@brunwig/mup-aws-beanstalk 0.8.7 → 2.0.5

package/lib/policies.js

@@ -1,131 +1,146 @@
 "use strict";
-
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.eventTargetRole = exports.deregisterEventTarget = exports.DeregisterEvent = void 0;
-exports.eventTargetRolePolicy = eventTargetRolePolicy;
-exports.serviceRole = exports.rolePolicy = exports.passRolePolicy = exports.gracefulShutdownAutomationDocument = void 0;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.gracefulShutdownAutomationDocument = exports.deregisterEventTarget = exports.DeregisterEvent = exports.passRolePolicy = exports.eventTargetRole = exports.serviceRole = exports.rolePolicy = void 0;
 exports.trailBucketPolicy = trailBucketPolicy;
+exports.eventTargetRolePolicy = eventTargetRolePolicy;
 function trailBucketPolicy(accountId, bucketName) {
-  const policy = {
-    Version: '2012-10-17',
-    Statement: [{
-      Sid: 'AWSCloudTrailAclCheck20150319',
-      Effect: 'Allow',
-      Principal: {
-        Service: 'cloudtrail.amazonaws.com'
-      },
-      Action: 's3:GetBucketAcl',
-      Resource: `arn:aws:s3:::${bucketName}`
-    }, {
-      Sid: 'AWSCloudTrailWrite20150319',
-      Effect: 'Allow',
-      Principal: {
-        Service: 'cloudtrail.amazonaws.com'
-      },
-      Action: 's3:PutObject',
-      Resource: `arn:aws:s3:::${bucketName}/AWSLogs/${accountId}/*`,
-      Condition: {
-        StringEquals: {
-          's3:x-amz-acl': 'bucket-owner-full-control'
-        }
-      }
-    }]
-  };
-  return JSON.stringify(policy);
+    const policy = {
+        Version: '2012-10-17',
+        Statement: [{
+                Sid: 'AWSCloudTrailAclCheck20150319',
+                Effect: 'Allow',
+                Principal: {
+                    Service: 'cloudtrail.amazonaws.com'
+                },
+                Action: 's3:GetBucketAcl',
+                Resource: `arn:aws:s3:::${bucketName}`
+            },
+            {
+                Sid: 'AWSCloudTrailWrite20150319',
+                Effect: 'Allow',
+                Principal: {
+                    Service: 'cloudtrail.amazonaws.com'
+                },
+                Action: 's3:PutObject',
+                Resource: `arn:aws:s3:::${bucketName}/AWSLogs/${accountId}/*`,
+                Condition: {
+                    StringEquals: {
+                        's3:x-amz-acl': 'bucket-owner-full-control'
+                    }
+                }
+            }
+        ]
+    };
+    return JSON.stringify(policy);
 }
-const rolePolicy = exports.rolePolicy = '{ "Version": "2008-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }';
-const serviceRole = exports.serviceRole = '{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "elasticbeanstalk.amazonaws.com" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "sts:ExternalId": "elasticbeanstalk" } } } ] }';
-const eventTargetRole = exports.eventTargetRole = '{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": { "Service": "events.amazonaws.com" }, "Action": "sts:AssumeRole" }, { "Effect": "Allow", "Principal": { "Service": [ "ssm.amazonaws.com", "ec2.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] }';
+exports.rolePolicy = '{ "Version": "2008-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }';
+exports.serviceRole = '{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "elasticbeanstalk.amazonaws.com" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "sts:ExternalId": "elasticbeanstalk" } } } ] }';
+exports.eventTargetRole = '{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": { "Service": "events.amazonaws.com" }, "Action": "sts:AssumeRole" }, { "Effect": "Allow", "Principal": { "Service": [ "ssm.amazonaws.com", "ec2.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] }';
 const passRolePolicy = (accountId, role) => {
-  const policy = {
-    Version: '2012-10-17',
-    Statement: [{
-      Effect: 'Allow',
-      Action: 'iam:PassRole',
-      Resource: `arn:aws:iam::${accountId}:role/${role}`
-    }]
-  };
-  return JSON.stringify(policy);
+    const policy = {
+        Version: '2012-10-17',
+        Statement: [
+            {
+                Effect: 'Allow',
+                Action: 'iam:PassRole',
+                Resource: `arn:aws:iam::${accountId}:role/${role}`
+            }
+        ]
+    };
+    return JSON.stringify(policy);
 };
 exports.passRolePolicy = passRolePolicy;
 function eventTargetRolePolicy(accountId, env, region) {
-  const policy = {
-    Version: '2012-10-17',
-    Statement: [{
-      Action: 'ssm:SendCommand',
-      Effect: 'Allow',
-      Resource: `arn:aws:ec2:${region}:${accountId}:instance/*`,
-      Condition: {
-        StringLike: {
-          'ssm:resourceTag/elasticbeanstalk:environment-name': [env]
-        }
-      }
-    }, {
-      Action: 'ssm:SendCommand',
-      Effect: 'Allow',
-      Resource: `arn:aws:ssm:${region}:*:document/AWS-RunShellScript`
-    }, {
-      Action: ['ssm:StartAutomationExecution', 'ssm:DescribeInstanceInformation', 'ssm:ListCommands', 'ssm:ListCommandInvocations'],
-      Effect: 'Allow',
-      Resource: ['*']
-    }]
-  };
-  return JSON.stringify(policy);
+    const policy = {
+        Version: '2012-10-17',
+        Statement: [
+            {
+                Action: 'ssm:SendCommand',
+                Effect: 'Allow',
+                Resource: `arn:aws:ec2:${region}:${accountId}:instance/*`,
+                Condition: {
+                    StringLike: {
+                        'ssm:resourceTag/elasticbeanstalk:environment-name': [
+                            env
+                        ]
+                    }
+                }
+            },
+            {
+                Action: 'ssm:SendCommand',
+                Effect: 'Allow',
+                Resource: `arn:aws:ssm:${region}:*:document/AWS-RunShellScript`
+            },
+            {
+                Action: [
+                    'ssm:StartAutomationExecution',
+                    'ssm:DescribeInstanceInformation',
+                    'ssm:ListCommands',
+                    'ssm:ListCommandInvocations'
+                ],
+                Effect: 'Allow',
+                Resource: [
+                    '*'
+                ]
+            }
+        ]
+    };
+    return JSON.stringify(policy);
 }
-const DeregisterEvent = exports.DeregisterEvent = '{ "source": [ "aws.elasticloadbalancing" ], "detail-type": [ "AWS API Call via CloudTrail" ], "detail": { "eventSource": [ "elasticloadbalancing.amazonaws.com" ], "eventName": [ "DeregisterTargets" ] } }';
+exports.DeregisterEvent = '{ "source": [ "aws.elasticloadbalancing" ], "detail-type": [ "AWS API Call via CloudTrail" ], "detail": { "eventSource": [ "elasticloadbalancing.amazonaws.com" ], "eventName": [ "DeregisterTargets" ] } }';
 const deregisterEventTarget = (envName, role, accountId, region) => ({
-  Id: `mup-target-${envName}`,
-  Arn: `arn:aws:ssm:${region}:${accountId}:automation-definition/mup-graceful-shutdown:$LATEST`,
-  RoleArn: `arn:aws:iam::${accountId}:role/${role}`,
-  InputTransformer: {
-    InputPathsMap: {
-      instance: '$.detail.requestParameters.targets[0].id'
-    },
-    InputTemplate: `{"InstanceId":[<instance>], "AutomationAssumeRole": ["arn:aws:iam::${accountId}:role/${role}"], "ServiceRole": ["arn:aws:iam::${accountId}:role/${role}"], "Commands": ["cd /mup_graceful_shutdown || exit 1", "ls", "PATH='/mup_graceful_shutdown'", <instance>]}`
-  }
+    Id: `mup-target-${envName}`,
+    Arn: `arn:aws:ssm:${region}:${accountId}:automation-definition/mup-graceful-shutdown:$LATEST`,
+    RoleArn: `arn:aws:iam::${accountId}:role/${role}`,
+    InputTransformer: {
+        InputPathsMap: {
+            instance: '$.detail.requestParameters.targets[0].id'
+        },
+        InputTemplate: `{"InstanceId":[<instance>], "AutomationAssumeRole": ["arn:aws:iam::${accountId}:role/${role}"], "ServiceRole": ["arn:aws:iam::${accountId}:role/${role}"], "Commands": ["cd /mup_graceful_shutdown || exit 1", "ls", "PATH='/mup_graceful_shutdown'", <instance>]}`
+    }
 });
 exports.deregisterEventTarget = deregisterEventTarget;
 const gracefulShutdownAutomationDocument = () => {
-  const document = {
-    description: 'Automation document for mup-aws-beanstalk graceful shutdown',
-    schemaVersion: '0.3',
-    assumeRole: '{{ AutomationAssumeRole }}',
-    parameters: {
-      InstanceId: {
-        type: 'StringList',
-        description: '(Required) EC2 Instance(s) to run the command on'
-      },
-      AutomationAssumeRole: {
-        type: 'String',
-        description: '(Optional) The ARN of the role that allows Automation to perform the actions on your behalf.',
-        default: ''
-      },
-      Commands: {
-        type: 'StringList',
-        description: 'Commands to run'
-      },
-      ServiceRole: {
-        type: 'String',
-        description: 'The ARN of the role for runCommand'
-      }
-    },
-    mainSteps: [{
-      name: 'runCommand',
-      action: 'aws:runCommand',
-      timeoutSeconds: 10,
-      inputs: {
-        DocumentName: 'AWS-RunShellScript',
-        InstanceIds: '{{ InstanceId }}',
-        ServiceRoleArn: '{{ ServiceRole }}',
-        Parameters: {
-          commands: '{{ Commands }}'
-        }
-      }
-    }]
-  };
-  return JSON.stringify(document);
+    const document = {
+        description: 'Automation document for mup-aws-beanstalk graceful shutdown',
+        schemaVersion: '0.3',
+        assumeRole: '{{ AutomationAssumeRole }}',
+        parameters: {
+            InstanceId: {
+                type: 'StringList',
+                description: '(Required) EC2 Instance(s) to run the command on'
+            },
+            AutomationAssumeRole: {
+                type: 'String',
+                description: '(Optional) The ARN of the role that allows Automation to perform the actions on your behalf.',
+                default: ''
+            },
+            Commands: {
+                type: 'StringList',
+                description: 'Commands to run'
+            },
+            ServiceRole: {
+                type: 'String',
+                description: 'The ARN of the role for runCommand'
+            }
+        },
+        mainSteps: [
+            {
+                name: 'runCommand',
+                action: 'aws:runCommand',
+                timeoutSeconds: 10,
+                inputs: {
+                    DocumentName: 'AWS-RunShellScript',
+                    InstanceIds: '{{ InstanceId }}',
+                    ServiceRoleArn: '{{ ServiceRole }}',
+                    Parameters: {
+                        commands: '{{ Commands }}'
+                    }
+                }
+            }
+        ]
+    };
+    return JSON.stringify(document);
 };
 exports.gracefulShutdownAutomationDocument = gracefulShutdownAutomationDocument;
 //# sourceMappingURL=policies.js.map

package/lib/policies.js.map

@@ -1 +1 @@
-{"version":3,"file":"policies.js","names":["trailBucketPolicy","accountId","bucketName","policy","Version","Statement","Sid","Effect","Principal","Service","Action","Resource","Condition","StringEquals","JSON","stringify","rolePolicy","exports","serviceRole","eventTargetRole","passRolePolicy","role","eventTargetRolePolicy","env","region","StringLike","DeregisterEvent","deregisterEventTarget","envName","Id","Arn","RoleArn","InputTransformer","InputPathsMap","instance","InputTemplate","gracefulShutdownAutomationDocument","document","description","schemaVersion","assumeRole","parameters","InstanceId","type","AutomationAssumeRole","default","Commands","ServiceRole","mainSteps","name","action","timeoutSeconds","inputs","DocumentName","InstanceIds","ServiceRoleArn","Parameters","commands"],"sources":["../src/policies.js"],"sourcesContent":["export function trailBucketPolicy(accountId, bucketName) {\n  const policy = {\n    Version: '2012-10-17',\n    Statement: [{\n      Sid: 'AWSCloudTrailAclCheck20150319',\n      Effect: 'Allow',\n      Principal: {\n        Service: 'cloudtrail.amazonaws.com'\n      },\n      Action: 's3:GetBucketAcl',\n      Resource: `arn:aws:s3:::${bucketName}`\n    },\n    {\n      Sid: 'AWSCloudTrailWrite20150319',\n      Effect: 'Allow',\n      Principal: {\n        Service: 'cloudtrail.amazonaws.com'\n      },\n      Action: 's3:PutObject',\n      Resource: `arn:aws:s3:::${bucketName}/AWSLogs/${accountId}/*`,\n      Condition: {\n        StringEquals: {\n          's3:x-amz-acl': 'bucket-owner-full-control'\n        }\n      }\n    }\n    ]\n  };\n\n  return JSON.stringify(policy);\n}\n\nexport const rolePolicy = '{ \"Version\": \"2008-10-17\", \"Statement\": [ { \"Effect\": \"Allow\", \"Principal\": { \"Service\": \"ec2.amazonaws.com\" }, \"Action\": \"sts:AssumeRole\" } ] }';\nexport const serviceRole = '{ \"Version\": \"2012-10-17\", \"Statement\": [ { \"Effect\": \"Allow\", \"Principal\": { \"Service\": \"elasticbeanstalk.amazonaws.com\" }, \"Action\": \"sts:AssumeRole\", \"Condition\": { \"StringEquals\": { \"sts:ExternalId\": \"elasticbeanstalk\" } } } ] }';\nexport const eventTargetRole = '{ \"Version\": \"2012-10-17\", \"Statement\": [{ \"Effect\": \"Allow\", \"Principal\": { \"Service\": \"events.amazonaws.com\" }, \"Action\": \"sts:AssumeRole\" }, { \"Effect\": \"Allow\", \"Principal\": { \"Service\": [ \"ssm.amazonaws.com\", \"ec2.amazonaws.com\" ] }, \"Action\": \"sts:AssumeRole\" } ] }';\nexport const passRolePolicy = (accountId, role) => {\n  const policy = {\n    Version: '2012-10-17',\n    Statement: [\n      {\n        Effect: 'Allow',\n        Action: 'iam:PassRole',\n        Resource: `arn:aws:iam::${accountId}:role/${role}`\n      }\n    ]\n  };\n\n  return JSON.stringify(policy);\n};\n\nexport function eventTargetRolePolicy(accountId, env, region) {\n  const policy = {\n    Version: '2012-10-17',\n    Statement: [\n      {\n        Action: 'ssm:SendCommand',\n        Effect: 'Allow',\n        Resource: `arn:aws:ec2:${region}:${accountId}:instance/*`,\n        Condition: {\n          StringLike: {\n            'ssm:resourceTag/elasticbeanstalk:environment-name': [\n              env\n            ]\n          }\n        }\n      },\n      {\n        Action: 'ssm:SendCommand',\n        Effect: 'Allow',\n        Resource: `arn:aws:ssm:${region}:*:document/AWS-RunShellScript`\n      },\n      {\n        Action: [\n          'ssm:StartAutomationExecution',\n          'ssm:DescribeInstanceInformation',\n          'ssm:ListCommands',\n          'ssm:ListCommandInvocations'\n        ],\n        Effect: 'Allow',\n        Resource: [\n          '*'\n        ]\n      }\n    ]\n  };\n\n  return JSON.stringify(policy);\n}\n\nexport const DeregisterEvent = '{ \"source\": [ \"aws.elasticloadbalancing\" ], \"detail-type\": [ \"AWS API Call via CloudTrail\" ], \"detail\": { \"eventSource\": [ \"elasticloadbalancing.amazonaws.com\" ], \"eventName\": [ \"DeregisterTargets\" ] } }';\n\nexport const deregisterEventTarget = (envName, role, accountId, region) => ({\n  Id: `mup-target-${envName}`,\n  Arn: `arn:aws:ssm:${region}:${accountId}:automation-definition/mup-graceful-shutdown:$LATEST`,\n  RoleArn: `arn:aws:iam::${accountId}:role/${role}`,\n  InputTransformer: {\n    InputPathsMap: {\n      instance: '$.detail.requestParameters.targets[0].id'\n    },\n    InputTemplate: `{\"InstanceId\":[<instance>], \"AutomationAssumeRole\": [\"arn:aws:iam::${accountId}:role/${role}\"], \"ServiceRole\": [\"arn:aws:iam::${accountId}:role/${role}\"], \"Commands\": [\"cd /mup_graceful_shutdown || exit 1\", \"ls\", \"PATH='/mup_graceful_shutdown'\", <instance>]}`\n  }\n});\n\nexport const gracefulShutdownAutomationDocument = () => {\n  const document = {\n    description: 'Automation document for mup-aws-beanstalk graceful shutdown',\n    schemaVersion: '0.3',\n    assumeRole: '{{ AutomationAssumeRole }}',\n    parameters: {\n      InstanceId: {\n        type: 'StringList',\n        description: '(Required) EC2 Instance(s) to run the command on'\n      },\n      AutomationAssumeRole: {\n        type: 'String',\n        description: '(Optional) The ARN of the role that allows Automation to perform the actions on your behalf.',\n        default: ''\n      },\n      Commands: {\n        type: 'StringList',\n        description: 'Commands to run'\n      },\n      ServiceRole: {\n        type: 'String',\n        description: 'The ARN of the role for runCommand'\n      }\n    },\n    mainSteps: [\n      {\n        name: 'runCommand',\n        action: 'aws:runCommand',\n        timeoutSeconds: 10,\n        inputs: {\n          DocumentName: 'AWS-RunShellScript',\n          InstanceIds: '{{ InstanceId }}',\n          ServiceRoleArn: '{{ ServiceRole }}',\n          Parameters: {\n            commands: '{{ Commands }}'\n          }\n        }\n      }\n    ]\n  };\n\n  return JSON.stringify(document);\n};\n"],"mappings":";;;;;;;;;AAAO,SAASA,iBAAiBA,CAACC,SAAS,EAAEC,UAAU,EAAE;EACvD,MAAMC,MAAM,GAAG;IACbC,OAAO,EAAE,YAAY;IACrBC,SAAS,EAAE,CAAC;MACVC,GAAG,EAAE,+BAA+B;MACpCC,MAAM,EAAE,OAAO;MACfC,SAAS,EAAE;QACTC,OAAO,EAAE;MACX,CAAC;MACDC,MAAM,EAAE,iBAAiB;MACzBC,QAAQ,EAAE,gBAAgBT,UAAU;IACtC,CAAC,EACD;MACEI,GAAG,EAAE,4BAA4B;MACjCC,MAAM,EAAE,OAAO;MACfC,SAAS,EAAE;QACTC,OAAO,EAAE;MACX,CAAC;MACDC,MAAM,EAAE,cAAc;MACtBC,QAAQ,EAAE,gBAAgBT,UAAU,YAAYD,SAAS,IAAI;MAC7DW,SAAS,EAAE;QACTC,YAAY,EAAE;UACZ,cAAc,EAAE;QAClB;MACF;IACF,CAAC;EAEH,CAAC;EAED,OAAOC,IAAI,CAACC,SAAS,CAACZ,MAAM,CAAC;AAC/B;AAEO,MAAMa,UAAU,GAAAC,OAAA,CAAAD,UAAA,GAAG,kJAAkJ;AACrK,MAAME,WAAW,GAAAD,OAAA,CAAAC,WAAA,GAAG,0OAA0O;AAC9P,MAAMC,eAAe,GAAAF,OAAA,CAAAE,eAAA,GAAG,iRAAiR;AACzS,MAAMC,cAAc,GAAGA,CAACnB,SAAS,EAAEoB,IAAI,KAAK;EACjD,MAAMlB,MAAM,GAAG;IACbC,OAAO,EAAE,YAAY;IACrBC,SAAS,EAAE,CACT;MACEE,MAAM,EAAE,OAAO;MACfG,MAAM,EAAE,cAAc;MACtBC,QAAQ,EAAE,gBAAgBV,SAAS,SAASoB,IAAI;IAClD,CAAC;EAEL,CAAC;EAED,OAAOP,IAAI,CAACC,SAAS,CAACZ,MAAM,CAAC;AAC/B,CAAC;AAACc,OAAA,CAAAG,cAAA,GAAAA,cAAA;AAEK,SAASE,qBAAqBA,CAACrB,SAAS,EAAEsB,GAAG,EAAEC,MAAM,EAAE;EAC5D,MAAMrB,MAAM,GAAG;IACbC,OAAO,EAAE,YAAY;IACrBC,SAAS,EAAE,CACT;MACEK,MAAM,EAAE,iBAAiB;MACzBH,MAAM,EAAE,OAAO;MACfI,QAAQ,EAAE,eAAea,MAAM,IAAIvB,SAAS,aAAa;MACzDW,SAAS,EAAE;QACTa,UAAU,EAAE;UACV,mDAAmD,EAAE,CACnDF,GAAG;QAEP;MACF;IACF,CAAC,EACD;MACEb,MAAM,EAAE,iBAAiB;MACzBH,MAAM,EAAE,OAAO;MACfI,QAAQ,EAAE,eAAea,MAAM;IACjC,CAAC,EACD;MACEd,MAAM,EAAE,CACN,8BAA8B,EAC9B,iCAAiC,EACjC,kBAAkB,EAClB,4BAA4B,CAC7B;MACDH,MAAM,EAAE,OAAO;MACfI,QAAQ,EAAE,CACR,GAAG;IAEP,CAAC;EAEL,CAAC;EAED,OAAOG,IAAI,CAACC,SAAS,CAACZ,MAAM,CAAC;AAC/B;AAEO,MAAMuB,eAAe,GAAAT,OAAA,CAAAS,eAAA,GAAG,6MAA6M;AAErO,MAAMC,qBAAqB,GAAGA,CAACC,OAAO,EAAEP,IAAI,EAAEpB,SAAS,EAAEuB,MAAM,MAAM;EAC1EK,EAAE,EAAE,cAAcD,OAAO,EAAE;EAC3BE,GAAG,EAAE,eAAeN,MAAM,IAAIvB,SAAS,sDAAsD;EAC7F8B,OAAO,EAAE,gBAAgB9B,SAAS,SAASoB,IAAI,EAAE;EACjDW,gBAAgB,EAAE;IAChBC,aAAa,EAAE;MACbC,QAAQ,EAAE;IACZ,CAAC;IACDC,aAAa,EAAE,sEAAsElC,SAAS,SAASoB,IAAI,qCAAqCpB,SAAS,SAASoB,IAAI;EACxK;AACF,CAAC,CAAC;AAACJ,OAAA,CAAAU,qBAAA,GAAAA,qBAAA;AAEI,MAAMS,kCAAkC,GAAGA,CAAA,KAAM;EACtD,MAAMC,QAAQ,GAAG;IACfC,WAAW,EAAE,6DAA6D;IAC1EC,aAAa,EAAE,KAAK;IACpBC,UAAU,EAAE,4BAA4B;IACxCC,UAAU,EAAE;MACVC,UAAU,EAAE;QACVC,IAAI,EAAE,YAAY;QAClBL,WAAW,EAAE;MACf,CAAC;MACDM,oBAAoB,EAAE;QACpBD,IAAI,EAAE,QAAQ;QACdL,WAAW,EAAE,8FAA8F;QAC3GO,OAAO,EAAE;MACX,CAAC;MACDC,QAAQ,EAAE;QACRH,IAAI,EAAE,YAAY;QAClBL,WAAW,EAAE;MACf,CAAC;MACDS,WAAW,EAAE;QACXJ,IAAI,EAAE,QAAQ;QACdL,WAAW,EAAE;MACf;IACF,CAAC;IACDU,SAAS,EAAE,CACT;MACEC,IAAI,EAAE,YAAY;MAClBC,MAAM,EAAE,gBAAgB;MACxBC,cAAc,EAAE,EAAE;MAClBC,MAAM,EAAE;QACNC,YAAY,EAAE,oBAAoB;QAClCC,WAAW,EAAE,kBAAkB;QAC/BC,cAAc,EAAE,mBAAmB;QACnCC,UAAU,EAAE;UACVC,QAAQ,EAAE;QACZ;MACF;IACF,CAAC;EAEL,CAAC;EAED,OAAO3C,IAAI,CAACC,SAAS,CAACsB,QAAQ,CAAC;AACjC,CAAC;AAACpB,OAAA,CAAAmB,kCAAA,GAAAA,kCAAA","ignoreList":[]}
+{"version":3,"file":"policies.js","sourceRoot":"","sources":["../src/policies.ts"],"names":[],"mappings":";;;AAEA,8CA8BC;AAqBD,sDAqCC;AAxFD,SAAgB,iBAAiB,CAAC,SAAiB,EAAE,UAAkB;IACrE,MAAM,MAAM,GAAG;QACb,OAAO,EAAE,YAAY;QACrB,SAAS,EAAE,CAAC;gBACV,GAAG,EAAE,+BAA+B;gBACpC,MAAM,EAAE,OAAO;gBACf,SAAS,EAAE;oBACT,OAAO,EAAE,0BAA0B;iBACpC;gBACD,MAAM,EAAE,iBAAiB;gBACzB,QAAQ,EAAE,gBAAgB,UAAU,EAAE;aACvC;YACD;gBACE,GAAG,EAAE,4BAA4B;gBACjC,MAAM,EAAE,OAAO;gBACf,SAAS,EAAE;oBACT,OAAO,EAAE,0BAA0B;iBACpC;gBACD,MAAM,EAAE,cAAc;gBACtB,QAAQ,EAAE,gBAAgB,UAAU,YAAY,SAAS,IAAI;gBAC7D,SAAS,EAAE;oBACT,YAAY,EAAE;wBACZ,cAAc,EAAE,2BAA2B;qBAC5C;iBACF;aACF;SACA;KACF,CAAC;IAEF,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;AAChC,CAAC;AAEY,QAAA,UAAU,GAAG,kJAAkJ,CAAC;AAChK,QAAA,WAAW,GAAG,0OAA0O,CAAC;AACzP,QAAA,eAAe,GAAG,iRAAiR,CAAC;AAE1S,MAAM,cAAc,GAAG,CAAC,SAAiB,EAAE,IAAY,EAAE,EAAE;IAChE,MAAM,MAAM,GAAG;QACb,OAAO,EAAE,YAAY;QACrB,SAAS,EAAE;YACT;gBACE,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE,cAAc;gBACtB,QAAQ,EAAE,gBAAgB,SAAS,SAAS,IAAI,EAAE;aACnD;SACF;KACF,CAAC;IAEF,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;AAChC,CAAC,CAAC;AAbW,QAAA,cAAc,kBAazB;AAEF,SAAgB,qBAAqB,CAAC,SAAiB,EAAE,GAAW,EAAE,MAAc;IAClF,MAAM,MAAM,GAAG;QACb,OAAO,EAAE,YAAY;QACrB,SAAS,EAAE;YACT;gBACE,MAAM,EAAE,iBAAiB;gBACzB,MAAM,EAAE,OAAO;gBACf,QAAQ,EAAE,eAAe,MAAM,IAAI,SAAS,aAAa;gBACzD,SAAS,EAAE;oBACT,UAAU,EAAE;wBACV,mDAAmD,EAAE;4BACnD,GAAG;yBACJ;qBACF;iBACF;aACF;YACD;gBACE,MAAM,EAAE,iBAAiB;gBACzB,MAAM,EAAE,OAAO;gBACf,QAAQ,EAAE,eAAe,MAAM,gCAAgC;aAChE;YACD;gBACE,MAAM,EAAE;oBACN,8BAA8B;oBAC9B,iCAAiC;oBACjC,kBAAkB;oBAClB,4BAA4B;iBAC7B;gBACD,MAAM,EAAE,OAAO;gBACf,QAAQ,EAAE;oBACR,GAAG;iBACJ;aACF;SACF;KACF,CAAC;IAEF,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;AAChC,CAAC;AAEY,QAAA,eAAe,GAAG,6MAA6M,CAAC;AAEtO,MAAM,qBAAqB,GAAG,CACnC,OAAe,EACf,IAAY,EACZ,SAAiB,EACjB,MAAc,EACN,EAAE,CAAC,CAAC;IACZ,EAAE,EAAE,cAAc,OAAO,EAAE;IAC3B,GAAG,EAAE,eAAe,MAAM,IAAI,SAAS,sDAAsD;IAC7F,OAAO,EAAE,gBAAgB,SAAS,SAAS,IAAI,EAAE;IACjD,gBAAgB,EAAE;QAChB,aAAa,EAAE;YACb,QAAQ,EAAE,0CAA0C;SACrD;QACD,aAAa,EAAE,sEAAsE,SAAS,SAAS,IAAI,qCAAqC,SAAS,SAAS,IAAI,6GAA6G;KACpR;CACF,CAAC,CAAC;AAfU,QAAA,qBAAqB,yBAe/B;AAEI,MAAM,kCAAkC,GAAG,GAAG,EAAE;IACrD,MAAM,QAAQ,GAAG;QACf,WAAW,EAAE,6DAA6D;QAC1E,aAAa,EAAE,KAAK;QACpB,UAAU,EAAE,4BAA4B;QACxC,UAAU,EAAE;YACV,UAAU,EAAE;gBACV,IAAI,EAAE,YAAY;gBAClB,WAAW,EAAE,kDAAkD;aAChE;YACD,oBAAoB,EAAE;gBACpB,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,8FAA8F;gBAC3G,OAAO,EAAE,EAAE;aACZ;YACD,QAAQ,EAAE;gBACR,IAAI,EAAE,YAAY;gBAClB,WAAW,EAAE,iBAAiB;aAC/B;YACD,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,oCAAoC;aAClD;SACF;QACD,SAAS,EAAE;YACT;gBACE,IAAI,EAAE,YAAY;gBAClB,MAAM,EAAE,gBAAgB;gBACxB,cAAc,EAAE,EAAE;gBAClB,MAAM,EAAE;oBACN,YAAY,EAAE,oBAAoB;oBAClC,WAAW,EAAE,kBAAkB;oBAC/B,cAAc,EAAE,mBAAmB;oBACnC,UAAU,EAAE;wBACV,QAAQ,EAAE,gBAAgB;qBAC3B;iBACF;aACF;SACF;KACF,CAAC;IAEF,OAAO,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;AAClC,CAAC,CAAC;AA1CW,QAAA,kCAAkC,sCA0C7C"}