@cloud-copilot/iam-lens 0.1.77 → 0.1.78
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/whoCan/WhoCanMainThreadWorker.d.ts +4 -3
- package/dist/cjs/whoCan/WhoCanMainThreadWorker.d.ts.map +1 -1
- package/dist/cjs/whoCan/WhoCanMainThreadWorker.js +49 -4
- package/dist/cjs/whoCan/WhoCanMainThreadWorker.js.map +1 -1
- package/dist/cjs/whoCan/WhoCanWorker.d.ts +23 -2
- package/dist/cjs/whoCan/WhoCanWorker.d.ts.map +1 -1
- package/dist/cjs/whoCan/WhoCanWorker.js +23 -13
- package/dist/cjs/whoCan/WhoCanWorker.js.map +1 -1
- package/dist/cjs/whoCan/WhoCanWorkerThreadWorker.js +68 -3
- package/dist/cjs/whoCan/WhoCanWorkerThreadWorker.js.map +1 -1
- package/dist/cjs/whoCan/requestAnalysis.d.ts +22 -0
- package/dist/cjs/whoCan/requestAnalysis.d.ts.map +1 -0
- package/dist/cjs/whoCan/requestAnalysis.js +27 -0
- package/dist/cjs/whoCan/requestAnalysis.js.map +1 -0
- package/dist/cjs/whoCan/whoCan.d.ts +13 -0
- package/dist/cjs/whoCan/whoCan.d.ts.map +1 -1
- package/dist/cjs/whoCan/whoCan.js +34 -3
- package/dist/cjs/whoCan/whoCan.js.map +1 -1
- package/dist/esm/whoCan/WhoCanMainThreadWorker.d.ts +4 -3
- package/dist/esm/whoCan/WhoCanMainThreadWorker.d.ts.map +1 -1
- package/dist/esm/whoCan/WhoCanMainThreadWorker.js +49 -4
- package/dist/esm/whoCan/WhoCanMainThreadWorker.js.map +1 -1
- package/dist/esm/whoCan/WhoCanWorker.d.ts +23 -2
- package/dist/esm/whoCan/WhoCanWorker.d.ts.map +1 -1
- package/dist/esm/whoCan/WhoCanWorker.js +23 -13
- package/dist/esm/whoCan/WhoCanWorker.js.map +1 -1
- package/dist/esm/whoCan/WhoCanWorkerThreadWorker.js +68 -3
- package/dist/esm/whoCan/WhoCanWorkerThreadWorker.js.map +1 -1
- package/dist/esm/whoCan/requestAnalysis.d.ts +22 -0
- package/dist/esm/whoCan/requestAnalysis.d.ts.map +1 -0
- package/dist/esm/whoCan/requestAnalysis.js +24 -0
- package/dist/esm/whoCan/requestAnalysis.js.map +1 -0
- package/dist/esm/whoCan/whoCan.d.ts +13 -0
- package/dist/esm/whoCan/whoCan.d.ts.map +1 -1
- package/dist/esm/whoCan/whoCan.js +34 -3
- package/dist/esm/whoCan/whoCan.js.map +1 -1
- package/package.json +2 -2
|
@@ -4,7 +4,8 @@ import { S3AbacOverride } from '../utils/s3Abac.js';
|
|
|
4
4
|
import { ArrayStreamingWorkQueue } from '../workers/ArrayStreamingWorkQueue.js';
|
|
5
5
|
import { PullBasedJobRunner } from '../workers/JobRunner.js';
|
|
6
6
|
import { StreamingWorkQueue } from '../workers/StreamingWorkQueue.js';
|
|
7
|
-
import {
|
|
8
|
-
import {
|
|
9
|
-
|
|
7
|
+
import { LightRequestAnalysis } from './requestAnalysis.js';
|
|
8
|
+
import { WhoCanAllowed, WhoCanDenyDetail } from './whoCan.js';
|
|
9
|
+
import { WhoCanExecutionResult, WhoCanWorkItem } from './WhoCanWorker.js';
|
|
10
|
+
export declare function createMainThreadStreamingWorkQueue(queue: StreamingWorkQueue<WhoCanWorkItem> | ArrayStreamingWorkQueue<WhoCanWorkItem>, collectClient: IamCollectClient, s3AbacOverride: S3AbacOverride | undefined, onComplete: (result: JobResult<WhoCanAllowed | undefined, Record<string, unknown>>) => void, denyDetailsCallback?: (details: LightRequestAnalysis) => boolean, onDenyDetail?: (detail: WhoCanDenyDetail) => void): PullBasedJobRunner<WhoCanExecutionResult, Record<string, unknown>, WhoCanWorkItem>;
|
|
10
11
|
//# sourceMappingURL=WhoCanMainThreadWorker.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"WhoCanMainThreadWorker.d.ts","sourceRoot":"","sources":["../../../src/whoCan/WhoCanMainThreadWorker.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"WhoCanMainThreadWorker.d.ts","sourceRoot":"","sources":["../../../src/whoCan/WhoCanMainThreadWorker.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAA;AAC9C,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAA;AACvD,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAA;AACnD,OAAO,EAAE,uBAAuB,EAAE,MAAM,uCAAuC,CAAA;AAC/E,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAA;AAC5D,OAAO,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAA;AACrE,OAAO,EAAE,oBAAoB,EAA0B,MAAM,sBAAsB,CAAA;AACnF,OAAO,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAA;AAC7D,OAAO,EAEL,qBAAqB,EACrB,cAAc,EACf,MAAM,mBAAmB,CAAA;AAE1B,wBAAgB,kCAAkC,CAChD,KAAK,EAAE,kBAAkB,CAAC,cAAc,CAAC,GAAG,uBAAuB,CAAC,cAAc,CAAC,EACnF,aAAa,EAAE,gBAAgB,EAC/B,cAAc,EAAE,cAAc,GAAG,SAAS,EAC1C,UAAU,EAAE,CAAC,MAAM,EAAE,SAAS,CAAC,aAAa,GAAG,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,KAAK,IAAI,EAC3F,mBAAmB,CAAC,EAAE,CAAC,OAAO,EAAE,oBAAoB,KAAK,OAAO,EAChE,YAAY,CAAC,EAAE,CAAC,MAAM,EAAE,gBAAgB,KAAK,IAAI,sFA6DlD"}
|
|
@@ -1,18 +1,63 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.createMainThreadStreamingWorkQueue = createMainThreadStreamingWorkQueue;
|
|
4
|
+
const iam_simulate_1 = require("@cloud-copilot/iam-simulate");
|
|
4
5
|
const JobRunner_js_1 = require("../workers/JobRunner.js");
|
|
6
|
+
const requestAnalysis_js_1 = require("./requestAnalysis.js");
|
|
5
7
|
const WhoCanWorker_js_1 = require("./WhoCanWorker.js");
|
|
6
|
-
function createMainThreadStreamingWorkQueue(queue, collectClient, s3AbacOverride, onComplete) {
|
|
8
|
+
function createMainThreadStreamingWorkQueue(queue, collectClient, s3AbacOverride, onComplete, denyDetailsCallback, onDenyDetail) {
|
|
9
|
+
const collectDenyDetails = !!denyDetailsCallback;
|
|
7
10
|
return new JobRunner_js_1.PullBasedJobRunner(50, async () => {
|
|
8
11
|
return queue.dequeue();
|
|
9
12
|
}, (workItem) => {
|
|
10
13
|
return (0, WhoCanWorker_js_1.createJobForWhoCanWorkItem)(workItem, collectClient, {
|
|
11
|
-
s3AbacOverride
|
|
14
|
+
s3AbacOverride,
|
|
15
|
+
collectDenyDetails
|
|
12
16
|
});
|
|
13
17
|
}, async (result) => {
|
|
14
|
-
|
|
15
|
-
|
|
18
|
+
if (result.status === 'fulfilled') {
|
|
19
|
+
const executionResult = result.value;
|
|
20
|
+
if (executionResult.allowed) {
|
|
21
|
+
// Simulation was allowed - pass through to onComplete
|
|
22
|
+
onComplete({
|
|
23
|
+
status: 'fulfilled',
|
|
24
|
+
value: executionResult.allowed,
|
|
25
|
+
properties: result.properties
|
|
26
|
+
});
|
|
27
|
+
}
|
|
28
|
+
else {
|
|
29
|
+
// Simulation was denied
|
|
30
|
+
onComplete({
|
|
31
|
+
status: 'fulfilled',
|
|
32
|
+
value: undefined,
|
|
33
|
+
properties: result.properties
|
|
34
|
+
});
|
|
35
|
+
// Check if we should include deny details
|
|
36
|
+
if (denyDetailsCallback && onDenyDetail && executionResult.denyAnalysis) {
|
|
37
|
+
const lightAnalysis = (0, requestAnalysis_js_1.toLightRequestAnalysis)(executionResult.denyAnalysis);
|
|
38
|
+
const shouldInclude = denyDetailsCallback(lightAnalysis);
|
|
39
|
+
if (shouldInclude) {
|
|
40
|
+
const denialReasons = (0, iam_simulate_1.getDenialReasons)(executionResult.denyAnalysis);
|
|
41
|
+
const { workItem } = executionResult;
|
|
42
|
+
const [service, action] = workItem.action.split(':');
|
|
43
|
+
onDenyDetail({
|
|
44
|
+
principal: workItem.principal,
|
|
45
|
+
service,
|
|
46
|
+
action,
|
|
47
|
+
details: denialReasons
|
|
48
|
+
});
|
|
49
|
+
}
|
|
50
|
+
}
|
|
51
|
+
}
|
|
52
|
+
}
|
|
53
|
+
else {
|
|
54
|
+
// Error case - pass through as rejected
|
|
55
|
+
onComplete({
|
|
56
|
+
status: 'rejected',
|
|
57
|
+
reason: result.reason,
|
|
58
|
+
properties: result.properties
|
|
59
|
+
});
|
|
60
|
+
}
|
|
16
61
|
});
|
|
17
62
|
}
|
|
18
63
|
//# sourceMappingURL=WhoCanMainThreadWorker.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"WhoCanMainThreadWorker.js","sourceRoot":"","sources":["../../../src/whoCan/WhoCanMainThreadWorker.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"WhoCanMainThreadWorker.js","sourceRoot":"","sources":["../../../src/whoCan/WhoCanMainThreadWorker.ts"],"names":[],"mappings":";;AAeA,gFAmEC;AAlFD,8DAA8D;AAK9D,0DAA4D;AAE5D,6DAAmF;AAEnF,uDAI0B;AAE1B,SAAgB,kCAAkC,CAChD,KAAmF,EACnF,aAA+B,EAC/B,cAA0C,EAC1C,UAA2F,EAC3F,mBAAgE,EAChE,YAAiD;IAEjD,MAAM,kBAAkB,GAAG,CAAC,CAAC,mBAAmB,CAAA;IAEhD,OAAO,IAAI,iCAAkB,CAC3B,EAAE,EACF,KAAK,IAAI,EAAE;QACT,OAAO,KAAK,CAAC,OAAO,EAAE,CAAA;IACxB,CAAC,EACD,CAAC,QAAQ,EAAE,EAAE;QACX,OAAO,IAAA,4CAA0B,EAAC,QAAQ,EAAE,aAAa,EAAE;YACzD,cAAc;YACd,kBAAkB;SACnB,CAAC,CAAA;IACJ,CAAC,EACD,KAAK,EAAE,MAAM,EAAE,EAAE;QACf,IAAI,MAAM,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;YAClC,MAAM,eAAe,GAAG,MAAM,CAAC,KAAK,CAAA;YACpC,IAAI,eAAe,CAAC,OAAO,EAAE,CAAC;gBAC5B,sDAAsD;gBACtD,UAAU,CAAC;oBACT,MAAM,EAAE,WAAW;oBACnB,KAAK,EAAE,eAAe,CAAC,OAAO;oBAC9B,UAAU,EAAE,MAAM,CAAC,UAAU;iBAC9B,CAAC,CAAA;YACJ,CAAC;iBAAM,CAAC;gBACN,wBAAwB;gBACxB,UAAU,CAAC;oBACT,MAAM,EAAE,WAAW;oBACnB,KAAK,EAAE,SAAS;oBAChB,UAAU,EAAE,MAAM,CAAC,UAAU;iBAC9B,CAAC,CAAA;gBAEF,0CAA0C;gBAC1C,IAAI,mBAAmB,IAAI,YAAY,IAAI,eAAe,CAAC,YAAY,EAAE,CAAC;oBACxE,MAAM,aAAa,GAAG,IAAA,2CAAsB,EAAC,eAAe,CAAC,YAAY,CAAC,CAAA;oBAC1E,MAAM,aAAa,GAAG,mBAAmB,CAAC,aAAa,CAAC,CAAA;oBAExD,IAAI,aAAa,EAAE,CAAC;wBAClB,MAAM,aAAa,GAAG,IAAA,+BAAgB,EAAC,eAAe,CAAC,YAAY,CAAC,CAAA;wBACpE,MAAM,EAAE,QAAQ,EAAE,GAAG,eAAe,CAAA;wBACpC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,GAAG,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;wBACpD,YAAY,CAAC;4BACX,SAAS,EAAE,QAAQ,CAAC,SAAS;4BAC7B,OAAO;4BACP,MAAM;4BACN,OAAO,EAAE,aAAa;yBACvB,CAAC,CAAA;oBACJ,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,wCAAwC;YACxC,UAAU,CAAC;gBACT,MAAM,EAAE,UAAU;gBAClB,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,UAAU,EAAE,MAAM,CAAC,UAAU;aAC9B,CAAC,CAAA;QACJ,CAAC;IACH,CAAC,CACF,CAAA;AACH,CAAC"}
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { RequestAnalysis } from '@cloud-copilot/iam-simulate';
|
|
1
2
|
import { Job } from '@cloud-copilot/job';
|
|
2
3
|
import { IamCollectClient } from '../collect/client.js';
|
|
3
4
|
import { S3AbacOverride } from '../utils/s3Abac.js';
|
|
@@ -8,9 +9,29 @@ export interface WhoCanWorkItem {
|
|
|
8
9
|
action: string;
|
|
9
10
|
principal: string;
|
|
10
11
|
}
|
|
11
|
-
|
|
12
|
+
/**
|
|
13
|
+
* The result of executing a whoCan work item.
|
|
14
|
+
* Contains either the allowed result or the deny analysis (but not both).
|
|
15
|
+
*/
|
|
16
|
+
export interface WhoCanExecutionResult {
|
|
17
|
+
/**
|
|
18
|
+
* The allowed result if the simulation was successful
|
|
19
|
+
*/
|
|
20
|
+
allowed?: WhoCanAllowed;
|
|
21
|
+
/**
|
|
22
|
+
* The deny analysis if the simulation was not allowed.
|
|
23
|
+
* Only populated when collectDenyDetails is true.
|
|
24
|
+
*/
|
|
25
|
+
denyAnalysis?: RequestAnalysis;
|
|
26
|
+
/**
|
|
27
|
+
* The work item that was executed, for context in deny details
|
|
28
|
+
*/
|
|
29
|
+
workItem: WhoCanWorkItem;
|
|
30
|
+
}
|
|
31
|
+
export declare function createJobForWhoCanWorkItem(workItem: WhoCanWorkItem, collectClient: IamCollectClient, whoCanOptions: WhoCanOptions): Job<WhoCanExecutionResult, Record<string, unknown>>;
|
|
12
32
|
export interface WhoCanOptions {
|
|
13
33
|
s3AbacOverride?: S3AbacOverride;
|
|
34
|
+
collectDenyDetails?: boolean;
|
|
14
35
|
}
|
|
15
|
-
export declare function executeWhoCan(workItem: WhoCanWorkItem, collectClient: IamCollectClient, whoCanOptions: WhoCanOptions): Promise<
|
|
36
|
+
export declare function executeWhoCan(workItem: WhoCanWorkItem, collectClient: IamCollectClient, whoCanOptions: WhoCanOptions): Promise<WhoCanExecutionResult>;
|
|
16
37
|
//# sourceMappingURL=WhoCanWorker.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"WhoCanWorker.d.ts","sourceRoot":"","sources":["../../../src/whoCan/WhoCanWorker.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,GAAG,EAAE,MAAM,oBAAoB,CAAA;AACxC,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAA;AAEvD,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAA;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAA;AAE3C,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,MAAM,GAAG,SAAS,CAAA;IAC5B,eAAe,EAAE,MAAM,GAAG,SAAS,CAAA;IACnC,MAAM,EAAE,MAAM,CAAA;IACd,SAAS,EAAE,MAAM,CAAA;CAClB;AAED,wBAAgB,0BAA0B,CACxC,QAAQ,EAAE,cAAc,EACxB,aAAa,EAAE,gBAAgB,EAC/B,aAAa,EAAE,aAAa,GAC3B,GAAG,CAAC,
|
|
1
|
+
{"version":3,"file":"WhoCanWorker.d.ts","sourceRoot":"","sources":["../../../src/whoCan/WhoCanWorker.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAA;AAC7D,OAAO,EAAE,GAAG,EAAE,MAAM,oBAAoB,CAAA;AACxC,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAA;AAEvD,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAA;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAA;AAE3C,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,MAAM,GAAG,SAAS,CAAA;IAC5B,eAAe,EAAE,MAAM,GAAG,SAAS,CAAA;IACnC,MAAM,EAAE,MAAM,CAAA;IACd,SAAS,EAAE,MAAM,CAAA;CAClB;AAED;;;GAGG;AACH,MAAM,WAAW,qBAAqB;IACpC;;OAEG;IACH,OAAO,CAAC,EAAE,aAAa,CAAA;IAEvB;;;OAGG;IACH,YAAY,CAAC,EAAE,eAAe,CAAA;IAE9B;;OAEG;IACH,QAAQ,EAAE,cAAc,CAAA;CACzB;AAED,wBAAgB,0BAA0B,CACxC,QAAQ,EAAE,cAAc,EACxB,aAAa,EAAE,gBAAgB,EAC/B,aAAa,EAAE,aAAa,GAC3B,GAAG,CAAC,qBAAqB,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAOrD;AAED,MAAM,WAAW,aAAa;IAC5B,cAAc,CAAC,EAAE,cAAc,CAAA;IAC/B,kBAAkB,CAAC,EAAE,OAAO,CAAA;CAC7B;AAED,wBAAsB,aAAa,CACjC,QAAQ,EAAE,cAAc,EACxB,aAAa,EAAE,gBAAgB,EAC/B,aAAa,EAAE,aAAa,GAC3B,OAAO,CAAC,qBAAqB,CAAC,CA+DhC"}
|
|
@@ -37,27 +37,37 @@ async function executeWhoCan(workItem, collectClient, whoCanOptions) {
|
|
|
37
37
|
if (result?.result.analysis?.result === 'Allowed') {
|
|
38
38
|
const actionType = await getActionLevel(service, serviceAction);
|
|
39
39
|
return {
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
40
|
+
workItem,
|
|
41
|
+
allowed: {
|
|
42
|
+
principal,
|
|
43
|
+
service,
|
|
44
|
+
action: serviceAction,
|
|
45
|
+
level: actionType.toLowerCase()
|
|
46
|
+
}
|
|
44
47
|
};
|
|
45
48
|
}
|
|
46
49
|
else {
|
|
47
50
|
const actionType = await getActionLevel(service, serviceAction);
|
|
48
51
|
return {
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
:
|
|
52
|
+
workItem,
|
|
53
|
+
allowed: {
|
|
54
|
+
principal,
|
|
55
|
+
service: service,
|
|
56
|
+
action: serviceAction,
|
|
57
|
+
level: actionType.toLowerCase(),
|
|
58
|
+
conditions: discoveryResult?.result.analysis.ignoredConditions,
|
|
59
|
+
dependsOnSessionName: discoveryResult?.result.analysis.ignoredRoleSessionName
|
|
60
|
+
? true
|
|
61
|
+
: undefined
|
|
62
|
+
}
|
|
57
63
|
};
|
|
58
64
|
}
|
|
59
65
|
}
|
|
60
|
-
return
|
|
66
|
+
// Not allowed - return deny analysis if requested
|
|
67
|
+
return {
|
|
68
|
+
workItem,
|
|
69
|
+
denyAnalysis: whoCanOptions.collectDenyDetails ? discoveryResult?.result.analysis : undefined
|
|
70
|
+
};
|
|
61
71
|
}
|
|
62
72
|
/**
|
|
63
73
|
* Get the action level for a specific service action, will fail if the service or action does not exist.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"WhoCanWorker.js","sourceRoot":"","sources":["../../../src/whoCan/WhoCanWorker.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"WhoCanWorker.js","sourceRoot":"","sources":["../../../src/whoCan/WhoCanWorker.ts"],"names":[],"mappings":";;AAqCA,gEAWC;AAOD,sCAmEC;AA1HD,sDAA0D;AAI1D,yDAAyD;AAiCzD,SAAgB,0BAA0B,CACxC,QAAwB,EACxB,aAA+B,EAC/B,aAA4B;IAE5B,OAAO;QACL,UAAU,EAAE,EAAE;QACd,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;YACzB,OAAO,aAAa,CAAC,QAAQ,EAAE,aAAa,EAAE,aAAa,CAAC,CAAA;QAC9D,CAAC;KACF,CAAA;AACH,CAAC;AAOM,KAAK,UAAU,aAAa,CACjC,QAAwB,EACxB,aAA+B,EAC/B,aAA4B;IAE5B,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,eAAe,EAAE,MAAM,EAAE,GAAG,QAAQ,CAAA;IACjE,MAAM,CAAC,OAAO,EAAE,aAAa,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAClD,MAAM,eAAe,GAAG,MAAM,IAAA,6BAAe,EAC3C;QACE,SAAS;QACT,WAAW,EAAE,QAAQ;QACrB,eAAe,EAAE,eAAe;QAChC,MAAM;QACN,iBAAiB,EAAE,EAAE;QACrB,cAAc,EAAE,WAAW;QAC3B,cAAc,EAAE,aAAa,CAAC,cAAc;KAC7C,EACD,aAAa,CACd,CAAA;IAED,IAAI,eAAe,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,KAAK,SAAS,EAAE,CAAC;QAC3D,MAAM,MAAM,GAAG,MAAM,IAAA,6BAAe,EAClC;YACE,SAAS;YACT,WAAW,EAAE,QAAQ;YACrB,eAAe;YACf,MAAM;YACN,iBAAiB,EAAE,EAAE;YACrB,cAAc,EAAE,QAAQ;YACxB,cAAc,EAAE,aAAa,CAAC,cAAc;SAC7C,EACD,aAAa,CACd,CAAA;QACD,IAAI,MAAM,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,KAAK,SAAS,EAAE,CAAC;YAClD,MAAM,UAAU,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,aAAa,CAAC,CAAA;YAC/D,OAAO;gBACL,QAAQ;gBACR,OAAO,EAAE;oBACP,SAAS;oBACT,OAAO;oBACP,MAAM,EAAE,aAAa;oBACrB,KAAK,EAAE,UAAU,CAAC,WAAW,EAAE;iBAChC;aACF,CAAA;QACH,CAAC;aAAM,CAAC;YACN,MAAM,UAAU,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,aAAa,CAAC,CAAA;YAC/D,OAAO;gBACL,QAAQ;gBACR,OAAO,EAAE;oBACP,SAAS;oBACT,OAAO,EAAE,OAAO;oBAChB,MAAM,EAAE,aAAa;oBACrB,KAAK,EAAE,UAAU,CAAC,WAAW,EAAE;oBAC/B,UAAU,EAAE,eAAe,EAAE,MAAM,CAAC,QAAQ,CAAC,iBAAiB;oBAC9D,oBAAoB,EAAE,eAAe,EAAE,MAAM,CAAC,QAAQ,CAAC,sBAAsB;wBAC3E,CAAC,CAAC,IAAI;wBACN,CAAC,CAAC,SAAS;iBACd;aACF,CAAA;QACH,CAAC;IACH,CAAC;IAED,kDAAkD;IAClD,OAAO;QACL,QAAQ;QACR,YAAY,EAAE,aAAa,CAAC,kBAAkB,CAAC,CAAC,CAAC,eAAe,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;KAC9F,CAAA;AACH,CAAC;AAED;;;;;;GAMG;AACH,KAAK,UAAU,cAAc,CAAC,OAAe,EAAE,MAAc;IAC3D,MAAM,OAAO,GAAG,MAAM,IAAA,2BAAgB,EAAC,OAAO,EAAE,MAAM,CAAC,CAAA;IACvD,OAAO,OAAO,CAAC,WAAW,CAAA;AAC5B,CAAC"}
|
|
@@ -1,16 +1,21 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
const iam_simulate_1 = require("@cloud-copilot/iam-simulate");
|
|
3
4
|
const worker_threads_1 = require("worker_threads");
|
|
4
5
|
const collect_js_1 = require("../collect/collect.js");
|
|
5
6
|
const JobRunner_js_1 = require("../workers/JobRunner.js");
|
|
6
7
|
const SharedArrayBufferWorkerCache_js_1 = require("../workers/SharedArrayBufferWorkerCache.js");
|
|
8
|
+
const requestAnalysis_js_1 = require("./requestAnalysis.js");
|
|
7
9
|
const WhoCanWorker_js_1 = require("./WhoCanWorker.js");
|
|
8
10
|
if (!worker_threads_1.parentPort) {
|
|
9
11
|
throw new Error('Must be run as a worker thread');
|
|
10
12
|
}
|
|
11
13
|
// Get config from the main thread
|
|
12
|
-
const { concurrency, collectConfigs, partition, s3AbacOverride } = worker_threads_1.workerData;
|
|
14
|
+
const { concurrency, collectConfigs, partition, s3AbacOverride, collectDenyDetails } = worker_threads_1.workerData;
|
|
13
15
|
const taskPromises = {};
|
|
16
|
+
// Pending deny details checks - keyed by a unique id for each check
|
|
17
|
+
let denyDetailsCheckId = 0;
|
|
18
|
+
const pendingDenyDetailsChecks = {};
|
|
14
19
|
worker_threads_1.parentPort.on('message', (msg) => {
|
|
15
20
|
if (msg.type === 'task' && msg.workerId in taskPromises) {
|
|
16
21
|
taskPromises[msg.workerId](msg.task);
|
|
@@ -24,6 +29,15 @@ worker_threads_1.parentPort.on('message', (msg) => {
|
|
|
24
29
|
worker_threads_1.parentPort.postMessage({ type: 'finished' });
|
|
25
30
|
});
|
|
26
31
|
}
|
|
32
|
+
else if (msg.type === 'denyDetailsCheckResult') {
|
|
33
|
+
// Handle response from main thread about whether to include deny details
|
|
34
|
+
const checkId = msg.checkId;
|
|
35
|
+
const resolveFn = pendingDenyDetailsChecks[checkId];
|
|
36
|
+
if (resolveFn) {
|
|
37
|
+
resolveFn(msg.shouldInclude);
|
|
38
|
+
delete pendingDenyDetailsChecks[checkId];
|
|
39
|
+
}
|
|
40
|
+
}
|
|
27
41
|
});
|
|
28
42
|
const collectClient = (0, collect_js_1.getCollectClient)(collectConfigs, partition, {
|
|
29
43
|
cacheProvider: new SharedArrayBufferWorkerCache_js_1.SharedArrayBufferWorkerCache(worker_threads_1.parentPort)
|
|
@@ -38,11 +52,62 @@ const jobRunner = new JobRunner_js_1.PullBasedJobRunner(concurrency, async (work
|
|
|
38
52
|
properties: {},
|
|
39
53
|
execute: async (context) => {
|
|
40
54
|
return (0, WhoCanWorker_js_1.executeWhoCan)(taskDetails, collectClient, {
|
|
41
|
-
s3AbacOverride
|
|
55
|
+
s3AbacOverride,
|
|
56
|
+
collectDenyDetails
|
|
42
57
|
});
|
|
43
58
|
}
|
|
44
59
|
};
|
|
45
60
|
}, async (result) => {
|
|
46
|
-
|
|
61
|
+
if (result.status === 'fulfilled') {
|
|
62
|
+
const executionResult = result.value;
|
|
63
|
+
if (executionResult.allowed) {
|
|
64
|
+
// Allowed - send result back to main thread
|
|
65
|
+
worker_threads_1.parentPort.postMessage({
|
|
66
|
+
type: 'result',
|
|
67
|
+
result: {
|
|
68
|
+
status: 'fulfilled',
|
|
69
|
+
value: executionResult.allowed,
|
|
70
|
+
properties: result.properties
|
|
71
|
+
}
|
|
72
|
+
});
|
|
73
|
+
}
|
|
74
|
+
else {
|
|
75
|
+
// If we have deny analysis and collectDenyDetails is enabled, check with main thread
|
|
76
|
+
if (collectDenyDetails && executionResult.denyAnalysis) {
|
|
77
|
+
const lightAnalysis = (0, requestAnalysis_js_1.toLightRequestAnalysis)(executionResult.denyAnalysis);
|
|
78
|
+
const checkId = denyDetailsCheckId++;
|
|
79
|
+
// Send check request to main thread
|
|
80
|
+
worker_threads_1.parentPort.postMessage({
|
|
81
|
+
type: 'checkDenyDetails',
|
|
82
|
+
checkId,
|
|
83
|
+
workItem: executionResult.workItem,
|
|
84
|
+
lightAnalysis
|
|
85
|
+
});
|
|
86
|
+
// Wait for response from main thread
|
|
87
|
+
const shouldInclude = await new Promise((resolve) => {
|
|
88
|
+
pendingDenyDetailsChecks[checkId] = resolve;
|
|
89
|
+
});
|
|
90
|
+
if (shouldInclude) {
|
|
91
|
+
// Get full denial reasons and send to main thread
|
|
92
|
+
const denialReasons = (0, iam_simulate_1.getDenialReasons)(executionResult.denyAnalysis);
|
|
93
|
+
const { workItem } = executionResult;
|
|
94
|
+
const [service, action] = workItem.action.split(':');
|
|
95
|
+
worker_threads_1.parentPort.postMessage({
|
|
96
|
+
type: 'denyDetailsResult',
|
|
97
|
+
denyDetail: {
|
|
98
|
+
principal: workItem.principal,
|
|
99
|
+
service,
|
|
100
|
+
action,
|
|
101
|
+
details: denialReasons
|
|
102
|
+
}
|
|
103
|
+
});
|
|
104
|
+
}
|
|
105
|
+
}
|
|
106
|
+
}
|
|
107
|
+
}
|
|
108
|
+
else {
|
|
109
|
+
// Error case - pass through
|
|
110
|
+
worker_threads_1.parentPort.postMessage({ type: 'result', result });
|
|
111
|
+
}
|
|
47
112
|
});
|
|
48
113
|
//# sourceMappingURL=WhoCanWorkerThreadWorker.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"WhoCanWorkerThreadWorker.js","sourceRoot":"","sources":["../../../src/whoCan/WhoCanWorkerThreadWorker.ts"],"names":[],"mappings":";;AAEA,mDAAuD;AACvD,sDAAwD;AAExD,0DAA4D;AAC5D,gGAAyF;AACzF,
|
|
1
|
+
{"version":3,"file":"WhoCanWorkerThreadWorker.js","sourceRoot":"","sources":["../../../src/whoCan/WhoCanWorkerThreadWorker.ts"],"names":[],"mappings":";;AAEA,8DAA8D;AAC9D,mDAAuD;AACvD,sDAAwD;AAExD,0DAA4D;AAC5D,gGAAyF;AACzF,6DAA6D;AAC7D,uDAAwF;AAExF,IAAI,CAAC,2BAAU,EAAE,CAAC;IAChB,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAA;AACnD,CAAC;AAED,kCAAkC;AAClC,MAAM,EAAE,WAAW,EAAE,cAAc,EAAE,SAAS,EAAE,cAAc,EAAE,kBAAkB,EAAE,GAClF,2BAMC,CAAA;AAEH,MAAM,YAAY,GAAuC,EAAE,CAAA;AAE3D,oEAAoE;AACpE,IAAI,kBAAkB,GAAG,CAAC,CAAA;AAC1B,MAAM,wBAAwB,GAAqD,EAAE,CAAA;AAErF,2BAAU,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,GAAG,EAAE,EAAE;IAC/B,IAAI,GAAG,CAAC,IAAI,KAAK,MAAM,IAAI,GAAG,CAAC,QAAQ,IAAI,YAAY,EAAE,CAAC;QACxD,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;QACpC,OAAO,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;IACnC,CAAC;SAAM,IAAI,GAAG,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;QACxC,SAAS,CAAC,mBAAmB,EAAE,CAAA;IACjC,CAAC;SAAM,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QACrC,SAAS,CAAC,aAAa,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE;YAClC,2BAAW,CAAC,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAA;QAC/C,CAAC,CAAC,CAAA;IACJ,CAAC;SAAM,IAAI,GAAG,CAAC,IAAI,KAAK,wBAAwB,EAAE,CAAC;QACjD,yEAAyE;QACzE,MAAM,OAAO,GAAG,GAAG,CAAC,OAAiB,CAAA;QACrC,MAAM,SAAS,GAAG,wBAAwB,CAAC,OAAO,CAAC,CAAA;QACnD,IAAI,SAAS,EAAE,CAAC;YACd,SAAS,CAAC,GAAG,CAAC,aAAa,CAAC,CAAA;YAC5B,OAAO,wBAAwB,CAAC,OAAO,CAAC,CAAA;QAC1C,CAAC;IACH,CAAC;AACH,CAAC,CAAC,CAAA;AAEF,MAAM,aAAa,GAAG,IAAA,6BAAgB,EAAC,cAAc,EAAE,SAAS,EAAE;IAChE,aAAa,EAAE,IAAI,8DAA4B,CAAC,2BAAU,CAAC;CAC5D,CAAC,CAAA;AAEF,MAAM,SAAS,GAAG,IAAI,iCAAkB,CAKtC,WAAW,EACX,KAAK,EAAE,QAAQ,EAAE,EAAE;IACjB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,2BAAW,CAAC,WAAW,CAAC,EAAE,IAAI,EAAE,aAAa,EAAE,QAAQ,EAAE,CAAC,CAAA;QAC1D,YAAY,CAAC,QAAQ,CAAC,GAAG,OAAO,CAAA;IAClC,CAAC,CAAC,CAAA;AACJ,CAAC,EACD,CAAC,WAAW,EAAE,EAAE;IACd,OAAO;QACL,UAAU,EAAE,EAAE;QACd,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;YACzB,OAAO,IAAA,+BAAa,EAAC,WAAW,EAAE,aAAa,EAAE;gBAC/C,cAAc;gBACd,kBAAkB;aACnB,CAAC,CAAA;QACJ,CAAC;KACF,CAAA;AACH,CAAC,EACD,KAAK,EAAE,MAAM,EAAE,EAAE;IACf,IAAI,MAAM,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;QAClC,MAAM,eAAe,GAAG,MAAM,CAAC,KAAK,CAAA;QAEpC,IAAI,eAAe,CAAC,OAAO,EAAE,CAAC;YAC5B,4CAA4C;YAC5C,2BAAW,CAAC,WAAW,CAAC;gBACtB,IAAI,EAAE,QAAQ;gBACd,MAAM,EAAE;oBACN,MAAM,EAAE,WAAW;oBACnB,KAAK,EAAE,eAAe,CAAC,OAAO;oBAC9B,UAAU,EAAE,MAAM,CAAC,UAAU;iBAC9B;aACF,CAAC,CAAA;QACJ,CAAC;aAAM,CAAC;YACN,qFAAqF;YACrF,IAAI,kBAAkB,IAAI,eAAe,CAAC,YAAY,EAAE,CAAC;gBACvD,MAAM,aAAa,GAAG,IAAA,2CAAsB,EAAC,eAAe,CAAC,YAAY,CAAC,CAAA;gBAC1E,MAAM,OAAO,GAAG,kBAAkB,EAAE,CAAA;gBAEpC,oCAAoC;gBACpC,2BAAW,CAAC,WAAW,CAAC;oBACtB,IAAI,EAAE,kBAAkB;oBACxB,OAAO;oBACP,QAAQ,EAAE,eAAe,CAAC,QAAQ;oBAClC,aAAa;iBACd,CAAC,CAAA;gBAEF,qCAAqC;gBACrC,MAAM,aAAa,GAAG,MAAM,IAAI,OAAO,CAAU,CAAC,OAAO,EAAE,EAAE;oBAC3D,wBAAwB,CAAC,OAAO,CAAC,GAAG,OAAO,CAAA;gBAC7C,CAAC,CAAC,CAAA;gBAEF,IAAI,aAAa,EAAE,CAAC;oBAClB,kDAAkD;oBAClD,MAAM,aAAa,GAAG,IAAA,+BAAgB,EAAC,eAAe,CAAC,YAAY,CAAC,CAAA;oBACpE,MAAM,EAAE,QAAQ,EAAE,GAAG,eAAe,CAAA;oBACpC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,GAAG,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;oBACpD,2BAAW,CAAC,WAAW,CAAC;wBACtB,IAAI,EAAE,mBAAmB;wBACzB,UAAU,EAAE;4BACV,SAAS,EAAE,QAAQ,CAAC,SAAS;4BAC7B,OAAO;4BACP,MAAM;4BACN,OAAO,EAAE,aAAa;yBACvB;qBACF,CAAC,CAAA;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;SAAM,CAAC;QACN,4BAA4B;QAC5B,2BAAW,CAAC,WAAW,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAA;IACrD,CAAC;AACH,CAAC,CACF,CAAA"}
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
import { RequestAnalysis } from '@cloud-copilot/iam-simulate';
|
|
2
|
+
/**
|
|
3
|
+
* A light version of RequestAnalysis containing only the result and sameAccount fields,
|
|
4
|
+
* along with the result fields of the various analyses.
|
|
5
|
+
*/
|
|
6
|
+
export interface LightRequestAnalysis {
|
|
7
|
+
result: RequestAnalysis['result'];
|
|
8
|
+
sameAccount: RequestAnalysis['sameAccount'];
|
|
9
|
+
identityAnalysis?: Pick<NonNullable<RequestAnalysis['identityAnalysis']>, 'result'>;
|
|
10
|
+
resourceAnalysis?: Pick<NonNullable<RequestAnalysis['resourceAnalysis']>, 'result'>;
|
|
11
|
+
scpAnalysis?: Pick<NonNullable<RequestAnalysis['scpAnalysis']>, 'result'>;
|
|
12
|
+
rcpAnalysis?: Pick<NonNullable<RequestAnalysis['rcpAnalysis']>, 'result'>;
|
|
13
|
+
permissionBoundaryAnalysis?: Pick<NonNullable<RequestAnalysis['permissionBoundaryAnalysis']>, 'result'>;
|
|
14
|
+
}
|
|
15
|
+
/**
|
|
16
|
+
* Convert a full RequestAnalysis to a LightRequestAnalysis
|
|
17
|
+
*
|
|
18
|
+
* @param analysis the full RequestAnalysis to convert
|
|
19
|
+
* @returns a LightRequestAnalysis with only the essential fields
|
|
20
|
+
*/
|
|
21
|
+
export declare function toLightRequestAnalysis(analysis: RequestAnalysis): LightRequestAnalysis;
|
|
22
|
+
//# sourceMappingURL=requestAnalysis.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"requestAnalysis.d.ts","sourceRoot":"","sources":["../../../src/whoCan/requestAnalysis.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAA;AAE7D;;;GAGG;AACH,MAAM,WAAW,oBAAoB;IACnC,MAAM,EAAE,eAAe,CAAC,QAAQ,CAAC,CAAA;IACjC,WAAW,EAAE,eAAe,CAAC,aAAa,CAAC,CAAA;IAC3C,gBAAgB,CAAC,EAAE,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC,kBAAkB,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAA;IACnF,gBAAgB,CAAC,EAAE,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC,kBAAkB,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAA;IACnF,WAAW,CAAC,EAAE,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAA;IACzE,WAAW,CAAC,EAAE,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAA;IACzE,0BAA0B,CAAC,EAAE,IAAI,CAC/B,WAAW,CAAC,eAAe,CAAC,4BAA4B,CAAC,CAAC,EAC1D,QAAQ,CACT,CAAA;CACF;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,QAAQ,EAAE,eAAe,GAAG,oBAAoB,CAgBtF"}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.toLightRequestAnalysis = toLightRequestAnalysis;
|
|
4
|
+
/**
|
|
5
|
+
* Convert a full RequestAnalysis to a LightRequestAnalysis
|
|
6
|
+
*
|
|
7
|
+
* @param analysis the full RequestAnalysis to convert
|
|
8
|
+
* @returns a LightRequestAnalysis with only the essential fields
|
|
9
|
+
*/
|
|
10
|
+
function toLightRequestAnalysis(analysis) {
|
|
11
|
+
return {
|
|
12
|
+
result: analysis.result,
|
|
13
|
+
sameAccount: analysis.sameAccount,
|
|
14
|
+
identityAnalysis: analysis.identityAnalysis
|
|
15
|
+
? { result: analysis.identityAnalysis.result }
|
|
16
|
+
: undefined,
|
|
17
|
+
resourceAnalysis: analysis.resourceAnalysis
|
|
18
|
+
? { result: analysis.resourceAnalysis.result }
|
|
19
|
+
: undefined,
|
|
20
|
+
scpAnalysis: analysis.scpAnalysis ? { result: analysis.scpAnalysis.result } : undefined,
|
|
21
|
+
rcpAnalysis: analysis.rcpAnalysis ? { result: analysis.rcpAnalysis.result } : undefined,
|
|
22
|
+
permissionBoundaryAnalysis: analysis.permissionBoundaryAnalysis
|
|
23
|
+
? { result: analysis.permissionBoundaryAnalysis.result }
|
|
24
|
+
: undefined
|
|
25
|
+
};
|
|
26
|
+
}
|
|
27
|
+
//# sourceMappingURL=requestAnalysis.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"requestAnalysis.js","sourceRoot":"","sources":["../../../src/whoCan/requestAnalysis.ts"],"names":[],"mappings":";;AAyBA,wDAgBC;AAtBD;;;;;GAKG;AACH,SAAgB,sBAAsB,CAAC,QAAyB;IAC9D,OAAO;QACL,MAAM,EAAE,QAAQ,CAAC,MAAM;QACvB,WAAW,EAAE,QAAQ,CAAC,WAAW;QACjC,gBAAgB,EAAE,QAAQ,CAAC,gBAAgB;YACzC,CAAC,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,gBAAgB,CAAC,MAAM,EAAE;YAC9C,CAAC,CAAC,SAAS;QACb,gBAAgB,EAAE,QAAQ,CAAC,gBAAgB;YACzC,CAAC,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,gBAAgB,CAAC,MAAM,EAAE;YAC9C,CAAC,CAAC,SAAS;QACb,WAAW,EAAE,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,SAAS;QACvF,WAAW,EAAE,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,SAAS;QACvF,0BAA0B,EAAE,QAAQ,CAAC,0BAA0B;YAC7D,CAAC,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,0BAA0B,CAAC,MAAM,EAAE;YACxD,CAAC,CAAC,SAAS;KACd,CAAA;AACH,CAAC"}
|
|
@@ -1,7 +1,9 @@
|
|
|
1
1
|
import { TopLevelConfig } from '@cloud-copilot/iam-collect';
|
|
2
2
|
import { ResourceType } from '@cloud-copilot/iam-data';
|
|
3
|
+
import { RequestDenial } from '@cloud-copilot/iam-simulate';
|
|
3
4
|
import { IamCollectClient } from '../collect/client.js';
|
|
4
5
|
import { S3AbacOverride } from '../utils/s3Abac.js';
|
|
6
|
+
import { LightRequestAnalysis } from './requestAnalysis.js';
|
|
5
7
|
export interface ResourceAccessRequest {
|
|
6
8
|
/**
|
|
7
9
|
* The ARN of the resource to check access for. If not provided, actions must be specified.
|
|
@@ -30,6 +32,10 @@ export interface ResourceAccessRequest {
|
|
|
30
32
|
* If not provided, defaults to number of CPUs - 1.
|
|
31
33
|
*/
|
|
32
34
|
workerThreads?: number;
|
|
35
|
+
/**
|
|
36
|
+
* Deny details callback for simulations. If the callback returns true, deny details will be included for that simulation.
|
|
37
|
+
*/
|
|
38
|
+
denyDetailsCallback?: (details: LightRequestAnalysis) => boolean;
|
|
33
39
|
}
|
|
34
40
|
export interface WhoCanAllowed {
|
|
35
41
|
principal: string;
|
|
@@ -39,6 +45,12 @@ export interface WhoCanAllowed {
|
|
|
39
45
|
conditions?: any;
|
|
40
46
|
dependsOnSessionName?: boolean;
|
|
41
47
|
}
|
|
48
|
+
export interface WhoCanDenyDetail {
|
|
49
|
+
principal: string;
|
|
50
|
+
service: string;
|
|
51
|
+
action: string;
|
|
52
|
+
details: RequestDenial[];
|
|
53
|
+
}
|
|
42
54
|
export interface WhoCanResponse {
|
|
43
55
|
simulationCount: number;
|
|
44
56
|
allowed: WhoCanAllowed[];
|
|
@@ -47,6 +59,7 @@ export interface WhoCanResponse {
|
|
|
47
59
|
organizationsNotFound: string[];
|
|
48
60
|
organizationalUnitsNotFound: string[];
|
|
49
61
|
principalsNotFound: string[];
|
|
62
|
+
denyDetails?: WhoCanDenyDetail[] | undefined;
|
|
50
63
|
}
|
|
51
64
|
export declare function whoCan(collectConfigs: TopLevelConfig[], partition: string, request: ResourceAccessRequest): Promise<WhoCanResponse>;
|
|
52
65
|
export declare function uniqueAccountsToCheck(collectClient: IamCollectClient, accountsToCheck: AccountsToCheck): Promise<{
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"whoCan.d.ts","sourceRoot":"","sources":["../../../src/whoCan/whoCan.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAA;AAC3D,OAAO,EAOL,YAAY,EACb,MAAM,yBAAyB,CAAA;
|
|
1
|
+
{"version":3,"file":"whoCan.d.ts","sourceRoot":"","sources":["../../../src/whoCan/whoCan.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAA;AAC3D,OAAO,EAOL,YAAY,EACb,MAAM,yBAAyB,CAAA;AAEhC,OAAO,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAA;AAU3D,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAA;AAIvD,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAA;AAQnD,OAAO,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAA;AAE3D,MAAM,WAAW,qBAAqB;IACpC;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAA;IAEjB;;;;OAIG;IACH,eAAe,CAAC,EAAE,MAAM,CAAA;IAExB;;OAEG;IACH,OAAO,EAAE,MAAM,EAAE,CAAA;IAEjB;;OAEG;IACH,IAAI,CAAC,EAAE,OAAO,CAAA;IAEd;;OAEG;IACH,cAAc,CAAC,EAAE,cAAc,CAAA;IAE/B;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,CAAA;IAEtB;;OAEG;IACH,mBAAmB,CAAC,EAAE,CAAC,OAAO,EAAE,oBAAoB,KAAK,OAAO,CAAA;CACjE;AAED,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,MAAM,CAAA;IACjB,OAAO,EAAE,MAAM,CAAA;IACf,MAAM,EAAE,MAAM,CAAA;IACd,KAAK,EAAE,MAAM,CAAA;IACb,UAAU,CAAC,EAAE,GAAG,CAAA;IAChB,oBAAoB,CAAC,EAAE,OAAO,CAAA;CAC/B;AAED,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,MAAM,CAAA;IACjB,OAAO,EAAE,MAAM,CAAA;IACf,MAAM,EAAE,MAAM,CAAA;IACd,OAAO,EAAE,aAAa,EAAE,CAAA;CACzB;AAED,MAAM,WAAW,cAAc;IAC7B,eAAe,EAAE,MAAM,CAAA;IACvB,OAAO,EAAE,aAAa,EAAE,CAAA;IACxB,kBAAkB,EAAE,OAAO,CAAA;IAC3B,gBAAgB,EAAE,MAAM,EAAE,CAAA;IAC1B,qBAAqB,EAAE,MAAM,EAAE,CAAA;IAC/B,2BAA2B,EAAE,MAAM,EAAE,CAAA;IACrC,kBAAkB,EAAE,MAAM,EAAE,CAAA;IAC5B,WAAW,CAAC,EAAE,gBAAgB,EAAE,GAAG,SAAS,CAAA;CAC7C;AAeD,wBAAsB,MAAM,CAC1B,cAAc,EAAE,cAAc,EAAE,EAChC,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,qBAAqB,GAC7B,OAAO,CAAC,cAAc,CAAC,CA6PzB;AAoBD,wBAAsB,qBAAqB,CACzC,aAAa,EAAE,gBAAgB,EAC/B,eAAe,EAAE,eAAe,GAC/B,OAAO,CAAC;IACT,gBAAgB,EAAE,MAAM,EAAE,CAAA;IAC1B,qBAAqB,EAAE,MAAM,EAAE,CAAA;IAC/B,2BAA2B,EAAE,MAAM,EAAE,CAAA;IACrC,QAAQ,EAAE,MAAM,EAAE,CAAA;CACnB,CAAC,CAiDD;AAED,MAAM,WAAW,eAAe;IAC9B,WAAW,EAAE,OAAO,CAAA;IACpB,gBAAgB,EAAE,MAAM,EAAE,CAAA;IAC1B,kBAAkB,EAAE,MAAM,EAAE,CAAA;IAC5B,qBAAqB,EAAE,MAAM,EAAE,CAAA;IAC/B,2BAA2B,EAAE,MAAM,EAAE,CAAA;CACtC;AAED,wBAAsB,oCAAoC,CACxD,cAAc,EAAE,GAAG,EACnB,eAAe,EAAE,MAAM,GAAG,SAAS,GAClC,OAAO,CAAC,eAAe,CAAC,CA2E1B;AAED,wBAAsB,gBAAgB,CAAC,OAAO,EAAE,qBAAqB,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CA4BxF;AAED;;;;;;;GAOG;AACH,wBAAsB,2BAA2B,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAsBxF;AAED,wBAAsB,sBAAsB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC,CAqBjG;AAED;;;;;GAKG;AACH,wBAAgB,6BAA6B,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAOrE;AAcD;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,cAAc,EAAE,cAAc,QAyB/D"}
|
|
@@ -39,6 +39,7 @@ async function whoCan(collectConfigs, partition, request) {
|
|
|
39
39
|
// It's possible in bundled environments that the worker script path may not be found, so handle that gracefully.
|
|
40
40
|
const numWorkers = getNumberOfWorkers(request.workerThreads);
|
|
41
41
|
const workerPath = (0, workerScript_js_1.getWorkerScriptPath)('whoCan/WhoCanWorkerThreadWorker.js');
|
|
42
|
+
const collectDenyDetails = !!request.denyDetailsCallback;
|
|
42
43
|
const workers = !workerPath
|
|
43
44
|
? []
|
|
44
45
|
: new Array(numWorkers).fill(undefined).map((val) => {
|
|
@@ -47,7 +48,8 @@ async function whoCan(collectConfigs, partition, request) {
|
|
|
47
48
|
collectConfigs: collectConfigs,
|
|
48
49
|
partition,
|
|
49
50
|
concurrency: 50,
|
|
50
|
-
s3AbacOverride: request.s3AbacOverride
|
|
51
|
+
s3AbacOverride: request.s3AbacOverride,
|
|
52
|
+
collectDenyDetails
|
|
51
53
|
}
|
|
52
54
|
});
|
|
53
55
|
});
|
|
@@ -85,6 +87,7 @@ async function whoCan(collectConfigs, partition, request) {
|
|
|
85
87
|
let simulationCount = 0;
|
|
86
88
|
const simulateQueue = new StreamingWorkQueue_js_1.StreamingWorkQueue();
|
|
87
89
|
const simulationErrors = [];
|
|
90
|
+
const denyDetails = [];
|
|
88
91
|
const onComplete = (result) => {
|
|
89
92
|
simulationCount++;
|
|
90
93
|
if (result.status === 'fulfilled' && result.value) {
|
|
@@ -95,7 +98,7 @@ async function whoCan(collectConfigs, partition, request) {
|
|
|
95
98
|
simulationErrors.push(result);
|
|
96
99
|
}
|
|
97
100
|
};
|
|
98
|
-
const mainThreadWorker = (0, WhoCanMainThreadWorker_js_1.createMainThreadStreamingWorkQueue)(simulateQueue, collectClient, request.s3AbacOverride, onComplete);
|
|
101
|
+
const mainThreadWorker = (0, WhoCanMainThreadWorker_js_1.createMainThreadStreamingWorkQueue)(simulateQueue, collectClient, request.s3AbacOverride, onComplete, request.denyDetailsCallback, (detail) => denyDetails.push(detail));
|
|
99
102
|
workers.forEach((worker) => {
|
|
100
103
|
worker.on('message', (msg) => {
|
|
101
104
|
if (msg.type === 'requestTask') {
|
|
@@ -105,6 +108,18 @@ async function whoCan(collectConfigs, partition, request) {
|
|
|
105
108
|
if (msg.type === 'result') {
|
|
106
109
|
onComplete(msg.result);
|
|
107
110
|
}
|
|
111
|
+
if (msg.type === 'checkDenyDetails') {
|
|
112
|
+
// Run the callback on main thread to check if we should include deny details
|
|
113
|
+
const shouldInclude = request.denyDetailsCallback?.(msg.lightAnalysis) ?? false;
|
|
114
|
+
worker.postMessage({
|
|
115
|
+
type: 'denyDetailsCheckResult',
|
|
116
|
+
checkId: msg.checkId,
|
|
117
|
+
shouldInclude
|
|
118
|
+
});
|
|
119
|
+
}
|
|
120
|
+
if (msg.type === 'denyDetailsResult') {
|
|
121
|
+
denyDetails.push(msg.denyDetail);
|
|
122
|
+
}
|
|
108
123
|
});
|
|
109
124
|
});
|
|
110
125
|
simulateQueue.setWorkAvailableCallback(() => {
|
|
@@ -193,7 +208,8 @@ async function whoCan(collectConfigs, partition, request) {
|
|
|
193
208
|
accountsNotFound: uniqueAccounts.accountsNotFound,
|
|
194
209
|
organizationsNotFound: uniqueAccounts.organizationsNotFound,
|
|
195
210
|
organizationalUnitsNotFound: uniqueAccounts.organizationalUnitsNotFound,
|
|
196
|
-
principalsNotFound: principalsNotFound
|
|
211
|
+
principalsNotFound: principalsNotFound,
|
|
212
|
+
denyDetails: request.denyDetailsCallback ? denyDetails : undefined
|
|
197
213
|
};
|
|
198
214
|
if (request.sort) {
|
|
199
215
|
sortWhoCanResults(results);
|
|
@@ -448,6 +464,21 @@ function sortWhoCanResults(whoCanResponse) {
|
|
|
448
464
|
return 1;
|
|
449
465
|
return 0;
|
|
450
466
|
});
|
|
467
|
+
whoCanResponse.denyDetails?.sort((a, b) => {
|
|
468
|
+
if (a.principal < b.principal)
|
|
469
|
+
return -1;
|
|
470
|
+
if (a.principal > b.principal)
|
|
471
|
+
return 1;
|
|
472
|
+
if (a.service < b.service)
|
|
473
|
+
return -1;
|
|
474
|
+
if (a.service > b.service)
|
|
475
|
+
return 1;
|
|
476
|
+
if (a.action < b.action)
|
|
477
|
+
return -1;
|
|
478
|
+
if (a.action > b.action)
|
|
479
|
+
return 1;
|
|
480
|
+
return 0;
|
|
481
|
+
});
|
|
451
482
|
whoCanResponse.accountsNotFound.sort();
|
|
452
483
|
whoCanResponse.organizationsNotFound.sort();
|
|
453
484
|
whoCanResponse.organizationalUnitsNotFound.sort();
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"whoCan.js","sourceRoot":"","sources":["../../../src/whoCan/whoCan.ts"],"names":[],"mappings":";;AAoGA,wBA+OC;AAoBD,sDAyDC;AAUD,oFA8EC;AAED,4CA4BC;AAUD,kEAsBC;AAED,wDAqBC;AAQD,sEAOC;AAmBD,8CAeC;AA7nBD,sDAQgC;AAChC,0DAAsD;AACtD,wDAMiC;AACjC,4CAA+E;AAC/E,mDAAuC;AAEvC,sDAAwD;AACxD,kDAAuF;AACvF,4CAAqC;AAErC,4CAAmD;AACnD,8DAA8D;AAE9D,4FAAqF;AACrF,4EAAqE;AACrE,2EAAgF;AAyDhF;;;;;GAKG;AACH,SAAS,kBAAkB,CAAC,aAAiC;IAC3D,IAAI,OAAO,aAAa,KAAK,QAAQ,IAAI,aAAa,IAAI,CAAC,EAAE,CAAC;QAC5D,OAAO,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,CAAA;IAClC,CAAC;IACD,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAA,kBAAY,GAAE,GAAG,CAAC,CAAC,CAAA;AACxC,CAAC;AAEM,KAAK,UAAU,MAAM,CAC1B,cAAgC,EAChC,SAAiB,EACjB,OAA8B;IAE9B,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAA;IAE5B,wDAAwD;IACxD,iHAAiH;IACjH,MAAM,UAAU,GAAG,kBAAkB,CAAC,OAAO,CAAC,aAAa,CAAC,CAAA;IAC5D,MAAM,UAAU,GAAG,IAAA,qCAAmB,EAAC,oCAAoC,CAAC,CAAA;IAC5E,MAAM,OAAO,GAAG,CAAC,UAAU;QACzB,CAAC,CAAC,EAAE;QACJ,CAAC,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;YAChD,OAAO,IAAI,uBAAM,CAAC,UAAU,EAAE;gBAC5B,UAAU,EAAE;oBACV,cAAc,EAAE,cAAc;oBAC9B,SAAS;oBACT,WAAW,EAAE,EAAE;oBACf,cAAc,EAAE,OAAO,CAAC,cAAc;iBACvC;aACF,CAAC,CAAA;QACJ,CAAC,CAAC,CAAA;IAEN,MAAM,aAAa,GAAG,IAAA,6BAAgB,EAAC,cAAc,EAAE,SAAS,EAAE;QAChE,aAAa,EAAE,IAAI,0DAA0B,CAAC,OAAO,CAAC;KACvD,CAAC,CAAA;IAEF,IAAI,CAAC,OAAO,CAAC,eAAe,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;QAClD,MAAM,IAAI,KAAK,CAAC,qEAAqE,CAAC,CAAA;IACxF,CAAC;IAED,IAAI,QAAQ,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAC7C,MAAM,IAAI,KAAK,CAAC,yBAAyB,QAAQ,8BAA8B,CAAC,CAAA;IAClF,CAAC;IAED,MAAM,eAAe,GACnB,OAAO,CAAC,eAAe,IAAI,CAAC,MAAM,IAAA,sCAAuB,EAAC,aAAa,EAAE,QAAS,CAAC,CAAC,CAAA;IAEtF,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,MAAM,IAAI,KAAK,CAAC,+CAA+C,QAAQ,EAAE,CAAC,CAAA;IAC5E,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,gBAAgB,CAAC,OAAO,CAAC,CAAA;IAC/C,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAA;IACzE,CAAC;IAED,IAAI,cAAc,GAAQ,SAAS,CAAA;IACnC,IAAI,QAAQ,EAAE,CAAC;QACb,cAAc,GAAG,MAAM,IAAA,2CAA4B,EAAC,aAAa,EAAE,QAAQ,EAAE,eAAe,CAAC,CAAA;QAC7F,MAAM,WAAW,GAAG,IAAI,YAAG,CAAC,QAAQ,CAAC,CAAA;QACrC,IACE,CAAC,WAAW,CAAC,OAAO,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,CAAC;YAC5D,WAAW,CAAC,OAAO,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC,CAAC;YAC/D,CAAC,cAAc,EACf,CAAC;YACD,MAAM,IAAI,KAAK,CACb,sCAAsC,QAAQ,iDAAiD,CAChG,CAAA;QACH,CAAC;IACH,CAAC;IAED,MAAM,eAAe,GAAG,MAAM,oCAAoC,CAChE,cAAc,EACd,eAAe,CAChB,CAAA;IAED,MAAM,cAAc,GAAG,MAAM,qBAAqB,CAAC,aAAa,EAAE,eAAe,CAAC,CAAA;IAElF,MAAM,aAAa,GAAoB,EAAE,CAAA;IAEzC,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAA,kBAAY,GAAE,GAAG,CAAC,CAAC,CAAC,CAAA;IAEjE,IAAI,eAAe,GAAG,CAAC,CAAA;IACvB,MAAM,aAAa,GAAG,IAAI,0CAAkB,EAAkB,CAAA;IAE9D,MAAM,gBAAgB,GAAU,EAAE,CAAA;IAElC,MAAM,UAAU,GAAG,CAAC,MAAqE,EAAE,EAAE;QAC3F,eAAe,EAAE,CAAA;QACjB,IAAI,MAAM,CAAC,MAAM,KAAK,WAAW,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YAClD,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;QAClC,CAAC;aAAM,IAAI,MAAM,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;YACxC,OAAO,CAAC,KAAK,CAAC,2BAA2B,EAAE,MAAM,CAAC,MAAM,CAAC,CAAA;YACzD,gBAAgB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QAC/B,CAAC;IACH,CAAC,CAAA;IAED,MAAM,gBAAgB,GAAG,IAAA,8DAAkC,EACzD,aAAa,EACb,aAAa,EACb,OAAO,CAAC,cAAc,EACtB,UAAU,CACX,CAAA;IAED,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE;QACzB,MAAM,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,GAAG,EAAE,EAAE;YAC3B,IAAI,GAAG,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;gBAC/B,MAAM,IAAI,GAAG,aAAa,CAAC,OAAO,EAAE,CAAA;gBACpC,MAAM,CAAC,WAAW,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAA;YACpE,CAAC;YACD,IAAI,GAAG,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAC1B,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;YACxB,CAAC;QACH,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IAEF,aAAa,CAAC,wBAAwB,CAAC,GAAG,EAAE;QAC1C,gBAAgB,CAAC,mBAAmB,EAAE,CAAA;QACtC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC,CAAC,CAAA;IAClE,CAAC,CAAC,CAAA;IAEF,MAAM,YAAY,GAAG,IAAI,uBAAiB,CACxC,WAAW,EACX,OAAO,EACP,KAAK,EAAE,QAAQ,EAAE,EAAE,GAAE,CAAC,CACvB,CAAA;IAED,MAAM,oBAAoB,GAAG,MAAM,aAAa,CAAC,oBAAoB,EAAE,CAAA;IACvE,IAAI,oBAAoB,EAAE,CAAC;QACzB,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,MAAM,iBAAiB,GAAG,MAAM,aAAa,CAAC,8BAA8B,CAC1E,eAAe,EACf,cAAc,CAAC,QAAQ,EACvB,MAAM,CACP,CAAA;YACD,KAAK,MAAM,SAAS,IAAI,iBAAiB,IAAI,EAAE,EAAE,CAAC;gBAChD,aAAa,CAAC,OAAO,CAAC;oBACpB,QAAQ;oBACR,MAAM;oBACN,SAAS;oBACT,eAAe;iBAChB,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;IACH,CAAC;SAAM,CAAC;QACN,KAAK,MAAM,OAAO,IAAI,cAAc,CAAC,QAAQ,EAAE,CAAC;YAC9C,YAAY,CAAC,OAAO,CAAC;gBACnB,UAAU,EAAE,EAAE;gBACd,OAAO,EAAE,KAAK,IAAI,EAAE;oBAClB,MAAM,UAAU,GAAG,MAAM,aAAa,CAAC,yBAAyB,CAAC,OAAO,CAAC,CAAA;oBACzE,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;wBACnC,MAAM,sBAAsB,CAC1B,aAAa,EACb,aAAa,EACb,SAAS,EACT,QAAQ,EACR,eAAe,EACf,OAAO,CACR,CAAA;oBACH,CAAC;gBACH,CAAC;aACF,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,MAAM,kBAAkB,GAAa,EAAE,CAAA;IACvC,KAAK,MAAM,SAAS,IAAI,eAAe,CAAC,kBAAkB,EAAE,CAAC;QAC3D,YAAY,CAAC,OAAO,CAAC;YACnB,UAAU,EAAE,EAAE;YACd,OAAO,EAAE,KAAK,IAAI,EAAE;gBAClB,IAAI,IAAA,8BAAkB,EAAC,SAAS,CAAC,EAAE,CAAC;oBAClC,MAAM,sBAAsB,CAC1B,aAAa,EACb,aAAa,EACb,SAAS,EACT,QAAQ,EACR,eAAe,EACf,OAAO,CACR,CAAA;gBACH,CAAC;qBAAM,IACL,IAAA,wBAAY,EAAC,SAAS,CAAC;oBACvB,IAAA,wBAAY,EAAC,SAAS,CAAC;oBACvB,IAAA,4BAAgB,EAAC,SAAS,CAAC,EAC3B,CAAC;oBACD,MAAM,eAAe,GAAG,MAAM,aAAa,CAAC,eAAe,CAAC,SAAS,CAAC,CAAA;oBACtE,IAAI,CAAC,eAAe,EAAE,CAAC;wBACrB,kBAAkB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;oBACpC,CAAC;yBAAM,CAAC;wBACN,MAAM,sBAAsB,CAC1B,aAAa,EACb,aAAa,EACb,SAAS,EACT,QAAQ,EACR,eAAe,EACf,OAAO,CACR,CAAA;oBACH,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,qDAAqD;oBACrD,kBAAkB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;gBACpC,CAAC;YACH,CAAC;SACF,CAAC,CAAA;IACJ,CAAC;IAED,MAAM,YAAY,CAAC,aAAa,EAAE,CAAA;IAClC,sCAAsC;IAEtC,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE;QAC5C,OAAO,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC3C,MAAM,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,GAAG,EAAE,EAAE;gBAC3B,IAAI,GAAG,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;oBAC5B,MAAM,CAAC,SAAS,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC,CAAA;gBAC1C,CAAC;YACH,CAAC,CAAC,CAAA;YACF,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;gBACzB,OAAO,CAAC,KAAK,CAAC,eAAe,EAAE,GAAG,CAAC,CAAA;gBACnC,MAAM,CAAC,GAAG,CAAC,CAAA;YACb,CAAC,CAAC,CAAA;YACF,MAAM,CAAC,WAAW,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,CAAA;QAC5C,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IAEF,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC,gBAAgB,CAAC,aAAa,EAAE,EAAE,GAAG,cAAc,CAAC,CAAC,CAAA;IAExE,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,OAAO,CAAC,KAAK,CAAC,kBAAkB,gBAAgB,CAAC,MAAM,qBAAqB,CAAC,CAAA;QAC7E,MAAM,IAAI,KAAK,CACb,kBAAkB,gBAAgB,CAAC,MAAM,wCAAwC,CAClF,CAAA;IACH,CAAC;IAED,MAAM,OAAO,GAAG;QACd,eAAe;QACf,OAAO,EAAE,aAAa;QACtB,kBAAkB,EAAE,eAAe,CAAC,WAAW;QAC/C,gBAAgB,EAAE,cAAc,CAAC,gBAAgB;QACjD,qBAAqB,EAAE,cAAc,CAAC,qBAAqB;QAC3D,2BAA2B,EAAE,cAAc,CAAC,2BAA2B;QACvE,kBAAkB,EAAE,kBAAkB;KACvC,CAAA;IAED,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,iBAAiB,CAAC,OAAO,CAAC,CAAA;IAC5B,CAAC;IAED,OAAO,OAAO,CAAA;AAChB,CAAC;AAED,KAAK,UAAU,sBAAsB,CACnC,aAA+B,EAC/B,eAA6F,EAC7F,SAAiB,EACjB,QAA4B,EAC5B,eAAuB,EACvB,OAAiB;IAEjB,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,eAAe,CAAC,OAAO,CAAC;YACtB,QAAQ;YACR,MAAM;YACN,SAAS;YACT,eAAe;SAChB,CAAC,CAAA;IACJ,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,qBAAqB,CACzC,aAA+B,EAC/B,eAAgC;IAOhC,MAAM,WAAW,GAAG;QAClB,gBAAgB,EAAE,EAAc;QAChC,qBAAqB,EAAE,EAAc;QACrC,2BAA2B,EAAE,EAAc;QAC3C,QAAQ,EAAE,EAAc;KACzB,CAAA;IAED,IAAI,eAAe,CAAC,WAAW,EAAE,CAAC;QAChC,WAAW,CAAC,QAAQ,GAAG,MAAM,aAAa,CAAC,WAAW,EAAE,CAAA;QACxD,OAAO,WAAW,CAAA;IACpB,CAAC;IAED,MAAM,cAAc,GAAG,IAAI,GAAG,EAAU,CAAA;IACxC,KAAK,MAAM,OAAO,IAAI,eAAe,CAAC,gBAAgB,IAAI,EAAE,EAAE,CAAC;QAC7D,MAAM,aAAa,GAAG,MAAM,aAAa,CAAC,aAAa,CAAC,OAAO,CAAC,CAAA;QAChE,IAAI,aAAa,EAAE,CAAC;YAClB,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QAC7B,CAAC;aAAM,CAAC;YACN,WAAW,CAAC,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QAC5C,CAAC;IACH,CAAC;IAED,KAAK,MAAM,MAAM,IAAI,eAAe,CAAC,2BAA2B,IAAI,EAAE,EAAE,CAAC;QACvE,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QAC/B,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;QACtB,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;QAEhC,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,MAAM,aAAa,CAAC,qBAAqB,CAAC,KAAK,EAAE,SAAS,CAAC,CAAA;QACrF,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QAC7B,CAAC;QACD,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,WAAW,CAAC,2BAA2B,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QACtD,CAAC;IACH,CAAC;IAED,KAAK,MAAM,KAAK,IAAI,eAAe,CAAC,qBAAqB,IAAI,EAAE,EAAE,CAAC;QAChE,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,MAAM,aAAa,CAAC,0BAA0B,CAAC,KAAK,CAAC,CAAA;QAC/E,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QAC7B,CAAC;QACD,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,WAAW,CAAC,qBAAqB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAC/C,CAAC;IACH,CAAC;IAED,WAAW,CAAC,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAA;IACjD,OAAO,WAAW,CAAA;AACpB,CAAC;AAUM,KAAK,UAAU,oCAAoC,CACxD,cAAmB,EACnB,eAAmC;IAEnC,MAAM,eAAe,GAAoB;QACvC,WAAW,EAAE,KAAK;QAClB,gBAAgB,EAAE,EAAE;QACpB,kBAAkB,EAAE,EAAE;QACtB,qBAAqB,EAAE,EAAE;QACzB,2BAA2B,EAAE,EAAE;KAChC,CAAA;IACD,IAAI,eAAe,EAAE,CAAC;QACpB,eAAe,CAAC,gBAAgB,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;IACxD,CAAC;IACD,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,OAAO,eAAe,CAAA;IACxB,CAAC;IAED,MAAM,MAAM,GAAG,IAAA,uBAAU,EAAC,cAAc,CAAC,CAAA;IACzC,KAAK,MAAM,SAAS,IAAI,MAAM,CAAC,UAAU,EAAE,EAAE,CAAC;QAC5C,IAAI,SAAS,CAAC,OAAO,EAAE,IAAI,SAAS,CAAC,uBAAuB,EAAE,EAAE,CAAC;YAC/D,eAAe,CAAC,WAAW,GAAG,IAAI,CAAA;QACpC,CAAC;QACD,IAAI,SAAS,CAAC,OAAO,EAAE,IAAI,SAAS,CAAC,oBAAoB,EAAE,EAAE,CAAC;YAC5D,MAAM,UAAU,GAAG,SAAS,CAAC,UAAU,EAAE,CAAA;YACzC,IAAI,oBAAoB,GAAG,KAAK,CAAA;YAChC,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;gBACnC,IAAI,SAAS,CAAC,mBAAmB,EAAE,EAAE,CAAC;oBACpC,oBAAoB,GAAG,IAAI,CAAA;gBAC7B,CAAC;qBAAM,IAAI,SAAS,CAAC,kBAAkB,EAAE,EAAE,CAAC;oBAC1C,eAAe,CAAC,gBAAgB,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC,CAAA;gBAC9D,CAAC;qBAAM,CAAC;oBACN,eAAe,CAAC,kBAAkB,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC,CAAA;gBAC5D,CAAC;YACH,CAAC;YAED,IAAI,oBAAoB,EAAE,CAAC;gBACzB,MAAM,YAAY,GAAG,EAAE,CAAA;gBACvB,MAAM,WAAW,GAAG,EAAE,CAAA;gBACtB,MAAM,gBAAgB,GAAG,EAAE,CAAA;gBAE3B,MAAM,UAAU,GAAG,SAAS,CAAC,UAAU,EAAE,CAAA;gBACzC,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;oBAC9B,IACE,IAAI,CAAC,YAAY,EAAE,CAAC,WAAW,EAAE,KAAK,oBAAoB;wBAC1D,IAAI,CAAC,SAAS,EAAE,CAAC,KAAK,EAAE,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,cAAc,CAAC;wBACjE,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,gCAAgC;sBAC7F,CAAC;wBACD,YAAY,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC,CAAA;oBAC9C,CAAC;oBACD,IACE,IAAI,CAAC,YAAY,EAAE,CAAC,WAAW,EAAE,KAAK,uBAAuB;wBAC7D,IAAI,CAAC,SAAS,EAAE,CAAC,YAAY,EAAE,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,cAAc,CAAC;wBACxE,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,gCAAgC;sBAC7F,CAAC;wBACD,WAAW,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC,CAAA;oBAC7C,CAAC;oBACD,IACE,IAAI,CAAC,YAAY,EAAE,CAAC,WAAW,EAAE,KAAK,sBAAsB;wBAC5D,IAAI,CAAC,SAAS,EAAE,CAAC,KAAK,EAAE,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,cAAc,CAAC;wBACjE,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,gCAAgC;sBAC7F,CAAC;wBACD,gBAAgB,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC,CAAA;oBAClD,CAAC;gBACH,CAAC;gBACD,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAChC,eAAe,CAAC,gBAAgB,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,CAAA;gBAC5D,CAAC;qBAAM,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAClC,eAAe,CAAC,2BAA2B,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,CAAA;gBAClE,CAAC;qBAAM,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACnC,eAAe,CAAC,qBAAqB,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAA;gBAC7D,CAAC;qBAAM,CAAC;oBACN,eAAe,CAAC,WAAW,GAAG,IAAI,CAAA;gBACpC,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,eAAe,CAAA;AACxB,CAAC;AAEM,KAAK,UAAU,gBAAgB,CAAC,OAA8B;IACnE,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAA;IAE3B,IAAI,OAAO,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAClC,MAAM,YAAY,GAAa,EAAE,CAAA;QACjC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;YAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACvB,SAAQ;YACV,CAAC;YACD,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,KAAK,CAAA;YACnC,MAAM,aAAa,GAAG,MAAM,IAAA,2BAAgB,EAAC,OAAO,CAAC,CAAA;YACrD,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnB,SAAQ;YACV,CAAC;YACD,MAAM,YAAY,GAAG,MAAM,IAAA,0BAAe,EAAC,OAAO,EAAE,UAAU,CAAC,CAAA;YAC/D,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,SAAQ;YACV,CAAC;YAED,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QAC3B,CAAC;QACD,OAAO,YAAY,CAAA;IACrB,CAAC;IACD,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;QACtB,OAAO,EAAE,CAAA;IACX,CAAC;IACD,OAAO,2BAA2B,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;AACtD,CAAC;AAED;;;;;;;GAOG;AACI,KAAK,UAAU,2BAA2B,CAAC,WAAmB;IACnE,MAAM,CAAC,OAAO,EAAE,YAAY,CAAC,GAAG,MAAM,sBAAsB,CAAC,WAAW,CAAC,CAAA;IACzE,MAAM,eAAe,GAAG,YAAY,CAAC,GAAG,CAAA;IAExC,MAAM,eAAe,GAAa,EAAE,CAAA;IACpC,MAAM,cAAc,GAAG,MAAM,IAAA,+BAAoB,EAAC,OAAO,CAAC,CAAA;IAC1D,KAAK,MAAM,MAAM,IAAI,cAAc,EAAE,CAAC;QACpC,MAAM,aAAa,GAAG,MAAM,IAAA,2BAAgB,EAAC,OAAO,EAAE,MAAM,CAAC,CAAA;QAC7D,KAAK,MAAM,EAAE,IAAI,aAAa,CAAC,aAAa,EAAE,CAAC;YAC7C,IAAI,EAAE,CAAC,IAAI,IAAI,eAAe,EAAE,CAAC;gBAC/B,eAAe,CAAC,IAAI,CAAC,GAAG,OAAO,IAAI,MAAM,EAAE,CAAC,CAAA;gBAC5C,MAAK,CAAC,wDAAwD;YAChE,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,YAAG,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,CAAC,CAAA;IACrF,IAAI,MAAM,EAAE,CAAC;QACX,eAAe,CAAC,IAAI,CAAC,GAAG,0BAAiB,CAAC,MAAM,EAAE,CAAC,CAAA;IACrD,CAAC;IAED,OAAO,eAAe,CAAA;AACxB,CAAC;AAEM,KAAK,UAAU,sBAAsB,CAAC,WAAmB;IAC9D,MAAM,QAAQ,GAAG,IAAA,yBAAa,EAAC,WAAW,CAAC,CAAA;IAC3C,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAQ,CAAC,WAAW,EAAE,CAAA;IAE/C,MAAM,aAAa,GAAG,MAAM,IAAA,2BAAgB,EAAC,OAAO,CAAC,CAAA;IACrD,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CAAC,0BAA0B,OAAO,iBAAiB,WAAW,EAAE,CAAC,CAAA;IAClF,CAAC;IAED,MAAM,mBAAmB,GAAG,MAAM,2BAA2B,CAAC,OAAO,CAAC,CAAA;IACtE,KAAK,MAAM,EAAE,IAAI,mBAAmB,EAAE,CAAC;QACrC,MAAM,OAAO,GAAG,6BAA6B,CAAC,EAAE,CAAC,GAAG,CAAC,CAAA;QACrD,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,CAAA;QACpD,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAA;QACtB,CAAC;IACH,CAAC;IAED,MAAM,IAAI,KAAK,CACb,4CAA4C,OAAO,iBAAiB,WAAW,GAAG,CACnF,CAAA;AACH,CAAC;AAED;;;;;GAKG;AACH,SAAgB,6BAA6B,CAAC,OAAe;IAC3D,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC,KAAK,EAAE,QAAQ,EAAE,EAAE;QAC9D,MAAM,IAAI,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;QACjD,MAAM,SAAS,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAA;QAC/D,OAAO,MAAM,SAAS,SAAS,CAAA;IACjC,CAAC,CAAC,CAAA;IACF,OAAO,IAAI,KAAK,GAAG,CAAA;AACrB,CAAC;AAED,KAAK,UAAU,2BAA2B,CAAC,OAAe;IACxD,MAAM,gBAAgB,GAAG,MAAM,IAAA,qCAA0B,EAAC,OAAO,CAAC,CAAA;IAClE,MAAM,mBAAmB,GAAmB,EAAE,CAAA;IAC9C,KAAK,MAAM,GAAG,IAAI,gBAAgB,EAAE,CAAC;QACnC,MAAM,OAAO,GAAG,MAAM,IAAA,iCAAsB,EAAC,OAAO,EAAE,GAAG,CAAC,CAAA;QAC1D,mBAAmB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IACnC,CAAC;IACD,OAAO,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACvC,OAAO,CAAC,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAA;IACpC,CAAC,CAAC,CAAA;AACJ,CAAC;AAED;;;;GAIG;AACH,SAAgB,iBAAiB,CAAC,cAA8B;IAC9D,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACnC,IAAI,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,SAAS;YAAE,OAAO,CAAC,CAAC,CAAA;QACxC,IAAI,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,SAAS;YAAE,OAAO,CAAC,CAAA;QACvC,IAAI,CAAC,CAAC,OAAO,GAAG,CAAC,CAAC,OAAO;YAAE,OAAO,CAAC,CAAC,CAAA;QACpC,IAAI,CAAC,CAAC,OAAO,GAAG,CAAC,CAAC,OAAO;YAAE,OAAO,CAAC,CAAA;QACnC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM;YAAE,OAAO,CAAC,CAAC,CAAA;QAClC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM;YAAE,OAAO,CAAC,CAAA;QACjC,OAAO,CAAC,CAAA;IACV,CAAC,CAAC,CAAA;IAEF,cAAc,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAA;IACtC,cAAc,CAAC,qBAAqB,CAAC,IAAI,EAAE,CAAA;IAC3C,cAAc,CAAC,2BAA2B,CAAC,IAAI,EAAE,CAAA;IACjD,cAAc,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAA;AAC1C,CAAC"}
|
|
1
|
+
{"version":3,"file":"whoCan.js","sourceRoot":"","sources":["../../../src/whoCan/whoCan.ts"],"names":[],"mappings":";;AAmHA,wBAiQC;AAoBD,sDAyDC;AAUD,oFA8EC;AAED,4CA4BC;AAUD,kEAsBC;AAED,wDAqBC;AAQD,sEAOC;AAmBD,8CAyBC;AAxqBD,sDAQgC;AAChC,0DAAsD;AAEtD,wDAMiC;AACjC,4CAA+E;AAC/E,mDAAuC;AAEvC,sDAAwD;AACxD,kDAAuF;AACvF,4CAAqC;AAErC,4CAAmD;AACnD,8DAA8D;AAE9D,4FAAqF;AACrF,4EAAqE;AACrE,2EAAgF;AAuEhF;;;;;GAKG;AACH,SAAS,kBAAkB,CAAC,aAAiC;IAC3D,IAAI,OAAO,aAAa,KAAK,QAAQ,IAAI,aAAa,IAAI,CAAC,EAAE,CAAC;QAC5D,OAAO,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,CAAA;IAClC,CAAC;IACD,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAA,kBAAY,GAAE,GAAG,CAAC,CAAC,CAAA;AACxC,CAAC;AAEM,KAAK,UAAU,MAAM,CAC1B,cAAgC,EAChC,SAAiB,EACjB,OAA8B;IAE9B,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAA;IAE5B,wDAAwD;IACxD,iHAAiH;IACjH,MAAM,UAAU,GAAG,kBAAkB,CAAC,OAAO,CAAC,aAAa,CAAC,CAAA;IAC5D,MAAM,UAAU,GAAG,IAAA,qCAAmB,EAAC,oCAAoC,CAAC,CAAA;IAC5E,MAAM,kBAAkB,GAAG,CAAC,CAAC,OAAO,CAAC,mBAAmB,CAAA;IACxD,MAAM,OAAO,GAAG,CAAC,UAAU;QACzB,CAAC,CAAC,EAAE;QACJ,CAAC,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;YAChD,OAAO,IAAI,uBAAM,CAAC,UAAU,EAAE;gBAC5B,UAAU,EAAE;oBACV,cAAc,EAAE,cAAc;oBAC9B,SAAS;oBACT,WAAW,EAAE,EAAE;oBACf,cAAc,EAAE,OAAO,CAAC,cAAc;oBACtC,kBAAkB;iBACnB;aACF,CAAC,CAAA;QACJ,CAAC,CAAC,CAAA;IAEN,MAAM,aAAa,GAAG,IAAA,6BAAgB,EAAC,cAAc,EAAE,SAAS,EAAE;QAChE,aAAa,EAAE,IAAI,0DAA0B,CAAC,OAAO,CAAC;KACvD,CAAC,CAAA;IAEF,IAAI,CAAC,OAAO,CAAC,eAAe,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;QAClD,MAAM,IAAI,KAAK,CAAC,qEAAqE,CAAC,CAAA;IACxF,CAAC;IAED,IAAI,QAAQ,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAC7C,MAAM,IAAI,KAAK,CAAC,yBAAyB,QAAQ,8BAA8B,CAAC,CAAA;IAClF,CAAC;IAED,MAAM,eAAe,GACnB,OAAO,CAAC,eAAe,IAAI,CAAC,MAAM,IAAA,sCAAuB,EAAC,aAAa,EAAE,QAAS,CAAC,CAAC,CAAA;IAEtF,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,MAAM,IAAI,KAAK,CAAC,+CAA+C,QAAQ,EAAE,CAAC,CAAA;IAC5E,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,gBAAgB,CAAC,OAAO,CAAC,CAAA;IAC/C,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAA;IACzE,CAAC;IAED,IAAI,cAAc,GAAQ,SAAS,CAAA;IACnC,IAAI,QAAQ,EAAE,CAAC;QACb,cAAc,GAAG,MAAM,IAAA,2CAA4B,EAAC,aAAa,EAAE,QAAQ,EAAE,eAAe,CAAC,CAAA;QAC7F,MAAM,WAAW,GAAG,IAAI,YAAG,CAAC,QAAQ,CAAC,CAAA;QACrC,IACE,CAAC,WAAW,CAAC,OAAO,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,CAAC;YAC5D,WAAW,CAAC,OAAO,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC,CAAC;YAC/D,CAAC,cAAc,EACf,CAAC;YACD,MAAM,IAAI,KAAK,CACb,sCAAsC,QAAQ,iDAAiD,CAChG,CAAA;QACH,CAAC;IACH,CAAC;IAED,MAAM,eAAe,GAAG,MAAM,oCAAoC,CAChE,cAAc,EACd,eAAe,CAChB,CAAA;IAED,MAAM,cAAc,GAAG,MAAM,qBAAqB,CAAC,aAAa,EAAE,eAAe,CAAC,CAAA;IAElF,MAAM,aAAa,GAAoB,EAAE,CAAA;IAEzC,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAA,kBAAY,GAAE,GAAG,CAAC,CAAC,CAAC,CAAA;IAEjE,IAAI,eAAe,GAAG,CAAC,CAAA;IACvB,MAAM,aAAa,GAAG,IAAI,0CAAkB,EAAkB,CAAA;IAE9D,MAAM,gBAAgB,GAAU,EAAE,CAAA;IAClC,MAAM,WAAW,GAAuB,EAAE,CAAA;IAE1C,MAAM,UAAU,GAAG,CAAC,MAAqE,EAAE,EAAE;QAC3F,eAAe,EAAE,CAAA;QACjB,IAAI,MAAM,CAAC,MAAM,KAAK,WAAW,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YAClD,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;QAClC,CAAC;aAAM,IAAI,MAAM,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;YACxC,OAAO,CAAC,KAAK,CAAC,2BAA2B,EAAE,MAAM,CAAC,MAAM,CAAC,CAAA;YACzD,gBAAgB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QAC/B,CAAC;IACH,CAAC,CAAA;IAED,MAAM,gBAAgB,GAAG,IAAA,8DAAkC,EACzD,aAAa,EACb,aAAa,EACb,OAAO,CAAC,cAAc,EACtB,UAAU,EACV,OAAO,CAAC,mBAAmB,EAC3B,CAAC,MAAM,EAAE,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,CACrC,CAAA;IAED,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE;QACzB,MAAM,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,GAAG,EAAE,EAAE;YAC3B,IAAI,GAAG,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;gBAC/B,MAAM,IAAI,GAAG,aAAa,CAAC,OAAO,EAAE,CAAA;gBACpC,MAAM,CAAC,WAAW,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAA;YACpE,CAAC;YACD,IAAI,GAAG,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAC1B,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;YACxB,CAAC;YACD,IAAI,GAAG,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;gBACpC,6EAA6E;gBAC7E,MAAM,aAAa,GAAG,OAAO,CAAC,mBAAmB,EAAE,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,KAAK,CAAA;gBAC/E,MAAM,CAAC,WAAW,CAAC;oBACjB,IAAI,EAAE,wBAAwB;oBAC9B,OAAO,EAAE,GAAG,CAAC,OAAO;oBACpB,aAAa;iBACd,CAAC,CAAA;YACJ,CAAC;YACD,IAAI,GAAG,CAAC,IAAI,KAAK,mBAAmB,EAAE,CAAC;gBACrC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;YAClC,CAAC;QACH,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IAEF,aAAa,CAAC,wBAAwB,CAAC,GAAG,EAAE;QAC1C,gBAAgB,CAAC,mBAAmB,EAAE,CAAA;QACtC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC,CAAC,CAAA;IAClE,CAAC,CAAC,CAAA;IAEF,MAAM,YAAY,GAAG,IAAI,uBAAiB,CACxC,WAAW,EACX,OAAO,EACP,KAAK,EAAE,QAAQ,EAAE,EAAE,GAAE,CAAC,CACvB,CAAA;IAED,MAAM,oBAAoB,GAAG,MAAM,aAAa,CAAC,oBAAoB,EAAE,CAAA;IACvE,IAAI,oBAAoB,EAAE,CAAC;QACzB,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,MAAM,iBAAiB,GAAG,MAAM,aAAa,CAAC,8BAA8B,CAC1E,eAAe,EACf,cAAc,CAAC,QAAQ,EACvB,MAAM,CACP,CAAA;YACD,KAAK,MAAM,SAAS,IAAI,iBAAiB,IAAI,EAAE,EAAE,CAAC;gBAChD,aAAa,CAAC,OAAO,CAAC;oBACpB,QAAQ;oBACR,MAAM;oBACN,SAAS;oBACT,eAAe;iBAChB,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;IACH,CAAC;SAAM,CAAC;QACN,KAAK,MAAM,OAAO,IAAI,cAAc,CAAC,QAAQ,EAAE,CAAC;YAC9C,YAAY,CAAC,OAAO,CAAC;gBACnB,UAAU,EAAE,EAAE;gBACd,OAAO,EAAE,KAAK,IAAI,EAAE;oBAClB,MAAM,UAAU,GAAG,MAAM,aAAa,CAAC,yBAAyB,CAAC,OAAO,CAAC,CAAA;oBACzE,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;wBACnC,MAAM,sBAAsB,CAC1B,aAAa,EACb,aAAa,EACb,SAAS,EACT,QAAQ,EACR,eAAe,EACf,OAAO,CACR,CAAA;oBACH,CAAC;gBACH,CAAC;aACF,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,MAAM,kBAAkB,GAAa,EAAE,CAAA;IACvC,KAAK,MAAM,SAAS,IAAI,eAAe,CAAC,kBAAkB,EAAE,CAAC;QAC3D,YAAY,CAAC,OAAO,CAAC;YACnB,UAAU,EAAE,EAAE;YACd,OAAO,EAAE,KAAK,IAAI,EAAE;gBAClB,IAAI,IAAA,8BAAkB,EAAC,SAAS,CAAC,EAAE,CAAC;oBAClC,MAAM,sBAAsB,CAC1B,aAAa,EACb,aAAa,EACb,SAAS,EACT,QAAQ,EACR,eAAe,EACf,OAAO,CACR,CAAA;gBACH,CAAC;qBAAM,IACL,IAAA,wBAAY,EAAC,SAAS,CAAC;oBACvB,IAAA,wBAAY,EAAC,SAAS,CAAC;oBACvB,IAAA,4BAAgB,EAAC,SAAS,CAAC,EAC3B,CAAC;oBACD,MAAM,eAAe,GAAG,MAAM,aAAa,CAAC,eAAe,CAAC,SAAS,CAAC,CAAA;oBACtE,IAAI,CAAC,eAAe,EAAE,CAAC;wBACrB,kBAAkB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;oBACpC,CAAC;yBAAM,CAAC;wBACN,MAAM,sBAAsB,CAC1B,aAAa,EACb,aAAa,EACb,SAAS,EACT,QAAQ,EACR,eAAe,EACf,OAAO,CACR,CAAA;oBACH,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,qDAAqD;oBACrD,kBAAkB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;gBACpC,CAAC;YACH,CAAC;SACF,CAAC,CAAA;IACJ,CAAC;IAED,MAAM,YAAY,CAAC,aAAa,EAAE,CAAA;IAClC,sCAAsC;IAEtC,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE;QAC5C,OAAO,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC3C,MAAM,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,GAAG,EAAE,EAAE;gBAC3B,IAAI,GAAG,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;oBAC5B,MAAM,CAAC,SAAS,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC,CAAA;gBAC1C,CAAC;YACH,CAAC,CAAC,CAAA;YACF,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;gBACzB,OAAO,CAAC,KAAK,CAAC,eAAe,EAAE,GAAG,CAAC,CAAA;gBACnC,MAAM,CAAC,GAAG,CAAC,CAAA;YACb,CAAC,CAAC,CAAA;YACF,MAAM,CAAC,WAAW,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,CAAA;QAC5C,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IAEF,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC,gBAAgB,CAAC,aAAa,EAAE,EAAE,GAAG,cAAc,CAAC,CAAC,CAAA;IAExE,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,OAAO,CAAC,KAAK,CAAC,kBAAkB,gBAAgB,CAAC,MAAM,qBAAqB,CAAC,CAAA;QAC7E,MAAM,IAAI,KAAK,CACb,kBAAkB,gBAAgB,CAAC,MAAM,wCAAwC,CAClF,CAAA;IACH,CAAC;IAED,MAAM,OAAO,GAAG;QACd,eAAe;QACf,OAAO,EAAE,aAAa;QACtB,kBAAkB,EAAE,eAAe,CAAC,WAAW;QAC/C,gBAAgB,EAAE,cAAc,CAAC,gBAAgB;QACjD,qBAAqB,EAAE,cAAc,CAAC,qBAAqB;QAC3D,2BAA2B,EAAE,cAAc,CAAC,2BAA2B;QACvE,kBAAkB,EAAE,kBAAkB;QACtC,WAAW,EAAE,OAAO,CAAC,mBAAmB,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;KACnE,CAAA;IAED,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,iBAAiB,CAAC,OAAO,CAAC,CAAA;IAC5B,CAAC;IAED,OAAO,OAAO,CAAA;AAChB,CAAC;AAED,KAAK,UAAU,sBAAsB,CACnC,aAA+B,EAC/B,eAA6F,EAC7F,SAAiB,EACjB,QAA4B,EAC5B,eAAuB,EACvB,OAAiB;IAEjB,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,eAAe,CAAC,OAAO,CAAC;YACtB,QAAQ;YACR,MAAM;YACN,SAAS;YACT,eAAe;SAChB,CAAC,CAAA;IACJ,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,qBAAqB,CACzC,aAA+B,EAC/B,eAAgC;IAOhC,MAAM,WAAW,GAAG;QAClB,gBAAgB,EAAE,EAAc;QAChC,qBAAqB,EAAE,EAAc;QACrC,2BAA2B,EAAE,EAAc;QAC3C,QAAQ,EAAE,EAAc;KACzB,CAAA;IAED,IAAI,eAAe,CAAC,WAAW,EAAE,CAAC;QAChC,WAAW,CAAC,QAAQ,GAAG,MAAM,aAAa,CAAC,WAAW,EAAE,CAAA;QACxD,OAAO,WAAW,CAAA;IACpB,CAAC;IAED,MAAM,cAAc,GAAG,IAAI,GAAG,EAAU,CAAA;IACxC,KAAK,MAAM,OAAO,IAAI,eAAe,CAAC,gBAAgB,IAAI,EAAE,EAAE,CAAC;QAC7D,MAAM,aAAa,GAAG,MAAM,aAAa,CAAC,aAAa,CAAC,OAAO,CAAC,CAAA;QAChE,IAAI,aAAa,EAAE,CAAC;YAClB,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QAC7B,CAAC;aAAM,CAAC;YACN,WAAW,CAAC,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QAC5C,CAAC;IACH,CAAC;IAED,KAAK,MAAM,MAAM,IAAI,eAAe,CAAC,2BAA2B,IAAI,EAAE,EAAE,CAAC;QACvE,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QAC/B,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;QACtB,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;QAEhC,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,MAAM,aAAa,CAAC,qBAAqB,CAAC,KAAK,EAAE,SAAS,CAAC,CAAA;QACrF,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QAC7B,CAAC;QACD,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,WAAW,CAAC,2BAA2B,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QACtD,CAAC;IACH,CAAC;IAED,KAAK,MAAM,KAAK,IAAI,eAAe,CAAC,qBAAqB,IAAI,EAAE,EAAE,CAAC;QAChE,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,MAAM,aAAa,CAAC,0BAA0B,CAAC,KAAK,CAAC,CAAA;QAC/E,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QAC7B,CAAC;QACD,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,WAAW,CAAC,qBAAqB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAC/C,CAAC;IACH,CAAC;IAED,WAAW,CAAC,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAA;IACjD,OAAO,WAAW,CAAA;AACpB,CAAC;AAUM,KAAK,UAAU,oCAAoC,CACxD,cAAmB,EACnB,eAAmC;IAEnC,MAAM,eAAe,GAAoB;QACvC,WAAW,EAAE,KAAK;QAClB,gBAAgB,EAAE,EAAE;QACpB,kBAAkB,EAAE,EAAE;QACtB,qBAAqB,EAAE,EAAE;QACzB,2BAA2B,EAAE,EAAE;KAChC,CAAA;IACD,IAAI,eAAe,EAAE,CAAC;QACpB,eAAe,CAAC,gBAAgB,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;IACxD,CAAC;IACD,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,OAAO,eAAe,CAAA;IACxB,CAAC;IAED,MAAM,MAAM,GAAG,IAAA,uBAAU,EAAC,cAAc,CAAC,CAAA;IACzC,KAAK,MAAM,SAAS,IAAI,MAAM,CAAC,UAAU,EAAE,EAAE,CAAC;QAC5C,IAAI,SAAS,CAAC,OAAO,EAAE,IAAI,SAAS,CAAC,uBAAuB,EAAE,EAAE,CAAC;YAC/D,eAAe,CAAC,WAAW,GAAG,IAAI,CAAA;QACpC,CAAC;QACD,IAAI,SAAS,CAAC,OAAO,EAAE,IAAI,SAAS,CAAC,oBAAoB,EAAE,EAAE,CAAC;YAC5D,MAAM,UAAU,GAAG,SAAS,CAAC,UAAU,EAAE,CAAA;YACzC,IAAI,oBAAoB,GAAG,KAAK,CAAA;YAChC,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;gBACnC,IAAI,SAAS,CAAC,mBAAmB,EAAE,EAAE,CAAC;oBACpC,oBAAoB,GAAG,IAAI,CAAA;gBAC7B,CAAC;qBAAM,IAAI,SAAS,CAAC,kBAAkB,EAAE,EAAE,CAAC;oBAC1C,eAAe,CAAC,gBAAgB,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC,CAAA;gBAC9D,CAAC;qBAAM,CAAC;oBACN,eAAe,CAAC,kBAAkB,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC,CAAA;gBAC5D,CAAC;YACH,CAAC;YAED,IAAI,oBAAoB,EAAE,CAAC;gBACzB,MAAM,YAAY,GAAG,EAAE,CAAA;gBACvB,MAAM,WAAW,GAAG,EAAE,CAAA;gBACtB,MAAM,gBAAgB,GAAG,EAAE,CAAA;gBAE3B,MAAM,UAAU,GAAG,SAAS,CAAC,UAAU,EAAE,CAAA;gBACzC,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;oBAC9B,IACE,IAAI,CAAC,YAAY,EAAE,CAAC,WAAW,EAAE,KAAK,oBAAoB;wBAC1D,IAAI,CAAC,SAAS,EAAE,CAAC,KAAK,EAAE,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,cAAc,CAAC;wBACjE,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,gCAAgC;sBAC7F,CAAC;wBACD,YAAY,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC,CAAA;oBAC9C,CAAC;oBACD,IACE,IAAI,CAAC,YAAY,EAAE,CAAC,WAAW,EAAE,KAAK,uBAAuB;wBAC7D,IAAI,CAAC,SAAS,EAAE,CAAC,YAAY,EAAE,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,cAAc,CAAC;wBACxE,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,gCAAgC;sBAC7F,CAAC;wBACD,WAAW,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC,CAAA;oBAC7C,CAAC;oBACD,IACE,IAAI,CAAC,YAAY,EAAE,CAAC,WAAW,EAAE,KAAK,sBAAsB;wBAC5D,IAAI,CAAC,SAAS,EAAE,CAAC,KAAK,EAAE,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,cAAc,CAAC;wBACjE,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,gCAAgC;sBAC7F,CAAC;wBACD,gBAAgB,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC,CAAA;oBAClD,CAAC;gBACH,CAAC;gBACD,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAChC,eAAe,CAAC,gBAAgB,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,CAAA;gBAC5D,CAAC;qBAAM,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAClC,eAAe,CAAC,2BAA2B,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,CAAA;gBAClE,CAAC;qBAAM,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACnC,eAAe,CAAC,qBAAqB,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAA;gBAC7D,CAAC;qBAAM,CAAC;oBACN,eAAe,CAAC,WAAW,GAAG,IAAI,CAAA;gBACpC,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,eAAe,CAAA;AACxB,CAAC;AAEM,KAAK,UAAU,gBAAgB,CAAC,OAA8B;IACnE,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAA;IAE3B,IAAI,OAAO,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAClC,MAAM,YAAY,GAAa,EAAE,CAAA;QACjC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;YAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACvB,SAAQ;YACV,CAAC;YACD,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,KAAK,CAAA;YACnC,MAAM,aAAa,GAAG,MAAM,IAAA,2BAAgB,EAAC,OAAO,CAAC,CAAA;YACrD,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnB,SAAQ;YACV,CAAC;YACD,MAAM,YAAY,GAAG,MAAM,IAAA,0BAAe,EAAC,OAAO,EAAE,UAAU,CAAC,CAAA;YAC/D,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,SAAQ;YACV,CAAC;YAED,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QAC3B,CAAC;QACD,OAAO,YAAY,CAAA;IACrB,CAAC;IACD,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;QACtB,OAAO,EAAE,CAAA;IACX,CAAC;IACD,OAAO,2BAA2B,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;AACtD,CAAC;AAED;;;;;;;GAOG;AACI,KAAK,UAAU,2BAA2B,CAAC,WAAmB;IACnE,MAAM,CAAC,OAAO,EAAE,YAAY,CAAC,GAAG,MAAM,sBAAsB,CAAC,WAAW,CAAC,CAAA;IACzE,MAAM,eAAe,GAAG,YAAY,CAAC,GAAG,CAAA;IAExC,MAAM,eAAe,GAAa,EAAE,CAAA;IACpC,MAAM,cAAc,GAAG,MAAM,IAAA,+BAAoB,EAAC,OAAO,CAAC,CAAA;IAC1D,KAAK,MAAM,MAAM,IAAI,cAAc,EAAE,CAAC;QACpC,MAAM,aAAa,GAAG,MAAM,IAAA,2BAAgB,EAAC,OAAO,EAAE,MAAM,CAAC,CAAA;QAC7D,KAAK,MAAM,EAAE,IAAI,aAAa,CAAC,aAAa,EAAE,CAAC;YAC7C,IAAI,EAAE,CAAC,IAAI,IAAI,eAAe,EAAE,CAAC;gBAC/B,eAAe,CAAC,IAAI,CAAC,GAAG,OAAO,IAAI,MAAM,EAAE,CAAC,CAAA;gBAC5C,MAAK,CAAC,wDAAwD;YAChE,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,YAAG,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,CAAC,CAAA;IACrF,IAAI,MAAM,EAAE,CAAC;QACX,eAAe,CAAC,IAAI,CAAC,GAAG,0BAAiB,CAAC,MAAM,EAAE,CAAC,CAAA;IACrD,CAAC;IAED,OAAO,eAAe,CAAA;AACxB,CAAC;AAEM,KAAK,UAAU,sBAAsB,CAAC,WAAmB;IAC9D,MAAM,QAAQ,GAAG,IAAA,yBAAa,EAAC,WAAW,CAAC,CAAA;IAC3C,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAQ,CAAC,WAAW,EAAE,CAAA;IAE/C,MAAM,aAAa,GAAG,MAAM,IAAA,2BAAgB,EAAC,OAAO,CAAC,CAAA;IACrD,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CAAC,0BAA0B,OAAO,iBAAiB,WAAW,EAAE,CAAC,CAAA;IAClF,CAAC;IAED,MAAM,mBAAmB,GAAG,MAAM,2BAA2B,CAAC,OAAO,CAAC,CAAA;IACtE,KAAK,MAAM,EAAE,IAAI,mBAAmB,EAAE,CAAC;QACrC,MAAM,OAAO,GAAG,6BAA6B,CAAC,EAAE,CAAC,GAAG,CAAC,CAAA;QACrD,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,CAAA;QACpD,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAA;QACtB,CAAC;IACH,CAAC;IAED,MAAM,IAAI,KAAK,CACb,4CAA4C,OAAO,iBAAiB,WAAW,GAAG,CACnF,CAAA;AACH,CAAC;AAED;;;;;GAKG;AACH,SAAgB,6BAA6B,CAAC,OAAe;IAC3D,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC,KAAK,EAAE,QAAQ,EAAE,EAAE;QAC9D,MAAM,IAAI,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;QACjD,MAAM,SAAS,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAA;QAC/D,OAAO,MAAM,SAAS,SAAS,CAAA;IACjC,CAAC,CAAC,CAAA;IACF,OAAO,IAAI,KAAK,GAAG,CAAA;AACrB,CAAC;AAED,KAAK,UAAU,2BAA2B,CAAC,OAAe;IACxD,MAAM,gBAAgB,GAAG,MAAM,IAAA,qCAA0B,EAAC,OAAO,CAAC,CAAA;IAClE,MAAM,mBAAmB,GAAmB,EAAE,CAAA;IAC9C,KAAK,MAAM,GAAG,IAAI,gBAAgB,EAAE,CAAC;QACnC,MAAM,OAAO,GAAG,MAAM,IAAA,iCAAsB,EAAC,OAAO,EAAE,GAAG,CAAC,CAAA;QAC1D,mBAAmB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IACnC,CAAC;IACD,OAAO,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACvC,OAAO,CAAC,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAA;IACpC,CAAC,CAAC,CAAA;AACJ,CAAC;AAED;;;;GAIG;AACH,SAAgB,iBAAiB,CAAC,cAA8B;IAC9D,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACnC,IAAI,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,SAAS;YAAE,OAAO,CAAC,CAAC,CAAA;QACxC,IAAI,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,SAAS;YAAE,OAAO,CAAC,CAAA;QACvC,IAAI,CAAC,CAAC,OAAO,GAAG,CAAC,CAAC,OAAO;YAAE,OAAO,CAAC,CAAC,CAAA;QACpC,IAAI,CAAC,CAAC,OAAO,GAAG,CAAC,CAAC,OAAO;YAAE,OAAO,CAAC,CAAA;QACnC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM;YAAE,OAAO,CAAC,CAAC,CAAA;QAClC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM;YAAE,OAAO,CAAC,CAAA;QACjC,OAAO,CAAC,CAAA;IACV,CAAC,CAAC,CAAA;IAEF,cAAc,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACxC,IAAI,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,SAAS;YAAE,OAAO,CAAC,CAAC,CAAA;QACxC,IAAI,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,SAAS;YAAE,OAAO,CAAC,CAAA;QACvC,IAAI,CAAC,CAAC,OAAO,GAAG,CAAC,CAAC,OAAO;YAAE,OAAO,CAAC,CAAC,CAAA;QACpC,IAAI,CAAC,CAAC,OAAO,GAAG,CAAC,CAAC,OAAO;YAAE,OAAO,CAAC,CAAA;QACnC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM;YAAE,OAAO,CAAC,CAAC,CAAA;QAClC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM;YAAE,OAAO,CAAC,CAAA;QACjC,OAAO,CAAC,CAAA;IACV,CAAC,CAAC,CAAA;IAEF,cAAc,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAA;IACtC,cAAc,CAAC,qBAAqB,CAAC,IAAI,EAAE,CAAA;IAC3C,cAAc,CAAC,2BAA2B,CAAC,IAAI,EAAE,CAAA;IACjD,cAAc,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAA;AAC1C,CAAC"}
|
|
@@ -4,7 +4,8 @@ import { S3AbacOverride } from '../utils/s3Abac.js';
|
|
|
4
4
|
import { ArrayStreamingWorkQueue } from '../workers/ArrayStreamingWorkQueue.js';
|
|
5
5
|
import { PullBasedJobRunner } from '../workers/JobRunner.js';
|
|
6
6
|
import { StreamingWorkQueue } from '../workers/StreamingWorkQueue.js';
|
|
7
|
-
import {
|
|
8
|
-
import {
|
|
9
|
-
|
|
7
|
+
import { LightRequestAnalysis } from './requestAnalysis.js';
|
|
8
|
+
import { WhoCanAllowed, WhoCanDenyDetail } from './whoCan.js';
|
|
9
|
+
import { WhoCanExecutionResult, WhoCanWorkItem } from './WhoCanWorker.js';
|
|
10
|
+
export declare function createMainThreadStreamingWorkQueue(queue: StreamingWorkQueue<WhoCanWorkItem> | ArrayStreamingWorkQueue<WhoCanWorkItem>, collectClient: IamCollectClient, s3AbacOverride: S3AbacOverride | undefined, onComplete: (result: JobResult<WhoCanAllowed | undefined, Record<string, unknown>>) => void, denyDetailsCallback?: (details: LightRequestAnalysis) => boolean, onDenyDetail?: (detail: WhoCanDenyDetail) => void): PullBasedJobRunner<WhoCanExecutionResult, Record<string, unknown>, WhoCanWorkItem>;
|
|
10
11
|
//# sourceMappingURL=WhoCanMainThreadWorker.d.ts.map
|