@drunk-pulumi/azure 0.0.37 → 0.0.38

package/VNet/FirewallPolicies/CloudPCFirewallPolicy.js

@@ -1,303 +1,191 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-const Location_1 = require("../../Common/Location");
-exports.default = ({ name, location, vnetAddressSpace, enableCloudPcRules = true, enableDeveloperResources = true, enableAzureResources = true, allowIpCheckApi = true, allowFullOutboundAddress, }) => {
-    location = (0, Location_1.getLocation)(location);
-    const networkRules = new Array();
-    const applicationRules = new Array();
-    if (allowFullOutboundAddress) {
-        networkRules.push({
-            ruleType: 'NetworkRule',
-            name: 'allow-out-all',
-            description: 'Allow out all',
-            ipProtocols: ['TCP'],
-            sourceAddresses: allowFullOutboundAddress,
-            destinationAddresses: ['*'],
-            destinationPorts: ['443'],
+const AzureEnv_1 = require("../../Common/AzureEnv");
+const FirewallPolicy_1 = require("../FirewallPolicy");
+exports.default = ({ name = "cloud-pc", priority, subnetSpaces, allowsOffice365, allowsAzure, allowsAzDevOps, allowsK8sTools, allowIpCheckApi, allowsSearch, allowAllOutbound, }) => {
+    const netRules = new Array();
+    const appRules = new Array();
+    if (allowAllOutbound) {
+        netRules.push({
+            ruleType: "NetworkRule",
+            name: `${name}-net-allow-all-outbound`,
+            description: "CloudPc allows all outbound",
+            ipProtocols: ["TCP"],
+            sourceAddresses: subnetSpaces,
+            destinationAddresses: ["*"],
+            destinationPorts: ["443"],
         });
     }
-    if (enableCloudPcRules) {
-        networkRules.push({
-            ruleType: 'NetworkRule',
-            name: 'allow-AVD-traffic',
-            description: 'AVD traffic',
-            ipProtocols: ['TCP'],
-            sourceAddresses: vnetAddressSpace,
-            destinationAddresses: ['169.254.169.254', '168.63.129.16'],
-            destinationPorts: ['80'],
-        }, {
-            ruleType: 'NetworkRule',
-            name: 'allow-AVD-WA',
-            description: 'AVD WA',
-            ipProtocols: ['TCP'],
-            sourceAddresses: vnetAddressSpace,
-            destinationAddresses: ['23.102.135.246'],
-            destinationPorts: ['1688'],
-        }, {
-            ruleType: 'NetworkRule',
-            name: 'allow-time-sync',
-            description: 'Win time sync',
-            ipProtocols: ['UDP'],
-            sourceAddresses: vnetAddressSpace,
-            destinationFqdns: ['time.windows.com'],
-            destinationPorts: ['123'],
-        }, {
-            ruleType: 'NetworkRule',
-            name: 'allow-AzureDevOps',
-            description: 'AzureDevOps',
-            ipProtocols: ['TCP'],
-            sourceAddresses: vnetAddressSpace,
-            destinationAddresses: [
-                '13.107.6.0/24',
-                '13.107.9.0/24',
-                '13.107.42.0/24',
-                '13.107.43.0/24',
+    //Default PC Rules
+    appRules.push({
+        ruleType: "ApplicationRule",
+        name: `${name}-app-allow-fqdnTags`,
+        description: "Allows Windows Updates",
+        sourceAddresses: subnetSpaces,
+        fqdnTags: ["WindowsUpdate", "WindowsDiagnostics"],
+        protocols: [{ protocolType: "Https", port: 443 }],
+    });
+    if (allowsAzure) {
+        netRules.push({
+            ruleType: "NetworkRule",
+            name: `${name}-net-allows-azure`,
+            description: "Allows Cloud PC to access to Azure.",
+            ipProtocols: ["TCP", "UDP"],
+            sourceAddresses: subnetSpaces,
+            destinationAddresses: [`AzureCloud.${AzureEnv_1.currentRegionCode}`],
+            destinationPorts: ["443", "445", "22"],
+        });
+        netRules.push({
+            ruleType: "NetworkRule",
+            name: `${name}-net-allows-azure-all`,
+            description: "Allows Cloud PC to access to Azure.",
+            ipProtocols: ["TCP", "UDP"],
+            sourceAddresses: subnetSpaces,
+            destinationAddresses: [`AzureCloud`],
+            destinationPorts: ["443", "445", "22"],
+        });
+        appRules.push({
+            ruleType: "ApplicationRule",
+            name: `${name}-app-allow-azure-fqdnTags`,
+            description: "Allows Windows Updates",
+            sourceAddresses: subnetSpaces,
+            fqdnTags: [
+                "AzureBackup",
+                "AzureKubernetesService",
+                "AzureActiveDirectoryDomainServices",
             ],
-            destinationPorts: ['443'],
-        }, {
-            ruleType: 'NetworkRule',
-            name: 'allow-ServiceBus',
-            description: 'ServiceBus',
-            ipProtocols: ['TCP'],
-            sourceAddresses: vnetAddressSpace,
-            destinationFqdns: ['servicebus.windows.net'],
-            destinationPorts: [
-                '5671',
-                '5672',
-                '9350',
-                '9351',
-                '9352',
-                '9353',
-                '9354',
+            protocols: [{ protocolType: "Https", port: 443 }],
+        });
+        appRules.push({
+            ruleType: "ApplicationRule",
+            name: `${name}-app-allow-access-azure-portal`,
+            description: "Allows Ip Azure Portal",
+            sourceAddresses: subnetSpaces,
+            targetFqdns: [
+                "*.azure.com",
+                "*.azure.net",
+                "*.microsoftonline.com",
+                "*.msauth.net",
+                "*.msauthimages.net",
+                "*.msecnd.net",
+                "*.msftauth.net",
+                "*.msftauthimages.net",
             ],
-        }, {
-            ruleType: 'NetworkRule',
-            name: 'allow-Azure',
-            description: 'Allows Azure',
-            ipProtocols: ['TCP'],
-            sourceAddresses: vnetAddressSpace,
+            protocols: [{ protocolType: "Https", port: 443 }],
+        });
+    }
+    if (allowsAzDevOps) {
+        netRules.push({
+            ruleType: "NetworkRule",
+            name: `${name}-net-allow-AzureDevOps`,
+            description: "AzureDevOps",
+            ipProtocols: ["TCP"],
+            sourceAddresses: subnetSpaces,
             destinationAddresses: [
-                `ApiManagement.SoutheastAsia`,
-                `AzureCloud.SoutheastAsia`,
-                `AzureContainerRegistry.SoutheastAsia`,
-                `AzureCosmosDB.SoutheastAsia`,
-                `AzureKeyVault.SoutheastAsia`,
-                `EventHub.SoutheastAsia`,
-                `MicrosoftContainerRegistry.SoutheastAsia`,
-                `ServiceBus.SoutheastAsia`,
-                `Storage.SoutheastAsia`,
+                "13.107.6.0/24",
+                "13.107.9.0/24",
+                "13.107.42.0/24",
+                "13.107.43.0/24",
             ],
-            destinationPorts: ['443'],
-        }, {
-            ruleType: 'NetworkRule',
-            name: 'allow-Azure-Db',
-            description: 'Allows Azure Sql',
-            ipProtocols: ['TCP'],
-            sourceAddresses: vnetAddressSpace,
-            destinationAddresses: [`Sql.SoutheastAsia`],
-            destinationPorts: ['1433', '1434', '11000-11999', '14000-14999'],
-        });
-        applicationRules.push({
-            ruleType: 'ApplicationRule',
-            name: 'allow-AVD-vvd',
-            description: 'WindowsVirtualDesktop traffic',
-            sourceAddresses: allowFullOutboundAddress,
-            fqdnTags: ['WindowsVirtualDesktop'],
-        }, {
-            ruleType: 'ApplicationRule',
-            name: 'allow-AVD-Diagnostics',
-            description: 'WindowsVirtualDesktop Diagnostics',
-            sourceAddresses: allowFullOutboundAddress,
-            //protocols: [{ protocolType: 'Https', port: 443 }],
-            fqdnTags: ['WindowsDiagnostics'],
-        }, {
-            ruleType: 'ApplicationRule',
-            name: 'allow-AVD-Update',
-            description: 'WindowsVirtualDesktop Update',
-            sourceAddresses: allowFullOutboundAddress,
-            //protocols: [{ protocolType: 'Https', port: 443 }],
-            fqdnTags: ['WindowsUpdate'],
-        }, {
-            ruleType: 'ApplicationRule',
-            name: 'allow-AVD-times',
-            description: 'Allow ADV Times',
-            protocols: [{ protocolType: 'Https', port: 443 }],
-            sourceAddresses: allowFullOutboundAddress,
-            targetFqdns: ['*.core.windows.net', '*.servicebus.windows.net'],
+            destinationPorts: ["443"],
         });
-    }
-    if (enableDeveloperResources) {
-        applicationRules.push({
-            ruleType: 'ApplicationRule',
-            name: 'allow-others-https',
-            description: 'Allow others HTTPs',
-            protocols: [{ protocolType: 'Https', port: 443 }],
-            sourceAddresses: allowFullOutboundAddress,
+        appRules.push({
+            ruleType: "ApplicationRule",
+            name: `${name}-app-allow-azure-resources`,
+            description: "Allows Azure Resources",
+            protocols: [{ protocolType: "Https", port: 443 }],
+            sourceAddresses: subnetSpaces,
             targetFqdns: [
-                '*.digicert.com',
-                //Draw.io
-                'draw.io',
-                'draw.net',
-                '*.draw.io',
-                '*.draw.net',
-                '*.diagrams.net',
-                'python.org',
-                '*.pulumi.com',
-            ],
-        }, {
-            ruleType: 'ApplicationRule',
-            name: 'allow-others-http',
-            description: 'Allow others HTTP',
-            protocols: [{ protocolType: 'Http', port: 80 }],
-            sourceAddresses: allowFullOutboundAddress,
-            targetFqdns: ['*.digicert.com'],
-        }, {
-            ruleType: 'ApplicationRule',
-            name: 'allow-choco',
-            description: 'Allow choco',
-            protocols: [
-                { protocolType: 'Http', port: 80 },
-                { protocolType: 'Https', port: 443 },
+                //Azure DevOps
+                "*.dev.azure.com",
+                "*.vsassets.io",
+                "*gallerycdn.vsassets.io",
+                "*vstmrblob.vsassets.io",
+                "aadcdn.msauth.net",
+                "aadcdn.msftauth.net",
+                "aex.dev.azure.com",
+                "aexprodea1.vsaex.visualstudio.com",
+                "amcdn.msftauth.net",
+                "amp.azure.net",
+                "app.vssps.dev.azure.com",
+                "app.vssps.visualstudio.com",
+                "*.vssps.visualstudio.com",
+                "azure.microsoft.com",
+                "azurecomcdn.azureedge.net",
+                "cdn.vsassets.io",
+                "dev.azure.com",
+                "go.microsoft.com",
+                "graph.microsoft.com",
+                "live.com",
+                "login.live.com",
+                "login.microsoftonline.com",
+                "management.azure.com",
+                "management.core.windows.net",
+                "microsoft.com",
+                "microsoftonline.com",
+                "static2.sharepointonline.com",
+                "visualstudio.com",
+                "vsrm.dev.azure.com",
+                "vstsagentpackage.azureedge.net",
+                "windows.net",
+                "login.microsoftonline.com",
+                "app.vssps.visualstudio.com",
+                "*.blob.core.windows.net",
             ],
-            sourceAddresses: allowFullOutboundAddress,
-            targetFqdns: ['*.chocolatey.org', 'chocolatey.org'],
         });
     }
-    if (enableAzureResources) {
-        applicationRules.push({
-            ruleType: 'ApplicationRule',
-            name: 'allow-azure-resources',
-            description: 'Allows Azure Resources',
-            protocols: [{ protocolType: 'Https', port: 443 }],
-            sourceAddresses: allowFullOutboundAddress,
+    if (allowsK8sTools) {
+        appRules.push({
+            ruleType: "ApplicationRule",
+            name: `${name}-app-allow-k8s-lens`,
+            description: "Allows K8s Lens",
+            sourceAddresses: subnetSpaces,
             targetFqdns: [
-                //AKS
-                '*.hcp.southeastasia.azmk8s.io',
-                'dl.k8s.io',
-                '*.googleapis.com',
-                //Azure DevOps
-                '*.dev.azure.com',
-                '*.vsassets.io',
-                '*gallerycdn.vsassets.io',
-                '*vstmrblob.vsassets.io',
-                'aadcdn.msauth.net',
-                'aadcdn.msftauth.net',
-                'aex.dev.azure.com',
-                'aexprodea1.vsaex.visualstudio.com',
-                'amcdn.msftauth.net',
-                'amp.azure.net',
-                'app.vssps.dev.azure.com',
-                'app.vssps.visualstudio.com',
-                '*.vssps.visualstudio.com',
-                'azure.microsoft.com',
-                'azurecomcdn.azureedge.net',
-                'cdn.vsassets.io',
-                'dev.azure.com',
-                'go.microsoft.com',
-                'graph.microsoft.com',
-                'live.com',
-                'login.live.com',
-                'login.microsoftonline.com',
-                'management.azure.com',
-                'management.core.windows.net',
-                'microsoft.com',
-                'microsoftonline.com',
-                'static2.sharepointonline.com',
-                'visualstudio.com',
-                'vsrm.dev.azure.com',
-                'vstsagentpackage.azureedge.net',
-                'windows.net',
-                'login.microsoftonline.com',
-                'app.vssps.visualstudio.com',
-                'transwap.visualstudio.com',
-                '*.blob.core.windows.net',
-                'transwap.vsrm.visualstudio.com',
-                'transwap.vstmr.visualstudio.com',
-                'transwap.pkgs.visualstudio.com',
-                'transwap.vssps.visualstudio.com',
-                //Office 365
-                'transwapo365-my.sharepoint.com',
-                'admin.microsoft.com',
-                '*.office365.com',
-                '*.outlook.com',
-                '*.office.com',
-                '*.outlook.office.com',
-                'attachments.office.net',
-                '*.protection.outlook.com',
-                '*.mail.protection.outlook.com',
-                '*.officeapps.live.com',
-                '*.online.office.com',
-                'office.live.com',
-                '*.aria.microsoft.com',
-                '*.events.data.microsoft.com',
-                '*.o365weve.com',
-                'amp.azure.net',
-                'appsforoffice.microsoft.com',
-                'assets.onestore.ms',
-                'auth.gfx.ms',
-                'c1.microsoft.com',
-                'contentstorage.osi.office.net',
-                'dgps.support.microsoft.com',
-                'docs.microsoft.com',
-                'msdn.microsoft.com',
-                'platform.linkedin.com',
-                'prod.msocdn.com',
-                'shellprod.msocdn.com',
-                '*.cdn.office.net',
-                'support.content.office.net',
-                'support.microsoft.com',
-                'technet.microsoft.com',
-                'videocontent.osi.office.net',
-                'videoplayercdn.osi.office.net',
-                'identity.nel.measure.office.net',
-                //Azure
-                '*.login.microsoftonline.com',
-                '*.aadcdn.microsoftonline-p.com',
-                '*.aka.ms',
-                '*.applicationinsights.io',
-                '*.azure.com',
-                '*.azure.net',
-                '*.azure-api.net',
-                '*.azuredatalakestore.net',
-                '*.azureedge.net',
-                '*.loganalytics.io',
-                '*.microsoft.com',
-                '*.microsoftonline.com',
-                '*.microsoftonline-p.com',
-                '*.msauth.net',
-                '*.msftauth.net',
-                '*.trafficmanager.net',
-                '*.visualstudio.com',
-                '*.windows.net',
-                '*.windows-int.net',
-                '*.wns.windows.com',
-                '*.activity.windows.com',
-                '*.mp.microsoft.com',
-                //PowerBI
-                '*.powerbi.com',
-                '*.analysis.windows.net',
-                '*.frontend.clouddatahub.net',
-                '*.msftncsi.com',
-                '*.dc.services.visualstudio.com',
+                "*.k8slens.dev",
+                "github.com",
+                "*.githubassets.com",
+                "*.githubusercontent.com",
+                "*.googleapis.com",
+                "aka.ms",
+                "*.chocolatey.org",
             ],
+            protocols: [{ protocolType: "Https", port: 443 }],
+        });
+    }
+    if (allowsOffice365) {
+        appRules.push({
+            ruleType: "ApplicationRule",
+            name: `${name}-app-allow-office365`,
+            description: "Allows Office365",
+            sourceAddresses: subnetSpaces,
+            fqdnTags: ["Office365", "Office365.SharePoint"],
+            protocols: [{ protocolType: "Https", port: 443 }],
+        });
+    }
+    if (allowsSearch) {
+        appRules.push({
+            ruleType: "ApplicationRule",
+            name: `${name}-app-allow-search-engines`,
+            description: "Allows Search Engines",
+            sourceAddresses: subnetSpaces,
+            targetFqdns: ["google.com", "www.google.com", "bing.com", "www.bing.com"],
+            protocols: [{ protocolType: "Https", port: 443 }],
         });
     }
     if (allowIpCheckApi) {
-        applicationRules.push({
-            ruleType: 'ApplicationRule',
-            name: 'allow-ip-checks',
-            description: 'Allows Ip Checks',
-            protocols: [{ protocolType: 'Https', port: 443 }],
-            sourceAddresses: allowFullOutboundAddress,
-            targetFqdns: ['*.ipify.org', '*.myip.com', 'ip.me'],
+        appRules.push({
+            ruleType: "ApplicationRule",
+            name: `${name}-app-allow-ip-checks`,
+            description: "Allows Ip Checks",
+            sourceAddresses: subnetSpaces,
+            targetFqdns: ["ip.me", "ifconfig.me", "*.ifconfig.me"],
+            protocols: [{ protocolType: "Https", port: 443 }],
         });
     }
-    return [
-        {
-            name,
-            networkRules,
-            applicationRules,
-        },
-    ];
+    return (0, FirewallPolicy_1.FirewallPolicyGroup)({
+        policy: { name: "cloud-pc-firewall-policy", netRules, appRules },
+        priority,
+        action: "Allow",
+    });
 };
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQ2xvdWRQQ0ZpcmV3YWxsUG9saWN5LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL1ZOZXQvRmlyZXdhbGxQb2xpY2llcy9DbG91ZFBDRmlyZXdhbGxQb2xpY3kudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFHQSxvREFBb0Q7QUFhcEQsa0JBQWUsQ0FBQyxFQUNkLElBQUksRUFDSixRQUFRLEVBQ1IsZ0JBQWdCLEVBQ2hCLGtCQUFrQixHQUFHLElBQUksRUFDekIsd0JBQXdCLEdBQUcsSUFBSSxFQUMvQixvQkFBb0IsR0FBRyxJQUFJLEVBQzNCLGVBQWUsR0FBRyxJQUFJLEVBQ3RCLHdCQUF3QixHQUNsQixFQUE0QixFQUFFO0lBQ3BDLFFBQVEsR0FBRyxJQUFBLHNCQUFXLEVBQUMsUUFBUSxDQUFDLENBQUM7SUFFakMsTUFBTSxZQUFZLEdBQUcsSUFBSSxLQUFLLEVBQXlDLENBQUM7SUFDeEUsTUFBTSxnQkFBZ0IsR0FBRyxJQUFJLEtBQUssRUFFL0IsQ0FBQztJQUVKLElBQUksd0JBQXdCLEVBQUUsQ0FBQztRQUM3QixZQUFZLENBQUMsSUFBSSxDQUFDO1lBQ2hCLFFBQVEsRUFBRSxhQUFhO1lBQ3ZCLElBQUksRUFBRSxlQUFlO1lBQ3JCLFdBQVcsRUFBRSxlQUFlO1lBQzVCLFdBQVcsRUFBRSxDQUFDLEtBQUssQ0FBQztZQUNwQixlQUFlLEVBQUUsd0JBQXdCO1lBQ3pDLG9CQUFvQixFQUFFLENBQUMsR0FBRyxDQUFDO1lBQzNCLGdCQUFnQixFQUFFLENBQUMsS0FBSyxDQUFDO1NBQzFCLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRCxJQUFJLGtCQUFrQixFQUFFLENBQUM7UUFDdkIsWUFBWSxDQUFDLElBQUksQ0FDZjtZQUNFLFFBQVEsRUFBRSxhQUFhO1lBQ3ZCLElBQUksRUFBRSxtQkFBbUI7WUFDekIsV0FBVyxFQUFFLGFBQWE7WUFDMUIsV0FBVyxFQUFFLENBQUMsS0FBSyxDQUFDO1lBQ3BCLGVBQWUsRUFBRSxnQkFBZ0I7WUFDakMsb0JBQW9CLEVBQUUsQ0FBQyxpQkFBaUIsRUFBRSxlQUFlLENBQUM7WUFDMUQsZ0JBQWdCLEVBQUUsQ0FBQyxJQUFJLENBQUM7U0FDekIsRUFDRDtZQUNFLFFBQVEsRUFBRSxhQUFhO1lBQ3ZCLElBQUksRUFBRSxjQUFjO1lBQ3BCLFdBQVcsRUFBRSxRQUFRO1lBQ3JCLFdBQVcsRUFBRSxDQUFDLEtBQUssQ0FBQztZQUNwQixlQUFlLEVBQUUsZ0JBQWdCO1lBQ2pDLG9CQUFvQixFQUFFLENBQUMsZ0JBQWdCLENBQUM7WUFDeEMsZ0JBQWdCLEVBQUUsQ0FBQyxNQUFNLENBQUM7U0FDM0IsRUFDRDtZQUNFLFFBQVEsRUFBRSxhQUFhO1lBQ3ZCLElBQUksRUFBRSxpQkFBaUI7WUFDdkIsV0FBVyxFQUFFLGVBQWU7WUFDNUIsV0FBVyxFQUFFLENBQUMsS0FBSyxDQUFDO1lBQ3BCLGVBQWUsRUFBRSxnQkFBZ0I7WUFDakMsZ0JBQWdCLEVBQUUsQ0FBQyxrQkFBa0IsQ0FBQztZQUN0QyxnQkFBZ0IsRUFBRSxDQUFDLEtBQUssQ0FBQztTQUMxQixFQUNEO1lBQ0UsUUFBUSxFQUFFLGFBQWE7WUFDdkIsSUFBSSxFQUFFLG1CQUFtQjtZQUN6QixXQUFXLEVBQUUsYUFBYTtZQUMxQixXQUFXLEVBQUUsQ0FBQyxLQUFLLENBQUM7WUFDcEIsZUFBZSxFQUFFLGdCQUFnQjtZQUNqQyxvQkFBb0IsRUFBRTtnQkFDcEIsZUFBZTtnQkFDZixlQUFlO2dCQUNmLGdCQUFnQjtnQkFDaEIsZ0JBQWdCO2FBQ2pCO1lBQ0QsZ0JBQWdCLEVBQUUsQ0FBQyxLQUFLLENBQUM7U0FDMUIsRUFDRDtZQUNFLFFBQVEsRUFBRSxhQUFhO1lBQ3ZCLElBQUksRUFBRSxrQkFBa0I7WUFDeEIsV0FBVyxFQUFFLFlBQVk7WUFDekIsV0FBVyxFQUFFLENBQUMsS0FBSyxDQUFDO1lBQ3BCLGVBQWUsRUFBRSxnQkFBZ0I7WUFDakMsZ0JBQWdCLEVBQUUsQ0FBQyx3QkFBd0IsQ0FBQztZQUM1QyxnQkFBZ0IsRUFBRTtnQkFDaEIsTUFBTTtnQkFDTixNQUFNO2dCQUNOLE1BQU07Z0JBQ04sTUFBTTtnQkFDTixNQUFNO2dCQUNOLE1BQU07Z0JBQ04sTUFBTTthQUNQO1NBQ0YsRUFDRDtZQUNFLFFBQVEsRUFBRSxhQUFhO1lBQ3ZCLElBQUksRUFBRSxhQUFhO1lBQ25CLFdBQVcsRUFBRSxjQUFjO1lBQzNCLFdBQVcsRUFBRSxDQUFDLEtBQUssQ0FBQztZQUNwQixlQUFlLEVBQUUsZ0JBQWdCO1lBRWpDLG9CQUFvQixFQUFFO2dCQUNwQiw2QkFBNkI7Z0JBQzdCLDBCQUEwQjtnQkFDMUIsc0NBQXNDO2dCQUN0Qyw2QkFBNkI7Z0JBQzdCLDZCQUE2QjtnQkFDN0Isd0JBQXdCO2dCQUN4QiwwQ0FBMEM7Z0JBQzFDLDBCQUEwQjtnQkFDMUIsdUJBQXVCO2FBQ3hCO1lBQ0QsZ0JBQWdCLEVBQUUsQ0FBQyxLQUFLLENBQUM7U0FDMUIsRUFDRDtZQUNFLFFBQVEsRUFBRSxhQUFhO1lBQ3ZCLElBQUksRUFBRSxnQkFBZ0I7WUFDdEIsV0FBVyxFQUFFLGtCQUFrQjtZQUMvQixXQUFXLEVBQUUsQ0FBQyxLQUFLLENBQUM7WUFDcEIsZUFBZSxFQUFFLGdCQUFnQjtZQUNqQyxvQkFBb0IsRUFBRSxDQUFDLG1CQUFtQixDQUFDO1lBQzNDLGdCQUFnQixFQUFFLENBQUMsTUFBTSxFQUFFLE1BQU0sRUFBRSxhQUFhLEVBQUUsYUFBYSxDQUFDO1NBQ2pFLENBQ0YsQ0FBQztRQUVGLGdCQUFnQixDQUFDLElBQUksQ0FDbkI7WUFDRSxRQUFRLEVBQUUsaUJBQWlCO1lBQzNCLElBQUksRUFBRSxlQUFlO1lBQ3JCLFdBQVcsRUFBRSwrQkFBK0I7WUFDNUMsZUFBZSxFQUFFLHdCQUF3QjtZQUN6QyxRQUFRLEVBQUUsQ0FBQyx1QkFBdUIsQ0FBQztTQUNwQyxFQUNEO1lBQ0UsUUFBUSxFQUFFLGlCQUFpQjtZQUMzQixJQUFJLEVBQUUsdUJBQXVCO1lBQzdCLFdBQVcsRUFBRSxtQ0FBbUM7WUFDaEQsZUFBZSxFQUFFLHdCQUF3QjtZQUN6QyxvREFBb0Q7WUFDcEQsUUFBUSxFQUFFLENBQUMsb0JBQW9CLENBQUM7U0FDakMsRUFDRDtZQUNFLFFBQVEsRUFBRSxpQkFBaUI7WUFDM0IsSUFBSSxFQUFFLGtCQUFrQjtZQUN4QixXQUFXLEVBQUUsOEJBQThCO1lBQzNDLGVBQWUsRUFBRSx3QkFBd0I7WUFDekMsb0RBQW9EO1lBQ3BELFFBQVEsRUFBRSxDQUFDLGVBQWUsQ0FBQztTQUM1QixFQUNEO1lBQ0UsUUFBUSxFQUFFLGlCQUFpQjtZQUMzQixJQUFJLEVBQUUsaUJBQWlCO1lBQ3ZCLFdBQVcsRUFBRSxpQkFBaUI7WUFDOUIsU0FBUyxFQUFFLENBQUMsRUFBRSxZQUFZLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRSxHQUFHLEVBQUUsQ0FBQztZQUNqRCxlQUFlLEVBQUUsd0JBQXdCO1lBQ3pDLFdBQVcsRUFBRSxDQUFDLG9CQUFvQixFQUFFLDBCQUEwQixDQUFDO1NBQ2hFLENBQ0YsQ0FBQztJQUNKLENBQUM7SUFFRCxJQUFJLHdCQUF3QixFQUFFLENBQUM7UUFDN0IsZ0JBQWdCLENBQUMsSUFBSSxDQUNuQjtZQUNFLFFBQVEsRUFBRSxpQkFBaUI7WUFDM0IsSUFBSSxFQUFFLG9CQUFvQjtZQUMxQixXQUFXLEVBQUUsb0JBQW9CO1lBQ2pDLFNBQVMsRUFBRSxDQUFDLEVBQUUsWUFBWSxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsR0FBRyxFQUFFLENBQUM7WUFDakQsZUFBZSxFQUFFLHdCQUF3QjtZQUN6QyxXQUFXLEVBQUU7Z0JBQ1gsZ0JBQWdCO2dCQUVoQixTQUFTO2dCQUNULFNBQVM7Z0JBQ1QsVUFBVTtnQkFDVixXQUFXO2dCQUNYLFlBQVk7Z0JBQ1osZ0JBQWdCO2dCQUVoQixZQUFZO2dCQUNaLGNBQWM7YUFDZjtTQUNGLEVBQ0Q7WUFDRSxRQUFRLEVBQUUsaUJBQWlCO1lBQzNCLElBQUksRUFBRSxtQkFBbUI7WUFDekIsV0FBVyxFQUFFLG1CQUFtQjtZQUNoQyxTQUFTLEVBQUUsQ0FBQyxFQUFFLFlBQVksRUFBRSxNQUFNLEVBQUUsSUFBSSxFQUFFLEVBQUUsRUFBRSxDQUFDO1lBQy9DLGVBQWUsRUFBRSx3QkFBd0I7WUFDekMsV0FBVyxFQUFFLENBQUMsZ0JBQWdCLENBQUM7U0FDaEMsRUFDRDtZQUNFLFFBQVEsRUFBRSxpQkFBaUI7WUFDM0IsSUFBSSxFQUFFLGFBQWE7WUFDbkIsV0FBVyxFQUFFLGFBQWE7WUFDMUIsU0FBUyxFQUFFO2dCQUNULEVBQUUsWUFBWSxFQUFFLE1BQU0sRUFBRSxJQUFJLEVBQUUsRUFBRSxFQUFFO2dCQUNsQyxFQUFFLFlBQVksRUFBRSxPQUFPLEVBQUUsSUFBSSxFQUFFLEdBQUcsRUFBRTthQUNyQztZQUNELGVBQWUsRUFBRSx3QkFBd0I7WUFDekMsV0FBVyxFQUFFLENBQUMsa0JBQWtCLEVBQUUsZ0JBQWdCLENBQUM7U0FDcEQsQ0FDRixDQUFDO0lBQ0osQ0FBQztJQUVELElBQUksb0JBQW9CLEVBQUUsQ0FBQztRQUN6QixnQkFBZ0IsQ0FBQyxJQUFJLENBQUM7WUFDcEIsUUFBUSxFQUFFLGlCQUFpQjtZQUMzQixJQUFJLEVBQUUsdUJBQXVCO1lBQzdCLFdBQVcsRUFBRSx3QkFBd0I7WUFDckMsU0FBUyxFQUFFLENBQUMsRUFBRSxZQUFZLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRSxHQUFHLEVBQUUsQ0FBQztZQUNqRCxlQUFlLEVBQUUsd0JBQXdCO1lBQ3pDLFdBQVcsRUFBRTtnQkFDWCxLQUFLO2dCQUNMLCtCQUErQjtnQkFDL0IsV0FBVztnQkFDWCxrQkFBa0I7Z0JBRWxCLGNBQWM7Z0JBQ2QsaUJBQWlCO2dCQUNqQixlQUFlO2dCQUNmLHlCQUF5QjtnQkFDekIsd0JBQXdCO2dCQUN4QixtQkFBbUI7Z0JBQ25CLHFCQUFxQjtnQkFDckIsbUJBQW1CO2dCQUNuQixtQ0FBbUM7Z0JBQ25DLG9CQUFvQjtnQkFDcEIsZUFBZTtnQkFDZix5QkFBeUI7Z0JBQ3pCLDRCQUE0QjtnQkFDNUIsMEJBQTBCO2dCQUMxQixxQkFBcUI7Z0JBQ3JCLDJCQUEyQjtnQkFDM0IsaUJBQWlCO2dCQUNqQixlQUFlO2dCQUNmLGtCQUFrQjtnQkFDbEIscUJBQXFCO2dCQUNyQixVQUFVO2dCQUNWLGdCQUFnQjtnQkFDaEIsMkJBQTJCO2dCQUMzQixzQkFBc0I7Z0JBQ3RCLDZCQUE2QjtnQkFDN0IsZUFBZTtnQkFDZixxQkFBcUI7Z0JBQ3JCLDhCQUE4QjtnQkFDOUIsa0JBQWtCO2dCQUNsQixvQkFBb0I7Z0JBQ3BCLGdDQUFnQztnQkFDaEMsYUFBYTtnQkFDYiwyQkFBMkI7Z0JBQzNCLDRCQUE0QjtnQkFDNUIsMkJBQTJCO2dCQUMzQix5QkFBeUI7Z0JBQ3pCLGdDQUFnQztnQkFDaEMsaUNBQWlDO2dCQUNqQyxnQ0FBZ0M7Z0JBQ2hDLGlDQUFpQztnQkFFakMsWUFBWTtnQkFDWixnQ0FBZ0M7Z0JBQ2hDLHFCQUFxQjtnQkFDckIsaUJBQWlCO2dCQUNqQixlQUFlO2dCQUNmLGNBQWM7Z0JBQ2Qsc0JBQXNCO2dCQUN0Qix3QkFBd0I7Z0JBQ3hCLDBCQUEwQjtnQkFDMUIsK0JBQStCO2dCQUMvQix1QkFBdUI7Z0JBQ3ZCLHFCQUFxQjtnQkFDckIsaUJBQWlCO2dCQUNqQixzQkFBc0I7Z0JBQ3RCLDZCQUE2QjtnQkFDN0IsZ0JBQWdCO2dCQUNoQixlQUFlO2dCQUNmLDZCQUE2QjtnQkFDN0Isb0JBQW9CO2dCQUNwQixhQUFhO2dCQUNiLGtCQUFrQjtnQkFDbEIsK0JBQStCO2dCQUMvQiw0QkFBNEI7Z0JBQzVCLG9CQUFvQjtnQkFDcEIsb0JBQW9CO2dCQUNwQix1QkFBdUI7Z0JBQ3ZCLGlCQUFpQjtnQkFDakIsc0JBQXNCO2dCQUN0QixrQkFBa0I7Z0JBQ2xCLDRCQUE0QjtnQkFDNUIsdUJBQXVCO2dCQUN2Qix1QkFBdUI7Z0JBQ3ZCLDZCQUE2QjtnQkFDN0IsK0JBQStCO2dCQUMvQixpQ0FBaUM7Z0JBRWpDLE9BQU87Z0JBQ1AsNkJBQTZCO2dCQUM3QixnQ0FBZ0M7Z0JBQ2hDLFVBQVU7Z0JBQ1YsMEJBQTBCO2dCQUMxQixhQUFhO2dCQUNiLGFBQWE7Z0JBQ2IsaUJBQWlCO2dCQUNqQiwwQkFBMEI7Z0JBQzFCLGlCQUFpQjtnQkFDakIsbUJBQW1CO2dCQUNuQixpQkFBaUI7Z0JBQ2pCLHVCQUF1QjtnQkFDdkIseUJBQXlCO2dCQUN6QixjQUFjO2dCQUNkLGdCQUFnQjtnQkFDaEIsc0JBQXNCO2dCQUN0QixvQkFBb0I7Z0JBQ3BCLGVBQWU7Z0JBQ2YsbUJBQW1CO2dCQUNuQixtQkFBbUI7Z0JBQ25CLHdCQUF3QjtnQkFDeEIsb0JBQW9CO2dCQUVwQixTQUFTO2dCQUNULGVBQWU7Z0JBQ2Ysd0JBQXdCO2dCQUN4Qiw2QkFBNkI7Z0JBQzdCLGdCQUFnQjtnQkFDaEIsZ0NBQWdDO2FBQ2pDO1NBQ0YsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVELElBQUksZUFBZSxFQUFFLENBQUM7UUFDcEIsZ0JBQWdCLENBQUMsSUFBSSxDQUFDO1lBQ3BCLFFBQVEsRUFBRSxpQkFBaUI7WUFDM0IsSUFBSSxFQUFFLGlCQUFpQjtZQUN2QixXQUFXLEVBQUUsa0JBQWtCO1lBQy9CLFNBQVMsRUFBRSxDQUFDLEVBQUUsWUFBWSxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsR0FBRyxFQUFFLENBQUM7WUFDakQsZUFBZSxFQUFFLHdCQUF3QjtZQUN6QyxXQUFXLEVBQUUsQ0FBQyxhQUFhLEVBQUUsWUFBWSxFQUFFLE9BQU8sQ0FBQztTQUNwRCxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsT0FBTztRQUNMO1lBQ0UsSUFBSTtZQUNKLFlBQVk7WUFDWixnQkFBZ0I7U0FDakI7S0FDRixDQUFDO0FBQ0osQ0FBQyxDQUFDIn0=
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQ2xvdWRQQ0ZpcmV3YWxsUG9saWN5LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL1ZOZXQvRmlyZXdhbGxQb2xpY2llcy9DbG91ZFBDRmlyZXdhbGxQb2xpY3kudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFDQSxvREFBMEQ7QUFNMUQsc0RBQXdEO0FBZXhELGtCQUFlLENBQUMsRUFDZCxJQUFJLEdBQUcsVUFBVSxFQUNqQixRQUFRLEVBQ1IsWUFBWSxFQUNaLGVBQWUsRUFDZixXQUFXLEVBQ1gsY0FBYyxFQUNkLGNBQWMsRUFDZCxlQUFlLEVBQ2YsWUFBWSxFQUNaLGdCQUFnQixHQUNWLEVBQXVDLEVBQUU7SUFDL0MsTUFBTSxRQUFRLEdBQUcsSUFBSSxLQUFLLEVBQTBCLENBQUM7SUFDckQsTUFBTSxRQUFRLEdBQUcsSUFBSSxLQUFLLEVBQThCLENBQUM7SUFFekQsSUFBSSxnQkFBZ0IsRUFBRSxDQUFDO1FBQ3JCLFFBQVEsQ0FBQyxJQUFJLENBQUM7WUFDWixRQUFRLEVBQUUsYUFBYTtZQUN2QixJQUFJLEVBQUUsR0FBRyxJQUFJLHlCQUF5QjtZQUN0QyxXQUFXLEVBQUUsNkJBQTZCO1lBQzFDLFdBQVcsRUFBRSxDQUFDLEtBQUssQ0FBQztZQUNwQixlQUFlLEVBQUUsWUFBWTtZQUM3QixvQkFBb0IsRUFBRSxDQUFDLEdBQUcsQ0FBQztZQUMzQixnQkFBZ0IsRUFBRSxDQUFDLEtBQUssQ0FBQztTQUMxQixDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsa0JBQWtCO0lBQ2xCLFFBQVEsQ0FBQyxJQUFJLENBQUM7UUFDWixRQUFRLEVBQUUsaUJBQWlCO1FBQzNCLElBQUksRUFBRSxHQUFHLElBQUkscUJBQXFCO1FBQ2xDLFdBQVcsRUFBRSx3QkFBd0I7UUFDckMsZUFBZSxFQUFFLFlBQVk7UUFDN0IsUUFBUSxFQUFFLENBQUMsZUFBZSxFQUFFLG9CQUFvQixDQUFDO1FBQ2pELFNBQVMsRUFBRSxDQUFDLEVBQUUsWUFBWSxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsR0FBRyxFQUFFLENBQUM7S0FDbEQsQ0FBQyxDQUFDO0lBRUgsSUFBSSxXQUFXLEVBQUUsQ0FBQztRQUNoQixRQUFRLENBQUMsSUFBSSxDQUFDO1lBQ1osUUFBUSxFQUFFLGFBQWE7WUFDdkIsSUFBSSxFQUFFLEdBQUcsSUFBSSxtQkFBbUI7WUFDaEMsV0FBVyxFQUFFLHFDQUFxQztZQUNsRCxXQUFXLEVBQUUsQ0FBQyxLQUFLLEVBQUUsS0FBSyxDQUFDO1lBQzNCLGVBQWUsRUFBRSxZQUFZO1lBQzdCLG9CQUFvQixFQUFFLENBQUMsY0FBYyw0QkFBaUIsRUFBRSxDQUFDO1lBQ3pELGdCQUFnQixFQUFFLENBQUMsS0FBSyxFQUFFLEtBQUssRUFBRSxJQUFJLENBQUM7U0FDdkMsQ0FBQyxDQUFDO1FBRUgsUUFBUSxDQUFDLElBQUksQ0FBQztZQUNaLFFBQVEsRUFBRSxhQUFhO1lBQ3ZCLElBQUksRUFBRSxHQUFHLElBQUksdUJBQXVCO1lBQ3BDLFdBQVcsRUFBRSxxQ0FBcUM7WUFDbEQsV0FBVyxFQUFFLENBQUMsS0FBSyxFQUFFLEtBQUssQ0FBQztZQUMzQixlQUFlLEVBQUUsWUFBWTtZQUM3QixvQkFBb0IsRUFBRSxDQUFDLFlBQVksQ0FBQztZQUNwQyxnQkFBZ0IsRUFBRSxDQUFDLEtBQUssRUFBRSxLQUFLLEVBQUUsSUFBSSxDQUFDO1NBQ3ZDLENBQUMsQ0FBQztRQUVILFFBQVEsQ0FBQyxJQUFJLENBQUM7WUFDWixRQUFRLEVBQUUsaUJBQWlCO1lBQzNCLElBQUksRUFBRSxHQUFHLElBQUksMkJBQTJCO1lBQ3hDLFdBQVcsRUFBRSx3QkFBd0I7WUFDckMsZUFBZSxFQUFFLFlBQVk7WUFDN0IsUUFBUSxFQUFFO2dCQUNSLGFBQWE7Z0JBQ2Isd0JBQXdCO2dCQUN4QixvQ0FBb0M7YUFDckM7WUFDRCxTQUFTLEVBQUUsQ0FBQyxFQUFFLFlBQVksRUFBRSxPQUFPLEVBQUUsSUFBSSxFQUFFLEdBQUcsRUFBRSxDQUFDO1NBQ2xELENBQUMsQ0FBQztRQUVILFFBQVEsQ0FBQyxJQUFJLENBQUM7WUFDWixRQUFRLEVBQUUsaUJBQWlCO1lBQzNCLElBQUksRUFBRSxHQUFHLElBQUksZ0NBQWdDO1lBQzdDLFdBQVcsRUFBRSx3QkFBd0I7WUFDckMsZUFBZSxFQUFFLFlBQVk7WUFDN0IsV0FBVyxFQUFFO2dCQUNYLGFBQWE7Z0JBQ2IsYUFBYTtnQkFDYix1QkFBdUI7Z0JBQ3ZCLGNBQWM7Z0JBQ2Qsb0JBQW9CO2dCQUNwQixjQUFjO2dCQUNkLGdCQUFnQjtnQkFDaEIsc0JBQXNCO2FBQ3ZCO1lBQ0QsU0FBUyxFQUFFLENBQUMsRUFBRSxZQUFZLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRSxHQUFHLEVBQUUsQ0FBQztTQUNsRCxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsSUFBSSxjQUFjLEVBQUUsQ0FBQztRQUNuQixRQUFRLENBQUMsSUFBSSxDQUFDO1lBQ1osUUFBUSxFQUFFLGFBQWE7WUFDdkIsSUFBSSxFQUFFLEdBQUcsSUFBSSx3QkFBd0I7WUFDckMsV0FBVyxFQUFFLGFBQWE7WUFDMUIsV0FBVyxFQUFFLENBQUMsS0FBSyxDQUFDO1lBQ3BCLGVBQWUsRUFBRSxZQUFZO1lBQzdCLG9CQUFvQixFQUFFO2dCQUNwQixlQUFlO2dCQUNmLGVBQWU7Z0JBQ2YsZ0JBQWdCO2dCQUNoQixnQkFBZ0I7YUFDakI7WUFDRCxnQkFBZ0IsRUFBRSxDQUFDLEtBQUssQ0FBQztTQUMxQixDQUFDLENBQUM7UUFDSCxRQUFRLENBQUMsSUFBSSxDQUFDO1lBQ1osUUFBUSxFQUFFLGlCQUFpQjtZQUMzQixJQUFJLEVBQUUsR0FBRyxJQUFJLDRCQUE0QjtZQUN6QyxXQUFXLEVBQUUsd0JBQXdCO1lBQ3JDLFNBQVMsRUFBRSxDQUFDLEVBQUUsWUFBWSxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsR0FBRyxFQUFFLENBQUM7WUFDakQsZUFBZSxFQUFFLFlBQVk7WUFDN0IsV0FBVyxFQUFFO2dCQUNYLGNBQWM7Z0JBQ2QsaUJBQWlCO2dCQUNqQixlQUFlO2dCQUNmLHlCQUF5QjtnQkFDekIsd0JBQXdCO2dCQUN4QixtQkFBbUI7Z0JBQ25CLHFCQUFxQjtnQkFDckIsbUJBQW1CO2dCQUNuQixtQ0FBbUM7Z0JBQ25DLG9CQUFvQjtnQkFDcEIsZUFBZTtnQkFDZix5QkFBeUI7Z0JBQ3pCLDRCQUE0QjtnQkFDNUIsMEJBQTBCO2dCQUMxQixxQkFBcUI7Z0JBQ3JCLDJCQUEyQjtnQkFDM0IsaUJBQWlCO2dCQUNqQixlQUFlO2dCQUNmLGtCQUFrQjtnQkFDbEIscUJBQXFCO2dCQUNyQixVQUFVO2dCQUNWLGdCQUFnQjtnQkFDaEIsMkJBQTJCO2dCQUMzQixzQkFBc0I7Z0JBQ3RCLDZCQUE2QjtnQkFDN0IsZUFBZTtnQkFDZixxQkFBcUI7Z0JBQ3JCLDhCQUE4QjtnQkFDOUIsa0JBQWtCO2dCQUNsQixvQkFBb0I7Z0JBQ3BCLGdDQUFnQztnQkFDaEMsYUFBYTtnQkFDYiwyQkFBMkI7Z0JBQzNCLDRCQUE0QjtnQkFDNUIseUJBQXlCO2FBQzFCO1NBQ0YsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVELElBQUksY0FBYyxFQUFFLENBQUM7UUFDbkIsUUFBUSxDQUFDLElBQUksQ0FBQztZQUNaLFFBQVEsRUFBRSxpQkFBaUI7WUFDM0IsSUFBSSxFQUFFLEdBQUcsSUFBSSxxQkFBcUI7WUFDbEMsV0FBVyxFQUFFLGlCQUFpQjtZQUM5QixlQUFlLEVBQUUsWUFBWTtZQUM3QixXQUFXLEVBQUU7Z0JBQ1gsZUFBZTtnQkFDZixZQUFZO2dCQUNaLG9CQUFvQjtnQkFDcEIseUJBQXlCO2dCQUN6QixrQkFBa0I7Z0JBQ2xCLFFBQVE7Z0JBQ1Isa0JBQWtCO2FBQ25CO1lBQ0QsU0FBUyxFQUFFLENBQUMsRUFBRSxZQUFZLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRSxHQUFHLEVBQUUsQ0FBQztTQUNsRCxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsSUFBSSxlQUFlLEVBQUUsQ0FBQztRQUNwQixRQUFRLENBQUMsSUFBSSxDQUFDO1lBQ1osUUFBUSxFQUFFLGlCQUFpQjtZQUMzQixJQUFJLEVBQUUsR0FBRyxJQUFJLHNCQUFzQjtZQUNuQyxXQUFXLEVBQUUsa0JBQWtCO1lBQy9CLGVBQWUsRUFBRSxZQUFZO1lBQzdCLFFBQVEsRUFBRSxDQUFDLFdBQVcsRUFBRSxzQkFBc0IsQ0FBQztZQUMvQyxTQUFTLEVBQUUsQ0FBQyxFQUFFLFlBQVksRUFBRSxPQUFPLEVBQUUsSUFBSSxFQUFFLEdBQUcsRUFBRSxDQUFDO1NBQ2xELENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRCxJQUFJLFlBQVksRUFBRSxDQUFDO1FBQ2pCLFFBQVEsQ0FBQyxJQUFJLENBQUM7WUFDWixRQUFRLEVBQUUsaUJBQWlCO1lBQzNCLElBQUksRUFBRSxHQUFHLElBQUksMkJBQTJCO1lBQ3hDLFdBQVcsRUFBRSx1QkFBdUI7WUFDcEMsZUFBZSxFQUFFLFlBQVk7WUFDN0IsV0FBVyxFQUFFLENBQUMsWUFBWSxFQUFFLGdCQUFnQixFQUFFLFVBQVUsRUFBRSxjQUFjLENBQUM7WUFDekUsU0FBUyxFQUFFLENBQUMsRUFBRSxZQUFZLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRSxHQUFHLEVBQUUsQ0FBQztTQUNsRCxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsSUFBSSxlQUFlLEVBQUUsQ0FBQztRQUNwQixRQUFRLENBQUMsSUFBSSxDQUFDO1lBQ1osUUFBUSxFQUFFLGlCQUFpQjtZQUMzQixJQUFJLEVBQUUsR0FBRyxJQUFJLHNCQUFzQjtZQUNuQyxXQUFXLEVBQUUsa0JBQWtCO1lBQy9CLGVBQWUsRUFBRSxZQUFZO1lBQzdCLFdBQVcsRUFBRSxDQUFDLE9BQU8sRUFBRSxhQUFhLEVBQUUsZUFBZSxDQUFDO1lBQ3RELFNBQVMsRUFBRSxDQUFDLEVBQUUsWUFBWSxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsR0FBRyxFQUFFLENBQUM7U0FDbEQsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVELE9BQU8sSUFBQSxvQ0FBbUIsRUFBQztRQUN6QixNQUFNLEVBQUUsRUFBRSxJQUFJLEVBQUUsMEJBQTBCLEVBQUUsUUFBUSxFQUFFLFFBQVEsRUFBRTtRQUNoRSxRQUFRO1FBQ1IsTUFBTSxFQUFFLE9BQU87S0FDaEIsQ0FBQyxDQUFDO0FBQ0wsQ0FBQyxDQUFDIn0=

package/VNet/FirewallPolicies/DefaultFirewallPolicy.d.ts

@@ -0,0 +1,3 @@
+import { FirewallPolicyRuleCollectionResults } from "../types";
+declare const _default: (priority?: number) => FirewallPolicyRuleCollectionResults;
+export default _default;

package/VNet/FirewallPolicies/DefaultFirewallPolicy.js

@@ -0,0 +1,25 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const FirewallPolicy_1 = require("../FirewallPolicy");
+exports.default = (priority = 6001) => {
+    const netRules = new Array();
+    const appRules = new Array();
+    appRules.push({
+        ruleType: "ApplicationRule",
+        name: "default-deny-everything-else",
+        description: "Default Deny Everything Else",
+        protocols: [
+            { protocolType: "Http", port: 80 },
+            { protocolType: "Https", port: 443 },
+            { protocolType: "Mssql", port: 1433 },
+        ],
+        sourceAddresses: ["*"],
+        targetFqdns: ["*"],
+    });
+    return (0, FirewallPolicy_1.FirewallPolicyGroup)({
+        policy: { name: "default-firewall-policy", netRules, appRules },
+        priority,
+        action: "Deny",
+    });
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiRGVmYXVsdEZpcmV3YWxsUG9saWN5LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL1ZOZXQvRmlyZXdhbGxQb2xpY2llcy9EZWZhdWx0RmlyZXdhbGxQb2xpY3kudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFNQSxzREFBd0Q7QUFFeEQsa0JBQWUsQ0FDYixXQUFtQixJQUFJLEVBQ2MsRUFBRTtJQUN2QyxNQUFNLFFBQVEsR0FBRyxJQUFJLEtBQUssRUFBMEIsQ0FBQztJQUNyRCxNQUFNLFFBQVEsR0FBRyxJQUFJLEtBQUssRUFBOEIsQ0FBQztJQUV6RCxRQUFRLENBQUMsSUFBSSxDQUFDO1FBQ1osUUFBUSxFQUFFLGlCQUFpQjtRQUMzQixJQUFJLEVBQUUsOEJBQThCO1FBQ3BDLFdBQVcsRUFBRSw4QkFBOEI7UUFDM0MsU0FBUyxFQUFFO1lBQ1QsRUFBRSxZQUFZLEVBQUUsTUFBTSxFQUFFLElBQUksRUFBRSxFQUFFLEVBQUU7WUFDbEMsRUFBRSxZQUFZLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRSxHQUFHLEVBQUU7WUFDcEMsRUFBRSxZQUFZLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRSxJQUFJLEVBQUU7U0FDdEM7UUFDRCxlQUFlLEVBQUUsQ0FBQyxHQUFHLENBQUM7UUFDdEIsV0FBVyxFQUFFLENBQUMsR0FBRyxDQUFDO0tBQ25CLENBQUMsQ0FBQztJQUVILE9BQU8sSUFBQSxvQ0FBbUIsRUFBQztRQUN6QixNQUFNLEVBQUUsRUFBRSxJQUFJLEVBQUUseUJBQXlCLEVBQUUsUUFBUSxFQUFFLFFBQVEsRUFBRTtRQUMvRCxRQUFRO1FBQ1IsTUFBTSxFQUFFLE1BQU07S0FDZixDQUFDLENBQUM7QUFDTCxDQUFDLENBQUMifQ==

package/VNet/FirewallPolicies/index.d.ts

@@ -0,0 +1,4 @@
+import AksFirewallPolicy from "./AksFirewallPolicy";
+import CloudPCFirewallPolicy from "./CloudPCFirewallPolicy";
+import DefaultFirewallPolicy from "./DefaultFirewallPolicy";
+export { AksFirewallPolicy, CloudPCFirewallPolicy, DefaultFirewallPolicy };

package/VNet/FirewallPolicies/index.js

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DefaultFirewallPolicy = exports.CloudPCFirewallPolicy = exports.AksFirewallPolicy = void 0;
+const AksFirewallPolicy_1 = require("./AksFirewallPolicy");
+exports.AksFirewallPolicy = AksFirewallPolicy_1.default;
+const CloudPCFirewallPolicy_1 = require("./CloudPCFirewallPolicy");
+exports.CloudPCFirewallPolicy = CloudPCFirewallPolicy_1.default;
+const DefaultFirewallPolicy_1 = require("./DefaultFirewallPolicy");
+exports.DefaultFirewallPolicy = DefaultFirewallPolicy_1.default;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvVk5ldC9GaXJld2FsbFBvbGljaWVzL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLDJEQUFvRDtBQUkzQyw0QkFKRiwyQkFBaUIsQ0FJRTtBQUgxQixtRUFBNEQ7QUFHaEMsZ0NBSHJCLCtCQUFxQixDQUdxQjtBQUZqRCxtRUFBNEQ7QUFFVCxnQ0FGNUMsK0JBQXFCLENBRTRDIn0=

package/VNet/FirewallPolicy.d.ts

@@ -1,17 +1,15 @@
-import { input as inputs, enums } from '@pulumi/azure-native/types';
-import { Input, Resource } from '@pulumi/pulumi';
-import { BasicResourceArgs, DefaultResourceArgs } from '../types';
-import { FirewallRuleProps } from './FirewallRules/types';
-export declare const denyOtherAppRule: inputs.network.ApplicationRuleArgs;
-interface PolicyRulesProps extends BasicResourceArgs {
+import { enums, input as inputs } from "@pulumi/azure-native/types";
+import { Input, Resource } from "@pulumi/pulumi";
+import { BasicResourceArgs, DefaultResourceArgs, ResourceGroupInfo } from "../types";
+import { FirewallPolicyResults, FirewallPolicyRuleCollectionResults } from "./types";
+interface PolicyRulesProps {
+    group: ResourceGroupInfo;
     firewallPolicyName: Input<string>;
-    priority?: number;
-    rules: Array<FirewallRuleProps>;
-    enableDenyOtherAppRule?: boolean;
+    rules: FirewallPolicyRuleCollectionResults[];
     dependsOn?: Input<Input<Resource>[]> | Input<Resource>;
 }
-export declare const linkRulesToPolicy: ({ firewallPolicyName, priority, group, name, rules, enableDenyOtherAppRule, dependsOn, }: PolicyRulesProps) => import("@pulumi/azure-native/network/firewallPolicyRuleCollectionGroup").FirewallPolicyRuleCollectionGroup;
-interface Props extends BasicResourceArgs, Omit<DefaultResourceArgs, 'monitoring'>, Omit<PolicyRulesProps, 'firewallPolicyName' | 'rules'> {
+export declare const linkRulesToPolicy: ({ firewallPolicyName, group, rules, dependsOn, }: PolicyRulesProps) => import("@pulumi/azure-native/network/firewallPolicyRuleCollectionGroup").FirewallPolicyRuleCollectionGroup[];
+interface Props extends BasicResourceArgs, Omit<DefaultResourceArgs, "monitoring">, Omit<PolicyRulesProps, "firewallPolicyName" | "rules"> {
     basePolicyId?: Input<string>;
     dnsSettings?: Input<inputs.network.DnsSettingsArgs>;
     transportSecurityCA?: inputs.network.FirewallPolicyCertificateAuthorityArgs;
@@ -24,5 +22,10 @@ interface Props extends BasicResourceArgs, Omit<DefaultResourceArgs, 'monitoring
         }>;
     };
 }
+export declare const FirewallPolicyGroup: ({ policy, priority, action, }: {
+    policy: FirewallPolicyResults;
+    priority: number;
+    action?: enums.network.FirewallPolicyFilterRuleCollectionActionType;
+}) => FirewallPolicyRuleCollectionResults;
 declare const _default: ({ name, group, basePolicyId, dnsSettings, transportSecurityCA, insights, sku, dependsOn, }: Props) => import("@pulumi/azure-native/network/firewallPolicy").FirewallPolicy;
 export default _default;