@cloud-copilot/iam-collect 0.1.15 → 0.1.16
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +13 -9
- package/dist/cjs/persistence/AwsIamStore.d.ts +99 -0
- package/dist/cjs/persistence/AwsIamStore.d.ts.map +1 -1
- package/dist/cjs/persistence/file/FileSystemAwsIamStore.d.ts +43 -1
- package/dist/cjs/persistence/file/FileSystemAwsIamStore.d.ts.map +1 -1
- package/dist/cjs/persistence/file/FileSystemAwsIamStore.js +120 -25
- package/dist/cjs/persistence/file/FileSystemAwsIamStore.js.map +1 -1
- package/dist/cjs/services.d.ts +1 -1
- package/dist/cjs/services.d.ts.map +1 -1
- package/dist/cjs/services.js +1 -1
- package/dist/cjs/services.js.map +1 -1
- package/dist/cjs/syncs/organizations/organizations.d.ts +49 -0
- package/dist/cjs/syncs/organizations/organizations.d.ts.map +1 -0
- package/dist/cjs/syncs/organizations/organizations.js +347 -0
- package/dist/cjs/syncs/organizations/organizations.js.map +1 -0
- package/dist/cjs/syncs/syncMap.d.ts.map +1 -1
- package/dist/cjs/syncs/syncMap.js +8 -1
- package/dist/cjs/syncs/syncMap.js.map +1 -1
- package/dist/esm/persistence/AwsIamStore.d.ts +99 -0
- package/dist/esm/persistence/AwsIamStore.d.ts.map +1 -1
- package/dist/esm/persistence/file/FileSystemAwsIamStore.d.ts +43 -1
- package/dist/esm/persistence/file/FileSystemAwsIamStore.d.ts.map +1 -1
- package/dist/esm/persistence/file/FileSystemAwsIamStore.js +120 -25
- package/dist/esm/persistence/file/FileSystemAwsIamStore.js.map +1 -1
- package/dist/esm/services.d.ts +1 -1
- package/dist/esm/services.d.ts.map +1 -1
- package/dist/esm/services.js +1 -1
- package/dist/esm/services.js.map +1 -1
- package/dist/esm/syncs/organizations/organizations.d.ts +49 -0
- package/dist/esm/syncs/organizations/organizations.d.ts.map +1 -0
- package/dist/esm/syncs/organizations/organizations.js +339 -0
- package/dist/esm/syncs/organizations/organizations.js.map +1 -0
- package/dist/esm/syncs/syncMap.d.ts.map +1 -1
- package/dist/esm/syncs/syncMap.js +8 -1
- package/dist/esm/syncs/syncMap.js.map +1 -1
- package/package.json +2 -1
|
@@ -9,6 +9,30 @@ export class FileSystemAwsIamStore {
|
|
|
9
9
|
this.baseFolder = join(baseFolder, 'aws', partition);
|
|
10
10
|
this.fsAdapter = fsAdapter || new FileSystemAdapter();
|
|
11
11
|
}
|
|
12
|
+
organizationPath(organizationId) {
|
|
13
|
+
return join(this.baseFolder, 'organizations', organizationId).toLowerCase();
|
|
14
|
+
}
|
|
15
|
+
organizationMetadataPath(organizationId, metadataType) {
|
|
16
|
+
return join(this.organizationPath(organizationId), `${metadataType}.json`).toLowerCase();
|
|
17
|
+
}
|
|
18
|
+
organizationalUnitsPath(organizationId) {
|
|
19
|
+
return join(this.organizationPath(organizationId), 'ous').toLowerCase();
|
|
20
|
+
}
|
|
21
|
+
organizationalUnitPath(organizationId, ouId) {
|
|
22
|
+
return join(this.organizationalUnitsPath(organizationId), ouId).toLowerCase();
|
|
23
|
+
}
|
|
24
|
+
organizationPoliciesPath(organizationId, policyType) {
|
|
25
|
+
return join(this.organizationPath(organizationId), policyType).toLowerCase();
|
|
26
|
+
}
|
|
27
|
+
organizationPolicyPath(organizationId, policyType, policyId) {
|
|
28
|
+
return join(this.organizationPoliciesPath(organizationId, policyType), policyId).toLowerCase();
|
|
29
|
+
}
|
|
30
|
+
organizationPolicyMetadataPath(organizationId, policyType, policyId, metadataType) {
|
|
31
|
+
return join(this.organizationPolicyPath(organizationId, policyType, policyId), `${metadataType}.json`).toLowerCase();
|
|
32
|
+
}
|
|
33
|
+
organizationalUnitMetadataPath(organizationId, ouId, metadataType) {
|
|
34
|
+
return join(this.organizationalUnitPath(organizationId, ouId), `${metadataType}.json`).toLowerCase();
|
|
35
|
+
}
|
|
12
36
|
accountPath(accountId) {
|
|
13
37
|
return join(this.baseFolder, 'accounts', accountId).toLowerCase();
|
|
14
38
|
}
|
|
@@ -20,29 +44,13 @@ export class FileSystemAwsIamStore {
|
|
|
20
44
|
return join(prefix, `${metadataType}.json`).toLowerCase();
|
|
21
45
|
}
|
|
22
46
|
async saveResourceMetadata(accountId, arn, metadataType, data) {
|
|
23
|
-
if (typeof data === 'string') {
|
|
24
|
-
data = data.trim();
|
|
25
|
-
}
|
|
26
|
-
if (data === undefined ||
|
|
27
|
-
data === null ||
|
|
28
|
-
data === '' ||
|
|
29
|
-
data === '{}' ||
|
|
30
|
-
data === '[]' ||
|
|
31
|
-
(Array.isArray(data) && data.length === 0) ||
|
|
32
|
-
(typeof data === 'object' && Object.keys(data).length === 0)) {
|
|
33
|
-
await this.deleteResourceMetadata(accountId, arn, metadataType);
|
|
34
|
-
return;
|
|
35
|
-
}
|
|
36
|
-
const content = typeof data === 'string' ? data : JSON.stringify(data, null, 2);
|
|
37
47
|
const filePath = this.buildMetadataPath(accountId, arn, metadataType);
|
|
38
|
-
await this.
|
|
48
|
+
await this.saveOrDeleteFile(filePath, data);
|
|
39
49
|
}
|
|
40
50
|
async listResourceMetadata(accountId, arn) {
|
|
41
51
|
// List all files in the resource directory to find metadata types
|
|
42
52
|
const dirPath = this.buildResourcePath(accountId, arn);
|
|
43
|
-
// console.log(dirPath)
|
|
44
53
|
const files = await this.fsAdapter.listDirectory(dirPath);
|
|
45
|
-
// console.log(files)
|
|
46
54
|
// Filter for files that match the pattern of *.json
|
|
47
55
|
const metadataTypes = files
|
|
48
56
|
.filter((file) => file.endsWith('.json'))
|
|
@@ -51,11 +59,7 @@ export class FileSystemAwsIamStore {
|
|
|
51
59
|
}
|
|
52
60
|
async getResourceMetadata(accountId, arn, metadataType, defaultValue) {
|
|
53
61
|
const filePath = this.buildMetadataPath(accountId, arn, metadataType);
|
|
54
|
-
|
|
55
|
-
if (!contents) {
|
|
56
|
-
return defaultValue;
|
|
57
|
-
}
|
|
58
|
-
return JSON.parse(contents);
|
|
62
|
+
return this.contentOrDefault(filePath, defaultValue);
|
|
59
63
|
}
|
|
60
64
|
async deleteResourceMetadata(accountId, arn, metadataType) {
|
|
61
65
|
const filePath = this.buildMetadataPath(accountId, arn, metadataType);
|
|
@@ -76,14 +80,105 @@ export class FileSystemAwsIamStore {
|
|
|
76
80
|
const resourceDir = this.buildResourcePath(accountId, desiredArn);
|
|
77
81
|
return resourceDir;
|
|
78
82
|
}));
|
|
79
|
-
// console.log(desiredDirs)
|
|
80
83
|
// Identify resources that exist in storage but not in desiredResources.
|
|
81
84
|
const resourcesToDelete = existingSubDirs.filter((s) => !desiredDirs.has(s));
|
|
82
85
|
for (const resource of resourcesToDelete) {
|
|
83
|
-
// const resourceDir = join(dirPath, resource)
|
|
84
|
-
// console.log('Deleting resource directory:', resource)
|
|
85
86
|
await this.fsAdapter.deleteDirectory(resource);
|
|
86
87
|
}
|
|
87
88
|
}
|
|
89
|
+
async saveOrganizationMetadata(organizationId, metadataType, data) {
|
|
90
|
+
const filePath = this.organizationMetadataPath(organizationId, metadataType);
|
|
91
|
+
await this.saveOrDeleteFile(filePath, data);
|
|
92
|
+
}
|
|
93
|
+
async deleteOrganizationMetadata(organizationId, metadataType) {
|
|
94
|
+
const filePath = this.organizationMetadataPath(organizationId, metadataType);
|
|
95
|
+
await this.fsAdapter.deleteFile(filePath);
|
|
96
|
+
}
|
|
97
|
+
async listOrganizationalUnits(organizationId) {
|
|
98
|
+
const dirPath = this.organizationalUnitsPath(organizationId);
|
|
99
|
+
return await this.fsAdapter.listDirectory(dirPath);
|
|
100
|
+
}
|
|
101
|
+
async deleteOrganizationalUnitMetadata(organizationId, ouId, metadataType) {
|
|
102
|
+
const filePath = this.organizationalUnitMetadataPath(organizationId, ouId, metadataType);
|
|
103
|
+
await this.fsAdapter.deleteFile(filePath);
|
|
104
|
+
}
|
|
105
|
+
async saveOrganizationalUnitMetadata(organizationId, ouId, metadataType, data) {
|
|
106
|
+
const filePath = this.organizationalUnitMetadataPath(organizationId, ouId, metadataType);
|
|
107
|
+
await this.saveOrDeleteFile(filePath, data);
|
|
108
|
+
}
|
|
109
|
+
async getOrganizationalUnitMetadata(organizationId, ouId, metadataType, defaultValue) {
|
|
110
|
+
const filePath = this.organizationalUnitMetadataPath(organizationId, ouId, metadataType);
|
|
111
|
+
return this.contentOrDefault(filePath, defaultValue);
|
|
112
|
+
}
|
|
113
|
+
async deleteOrganizationalUnit(organizationId, ouId) {
|
|
114
|
+
const dirPath = this.organizationalUnitPath(organizationId, ouId);
|
|
115
|
+
await this.fsAdapter.deleteDirectory(dirPath);
|
|
116
|
+
}
|
|
117
|
+
async deleteOrganizationPolicyMetadata(organizationId, policyType, policyId, metadataType) {
|
|
118
|
+
const filePath = this.organizationPolicyMetadataPath(organizationId, policyType, policyId, metadataType);
|
|
119
|
+
await this.fsAdapter.deleteFile(filePath);
|
|
120
|
+
}
|
|
121
|
+
async saveOrganizationPolicyMetadata(organizationId, policyType, policyId, metadataType, data) {
|
|
122
|
+
const filePath = this.organizationPolicyMetadataPath(organizationId, policyType, policyId, metadataType);
|
|
123
|
+
await this.saveOrDeleteFile(filePath, data);
|
|
124
|
+
}
|
|
125
|
+
async getOrganizationPolicyMetadata(organizationId, policyType, policyId, metadataType, defaultValue) {
|
|
126
|
+
const filePath = this.organizationPolicyMetadataPath(organizationId, policyType, policyId, metadataType);
|
|
127
|
+
return this.contentOrDefault(filePath, defaultValue);
|
|
128
|
+
}
|
|
129
|
+
async deleteOrganizationPolicy(organizationId, policyType, policyId) {
|
|
130
|
+
const dirPath = this.organizationPolicyPath(organizationId, policyType, policyId);
|
|
131
|
+
await this.fsAdapter.deleteDirectory(dirPath);
|
|
132
|
+
}
|
|
133
|
+
async listOrganizationPolicies(organizationId, policyType) {
|
|
134
|
+
const dirPath = this.organizationPoliciesPath(organizationId, policyType);
|
|
135
|
+
return await this.fsAdapter.listDirectory(dirPath);
|
|
136
|
+
}
|
|
137
|
+
/**
|
|
138
|
+
* Checks if a given content value is empty.
|
|
139
|
+
*
|
|
140
|
+
* @param content The content to check.
|
|
141
|
+
* @returns true if the content is empty, false otherwise.
|
|
142
|
+
*/
|
|
143
|
+
isEmptyContent(content) {
|
|
144
|
+
return (content === undefined ||
|
|
145
|
+
content === null ||
|
|
146
|
+
content === '' ||
|
|
147
|
+
content === '{}' ||
|
|
148
|
+
content === '[]' ||
|
|
149
|
+
(Array.isArray(content) && content.length === 0) ||
|
|
150
|
+
(typeof content === 'object' && Object.keys(content).length === 0));
|
|
151
|
+
}
|
|
152
|
+
/**
|
|
153
|
+
* Read the content of a file or return a default value if the file does not exist.
|
|
154
|
+
*
|
|
155
|
+
* @param filePath the path to the file
|
|
156
|
+
* @param defaultValue the default value to return if the file does not exist
|
|
157
|
+
* @returns the content of the file or the default value
|
|
158
|
+
*/
|
|
159
|
+
async contentOrDefault(filePath, defaultValue) {
|
|
160
|
+
const contents = await this.fsAdapter.readFile(filePath);
|
|
161
|
+
if (!contents) {
|
|
162
|
+
return defaultValue;
|
|
163
|
+
}
|
|
164
|
+
return JSON.parse(contents);
|
|
165
|
+
}
|
|
166
|
+
/**
|
|
167
|
+
* Either saves the provided data to a file or deletes the file if the data is empty.
|
|
168
|
+
*
|
|
169
|
+
* @param filePath the path to the file
|
|
170
|
+
* @param data the data to save in the file
|
|
171
|
+
*/
|
|
172
|
+
async saveOrDeleteFile(filePath, data) {
|
|
173
|
+
if (typeof data === 'string') {
|
|
174
|
+
data = data.trim();
|
|
175
|
+
}
|
|
176
|
+
if (this.isEmptyContent(data)) {
|
|
177
|
+
await this.fsAdapter.deleteFile(filePath);
|
|
178
|
+
return;
|
|
179
|
+
}
|
|
180
|
+
const content = typeof data === 'string' ? data : JSON.stringify(data, null, 2);
|
|
181
|
+
await this.fsAdapter.writeFile(filePath, content);
|
|
182
|
+
}
|
|
88
183
|
}
|
|
89
184
|
//# sourceMappingURL=FileSystemAwsIamStore.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"FileSystemAwsIamStore.js","sourceRoot":"","sources":["../../../../src/persistence/file/FileSystemAwsIamStore.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,MAAM,MAAM,CAAA;AAEhC,OAAO,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAA;AAC/D,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAA;AAE1D,MAAM,OAAO,qBAAqB;IAGhC,YACmB,UAAkB,EAClB,SAAiB,EAClC,SAA6B;QAFZ,eAAU,GAAV,UAAU,CAAQ;QAClB,cAAS,GAAT,SAAS,CAAQ;QAGlC,OAAO,CAAC,GAAG,CACT,uDAAuD,UAAU,gBAAgB,SAAS,EAAE,CAC7F,CAAA;QACD,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,EAAE,KAAK,EAAE,SAAS,CAAC,CAAA;QACpD,IAAI,CAAC,SAAS,GAAG,SAAS,IAAI,IAAI,iBAAiB,EAAE,CAAA;IACvD,CAAC;IAEO,
|
|
1
|
+
{"version":3,"file":"FileSystemAwsIamStore.js","sourceRoot":"","sources":["../../../../src/persistence/file/FileSystemAwsIamStore.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,MAAM,MAAM,CAAA;AAEhC,OAAO,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAA;AAC/D,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAA;AAE1D,MAAM,OAAO,qBAAqB;IAGhC,YACmB,UAAkB,EAClB,SAAiB,EAClC,SAA6B;QAFZ,eAAU,GAAV,UAAU,CAAQ;QAClB,cAAS,GAAT,SAAS,CAAQ;QAGlC,OAAO,CAAC,GAAG,CACT,uDAAuD,UAAU,gBAAgB,SAAS,EAAE,CAC7F,CAAA;QACD,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,EAAE,KAAK,EAAE,SAAS,CAAC,CAAA;QACpD,IAAI,CAAC,SAAS,GAAG,SAAS,IAAI,IAAI,iBAAiB,EAAE,CAAA;IACvD,CAAC;IAEO,gBAAgB,CAAC,cAAsB;QAC7C,OAAO,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,eAAe,EAAE,cAAc,CAAC,CAAC,WAAW,EAAE,CAAA;IAC7E,CAAC;IAEO,wBAAwB,CAAC,cAAsB,EAAE,YAAoB;QAC3E,OAAO,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,cAAc,CAAC,EAAE,GAAG,YAAY,OAAO,CAAC,CAAC,WAAW,EAAE,CAAA;IAC1F,CAAC;IAEO,uBAAuB,CAAC,cAAsB;QACpD,OAAO,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,cAAc,CAAC,EAAE,KAAK,CAAC,CAAC,WAAW,EAAE,CAAA;IACzE,CAAC;IAEO,sBAAsB,CAAC,cAAsB,EAAE,IAAY;QACjE,OAAO,IAAI,CAAC,IAAI,CAAC,uBAAuB,CAAC,cAAc,CAAC,EAAE,IAAI,CAAC,CAAC,WAAW,EAAE,CAAA;IAC/E,CAAC;IAEO,wBAAwB,CAC9B,cAAsB,EACtB,UAAkC;QAElC,OAAO,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,cAAc,CAAC,EAAE,UAAU,CAAC,CAAC,WAAW,EAAE,CAAA;IAC9E,CAAC;IAEO,sBAAsB,CAC5B,cAAsB,EACtB,UAAkC,EAClC,QAAgB;QAEhB,OAAO,IAAI,CAAC,IAAI,CAAC,wBAAwB,CAAC,cAAc,EAAE,UAAU,CAAC,EAAE,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAA;IAChG,CAAC;IAEO,8BAA8B,CACpC,cAAsB,EACtB,UAAkC,EAClC,QAAgB,EAChB,YAAoB;QAEpB,OAAO,IAAI,CACT,IAAI,CAAC,sBAAsB,CAAC,cAAc,EAAE,UAAU,EAAE,QAAQ,CAAC,EACjE,GAAG,YAAY,OAAO,CACvB,CAAC,WAAW,EAAE,CAAA;IACjB,CAAC;IAEO,8BAA8B,CACpC,cAAsB,EACtB,IAAY,EACZ,YAAoB;QAEpB,OAAO,IAAI,CACT,IAAI,CAAC,sBAAsB,CAAC,cAAc,EAAE,IAAI,CAAC,EACjD,GAAG,YAAY,OAAO,CACvB,CAAC,WAAW,EAAE,CAAA;IACjB,CAAC;IAEO,WAAW,CAAC,SAAiB;QACnC,OAAO,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC,WAAW,EAAE,CAAA;IACnE,CAAC;IAEO,iBAAiB,CAAC,SAAiB,EAAE,GAAW;QACtD,OAAO,cAAc,CAAC,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,WAAW,EAAE,CAAA;IAC5E,CAAC;IAEO,iBAAiB,CAAC,SAAiB,EAAE,GAAW,EAAE,YAAoB;QAC5E,MAAM,MAAM,GAAG,IAAI,CAAC,iBAAiB,CAAC,SAAS,EAAE,GAAG,CAAC,CAAA;QACrD,OAAO,IAAI,CAAC,MAAM,EAAE,GAAG,YAAY,OAAO,CAAC,CAAC,WAAW,EAAE,CAAA;IAC3D,CAAC;IAED,KAAK,CAAC,oBAAoB,CACxB,SAAiB,EACjB,GAAW,EACX,YAAoB,EACpB,IAAkB;QAElB,MAAM,QAAQ,GAAG,IAAI,CAAC,iBAAiB,CAAC,SAAS,EAAE,GAAG,EAAE,YAAY,CAAC,CAAA;QACrE,MAAM,IAAI,CAAC,gBAAgB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAA;IAC7C,CAAC;IAED,KAAK,CAAC,oBAAoB,CAAC,SAAiB,EAAE,GAAW;QACvD,kEAAkE;QAClE,MAAM,OAAO,GAAG,IAAI,CAAC,iBAAiB,CAAC,SAAS,EAAE,GAAG,CAAC,CAAA;QACtD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,OAAO,CAAC,CAAA;QACzD,oDAAoD;QACpD,MAAM,aAAa,GAAG,KAAK;aACxB,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;aACxC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAA,CAAC,6BAA6B;QAEzE,OAAO,aAAa,CAAA;IACtB,CAAC;IAED,KAAK,CAAC,mBAAmB,CACvB,SAAiB,EACjB,GAAW,EACX,YAAoB,EACpB,YAAgB;QAEhB,MAAM,QAAQ,GAAG,IAAI,CAAC,iBAAiB,CAAC,SAAS,EAAE,GAAG,EAAE,YAAY,CAAC,CAAA;QACrE,OAAO,IAAI,CAAC,gBAAgB,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAA;IACtD,CAAC;IAED,KAAK,CAAC,sBAAsB,CAC1B,SAAiB,EACjB,GAAW,EACX,YAAoB;QAEpB,MAAM,QAAQ,GAAG,IAAI,CAAC,iBAAiB,CAAC,SAAS,EAAE,GAAG,EAAE,YAAY,CAAC,CAAA;QACrE,MAAM,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAA;IAC3C,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,SAAiB,EAAE,GAAW;QACjD,MAAM,OAAO,GAAG,IAAI,CAAC,iBAAiB,CAAC,SAAS,EAAE,GAAG,CAAC,CAAA;QACtD,MAAM,IAAI,CAAC,SAAS,CAAC,eAAe,CAAC,OAAO,CAAC,CAAA;IAC/C,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,SAAiB,EAAE,OAA0B;QAC/D,MAAM,OAAO,GAAG,kBAAkB,CAChC,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,EAC3B,EAAE,GAAG,OAAO,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,EACzC,GAAG,CACJ,CAAA;QACD,OAAO,MAAM,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,OAAO,CAAC,CAAA;IACpD,CAAC;IAED,KAAK,CAAC,gBAAgB,CACpB,SAAiB,EACjB,OAA0B,EAC1B,gBAA0B;QAE1B,MAAM,OAAO,GAAG,kBAAkB,CAChC,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,EAC3B,EAAE,GAAG,OAAO,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,EACzC,GAAG,CACJ,CAAA;QAED,MAAM,eAAe,GAAG,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CACnF,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CACtB,CAAA;QAED,MAAM,WAAW,GAAG,IAAI,GAAG,CACzB,gBAAgB,CAAC,GAAG,CAAC,CAAC,UAAU,EAAE,EAAE;YAClC,MAAM,WAAW,GAAG,IAAI,CAAC,iBAAiB,CAAC,SAAS,EAAE,UAAU,CAAC,CAAA;YACjE,OAAO,WAAW,CAAA;QACpB,CAAC,CAAC,CACH,CAAA;QAED,wEAAwE;QACxE,MAAM,iBAAiB,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;QAE5E,KAAK,MAAM,QAAQ,IAAI,iBAAiB,EAAE,CAAC;YACzC,MAAM,IAAI,CAAC,SAAS,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAA;QAChD,CAAC;IACH,CAAC;IAED,KAAK,CAAC,wBAAwB,CAC5B,cAAsB,EACtB,YAAoB,EACpB,IAAS;QAET,MAAM,QAAQ,GAAG,IAAI,CAAC,wBAAwB,CAAC,cAAc,EAAE,YAAY,CAAC,CAAA;QAC5E,MAAM,IAAI,CAAC,gBAAgB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAA;IAC7C,CAAC;IAED,KAAK,CAAC,0BAA0B,CAAC,cAAsB,EAAE,YAAoB;QAC3E,MAAM,QAAQ,GAAG,IAAI,CAAC,wBAAwB,CAAC,cAAc,EAAE,YAAY,CAAC,CAAA;QAC5E,MAAM,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAA;IAC3C,CAAC;IAED,KAAK,CAAC,uBAAuB,CAAC,cAAsB;QAClD,MAAM,OAAO,GAAG,IAAI,CAAC,uBAAuB,CAAC,cAAc,CAAC,CAAA;QAC5D,OAAO,MAAM,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,OAAO,CAAC,CAAA;IACpD,CAAC;IAED,KAAK,CAAC,gCAAgC,CACpC,cAAsB,EACtB,IAAY,EACZ,YAAoB;QAEpB,MAAM,QAAQ,GAAG,IAAI,CAAC,8BAA8B,CAAC,cAAc,EAAE,IAAI,EAAE,YAAY,CAAC,CAAA;QACxF,MAAM,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAA;IAC3C,CAAC;IAED,KAAK,CAAC,8BAA8B,CAClC,cAAsB,EACtB,IAAY,EACZ,YAAoB,EACpB,IAAS;QAET,MAAM,QAAQ,GAAG,IAAI,CAAC,8BAA8B,CAAC,cAAc,EAAE,IAAI,EAAE,YAAY,CAAC,CAAA;QACxF,MAAM,IAAI,CAAC,gBAAgB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAA;IAC7C,CAAC;IAED,KAAK,CAAC,6BAA6B,CACjC,cAAsB,EACtB,IAAY,EACZ,YAAoB,EACpB,YAAgB;QAEhB,MAAM,QAAQ,GAAG,IAAI,CAAC,8BAA8B,CAAC,cAAc,EAAE,IAAI,EAAE,YAAY,CAAC,CAAA;QACxF,OAAO,IAAI,CAAC,gBAAgB,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAA;IACtD,CAAC;IAED,KAAK,CAAC,wBAAwB,CAAC,cAAsB,EAAE,IAAY;QACjE,MAAM,OAAO,GAAG,IAAI,CAAC,sBAAsB,CAAC,cAAc,EAAE,IAAI,CAAC,CAAA;QACjE,MAAM,IAAI,CAAC,SAAS,CAAC,eAAe,CAAC,OAAO,CAAC,CAAA;IAC/C,CAAC;IAED,KAAK,CAAC,gCAAgC,CACpC,cAAsB,EACtB,UAAkC,EAClC,QAAgB,EAChB,YAAoB;QAEpB,MAAM,QAAQ,GAAG,IAAI,CAAC,8BAA8B,CAClD,cAAc,EACd,UAAU,EACV,QAAQ,EACR,YAAY,CACb,CAAA;QACD,MAAM,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAA;IAC3C,CAAC;IAED,KAAK,CAAC,8BAA8B,CAClC,cAAsB,EACtB,UAAkC,EAClC,QAAgB,EAChB,YAAoB,EACpB,IAAS;QAET,MAAM,QAAQ,GAAG,IAAI,CAAC,8BAA8B,CAClD,cAAc,EACd,UAAU,EACV,QAAQ,EACR,YAAY,CACb,CAAA;QACD,MAAM,IAAI,CAAC,gBAAgB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAA;IAC7C,CAAC;IAED,KAAK,CAAC,6BAA6B,CACjC,cAAsB,EACtB,UAAkC,EAClC,QAAgB,EAChB,YAAoB,EACpB,YAAgB;QAEhB,MAAM,QAAQ,GAAG,IAAI,CAAC,8BAA8B,CAClD,cAAc,EACd,UAAU,EACV,QAAQ,EACR,YAAY,CACb,CAAA;QACD,OAAO,IAAI,CAAC,gBAAgB,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAA;IACtD,CAAC;IAED,KAAK,CAAC,wBAAwB,CAC5B,cAAsB,EACtB,UAAkC,EAClC,QAAgB;QAEhB,MAAM,OAAO,GAAG,IAAI,CAAC,sBAAsB,CAAC,cAAc,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAA;QACjF,MAAM,IAAI,CAAC,SAAS,CAAC,eAAe,CAAC,OAAO,CAAC,CAAA;IAC/C,CAAC;IAED,KAAK,CAAC,wBAAwB,CAC5B,cAAsB,EACtB,UAAkC;QAElC,MAAM,OAAO,GAAG,IAAI,CAAC,wBAAwB,CAAC,cAAc,EAAE,UAAU,CAAC,CAAA;QACzE,OAAO,MAAM,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,OAAO,CAAC,CAAA;IACpD,CAAC;IAED;;;;;OAKG;IACK,cAAc,CAAC,OAAY;QACjC,OAAO,CACL,OAAO,KAAK,SAAS;YACrB,OAAO,KAAK,IAAI;YAChB,OAAO,KAAK,EAAE;YACd,OAAO,KAAK,IAAI;YAChB,OAAO,KAAK,IAAI;YAChB,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC;YAChD,CAAC,OAAO,OAAO,KAAK,QAAQ,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,CACnE,CAAA;IACH,CAAC;IAED;;;;;;OAMG;IACK,KAAK,CAAC,gBAAgB,CAC5B,QAAgB,EAChB,YAAgB;QAEhB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;QACxD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,YAAiB,CAAA;QAC1B,CAAC;QACD,OAAO,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAM,CAAA;IAClC,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,gBAAgB,CAAC,QAAgB,EAAE,IAAS;QACxD,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC7B,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE,CAAA;QACpB,CAAC;QACD,IAAI,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9B,MAAM,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAA;YACzC,OAAM;QACR,CAAC;QAED,MAAM,OAAO,GAAG,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAA;QAC/E,MAAM,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;IACnD,CAAC;CACF"}
|
package/dist/esm/services.d.ts
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"services.d.ts","sourceRoot":"","sources":["../../src/services.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,UAAU,GAAG,KAAK,GAAG,KAAK,GAAG,QAAQ,GAAG,IAAI,CAAA;
|
|
1
|
+
{"version":3,"file":"services.d.ts","sourceRoot":"","sources":["../../src/services.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,UAAU,GAAG,KAAK,GAAG,KAAK,GAAG,QAAQ,GAAG,eAAe,GAAG,IAAI,CAAA;AAE1E,eAAO,MAAM,WAAW,EAAE,UAAU,EAAoD,CAAA"}
|
package/dist/esm/services.js
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export const allServices = ['iam', 'kms', 'lambda', 's3'];
|
|
1
|
+
export const allServices = ['iam', 'kms', 'lambda', 'organizations', 's3'];
|
|
2
2
|
//# sourceMappingURL=services.js.map
|
package/dist/esm/services.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"services.js","sourceRoot":"","sources":["../../src/services.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,WAAW,GAAiB,CAAC,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAA"}
|
|
1
|
+
{"version":3,"file":"services.js","sourceRoot":"","sources":["../../src/services.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,WAAW,GAAiB,CAAC,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,eAAe,EAAE,IAAI,CAAC,CAAA"}
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
import { Account, Organization, OrganizationalUnit, OrganizationsClient, Root } from '@aws-sdk/client-organizations';
|
|
2
|
+
import { Sync } from '../sync.js';
|
|
3
|
+
export declare const OrganizationSync: Sync;
|
|
4
|
+
/**
|
|
5
|
+
* Get the details of an organization or an account.
|
|
6
|
+
*
|
|
7
|
+
* @param client The OrganizationsClient to use
|
|
8
|
+
* @returns the details of the organization the account belongs to or undefined if the account is not part of an organization or does not have permission.
|
|
9
|
+
*/
|
|
10
|
+
export declare function getOrganizationDetails(client: OrganizationsClient): Promise<Organization | undefined>;
|
|
11
|
+
/**
|
|
12
|
+
* Get the root Organizational Unit for an organization
|
|
13
|
+
*
|
|
14
|
+
* @param client The OrganizationsClient to use
|
|
15
|
+
* @returns the root Organizational Unit for the organization if it exists
|
|
16
|
+
*/
|
|
17
|
+
export declare function getOrganizationRoot(client: OrganizationsClient): Promise<Root | undefined>;
|
|
18
|
+
/**
|
|
19
|
+
* Get the tags for an Organizational Unit
|
|
20
|
+
*
|
|
21
|
+
* @param client The OrganizationsClient to use
|
|
22
|
+
* @param ouId The AWS id of the Organizational Unit to get the tags for
|
|
23
|
+
* @returns The tags for the Organizational Unit
|
|
24
|
+
*/
|
|
25
|
+
export declare function getTagsForOu(client: OrganizationsClient, ouId: string): Promise<Record<string, string>>;
|
|
26
|
+
/**
|
|
27
|
+
* Get the tags for an account
|
|
28
|
+
* @param client The OrganizationsClient to use
|
|
29
|
+
* @param accountId The AWS id of the account to get the tags for
|
|
30
|
+
* @returns The tags for the account
|
|
31
|
+
*/
|
|
32
|
+
export declare function getTagsForAccount(client: OrganizationsClient, accountId: string): Promise<Record<string, string>>;
|
|
33
|
+
/**
|
|
34
|
+
* Get the organizational units for a parent organizational unit
|
|
35
|
+
*
|
|
36
|
+
* @param client The OrganizationsClient to use
|
|
37
|
+
* @param parentId The AWS id of the parent organizational unit
|
|
38
|
+
* @returns The organizational units directly under the parent
|
|
39
|
+
*/
|
|
40
|
+
export declare function getChildOrgUnits(client: OrganizationsClient, parentId: string): Promise<OrganizationalUnit[]>;
|
|
41
|
+
/**
|
|
42
|
+
* Get the accounts for a parent organizational unit
|
|
43
|
+
*
|
|
44
|
+
* @param client The OrganizationsClient to use
|
|
45
|
+
* @param parentId The AWS id of the parent organizational unit
|
|
46
|
+
* @returns The accounts directly under the parent
|
|
47
|
+
*/
|
|
48
|
+
export declare function getAccountsForParent(client: OrganizationsClient, parentId: string): Promise<Account[]>;
|
|
49
|
+
//# sourceMappingURL=organizations.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"organizations.d.ts","sourceRoot":"","sources":["../../../../src/syncs/organizations/organizations.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,OAAO,EAUP,YAAY,EACZ,kBAAkB,EAClB,mBAAmB,EAGnB,IAAI,EACL,MAAM,+BAA+B,CAAA;AAKtC,OAAO,EAAE,IAAI,EAAe,MAAM,YAAY,CAAA;AA+B9C,eAAO,MAAM,gBAAgB,EAAE,IAmM9B,CAAA;AAED;;;;;GAKG;AACH,wBAAsB,sBAAsB,CAC1C,MAAM,EAAE,mBAAmB,GAC1B,OAAO,CAAC,YAAY,GAAG,SAAS,CAAC,CAenC;AAED;;;;;GAKG;AACH,wBAAsB,mBAAmB,CAAC,MAAM,EAAE,mBAAmB,GAAG,OAAO,CAAC,IAAI,GAAG,SAAS,CAAC,CAchG;AAED;;;;;;GAMG;AACH,wBAAsB,YAAY,CAChC,MAAM,EAAE,mBAAmB,EAC3B,IAAI,EAAE,MAAM,GACX,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAEjC;AAED;;;;;GAKG;AACH,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,mBAAmB,EAC3B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAEjC;AA4BD;;;;;;GAMG;AACH,wBAAsB,gBAAgB,CACpC,MAAM,EAAE,mBAAmB,EAC3B,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,kBAAkB,EAAE,CAAC,CAQ/B;AAED;;;;;;GAMG;AACH,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,mBAAmB,EAC3B,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,OAAO,EAAE,CAAC,CAYpB"}
|
|
@@ -0,0 +1,339 @@
|
|
|
1
|
+
import { DescribeOrganizationCommand, DescribePolicyCommand, DescribeResourcePolicyCommand, ListAccountsForParentCommand, ListOrganizationalUnitsForParentCommand, ListPoliciesCommand, ListPoliciesForTargetCommand, ListRootsCommand, ListTagsForResourceCommand, OrganizationsClient, PolicyType, PolicyTypeStatus } from '@aws-sdk/client-organizations';
|
|
2
|
+
import { AwsClientPool } from '../../aws/ClientPool.js';
|
|
3
|
+
import { runAndCatch404, runAndCatchAccessDenied } from '../../utils/client-tools.js';
|
|
4
|
+
import { paginateResource } from '../typedSync.js';
|
|
5
|
+
export const OrganizationSync = {
|
|
6
|
+
awsService: 'organizations',
|
|
7
|
+
name: 'organization',
|
|
8
|
+
global: true,
|
|
9
|
+
execute: async function (accountId, region, credentials, storage, endpoint, syncOptions) {
|
|
10
|
+
var _a;
|
|
11
|
+
const organizationClient = AwsClientPool.defaultInstance.client(OrganizationsClient, credentials, region, endpoint);
|
|
12
|
+
const organization = await getOrganizationDetails(organizationClient);
|
|
13
|
+
if (!organization) {
|
|
14
|
+
return;
|
|
15
|
+
}
|
|
16
|
+
const organizationId = organization.Id;
|
|
17
|
+
const root = await getOrganizationRoot(organizationClient);
|
|
18
|
+
if (!root) {
|
|
19
|
+
return;
|
|
20
|
+
}
|
|
21
|
+
const features = root.PolicyTypes?.reduce((acc, type) => {
|
|
22
|
+
acc[type.Type] = type.Status === PolicyTypeStatus.ENABLED;
|
|
23
|
+
return acc;
|
|
24
|
+
}, {}) || {};
|
|
25
|
+
const scpsEnabled = !!features[PolicyType.SERVICE_CONTROL_POLICY];
|
|
26
|
+
const rcpsEnabled = !!features[PolicyType.RESOURCE_CONTROL_POLICY];
|
|
27
|
+
const allAccounts = {};
|
|
28
|
+
const allOus = {};
|
|
29
|
+
const ouDetails = {};
|
|
30
|
+
allOus[root.Id] = {
|
|
31
|
+
parent: undefined,
|
|
32
|
+
scps: await getPoliciesForTarget(organizationClient, root.Id, PolicyType.SERVICE_CONTROL_POLICY, scpsEnabled),
|
|
33
|
+
rcps: await getPoliciesForTarget(organizationClient, root.Id, PolicyType.RESOURCE_CONTROL_POLICY, rcpsEnabled)
|
|
34
|
+
};
|
|
35
|
+
ouDetails[root.Id] = await getOuDetails(organizationClient, root);
|
|
36
|
+
const structure = {
|
|
37
|
+
[root.Id]: {
|
|
38
|
+
children: {},
|
|
39
|
+
accounts: []
|
|
40
|
+
}
|
|
41
|
+
};
|
|
42
|
+
// const children = await getChildOrgUnits(organizationClient, root.Id!)
|
|
43
|
+
const parents = [structure];
|
|
44
|
+
let parent = parents.pop();
|
|
45
|
+
while (parent) {
|
|
46
|
+
for (const key in parent) {
|
|
47
|
+
// Get structure information
|
|
48
|
+
const children = await getChildOrgUnits(organizationClient, key);
|
|
49
|
+
for (const child of children) {
|
|
50
|
+
ouDetails[child.Id] = await getOuDetails(organizationClient, child);
|
|
51
|
+
const childId = child.Id;
|
|
52
|
+
allOus[childId] = {
|
|
53
|
+
parent: key,
|
|
54
|
+
scps: await getPoliciesForTarget(organizationClient, root.Id, PolicyType.SERVICE_CONTROL_POLICY, scpsEnabled),
|
|
55
|
+
rcps: await getPoliciesForTarget(organizationClient, root.Id, PolicyType.RESOURCE_CONTROL_POLICY, rcpsEnabled)
|
|
56
|
+
};
|
|
57
|
+
(_a = parent[key]).children || (_a.children = {});
|
|
58
|
+
parent[key].children[childId] = {
|
|
59
|
+
children: undefined,
|
|
60
|
+
accounts: undefined
|
|
61
|
+
};
|
|
62
|
+
}
|
|
63
|
+
const accounts = await getAccountsForParent(organizationClient, key);
|
|
64
|
+
if (accounts.length > 0) {
|
|
65
|
+
parent[key].accounts = [];
|
|
66
|
+
}
|
|
67
|
+
for (const account of accounts) {
|
|
68
|
+
let accountTags = await getTagsForAccount(organizationClient, account.Id);
|
|
69
|
+
if (Object.keys(accountTags).length === 0) {
|
|
70
|
+
accountTags = undefined;
|
|
71
|
+
}
|
|
72
|
+
allAccounts[account.Id] = {
|
|
73
|
+
ou: key,
|
|
74
|
+
scps: await getPoliciesForTarget(organizationClient, account.Id, PolicyType.SERVICE_CONTROL_POLICY, scpsEnabled),
|
|
75
|
+
rcps: await getPoliciesForTarget(organizationClient, account.Id, PolicyType.RESOURCE_CONTROL_POLICY, rcpsEnabled),
|
|
76
|
+
tags: accountTags
|
|
77
|
+
};
|
|
78
|
+
parent[key].accounts.push(account.Arn);
|
|
79
|
+
}
|
|
80
|
+
// parent[key].accounts = accounts.map((a) => a.Arn!)
|
|
81
|
+
if (parent[key].children) {
|
|
82
|
+
parents.push(parent[key].children);
|
|
83
|
+
}
|
|
84
|
+
}
|
|
85
|
+
parent = parents.pop();
|
|
86
|
+
}
|
|
87
|
+
storage.saveOrganizationMetadata(organizationId, 'structure', structure);
|
|
88
|
+
storage.saveOrganizationMetadata(organizationId, 'metadata', {
|
|
89
|
+
id: organizationId,
|
|
90
|
+
arn: organization.Arn,
|
|
91
|
+
rootOu: root.Id,
|
|
92
|
+
rootAccountArn: organization.MasterAccountArn,
|
|
93
|
+
rootAccountId: organization.MasterAccountId,
|
|
94
|
+
features
|
|
95
|
+
});
|
|
96
|
+
storage.saveOrganizationMetadata(organizationId, 'accounts', allAccounts);
|
|
97
|
+
storage.saveOrganizationMetadata(organizationId, 'ous', allOus);
|
|
98
|
+
// Sync OUs
|
|
99
|
+
const persistedOus = await storage.listOrganizationalUnits(organizationId);
|
|
100
|
+
const newOus = new Set(Object.keys(ouDetails));
|
|
101
|
+
const deletedOus = persistedOus.filter((ou) => !newOus.has(ou));
|
|
102
|
+
for (const ouToDelete of deletedOus) {
|
|
103
|
+
await storage.deleteOrganizationalUnit(organizationId, ouToDelete);
|
|
104
|
+
}
|
|
105
|
+
for (const ouId of Object.keys(ouDetails)) {
|
|
106
|
+
const ou = ouDetails[ouId];
|
|
107
|
+
await storage.saveOrganizationalUnitMetadata(organizationId, ouId, 'metadata', ou.metadata);
|
|
108
|
+
await storage.saveOrganizationalUnitMetadata(organizationId, ouId, 'tags', ou.tags);
|
|
109
|
+
}
|
|
110
|
+
// Sync policies
|
|
111
|
+
await syncPolicies(organizationId, organizationClient, storage, PolicyType.SERVICE_CONTROL_POLICY, 'scps', scpsEnabled);
|
|
112
|
+
await syncPolicies(organizationId, organizationClient, storage, PolicyType.RESOURCE_CONTROL_POLICY, 'rcps', rcpsEnabled);
|
|
113
|
+
// Sync organization resource policy
|
|
114
|
+
await syncOrganizationResourcePolicy(organizationClient, storage, organizationId);
|
|
115
|
+
}
|
|
116
|
+
};
|
|
117
|
+
/**
|
|
118
|
+
* Get the details of an organization or an account.
|
|
119
|
+
*
|
|
120
|
+
* @param client The OrganizationsClient to use
|
|
121
|
+
* @returns the details of the organization the account belongs to or undefined if the account is not part of an organization or does not have permission.
|
|
122
|
+
*/
|
|
123
|
+
export async function getOrganizationDetails(client) {
|
|
124
|
+
const command = new DescribeOrganizationCommand();
|
|
125
|
+
try {
|
|
126
|
+
const response = await runAndCatch404(() => client.send(command));
|
|
127
|
+
if (!response) {
|
|
128
|
+
return undefined;
|
|
129
|
+
}
|
|
130
|
+
return response.Organization;
|
|
131
|
+
}
|
|
132
|
+
catch (e) {
|
|
133
|
+
if (e.name === 'AWSOrganizationsNotInUseException') {
|
|
134
|
+
return undefined;
|
|
135
|
+
}
|
|
136
|
+
}
|
|
137
|
+
return undefined;
|
|
138
|
+
}
|
|
139
|
+
/**
|
|
140
|
+
* Get the root Organizational Unit for an organization
|
|
141
|
+
*
|
|
142
|
+
* @param client The OrganizationsClient to use
|
|
143
|
+
* @returns the root Organizational Unit for the organization if it exists
|
|
144
|
+
*/
|
|
145
|
+
export async function getOrganizationRoot(client) {
|
|
146
|
+
return runAndCatchAccessDenied(async () => {
|
|
147
|
+
const roots = await paginateResource(client, ListRootsCommand, 'Roots', {
|
|
148
|
+
inputKey: 'NextToken',
|
|
149
|
+
outputKey: 'NextToken'
|
|
150
|
+
}, {});
|
|
151
|
+
return roots.at(0);
|
|
152
|
+
});
|
|
153
|
+
}
|
|
154
|
+
/**
|
|
155
|
+
* Get the tags for an Organizational Unit
|
|
156
|
+
*
|
|
157
|
+
* @param client The OrganizationsClient to use
|
|
158
|
+
* @param ouId The AWS id of the Organizational Unit to get the tags for
|
|
159
|
+
* @returns The tags for the Organizational Unit
|
|
160
|
+
*/
|
|
161
|
+
export async function getTagsForOu(client, ouId) {
|
|
162
|
+
return getTags(client, ouId);
|
|
163
|
+
}
|
|
164
|
+
/**
|
|
165
|
+
* Get the tags for an account
|
|
166
|
+
* @param client The OrganizationsClient to use
|
|
167
|
+
* @param accountId The AWS id of the account to get the tags for
|
|
168
|
+
* @returns The tags for the account
|
|
169
|
+
*/
|
|
170
|
+
export async function getTagsForAccount(client, accountId) {
|
|
171
|
+
return getTags(client, accountId);
|
|
172
|
+
}
|
|
173
|
+
/**
|
|
174
|
+
* Get the tags for a resource in AWS Organizations
|
|
175
|
+
*
|
|
176
|
+
* @param client The OrganizationsClient to use
|
|
177
|
+
* @param resourceId The AWS id of the resource to get the tags for
|
|
178
|
+
* @returns The tags for the resource
|
|
179
|
+
*/
|
|
180
|
+
async function getTags(client, resourceId) {
|
|
181
|
+
const command = new ListTagsForResourceCommand({ ResourceId: resourceId });
|
|
182
|
+
const response = await runAndCatch404(() => client.send(command));
|
|
183
|
+
if (!response) {
|
|
184
|
+
return {};
|
|
185
|
+
}
|
|
186
|
+
return (response.Tags || [])?.reduce((acc, tag) => {
|
|
187
|
+
acc[tag.Key] = tag.Value;
|
|
188
|
+
return acc;
|
|
189
|
+
}, {});
|
|
190
|
+
}
|
|
191
|
+
/**
|
|
192
|
+
* Get the organizational units for a parent organizational unit
|
|
193
|
+
*
|
|
194
|
+
* @param client The OrganizationsClient to use
|
|
195
|
+
* @param parentId The AWS id of the parent organizational unit
|
|
196
|
+
* @returns The organizational units directly under the parent
|
|
197
|
+
*/
|
|
198
|
+
export async function getChildOrgUnits(client, parentId) {
|
|
199
|
+
return await paginateResource(client, ListOrganizationalUnitsForParentCommand, 'OrganizationalUnits', { inputKey: 'NextToken', outputKey: 'NextToken' }, { ParentId: parentId });
|
|
200
|
+
}
|
|
201
|
+
/**
|
|
202
|
+
* Get the accounts for a parent organizational unit
|
|
203
|
+
*
|
|
204
|
+
* @param client The OrganizationsClient to use
|
|
205
|
+
* @param parentId The AWS id of the parent organizational unit
|
|
206
|
+
* @returns The accounts directly under the parent
|
|
207
|
+
*/
|
|
208
|
+
export async function getAccountsForParent(client, parentId) {
|
|
209
|
+
const accounts = await paginateResource(client, ListAccountsForParentCommand, 'Accounts', {
|
|
210
|
+
inputKey: 'NextToken',
|
|
211
|
+
outputKey: 'NextToken'
|
|
212
|
+
}, { ParentId: parentId });
|
|
213
|
+
return accounts;
|
|
214
|
+
}
|
|
215
|
+
/**
|
|
216
|
+
* Get the details of an Organizational Unit (OU).
|
|
217
|
+
*
|
|
218
|
+
* @param organizationClient the OrganizationsClient to use
|
|
219
|
+
* @param ou the Organizational Unit to get the details for
|
|
220
|
+
* @returns an object containing the OU's tags and metadata
|
|
221
|
+
*/
|
|
222
|
+
async function getOuDetails(organizationClient, ou) {
|
|
223
|
+
return {
|
|
224
|
+
tags: await getTagsForOu(organizationClient, ou.Id),
|
|
225
|
+
metadata: {
|
|
226
|
+
arn: ou.Arn,
|
|
227
|
+
name: ou.Name
|
|
228
|
+
}
|
|
229
|
+
};
|
|
230
|
+
}
|
|
231
|
+
/**
|
|
232
|
+
* Get the policies for a target
|
|
233
|
+
*
|
|
234
|
+
* @param client the OrganizationsClient to use
|
|
235
|
+
* @param targetId the id of the target to get the policies for
|
|
236
|
+
* @param policyType the type of policy to get
|
|
237
|
+
* @param enabled whether the policy type is enabled
|
|
238
|
+
* @returns the Arns of the policies for the target
|
|
239
|
+
*/
|
|
240
|
+
async function getPoliciesForTarget(client, targetId, policyType, enabled) {
|
|
241
|
+
if (!enabled) {
|
|
242
|
+
return [];
|
|
243
|
+
}
|
|
244
|
+
const policies = await paginateResource(client, ListPoliciesForTargetCommand, 'Policies', { inputKey: 'NextToken', outputKey: 'NextToken' }, {
|
|
245
|
+
TargetId: targetId,
|
|
246
|
+
Filter: policyType
|
|
247
|
+
});
|
|
248
|
+
return policies.map((policy) => policy.Arn);
|
|
249
|
+
}
|
|
250
|
+
/**
|
|
251
|
+
* Sync the policies for an organization and a specific policy type.
|
|
252
|
+
*
|
|
253
|
+
* @param organizationId the id of the organization to sync policies for
|
|
254
|
+
* @param organizationClient the OrganizationsClient to use
|
|
255
|
+
* @param storage the AwsIamStore to use for persistence
|
|
256
|
+
* @param policyType the type of policy to sync (e.g., SERVICE_CONTROL_POLICY, RESOURCE_CONTROL_POLICY)
|
|
257
|
+
* @param fileType the type of policy file to sync to storage (e.g., 'scps', 'rcps')
|
|
258
|
+
* @param enabled whether the policy type is enabled in the organization
|
|
259
|
+
*/
|
|
260
|
+
async function syncPolicies(organizationId, organizationClient, storage, policyType, fileType, enabled) {
|
|
261
|
+
const existingPolicies = await storage.listOrganizationPolicies(organizationId, fileType);
|
|
262
|
+
if (!enabled) {
|
|
263
|
+
for (const policyId of existingPolicies) {
|
|
264
|
+
await storage.deleteOrganizationPolicy(organizationId, fileType, policyId);
|
|
265
|
+
}
|
|
266
|
+
return;
|
|
267
|
+
}
|
|
268
|
+
const policies = await paginateResource(organizationClient, ListPoliciesCommand, 'Policies', { inputKey: 'NextToken', outputKey: 'NextToken' }, {
|
|
269
|
+
Filter: policyType
|
|
270
|
+
});
|
|
271
|
+
const newPolicyIds = new Set(policies.map((p) => p.Id));
|
|
272
|
+
const policiesToDelete = existingPolicies.filter((id) => !newPolicyIds.has(id));
|
|
273
|
+
for (const policyToDelete of policiesToDelete) {
|
|
274
|
+
await storage.deleteOrganizationPolicy(organizationId, fileType, policyToDelete);
|
|
275
|
+
}
|
|
276
|
+
for (const policy of policies) {
|
|
277
|
+
const metadata = {
|
|
278
|
+
arn: policy.Arn,
|
|
279
|
+
name: policy.Name,
|
|
280
|
+
description: policy.Description,
|
|
281
|
+
awsManaged: policy.AwsManaged
|
|
282
|
+
};
|
|
283
|
+
await storage.saveOrganizationPolicyMetadata(organizationId, fileType, policy.Id, 'metadata', metadata);
|
|
284
|
+
const content = await getPolicyContent(organizationClient, policy.Id);
|
|
285
|
+
await storage.saveOrganizationPolicyMetadata(organizationId, fileType, policy.Id, 'policy', content);
|
|
286
|
+
const tags = await getTags(organizationClient, policy.Id);
|
|
287
|
+
await storage.saveOrganizationPolicyMetadata(organizationId, fileType, policy.Id, 'tags', tags);
|
|
288
|
+
}
|
|
289
|
+
}
|
|
290
|
+
/**
|
|
291
|
+
* Get the content of a policy by its ID.
|
|
292
|
+
*
|
|
293
|
+
* @param organizationClient the OrganizationsClient to use
|
|
294
|
+
* @param policyId the ID of the policy to get the content for
|
|
295
|
+
* @returns the content of the policy as a parsed JSON object, or undefined if the policy does not exist or has no content
|
|
296
|
+
*/
|
|
297
|
+
async function getPolicyContent(organizationClient, policyId) {
|
|
298
|
+
const command = new DescribePolicyCommand({ PolicyId: policyId });
|
|
299
|
+
const response = await runAndCatch404(() => organizationClient.send(command));
|
|
300
|
+
if (response?.Policy?.Content) {
|
|
301
|
+
return JSON.parse(response.Policy.Content);
|
|
302
|
+
}
|
|
303
|
+
return undefined;
|
|
304
|
+
}
|
|
305
|
+
/**
|
|
306
|
+
* Sync the organization resource policy.
|
|
307
|
+
*
|
|
308
|
+
* @param organizationClient the OrganizationsClient to use
|
|
309
|
+
* @param storage the AwsIamStore to use for persistence
|
|
310
|
+
* @param organizationId the id of the organization to sync the resource policy for
|
|
311
|
+
*/
|
|
312
|
+
async function syncOrganizationResourcePolicy(organizationClient, storage, organizationId) {
|
|
313
|
+
const policy = await getOrganizationResourcePolicy(organizationClient, organizationId);
|
|
314
|
+
await storage.saveOrganizationMetadata(organizationId, 'policy', policy);
|
|
315
|
+
}
|
|
316
|
+
/**
|
|
317
|
+
* Get the resource policy for an organization.
|
|
318
|
+
*
|
|
319
|
+
* @param organizationClient the OrganizationsClient to use
|
|
320
|
+
* @param organizationId the id of the organization to get the resource policy for
|
|
321
|
+
* @returns the resource policy as a parsed JSON object, or undefined if the policy does not exist or has no content
|
|
322
|
+
*/
|
|
323
|
+
async function getOrganizationResourcePolicy(organizationClient, organizationId) {
|
|
324
|
+
const command = new DescribeResourcePolicyCommand({ PolicyId: organizationId });
|
|
325
|
+
try {
|
|
326
|
+
const response = await organizationClient.send(command);
|
|
327
|
+
if (response?.ResourcePolicy?.Content) {
|
|
328
|
+
return JSON.parse(response.ResourcePolicy.Content);
|
|
329
|
+
}
|
|
330
|
+
return undefined;
|
|
331
|
+
}
|
|
332
|
+
catch (error) {
|
|
333
|
+
if (error.name === 'ResourcePolicyNotFoundException') {
|
|
334
|
+
return undefined;
|
|
335
|
+
}
|
|
336
|
+
throw error;
|
|
337
|
+
}
|
|
338
|
+
}
|
|
339
|
+
//# sourceMappingURL=organizations.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"organizations.js","sourceRoot":"","sources":["../../../../src/syncs/organizations/organizations.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,2BAA2B,EAC3B,qBAAqB,EACrB,6BAA6B,EAC7B,4BAA4B,EAC5B,uCAAuC,EACvC,mBAAmB,EACnB,4BAA4B,EAC5B,gBAAgB,EAChB,0BAA0B,EAG1B,mBAAmB,EACnB,UAAU,EACV,gBAAgB,EAEjB,MAAM,+BAA+B,CAAA;AAEtC,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAA;AAEvD,OAAO,EAAE,cAAc,EAAE,uBAAuB,EAAE,MAAM,6BAA6B,CAAA;AAErF,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAA;AA8BlD,MAAM,CAAC,MAAM,gBAAgB,GAAS;IACpC,UAAU,EAAE,eAAe;IAC3B,IAAI,EAAE,cAAc;IACpB,MAAM,EAAE,IAAI;IACZ,OAAO,EAAE,KAAK,WACZ,SAAiB,EACjB,MAAc,EACd,WAA8C,EAC9C,OAAoB,EACpB,QAA4B,EAC5B,WAAwB;;QAExB,MAAM,kBAAkB,GAAG,aAAa,CAAC,eAAe,CAAC,MAAM,CAC7D,mBAAmB,EACnB,WAAW,EACX,MAAM,EACN,QAAQ,CACT,CAAA;QAED,MAAM,YAAY,GAAG,MAAM,sBAAsB,CAAC,kBAAkB,CAAC,CAAA;QACrE,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,OAAM;QACR,CAAC;QACD,MAAM,cAAc,GAAG,YAAY,CAAC,EAAG,CAAA;QAEvC,MAAM,IAAI,GAAG,MAAM,mBAAmB,CAAC,kBAAkB,CAAC,CAAA;QAC1D,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAM;QACR,CAAC;QAED,MAAM,QAAQ,GACZ,IAAI,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE;YACrC,GAAG,CAAC,IAAI,CAAC,IAAK,CAAC,GAAG,IAAI,CAAC,MAAM,KAAK,gBAAgB,CAAC,OAAO,CAAA;YAC1D,OAAO,GAAG,CAAA;QACZ,CAAC,EAAE,EAAc,CAAC,IAAK,EAAe,CAAA;QAExC,MAAM,WAAW,GAAG,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,sBAAsB,CAAC,CAAA;QACjE,MAAM,WAAW,GAAG,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,uBAAuB,CAAC,CAAA;QAElE,MAAM,WAAW,GAAsB,EAAE,CAAA;QACzC,MAAM,MAAM,GAOR,EAAE,CAAA;QAEN,MAAM,SAAS,GAA8B,EAAE,CAAA;QAE/C,MAAM,CAAC,IAAI,CAAC,EAAG,CAAC,GAAG;YACjB,MAAM,EAAE,SAAS;YACjB,IAAI,EAAE,MAAM,oBAAoB,CAC9B,kBAAkB,EAClB,IAAI,CAAC,EAAG,EACR,UAAU,CAAC,sBAAsB,EACjC,WAAW,CACZ;YACD,IAAI,EAAE,MAAM,oBAAoB,CAC9B,kBAAkB,EAClB,IAAI,CAAC,EAAG,EACR,UAAU,CAAC,uBAAuB,EAClC,WAAW,CACZ;SACF,CAAA;QACD,SAAS,CAAC,IAAI,CAAC,EAAG,CAAC,GAAG,MAAM,YAAY,CAAC,kBAAkB,EAAE,IAAI,CAAC,CAAA;QAElE,MAAM,SAAS,GAAiB;YAC9B,CAAC,IAAI,CAAC,EAAG,CAAC,EAAE;gBACV,QAAQ,EAAE,EAAE;gBACZ,QAAQ,EAAE,EAAE;aACb;SACF,CAAA;QAED,wEAAwE;QACxE,MAAM,OAAO,GAAmB,CAAC,SAAS,CAAC,CAAA;QAE3C,IAAI,MAAM,GAAG,OAAO,CAAC,GAAG,EAAE,CAAA;QAC1B,OAAO,MAAM,EAAE,CAAC;YACd,KAAK,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;gBACzB,4BAA4B;gBAC5B,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,kBAAkB,EAAE,GAAG,CAAC,CAAA;gBAChE,KAAK,MAAM,KAAK,IAAI,QAAQ,EAAE,CAAC;oBAC7B,SAAS,CAAC,KAAK,CAAC,EAAG,CAAC,GAAG,MAAM,YAAY,CAAC,kBAAkB,EAAE,KAAK,CAAC,CAAA;oBAEpE,MAAM,OAAO,GAAG,KAAK,CAAC,EAAG,CAAA;oBACzB,MAAM,CAAC,OAAO,CAAC,GAAG;wBAChB,MAAM,EAAE,GAAG;wBACX,IAAI,EAAE,MAAM,oBAAoB,CAC9B,kBAAkB,EAClB,IAAI,CAAC,EAAG,EACR,UAAU,CAAC,sBAAsB,EACjC,WAAW,CACZ;wBACD,IAAI,EAAE,MAAM,oBAAoB,CAC9B,kBAAkB,EAClB,IAAI,CAAC,EAAG,EACR,UAAU,CAAC,uBAAuB,EAClC,WAAW,CACZ;qBACF,CAAA;oBACD,MAAA,MAAM,CAAC,GAAG,CAAC,EAAC,QAAQ,QAAR,QAAQ,GAAK,EAAE,EAAA;oBAC3B,MAAM,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG;wBAC9B,QAAQ,EAAE,SAAS;wBACnB,QAAQ,EAAE,SAAS;qBACpB,CAAA;gBACH,CAAC;gBACD,MAAM,QAAQ,GAAG,MAAM,oBAAoB,CAAC,kBAAkB,EAAE,GAAG,CAAC,CAAA;gBACpE,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACxB,MAAM,CAAC,GAAG,CAAC,CAAC,QAAQ,GAAG,EAAE,CAAA;gBAC3B,CAAC;gBACD,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;oBAC/B,IAAI,WAAW,GAAuC,MAAM,iBAAiB,CAC3E,kBAAkB,EAClB,OAAO,CAAC,EAAG,CACZ,CAAA;oBACD,IAAI,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;wBAC1C,WAAW,GAAG,SAAS,CAAA;oBACzB,CAAC;oBACD,WAAW,CAAC,OAAO,CAAC,EAAG,CAAC,GAAG;wBACzB,EAAE,EAAE,GAAG;wBACP,IAAI,EAAE,MAAM,oBAAoB,CAC9B,kBAAkB,EAClB,OAAO,CAAC,EAAG,EACX,UAAU,CAAC,sBAAsB,EACjC,WAAW,CACZ;wBACD,IAAI,EAAE,MAAM,oBAAoB,CAC9B,kBAAkB,EAClB,OAAO,CAAC,EAAG,EACX,UAAU,CAAC,uBAAuB,EAClC,WAAW,CACZ;wBACD,IAAI,EAAE,WAAW;qBAClB,CAAA;oBACD,MAAM,CAAC,GAAG,CAAC,CAAC,QAAS,CAAC,IAAI,CAAC,OAAO,CAAC,GAAI,CAAC,CAAA;gBAC1C,CAAC;gBAED,qDAAqD;gBACrD,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC;oBACzB,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAA;gBACpC,CAAC;YACH,CAAC;YAED,MAAM,GAAG,OAAO,CAAC,GAAG,EAAE,CAAA;QACxB,CAAC;QAED,OAAO,CAAC,wBAAwB,CAAC,cAAc,EAAE,WAAW,EAAE,SAAS,CAAC,CAAA;QACxE,OAAO,CAAC,wBAAwB,CAAC,cAAc,EAAE,UAAU,EAAE;YAC3D,EAAE,EAAE,cAAc;YAClB,GAAG,EAAE,YAAY,CAAC,GAAG;YACrB,MAAM,EAAE,IAAI,CAAC,EAAE;YACf,cAAc,EAAE,YAAY,CAAC,gBAAgB;YAC7C,aAAa,EAAE,YAAY,CAAC,eAAe;YAC3C,QAAQ;SACT,CAAC,CAAA;QACF,OAAO,CAAC,wBAAwB,CAAC,cAAc,EAAE,UAAU,EAAE,WAAW,CAAC,CAAA;QACzE,OAAO,CAAC,wBAAwB,CAAC,cAAc,EAAE,KAAK,EAAE,MAAM,CAAC,CAAA;QAE/D,WAAW;QACX,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,uBAAuB,CAAC,cAAc,CAAC,CAAA;QAC1E,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAA;QAC9C,MAAM,UAAU,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAA;QAC/D,KAAK,MAAM,UAAU,IAAI,UAAU,EAAE,CAAC;YACpC,MAAM,OAAO,CAAC,wBAAwB,CAAC,cAAc,EAAE,UAAU,CAAC,CAAA;QACpE,CAAC;QACD,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;YAC1C,MAAM,EAAE,GAAG,SAAS,CAAC,IAAI,CAAC,CAAA;YAC1B,MAAM,OAAO,CAAC,8BAA8B,CAAC,cAAc,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAA;YAC3F,MAAM,OAAO,CAAC,8BAA8B,CAAC,cAAc,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,CAAC,IAAI,CAAC,CAAA;QACrF,CAAC;QAED,gBAAgB;QAChB,MAAM,YAAY,CAChB,cAAc,EACd,kBAAkB,EAClB,OAAO,EACP,UAAU,CAAC,sBAAsB,EACjC,MAAM,EACN,WAAW,CACZ,CAAA;QAED,MAAM,YAAY,CAChB,cAAc,EACd,kBAAkB,EAClB,OAAO,EACP,UAAU,CAAC,uBAAuB,EAClC,MAAM,EACN,WAAW,CACZ,CAAA;QAED,oCAAoC;QACpC,MAAM,8BAA8B,CAAC,kBAAkB,EAAE,OAAO,EAAE,cAAc,CAAC,CAAA;IACnF,CAAC;CACF,CAAA;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,MAA2B;IAE3B,MAAM,OAAO,GAAG,IAAI,2BAA2B,EAAE,CAAA;IACjD,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;QACjE,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,SAAS,CAAA;QAClB,CAAC;QAED,OAAO,QAAQ,CAAC,YAAY,CAAA;IAC9B,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,IAAI,CAAC,CAAC,IAAI,KAAK,mCAAmC,EAAE,CAAC;YACnD,OAAO,SAAS,CAAA;QAClB,CAAC;IACH,CAAC;IACD,OAAO,SAAS,CAAA;AAClB,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,MAA2B;IACnE,OAAO,uBAAuB,CAAC,KAAK,IAAI,EAAE;QACxC,MAAM,KAAK,GAAG,MAAM,gBAAgB,CAClC,MAAM,EACN,gBAAgB,EAChB,OAAO,EACP;YACE,QAAQ,EAAE,WAAW;YACrB,SAAS,EAAE,WAAW;SACvB,EACD,EAAE,CACH,CAAA;QACD,OAAO,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;IACpB,CAAC,CAAC,CAAA;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,MAA2B,EAC3B,IAAY;IAEZ,OAAO,OAAO,CAAC,MAAM,EAAE,IAAI,CAAC,CAAA;AAC9B,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,MAA2B,EAC3B,SAAiB;IAEjB,OAAO,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC,CAAA;AACnC,CAAC;AAED;;;;;;GAMG;AACH,KAAK,UAAU,OAAO,CACpB,MAA2B,EAC3B,UAAkB;IAElB,MAAM,OAAO,GAAG,IAAI,0BAA0B,CAAC,EAAE,UAAU,EAAE,UAAU,EAAE,CAAC,CAAA;IAC1E,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;IACjE,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO,EAAE,CAAA;IACX,CAAC;IAED,OAAO,CAAC,QAAQ,CAAC,IAAI,IAAI,EAAE,CAAC,EAAE,MAAM,CAClC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACX,GAAG,CAAC,GAAG,CAAC,GAAI,CAAC,GAAG,GAAG,CAAC,KAAM,CAAA;QAC1B,OAAO,GAAG,CAAA;IACZ,CAAC,EACD,EAA4B,CAC7B,CAAA;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,MAA2B,EAC3B,QAAgB;IAEhB,OAAO,MAAM,gBAAgB,CAC3B,MAAM,EACN,uCAAuC,EACvC,qBAAqB,EACrB,EAAE,QAAQ,EAAE,WAAW,EAAE,SAAS,EAAE,WAAW,EAAE,EACjD,EAAE,QAAQ,EAAE,QAAQ,EAAE,CACvB,CAAA;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,MAA2B,EAC3B,QAAgB;IAEhB,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CACrC,MAAM,EACN,4BAA4B,EAC5B,UAAU,EACV;QACE,QAAQ,EAAE,WAAW;QACrB,SAAS,EAAE,WAAW;KACvB,EACD,EAAE,QAAQ,EAAE,QAAQ,EAAE,CACvB,CAAA;IACD,OAAO,QAAQ,CAAA;AACjB,CAAC;AAED;;;;;;GAMG;AACH,KAAK,UAAU,YAAY,CACzB,kBAAuC,EACvC,EAAsB;IAEtB,OAAO;QACL,IAAI,EAAE,MAAM,YAAY,CAAC,kBAAkB,EAAE,EAAE,CAAC,EAAG,CAAC;QACpD,QAAQ,EAAE;YACR,GAAG,EAAE,EAAE,CAAC,GAAI;YACZ,IAAI,EAAE,EAAE,CAAC,IAAK;SACf;KACF,CAAA;AACH,CAAC;AAED;;;;;;;;GAQG;AACH,KAAK,UAAU,oBAAoB,CACjC,MAA2B,EAC3B,QAAgB,EAChB,UAAsB,EACtB,OAAgB;IAEhB,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,EAAE,CAAA;IACX,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CACrC,MAAM,EACN,4BAA4B,EAC5B,UAAU,EACV,EAAE,QAAQ,EAAE,WAAW,EAAE,SAAS,EAAE,WAAW,EAAE,EACjD;QACE,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,UAAU;KACnB,CACF,CAAA;IAED,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,GAAI,CAAC,CAAA;AAC9C,CAAC;AAED;;;;;;;;;GASG;AACH,KAAK,UAAU,YAAY,CACzB,cAAsB,EACtB,kBAAuC,EACvC,OAAoB,EACpB,UAAsB,EACtB,QAAgC,EAChC,OAAgB;IAEhB,MAAM,gBAAgB,GAAG,MAAM,OAAO,CAAC,wBAAwB,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAA;IACzF,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,KAAK,MAAM,QAAQ,IAAI,gBAAgB,EAAE,CAAC;YACxC,MAAM,OAAO,CAAC,wBAAwB,CAAC,cAAc,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAA;QAC5E,CAAC;QACD,OAAM;IACR,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CACrC,kBAAkB,EAClB,mBAAmB,EACnB,UAAU,EACV,EAAE,QAAQ,EAAE,WAAW,EAAE,SAAS,EAAE,WAAW,EAAE,EACjD;QACE,MAAM,EAAE,UAAU;KACnB,CACF,CAAA;IAED,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAG,CAAC,CAAC,CAAA;IACxD,MAAM,gBAAgB,GAAG,gBAAgB,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAA;IAC/E,KAAK,MAAM,cAAc,IAAI,gBAAgB,EAAE,CAAC;QAC9C,MAAM,OAAO,CAAC,wBAAwB,CAAC,cAAc,EAAE,QAAQ,EAAE,cAAc,CAAC,CAAA;IAClF,CAAC;IAED,KAAK,MAAM,MAAM,IAAI,QAAQ,EAAE,CAAC;QAC9B,MAAM,QAAQ,GAAG;YACf,GAAG,EAAE,MAAM,CAAC,GAAG;YACf,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,UAAU,EAAE,MAAM,CAAC,UAAU;SAC9B,CAAA;QACD,MAAM,OAAO,CAAC,8BAA8B,CAC1C,cAAc,EACd,QAAQ,EACR,MAAM,CAAC,EAAG,EACV,UAAU,EACV,QAAQ,CACT,CAAA;QACD,MAAM,OAAO,GAAG,MAAM,gBAAgB,CAAC,kBAAkB,EAAE,MAAM,CAAC,EAAG,CAAC,CAAA;QACtE,MAAM,OAAO,CAAC,8BAA8B,CAC1C,cAAc,EACd,QAAQ,EACR,MAAM,CAAC,EAAG,EACV,QAAQ,EACR,OAAO,CACR,CAAA;QAED,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,kBAAkB,EAAE,MAAM,CAAC,EAAG,CAAC,CAAA;QAC1D,MAAM,OAAO,CAAC,8BAA8B,CAAC,cAAc,EAAE,QAAQ,EAAE,MAAM,CAAC,EAAG,EAAE,MAAM,EAAE,IAAI,CAAC,CAAA;IAClG,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,KAAK,UAAU,gBAAgB,CAC7B,kBAAuC,EACvC,QAAgB;IAEhB,MAAM,OAAO,GAAG,IAAI,qBAAqB,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAA;IACjE,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,GAAG,EAAE,CAAC,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;IAC7E,IAAI,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;QAC9B,OAAO,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;IAC5C,CAAC;IACD,OAAO,SAAS,CAAA;AAClB,CAAC;AAED;;;;;;GAMG;AACH,KAAK,UAAU,8BAA8B,CAC3C,kBAAuC,EACvC,OAAoB,EACpB,cAAsB;IAEtB,MAAM,MAAM,GAAG,MAAM,6BAA6B,CAAC,kBAAkB,EAAE,cAAc,CAAC,CAAA;IACtF,MAAM,OAAO,CAAC,wBAAwB,CAAC,cAAc,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAA;AAC1E,CAAC;AAED;;;;;;GAMG;AACH,KAAK,UAAU,6BAA6B,CAC1C,kBAAuC,EACvC,cAAsB;IAEtB,MAAM,OAAO,GAAG,IAAI,6BAA6B,CAAC,EAAE,QAAQ,EAAE,cAAc,EAAE,CAAC,CAAA;IAC/E,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QACvD,IAAI,QAAQ,EAAE,cAAc,EAAE,OAAO,EAAE,CAAC;YACtC,OAAO,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,cAAc,CAAC,OAAO,CAAC,CAAA;QACpD,CAAC;QACD,OAAO,SAAS,CAAA;IAClB,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,IAAI,KAAK,CAAC,IAAI,KAAK,iCAAiC,EAAE,CAAC;YACrD,OAAO,SAAS,CAAA;QAClB,CAAC;QACD,MAAM,KAAK,CAAA;IACb,CAAC;AACH,CAAC"}
|