZXNvdXJjZUlkOiBldmVudC5QaHlzaWNhbFJlc291cmNlSWQgPz8gY29udGV4dC5sb2dTdHJlYW1OYW1lLFxuICAgICAgICAgIFN0YWNrSWQ6IGV2ZW50LlN0YWNrSWQsXG4gICAgICAgICAgUmVxdWVzdElkOiBldmVudC5SZXF1ZXN0SWQsXG4gICAgICAgICAgTG9naWNhbFJlc291cmNlSWQ6IGV2ZW50LkxvZ2ljYWxSZXNvdXJjZUlkLFxuICAgICAgICAgIERhdGE6ICdBbiBlcnJvciBvY2N1cnJlZCB3aGlsZSByZXRyaWV2aW5nIHRoZSBrZXkgcG9saWN5LicsXG4gICAgICAgIH07XG4gICAgICB9XG5cbiAgICAgIC8vIERlZmluZSB0aGUgdXBkYXRlZCBrZXkgcG9saWN5IHRvIGFsbG93IENsb3VkRnJvbnQgYWNjZXNzXG4gICAgICBjb25zdCBrZXlQb2xpY3kgPSBKU09OLnBhcnNlKGdldEtleVBvbGljeUNvbW1hbmRSZXNwb25zZT8uUG9saWN5KTtcbiAgICAgIGNvbnN0IGtleVBvbGljeVN0YXRlbWVudCA9IHtcbiAgICAgICAgU2lkOiAnR3JhbnQtQ2xvdWRGcm9udC1EaXN0cmlidXRpb24tS2V5LVVzYWdlJyxcbiAgICAgICAgRWZmZWN0OiAnQWxsb3cnLFxuICAgICAgICBQcmluY2lwYWw6IHtcbiAgICAgICAgICBTZXJ2aWNlOiAnY2xvdWRmcm9udC5hbWF6b25hd3MuY29tJyxcbiAgICAgICAgfSxcbiAgICAgICAgQWN0aW9uOiBbXG4gICAgICAgICAgJ2ttczpEZWNyeXB0JyxcbiAgICAgICAgICAna21zOkVuY3J5cHQnLFxuICAgICAgICAgICdrbXM6R2VuZXJhdGVEYXRhS2V5KicsXG4gICAgICAgICAgJ2ttczpSZUVuY3J5cHQqJ1xuICAgICAgICBdLFxuICAgICAgICBSZXNvdXJjZTogYGFybjphd3M6a21zOiR7cmVnaW9ufToke2FjY291bnRJZH06a2V5LyR7a21zS2V5SWR9YCxcbiAgICAgICAgQ29uZGl0aW9uOiB7XG4gICAgICAgICAgU3RyaW5nRXF1YWxzOiB7XG4gICAgICAgICAgICAnQVdTOlNvdXJjZUFybic6IGBhcm46YXdzOmNsb3VkZnJvbnQ6OiR7YWNjb3VudElkfTpkaXN0cmlidXRpb24vJHtjbG91ZEZyb250RGlzdHJpYnV0aW9uSWR9YFxuICAgICAgICAgIH1cbiAgICAgICAgfVxuICAgICAgfTtcbiAgICAgIGNvbnN0IHVwZGF0ZWRLZXlQb2xpY3kgPSB1cGRhdGVLZXlQb2xpY3koa2V5UG9saWN5LCBrZXlQb2xpY3lTdGF0ZW1lbnQpO1xuXG4gICAgICBhd2FpdCBrbXNDbGllbnQuc2VuZChuZXcgUHV0S2V5UG9saWN5Q29tbWFuZCh7XG4gICAgICAgIEtleUlkOiBrbXNLZXlJZCxcbiAgICAgICAgUG9saWN5OiBKU09OLnN0cmluZ2lmeSh1cGRhdGVkS2V5UG9saWN5KSxcbiAgICAgICAgUG9saWN5TmFtZTogJ2RlZmF1bHQnXG4gICAgICB9KSk7XG4gICAgfSBjYXRjaCAoZXJyKSB7XG4gICAgICBzdGF0dXMgPSAnRkFJTEVEJztcbiAgICAgIHJlc3BvbnNlRGF0YSA9IHtcbiAgICAgICAgRXJyb3I6IEpTT04uc3RyaW5naWZ5KGVycilcbiAgICAgIH07XG4gICAgfVxuICB9XG5cbiAgcmV0dXJuIHtcbiAgICBTdGF0dXM6IHN0YXR1cyxcbiAgICBSZWFzb246IEpTT04uc3RyaW5naWZ5KHJlc3BvbnNlRGF0YSksXG4gICAgUGh5c2ljYWxSZXNvdXJjZUlkOiBldmVudC5QaHlzaWNhbFJlc291cmNlSWQgPz8gY29udGV4dC5sb2dTdHJlYW1OYW1lLFxuICAgIFN0YWNrSWQ6IGV2ZW50LlN0YWNrSWQsXG4gICAgUmVxdWVzdElkOiBldmVudC5SZXF1ZXN0SWQsXG4gICAgTG9naWNhbFJlc291cmNlSWQ6IGV2ZW50LkxvZ2ljYWxSZXNvdXJjZUlkLFxuICAgIERhdGE6IHJlc3BvbnNlRGF0YSxcbiAgfTtcbn07XG5cbi8qKlxuICogVXBkYXRlcyBhIHByb3ZpZGVkIGtleSBwb2xpY3kgd2l0aCBhIHByb3ZpZGVkIGtleSBwb2xpY3kgc3RhdGVtZW50LiBGaXJzdCBjaGVja3Mgd2hldGhlciB0aGUgcHJvdmlkZWQga2V5IHBvbGljeSBzdGF0ZW1lbnRcbiAqIGFscmVhZHkgZXhpc3RzLiBJZiBhbiBleGlzdGluZyBrZXkgcG9saWN5IGlzIGZvdW5kIHdpdGggYSBtYXRjaGluZyBzaWQsIHRoZSBwcm92aWRlZCBrZXkgcG9saWN5IHdpbGwgb3ZlcndyaXRlIHRoZSBleGlzdGluZ1xuICoga2V5IHBvbGljeS4gSWYgbm8gbWF0Y2hpbmcga2V5IHBvbGljeSBpcyBmb3VuZCwgdGhlIHByb3ZpZGVkIGtleSBwb2xpY3kgd2lsbCBiZSBhcHBlbmRlZCBvbnRvIHRoZSBhcnJheSBvZiBwb2xpY3kgc3RhdGVtZW50cy5cbiAqIEBwYXJhbSBrZXlQb2xpY3kgLSB0aGUgSlNPTi5wYXJzZSdkIHJlc3VsdCBvZiB0aGUgb3RoZXJ3aXNlIHN0cmluZ2lmaWVkIGtleSBwb2xpY3kuXG4gKiBAcGFyYW0ga2V5UG9saWN5U3RhdGVtZW50IC0gdGhlIGtleSBwb2xpY3kgc3RhdGVtZW50IHRvIGJlIGFkZGVkIHRvIHRoZSBrZXkgcG9saWN5LlxuICogQHJldHVybnMga2V5UG9saWN5IC0gdGhlIHVwZGF0ZWQga2V5IHBvbGljeS5cbiAqL1xuZXhwb3J0IGNvbnN0IHVwZGF0ZUtleVBvbGljeSA9IChrZXlQb2xpY3k6IGFueSwga2V5UG9saWN5U3RhdGVtZW50OiBhbnkpID0+IHtcbiAgLy8gQ2hlY2sgdG8gc2VlIGlmIGEgZHVwbGljYXRlIGtleSBwb2xpY3kgZXhpc3RzIGJ5IG1hdGNoaW5nIG9uIHRoZSBzaWQuIFRoaXMgaXMgdG8gcHJldmVudCBkdXBsaWNhdGUga2V5IHBvbGljaWVzXG4gIC8vIGZyb20gYmVpbmcgYWRkZWQvdXBkYXRlZCBpbiByZXNwb25zZSB0byBhIHN0YWNrIGJlaW5nIHVwZGF0ZWQgb25lIG9yIG1vcmUgdGltZXMgYWZ0ZXIgaW5pdGlhbCBjcmVhdGlvbi5cbiAgY29uc3QgZXhpc3RpbmdLZXlQb2xpY3lJbmRleCA9IGtleVBvbGljeS5TdGF0ZW1lbnQuZmluZEluZGV4KChzdGF0ZW1lbnQ6IGFueSkgPT4gc3RhdGVtZW50LlNpZCA9PT0ga2V5UG9saWN5U3RhdGVtZW50LlNpZCk7XG4gIC8vIElmIGEgbWF0Y2ggaXMgZm91bmQsIG92ZXJ3cml0ZSB0aGUga2V5IHBvbGljeSBzdGF0ZW1lbnQuLi5cbiAgLy8gT3RoZXJ3aXNlLCBwdXNoIHRoZSBuZXcga2V5IHBvbGljeSB0byB0aGUgYXJyYXkgb2Ygc3RhdGVtZW50c1xuICBpZiAoZXhpc3RpbmdLZXlQb2xpY3lJbmRleCA+IC0xKSB7XG4gICAga2V5UG9saWN5LlN0YXRlbWVudFtleGlzdGluZ0tleVBvbGljeUluZGV4XSA9IGtleVBvbGljeVN0YXRlbWVudDtcbiAgfSBlbHNlIHtcbiAgICBrZXlQb2xpY3kuU3RhdGVtZW50LnB1c2goa2V5UG9saWN5U3RhdGVtZW50KTtcbiAgfVxuICAvLyBSZXR1cm4gdGhlIHJlc3VsdFxuICByZXR1cm4ga2V5UG9saWN5O1xufTtcbiJdfQ==
@@ -1 +0,0 @@
1
- "use strict";var f=Object.create,i=Object.defineProperty,I=Object.getOwnPropertyDescriptor,C=Object.getOwnPropertyNames,w=Object.getPrototypeOf,P=Object.prototype.hasOwnProperty,A=(t,e)=>{for(var o in e)i(t,o,{get:e[o],enumerable:!0})},d=(t,e,o,r)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of C(e))!P.call(t,s)&&s!==o&&i(t,s,{get:()=>e[s],enumerable:!(r=I(e,s))||r.enumerable});return t},l=(t,e,o)=>(o=t!=null?f(w(t)):{},d(e||!t||!t.__esModule?i(o,"default",{value:t,enumerable:!0}):o,t)),B=t=>d(i({},"__esModule",{value:!0}),t),q={};A(q,{autoDeleteHandler:()=>S,handler:()=>H}),module.exports=B(q);var h=require("@aws-sdk/client-s3"),y=l(require("https")),m=l(require("url")),a={sendHttpRequest:D,log:T,includeStackTraces:!0,userHandlerIndex:"./index"},p="AWSCDK::CustomResourceProviderFramework::CREATE_FAILED",L="AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID";function R(t){return async(e,o)=>{let r={...e,ResponseURL:"..."};if(a.log(JSON.stringify(r,void 0,2)),e.RequestType==="Delete"&&e.PhysicalResourceId===p){a.log("ignoring DELETE event caused by a failed CREATE event"),await u("SUCCESS",e);return}try{let s=await t(r,o),n=k(e,s);await u("SUCCESS",n)}catch(s){let n={...e,Reason:a.includeStackTraces?s.stack:s.message};n.PhysicalResourceId||(e.RequestType==="Create"?(a.log("CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored"),n.PhysicalResourceId=p):a.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify(e)}`)),await u("FAILED",n)}}}function k(t,e={}){let o=e.PhysicalResourceId??t.PhysicalResourceId??t.RequestId;if(t.RequestType==="Delete"&&o!==t.PhysicalResourceId)throw new Error(`DELETE: cannot change the physical resource ID from "${t.PhysicalResourceId}" to "${e.PhysicalResourceId}" during deletion`);return{...t,...e,PhysicalResourceId:o}}async function u(t,e){let o={Status:t,Reason:e.Reason??t,StackId:e.StackId,RequestId:e.RequestId,PhysicalResourceId:e.PhysicalResourceId||L,LogicalResourceId:e.LogicalResourceId,NoEcho:e.NoEcho,Data:e.Data},r=m.parse(e.ResponseURL),s=`${r.protocol}//${r.hostname}/${r.pathname}?***`;a.log("submit response to cloudformation",s,o);let n=JSON.stringify(o),E={hostname:r.hostname,path:r.path,method:"PUT",headers:{"content-type":"","content-length":Buffer.byteLength(n,"utf8")}};await O({attempts:5,sleep:1e3},a.sendHttpRequest)(E,n)}async function D(t,e){return new Promise((o,r)=>{try{let s=y.request(t,n=>{n.resume(),!n.statusCode||n.statusCode>=400?r(new Error(`Unsuccessful HTTP response: ${n.statusCode}`)):o()});s.on("error",r),s.write(e),s.end()}catch(s){r(s)}})}function T(t,...e){console.log(t,...e)}function O(t,e){return async(...o)=>{let r=t.attempts,s=t.sleep;for(;;)try{return await e(...o)}catch(n){if(r--<=0)throw n;await b(Math.floor(Math.random()*s)),s*=2}}}async function b(t){return new Promise(e=>setTimeout(e,t))}var g="aws-cdk:auto-delete-objects",x=JSON.stringify({Version:"2012-10-17",Statement:[]}),c=new h.S3({}),H=R(S);async function S(t){switch(t.RequestType){case"Create":return;case"Update":return{PhysicalResourceId:(await F(t)).PhysicalResourceId};case"Delete":return N(t.ResourceProperties?.BucketName)}}async function F(t){let e=t,o=e.OldResourceProperties?.BucketName;return{PhysicalResourceId:e.ResourceProperties?.BucketName??o}}async function _(t){try{let e=(await c.getBucketPolicy({Bucket:t}))?.Policy??x,o=JSON.parse(e);o.Statement.push({Principal:"*",Effect:"Deny",Action:["s3:PutObject"],Resource:[`arn:aws:s3:::${t}/*`]}),await c.putBucketPolicy({Bucket:t,Policy:JSON.stringify(o)})}catch(e){if(e.name==="NoSuchBucket")throw e;console.log(`Could not set new object deny policy on bucket '${t}' prior to deletion.`)}}async function U(t){let e;do{e=await c.listObjectVersions({Bucket:t});let o=[...e.Versions??[],...e.DeleteMarkers??[]];if(o.length===0)return;let r=o.map(s=>({Key:s.Key,VersionId:s.VersionId}));await c.deleteObjects({Bucket:t,Delete:{Objects:r}})}while(e?.IsTruncated)}async function N(t){if(!t)throw new Error("No BucketName was provided.");try{if(!await W(t)){console.log(`Bucket does not have '${g}' tag, skipping cleaning.`);return}await _(t),await U(t)}catch(e){if(e.name==="NoSuchBucket"){console.log(`Bucket '${t}' does not exist.`);return}throw e}}async function W(t){return(await c.getBucketTagging({Bucket:t})).TagSet?.some(o=>o.Key===g&&o.Value==="true")}
@@ -1 +0,0 @@
1
- "use strict";var f=Object.create,i=Object.defineProperty,I=Object.getOwnPropertyDescriptor,C=Object.getOwnPropertyNames,w=Object.getPrototypeOf,P=Object.prototype.hasOwnProperty,A=(t,e)=>{for(var o in e)i(t,o,{get:e[o],enumerable:!0})},d=(t,e,o,r)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of C(e))!P.call(t,s)&&s!==o&&i(t,s,{get:()=>e[s],enumerable:!(r=I(e,s))||r.enumerable});return t},l=(t,e,o)=>(o=t!=null?f(w(t)):{},d(e||!t||!t.__esModule?i(o,"default",{value:t,enumerable:!0}):o,t)),B=t=>d(i({},"__esModule",{value:!0}),t),q={};A(q,{autoDeleteHandler:()=>S,handler:()=>H}),module.exports=B(q);var h=require("@aws-sdk/client-s3"),y=l(require("https")),m=l(require("url")),a={sendHttpRequest:D,log:T,includeStackTraces:!0,userHandlerIndex:"./index"},p="AWSCDK::CustomResourceProviderFramework::CREATE_FAILED",L="AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID";function R(t){return async(e,o)=>{let r={...e,ResponseURL:"..."};if(a.log(JSON.stringify(r,void 0,2)),e.RequestType==="Delete"&&e.PhysicalResourceId===p){a.log("ignoring DELETE event caused by a failed CREATE event"),await u("SUCCESS",e);return}try{let s=await t(r,o),n=k(e,s);await u("SUCCESS",n)}catch(s){let n={...e,Reason:a.includeStackTraces?s.stack:s.message};n.PhysicalResourceId||(e.RequestType==="Create"?(a.log("CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored"),n.PhysicalResourceId=p):a.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify(e)}`)),await u("FAILED",n)}}}function k(t,e={}){let o=e.PhysicalResourceId??t.PhysicalResourceId??t.RequestId;if(t.RequestType==="Delete"&&o!==t.PhysicalResourceId)throw new Error(`DELETE: cannot change the physical resource ID from "${t.PhysicalResourceId}" to "${e.PhysicalResourceId}" during deletion`);return{...t,...e,PhysicalResourceId:o}}async function u(t,e){let o={Status:t,Reason:e.Reason??t,StackId:e.StackId,RequestId:e.RequestId,PhysicalResourceId:e.PhysicalResourceId||L,LogicalResourceId:e.LogicalResourceId,NoEcho:e.NoEcho,Data:e.Data},r=m.parse(e.ResponseURL),s=`${r.protocol}//${r.hostname}/${r.pathname}?***`;a.log("submit response to cloudformation",s,o);let n=JSON.stringify(o),E={hostname:r.hostname,path:r.path,method:"PUT",headers:{"content-type":"","content-length":Buffer.byteLength(n,"utf8")}};await O({attempts:5,sleep:1e3},a.sendHttpRequest)(E,n)}async function D(t,e){return new Promise((o,r)=>{try{let s=y.request(t,n=>{n.resume(),!n.statusCode||n.statusCode>=400?r(new Error(`Unsuccessful HTTP response: ${n.statusCode}`)):o()});s.on("error",r),s.write(e),s.end()}catch(s){r(s)}})}function T(t,...e){console.log(t,...e)}function O(t,e){return async(...o)=>{let r=t.attempts,s=t.sleep;for(;;)try{return await e(...o)}catch(n){if(r--<=0)throw n;await b(Math.floor(Math.random()*s)),s*=2}}}async function b(t){return new Promise(e=>setTimeout(e,t))}var g="aws-cdk:auto-delete-objects",x=JSON.stringify({Version:"2012-10-17",Statement:[]}),c=new h.S3({}),H=R(S);async function S(t){switch(t.RequestType){case"Create":return;case"Update":return{PhysicalResourceId:(await F(t)).PhysicalResourceId};case"Delete":return N(t.ResourceProperties?.BucketName)}}async function F(t){let e=t,o=e.OldResourceProperties?.BucketName;return{PhysicalResourceId:e.ResourceProperties?.BucketName??o}}async function _(t){try{let e=(await c.getBucketPolicy({Bucket:t}))?.Policy??x,o=JSON.parse(e);o.Statement.push({Principal:"*",Effect:"Deny",Action:["s3:PutObject"],Resource:[`arn:aws:s3:::${t}/*`]}),await c.putBucketPolicy({Bucket:t,Policy:JSON.stringify(o)})}catch(e){if(e.name==="NoSuchBucket")throw e;console.log(`Could not set new object deny policy on bucket '${t}' prior to deletion.`)}}async function U(t){let e;do{e=await c.listObjectVersions({Bucket:t});let o=[...e.Versions??[],...e.DeleteMarkers??[]];if(o.length===0)return;let r=o.map(s=>({Key:s.Key,VersionId:s.VersionId}));await c.deleteObjects({Bucket:t,Delete:{Objects:r}})}while(e?.IsTruncated)}async function N(t){if(!t)throw new Error("No BucketName was provided.");try{if(!await W(t)){console.log(`Bucket does not have '${g}' tag, skipping cleaning.`);return}await _(t),await U(t)}catch(e){if(e.name==="NoSuchBucket"){console.log(`Bucket '${t}' does not exist.`);return}throw e}}async function W(t){return(await c.getBucketTagging({Bucket:t})).TagSet?.some(o=>o.Key===g&&o.Value==="true")}
@@ -1 +0,0 @@
1
- "use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.Retry=exports.includeStackTraces=exports.MISSING_PHYSICAL_ID_MARKER=exports.CREATE_FAILED_PHYSICAL_ID_MARKER=void 0,exports.submitResponse=submitResponse,exports.safeHandler=safeHandler,exports.redactDataFromPayload=redactDataFromPayload;const url=require("url"),outbound_1=require("./outbound"),util_1=require("./util");exports.CREATE_FAILED_PHYSICAL_ID_MARKER="AWSCDK::CustomResourceProviderFramework::CREATE_FAILED",exports.MISSING_PHYSICAL_ID_MARKER="AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID";async function submitResponse(status,event,options={}){const json={Status:status,Reason:options.reason||status,StackId:event.StackId,RequestId:event.RequestId,PhysicalResourceId:event.PhysicalResourceId||exports.MISSING_PHYSICAL_ID_MARKER,LogicalResourceId:event.LogicalResourceId,NoEcho:options.noEcho,Data:event.Data},responseBody=JSON.stringify(json),parsedUrl=url.parse(event.ResponseURL),loggingSafeUrl=`${parsedUrl.protocol}//${parsedUrl.hostname}/${parsedUrl.pathname}?***`;options?.noEcho?(0,util_1.log)("submit redacted response to cloudformation",loggingSafeUrl,redactDataFromPayload(json)):(0,util_1.log)("submit response to cloudformation",loggingSafeUrl,json);const retryOptions={attempts:5,sleep:1e3};await(0,util_1.withRetries)(retryOptions,outbound_1.httpRequest)({hostname:parsedUrl.hostname,path:parsedUrl.path,method:"PUT",headers:{"content-type":"","content-length":Buffer.byteLength(responseBody,"utf8")}},responseBody)}exports.includeStackTraces=!0;function safeHandler(block){return async event=>{if(event.RequestType==="Delete"&&event.PhysicalResourceId===exports.CREATE_FAILED_PHYSICAL_ID_MARKER){(0,util_1.log)("ignoring DELETE event caused by a failed CREATE event"),await submitResponse("SUCCESS",event);return}try{await block(event)}catch(e){if(e instanceof Retry)throw(0,util_1.log)("retry requested by handler"),e;event.PhysicalResourceId||(event.RequestType==="Create"?((0,util_1.log)("CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored"),event.PhysicalResourceId=exports.CREATE_FAILED_PHYSICAL_ID_MARKER):(0,util_1.log)(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify({...event,ResponseURL:"..."})}`)),await submitResponse("FAILED",event,{reason:exports.includeStackTraces?e.stack:e.message})}}}function redactDataFromPayload(payload){const redactedPayload=JSON.parse(JSON.stringify(payload));if(redactedPayload.Data){const keys=Object.keys(redactedPayload.Data);for(const key of keys)redactedPayload.Data[key]="*****"}return redactedPayload}class Retry extends Error{}exports.Retry=Retry;
@@ -1 +0,0 @@
1
- "use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.FRAMEWORK_ON_TIMEOUT_HANDLER_NAME=exports.FRAMEWORK_IS_COMPLETE_HANDLER_NAME=exports.FRAMEWORK_ON_EVENT_HANDLER_NAME=exports.WAITER_STATE_MACHINE_ARN_ENV=exports.USER_IS_COMPLETE_FUNCTION_ARN_ENV=exports.USER_ON_EVENT_FUNCTION_ARN_ENV=void 0,exports.USER_ON_EVENT_FUNCTION_ARN_ENV="USER_ON_EVENT_FUNCTION_ARN",exports.USER_IS_COMPLETE_FUNCTION_ARN_ENV="USER_IS_COMPLETE_FUNCTION_ARN",exports.WAITER_STATE_MACHINE_ARN_ENV="WAITER_STATE_MACHINE_ARN",exports.FRAMEWORK_ON_EVENT_HANDLER_NAME="onEvent",exports.FRAMEWORK_IS_COMPLETE_HANDLER_NAME="isComplete",exports.FRAMEWORK_ON_TIMEOUT_HANDLER_NAME="onTimeout";
@@ -1,3 +0,0 @@
1
- "use strict";const cfnResponse=require("./cfn-response"),consts=require("./consts"),outbound_1=require("./outbound"),util_1=require("./util");async function onEvent(cfnRequest){const sanitizedRequest={...cfnRequest,ResponseURL:"..."};(0,util_1.log)("onEventHandler",sanitizedRequest),cfnRequest.ResourceProperties=cfnRequest.ResourceProperties||{};const onEventResult=await invokeUserFunction(consts.USER_ON_EVENT_FUNCTION_ARN_ENV,sanitizedRequest,cfnRequest.ResponseURL);onEventResult?.NoEcho?(0,util_1.log)("redacted onEvent returned:",cfnResponse.redactDataFromPayload(onEventResult)):(0,util_1.log)("onEvent returned:",onEventResult);const resourceEvent=createResponseEvent(cfnRequest,onEventResult),sanitizedEvent={...resourceEvent,ResponseURL:"..."};if(onEventResult?.NoEcho?(0,util_1.log)("readacted event:",cfnResponse.redactDataFromPayload(sanitizedEvent)):(0,util_1.log)("event:",sanitizedEvent),!process.env[consts.USER_IS_COMPLETE_FUNCTION_ARN_ENV])return cfnResponse.submitResponse("SUCCESS",resourceEvent,{noEcho:resourceEvent.NoEcho});const waiter={stateMachineArn:(0,util_1.getEnv)(consts.WAITER_STATE_MACHINE_ARN_ENV),name:resourceEvent.RequestId,input:JSON.stringify(resourceEvent)};(0,util_1.log)("starting waiter",{stateMachineArn:(0,util_1.getEnv)(consts.WAITER_STATE_MACHINE_ARN_ENV),name:resourceEvent.RequestId}),await(0,outbound_1.startExecution)(waiter)}async function isComplete(event){const sanitizedRequest={...event,ResponseURL:"..."};event?.NoEcho?(0,util_1.log)("redacted isComplete request",cfnResponse.redactDataFromPayload(sanitizedRequest)):(0,util_1.log)("isComplete",sanitizedRequest);const isCompleteResult=await invokeUserFunction(consts.USER_IS_COMPLETE_FUNCTION_ARN_ENV,sanitizedRequest,event.ResponseURL);if(event?.NoEcho?(0,util_1.log)("redacted user isComplete returned:",cfnResponse.redactDataFromPayload(isCompleteResult)):(0,util_1.log)("user isComplete returned:",isCompleteResult),!isCompleteResult.IsComplete)throw isCompleteResult.Data&&Object.keys(isCompleteResult.Data).length>0?new Error('"Data" is not allowed if "IsComplete" is "False"'):new cfnResponse.Retry(JSON.stringify(event));const response={...event,...isCompleteResult,Data:{...event.Data,...isCompleteResult.Data}};await cfnResponse.submitResponse("SUCCESS",response,{noEcho:event.NoEcho})}async function onTimeout(timeoutEvent){(0,util_1.log)("timeoutHandler",timeoutEvent);const isCompleteRequest=JSON.parse(JSON.parse(timeoutEvent.Cause).errorMessage);await cfnResponse.submitResponse("FAILED",isCompleteRequest,{reason:"Operation timed out"})}async function invokeUserFunction(functionArnEnv,sanitizedPayload,responseUrl){const functionArn=(0,util_1.getEnv)(functionArnEnv);(0,util_1.log)(`executing user function ${functionArn} with payload`,sanitizedPayload);const resp=await(0,outbound_1.invokeFunction)({FunctionName:functionArn,Payload:JSON.stringify({...sanitizedPayload,ResponseURL:responseUrl})});(0,util_1.log)("user function response:",resp,typeof resp);const jsonPayload=(0,util_1.parseJsonPayload)(resp.Payload);if(resp.FunctionError){(0,util_1.log)("user function threw an error:",resp.FunctionError);const errorMessage=jsonPayload.errorMessage||"error",arn=functionArn.split(":"),functionName=arn[arn.length-1],message=[errorMessage,"",`Logs: /aws/lambda/${functionName}`,""].join(`
2
- `),e=new Error(message);throw jsonPayload.trace&&(e.stack=[message,...jsonPayload.trace.slice(1)].join(`
3
- `)),e}return jsonPayload}function createResponseEvent(cfnRequest,onEventResult){onEventResult=onEventResult||{};const physicalResourceId=onEventResult.PhysicalResourceId||defaultPhysicalResourceId(cfnRequest);if(cfnRequest.RequestType==="Delete"&&physicalResourceId!==cfnRequest.PhysicalResourceId)throw new Error(`DELETE: cannot change the physical resource ID from "${cfnRequest.PhysicalResourceId}" to "${onEventResult.PhysicalResourceId}" during deletion`);return cfnRequest.RequestType==="Update"&&physicalResourceId!==cfnRequest.PhysicalResourceId&&(0,util_1.log)(`UPDATE: changing physical resource ID from "${cfnRequest.PhysicalResourceId}" to "${onEventResult.PhysicalResourceId}"`),{...cfnRequest,...onEventResult,PhysicalResourceId:physicalResourceId}}function defaultPhysicalResourceId(req){switch(req.RequestType){case"Create":return req.RequestId;case"Update":case"Delete":return req.PhysicalResourceId;default:throw new Error(`Invalid "RequestType" in request "${JSON.stringify(req)}"`)}}module.exports={[consts.FRAMEWORK_ON_EVENT_HANDLER_NAME]:cfnResponse.safeHandler(onEvent),[consts.FRAMEWORK_IS_COMPLETE_HANDLER_NAME]:cfnResponse.safeHandler(isComplete),[consts.FRAMEWORK_ON_TIMEOUT_HANDLER_NAME]:onTimeout};
@@ -1 +0,0 @@
1
- "use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.httpRequest=exports.invokeFunction=exports.startExecution=void 0;const https=require("https"),client_lambda_1=require("@aws-sdk/client-lambda"),client_sfn_1=require("@aws-sdk/client-sfn"),FRAMEWORK_HANDLER_TIMEOUT=9e5,awsSdkConfig={httpOptions:{timeout:FRAMEWORK_HANDLER_TIMEOUT}};async function defaultHttpRequest(options,requestBody){return new Promise((resolve,reject)=>{try{const request=https.request(options,response=>{response.resume(),!response.statusCode||response.statusCode>=400?reject(new Error(`Unsuccessful HTTP response: ${response.statusCode}`)):resolve()});request.on("error",reject),request.write(requestBody),request.end()}catch(e){reject(e)}})}let sfn,lambda;async function defaultStartExecution(req){return sfn||(sfn=new client_sfn_1.SFN(awsSdkConfig)),sfn.startExecution(req)}async function defaultInvokeFunction(req){lambda||(lambda=new client_lambda_1.Lambda(awsSdkConfig));try{return await lambda.invoke(req)}catch{return await(0,client_lambda_1.waitUntilFunctionActiveV2)({client:lambda,maxWaitTime:300},{FunctionName:req.FunctionName}),lambda.invoke(req)}}exports.startExecution=defaultStartExecution,exports.invokeFunction=defaultInvokeFunction,exports.httpRequest=defaultHttpRequest;
@@ -1 +0,0 @@
1
- "use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.getEnv=getEnv,exports.log=log,exports.withRetries=withRetries,exports.parseJsonPayload=parseJsonPayload;function getEnv(name){const value=process.env[name];if(!value)throw new Error(`The environment variable "${name}" is not defined`);return value}function log(title,...args){console.log("[provider-framework]",title,...args.map(x=>typeof x=="object"?JSON.stringify(x,void 0,2):x))}function withRetries(options,fn){return async(...xs)=>{let attempts=options.attempts,ms=options.sleep;for(;;)try{return await fn(...xs)}catch(e){if(attempts--<=0)throw e;await sleep(Math.floor(Math.random()*ms)),ms*=2}}}async function sleep(ms){return new Promise(ok=>setTimeout(ok,ms))}function parseJsonPayload(payload){const text=new TextDecoder().decode(Buffer.from(payload??""));if(!text)return{};try{return JSON.parse(text)}catch{throw new Error(`return values from user-handlers must be JSON objects. got: "${text}"`)}}
@@ -1,30 +0,0 @@
1
- /**
2
- * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
3
- *
4
- * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
5
- * with the License. A copy of the License is located at
6
- *
7
- * http://www.apache.org/licenses/LICENSE-2.0
8
- *
9
- * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
10
- * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
11
- * and limitations under the License.
12
- */
13
- export declare const handler: (event: any, context: any) => Promise<{
14
- Status: string;
15
- Reason: string;
16
- PhysicalResourceId: any;
17
- StackId: any;
18
- RequestId: any;
19
- LogicalResourceId: any;
20
- Data: {};
21
- }>;
22
- /**
23
- * Updates a provided key policy with a provided key policy statement. First checks whether the provided key policy statement
24
- * already exists. If an existing key policy is found with a matching sid, the provided key policy will overwrite the existing
25
- * key policy. If no matching key policy is found, the provided key policy will be appended onto the array of policy statements.
26
- * @param keyPolicy - the JSON.parse'd result of the otherwise stringified key policy.
27
- * @param keyPolicyStatement - the key policy statement to be added to the key policy.
28
- * @returns keyPolicy - the updated key policy.
29
- */
30
- export declare const updateKeyPolicy: (keyPolicy: any, keyPolicyStatement: any) => any;
@@ -1,129 +0,0 @@
1
- "use strict";
2
- /**
3
- * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
4
- *
5
- * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
6
- * with the License. A copy of the License is located at
7
- *
8
- * http://www.apache.org/licenses/LICENSE-2.0
9
- *
10
- * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
11
- * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
12
- * and limitations under the License.
13
- */
14
- Object.defineProperty(exports, "__esModule", { value: true });
15
- exports.updateKeyPolicy = exports.handler = void 0;
16
- const client_kms_1 = require("@aws-sdk/client-kms");
17
- const kmsClient = new client_kms_1.KMSClient();
18
- const handler = async (event, context) => {
19
- let status = 'SUCCESS';
20
- let responseData = {};
21
- if (event.RequestType === 'Create' || event.RequestType === 'Update') {
22
- try {
23
- const kmsKeyId = event.ResourceProperties.KmsKeyId;
24
- const cloudFrontDistributionId = event.ResourceProperties.CloudFrontDistributionId;
25
- const accountId = event.ResourceProperties.AccountId;
26
- const region = process.env.AWS_REGION;
27
- const describeKeyCommandResponse = await kmsClient.send(new client_kms_1.DescribeKeyCommand({
28
- KeyId: kmsKeyId
29
- }));
30
- if (describeKeyCommandResponse.KeyMetadata?.KeyManager === client_kms_1.KeyManagerType.AWS) {
31
- return {
32
- Status: 'SUCCESS',
33
- Reason: 'An AWS managed key was provided, no action needed from the custom resource, exiting now.',
34
- PhysicalResourceId: event.PhysicalResourceId ?? context.logStreamName,
35
- StackId: event.StackId,
36
- RequestId: event.RequestId,
37
- LogicalResourceId: event.LogicalResourceId,
38
- Data: 'An AWS managed key was provided, no action needed from the custom resource, exiting now.',
39
- };
40
- }
41
- // The PolicyName is specified as "default" below because that is the only valid name as
42
- // written in the documentation for @aws-sdk/client-kms.GetKeyPolicyCommandInput:
43
- // https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-kms/Interface/GetKeyPolicyCommandInput/
44
- const getKeyPolicyCommandResponse = await kmsClient.send(new client_kms_1.GetKeyPolicyCommand({
45
- KeyId: kmsKeyId,
46
- PolicyName: 'default'
47
- }));
48
- if (!getKeyPolicyCommandResponse.Policy) {
49
- return {
50
- Status: 'FAILED',
51
- Reason: 'An error occurred while retrieving the key policy.',
52
- PhysicalResourceId: event.PhysicalResourceId ?? context.logStreamName,
53
- StackId: event.StackId,
54
- RequestId: event.RequestId,
55
- LogicalResourceId: event.LogicalResourceId,
56
- Data: 'An error occurred while retrieving the key policy.',
57
- };
58
- }
59
- // Define the updated key policy to allow CloudFront access
60
- const keyPolicy = JSON.parse(getKeyPolicyCommandResponse?.Policy);
61
- const keyPolicyStatement = {
62
- Sid: 'Grant-CloudFront-Distribution-Key-Usage',
63
- Effect: 'Allow',
64
- Principal: {
65
- Service: 'cloudfront.amazonaws.com',
66
- },
67
- Action: [
68
- 'kms:Decrypt',
69
- 'kms:Encrypt',
70
- 'kms:GenerateDataKey*',
71
- 'kms:ReEncrypt*'
72
- ],
73
- Resource: `arn:aws:kms:${region}:${accountId}:key/${kmsKeyId}`,
74
- Condition: {
75
- StringEquals: {
76
- 'AWS:SourceArn': `arn:aws:cloudfront::${accountId}:distribution/${cloudFrontDistributionId}`
77
- }
78
- }
79
- };
80
- const updatedKeyPolicy = (0, exports.updateKeyPolicy)(keyPolicy, keyPolicyStatement);
81
- await kmsClient.send(new client_kms_1.PutKeyPolicyCommand({
82
- KeyId: kmsKeyId,
83
- Policy: JSON.stringify(updatedKeyPolicy),
84
- PolicyName: 'default'
85
- }));
86
- }
87
- catch (err) {
88
- status = 'FAILED';
89
- responseData = {
90
- Error: JSON.stringify(err)
91
- };
92
- }
93
- }
94
- return {
95
- Status: status,
96
- Reason: JSON.stringify(responseData),
97
- PhysicalResourceId: event.PhysicalResourceId ?? context.logStreamName,
98
- StackId: event.StackId,
99
- RequestId: event.RequestId,
100
- LogicalResourceId: event.LogicalResourceId,
101
- Data: responseData,
102
- };
103
- };
104
- exports.handler = handler;
105
- /**
106
- * Updates a provided key policy with a provided key policy statement. First checks whether the provided key policy statement
107
- * already exists. If an existing key policy is found with a matching sid, the provided key policy will overwrite the existing
108
- * key policy. If no matching key policy is found, the provided key policy will be appended onto the array of policy statements.
109
- * @param keyPolicy - the JSON.parse'd result of the otherwise stringified key policy.
110
- * @param keyPolicyStatement - the key policy statement to be added to the key policy.
111
- * @returns keyPolicy - the updated key policy.
112
- */
113
- const updateKeyPolicy = (keyPolicy, keyPolicyStatement) => {
114
- // Check to see if a duplicate key policy exists by matching on the sid. This is to prevent duplicate key policies
115
- // from being added/updated in response to a stack being updated one or more times after initial creation.
116
- const existingKeyPolicyIndex = keyPolicy.Statement.findIndex((statement) => statement.Sid === keyPolicyStatement.Sid);
117
- // If a match is found, overwrite the key policy statement...
118
- // Otherwise, push the new key policy to the array of statements
119
- if (existingKeyPolicyIndex > -1) {
120
- keyPolicy.Statement[existingKeyPolicyIndex] = keyPolicyStatement;
121
- }
122
- else {
123
- keyPolicy.Statement.push(keyPolicyStatement);
124
- }
125
- // Return the result
126
- return keyPolicy;
127
- };
128
- exports.updateKeyPolicy = updateKeyPolicy;
129
- //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJpbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiO0FBQUE7Ozs7Ozs7Ozs7O0dBV0c7OztBQUVILG9EQUE4SDtBQUU5SCxNQUFNLFNBQVMsR0FBRyxJQUFJLHNCQUFTLEVBQUUsQ0FBQztBQUUzQixNQUFNLE9BQU8sR0FBRyxLQUFLLEVBQUUsS0FBVSxFQUFFLE9BQVksRUFBRSxFQUFFO0lBRXhELElBQUksTUFBTSxHQUFHLFNBQVMsQ0FBQztJQUN2QixJQUFJLFlBQVksR0FBRyxFQUFFLENBQUM7SUFFdEIsSUFBSSxLQUFLLENBQUMsV0FBVyxLQUFLLFFBQVEsSUFBSSxLQUFLLENBQUMsV0FBVyxLQUFLLFFBQVEsRUFBRSxDQUFDO1FBRXJFLElBQUksQ0FBQztZQUNILE1BQU0sUUFBUSxHQUFHLEtBQUssQ0FBQyxrQkFBa0IsQ0FBQyxRQUFRLENBQUM7WUFDbkQsTUFBTSx3QkFBd0IsR0FBRyxLQUFLLENBQUMsa0JBQWtCLENBQUMsd0JBQXdCLENBQUM7WUFDbkYsTUFBTSxTQUFTLEdBQUcsS0FBSyxDQUFDLGtCQUFrQixDQUFDLFNBQVMsQ0FBQztZQUNyRCxNQUFNLE1BQU0sR0FBRyxPQUFPLENBQUMsR0FBRyxDQUFDLFVBQVUsQ0FBQztZQUV0QyxNQUFNLDBCQUEwQixHQUFHLE1BQU0sU0FBUyxDQUFDLElBQUksQ0FBQyxJQUFJLCtCQUFrQixDQUFDO2dCQUM3RSxLQUFLLEVBQUUsUUFBUTthQUNoQixDQUFDLENBQUMsQ0FBQztZQUVKLElBQUksMEJBQTBCLENBQUMsV0FBVyxFQUFFLFVBQVUsS0FBSywyQkFBYyxDQUFDLEdBQUcsRUFBRSxDQUFDO2dCQUM5RSxPQUFPO29CQUNMLE1BQU0sRUFBRSxTQUFTO29CQUNqQixNQUFNLEVBQUUsMEZBQTBGO29CQUNsRyxrQkFBa0IsRUFBRSxLQUFLLENBQUMsa0JBQWtCLElBQUksT0FBTyxDQUFDLGFBQWE7b0JBQ3JFLE9BQU8sRUFBRSxLQUFLLENBQUMsT0FBTztvQkFDdEIsU0FBUyxFQUFFLEtBQUssQ0FBQyxTQUFTO29CQUMxQixpQkFBaUIsRUFBRSxLQUFLLENBQUMsaUJBQWlCO29CQUMxQyxJQUFJLEVBQUUsMEZBQTBGO2lCQUNqRyxDQUFDO1lBQ0osQ0FBQztZQUVELHdGQUF3RjtZQUN4RixpRkFBaUY7WUFDakYseUhBQXlIO1lBQ3pILE1BQU0sMkJBQTJCLEdBQUcsTUFBTSxTQUFTLENBQUMsSUFBSSxDQUFDLElBQUksZ0NBQW1CLENBQUM7Z0JBQy9FLEtBQUssRUFBRSxRQUFRO2dCQUNmLFVBQVUsRUFBRSxTQUFTO2FBQ3RCLENBQUMsQ0FBQyxDQUFDO1lBRUosSUFBSSxDQUFDLDJCQUEyQixDQUFDLE1BQU0sRUFBRSxDQUFDO2dCQUN4QyxPQUFPO29CQUNMLE1BQU0sRUFBRSxRQUFRO29CQUNoQixNQUFNLEVBQUUsb0RBQW9EO29CQUM1RCxrQkFBa0IsRUFBRSxLQUFLLENBQUMsa0JBQWtCLElBQUksT0FBTyxDQUFDLGFBQWE7b0JBQ3JFLE9BQU8sRUFBRSxLQUFLLENBQUMsT0FBTztvQkFDdEIsU0FBUyxFQUFFLEtBQUssQ0FBQyxTQUFTO29CQUMxQixpQkFBaUIsRUFBRSxLQUFLLENBQUMsaUJBQWlCO29CQUMxQyxJQUFJLEVBQUUsb0RBQW9EO2lCQUMzRCxDQUFDO1lBQ0osQ0FBQztZQUVELDJEQUEyRDtZQUMzRCxNQUFNLFNBQVMsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLDJCQUEyQixFQUFFLE1BQU0sQ0FBQyxDQUFDO1lBQ2xFLE1BQU0sa0JBQWtCLEdBQUc7Z0JBQ3pCLEdBQUcsRUFBRSx5Q0FBeUM7Z0JBQzlDLE1BQU0sRUFBRSxPQUFPO2dCQUNmLFNBQVMsRUFBRTtvQkFDVCxPQUFPLEVBQUUsMEJBQTBCO2lCQUNwQztnQkFDRCxNQUFNLEVBQUU7b0JBQ04sYUFBYTtvQkFDYixhQUFhO29CQUNiLHNCQUFzQjtvQkFDdEIsZ0JBQWdCO2lCQUNqQjtnQkFDRCxRQUFRLEVBQUUsZUFBZSxNQUFNLElBQUksU0FBUyxRQUFRLFFBQVEsRUFBRTtnQkFDOUQsU0FBUyxFQUFFO29CQUNULFlBQVksRUFBRTt3QkFDWixlQUFlLEVBQUUsdUJBQXVCLFNBQVMsaUJBQWlCLHdCQUF3QixFQUFFO3FCQUM3RjtpQkFDRjthQUNGLENBQUM7WUFDRixNQUFNLGdCQUFnQixHQUFHLElBQUEsdUJBQWUsRUFBQyxTQUFTLEVBQUUsa0JBQWtCLENBQUMsQ0FBQztZQUV4RSxNQUFNLFNBQVMsQ0FBQyxJQUFJLENBQUMsSUFBSSxnQ0FBbUIsQ0FBQztnQkFDM0MsS0FBSyxFQUFFLFFBQVE7Z0JBQ2YsTUFBTSxFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsZ0JBQWdCLENBQUM7Z0JBQ3hDLFVBQVUsRUFBRSxTQUFTO2FBQ3RCLENBQUMsQ0FBQyxDQUFDO1FBQ04sQ0FBQztRQUFDLE9BQU8sR0FBRyxFQUFFLENBQUM7WUFDYixNQUFNLEdBQUcsUUFBUSxDQUFDO1lBQ2xCLFlBQVksR0FBRztnQkFDYixLQUFLLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FBQyxHQUFHLENBQUM7YUFDM0IsQ0FBQztRQUNKLENBQUM7SUFDSCxDQUFDO0lBRUQsT0FBTztRQUNMLE1BQU0sRUFBRSxNQUFNO1FBQ2QsTUFBTSxFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsWUFBWSxDQUFDO1FBQ3BDLGtCQUFrQixFQUFFLEtBQUssQ0FBQyxrQkFBa0IsSUFBSSxPQUFPLENBQUMsYUFBYTtRQUNyRSxPQUFPLEVBQUUsS0FBSyxDQUFDLE9BQU87UUFDdEIsU0FBUyxFQUFFLEtBQUssQ0FBQyxTQUFTO1FBQzFCLGlCQUFpQixFQUFFLEtBQUssQ0FBQyxpQkFBaUI7UUFDMUMsSUFBSSxFQUFFLFlBQVk7S0FDbkIsQ0FBQztBQUNKLENBQUMsQ0FBQztBQTlGVyxRQUFBLE9BQU8sV0E4RmxCO0FBRUY7Ozs7Ozs7R0FPRztBQUNJLE1BQU0sZUFBZSxHQUFHLENBQUMsU0FBYyxFQUFFLGtCQUF1QixFQUFFLEVBQUU7SUFDekUsa0hBQWtIO0lBQ2xILDBHQUEwRztJQUMxRyxNQUFNLHNCQUFzQixHQUFHLFNBQVMsQ0FBQyxTQUFTLENBQUMsU0FBUyxDQUFDLENBQUMsU0FBYyxFQUFFLEVBQUUsQ0FBQyxTQUFTLENBQUMsR0FBRyxLQUFLLGtCQUFrQixDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQzNILDZEQUE2RDtJQUM3RCxnRUFBZ0U7SUFDaEUsSUFBSSxzQkFBc0IsR0FBRyxDQUFDLENBQUMsRUFBRSxDQUFDO1FBQ2hDLFNBQVMsQ0FBQyxTQUFTLENBQUMsc0JBQXNCLENBQUMsR0FBRyxrQkFBa0IsQ0FBQztJQUNuRSxDQUFDO1NBQU0sQ0FBQztRQUNOLFNBQVMsQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDLGtCQUFrQixDQUFDLENBQUM7SUFDL0MsQ0FBQztJQUNELG9CQUFvQjtJQUNwQixPQUFPLFNBQVMsQ0FBQztBQUNuQixDQUFDLENBQUM7QUFiVyxRQUFBLGVBQWUsbUJBYTFCIiwic291cmNlc0NvbnRlbnQiOlsiLyoqXG4gKiAgQ29weXJpZ2h0IEFtYXpvbi5jb20sIEluYy4gb3IgaXRzIGFmZmlsaWF0ZXMuIEFsbCBSaWdodHMgUmVzZXJ2ZWQuXG4gKlxuICogIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSBcIkxpY2Vuc2VcIikuIFlvdSBtYXkgbm90IHVzZSB0aGlzIGZpbGUgZXhjZXB0IGluIGNvbXBsaWFuY2VcbiAqICB3aXRoIHRoZSBMaWNlbnNlLiBBIGNvcHkgb2YgdGhlIExpY2Vuc2UgaXMgbG9jYXRlZCBhdFxuICpcbiAqICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzL0xJQ0VOU0UtMi4wXG4gKlxuICogIG9yIGluIHRoZSAnbGljZW5zZScgZmlsZSBhY2NvbXBhbnlpbmcgdGhpcyBmaWxlLiBUaGlzIGZpbGUgaXMgZGlzdHJpYnV0ZWQgb24gYW4gJ0FTIElTJyBCQVNJUywgV0lUSE9VVCBXQVJSQU5USUVTXG4gKiAgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZXhwcmVzcyBvciBpbXBsaWVkLiBTZWUgdGhlIExpY2Vuc2UgZm9yIHRoZSBzcGVjaWZpYyBsYW5ndWFnZSBnb3Zlcm5pbmcgcGVybWlzc2lvbnNcbiAqICBhbmQgbGltaXRhdGlvbnMgdW5kZXIgdGhlIExpY2Vuc2UuXG4gKi9cblxuaW1wb3J0IHsgS01TQ2xpZW50LCBHZXRLZXlQb2xpY3lDb21tYW5kLCBEZXNjcmliZUtleUNvbW1hbmQsIFB1dEtleVBvbGljeUNvbW1hbmQsIEtleU1hbmFnZXJUeXBlIH0gZnJvbSBcIkBhd3Mtc2RrL2NsaWVudC1rbXNcIjtcblxuY29uc3Qga21zQ2xpZW50ID0gbmV3IEtNU0NsaWVudCgpO1xuXG5leHBvcnQgY29uc3QgaGFuZGxlciA9IGFzeW5jIChldmVudDogYW55LCBjb250ZXh0OiBhbnkpID0+IHtcblxuICBsZXQgc3RhdHVzID0gJ1NVQ0NFU1MnO1xuICBsZXQgcmVzcG9uc2VEYXRhID0ge307XG5cbiAgaWYgKGV2ZW50LlJlcXVlc3RUeXBlID09PSAnQ3JlYXRlJyB8fCBldmVudC5SZXF1ZXN0VHlwZSA9PT0gJ1VwZGF0ZScpIHtcblxuICAgIHRyeSB7XG4gICAgICBjb25zdCBrbXNLZXlJZCA9IGV2ZW50LlJlc291cmNlUHJvcGVydGllcy5LbXNLZXlJZDtcbiAgICAgIGNvbnN0IGNsb3VkRnJvbnREaXN0cmlidXRpb25JZCA9IGV2ZW50LlJlc291cmNlUHJvcGVydGllcy5DbG91ZEZyb250RGlzdHJpYnV0aW9uSWQ7XG4gICAgICBjb25zdCBhY2NvdW50SWQgPSBldmVudC5SZXNvdXJjZVByb3BlcnRpZXMuQWNjb3VudElkO1xuICAgICAgY29uc3QgcmVnaW9uID0gcHJvY2Vzcy5lbnYuQVdTX1JFR0lPTjtcblxuICAgICAgY29uc3QgZGVzY3JpYmVLZXlDb21tYW5kUmVzcG9uc2UgPSBhd2FpdCBrbXNDbGllbnQuc2VuZChuZXcgRGVzY3JpYmVLZXlDb21tYW5kKHtcbiAgICAgICAgS2V5SWQ6IGttc0tleUlkXG4gICAgICB9KSk7XG5cbiAgICAgIGlmIChkZXNjcmliZUtleUNvbW1hbmRSZXNwb25zZS5LZXlNZXRhZGF0YT8uS2V5TWFuYWdlciA9PT0gS2V5TWFuYWdlclR5cGUuQVdTKSB7XG4gICAgICAgIHJldHVybiB7XG4gICAgICAgICAgU3RhdHVzOiAnU1VDQ0VTUycsXG4gICAgICAgICAgUmVhc29uOiAnQW4gQVdTIG1hbmFnZWQga2V5IHdhcyBwcm92aWRlZCwgbm8gYWN0aW9uIG5lZWRlZCBmcm9tIHRoZSBjdXN0b20gcmVzb3VyY2UsIGV4aXRpbmcgbm93LicsXG4gICAgICAgICAgUGh5c2ljYWxSZXNvdXJjZUlkOiBldmVudC5QaHlzaWNhbFJlc291cmNlSWQgPz8gY29udGV4dC5sb2dTdHJlYW1OYW1lLFxuICAgICAgICAgIFN0YWNrSWQ6IGV2ZW50LlN0YWNrSWQsXG4gICAgICAgICAgUmVxdWVzdElkOiBldmVudC5SZXF1ZXN0SWQsXG4gICAgICAgICAgTG9naWNhbFJlc291cmNlSWQ6IGV2ZW50LkxvZ2ljYWxSZXNvdXJjZUlkLFxuICAgICAgICAgIERhdGE6ICdBbiBBV1MgbWFuYWdlZCBrZXkgd2FzIHByb3ZpZGVkLCBubyBhY3Rpb24gbmVlZGVkIGZyb20gdGhlIGN1c3RvbSByZXNvdXJjZSwgZXhpdGluZyBub3cuJyxcbiAgICAgICAgfTtcbiAgICAgIH1cblxuICAgICAgLy8gVGhlIFBvbGljeU5hbWUgaXMgc3BlY2lmaWVkIGFzIFwiZGVmYXVsdFwiIGJlbG93IGJlY2F1c2UgdGhhdCBpcyB0aGUgb25seSB2YWxpZCBuYW1lIGFzXG4gICAgICAvLyB3cml0dGVuIGluIHRoZSBkb2N1bWVudGF0aW9uIGZvciBAYXdzLXNkay9jbGllbnQta21zLkdldEtleVBvbGljeUNvbW1hbmRJbnB1dDpcbiAgICAgIC8vIGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9BV1NKYXZhU2NyaXB0U0RLL3YzL2xhdGVzdC9QYWNrYWdlLy1hd3Mtc2RrLWNsaWVudC1rbXMvSW50ZXJmYWNlL0dldEtleVBvbGljeUNvbW1hbmRJbnB1dC9cbiAgICAgIGNvbnN0IGdldEtleVBvbGljeUNvbW1hbmRSZXNwb25zZSA9IGF3YWl0IGttc0NsaWVudC5zZW5kKG5ldyBHZXRLZXlQb2xpY3lDb21tYW5kKHtcbiAgICAgICAgS2V5SWQ6IGttc0tleUlkLFxuICAgICAgICBQb2xpY3lOYW1lOiAnZGVmYXVsdCdcbiAgICAgIH0pKTtcblxuICAgICAgaWYgKCFnZXRLZXlQb2xpY3lDb21tYW5kUmVzcG9uc2UuUG9saWN5KSB7XG4gICAgICAgIHJldHVybiB7XG4gICAgICAgICAgU3RhdHVzOiAnRkFJTEVEJyxcbiAgICAgICAgICBSZWFzb246ICdBbiBlcnJvciBvY2N1cnJlZCB3aGlsZSByZXRyaWV2aW5nIHRoZSBrZXkgcG9saWN5LicsXG4gICAgICAgICAgUGh5c2ljYWxSZXNvdXJjZUlkOiBldmVudC5QaHlzaWNhbFJlc291cmNlSWQgPz8gY29udGV4dC5sb2dTdHJlYW1OYW1lLFxuICAgICAgICAgIFN0YWNrSWQ6IGV2ZW50LlN0YWNrSWQsXG4gICAgICAgICAgUmVxdWVzdElkOiBldmVudC5SZXF1ZXN0SWQsXG4gICAgICAgICAgTG9naWNhbFJlc291cmNlSWQ6IGV2ZW50LkxvZ2ljYWxSZXNvdXJjZUlkLFxuICAgICAgICAgIERhdGE6ICdBbiBlcnJvciBvY2N1cnJlZCB3aGlsZSByZXRyaWV2aW5nIHRoZSBrZXkgcG9saWN5LicsXG4gICAgICAgIH07XG4gICAgICB9XG5cbiAgICAgIC8vIERlZmluZSB0aGUgdXBkYXRlZCBrZXkgcG9saWN5IHRvIGFsbG93IENsb3VkRnJvbnQgYWNjZXNzXG4gICAgICBjb25zdCBrZXlQb2xpY3kgPSBKU09OLnBhcnNlKGdldEtleVBvbGljeUNvbW1hbmRSZXNwb25zZT8uUG9saWN5KTtcbiAgICAgIGNvbnN0IGtleVBvbGljeVN0YXRlbWVudCA9IHtcbiAgICAgICAgU2lkOiAnR3JhbnQtQ2xvdWRGcm9udC1EaXN0cmlidXRpb24tS2V5LVVzYWdlJyxcbiAgICAgICAgRWZmZWN0OiAnQWxsb3cnLFxuICAgICAgICBQcmluY2lwYWw6IHtcbiAgICAgICAgICBTZXJ2aWNlOiAnY2xvdWRmcm9udC5hbWF6b25hd3MuY29tJyxcbiAgICAgICAgfSxcbiAgICAgICAgQWN0aW9uOiBbXG4gICAgICAgICAgJ2ttczpEZWNyeXB0JyxcbiAgICAgICAgICAna21zOkVuY3J5cHQnLFxuICAgICAgICAgICdrbXM6R2VuZXJhdGVEYXRhS2V5KicsXG4gICAgICAgICAgJ2ttczpSZUVuY3J5cHQqJ1xuICAgICAgICBdLFxuICAgICAgICBSZXNvdXJjZTogYGFybjphd3M6a21zOiR7cmVnaW9ufToke2FjY291bnRJZH06a2V5LyR7a21zS2V5SWR9YCxcbiAgICAgICAgQ29uZGl0aW9uOiB7XG4gICAgICAgICAgU3RyaW5nRXF1YWxzOiB7XG4gICAgICAgICAgICAnQVdTOlNvdXJjZUFybic6IGBhcm46YXdzOmNsb3VkZnJvbnQ6OiR7YWNjb3VudElkfTpkaXN0cmlidXRpb24vJHtjbG91ZEZyb250RGlzdHJpYnV0aW9uSWR9YFxuICAgICAgICAgIH1cbiAgICAgICAgfVxuICAgICAgfTtcbiAgICAgIGNvbnN0IHVwZGF0ZWRLZXlQb2xpY3kgPSB1cGRhdGVLZXlQb2xpY3koa2V5UG9saWN5LCBrZXlQb2xpY3lTdGF0ZW1lbnQpO1xuXG4gICAgICBhd2FpdCBrbXNDbGllbnQuc2VuZChuZXcgUHV0S2V5UG9saWN5Q29tbWFuZCh7XG4gICAgICAgIEtleUlkOiBrbXNLZXlJZCxcbiAgICAgICAgUG9saWN5OiBKU09OLnN0cmluZ2lmeSh1cGRhdGVkS2V5UG9saWN5KSxcbiAgICAgICAgUG9saWN5TmFtZTogJ2RlZmF1bHQnXG4gICAgICB9KSk7XG4gICAgfSBjYXRjaCAoZXJyKSB7XG4gICAgICBzdGF0dXMgPSAnRkFJTEVEJztcbiAgICAgIHJlc3BvbnNlRGF0YSA9IHtcbiAgICAgICAgRXJyb3I6IEpTT04uc3RyaW5naWZ5KGVycilcbiAgICAgIH07XG4gICAgfVxuICB9XG5cbiAgcmV0dXJuIHtcbiAgICBTdGF0dXM6IHN0YXR1cyxcbiAgICBSZWFzb246IEpTT04uc3RyaW5naWZ5KHJlc3BvbnNlRGF0YSksXG4gICAgUGh5c2ljYWxSZXNvdXJjZUlkOiBldmVudC5QaHlzaWNhbFJlc291cmNlSWQgPz8gY29udGV4dC5sb2dTdHJlYW1OYW1lLFxuICAgIFN0YWNrSWQ6IGV2ZW50LlN0YWNrSWQsXG4gICAgUmVxdWVzdElkOiBldmVudC5SZXF1ZXN0SWQsXG4gICAgTG9naWNhbFJlc291cmNlSWQ6IGV2ZW50LkxvZ2ljYWxSZXNvdXJjZUlkLFxuICAgIERhdGE6IHJlc3BvbnNlRGF0YSxcbiAgfTtcbn07XG5cbi8qKlxuICogVXBkYXRlcyBhIHByb3ZpZGVkIGtleSBwb2xpY3kgd2l0aCBhIHByb3ZpZGVkIGtleSBwb2xpY3kgc3RhdGVtZW50LiBGaXJzdCBjaGVja3Mgd2hldGhlciB0aGUgcHJvdmlkZWQga2V5IHBvbGljeSBzdGF0ZW1lbnRcbiAqIGFscmVhZHkgZXhpc3RzLiBJZiBhbiBleGlzdGluZyBrZXkgcG9saWN5IGlzIGZvdW5kIHdpdGggYSBtYXRjaGluZyBzaWQsIHRoZSBwcm92aWRlZCBrZXkgcG9saWN5IHdpbGwgb3ZlcndyaXRlIHRoZSBleGlzdGluZ1xuICoga2V5IHBvbGljeS4gSWYgbm8gbWF0Y2hpbmcga2V5IHBvbGljeSBpcyBmb3VuZCwgdGhlIHByb3ZpZGVkIGtleSBwb2xpY3kgd2lsbCBiZSBhcHBlbmRlZCBvbnRvIHRoZSBhcnJheSBvZiBwb2xpY3kgc3RhdGVtZW50cy5cbiAqIEBwYXJhbSBrZXlQb2xpY3kgLSB0aGUgSlNPTi5wYXJzZSdkIHJlc3VsdCBvZiB0aGUgb3RoZXJ3aXNlIHN0cmluZ2lmaWVkIGtleSBwb2xpY3kuXG4gKiBAcGFyYW0ga2V5UG9saWN5U3RhdGVtZW50IC0gdGhlIGtleSBwb2xpY3kgc3RhdGVtZW50IHRvIGJlIGFkZGVkIHRvIHRoZSBrZXkgcG9saWN5LlxuICogQHJldHVybnMga2V5UG9saWN5IC0gdGhlIHVwZGF0ZWQga2V5IHBvbGljeS5cbiAqL1xuZXhwb3J0IGNvbnN0IHVwZGF0ZUtleVBvbGljeSA9IChrZXlQb2xpY3k6IGFueSwga2V5UG9saWN5U3RhdGVtZW50OiBhbnkpID0+IHtcbiAgLy8gQ2hlY2sgdG8gc2VlIGlmIGEgZHVwbGljYXRlIGtleSBwb2xpY3kgZXhpc3RzIGJ5IG1hdGNoaW5nIG9uIHRoZSBzaWQuIFRoaXMgaXMgdG8gcHJldmVudCBkdXBsaWNhdGUga2V5IHBvbGljaWVzXG4gIC8vIGZyb20gYmVpbmcgYWRkZWQvdXBkYXRlZCBpbiByZXNwb25zZSB0byBhIHN0YWNrIGJlaW5nIHVwZGF0ZWQgb25lIG9yIG1vcmUgdGltZXMgYWZ0ZXIgaW5pdGlhbCBjcmVhdGlvbi5cbiAgY29uc3QgZXhpc3RpbmdLZXlQb2xpY3lJbmRleCA9IGtleVBvbGljeS5TdGF0ZW1lbnQuZmluZEluZGV4KChzdGF0ZW1lbnQ6IGFueSkgPT4gc3RhdGVtZW50LlNpZCA9PT0ga2V5UG9saWN5U3RhdGVtZW50LlNpZCk7XG4gIC8vIElmIGEgbWF0Y2ggaXMgZm91bmQsIG92ZXJ3cml0ZSB0aGUga2V5IHBvbGljeSBzdGF0ZW1lbnQuLi5cbiAgLy8gT3RoZXJ3aXNlLCBwdXNoIHRoZSBuZXcga2V5IHBvbGljeSB0byB0aGUgYXJyYXkgb2Ygc3RhdGVtZW50c1xuICBpZiAoZXhpc3RpbmdLZXlQb2xpY3lJbmRleCA+IC0xKSB7XG4gICAga2V5UG9saWN5LlN0YXRlbWVudFtleGlzdGluZ0tleVBvbGljeUluZGV4XSA9IGtleVBvbGljeVN0YXRlbWVudDtcbiAgfSBlbHNlIHtcbiAgICBrZXlQb2xpY3kuU3RhdGVtZW50LnB1c2goa2V5UG9saWN5U3RhdGVtZW50KTtcbiAgfVxuICAvLyBSZXR1cm4gdGhlIHJlc3VsdFxuICByZXR1cm4ga2V5UG9saWN5O1xufTtcbiJdfQ==
@@ -1 +0,0 @@
1
- "use strict";var f=Object.create,i=Object.defineProperty,I=Object.getOwnPropertyDescriptor,C=Object.getOwnPropertyNames,w=Object.getPrototypeOf,P=Object.prototype.hasOwnProperty,A=(t,e)=>{for(var o in e)i(t,o,{get:e[o],enumerable:!0})},d=(t,e,o,r)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of C(e))!P.call(t,s)&&s!==o&&i(t,s,{get:()=>e[s],enumerable:!(r=I(e,s))||r.enumerable});return t},l=(t,e,o)=>(o=t!=null?f(w(t)):{},d(e||!t||!t.__esModule?i(o,"default",{value:t,enumerable:!0}):o,t)),B=t=>d(i({},"__esModule",{value:!0}),t),q={};A(q,{autoDeleteHandler:()=>S,handler:()=>H}),module.exports=B(q);var h=require("@aws-sdk/client-s3"),y=l(require("https")),m=l(require("url")),a={sendHttpRequest:D,log:T,includeStackTraces:!0,userHandlerIndex:"./index"},p="AWSCDK::CustomResourceProviderFramework::CREATE_FAILED",L="AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID";function R(t){return async(e,o)=>{let r={...e,ResponseURL:"..."};if(a.log(JSON.stringify(r,void 0,2)),e.RequestType==="Delete"&&e.PhysicalResourceId===p){a.log("ignoring DELETE event caused by a failed CREATE event"),await u("SUCCESS",e);return}try{let s=await t(r,o),n=k(e,s);await u("SUCCESS",n)}catch(s){let n={...e,Reason:a.includeStackTraces?s.stack:s.message};n.PhysicalResourceId||(e.RequestType==="Create"?(a.log("CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored"),n.PhysicalResourceId=p):a.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify(e)}`)),await u("FAILED",n)}}}function k(t,e={}){let o=e.PhysicalResourceId??t.PhysicalResourceId??t.RequestId;if(t.RequestType==="Delete"&&o!==t.PhysicalResourceId)throw new Error(`DELETE: cannot change the physical resource ID from "${t.PhysicalResourceId}" to "${e.PhysicalResourceId}" during deletion`);return{...t,...e,PhysicalResourceId:o}}async function u(t,e){let o={Status:t,Reason:e.Reason??t,StackId:e.StackId,RequestId:e.RequestId,PhysicalResourceId:e.PhysicalResourceId||L,LogicalResourceId:e.LogicalResourceId,NoEcho:e.NoEcho,Data:e.Data},r=m.parse(e.ResponseURL),s=`${r.protocol}//${r.hostname}/${r.pathname}?***`;a.log("submit response to cloudformation",s,o);let n=JSON.stringify(o),E={hostname:r.hostname,path:r.path,method:"PUT",headers:{"content-type":"","content-length":Buffer.byteLength(n,"utf8")}};await O({attempts:5,sleep:1e3},a.sendHttpRequest)(E,n)}async function D(t,e){return new Promise((o,r)=>{try{let s=y.request(t,n=>{n.resume(),!n.statusCode||n.statusCode>=400?r(new Error(`Unsuccessful HTTP response: ${n.statusCode}`)):o()});s.on("error",r),s.write(e),s.end()}catch(s){r(s)}})}function T(t,...e){console.log(t,...e)}function O(t,e){return async(...o)=>{let r=t.attempts,s=t.sleep;for(;;)try{return await e(...o)}catch(n){if(r--<=0)throw n;await b(Math.floor(Math.random()*s)),s*=2}}}async function b(t){return new Promise(e=>setTimeout(e,t))}var g="aws-cdk:auto-delete-objects",x=JSON.stringify({Version:"2012-10-17",Statement:[]}),c=new h.S3({}),H=R(S);async function S(t){switch(t.RequestType){case"Create":return;case"Update":return{PhysicalResourceId:(await F(t)).PhysicalResourceId};case"Delete":return N(t.ResourceProperties?.BucketName)}}async function F(t){let e=t,o=e.OldResourceProperties?.BucketName;return{PhysicalResourceId:e.ResourceProperties?.BucketName??o}}async function _(t){try{let e=(await c.getBucketPolicy({Bucket:t}))?.Policy??x,o=JSON.parse(e);o.Statement.push({Principal:"*",Effect:"Deny",Action:["s3:PutObject"],Resource:[`arn:aws:s3:::${t}/*`]}),await c.putBucketPolicy({Bucket:t,Policy:JSON.stringify(o)})}catch(e){if(e.name==="NoSuchBucket")throw e;console.log(`Could not set new object deny policy on bucket '${t}' prior to deletion.`)}}async function U(t){let e;do{e=await c.listObjectVersions({Bucket:t});let o=[...e.Versions??[],...e.DeleteMarkers??[]];if(o.length===0)return;let r=o.map(s=>({Key:s.Key,VersionId:s.VersionId}));await c.deleteObjects({Bucket:t,Delete:{Objects:r}})}while(e?.IsTruncated)}async function N(t){if(!t)throw new Error("No BucketName was provided.");try{if(!await W(t)){console.log(`Bucket does not have '${g}' tag, skipping cleaning.`);return}await _(t),await U(t)}catch(e){if(e.name==="NoSuchBucket"){console.log(`Bucket '${t}' does not exist.`);return}throw e}}async function W(t){return(await c.getBucketTagging({Bucket:t})).TagSet?.some(o=>o.Key===g&&o.Value==="true")}
@@ -1 +0,0 @@
1
- "use strict";var f=Object.create,i=Object.defineProperty,I=Object.getOwnPropertyDescriptor,C=Object.getOwnPropertyNames,w=Object.getPrototypeOf,P=Object.prototype.hasOwnProperty,A=(t,e)=>{for(var o in e)i(t,o,{get:e[o],enumerable:!0})},d=(t,e,o,r)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of C(e))!P.call(t,s)&&s!==o&&i(t,s,{get:()=>e[s],enumerable:!(r=I(e,s))||r.enumerable});return t},l=(t,e,o)=>(o=t!=null?f(w(t)):{},d(e||!t||!t.__esModule?i(o,"default",{value:t,enumerable:!0}):o,t)),B=t=>d(i({},"__esModule",{value:!0}),t),q={};A(q,{autoDeleteHandler:()=>S,handler:()=>H}),module.exports=B(q);var h=require("@aws-sdk/client-s3"),y=l(require("https")),m=l(require("url")),a={sendHttpRequest:D,log:T,includeStackTraces:!0,userHandlerIndex:"./index"},p="AWSCDK::CustomResourceProviderFramework::CREATE_FAILED",L="AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID";function R(t){return async(e,o)=>{let r={...e,ResponseURL:"..."};if(a.log(JSON.stringify(r,void 0,2)),e.RequestType==="Delete"&&e.PhysicalResourceId===p){a.log("ignoring DELETE event caused by a failed CREATE event"),await u("SUCCESS",e);return}try{let s=await t(r,o),n=k(e,s);await u("SUCCESS",n)}catch(s){let n={...e,Reason:a.includeStackTraces?s.stack:s.message};n.PhysicalResourceId||(e.RequestType==="Create"?(a.log("CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored"),n.PhysicalResourceId=p):a.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify(e)}`)),await u("FAILED",n)}}}function k(t,e={}){let o=e.PhysicalResourceId??t.PhysicalResourceId??t.RequestId;if(t.RequestType==="Delete"&&o!==t.PhysicalResourceId)throw new Error(`DELETE: cannot change the physical resource ID from "${t.PhysicalResourceId}" to "${e.PhysicalResourceId}" during deletion`);return{...t,...e,PhysicalResourceId:o}}async function u(t,e){let o={Status:t,Reason:e.Reason??t,StackId:e.StackId,RequestId:e.RequestId,PhysicalResourceId:e.PhysicalResourceId||L,LogicalResourceId:e.LogicalResourceId,NoEcho:e.NoEcho,Data:e.Data},r=m.parse(e.ResponseURL),s=`${r.protocol}//${r.hostname}/${r.pathname}?***`;a.log("submit response to cloudformation",s,o);let n=JSON.stringify(o),E={hostname:r.hostname,path:r.path,method:"PUT",headers:{"content-type":"","content-length":Buffer.byteLength(n,"utf8")}};await O({attempts:5,sleep:1e3},a.sendHttpRequest)(E,n)}async function D(t,e){return new Promise((o,r)=>{try{let s=y.request(t,n=>{n.resume(),!n.statusCode||n.statusCode>=400?r(new Error(`Unsuccessful HTTP response: ${n.statusCode}`)):o()});s.on("error",r),s.write(e),s.end()}catch(s){r(s)}})}function T(t,...e){console.log(t,...e)}function O(t,e){return async(...o)=>{let r=t.attempts,s=t.sleep;for(;;)try{return await e(...o)}catch(n){if(r--<=0)throw n;await b(Math.floor(Math.random()*s)),s*=2}}}async function b(t){return new Promise(e=>setTimeout(e,t))}var g="aws-cdk:auto-delete-objects",x=JSON.stringify({Version:"2012-10-17",Statement:[]}),c=new h.S3({}),H=R(S);async function S(t){switch(t.RequestType){case"Create":return;case"Update":return{PhysicalResourceId:(await F(t)).PhysicalResourceId};case"Delete":return N(t.ResourceProperties?.BucketName)}}async function F(t){let e=t,o=e.OldResourceProperties?.BucketName;return{PhysicalResourceId:e.ResourceProperties?.BucketName??o}}async function _(t){try{let e=(await c.getBucketPolicy({Bucket:t}))?.Policy??x,o=JSON.parse(e);o.Statement.push({Principal:"*",Effect:"Deny",Action:["s3:PutObject"],Resource:[`arn:aws:s3:::${t}/*`]}),await c.putBucketPolicy({Bucket:t,Policy:JSON.stringify(o)})}catch(e){if(e.name==="NoSuchBucket")throw e;console.log(`Could not set new object deny policy on bucket '${t}' prior to deletion.`)}}async function U(t){let e;do{e=await c.listObjectVersions({Bucket:t});let o=[...e.Versions??[],...e.DeleteMarkers??[]];if(o.length===0)return;let r=o.map(s=>({Key:s.Key,VersionId:s.VersionId}));await c.deleteObjects({Bucket:t,Delete:{Objects:r}})}while(e?.IsTruncated)}async function N(t){if(!t)throw new Error("No BucketName was provided.");try{if(!await W(t)){console.log(`Bucket does not have '${g}' tag, skipping cleaning.`);return}await _(t),await U(t)}catch(e){if(e.name==="NoSuchBucket"){console.log(`Bucket '${t}' does not exist.`);return}throw e}}async function W(t){return(await c.getBucketTagging({Bucket:t})).TagSet?.some(o=>o.Key===g&&o.Value==="true")}
@@ -1 +0,0 @@
1
- "use strict";var f=Object.create,i=Object.defineProperty,I=Object.getOwnPropertyDescriptor,C=Object.getOwnPropertyNames,w=Object.getPrototypeOf,P=Object.prototype.hasOwnProperty,A=(t,e)=>{for(var o in e)i(t,o,{get:e[o],enumerable:!0})},d=(t,e,o,r)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of C(e))!P.call(t,s)&&s!==o&&i(t,s,{get:()=>e[s],enumerable:!(r=I(e,s))||r.enumerable});return t},l=(t,e,o)=>(o=t!=null?f(w(t)):{},d(e||!t||!t.__esModule?i(o,"default",{value:t,enumerable:!0}):o,t)),B=t=>d(i({},"__esModule",{value:!0}),t),q={};A(q,{autoDeleteHandler:()=>S,handler:()=>H}),module.exports=B(q);var h=require("@aws-sdk/client-s3"),y=l(require("https")),m=l(require("url")),a={sendHttpRequest:D,log:T,includeStackTraces:!0,userHandlerIndex:"./index"},p="AWSCDK::CustomResourceProviderFramework::CREATE_FAILED",L="AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID";function R(t){return async(e,o)=>{let r={...e,ResponseURL:"..."};if(a.log(JSON.stringify(r,void 0,2)),e.RequestType==="Delete"&&e.PhysicalResourceId===p){a.log("ignoring DELETE event caused by a failed CREATE event"),await u("SUCCESS",e);return}try{let s=await t(r,o),n=k(e,s);await u("SUCCESS",n)}catch(s){let n={...e,Reason:a.includeStackTraces?s.stack:s.message};n.PhysicalResourceId||(e.RequestType==="Create"?(a.log("CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored"),n.PhysicalResourceId=p):a.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify(e)}`)),await u("FAILED",n)}}}function k(t,e={}){let o=e.PhysicalResourceId??t.PhysicalResourceId??t.RequestId;if(t.RequestType==="Delete"&&o!==t.PhysicalResourceId)throw new Error(`DELETE: cannot change the physical resource ID from "${t.PhysicalResourceId}" to "${e.PhysicalResourceId}" during deletion`);return{...t,...e,PhysicalResourceId:o}}async function u(t,e){let o={Status:t,Reason:e.Reason??t,StackId:e.StackId,RequestId:e.RequestId,PhysicalResourceId:e.PhysicalResourceId||L,LogicalResourceId:e.LogicalResourceId,NoEcho:e.NoEcho,Data:e.Data},r=m.parse(e.ResponseURL),s=`${r.protocol}//${r.hostname}/${r.pathname}?***`;a.log("submit response to cloudformation",s,o);let n=JSON.stringify(o),E={hostname:r.hostname,path:r.path,method:"PUT",headers:{"content-type":"","content-length":Buffer.byteLength(n,"utf8")}};await O({attempts:5,sleep:1e3},a.sendHttpRequest)(E,n)}async function D(t,e){return new Promise((o,r)=>{try{let s=y.request(t,n=>{n.resume(),!n.statusCode||n.statusCode>=400?r(new Error(`Unsuccessful HTTP response: ${n.statusCode}`)):o()});s.on("error",r),s.write(e),s.end()}catch(s){r(s)}})}function T(t,...e){console.log(t,...e)}function O(t,e){return async(...o)=>{let r=t.attempts,s=t.sleep;for(;;)try{return await e(...o)}catch(n){if(r--<=0)throw n;await b(Math.floor(Math.random()*s)),s*=2}}}async function b(t){return new Promise(e=>setTimeout(e,t))}var g="aws-cdk:auto-delete-objects",x=JSON.stringify({Version:"2012-10-17",Statement:[]}),c=new h.S3({}),H=R(S);async function S(t){switch(t.RequestType){case"Create":return;case"Update":return{PhysicalResourceId:(await F(t)).PhysicalResourceId};case"Delete":return N(t.ResourceProperties?.BucketName)}}async function F(t){let e=t,o=e.OldResourceProperties?.BucketName;return{PhysicalResourceId:e.ResourceProperties?.BucketName??o}}async function _(t){try{let e=(await c.getBucketPolicy({Bucket:t}))?.Policy??x,o=JSON.parse(e);o.Statement.push({Principal:"*",Effect:"Deny",Action:["s3:PutObject"],Resource:[`arn:aws:s3:::${t}/*`]}),await c.putBucketPolicy({Bucket:t,Policy:JSON.stringify(o)})}catch(e){if(e.name==="NoSuchBucket")throw e;console.log(`Could not set new object deny policy on bucket '${t}' prior to deletion.`)}}async function U(t){let e;do{e=await c.listObjectVersions({Bucket:t});let o=[...e.Versions??[],...e.DeleteMarkers??[]];if(o.length===0)return;let r=o.map(s=>({Key:s.Key,VersionId:s.VersionId}));await c.deleteObjects({Bucket:t,Delete:{Objects:r}})}while(e?.IsTruncated)}async function N(t){if(!t)throw new Error("No BucketName was provided.");try{if(!await W(t)){console.log(`Bucket does not have '${g}' tag, skipping cleaning.`);return}await _(t),await U(t)}catch(e){if(e.name==="NoSuchBucket"){console.log(`Bucket '${t}' does not exist.`);return}throw e}}async function W(t){return(await c.getBucketTagging({Bucket:t})).TagSet?.some(o=>o.Key===g&&o.Value==="true")}
@@ -1 +0,0 @@
1
- "use strict";var f=Object.create,i=Object.defineProperty,I=Object.getOwnPropertyDescriptor,C=Object.getOwnPropertyNames,w=Object.getPrototypeOf,P=Object.prototype.hasOwnProperty,A=(t,e)=>{for(var o in e)i(t,o,{get:e[o],enumerable:!0})},d=(t,e,o,r)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of C(e))!P.call(t,s)&&s!==o&&i(t,s,{get:()=>e[s],enumerable:!(r=I(e,s))||r.enumerable});return t},l=(t,e,o)=>(o=t!=null?f(w(t)):{},d(e||!t||!t.__esModule?i(o,"default",{value:t,enumerable:!0}):o,t)),B=t=>d(i({},"__esModule",{value:!0}),t),q={};A(q,{autoDeleteHandler:()=>S,handler:()=>H}),module.exports=B(q);var h=require("@aws-sdk/client-s3"),y=l(require("https")),m=l(require("url")),a={sendHttpRequest:D,log:T,includeStackTraces:!0,userHandlerIndex:"./index"},p="AWSCDK::CustomResourceProviderFramework::CREATE_FAILED",L="AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID";function R(t){return async(e,o)=>{let r={...e,ResponseURL:"..."};if(a.log(JSON.stringify(r,void 0,2)),e.RequestType==="Delete"&&e.PhysicalResourceId===p){a.log("ignoring DELETE event caused by a failed CREATE event"),await u("SUCCESS",e);return}try{let s=await t(r,o),n=k(e,s);await u("SUCCESS",n)}catch(s){let n={...e,Reason:a.includeStackTraces?s.stack:s.message};n.PhysicalResourceId||(e.RequestType==="Create"?(a.log("CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored"),n.PhysicalResourceId=p):a.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify(e)}`)),await u("FAILED",n)}}}function k(t,e={}){let o=e.PhysicalResourceId??t.PhysicalResourceId??t.RequestId;if(t.RequestType==="Delete"&&o!==t.PhysicalResourceId)throw new Error(`DELETE: cannot change the physical resource ID from "${t.PhysicalResourceId}" to "${e.PhysicalResourceId}" during deletion`);return{...t,...e,PhysicalResourceId:o}}async function u(t,e){let o={Status:t,Reason:e.Reason??t,StackId:e.StackId,RequestId:e.RequestId,PhysicalResourceId:e.PhysicalResourceId||L,LogicalResourceId:e.LogicalResourceId,NoEcho:e.NoEcho,Data:e.Data},r=m.parse(e.ResponseURL),s=`${r.protocol}//${r.hostname}/${r.pathname}?***`;a.log("submit response to cloudformation",s,o);let n=JSON.stringify(o),E={hostname:r.hostname,path:r.path,method:"PUT",headers:{"content-type":"","content-length":Buffer.byteLength(n,"utf8")}};await O({attempts:5,sleep:1e3},a.sendHttpRequest)(E,n)}async function D(t,e){return new Promise((o,r)=>{try{let s=y.request(t,n=>{n.resume(),!n.statusCode||n.statusCode>=400?r(new Error(`Unsuccessful HTTP response: ${n.statusCode}`)):o()});s.on("error",r),s.write(e),s.end()}catch(s){r(s)}})}function T(t,...e){console.log(t,...e)}function O(t,e){return async(...o)=>{let r=t.attempts,s=t.sleep;for(;;)try{return await e(...o)}catch(n){if(r--<=0)throw n;await b(Math.floor(Math.random()*s)),s*=2}}}async function b(t){return new Promise(e=>setTimeout(e,t))}var g="aws-cdk:auto-delete-objects",x=JSON.stringify({Version:"2012-10-17",Statement:[]}),c=new h.S3({}),H=R(S);async function S(t){switch(t.RequestType){case"Create":return;case"Update":return{PhysicalResourceId:(await F(t)).PhysicalResourceId};case"Delete":return N(t.ResourceProperties?.BucketName)}}async function F(t){let e=t,o=e.OldResourceProperties?.BucketName;return{PhysicalResourceId:e.ResourceProperties?.BucketName??o}}async function _(t){try{let e=(await c.getBucketPolicy({Bucket:t}))?.Policy??x,o=JSON.parse(e);o.Statement.push({Principal:"*",Effect:"Deny",Action:["s3:PutObject"],Resource:[`arn:aws:s3:::${t}/*`]}),await c.putBucketPolicy({Bucket:t,Policy:JSON.stringify(o)})}catch(e){if(e.name==="NoSuchBucket")throw e;console.log(`Could not set new object deny policy on bucket '${t}' prior to deletion.`)}}async function U(t){let e;do{e=await c.listObjectVersions({Bucket:t});let o=[...e.Versions??[],...e.DeleteMarkers??[]];if(o.length===0)return;let r=o.map(s=>({Key:s.Key,VersionId:s.VersionId}));await c.deleteObjects({Bucket:t,Delete:{Objects:r}})}while(e?.IsTruncated)}async function N(t){if(!t)throw new Error("No BucketName was provided.");try{if(!await W(t)){console.log(`Bucket does not have '${g}' tag, skipping cleaning.`);return}await _(t),await U(t)}catch(e){if(e.name==="NoSuchBucket"){console.log(`Bucket '${t}' does not exist.`);return}throw e}}async function W(t){return(await c.getBucketTagging({Bucket:t})).TagSet?.some(o=>o.Key===g&&o.Value==="true")}
@@ -1 +0,0 @@
1
- "use strict";var f=Object.create,i=Object.defineProperty,I=Object.getOwnPropertyDescriptor,C=Object.getOwnPropertyNames,w=Object.getPrototypeOf,P=Object.prototype.hasOwnProperty,A=(t,e)=>{for(var o in e)i(t,o,{get:e[o],enumerable:!0})},d=(t,e,o,r)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of C(e))!P.call(t,s)&&s!==o&&i(t,s,{get:()=>e[s],enumerable:!(r=I(e,s))||r.enumerable});return t},l=(t,e,o)=>(o=t!=null?f(w(t)):{},d(e||!t||!t.__esModule?i(o,"default",{value:t,enumerable:!0}):o,t)),B=t=>d(i({},"__esModule",{value:!0}),t),q={};A(q,{autoDeleteHandler:()=>S,handler:()=>H}),module.exports=B(q);var h=require("@aws-sdk/client-s3"),y=l(require("https")),m=l(require("url")),a={sendHttpRequest:D,log:T,includeStackTraces:!0,userHandlerIndex:"./index"},p="AWSCDK::CustomResourceProviderFramework::CREATE_FAILED",L="AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID";function R(t){return async(e,o)=>{let r={...e,ResponseURL:"..."};if(a.log(JSON.stringify(r,void 0,2)),e.RequestType==="Delete"&&e.PhysicalResourceId===p){a.log("ignoring DELETE event caused by a failed CREATE event"),await u("SUCCESS",e);return}try{let s=await t(r,o),n=k(e,s);await u("SUCCESS",n)}catch(s){let n={...e,Reason:a.includeStackTraces?s.stack:s.message};n.PhysicalResourceId||(e.RequestType==="Create"?(a.log("CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored"),n.PhysicalResourceId=p):a.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify(e)}`)),await u("FAILED",n)}}}function k(t,e={}){let o=e.PhysicalResourceId??t.PhysicalResourceId??t.RequestId;if(t.RequestType==="Delete"&&o!==t.PhysicalResourceId)throw new Error(`DELETE: cannot change the physical resource ID from "${t.PhysicalResourceId}" to "${e.PhysicalResourceId}" during deletion`);return{...t,...e,PhysicalResourceId:o}}async function u(t,e){let o={Status:t,Reason:e.Reason??t,StackId:e.StackId,RequestId:e.RequestId,PhysicalResourceId:e.PhysicalResourceId||L,LogicalResourceId:e.LogicalResourceId,NoEcho:e.NoEcho,Data:e.Data},r=m.parse(e.ResponseURL),s=`${r.protocol}//${r.hostname}/${r.pathname}?***`;a.log("submit response to cloudformation",s,o);let n=JSON.stringify(o),E={hostname:r.hostname,path:r.path,method:"PUT",headers:{"content-type":"","content-length":Buffer.byteLength(n,"utf8")}};await O({attempts:5,sleep:1e3},a.sendHttpRequest)(E,n)}async function D(t,e){return new Promise((o,r)=>{try{let s=y.request(t,n=>{n.resume(),!n.statusCode||n.statusCode>=400?r(new Error(`Unsuccessful HTTP response: ${n.statusCode}`)):o()});s.on("error",r),s.write(e),s.end()}catch(s){r(s)}})}function T(t,...e){console.log(t,...e)}function O(t,e){return async(...o)=>{let r=t.attempts,s=t.sleep;for(;;)try{return await e(...o)}catch(n){if(r--<=0)throw n;await b(Math.floor(Math.random()*s)),s*=2}}}async function b(t){return new Promise(e=>setTimeout(e,t))}var g="aws-cdk:auto-delete-objects",x=JSON.stringify({Version:"2012-10-17",Statement:[]}),c=new h.S3({}),H=R(S);async function S(t){switch(t.RequestType){case"Create":return;case"Update":return{PhysicalResourceId:(await F(t)).PhysicalResourceId};case"Delete":return N(t.ResourceProperties?.BucketName)}}async function F(t){let e=t,o=e.OldResourceProperties?.BucketName;return{PhysicalResourceId:e.ResourceProperties?.BucketName??o}}async function _(t){try{let e=(await c.getBucketPolicy({Bucket:t}))?.Policy??x,o=JSON.parse(e);o.Statement.push({Principal:"*",Effect:"Deny",Action:["s3:PutObject"],Resource:[`arn:aws:s3:::${t}/*`]}),await c.putBucketPolicy({Bucket:t,Policy:JSON.stringify(o)})}catch(e){if(e.name==="NoSuchBucket")throw e;console.log(`Could not set new object deny policy on bucket '${t}' prior to deletion.`)}}async function U(t){let e;do{e=await c.listObjectVersions({Bucket:t});let o=[...e.Versions??[],...e.DeleteMarkers??[]];if(o.length===0)return;let r=o.map(s=>({Key:s.Key,VersionId:s.VersionId}));await c.deleteObjects({Bucket:t,Delete:{Objects:r}})}while(e?.IsTruncated)}async function N(t){if(!t)throw new Error("No BucketName was provided.");try{if(!await W(t)){console.log(`Bucket does not have '${g}' tag, skipping cleaning.`);return}await _(t),await U(t)}catch(e){if(e.name==="NoSuchBucket"){console.log(`Bucket '${t}' does not exist.`);return}throw e}}async function W(t){return(await c.getBucketTagging({Bucket:t})).TagSet?.some(o=>o.Key===g&&o.Value==="true")}
@@ -1 +0,0 @@
1
- "use strict";var f=Object.create,i=Object.defineProperty,I=Object.getOwnPropertyDescriptor,C=Object.getOwnPropertyNames,w=Object.getPrototypeOf,P=Object.prototype.hasOwnProperty,A=(t,e)=>{for(var o in e)i(t,o,{get:e[o],enumerable:!0})},d=(t,e,o,r)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of C(e))!P.call(t,s)&&s!==o&&i(t,s,{get:()=>e[s],enumerable:!(r=I(e,s))||r.enumerable});return t},l=(t,e,o)=>(o=t!=null?f(w(t)):{},d(e||!t||!t.__esModule?i(o,"default",{value:t,enumerable:!0}):o,t)),B=t=>d(i({},"__esModule",{value:!0}),t),q={};A(q,{autoDeleteHandler:()=>S,handler:()=>H}),module.exports=B(q);var h=require("@aws-sdk/client-s3"),y=l(require("https")),m=l(require("url")),a={sendHttpRequest:D,log:T,includeStackTraces:!0,userHandlerIndex:"./index"},p="AWSCDK::CustomResourceProviderFramework::CREATE_FAILED",L="AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID";function R(t){return async(e,o)=>{let r={...e,ResponseURL:"..."};if(a.log(JSON.stringify(r,void 0,2)),e.RequestType==="Delete"&&e.PhysicalResourceId===p){a.log("ignoring DELETE event caused by a failed CREATE event"),await u("SUCCESS",e);return}try{let s=await t(r,o),n=k(e,s);await u("SUCCESS",n)}catch(s){let n={...e,Reason:a.includeStackTraces?s.stack:s.message};n.PhysicalResourceId||(e.RequestType==="Create"?(a.log("CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored"),n.PhysicalResourceId=p):a.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify(e)}`)),await u("FAILED",n)}}}function k(t,e={}){let o=e.PhysicalResourceId??t.PhysicalResourceId??t.RequestId;if(t.RequestType==="Delete"&&o!==t.PhysicalResourceId)throw new Error(`DELETE: cannot change the physical resource ID from "${t.PhysicalResourceId}" to "${e.PhysicalResourceId}" during deletion`);return{...t,...e,PhysicalResourceId:o}}async function u(t,e){let o={Status:t,Reason:e.Reason??t,StackId:e.StackId,RequestId:e.RequestId,PhysicalResourceId:e.PhysicalResourceId||L,LogicalResourceId:e.LogicalResourceId,NoEcho:e.NoEcho,Data:e.Data},r=m.parse(e.ResponseURL),s=`${r.protocol}//${r.hostname}/${r.pathname}?***`;a.log("submit response to cloudformation",s,o);let n=JSON.stringify(o),E={hostname:r.hostname,path:r.path,method:"PUT",headers:{"content-type":"","content-length":Buffer.byteLength(n,"utf8")}};await O({attempts:5,sleep:1e3},a.sendHttpRequest)(E,n)}async function D(t,e){return new Promise((o,r)=>{try{let s=y.request(t,n=>{n.resume(),!n.statusCode||n.statusCode>=400?r(new Error(`Unsuccessful HTTP response: ${n.statusCode}`)):o()});s.on("error",r),s.write(e),s.end()}catch(s){r(s)}})}function T(t,...e){console.log(t,...e)}function O(t,e){return async(...o)=>{let r=t.attempts,s=t.sleep;for(;;)try{return await e(...o)}catch(n){if(r--<=0)throw n;await b(Math.floor(Math.random()*s)),s*=2}}}async function b(t){return new Promise(e=>setTimeout(e,t))}var g="aws-cdk:auto-delete-objects",x=JSON.stringify({Version:"2012-10-17",Statement:[]}),c=new h.S3({}),H=R(S);async function S(t){switch(t.RequestType){case"Create":return;case"Update":return{PhysicalResourceId:(await F(t)).PhysicalResourceId};case"Delete":return N(t.ResourceProperties?.BucketName)}}async function F(t){let e=t,o=e.OldResourceProperties?.BucketName;return{PhysicalResourceId:e.ResourceProperties?.BucketName??o}}async function _(t){try{let e=(await c.getBucketPolicy({Bucket:t}))?.Policy??x,o=JSON.parse(e);o.Statement.push({Principal:"*",Effect:"Deny",Action:["s3:PutObject"],Resource:[`arn:aws:s3:::${t}/*`]}),await c.putBucketPolicy({Bucket:t,Policy:JSON.stringify(o)})}catch(e){if(e.name==="NoSuchBucket")throw e;console.log(`Could not set new object deny policy on bucket '${t}' prior to deletion.`)}}async function U(t){let e;do{e=await c.listObjectVersions({Bucket:t});let o=[...e.Versions??[],...e.DeleteMarkers??[]];if(o.length===0)return;let r=o.map(s=>({Key:s.Key,VersionId:s.VersionId}));await c.deleteObjects({Bucket:t,Delete:{Objects:r}})}while(e?.IsTruncated)}async function N(t){if(!t)throw new Error("No BucketName was provided.");try{if(!await W(t)){console.log(`Bucket does not have '${g}' tag, skipping cleaning.`);return}await _(t),await U(t)}catch(e){if(e.name==="NoSuchBucket"){console.log(`Bucket '${t}' does not exist.`);return}throw e}}async function W(t){return(await c.getBucketTagging({Bucket:t})).TagSet?.some(o=>o.Key===g&&o.Value==="true")}
@@ -1 +0,0 @@
1
- "use strict";var f=Object.create,i=Object.defineProperty,I=Object.getOwnPropertyDescriptor,C=Object.getOwnPropertyNames,w=Object.getPrototypeOf,P=Object.prototype.hasOwnProperty,A=(t,e)=>{for(var o in e)i(t,o,{get:e[o],enumerable:!0})},d=(t,e,o,r)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of C(e))!P.call(t,s)&&s!==o&&i(t,s,{get:()=>e[s],enumerable:!(r=I(e,s))||r.enumerable});return t},l=(t,e,o)=>(o=t!=null?f(w(t)):{},d(e||!t||!t.__esModule?i(o,"default",{value:t,enumerable:!0}):o,t)),B=t=>d(i({},"__esModule",{value:!0}),t),q={};A(q,{autoDeleteHandler:()=>S,handler:()=>H}),module.exports=B(q);var h=require("@aws-sdk/client-s3"),y=l(require("https")),m=l(require("url")),a={sendHttpRequest:D,log:T,includeStackTraces:!0,userHandlerIndex:"./index"},p="AWSCDK::CustomResourceProviderFramework::CREATE_FAILED",L="AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID";function R(t){return async(e,o)=>{let r={...e,ResponseURL:"..."};if(a.log(JSON.stringify(r,void 0,2)),e.RequestType==="Delete"&&e.PhysicalResourceId===p){a.log("ignoring DELETE event caused by a failed CREATE event"),await u("SUCCESS",e);return}try{let s=await t(r,o),n=k(e,s);await u("SUCCESS",n)}catch(s){let n={...e,Reason:a.includeStackTraces?s.stack:s.message};n.PhysicalResourceId||(e.RequestType==="Create"?(a.log("CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored"),n.PhysicalResourceId=p):a.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify(e)}`)),await u("FAILED",n)}}}function k(t,e={}){let o=e.PhysicalResourceId??t.PhysicalResourceId??t.RequestId;if(t.RequestType==="Delete"&&o!==t.PhysicalResourceId)throw new Error(`DELETE: cannot change the physical resource ID from "${t.PhysicalResourceId}" to "${e.PhysicalResourceId}" during deletion`);return{...t,...e,PhysicalResourceId:o}}async function u(t,e){let o={Status:t,Reason:e.Reason??t,StackId:e.StackId,RequestId:e.RequestId,PhysicalResourceId:e.PhysicalResourceId||L,LogicalResourceId:e.LogicalResourceId,NoEcho:e.NoEcho,Data:e.Data},r=m.parse(e.ResponseURL),s=`${r.protocol}//${r.hostname}/${r.pathname}?***`;a.log("submit response to cloudformation",s,o);let n=JSON.stringify(o),E={hostname:r.hostname,path:r.path,method:"PUT",headers:{"content-type":"","content-length":Buffer.byteLength(n,"utf8")}};await O({attempts:5,sleep:1e3},a.sendHttpRequest)(E,n)}async function D(t,e){return new Promise((o,r)=>{try{let s=y.request(t,n=>{n.resume(),!n.statusCode||n.statusCode>=400?r(new Error(`Unsuccessful HTTP response: ${n.statusCode}`)):o()});s.on("error",r),s.write(e),s.end()}catch(s){r(s)}})}function T(t,...e){console.log(t,...e)}function O(t,e){return async(...o)=>{let r=t.attempts,s=t.sleep;for(;;)try{return await e(...o)}catch(n){if(r--<=0)throw n;await b(Math.floor(Math.random()*s)),s*=2}}}async function b(t){return new Promise(e=>setTimeout(e,t))}var g="aws-cdk:auto-delete-objects",x=JSON.stringify({Version:"2012-10-17",Statement:[]}),c=new h.S3({}),H=R(S);async function S(t){switch(t.RequestType){case"Create":return;case"Update":return{PhysicalResourceId:(await F(t)).PhysicalResourceId};case"Delete":return N(t.ResourceProperties?.BucketName)}}async function F(t){let e=t,o=e.OldResourceProperties?.BucketName;return{PhysicalResourceId:e.ResourceProperties?.BucketName??o}}async function _(t){try{let e=(await c.getBucketPolicy({Bucket:t}))?.Policy??x,o=JSON.parse(e);o.Statement.push({Principal:"*",Effect:"Deny",Action:["s3:PutObject"],Resource:[`arn:aws:s3:::${t}/*`]}),await c.putBucketPolicy({Bucket:t,Policy:JSON.stringify(o)})}catch(e){if(e.name==="NoSuchBucket")throw e;console.log(`Could not set new object deny policy on bucket '${t}' prior to deletion.`)}}async function U(t){let e;do{e=await c.listObjectVersions({Bucket:t});let o=[...e.Versions??[],...e.DeleteMarkers??[]];if(o.length===0)return;let r=o.map(s=>({Key:s.Key,VersionId:s.VersionId}));await c.deleteObjects({Bucket:t,Delete:{Objects:r}})}while(e?.IsTruncated)}async function N(t){if(!t)throw new Error("No BucketName was provided.");try{if(!await W(t)){console.log(`Bucket does not have '${g}' tag, skipping cleaning.`);return}await _(t),await U(t)}catch(e){if(e.name==="NoSuchBucket"){console.log(`Bucket '${t}' does not exist.`);return}throw e}}async function W(t){return(await c.getBucketTagging({Bucket:t})).TagSet?.some(o=>o.Key===g&&o.Value==="true")}
@@ -1 +0,0 @@
1
- "use strict";var f=Object.create,i=Object.defineProperty,I=Object.getOwnPropertyDescriptor,C=Object.getOwnPropertyNames,w=Object.getPrototypeOf,P=Object.prototype.hasOwnProperty,A=(t,e)=>{for(var o in e)i(t,o,{get:e[o],enumerable:!0})},d=(t,e,o,r)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of C(e))!P.call(t,s)&&s!==o&&i(t,s,{get:()=>e[s],enumerable:!(r=I(e,s))||r.enumerable});return t},l=(t,e,o)=>(o=t!=null?f(w(t)):{},d(e||!t||!t.__esModule?i(o,"default",{value:t,enumerable:!0}):o,t)),B=t=>d(i({},"__esModule",{value:!0}),t),q={};A(q,{autoDeleteHandler:()=>S,handler:()=>H}),module.exports=B(q);var h=require("@aws-sdk/client-s3"),y=l(require("https")),m=l(require("url")),a={sendHttpRequest:D,log:T,includeStackTraces:!0,userHandlerIndex:"./index"},p="AWSCDK::CustomResourceProviderFramework::CREATE_FAILED",L="AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID";function R(t){return async(e,o)=>{let r={...e,ResponseURL:"..."};if(a.log(JSON.stringify(r,void 0,2)),e.RequestType==="Delete"&&e.PhysicalResourceId===p){a.log("ignoring DELETE event caused by a failed CREATE event"),await u("SUCCESS",e);return}try{let s=await t(r,o),n=k(e,s);await u("SUCCESS",n)}catch(s){let n={...e,Reason:a.includeStackTraces?s.stack:s.message};n.PhysicalResourceId||(e.RequestType==="Create"?(a.log("CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored"),n.PhysicalResourceId=p):a.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify(e)}`)),await u("FAILED",n)}}}function k(t,e={}){let o=e.PhysicalResourceId??t.PhysicalResourceId??t.RequestId;if(t.RequestType==="Delete"&&o!==t.PhysicalResourceId)throw new Error(`DELETE: cannot change the physical resource ID from "${t.PhysicalResourceId}" to "${e.PhysicalResourceId}" during deletion`);return{...t,...e,PhysicalResourceId:o}}async function u(t,e){let o={Status:t,Reason:e.Reason??t,StackId:e.StackId,RequestId:e.RequestId,PhysicalResourceId:e.PhysicalResourceId||L,LogicalResourceId:e.LogicalResourceId,NoEcho:e.NoEcho,Data:e.Data},r=m.parse(e.ResponseURL),s=`${r.protocol}//${r.hostname}/${r.pathname}?***`;a.log("submit response to cloudformation",s,o);let n=JSON.stringify(o),E={hostname:r.hostname,path:r.path,method:"PUT",headers:{"content-type":"","content-length":Buffer.byteLength(n,"utf8")}};await O({attempts:5,sleep:1e3},a.sendHttpRequest)(E,n)}async function D(t,e){return new Promise((o,r)=>{try{let s=y.request(t,n=>{n.resume(),!n.statusCode||n.statusCode>=400?r(new Error(`Unsuccessful HTTP response: ${n.statusCode}`)):o()});s.on("error",r),s.write(e),s.end()}catch(s){r(s)}})}function T(t,...e){console.log(t,...e)}function O(t,e){return async(...o)=>{let r=t.attempts,s=t.sleep;for(;;)try{return await e(...o)}catch(n){if(r--<=0)throw n;await b(Math.floor(Math.random()*s)),s*=2}}}async function b(t){return new Promise(e=>setTimeout(e,t))}var g="aws-cdk:auto-delete-objects",x=JSON.stringify({Version:"2012-10-17",Statement:[]}),c=new h.S3({}),H=R(S);async function S(t){switch(t.RequestType){case"Create":return;case"Update":return{PhysicalResourceId:(await F(t)).PhysicalResourceId};case"Delete":return N(t.ResourceProperties?.BucketName)}}async function F(t){let e=t,o=e.OldResourceProperties?.BucketName;return{PhysicalResourceId:e.ResourceProperties?.BucketName??o}}async function _(t){try{let e=(await c.getBucketPolicy({Bucket:t}))?.Policy??x,o=JSON.parse(e);o.Statement.push({Principal:"*",Effect:"Deny",Action:["s3:PutObject"],Resource:[`arn:aws:s3:::${t}/*`]}),await c.putBucketPolicy({Bucket:t,Policy:JSON.stringify(o)})}catch(e){if(e.name==="NoSuchBucket")throw e;console.log(`Could not set new object deny policy on bucket '${t}' prior to deletion.`)}}async function U(t){let e;do{e=await c.listObjectVersions({Bucket:t});let o=[...e.Versions??[],...e.DeleteMarkers??[]];if(o.length===0)return;let r=o.map(s=>({Key:s.Key,VersionId:s.VersionId}));await c.deleteObjects({Bucket:t,Delete:{Objects:r}})}while(e?.IsTruncated)}async function N(t){if(!t)throw new Error("No BucketName was provided.");try{if(!await W(t)){console.log(`Bucket does not have '${g}' tag, skipping cleaning.`);return}await _(t),await U(t)}catch(e){if(e.name==="NoSuchBucket"){console.log(`Bucket '${t}' does not exist.`);return}throw e}}async function W(t){return(await c.getBucketTagging({Bucket:t})).TagSet?.some(o=>o.Key===g&&o.Value==="true")}
@@ -1 +0,0 @@
1
- "use strict";var f=Object.create,i=Object.defineProperty,I=Object.getOwnPropertyDescriptor,C=Object.getOwnPropertyNames,w=Object.getPrototypeOf,P=Object.prototype.hasOwnProperty,A=(t,e)=>{for(var o in e)i(t,o,{get:e[o],enumerable:!0})},d=(t,e,o,r)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of C(e))!P.call(t,s)&&s!==o&&i(t,s,{get:()=>e[s],enumerable:!(r=I(e,s))||r.enumerable});return t},l=(t,e,o)=>(o=t!=null?f(w(t)):{},d(e||!t||!t.__esModule?i(o,"default",{value:t,enumerable:!0}):o,t)),B=t=>d(i({},"__esModule",{value:!0}),t),q={};A(q,{autoDeleteHandler:()=>S,handler:()=>H}),module.exports=B(q);var h=require("@aws-sdk/client-s3"),y=l(require("https")),m=l(require("url")),a={sendHttpRequest:D,log:T,includeStackTraces:!0,userHandlerIndex:"./index"},p="AWSCDK::CustomResourceProviderFramework::CREATE_FAILED",L="AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID";function R(t){return async(e,o)=>{let r={...e,ResponseURL:"..."};if(a.log(JSON.stringify(r,void 0,2)),e.RequestType==="Delete"&&e.PhysicalResourceId===p){a.log("ignoring DELETE event caused by a failed CREATE event"),await u("SUCCESS",e);return}try{let s=await t(r,o),n=k(e,s);await u("SUCCESS",n)}catch(s){let n={...e,Reason:a.includeStackTraces?s.stack:s.message};n.PhysicalResourceId||(e.RequestType==="Create"?(a.log("CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored"),n.PhysicalResourceId=p):a.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify(e)}`)),await u("FAILED",n)}}}function k(t,e={}){let o=e.PhysicalResourceId??t.PhysicalResourceId??t.RequestId;if(t.RequestType==="Delete"&&o!==t.PhysicalResourceId)throw new Error(`DELETE: cannot change the physical resource ID from "${t.PhysicalResourceId}" to "${e.PhysicalResourceId}" during deletion`);return{...t,...e,PhysicalResourceId:o}}async function u(t,e){let o={Status:t,Reason:e.Reason??t,StackId:e.StackId,RequestId:e.RequestId,PhysicalResourceId:e.PhysicalResourceId||L,LogicalResourceId:e.LogicalResourceId,NoEcho:e.NoEcho,Data:e.Data},r=m.parse(e.ResponseURL),s=`${r.protocol}//${r.hostname}/${r.pathname}?***`;a.log("submit response to cloudformation",s,o);let n=JSON.stringify(o),E={hostname:r.hostname,path:r.path,method:"PUT",headers:{"content-type":"","content-length":Buffer.byteLength(n,"utf8")}};await O({attempts:5,sleep:1e3},a.sendHttpRequest)(E,n)}async function D(t,e){return new Promise((o,r)=>{try{let s=y.request(t,n=>{n.resume(),!n.statusCode||n.statusCode>=400?r(new Error(`Unsuccessful HTTP response: ${n.statusCode}`)):o()});s.on("error",r),s.write(e),s.end()}catch(s){r(s)}})}function T(t,...e){console.log(t,...e)}function O(t,e){return async(...o)=>{let r=t.attempts,s=t.sleep;for(;;)try{return await e(...o)}catch(n){if(r--<=0)throw n;await b(Math.floor(Math.random()*s)),s*=2}}}async function b(t){return new Promise(e=>setTimeout(e,t))}var g="aws-cdk:auto-delete-objects",x=JSON.stringify({Version:"2012-10-17",Statement:[]}),c=new h.S3({}),H=R(S);async function S(t){switch(t.RequestType){case"Create":return;case"Update":return{PhysicalResourceId:(await F(t)).PhysicalResourceId};case"Delete":return N(t.ResourceProperties?.BucketName)}}async function F(t){let e=t,o=e.OldResourceProperties?.BucketName;return{PhysicalResourceId:e.ResourceProperties?.BucketName??o}}async function _(t){try{let e=(await c.getBucketPolicy({Bucket:t}))?.Policy??x,o=JSON.parse(e);o.Statement.push({Principal:"*",Effect:"Deny",Action:["s3:PutObject"],Resource:[`arn:aws:s3:::${t}/*`]}),await c.putBucketPolicy({Bucket:t,Policy:JSON.stringify(o)})}catch(e){if(e.name==="NoSuchBucket")throw e;console.log(`Could not set new object deny policy on bucket '${t}' prior to deletion.`)}}async function U(t){let e;do{e=await c.listObjectVersions({Bucket:t});let o=[...e.Versions??[],...e.DeleteMarkers??[]];if(o.length===0)return;let r=o.map(s=>({Key:s.Key,VersionId:s.VersionId}));await c.deleteObjects({Bucket:t,Delete:{Objects:r}})}while(e?.IsTruncated)}async function N(t){if(!t)throw new Error("No BucketName was provided.");try{if(!await W(t)){console.log(`Bucket does not have '${g}' tag, skipping cleaning.`);return}await _(t),await U(t)}catch(e){if(e.name==="NoSuchBucket"){console.log(`Bucket '${t}' does not exist.`);return}throw e}}async function W(t){return(await c.getBucketTagging({Bucket:t})).TagSet?.some(o=>o.Key===g&&o.Value==="true")}