@cloud-copilot/iam-collect 0.1.2 → 0.1.3

package/dist/cjs/syncs/lambda/lambda.js

@@ -0,0 +1,54 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LambdaSync = void 0;
+const client_lambda_1 = require("@aws-sdk/client-lambda");
+const ClientPool_js_1 = require("../../aws/ClientPool.js");
+const client_tools_js_1 = require("../../utils/client-tools.js");
+const sync_js_1 = require("../sync.js");
+exports.LambdaSync = {
+    awsService: 'lambda',
+    name: 'lambda',
+    global: false,
+    execute: async (accountId, region, credentials, storage, endpoint) => {
+        const lambdaClient = ClientPool_js_1.AwsClientPool.defaultInstance.client(client_lambda_1.LambdaClient, credentials, region, endpoint);
+        const command = new client_lambda_1.ListFunctionsCommand();
+        const functions = [];
+        let marker = undefined;
+        do {
+            const response = await lambdaClient.send(command);
+            functions.push(...(response.Functions || []));
+            marker = response.NextMarker;
+        } while (marker);
+        const functionData = [];
+        for (const func of functions) {
+            const policy = await (0, client_tools_js_1.runAndCatch404)(async () => {
+                const policyResult = await lambdaClient.send(new client_lambda_1.GetPolicyCommand({ FunctionName: func.FunctionName }));
+                if (policyResult.Policy) {
+                    return JSON.parse(policyResult.Policy);
+                }
+                return undefined;
+            });
+            const tags = await (0, client_tools_js_1.runAndCatch404)(async () => {
+                const tagsResult = await lambdaClient.send(new client_lambda_1.ListTagsCommand({ Resource: func.FunctionArn }));
+                return tagsResult.Tags;
+            });
+            functionData.push({
+                arn: func.FunctionArn,
+                metadata: {
+                    role: func.Role,
+                    arn: func.FunctionArn,
+                    name: func.FunctionName
+                },
+                policy,
+                tags
+            });
+        }
+        await (0, sync_js_1.syncData)(functionData, storage, accountId, {
+            service: 'lambda',
+            resourceType: 'function',
+            account: accountId,
+            region: region
+        });
+    }
+};
+//# sourceMappingURL=lambda.js.map

package/dist/cjs/syncs/lambda/lambda.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"lambda.js","sourceRoot":"","sources":["../../../../src/syncs/lambda/lambda.ts"],"names":[],"mappings":";;;AAAA,0DAM+B;AAE/B,2DAAuD;AAEvD,iEAA4D;AAC5D,wCAA2C;AAE9B,QAAA,UAAU,GAAS;IAC9B,UAAU,EAAE,QAAQ;IACpB,IAAI,EAAE,QAAQ;IACd,MAAM,EAAE,KAAK;IACb,OAAO,EAAE,KAAK,EACZ,SAAiB,EACjB,MAAc,EACd,WAA8C,EAC9C,OAAoB,EACpB,QAA4B,EACb,EAAE;QACjB,MAAM,YAAY,GAAG,6BAAa,CAAC,eAAe,CAAC,MAAM,CACvD,4BAAY,EACZ,WAAW,EACX,MAAM,EACN,QAAQ,CACT,CAAA;QAED,MAAM,OAAO,GAAG,IAAI,oCAAoB,EAAE,CAAA;QAE1C,MAAM,SAAS,GAA4B,EAAE,CAAA;QAC7C,IAAI,MAAM,GAAuB,SAAS,CAAA;QAC1C,GAAG,CAAC;YACF,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;YACjD,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC,CAAA;YAC7C,MAAM,GAAG,QAAQ,CAAC,UAAU,CAAA;QAC9B,CAAC,QAAQ,MAAM,EAAC;QAEhB,MAAM,YAAY,GAA8C,EAAE,CAAA;QAClE,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;YAC7B,MAAM,MAAM,GAAG,MAAM,IAAA,gCAAc,EAAC,KAAK,IAAI,EAAE;gBAC7C,MAAM,YAAY,GAAG,MAAM,YAAY,CAAC,IAAI,CAC1C,IAAI,gCAAgB,CAAC,EAAE,YAAY,EAAE,IAAI,CAAC,YAAY,EAAE,CAAC,CAC1D,CAAA;gBACD,IAAI,YAAY,CAAC,MAAM,EAAE,CAAC;oBACxB,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,MAAM,CAAC,CAAA;gBACxC,CAAC;gBACD,OAAO,SAAS,CAAA;YAClB,CAAC,CAAC,CAAA;YACF,MAAM,IAAI,GAAG,MAAM,IAAA,gCAAc,EAAC,KAAK,IAAI,EAAE;gBAC3C,MAAM,UAAU,GAAG,MAAM,YAAY,CAAC,IAAI,CACxC,IAAI,+BAAe,CAAC,EAAE,QAAQ,EAAE,IAAI,CAAC,WAAW,EAAE,CAAC,CACpD,CAAA;gBACD,OAAO,UAAU,CAAC,IAAI,CAAA;YACxB,CAAC,CAAC,CAAA;YAEF,YAAY,CAAC,IAAI,CAAC;gBAChB,GAAG,EAAE,IAAI,CAAC,WAAY;gBACtB,QAAQ,EAAE;oBACR,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,GAAG,EAAE,IAAI,CAAC,WAAW;oBACrB,IAAI,EAAE,IAAI,CAAC,YAAY;iBACxB;gBACD,MAAM;gBACN,IAAI;aACL,CAAC,CAAA;QACJ,CAAC;QAED,MAAM,IAAA,kBAAQ,EAAC,YAAY,EAAE,OAAO,EAAE,SAAS,EAAE;YAC/C,OAAO,EAAE,QAAQ;YACjB,YAAY,EAAE,UAAU;YACxB,OAAO,EAAE,SAAS;YAClB,MAAM,EAAE,MAAM;SACf,CAAC,CAAA;IACJ,CAAC;CACF,CAAA"}

package/dist/cjs/syncs/sync.d.ts

@@ -0,0 +1,27 @@
+import { AwsCredentialIdentityWithMetaData } from '../aws/auth.js';
+import { AwsIamStore, ResourceTypeParts } from '../persistence/AwsIamStore.js';
+import { AwsService } from '../services.js';
+export interface Sync {
+    /**
+     * What service the sync is for.
+     */
+    awsService: AwsService;
+    /**
+     * The name of the sync. This should be a unique identifier for the sync.
+     */
+    name: string;
+    /**
+     * Is the sync global. If so, it should only be one in one region per account.
+     */
+    global?: boolean;
+    /**
+     * Execute the sync for a given account and region.
+     */
+    execute(accountId: string, region: string, credentials: AwsCredentialIdentityWithMetaData, storage: AwsIamStore, endpoint: string | undefined): Promise<void>;
+}
+type DataRecord = Record<string, any> & {
+    arn: string;
+};
+export declare function syncData(records: DataRecord[], storage: AwsIamStore, accountId: string, resourceTypeParts: ResourceTypeParts): Promise<void>;
+export {};
+//# sourceMappingURL=sync.d.ts.map

package/dist/cjs/syncs/sync.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sync.d.ts","sourceRoot":"","sources":["../../../src/syncs/sync.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iCAAiC,EAAE,MAAM,gBAAgB,CAAA;AAClE,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAA;AAC9E,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AAE3C,MAAM,WAAW,IAAI;IACnB;;OAEG;IACH,UAAU,EAAE,UAAU,CAAA;IAEtB;;OAEG;IACH,IAAI,EAAE,MAAM,CAAA;IAEZ;;OAEG;IACH,MAAM,CAAC,EAAE,OAAO,CAAA;IAEhB;;OAEG;IACH,OAAO,CACL,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,iCAAiC,EAC9C,OAAO,EAAE,WAAW,EACpB,QAAQ,EAAE,MAAM,GAAG,SAAS,GAC3B,OAAO,CAAC,IAAI,CAAC,CAAA;CACjB;AAED,KAAK,UAAU,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG;IAAE,GAAG,EAAE,MAAM,CAAA;CAAE,CAAA;AACvD,wBAAsB,QAAQ,CAC5B,OAAO,EAAE,UAAU,EAAE,EACrB,OAAO,EAAE,WAAW,EACpB,SAAS,EAAE,MAAM,EACjB,iBAAiB,EAAE,iBAAiB,iBAarC"}

package/dist/cjs/syncs/sync.js

@@ -0,0 +1,16 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.syncData = syncData;
+async function syncData(records, storage, accountId, resourceTypeParts) {
+    const allArns = records.map((r) => r.arn);
+    await storage.syncResourceList(accountId, resourceTypeParts, allArns);
+    for (const record of records) {
+        for (const [key, value] of Object.entries(record)) {
+            if (key === 'arn') {
+                continue;
+            }
+            await storage.saveResourceMetadata(accountId, record.arn, key, value);
+        }
+    }
+}
+//# sourceMappingURL=sync.js.map

package/dist/cjs/syncs/sync.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sync.js","sourceRoot":"","sources":["../../../src/syncs/sync.ts"],"names":[],"mappings":";;AAiCA,4BAiBC;AAjBM,KAAK,UAAU,QAAQ,CAC5B,OAAqB,EACrB,OAAoB,EACpB,SAAiB,EACjB,iBAAoC;IAEpC,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAA;IACzC,MAAM,OAAO,CAAC,gBAAgB,CAAC,SAAS,EAAE,iBAAiB,EAAE,OAAO,CAAC,CAAA;IAErE,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAClD,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;gBAClB,SAAQ;YACV,CAAC;YACD,MAAM,OAAO,CAAC,oBAAoB,CAAC,SAAS,EAAE,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,CAAC,CAAA;QACvE,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/cjs/syncs/syncMap.d.ts

@@ -0,0 +1,17 @@
+import { AwsService } from '../services.js';
+import { Sync } from './sync.js';
+/**
+ * Get the global syncs for a given AWS service.
+ *
+ * @param service The AWS service to get the syncs for
+ * @returns An array of syncs that are global for the specified service.
+ */
+export declare function getGlobalSyncsForService(service: AwsService): Sync[];
+/**
+ * Get the regional syncs for a given AWS service.
+ *
+ * @param service The AWS service to get the syncs for
+ * @returns An array of syncs that are regional for the specified service.
+ */
+export declare function getRegionalSyncsForService(service: AwsService): Sync[];
+//# sourceMappingURL=syncMap.d.ts.map

package/dist/cjs/syncs/syncMap.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"syncMap.d.ts","sourceRoot":"","sources":["../../../src/syncs/syncMap.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AAG3C,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAA;AAsBhC;;;;;GAKG;AACH,wBAAgB,wBAAwB,CAAC,OAAO,EAAE,UAAU,GAAG,IAAI,EAAE,CAMpE;AAED;;;;;GAKG;AACH,wBAAgB,0BAA0B,CAAC,OAAO,EAAE,UAAU,GAAG,IAAI,EAAE,CAMtE"}

package/dist/cjs/syncs/syncMap.js

@@ -0,0 +1,51 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getGlobalSyncsForService = getGlobalSyncsForService;
+exports.getRegionalSyncsForService = getRegionalSyncsForService;
+const authorizationDetails_js_1 = require("./iam/authorizationDetails.js");
+const lambda_js_1 = require("./lambda/lambda.js");
+const allSyncs = [authorizationDetails_js_1.AuthorizationDetailsSync, lambda_js_1.LambdaSync];
+const syncMap = new Map();
+for (const sync of allSyncs) {
+    const service = sync.awsService;
+    if (!syncMap.has(service)) {
+        syncMap.set(service, {
+            regional: [],
+            global: []
+        });
+    }
+    const syncs = syncMap.get(service);
+    if (sync.global) {
+        syncs.global.push(sync);
+    }
+    else {
+        syncs.regional.push(sync);
+    }
+}
+/**
+ * Get the global syncs for a given AWS service.
+ *
+ * @param service The AWS service to get the syncs for
+ * @returns An array of syncs that are global for the specified service.
+ */
+function getGlobalSyncsForService(service) {
+    const syncs = syncMap.get(service);
+    if (!syncs) {
+        return [];
+    }
+    return syncs.global;
+}
+/**
+ * Get the regional syncs for a given AWS service.
+ *
+ * @param service The AWS service to get the syncs for
+ * @returns An array of syncs that are regional for the specified service.
+ */
+function getRegionalSyncsForService(service) {
+    const syncs = syncMap.get(service);
+    if (!syncs) {
+        return [];
+    }
+    return syncs.regional;
+}
+//# sourceMappingURL=syncMap.js.map

package/dist/cjs/syncs/syncMap.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"syncMap.js","sourceRoot":"","sources":["../../../src/syncs/syncMap.ts"],"names":[],"mappings":";;AA+BA,4DAMC;AAQD,gEAMC;AAlDD,2EAAwE;AACxE,kDAA+C;AAG/C,MAAM,QAAQ,GAAG,CAAC,kDAAwB,EAAE,sBAAU,CAAC,CAAA;AAEvD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAoD,CAAA;AAE3E,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;IAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAA;IAC/B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;QAC1B,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE;YACnB,QAAQ,EAAE,EAAE;YACZ,MAAM,EAAE,EAAE;SACX,CAAC,CAAA;IACJ,CAAC;IACD,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAE,CAAA;IACnC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IACzB,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAC3B,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,SAAgB,wBAAwB,CAAC,OAAmB;IAC1D,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;IAClC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,EAAE,CAAA;IACX,CAAC;IACD,OAAO,KAAK,CAAC,MAAM,CAAA;AACrB,CAAC;AAED;;;;;GAKG;AACH,SAAgB,0BAA0B,CAAC,OAAmB;IAC5D,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;IAClC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,EAAE,CAAA;IACX,CAAC;IACD,OAAO,KAAK,CAAC,QAAQ,CAAA;AACvB,CAAC"}

package/dist/cjs/utils/arn.d.ts

@@ -0,0 +1,26 @@
+export interface ArnParts {
+    partition: string | undefined;
+    service: string | undefined;
+    region: string | undefined;
+    accountId: string | undefined;
+    resource: string | undefined;
+    resourceType: string | undefined;
+    resourcePath: string | undefined;
+}
+/**
+ * Split an ARN into its parts
+ *
+ * @param arn the arn to split
+ * @returns the parts of the ARN
+ */
+export declare function splitArnParts(arn: string): ArnParts;
+/**
+ * Get the product/id segments of the resource portion of an ARN.
+ * The first segment is the product segment and the second segment is the resource id segment.
+ * This could be split by a colon or a slash, so it checks for both. It also checks for S3 buckets/objects.
+ *
+ * @param resource The resource to get the resource segments. Must be an ARN resource.
+ * @returns a tuple with the first segment being the product segment (without the separator) and the second segment being the resource id.
+ */
+export declare function getResourceSegments(service: string, accountId: string, region: string, resourceString: string): [string, string];
+//# sourceMappingURL=arn.d.ts.map

package/dist/cjs/utils/arn.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"arn.d.ts","sourceRoot":"","sources":["../../../src/utils/arn.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,QAAQ;IACvB,SAAS,EAAE,MAAM,GAAG,SAAS,CAAA;IAC7B,OAAO,EAAE,MAAM,GAAG,SAAS,CAAA;IAC3B,MAAM,EAAE,MAAM,GAAG,SAAS,CAAA;IAC1B,SAAS,EAAE,MAAM,GAAG,SAAS,CAAA;IAC7B,QAAQ,EAAE,MAAM,GAAG,SAAS,CAAA;IAC5B,YAAY,EAAE,MAAM,GAAG,SAAS,CAAA;IAChC,YAAY,EAAE,MAAM,GAAG,SAAS,CAAA;CACjC;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,QAAQ,CAkBnD;AAED;;;;;;;GAOG;AACH,wBAAgB,mBAAmB,CACjC,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,cAAc,EAAE,MAAM,GACrB,CAAC,MAAM,EAAE,MAAM,CAAC,CAqBlB"}

package/dist/cjs/utils/arn.js

@@ -0,0 +1,60 @@
+"use strict";
+// Copied from https://github.com/cloud-copilot/iam-simulate/blob/main/src/util.ts
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.splitArnParts = splitArnParts;
+exports.getResourceSegments = getResourceSegments;
+/**
+ * Split an ARN into its parts
+ *
+ * @param arn the arn to split
+ * @returns the parts of the ARN
+ */
+function splitArnParts(arn) {
+    const parts = arn.split(':');
+    const partition = parts.at(1);
+    const service = parts.at(2);
+    const region = parts.at(3);
+    const accountId = parts.at(4);
+    const resource = parts.slice(5).join(':');
+    const [resourceType, resourcePath] = getResourceSegments(service, accountId, region, resource);
+    return {
+        partition,
+        service,
+        region,
+        accountId,
+        resource,
+        resourceType,
+        resourcePath
+    };
+}
+/**
+ * Get the product/id segments of the resource portion of an ARN.
+ * The first segment is the product segment and the second segment is the resource id segment.
+ * This could be split by a colon or a slash, so it checks for both. It also checks for S3 buckets/objects.
+ *
+ * @param resource The resource to get the resource segments. Must be an ARN resource.
+ * @returns a tuple with the first segment being the product segment (without the separator) and the second segment being the resource id.
+ */
+function getResourceSegments(service, accountId, region, resourceString) {
+    // This is terrible, and I hate it
+    if (service === 's3' && accountId === '' && region === '') {
+        return ['', resourceString];
+    }
+    const slashIndex = resourceString.indexOf('/');
+    const colonIndex = resourceString.indexOf(':');
+    let splitIndex = slashIndex;
+    if (slashIndex != -1 && colonIndex != -1) {
+        splitIndex = Math.min(slashIndex, colonIndex) + 1;
+    }
+    else if (colonIndex == -1) {
+        splitIndex = slashIndex + 1;
+    }
+    else if (slashIndex == -1) {
+        splitIndex = colonIndex + 1;
+    }
+    else {
+        throw new Error(`Unable to split resource ${resourceString}`);
+    }
+    return [resourceString.slice(0, splitIndex - 1), resourceString.slice(splitIndex)];
+}
+//# sourceMappingURL=arn.js.map

package/dist/cjs/utils/arn.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"arn.js","sourceRoot":"","sources":["../../../src/utils/arn.ts"],"names":[],"mappings":";AAAA,kFAAkF;;AAkBlF,sCAkBC;AAUD,kDA0BC;AA5DD;;;;;GAKG;AACH,SAAgB,aAAa,CAAC,GAAW;IACvC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC5B,MAAM,SAAS,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;IAC7B,MAAM,OAAO,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAE,CAAA;IAC5B,MAAM,MAAM,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAE,CAAA;IAC3B,MAAM,SAAS,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAE,CAAA;IAC9B,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACzC,MAAM,CAAC,YAAY,EAAE,YAAY,CAAC,GAAG,mBAAmB,CAAC,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAA;IAE9F,OAAO;QACL,SAAS;QACT,OAAO;QACP,MAAM;QACN,SAAS;QACT,QAAQ;QACR,YAAY;QACZ,YAAY;KACb,CAAA;AACH,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,mBAAmB,CACjC,OAAe,EACf,SAAiB,EACjB,MAAc,EACd,cAAsB;IAEtB,kCAAkC;IAClC,IAAI,OAAO,KAAK,IAAI,IAAI,SAAS,KAAK,EAAE,IAAI,MAAM,KAAK,EAAE,EAAE,CAAC;QAC1D,OAAO,CAAC,EAAE,EAAE,cAAc,CAAC,CAAA;IAC7B,CAAC;IAED,MAAM,UAAU,GAAG,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IAC9C,MAAM,UAAU,GAAG,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IAE9C,IAAI,UAAU,GAAG,UAAU,CAAA;IAC3B,IAAI,UAAU,IAAI,CAAC,CAAC,IAAI,UAAU,IAAI,CAAC,CAAC,EAAE,CAAC;QACzC,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,UAAU,CAAC,GAAG,CAAC,CAAA;IACnD,CAAC;SAAM,IAAI,UAAU,IAAI,CAAC,CAAC,EAAE,CAAC;QAC5B,UAAU,GAAG,UAAU,GAAG,CAAC,CAAA;IAC7B,CAAC;SAAM,IAAI,UAAU,IAAI,CAAC,CAAC,EAAE,CAAC;QAC5B,UAAU,GAAG,UAAU,GAAG,CAAC,CAAA;IAC7B,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,KAAK,CAAC,4BAA4B,cAAc,EAAE,CAAC,CAAA;IAC/D,CAAC;IAED,OAAO,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,GAAG,CAAC,CAAC,EAAE,cAAc,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAA;AACpF,CAAC"}

package/dist/cjs/utils/client-tools.d.ts

@@ -0,0 +1,15 @@
+/**
+ *
+ * @param operation The operation to run.
+ * @returns If successful, returns the result of operation. If operation returns a 404, returns undefined.
+ * @throws If operation returns a non 404 error, rethrows that error.
+ */
+export declare function runAndCatch404<T>(operation: () => Promise<T | undefined>): Promise<T | undefined>;
+/**
+ *
+ * @param operation The operation to run.
+ * @returns If successful, returns the result of operation. If operation returns a 404, returns undefined.
+ * @throws If operation returns a non 400 error, rethrows that error.
+ */
+export declare function runAndCatchAccessDenied<T>(operation: () => Promise<T | undefined>): Promise<T | undefined>;
+//# sourceMappingURL=client-tools.d.ts.map

package/dist/cjs/utils/client-tools.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client-tools.d.ts","sourceRoot":"","sources":["../../../src/utils/client-tools.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,wBAAsB,cAAc,CAAC,CAAC,EACpC,SAAS,EAAE,MAAM,OAAO,CAAC,CAAC,GAAG,SAAS,CAAC,GACtC,OAAO,CAAC,CAAC,GAAG,SAAS,CAAC,CAUxB;AAED;;;;;GAKG;AACH,wBAAsB,uBAAuB,CAAC,CAAC,EAC7C,SAAS,EAAE,MAAM,OAAO,CAAC,CAAC,GAAG,SAAS,CAAC,GACtC,OAAO,CAAC,CAAC,GAAG,SAAS,CAAC,CAYxB"}

package/dist/cjs/utils/client-tools.js

@@ -0,0 +1,42 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runAndCatch404 = runAndCatch404;
+exports.runAndCatchAccessDenied = runAndCatchAccessDenied;
+/**
+ *
+ * @param operation The operation to run.
+ * @returns If successful, returns the result of operation. If operation returns a 404, returns undefined.
+ * @throws If operation returns a non 404 error, rethrows that error.
+ */
+async function runAndCatch404(operation) {
+    try {
+        const result = await operation();
+        return result;
+    }
+    catch (e) {
+        if (e['$metadata']?.httpStatusCode == 404) {
+            return undefined;
+        }
+        throw e;
+    }
+}
+/**
+ *
+ * @param operation The operation to run.
+ * @returns If successful, returns the result of operation. If operation returns a 404, returns undefined.
+ * @throws If operation returns a non 400 error, rethrows that error.
+ */
+async function runAndCatchAccessDenied(operation) {
+    try {
+        const result = await operation();
+        return result;
+    }
+    catch (e) {
+        const errorName = e.name;
+        if (errorName == 'AccessDeniedException' || errorName == 'AccessDenied') {
+            return undefined;
+        }
+        throw e;
+    }
+}
+//# sourceMappingURL=client-tools.js.map

package/dist/cjs/utils/client-tools.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client-tools.js","sourceRoot":"","sources":["../../../src/utils/client-tools.ts"],"names":[],"mappings":";;AAMA,wCAYC;AAQD,0DAcC;AAxCD;;;;;GAKG;AACI,KAAK,UAAU,cAAc,CAClC,SAAuC;IAEvC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAA;QAChC,OAAO,MAAM,CAAA;IACf,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,IAAI,CAAC,CAAC,WAAW,CAAC,EAAE,cAAc,IAAI,GAAG,EAAE,CAAC;YAC1C,OAAO,SAAS,CAAA;QAClB,CAAC;QACD,MAAM,CAAC,CAAA;IACT,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACI,KAAK,UAAU,uBAAuB,CAC3C,SAAuC;IAEvC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAA;QAChC,OAAO,MAAM,CAAA;IACf,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,MAAM,SAAS,GAAG,CAAC,CAAC,IAAI,CAAA;QAExB,IAAI,SAAS,IAAI,uBAAuB,IAAI,SAAS,IAAI,cAAc,EAAE,CAAC;YACxE,OAAO,SAAS,CAAA;QAClB,CAAC;QACD,MAAM,CAAC,CAAA;IACT,CAAC;AACH,CAAC"}

package/dist/cjs/utils/strings.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Generates a random string of a given length
+ *
+ * @param length The length of the string you would like to generate
+ * @returns
+ */
+export declare function randomCharacters(length?: number): string;
+//# sourceMappingURL=strings.d.ts.map

package/dist/cjs/utils/strings.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"strings.d.ts","sourceRoot":"","sources":["../../../src/utils/strings.ts"],"names":[],"mappings":"AACA;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,GAAE,MAAU,GAAG,MAAM,CAQ3D"}

package/dist/cjs/utils/strings.js

@@ -0,0 +1,19 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.randomCharacters = randomCharacters;
+const characters = '0123456789abcdefghijklmnopqrstuvwxyz';
+/**
+ * Generates a random string of a given length
+ *
+ * @param length The length of the string you would like to generate
+ * @returns
+ */
+function randomCharacters(length = 5) {
+    let result = '';
+    for (let i = 0; i < length; i++) {
+        const randomIndex = Math.floor(Math.random() * characters.length);
+        result += characters[randomIndex];
+    }
+    return result;
+}
+//# sourceMappingURL=strings.js.map

package/dist/cjs/utils/strings.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"strings.js","sourceRoot":"","sources":["../../../src/utils/strings.ts"],"names":[],"mappings":";;AAOA,4CAQC;AAfD,MAAM,UAAU,GAAG,sCAAsC,CAAA;AACzD;;;;;GAKG;AACH,SAAgB,gBAAgB,CAAC,SAAiB,CAAC;IACjD,IAAI,MAAM,GAAG,EAAE,CAAA;IACf,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAChC,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,UAAU,CAAC,MAAM,CAAC,CAAA;QACjE,MAAM,IAAI,UAAU,CAAC,WAAW,CAAC,CAAA;IACnC,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC"}

package/dist/cjs/utils/types.d.ts

@@ -0,0 +1,2 @@
+export declare function isDefined<T>(value: T | undefined): value is T;
+//# sourceMappingURL=types.d.ts.map

package/dist/cjs/utils/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/utils/types.ts"],"names":[],"mappings":"AAAA,wBAAgB,SAAS,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,GAAG,SAAS,GAAG,KAAK,IAAI,CAAC,CAE7D"}

package/dist/cjs/utils/types.js

@@ -0,0 +1,7 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isDefined = isDefined;
+function isDefined(value) {
+    return value !== undefined && value !== null;
+}
+//# sourceMappingURL=types.js.map

package/dist/cjs/utils/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/utils/types.ts"],"names":[],"mappings":";;AAAA,8BAEC;AAFD,SAAgB,SAAS,CAAI,KAAoB;IAC/C,OAAO,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,CAAA;AAC9C,CAAC"}

package/dist/esm/aws/ClientPool.d.ts

@@ -0,0 +1,27 @@
+import type { Client } from '@smithy/smithy-client';
+import { AwsCredentialIdentityWithMetaData } from './auth.js';
+type ClientConstructor<T> = new (args: any) => T;
+type AnyClient = Client<any, any, any, any>;
+export declare class AwsClientPool {
+    static defaultInstance: AwsClientPool;
+    private clientCache;
+    /**
+     * Returns a client of the specified type with the specified credentials and region.
+     * Will create a new client if one does not already exist in the cache.
+     *
+     * @param ClientType The client constructor to create an instance of.
+     * @param credentials The credentials to use for the client.
+     * @param region The region to use for the client.
+     * @returns A client of the specified type with the specified credentials and region.
+     */
+    client<T extends AnyClient>(ClientType: ClientConstructor<T>, credentials: AwsCredentialIdentityWithMetaData, region: string | undefined, endpoint: string | undefined): T;
+    private getCacheKey;
+    /**
+     * Destroys all clients in the pool and empties the cache.
+     *
+     * NOT THREAD SAFE, this should only be called when all other operations are complete.
+     */
+    clear(): void;
+}
+export {};
+//# sourceMappingURL=ClientPool.d.ts.map

package/dist/esm/aws/ClientPool.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ClientPool.d.ts","sourceRoot":"","sources":["../../../src/aws/ClientPool.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAA;AAEnD,OAAO,EAAE,iCAAiC,EAAE,MAAM,WAAW,CAAA;AAE7D,KAAK,iBAAiB,CAAC,CAAC,IAAI,KAAK,IAAI,EAAE,GAAG,KAAK,CAAC,CAAA;AAChD,KAAK,SAAS,GAAG,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;AAE3C,qBAAa,aAAa;IACxB,OAAc,eAAe,gBAAsB;IAEnD,OAAO,CAAC,WAAW,CAA+B;IAElD;;;;;;;;OAQG;IACI,MAAM,CAAC,CAAC,SAAS,SAAS,EAC/B,UAAU,EAAE,iBAAiB,CAAC,CAAC,CAAC,EAChC,WAAW,EAAE,iCAAiC,EAC9C,MAAM,EAAE,MAAM,GAAG,SAAS,EAC1B,QAAQ,EAAE,MAAM,GAAG,SAAS,GAC3B,CAAC;IAmBJ,OAAO,CAAC,WAAW;IASnB;;;;OAIG;IACI,KAAK,IAAI,IAAI;CAQrB"}

package/dist/esm/aws/ClientPool.js

@@ -0,0 +1,50 @@
+import { RETRY_MODES } from '@smithy/util-retry';
+export class AwsClientPool {
+    constructor() {
+        this.clientCache = new Map();
+    }
+    /**
+     * Returns a client of the specified type with the specified credentials and region.
+     * Will create a new client if one does not already exist in the cache.
+     *
+     * @param ClientType The client constructor to create an instance of.
+     * @param credentials The credentials to use for the client.
+     * @param region The region to use for the client.
+     * @returns A client of the specified type with the specified credentials and region.
+     */
+    client(ClientType, credentials, region, endpoint) {
+        const cacheKey = this.getCacheKey(ClientType, credentials, region, endpoint);
+        if (!this.clientCache.has(cacheKey)) {
+            // logInfo('CreatingNewAwsClient', undefined, { cacheKey })
+            const client = new ClientType({
+                credentials,
+                region,
+                maxAttempts: 10,
+                retryMode: RETRY_MODES.ADAPTIVE
+            });
+            this.clientCache.set(cacheKey, client);
+        }
+        else {
+            // logInfo('ReusingAwsClient', undefined, { cacheKey })
+        }
+        return this.clientCache.get(cacheKey);
+    }
+    getCacheKey(ClientType, credentials, region, endpoint) {
+        return `${ClientType.name}:${credentials.accountId}:${region}:${endpoint}`;
+    }
+    /**
+     * Destroys all clients in the pool and empties the cache.
+     *
+     * NOT THREAD SAFE, this should only be called when all other operations are complete.
+     */
+    clear() {
+        this.clientCache.forEach((client) => {
+            if (typeof client.destroy === 'function') {
+                client.destroy();
+            }
+        });
+        this.clientCache.clear();
+    }
+}
+AwsClientPool.defaultInstance = new AwsClientPool();
+//# sourceMappingURL=ClientPool.js.map

package/dist/esm/aws/ClientPool.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ClientPool.js","sourceRoot":"","sources":["../../../src/aws/ClientPool.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAA;AAMhD,MAAM,OAAO,aAAa;IAA1B;QAGU,gBAAW,GAAG,IAAI,GAAG,EAAqB,CAAA;IAyDpD,CAAC;IAvDC;;;;;;;;OAQG;IACI,MAAM,CACX,UAAgC,EAChC,WAA8C,EAC9C,MAA0B,EAC1B,QAA4B;QAE5B,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,WAAW,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAA;QAE5E,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YACpC,2DAA2D;YAC3D,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC;gBAC5B,WAAW;gBACX,MAAM;gBACN,WAAW,EAAE,EAAE;gBACf,SAAS,EAAE,WAAW,CAAC,QAAQ;aAChC,CAAC,CAAA;YACF,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAA;QACxC,CAAC;aAAM,CAAC;YACN,uDAAuD;QACzD,CAAC;QAED,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAM,CAAA;IAC5C,CAAC;IAEO,WAAW,CACjB,UAAgC,EAChC,WAA8C,EAC9C,MAA0B,EAC1B,QAA4B;QAE5B,OAAO,GAAG,UAAU,CAAC,IAAI,IAAI,WAAW,CAAC,SAAS,IAAI,MAAM,IAAI,QAAQ,EAAE,CAAA;IAC5E,CAAC;IAED;;;;OAIG;IACI,KAAK;QACV,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE;YAClC,IAAI,OAAO,MAAM,CAAC,OAAO,KAAK,UAAU,EAAE,CAAC;gBACzC,MAAM,CAAC,OAAO,EAAE,CAAA;YAClB,CAAC;QACH,CAAC,CAAC,CAAA;QACF,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,CAAA;IAC1B,CAAC;;AA1Da,6BAAe,GAAG,IAAI,aAAa,EAAE,AAAtB,CAAsB"}

package/dist/esm/aws/auth.d.ts

@@ -0,0 +1,16 @@
+import { AwsCredentialIdentity } from '@aws-sdk/types';
+import { AuthConfig } from '../config/config.js';
+export interface AwsCredentialIdentityWithMetaData extends AwsCredentialIdentity {
+    partition: string;
+    accountId: string;
+}
+export interface CollectIdentityProvider {
+    getCredentials: () => Promise<AwsCredentialIdentityWithMetaData>;
+}
+export declare function getDefaultCredentials(): Promise<AwsCredentialIdentity>;
+export declare function getCredentials(accountId: string, authConfig: AuthConfig | undefined): Promise<AwsCredentialIdentityWithMetaData>;
+export declare function getTokenInfo(credentials: AwsCredentialIdentity): Promise<{
+    accountId: string;
+    partition: string;
+}>;
+//# sourceMappingURL=auth.d.ts.map

package/dist/esm/aws/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../../src/aws/auth.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,qBAAqB,EAAE,MAAM,gBAAgB,CAAA;AACtD,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAA;AAGhD,MAAM,WAAW,iCAAkC,SAAQ,qBAAqB;IAC9E,SAAS,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;CAClB;AAED,MAAM,WAAW,uBAAuB;IACtC,cAAc,EAAE,MAAM,OAAO,CAAC,iCAAiC,CAAC,CAAA;CACjE;AAED,wBAAsB,qBAAqB,IAAI,OAAO,CAAC,qBAAqB,CAAC,CAG5E;AAED,wBAAsB,cAAc,CAClC,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,UAAU,GAAG,SAAS,GACjC,OAAO,CAAC,iCAAiC,CAAC,CAyD5C;AAED,wBAAsB,YAAY,CAAC,WAAW,EAAE,qBAAqB,GAAG,OAAO,CAAC;IAC9E,SAAS,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;CAClB,CAAC,CAYD"}

package/dist/esm/aws/auth.js

@@ -0,0 +1,71 @@
+import { GetCallerIdentityCommand, STSClient } from '@aws-sdk/client-sts';
+import { fromIni, fromNodeProviderChain, fromTemporaryCredentials } from '@aws-sdk/credential-providers';
+import { randomCharacters } from '../utils/strings.js';
+export async function getDefaultCredentials() {
+    const provider = fromNodeProviderChain();
+    return provider();
+}
+export async function getCredentials(accountId, authConfig) {
+    //If there is no auth config specific to that account, use the default auth config
+    if (!authConfig) {
+        const provider = fromNodeProviderChain();
+        const credentials = await provider();
+        const tokenInfo = await getTokenInfo(credentials);
+        if (tokenInfo.accountId !== accountId) {
+            throw new Error(`No auth config found for account ${accountId} and no default auth config found. The account ID of the current credentials does not match.`);
+        }
+        return {
+            ...credentials,
+            accountId: tokenInfo.accountId,
+            partition: tokenInfo.partition
+        };
+    }
+    let credentials = undefined;
+    if (authConfig.profile) {
+        const provider = fromIni({ profile: authConfig.profile });
+        credentials = await provider();
+    }
+    else {
+        const provider = fromNodeProviderChain();
+        credentials = await provider();
+    }
+    const sessionInfo = await getTokenInfo(credentials);
+    if (authConfig.role) {
+        const roleProvider = fromTemporaryCredentials({
+            // Optional. The master credentials used to get and refresh temporary credentials from AWS STS.
+            // If skipped, it uses the default credential resolved by internal STS client.
+            masterCredentials: credentials,
+            // Required. Options passed to STS AssumeRole operation.
+            params: {
+                // Required. ARN of role to assume.
+                RoleArn: `arn:${sessionInfo.partition}:iam::${accountId}:role/${authConfig.role.pathAndName}`,
+                ExternalId: authConfig.role.externalId,
+                // Optional. An identifier for the assumed role session. If skipped, it generates a random
+                // session name with prefix of 'aws-sdk-js-'.
+                RoleSessionName: authConfig.role.sessionName || `iam-collect-${randomCharacters()}`
+                // Optional. The duration, in seconds, of the role session.
+            }
+        });
+        credentials = await roleProvider();
+    }
+    else if (sessionInfo.accountId != accountId) {
+        // If the account ID from the credentials doesn't match the expected account ID and no role is specified
+        // throw an error to indicate that the credentials do not match the expected account
+        throw new Error(`The credentials provided do not match the expected account ID ${accountId}. Found ${sessionInfo.accountId}. Please check your auth configuration.`);
+    }
+    return { ...credentials, accountId, partition: sessionInfo.partition };
+}
+export async function getTokenInfo(credentials) {
+    const stsClient = new STSClient({ credentials });
+    const command = new GetCallerIdentityCommand({});
+    const response = await stsClient.send(command);
+    const accountId = response.Account;
+    const arn = response.Arn;
+    const arnParts = arn.split(':');
+    const partition = arnParts[1];
+    return {
+        accountId: accountId,
+        partition: partition
+    };
+}
+//# sourceMappingURL=auth.js.map

package/dist/esm/aws/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../../src/aws/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,wBAAwB,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAA;AACzE,OAAO,EACL,OAAO,EACP,qBAAqB,EACrB,wBAAwB,EACzB,MAAM,+BAA+B,CAAA;AAGtC,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAA;AAWtD,MAAM,CAAC,KAAK,UAAU,qBAAqB;IACzC,MAAM,QAAQ,GAAG,qBAAqB,EAAE,CAAA;IACxC,OAAO,QAAQ,EAAE,CAAA;AACnB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,SAAiB,EACjB,UAAkC;IAElC,kFAAkF;IAClF,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,QAAQ,GAAG,qBAAqB,EAAE,CAAA;QACxC,MAAM,WAAW,GAAG,MAAM,QAAQ,EAAE,CAAA;QACpC,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,WAAW,CAAC,CAAA;QACjD,IAAI,SAAS,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;YACtC,MAAM,IAAI,KAAK,CACb,oCAAoC,SAAS,8FAA8F,CAC5I,CAAA;QACH,CAAC;QAED,OAAO;YACL,GAAG,WAAW;YACd,SAAS,EAAE,SAAS,CAAC,SAAS;YAC9B,SAAS,EAAE,SAAS,CAAC,SAAS;SAC/B,CAAA;IACH,CAAC;IAED,IAAI,WAAW,GAAsC,SAAS,CAAA;IAC9D,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;QACvB,MAAM,QAAQ,GAAG,OAAO,CAAC,EAAE,OAAO,EAAE,UAAU,CAAC,OAAO,EAAE,CAAC,CAAA;QACzD,WAAW,GAAG,MAAM,QAAQ,EAAE,CAAA;IAChC,CAAC;SAAM,CAAC;QACN,MAAM,QAAQ,GAAG,qBAAqB,EAAE,CAAA;QACxC,WAAW,GAAG,MAAM,QAAQ,EAAE,CAAA;IAChC,CAAC;IAED,MAAM,WAAW,GAAG,MAAM,YAAY,CAAC,WAAW,CAAC,CAAA;IACnD,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC;QACpB,MAAM,YAAY,GAAG,wBAAwB,CAAC;YAC5C,+FAA+F;YAC/F,8EAA8E;YAC9E,iBAAiB,EAAE,WAAW;YAC9B,wDAAwD;YACxD,MAAM,EAAE;gBACN,mCAAmC;gBACnC,OAAO,EAAE,OAAO,WAAW,CAAC,SAAS,SAAS,SAAS,SAAS,UAAU,CAAC,IAAI,CAAC,WAAW,EAAE;gBAC7F,UAAU,EAAE,UAAU,CAAC,IAAI,CAAC,UAAU;gBAEtC,0FAA0F;gBAC1F,6CAA6C;gBAC7C,eAAe,EAAE,UAAU,CAAC,IAAI,CAAC,WAAW,IAAI,eAAe,gBAAgB,EAAE,EAAE;gBACnF,2DAA2D;aAC5D;SACF,CAAC,CAAA;QAEF,WAAW,GAAG,MAAM,YAAY,EAAE,CAAA;IACpC,CAAC;SAAM,IAAI,WAAW,CAAC,SAAS,IAAI,SAAS,EAAE,CAAC;QAC9C,wGAAwG;QACxG,oFAAoF;QACpF,MAAM,IAAI,KAAK,CACb,iEAAiE,SAAS,WAAW,WAAW,CAAC,SAAS,yCAAyC,CACpJ,CAAA;IACH,CAAC;IAED,OAAO,EAAE,GAAG,WAAW,EAAE,SAAS,EAAE,SAAS,EAAE,WAAW,CAAC,SAAS,EAAE,CAAA;AACxE,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,WAAkC;IAInE,MAAM,SAAS,GAAG,IAAI,SAAS,CAAC,EAAE,WAAW,EAAE,CAAC,CAAA;IAChD,MAAM,OAAO,GAAG,IAAI,wBAAwB,CAAC,EAAE,CAAC,CAAA;IAChD,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IAC9C,MAAM,SAAS,GAAG,QAAQ,CAAC,OAAO,CAAA;IAClC,MAAM,GAAG,GAAG,QAAQ,CAAC,GAAG,CAAA;IACxB,MAAM,QAAQ,GAAG,GAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAChC,MAAM,SAAS,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAA;IAC7B,OAAO;QACL,SAAS,EAAE,SAAU;QACrB,SAAS,EAAE,SAAS;KACrB,CAAA;AACH,CAAC"}