@drunk-pulumi/azure 0.0.37 → 0.0.39

package/VNet/FirewallPolicies/AksFirewallPolicy.js

@@ -1,241 +1,214 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-const pulumi_1 = require("@pulumi/pulumi");
-const Location_1 = require("../../Common/Location");
-exports.default = ({ name, location, privateCluster, allowAccessPublicRegistries, vnetAddressSpace, natRule, }) => {
-    location = (0, Location_1.getLocation)(location);
+const AzureEnv_1 = require("../../Common/AzureEnv");
+const FirewallPolicy_1 = require("../FirewallPolicy");
+exports.default = ({ priority, allowAccessPublicRegistries, subnetSpaces, dNATs, }) => {
     const dnatRules = new Array();
     const netRules = new Array();
     const appRules = new Array();
-    if (natRule.apim) {
-        dnatRules.push({
-            ruleType: 'NatRule',
-            name: 'apim-inbound-443',
-            description: 'Forward APIM inbound port 443 to api IP of Ingress',
-            sourceAddresses: [natRule.apim.apimPublicIpAddress],
-            destinationAddresses: [natRule.publicIpAddress],
-            destinationPorts: ['443'],
-            ipProtocols: ['TCP'],
-            translatedAddress: natRule.apim.internalIpAddress,
-            translatedPort: '443',
+    if (dNATs) {
+        dNATs.forEach((nat) => {
+            dnatRules.push({
+                ruleType: "NatRule",
+                name: `${nat.name}-inbound-443`,
+                description: `Forward port 443 external IpAddress of ${nat.name} to internal IpAddress`,
+                sourceAddresses: [nat.sourceIpAddress ?? "*"],
+                destinationAddresses: nat.publicIpAddresses,
+                destinationPorts: ["443"],
+                ipProtocols: ["TCP"],
+                translatedAddress: nat.internalIpAddress,
+                translatedPort: "443",
+            });
+            if (nat.allowHttp)
+                dnatRules.push({
+                    ruleType: "NatRule",
+                    name: `${nat.name}-inbound-80`,
+                    description: `Forward port 80 external IpAddress of ${nat.name} to internal IpAddress`,
+                    sourceAddresses: [nat.sourceIpAddress ?? "*"],
+                    destinationAddresses: nat.publicIpAddresses,
+                    destinationPorts: ["80"],
+                    ipProtocols: ["TCP"],
+                    translatedAddress: nat.internalIpAddress,
+                    translatedPort: "80",
+                });
         });
     }
-    dnatRules.push({
-        ruleType: 'NatRule',
-        name: 'public-inbound-443',
-        description: 'Forward public inbound port 443 to api IP of Ingress',
-        sourceAddresses: ['*'],
-        destinationAddresses: [natRule.publicIpAddress],
-        destinationPorts: ['443'],
-        ipProtocols: ['TCP'],
-        translatedAddress: natRule.internalIpAddress,
-        translatedPort: '443',
+    //AKS Network Rules
+    netRules.push({
+        ruleType: "NetworkRule",
+        name: "aks-vpn",
+        description: "For OPEN VPN tunneled secure communication between the nodes and the control plane for AzureCloud.SoutheastAsia",
+        ipProtocols: ["UDP"],
+        sourceAddresses: subnetSpaces,
+        destinationAddresses: [`AzureCloud.${AzureEnv_1.currentRegionCode}`],
+        destinationPorts: ["1194"],
     }, {
-        ruleType: 'NatRule',
-        name: 'public-inbound-80',
-        description: 'Forward public inbound port 80 to api IP of Ingress',
-        sourceAddresses: ['*'],
-        destinationAddresses: [natRule.publicIpAddress],
-        destinationPorts: ['80'],
-        ipProtocols: ['TCP'],
-        translatedAddress: natRule.internalIpAddress,
-        translatedPort: '80',
+        ruleType: "NetworkRule",
+        name: "aks-tcp",
+        description: "For tunneled secure communication between the nodes and the control plane for AzureCloud.SoutheastAsia",
+        ipProtocols: ["TCP"],
+        sourceAddresses: subnetSpaces,
+        destinationAddresses: [`AzureCloud.${AzureEnv_1.currentRegionCode}`],
+        destinationPorts: ["443", "9000"],
+    }, {
+        ruleType: "NetworkRule",
+        name: "aks-time",
+        description: "Required for Network Time Protocol (NTP) time synchronization on Linux nodes.",
+        ipProtocols: ["UDP"],
+        sourceAddresses: subnetSpaces,
+        destinationAddresses: ["ntp.ubuntu.com"],
+        destinationPorts: ["123"],
+    }, 
+    //TODO: Remove this
+    {
+        ruleType: "NetworkRule",
+        name: "aks-time-others",
+        description: "Required for Network Time Protocol (NTP) time synchronization on Linux nodes.",
+        ipProtocols: ["UDP"],
+        sourceAddresses: subnetSpaces,
+        destinationAddresses: ["*"],
+        destinationPorts: ["123"],
+    }, {
+        ruleType: "NetworkRule",
+        name: "azure-services-tags",
+        description: "Allows internal services to connect to Azure Resources.",
+        ipProtocols: ["TCP"],
+        sourceAddresses: subnetSpaces,
+        destinationAddresses: [
+            "AzureContainerRegistry.SoutheastAsia",
+            "MicrosoftContainerRegistry.SoutheastAsia",
+            "AzureActiveDirectory",
+            "AzureMonitor.SoutheastAsia",
+            "AppConfiguration",
+            "AzureKeyVault.SoutheastAsia",
+            //'AzureConnectors.SoutheastAsia',
+            //'AzureSignalR', This already using private endpoint
+            //'DataFactory.SoutheastAsia',
+            //'EventHub.SoutheastAsia',
+            "ServiceBus.SoutheastAsia",
+            //'Sql.SoutheastAsia', This already using private endpoint
+            "Storage.SoutheastAsia",
+        ],
+        destinationPorts: ["443"],
+    }, {
+        ruleType: "NetworkRule",
+        name: "others-dns",
+        description: "Others DNS.",
+        ipProtocols: ["TCP", "UDP"],
+        sourceAddresses: subnetSpaces,
+        destinationAddresses: ["*"],
+        destinationPorts: ["53"],
+    });
+    //AKS Apps Rules
+    appRules.push({
+        ruleType: "ApplicationRule",
+        name: "aks-services-fqdnTags",
+        description: "Allows pods to access AzureKubernetesService",
+        sourceAddresses: subnetSpaces,
+        fqdnTags: ["AzureKubernetesService"],
+        protocols: [{ protocolType: "Https", port: 443 }],
+    }, {
+        ruleType: "ApplicationRule",
+        name: "aks-fqdn",
+        description: "Azure Global required FQDN",
+        sourceAddresses: subnetSpaces,
+        targetFqdns: [
+            //AKS mater
+            "*.hcp.southeastasia.azmk8s.io",
+            //Microsoft Container Registry
+            "mcr.microsoft.com",
+            "data.mcr.microsoft.com",
+            "*.data.mcr.microsoft.com",
+            //Azure management
+            "management.azure.com",
+            "login.microsoftonline.com",
+            //Microsoft trusted package repository
+            "packages.microsoft.com",
+            //Azure CDN
+            //"acs-mirror.azureedge.net",
+            //CosmosDb
+            //"*.documents.azure.com",
+        ],
+        protocols: [{ protocolType: "Https", port: 443 }],
+    }, {
+        ruleType: "ApplicationRule",
+        name: "azure-monitors",
+        description: "Azure AKS Monitoring",
+        sourceAddresses: subnetSpaces,
+        targetFqdns: [
+            "dc.services.visualstudio.com",
+            "*.ods.opinsights.azure.com",
+            "*.oms.opinsights.azure.com",
+            "*.monitoring.azure.com",
+            "*.services.visualstudio.com",
+        ],
+        protocols: [{ protocolType: "Https", port: 443 }],
+    }, {
+        ruleType: "ApplicationRule",
+        name: "azure-policy",
+        description: "Azure AKS Policy Management",
+        sourceAddresses: subnetSpaces,
+        targetFqdns: [
+            "*.policy.core.windows.net",
+            "gov-prod-policy-data.trafficmanager.net",
+            "raw.githubusercontent.com",
+            "dc.services.visualstudio.com",
+        ],
+        protocols: [{ protocolType: "Https", port: 443 }],
     });
-    if (!privateCluster) {
-        //Net Rules for non-private cluster
-        netRules.push({
-            ruleType: 'NetworkRule',
-            name: 'aks-tcp',
-            description: 'For tunneled secure communication between the nodes and the control plane for AzureCloud.SoutheastAsia',
-            ipProtocols: ['TCP'],
-            sourceAddresses: vnetAddressSpace,
-            destinationAddresses: [(0, pulumi_1.interpolate) `AzureCloud.${location}`],
-            destinationPorts: ['443', '9000'],
-        });
-        //App rule for non-private cluster
-        appRules.push({
-            ruleType: 'ApplicationRule',
-            name: 'aks-services',
-            description: 'Allows pods to access AzureKubernetesService',
-            sourceAddresses: vnetAddressSpace,
-            //AzureKubernetesService is allow to access google.com
-            fqdnTags: ['AzureKubernetesService'],
-        }, {
-            ruleType: 'ApplicationRule',
-            name: 'aks-controller',
-            description: 'Allows pods to access AKS controller',
-            sourceAddresses: vnetAddressSpace,
-            protocols: [{ port: 443, protocolType: 'Https' }],
-            targetFqdns: [(0, pulumi_1.interpolate) `*.hcp.${location}.azmk8s.io`],
-        });
-    }
     if (allowAccessPublicRegistries) {
         appRules.push({
-            ruleType: 'ApplicationRule',
+            ruleType: "ApplicationRule",
             //TODO Allow Docker Access is potential risk once we have budget and able to upload external images to ACR then remove docker.
-            name: 'docker-services',
-            sourceAddresses: vnetAddressSpace,
+            name: "docker-services",
+            sourceAddresses: subnetSpaces,
             targetFqdns: [
-                '*quay.io', //For Cert Manager
-                '*auth.docker.io',
-                '*cloudflare.docker.io',
-                '*cloudflare.docker.com',
-                '*registry-1.docker.io',
+                "quay.io", //For Cert Manager
+                "registry.k8s.io",
+                "*.cloudfront.net",
+                "*.quay.io",
+                "auth.docker.io",
+                "*.auth.docker.io",
+                "*.cloudflare.docker.io",
+                "docker.io",
+                "cloudflare.docker.io",
+                "cloudflare.docker.com",
+                "*.cloudflare.docker.com",
+                "*.registry-1.docker.io",
+                "registry-1.docker.io",
             ],
-            protocols: [{ protocolType: 'Https', port: 443 }],
+            protocols: [{ protocolType: "Https", port: 443 }],
         }, {
-            ruleType: 'ApplicationRule',
+            ruleType: "ApplicationRule",
             //TODO Allow external registry is potential risk once we have budget and able to upload external images to ACR then remove docker.
-            name: 'k8s-services',
-            sourceAddresses: vnetAddressSpace,
+            name: "k8s-services",
+            sourceAddresses: subnetSpaces,
             targetFqdns: [
-                'k8s.gcr.io', //nginx images
-                '*.k8s.io',
-                'storage.googleapis.com',
+                "k8s.gcr.io", //nginx images
+                "*.k8s.io",
+                "asia-east1-docker.pkg.dev",
+                "prod-registry-k8s-io-ap-southeast-1.s3.dualstack.ap-southeast-1.amazonaws.com",
+                "*.gcr.io",
+                "*.googleapis.com",
             ],
-            protocols: [{ protocolType: 'Https', port: 443 }],
+            protocols: [{ protocolType: "Https", port: 443 }],
+        }, {
+            ruleType: "ApplicationRule",
+            //TODO Allow external registry is potential risk once we have budget and able to upload external images to ACR then remove docker.
+            name: "ubuntu-services",
+            sourceAddresses: subnetSpaces,
+            targetFqdns: [
+                "security.ubuntu.com",
+                "azure.archive.ubuntu.com",
+                "changelogs.ubuntu.com",
+            ],
+            protocols: [{ protocolType: "Https", port: 443 }],
         });
     }
-    return {
-        name,
-        dnatRules,
-        networkRules: [
-            ...netRules,
-            // {
-            //   name: 'aks-vpn',
-            //   description:
-            //     'For OPEN VPN tunneled secure communication between the nodes and the control plane for AzureCloud.SoutheastAsia',
-            //   protocols: ['UDP'],
-            //   sourceAddresses: vnetAddressSpace,
-            //   destinationAddresses: [`AzureCloud.${location}`],
-            //   destinationPorts: ['1194'],
-            // },
-            {
-                ruleType: 'NetworkRule',
-                name: 'aks-time',
-                description: 'Required for Network Time Protocol (NTP) time synchronization on Linux nodes.',
-                ipProtocols: ['UDP'],
-                sourceAddresses: vnetAddressSpace,
-                destinationFqdns: ['ntp.ubuntu.com'],
-                destinationPorts: ['123'],
-            },
-            {
-                ruleType: 'NetworkRule',
-                name: 'aks-time_others',
-                description: 'Required for Network Time Protocol (NTP) time synchronization on Linux nodes.',
-                ipProtocols: ['UDP'],
-                sourceAddresses: vnetAddressSpace,
-                destinationAddresses: ['*'],
-                destinationPorts: ['123'],
-            },
-            // {
-            //   name: 'aks-control-server',
-            //   description:
-            //     'Required if running pods/deployments that access the API Server, those pods/deployments would use the API IP.',
-            //   protocols: ['TCP'],
-            //   sourceAddresses: vnetAddressSpace,
-            //   destinationAddresses: ['10.0.0.0/16'],//Ask default is '10.0.0.0/16'
-            //   destinationPorts: ['443', '10250', '10251'],
-            // },
-            {
-                ruleType: 'NetworkRule',
-                name: 'azure-services-tags',
-                description: 'Allows internal services to connect to Azure Resources.',
-                ipProtocols: ['TCP'],
-                sourceAddresses: vnetAddressSpace,
-                destinationAddresses: [
-                    (0, pulumi_1.interpolate) `AzureContainerRegistry.${location}`,
-                    (0, pulumi_1.interpolate) `MicrosoftContainerRegistry.${location}`,
-                    'AzureActiveDirectory',
-                    (0, pulumi_1.interpolate) `AzureMonitor.${location}`,
-                    'AppConfiguration',
-                ],
-                destinationPorts: ['443'],
-            },
-            // {
-            //   name: 'azure-dns',
-            //   description: 'Azure DNS.',
-            //   protocols: ['TCP', 'UDP'],
-            //   sourceAddresses: vnetAddressSpace,
-            //   destinationFqdns: [
-            //     'ns1-01.azure-dns.com',
-            //     'ns2-01.azure-dns.net',
-            //     'ns3-01.azure-dns.org',
-            //     'ns4-01.azure-dns.info',
-            //   ],
-            //   destinationPorts: ['53'],
-            // },
-            {
-                ruleType: 'NetworkRule',
-                name: 'others-dns',
-                description: 'Others DNS.',
-                ipProtocols: ['TCP', 'UDP'],
-                sourceAddresses: vnetAddressSpace,
-                destinationAddresses: ['*'],
-                destinationPorts: ['53'],
-            },
-        ],
-        applicationRules: [
-            ...appRules,
-            {
-                ruleType: 'ApplicationRule',
-                name: 'aks-fqdn',
-                description: 'Azure Global required FQDN',
-                sourceAddresses: vnetAddressSpace,
-                targetFqdns: [
-                    //Microsoft Container Registry
-                    'mcr.microsoft.com',
-                    'data.mcr.microsoft.com',
-                    '*.data.mcr.microsoft.com',
-                    //Azure management
-                    'management.azure.com',
-                    'login.microsoftonline.com',
-                    //Microsoft trusted package repository
-                    'packages.microsoft.com',
-                    //Azure CDN
-                    'acs-mirror.azureedge.net',
-                    //CosmosDb
-                    '*.documents.azure.com',
-                ],
-                protocols: [{ protocolType: 'Https', port: 443 }],
-            },
-            {
-                ruleType: 'ApplicationRule',
-                name: 'azure-monitors',
-                sourceAddresses: vnetAddressSpace,
-                targetFqdns: [
-                    'dc.services.visualstudio.com',
-                    '*.ods.opinsights.azure.com',
-                    '*.oms.opinsights.azure.com',
-                    '*.monitoring.azure.com',
-                    '*.services.visualstudio.com',
-                ],
-                protocols: [{ protocolType: 'Https', port: 443 }],
-            },
-            {
-                ruleType: 'ApplicationRule',
-                name: 'azure-policy',
-                sourceAddresses: vnetAddressSpace,
-                targetFqdns: [
-                    '*.policy.core.windows.net',
-                    'gov-prod-policy-data.trafficmanager.net',
-                    'raw.githubusercontent.com',
-                    'dc.services.visualstudio.com',
-                ],
-                protocols: [{ protocolType: 'Https', port: 443 }],
-            },
-            {
-                ruleType: 'ApplicationRule',
-                name: 'ubuntu-services',
-                sourceAddresses: vnetAddressSpace,
-                targetFqdns: [
-                    'security.ubuntu.com',
-                    'azure.archive.ubuntu.com',
-                    'changelogs.ubuntu.com',
-                ],
-                protocols: [{ protocolType: 'Https', port: 443 }],
-            },
-        ],
-    };
+    return (0, FirewallPolicy_1.FirewallPolicyGroup)({
+        policy: { name: "aks-firewall-policy", dnatRules, netRules, appRules },
+        priority,
+        action: "Allow",
+    });
 };
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQWtzRmlyZXdhbGxQb2xpY3kuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvVk5ldC9GaXJld2FsbFBvbGljaWVzL0Frc0ZpcmV3YWxsUG9saWN5LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBQUEsMkNBQW9EO0FBR3BELG9EQUFvRDtBQXVCcEQsa0JBQWUsQ0FBQyxFQUNkLElBQUksRUFDSixRQUFRLEVBQ1IsY0FBYyxFQUNkLDJCQUEyQixFQUMzQixnQkFBZ0IsRUFDaEIsT0FBTyxHQUNELEVBQXFCLEVBQUU7SUFDN0IsUUFBUSxHQUFHLElBQUEsc0JBQVcsRUFBQyxRQUFRLENBQUMsQ0FBQztJQUVqQyxNQUFNLFNBQVMsR0FBRyxJQUFJLEtBQUssRUFBcUMsQ0FBQztJQUNqRSxNQUFNLFFBQVEsR0FBRyxJQUFJLEtBQUssRUFBeUMsQ0FBQztJQUNwRSxNQUFNLFFBQVEsR0FBRyxJQUFJLEtBQUssRUFBNkMsQ0FBQztJQUV4RSxJQUFJLE9BQU8sQ0FBQyxJQUFJLEVBQUUsQ0FBQztRQUNqQixTQUFTLENBQUMsSUFBSSxDQUFDO1lBQ2IsUUFBUSxFQUFFLFNBQVM7WUFDbkIsSUFBSSxFQUFFLGtCQUFrQjtZQUN4QixXQUFXLEVBQUUsb0RBQW9EO1lBQ2pFLGVBQWUsRUFBRSxDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUMsbUJBQW1CLENBQUM7WUFDbkQsb0JBQW9CLEVBQUUsQ0FBQyxPQUFPLENBQUMsZUFBZSxDQUFDO1lBQy9DLGdCQUFnQixFQUFFLENBQUMsS0FBSyxDQUFDO1lBQ3pCLFdBQVcsRUFBRSxDQUFDLEtBQUssQ0FBQztZQUNwQixpQkFBaUIsRUFBRSxPQUFPLENBQUMsSUFBSSxDQUFDLGlCQUFpQjtZQUNqRCxjQUFjLEVBQUUsS0FBSztTQUN0QixDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsU0FBUyxDQUFDLElBQUksQ0FDWjtRQUNFLFFBQVEsRUFBRSxTQUFTO1FBQ25CLElBQUksRUFBRSxvQkFBb0I7UUFDMUIsV0FBVyxFQUFFLHNEQUFzRDtRQUNuRSxlQUFlLEVBQUUsQ0FBQyxHQUFHLENBQUM7UUFDdEIsb0JBQW9CLEVBQUUsQ0FBQyxPQUFPLENBQUMsZUFBZSxDQUFDO1FBQy9DLGdCQUFnQixFQUFFLENBQUMsS0FBSyxDQUFDO1FBQ3pCLFdBQVcsRUFBRSxDQUFDLEtBQUssQ0FBQztRQUNwQixpQkFBaUIsRUFBRSxPQUFPLENBQUMsaUJBQWlCO1FBQzVDLGNBQWMsRUFBRSxLQUFLO0tBQ3RCLEVBQ0Q7UUFDRSxRQUFRLEVBQUUsU0FBUztRQUNuQixJQUFJLEVBQUUsbUJBQW1CO1FBQ3pCLFdBQVcsRUFBRSxxREFBcUQ7UUFDbEUsZUFBZSxFQUFFLENBQUMsR0FBRyxDQUFDO1FBQ3RCLG9CQUFvQixFQUFFLENBQUMsT0FBTyxDQUFDLGVBQWUsQ0FBQztRQUMvQyxnQkFBZ0IsRUFBRSxDQUFDLElBQUksQ0FBQztRQUN4QixXQUFXLEVBQUUsQ0FBQyxLQUFLLENBQUM7UUFDcEIsaUJBQWlCLEVBQUUsT0FBTyxDQUFDLGlCQUFpQjtRQUM1QyxjQUFjLEVBQUUsSUFBSTtLQUNyQixDQUNGLENBQUM7SUFFRixJQUFJLENBQUMsY0FBYyxFQUFFLENBQUM7UUFDcEIsbUNBQW1DO1FBQ25DLFFBQVEsQ0FBQyxJQUFJLENBQUM7WUFDWixRQUFRLEVBQUUsYUFBYTtZQUN2QixJQUFJLEVBQUUsU0FBUztZQUNmLFdBQVcsRUFDVCx3R0FBd0c7WUFDMUcsV0FBVyxFQUFFLENBQUMsS0FBSyxDQUFDO1lBQ3BCLGVBQWUsRUFBRSxnQkFBZ0I7WUFDakMsb0JBQW9CLEVBQUUsQ0FBQyxJQUFBLG9CQUFXLEVBQUEsY0FBYyxRQUFRLEVBQUUsQ0FBQztZQUMzRCxnQkFBZ0IsRUFBRSxDQUFDLEtBQUssRUFBRSxNQUFNLENBQUM7U0FDbEMsQ0FBQyxDQUFDO1FBRUgsa0NBQWtDO1FBQ2xDLFFBQVEsQ0FBQyxJQUFJLENBQ1g7WUFDRSxRQUFRLEVBQUUsaUJBQWlCO1lBQzNCLElBQUksRUFBRSxjQUFjO1lBQ3BCLFdBQVcsRUFBRSw4Q0FBOEM7WUFDM0QsZUFBZSxFQUFFLGdCQUFnQjtZQUNqQyxzREFBc0Q7WUFDdEQsUUFBUSxFQUFFLENBQUMsd0JBQXdCLENBQUM7U0FDckMsRUFDRDtZQUNFLFFBQVEsRUFBRSxpQkFBaUI7WUFDM0IsSUFBSSxFQUFFLGdCQUFnQjtZQUN0QixXQUFXLEVBQUUsc0NBQXNDO1lBQ25ELGVBQWUsRUFBRSxnQkFBZ0I7WUFDakMsU0FBUyxFQUFFLENBQUMsRUFBRSxJQUFJLEVBQUUsR0FBRyxFQUFFLFlBQVksRUFBRSxPQUFPLEVBQUUsQ0FBQztZQUNqRCxXQUFXLEVBQUUsQ0FBQyxJQUFBLG9CQUFXLEVBQUEsU0FBUyxRQUFRLFlBQVksQ0FBQztTQUN4RCxDQUNGLENBQUM7SUFDSixDQUFDO0lBRUQsSUFBSSwyQkFBMkIsRUFBRSxDQUFDO1FBQ2hDLFFBQVEsQ0FBQyxJQUFJLENBQ1g7WUFDRSxRQUFRLEVBQUUsaUJBQWlCO1lBQzNCLDhIQUE4SDtZQUM5SCxJQUFJLEVBQUUsaUJBQWlCO1lBQ3ZCLGVBQWUsRUFBRSxnQkFBZ0I7WUFDakMsV0FBVyxFQUFFO2dCQUNYLFVBQVUsRUFBRSxrQkFBa0I7Z0JBQzlCLGlCQUFpQjtnQkFDakIsdUJBQXVCO2dCQUN2Qix3QkFBd0I7Z0JBQ3hCLHVCQUF1QjthQUN4QjtZQUNELFNBQVMsRUFBRSxDQUFDLEVBQUUsWUFBWSxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsR0FBRyxFQUFFLENBQUM7U0FDbEQsRUFDRDtZQUNFLFFBQVEsRUFBRSxpQkFBaUI7WUFDM0Isa0lBQWtJO1lBQ2xJLElBQUksRUFBRSxjQUFjO1lBQ3BCLGVBQWUsRUFBRSxnQkFBZ0I7WUFDakMsV0FBVyxFQUFFO2dCQUNYLFlBQVksRUFBRSxjQUFjO2dCQUM1QixVQUFVO2dCQUNWLHdCQUF3QjthQUN6QjtZQUNELFNBQVMsRUFBRSxDQUFDLEVBQUUsWUFBWSxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsR0FBRyxFQUFFLENBQUM7U0FDbEQsQ0FDRixDQUFDO0lBQ0osQ0FBQztJQUVELE9BQU87UUFDTCxJQUFJO1FBQ0osU0FBUztRQUNULFlBQVksRUFBRTtZQUNaLEdBQUcsUUFBUTtZQUNYLElBQUk7WUFDSixxQkFBcUI7WUFDckIsaUJBQWlCO1lBQ2pCLHlIQUF5SDtZQUN6SCx3QkFBd0I7WUFDeEIsdUNBQXVDO1lBQ3ZDLHNEQUFzRDtZQUN0RCxnQ0FBZ0M7WUFDaEMsS0FBSztZQUNMO2dCQUNFLFFBQVEsRUFBRSxhQUFhO2dCQUN2QixJQUFJLEVBQUUsVUFBVTtnQkFDaEIsV0FBVyxFQUNULCtFQUErRTtnQkFDakYsV0FBVyxFQUFFLENBQUMsS0FBSyxDQUFDO2dCQUNwQixlQUFlLEVBQUUsZ0JBQWdCO2dCQUNqQyxnQkFBZ0IsRUFBRSxDQUFDLGdCQUFnQixDQUFDO2dCQUNwQyxnQkFBZ0IsRUFBRSxDQUFDLEtBQUssQ0FBQzthQUMxQjtZQUNEO2dCQUNFLFFBQVEsRUFBRSxhQUFhO2dCQUN2QixJQUFJLEVBQUUsaUJBQWlCO2dCQUN2QixXQUFXLEVBQ1QsK0VBQStFO2dCQUNqRixXQUFXLEVBQUUsQ0FBQyxLQUFLLENBQUM7Z0JBQ3BCLGVBQWUsRUFBRSxnQkFBZ0I7Z0JBQ2pDLG9CQUFvQixFQUFFLENBQUMsR0FBRyxDQUFDO2dCQUMzQixnQkFBZ0IsRUFBRSxDQUFDLEtBQUssQ0FBQzthQUMxQjtZQUNELElBQUk7WUFDSixnQ0FBZ0M7WUFDaEMsaUJBQWlCO1lBQ2pCLHVIQUF1SDtZQUN2SCx3QkFBd0I7WUFDeEIsdUNBQXVDO1lBQ3ZDLHlFQUF5RTtZQUN6RSxpREFBaUQ7WUFDakQsS0FBSztZQUNMO2dCQUNFLFFBQVEsRUFBRSxhQUFhO2dCQUN2QixJQUFJLEVBQUUscUJBQXFCO2dCQUMzQixXQUFXLEVBQUUseURBQXlEO2dCQUN0RSxXQUFXLEVBQUUsQ0FBQyxLQUFLLENBQUM7Z0JBQ3BCLGVBQWUsRUFBRSxnQkFBZ0I7Z0JBQ2pDLG9CQUFvQixFQUFFO29CQUNwQixJQUFBLG9CQUFXLEVBQUEsMEJBQTBCLFFBQVEsRUFBRTtvQkFDL0MsSUFBQSxvQkFBVyxFQUFBLDhCQUE4QixRQUFRLEVBQUU7b0JBQ25ELHNCQUFzQjtvQkFDdEIsSUFBQSxvQkFBVyxFQUFBLGdCQUFnQixRQUFRLEVBQUU7b0JBQ3JDLGtCQUFrQjtpQkFDbkI7Z0JBQ0QsZ0JBQWdCLEVBQUUsQ0FBQyxLQUFLLENBQUM7YUFDMUI7WUFDRCxJQUFJO1lBQ0osdUJBQXVCO1lBQ3ZCLCtCQUErQjtZQUMvQiwrQkFBK0I7WUFDL0IsdUNBQXVDO1lBQ3ZDLHdCQUF3QjtZQUN4Qiw4QkFBOEI7WUFDOUIsOEJBQThCO1lBQzlCLDhCQUE4QjtZQUM5QiwrQkFBK0I7WUFDL0IsT0FBTztZQUNQLDhCQUE4QjtZQUM5QixLQUFLO1lBQ0w7Z0JBQ0UsUUFBUSxFQUFFLGFBQWE7Z0JBQ3ZCLElBQUksRUFBRSxZQUFZO2dCQUNsQixXQUFXLEVBQUUsYUFBYTtnQkFDMUIsV0FBVyxFQUFFLENBQUMsS0FBSyxFQUFFLEtBQUssQ0FBQztnQkFDM0IsZUFBZSxFQUFFLGdCQUFnQjtnQkFDakMsb0JBQW9CLEVBQUUsQ0FBQyxHQUFHLENBQUM7Z0JBQzNCLGdCQUFnQixFQUFFLENBQUMsSUFBSSxDQUFDO2FBQ3pCO1NBQ0Y7UUFDRCxnQkFBZ0IsRUFBRTtZQUNoQixHQUFHLFFBQVE7WUFDWDtnQkFDRSxRQUFRLEVBQUUsaUJBQWlCO2dCQUMzQixJQUFJLEVBQUUsVUFBVTtnQkFDaEIsV0FBVyxFQUFFLDRCQUE0QjtnQkFDekMsZUFBZSxFQUFFLGdCQUFnQjtnQkFDakMsV0FBVyxFQUFFO29CQUNYLDhCQUE4QjtvQkFDOUIsbUJBQW1CO29CQUNuQix3QkFBd0I7b0JBQ3hCLDBCQUEwQjtvQkFDMUIsa0JBQWtCO29CQUNsQixzQkFBc0I7b0JBQ3RCLDJCQUEyQjtvQkFDM0Isc0NBQXNDO29CQUN0Qyx3QkFBd0I7b0JBQ3hCLFdBQVc7b0JBQ1gsMEJBQTBCO29CQUMxQixVQUFVO29CQUNWLHVCQUF1QjtpQkFDeEI7Z0JBQ0QsU0FBUyxFQUFFLENBQUMsRUFBRSxZQUFZLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRSxHQUFHLEVBQUUsQ0FBQzthQUNsRDtZQUNEO2dCQUNFLFFBQVEsRUFBRSxpQkFBaUI7Z0JBQzNCLElBQUksRUFBRSxnQkFBZ0I7Z0JBQ3RCLGVBQWUsRUFBRSxnQkFBZ0I7Z0JBQ2pDLFdBQVcsRUFBRTtvQkFDWCw4QkFBOEI7b0JBQzlCLDRCQUE0QjtvQkFDNUIsNEJBQTRCO29CQUM1Qix3QkFBd0I7b0JBQ3hCLDZCQUE2QjtpQkFDOUI7Z0JBQ0QsU0FBUyxFQUFFLENBQUMsRUFBRSxZQUFZLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRSxHQUFHLEVBQUUsQ0FBQzthQUNsRDtZQUNEO2dCQUNFLFFBQVEsRUFBRSxpQkFBaUI7Z0JBQzNCLElBQUksRUFBRSxjQUFjO2dCQUNwQixlQUFlLEVBQUUsZ0JBQWdCO2dCQUNqQyxXQUFXLEVBQUU7b0JBQ1gsMkJBQTJCO29CQUMzQix5Q0FBeUM7b0JBQ3pDLDJCQUEyQjtvQkFDM0IsOEJBQThCO2lCQUMvQjtnQkFDRCxTQUFTLEVBQUUsQ0FBQyxFQUFFLFlBQVksRUFBRSxPQUFPLEVBQUUsSUFBSSxFQUFFLEdBQUcsRUFBRSxDQUFDO2FBQ2xEO1lBQ0Q7Z0JBQ0UsUUFBUSxFQUFFLGlCQUFpQjtnQkFDM0IsSUFBSSxFQUFFLGlCQUFpQjtnQkFDdkIsZUFBZSxFQUFFLGdCQUFnQjtnQkFDakMsV0FBVyxFQUFFO29CQUNYLHFCQUFxQjtvQkFDckIsMEJBQTBCO29CQUMxQix1QkFBdUI7aUJBQ3hCO2dCQUNELFNBQVMsRUFBRSxDQUFDLEVBQUUsWUFBWSxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsR0FBRyxFQUFFLENBQUM7YUFDbEQ7U0FDRjtLQUNGLENBQUM7QUFDSixDQUFDLENBQUMifQ==
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQWtzRmlyZXdhbGxQb2xpY3kuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvVk5ldC9GaXJld2FsbFBvbGljaWVzL0Frc0ZpcmV3YWxsUG9saWN5LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBRUEsb0RBQTBEO0FBTTFELHNEQUF3RDtBQXFCeEQsa0JBQWUsQ0FBQyxFQUNkLFFBQVEsRUFDUiwyQkFBMkIsRUFDM0IsWUFBWSxFQUNaLEtBQUssR0FDb0IsRUFBdUMsRUFBRTtJQUNsRSxNQUFNLFNBQVMsR0FBRyxJQUFJLEtBQUssRUFBcUMsQ0FBQztJQUNqRSxNQUFNLFFBQVEsR0FBRyxJQUFJLEtBQUssRUFBMEIsQ0FBQztJQUNyRCxNQUFNLFFBQVEsR0FBRyxJQUFJLEtBQUssRUFBOEIsQ0FBQztJQUV6RCxJQUFJLEtBQUssRUFBRSxDQUFDO1FBQ1YsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDLEdBQUcsRUFBRSxFQUFFO1lBQ3BCLFNBQVMsQ0FBQyxJQUFJLENBQUM7Z0JBQ2IsUUFBUSxFQUFFLFNBQVM7Z0JBQ25CLElBQUksRUFBRSxHQUFHLEdBQUcsQ0FBQyxJQUFJLGNBQWM7Z0JBQy9CLFdBQVcsRUFBRSwwQ0FBMEMsR0FBRyxDQUFDLElBQUksd0JBQXdCO2dCQUN2RixlQUFlLEVBQUUsQ0FBQyxHQUFHLENBQUMsZUFBZSxJQUFJLEdBQUcsQ0FBQztnQkFDN0Msb0JBQW9CLEVBQUUsR0FBRyxDQUFDLGlCQUFpQjtnQkFDM0MsZ0JBQWdCLEVBQUUsQ0FBQyxLQUFLLENBQUM7Z0JBQ3pCLFdBQVcsRUFBRSxDQUFDLEtBQUssQ0FBQztnQkFDcEIsaUJBQWlCLEVBQUUsR0FBRyxDQUFDLGlCQUFpQjtnQkFDeEMsY0FBYyxFQUFFLEtBQUs7YUFDdEIsQ0FBQyxDQUFDO1lBRUgsSUFBSSxHQUFHLENBQUMsU0FBUztnQkFDZixTQUFTLENBQUMsSUFBSSxDQUFDO29CQUNiLFFBQVEsRUFBRSxTQUFTO29CQUNuQixJQUFJLEVBQUUsR0FBRyxHQUFHLENBQUMsSUFBSSxhQUFhO29CQUM5QixXQUFXLEVBQUUseUNBQXlDLEdBQUcsQ0FBQyxJQUFJLHdCQUF3QjtvQkFDdEYsZUFBZSxFQUFFLENBQUMsR0FBRyxDQUFDLGVBQWUsSUFBSSxHQUFHLENBQUM7b0JBQzdDLG9CQUFvQixFQUFFLEdBQUcsQ0FBQyxpQkFBaUI7b0JBQzNDLGdCQUFnQixFQUFFLENBQUMsSUFBSSxDQUFDO29CQUN4QixXQUFXLEVBQUUsQ0FBQyxLQUFLLENBQUM7b0JBQ3BCLGlCQUFpQixFQUFFLEdBQUcsQ0FBQyxpQkFBaUI7b0JBQ3hDLGNBQWMsRUFBRSxJQUFJO2lCQUNyQixDQUFDLENBQUM7UUFDUCxDQUFDLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRCxtQkFBbUI7SUFDbkIsUUFBUSxDQUFDLElBQUksQ0FDWDtRQUNFLFFBQVEsRUFBRSxhQUFhO1FBQ3ZCLElBQUksRUFBRSxTQUFTO1FBQ2YsV0FBVyxFQUNULGlIQUFpSDtRQUNuSCxXQUFXLEVBQUUsQ0FBQyxLQUFLLENBQUM7UUFDcEIsZUFBZSxFQUFFLFlBQVk7UUFDN0Isb0JBQW9CLEVBQUUsQ0FBQyxjQUFjLDRCQUFpQixFQUFFLENBQUM7UUFDekQsZ0JBQWdCLEVBQUUsQ0FBQyxNQUFNLENBQUM7S0FDM0IsRUFDRDtRQUNFLFFBQVEsRUFBRSxhQUFhO1FBQ3ZCLElBQUksRUFBRSxTQUFTO1FBQ2YsV0FBVyxFQUNULHdHQUF3RztRQUMxRyxXQUFXLEVBQUUsQ0FBQyxLQUFLLENBQUM7UUFDcEIsZUFBZSxFQUFFLFlBQVk7UUFDN0Isb0JBQW9CLEVBQUUsQ0FBQyxjQUFjLDRCQUFpQixFQUFFLENBQUM7UUFDekQsZ0JBQWdCLEVBQUUsQ0FBQyxLQUFLLEVBQUUsTUFBTSxDQUFDO0tBQ2xDLEVBQ0Q7UUFDRSxRQUFRLEVBQUUsYUFBYTtRQUN2QixJQUFJLEVBQUUsVUFBVTtRQUNoQixXQUFXLEVBQ1QsK0VBQStFO1FBQ2pGLFdBQVcsRUFBRSxDQUFDLEtBQUssQ0FBQztRQUNwQixlQUFlLEVBQUUsWUFBWTtRQUM3QixvQkFBb0IsRUFBRSxDQUFDLGdCQUFnQixDQUFDO1FBQ3hDLGdCQUFnQixFQUFFLENBQUMsS0FBSyxDQUFDO0tBQzFCO0lBQ0QsbUJBQW1CO0lBQ25CO1FBQ0UsUUFBUSxFQUFFLGFBQWE7UUFDdkIsSUFBSSxFQUFFLGlCQUFpQjtRQUN2QixXQUFXLEVBQ1QsK0VBQStFO1FBQ2pGLFdBQVcsRUFBRSxDQUFDLEtBQUssQ0FBQztRQUNwQixlQUFlLEVBQUUsWUFBWTtRQUM3QixvQkFBb0IsRUFBRSxDQUFDLEdBQUcsQ0FBQztRQUMzQixnQkFBZ0IsRUFBRSxDQUFDLEtBQUssQ0FBQztLQUMxQixFQUNEO1FBQ0UsUUFBUSxFQUFFLGFBQWE7UUFDdkIsSUFBSSxFQUFFLHFCQUFxQjtRQUMzQixXQUFXLEVBQUUseURBQXlEO1FBQ3RFLFdBQVcsRUFBRSxDQUFDLEtBQUssQ0FBQztRQUNwQixlQUFlLEVBQUUsWUFBWTtRQUM3QixvQkFBb0IsRUFBRTtZQUNwQixzQ0FBc0M7WUFDdEMsMENBQTBDO1lBQzFDLHNCQUFzQjtZQUN0Qiw0QkFBNEI7WUFDNUIsa0JBQWtCO1lBQ2xCLDZCQUE2QjtZQUM3QixrQ0FBa0M7WUFDbEMscURBQXFEO1lBQ3JELDhCQUE4QjtZQUM5QiwyQkFBMkI7WUFDM0IsMEJBQTBCO1lBQzFCLDBEQUEwRDtZQUMxRCx1QkFBdUI7U0FDeEI7UUFDRCxnQkFBZ0IsRUFBRSxDQUFDLEtBQUssQ0FBQztLQUMxQixFQUNEO1FBQ0UsUUFBUSxFQUFFLGFBQWE7UUFDdkIsSUFBSSxFQUFFLFlBQVk7UUFDbEIsV0FBVyxFQUFFLGFBQWE7UUFDMUIsV0FBVyxFQUFFLENBQUMsS0FBSyxFQUFFLEtBQUssQ0FBQztRQUMzQixlQUFlLEVBQUUsWUFBWTtRQUM3QixvQkFBb0IsRUFBRSxDQUFDLEdBQUcsQ0FBQztRQUMzQixnQkFBZ0IsRUFBRSxDQUFDLElBQUksQ0FBQztLQUN6QixDQUNGLENBQUM7SUFFRixnQkFBZ0I7SUFDaEIsUUFBUSxDQUFDLElBQUksQ0FDWDtRQUNFLFFBQVEsRUFBRSxpQkFBaUI7UUFDM0IsSUFBSSxFQUFFLHVCQUF1QjtRQUM3QixXQUFXLEVBQUUsOENBQThDO1FBQzNELGVBQWUsRUFBRSxZQUFZO1FBQzdCLFFBQVEsRUFBRSxDQUFDLHdCQUF3QixDQUFDO1FBQ3BDLFNBQVMsRUFBRSxDQUFDLEVBQUUsWUFBWSxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsR0FBRyxFQUFFLENBQUM7S0FDbEQsRUFDRDtRQUNFLFFBQVEsRUFBRSxpQkFBaUI7UUFDM0IsSUFBSSxFQUFFLFVBQVU7UUFDaEIsV0FBVyxFQUFFLDRCQUE0QjtRQUN6QyxlQUFlLEVBQUUsWUFBWTtRQUM3QixXQUFXLEVBQUU7WUFDWCxXQUFXO1lBQ1gsK0JBQStCO1lBQy9CLDhCQUE4QjtZQUM5QixtQkFBbUI7WUFDbkIsd0JBQXdCO1lBQ3hCLDBCQUEwQjtZQUMxQixrQkFBa0I7WUFDbEIsc0JBQXNCO1lBQ3RCLDJCQUEyQjtZQUMzQixzQ0FBc0M7WUFDdEMsd0JBQXdCO1lBQ3hCLFdBQVc7WUFDWCw2QkFBNkI7WUFDN0IsVUFBVTtZQUNWLDBCQUEwQjtTQUMzQjtRQUNELFNBQVMsRUFBRSxDQUFDLEVBQUUsWUFBWSxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsR0FBRyxFQUFFLENBQUM7S0FDbEQsRUFDRDtRQUNFLFFBQVEsRUFBRSxpQkFBaUI7UUFDM0IsSUFBSSxFQUFFLGdCQUFnQjtRQUN0QixXQUFXLEVBQUUsc0JBQXNCO1FBQ25DLGVBQWUsRUFBRSxZQUFZO1FBQzdCLFdBQVcsRUFBRTtZQUNYLDhCQUE4QjtZQUM5Qiw0QkFBNEI7WUFDNUIsNEJBQTRCO1lBQzVCLHdCQUF3QjtZQUN4Qiw2QkFBNkI7U0FDOUI7UUFDRCxTQUFTLEVBQUUsQ0FBQyxFQUFFLFlBQVksRUFBRSxPQUFPLEVBQUUsSUFBSSxFQUFFLEdBQUcsRUFBRSxDQUFDO0tBQ2xELEVBQ0Q7UUFDRSxRQUFRLEVBQUUsaUJBQWlCO1FBQzNCLElBQUksRUFBRSxjQUFjO1FBQ3BCLFdBQVcsRUFBRSw2QkFBNkI7UUFDMUMsZUFBZSxFQUFFLFlBQVk7UUFDN0IsV0FBVyxFQUFFO1lBQ1gsMkJBQTJCO1lBQzNCLHlDQUF5QztZQUN6QywyQkFBMkI7WUFDM0IsOEJBQThCO1NBQy9CO1FBQ0QsU0FBUyxFQUFFLENBQUMsRUFBRSxZQUFZLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRSxHQUFHLEVBQUUsQ0FBQztLQUNsRCxDQUNGLENBQUM7SUFFRixJQUFJLDJCQUEyQixFQUFFLENBQUM7UUFDaEMsUUFBUSxDQUFDLElBQUksQ0FDWDtZQUNFLFFBQVEsRUFBRSxpQkFBaUI7WUFDM0IsOEhBQThIO1lBQzlILElBQUksRUFBRSxpQkFBaUI7WUFDdkIsZUFBZSxFQUFFLFlBQVk7WUFDN0IsV0FBVyxFQUFFO2dCQUNYLFNBQVMsRUFBRSxrQkFBa0I7Z0JBQzdCLGlCQUFpQjtnQkFDakIsa0JBQWtCO2dCQUNsQixXQUFXO2dCQUNYLGdCQUFnQjtnQkFDaEIsa0JBQWtCO2dCQUNsQix3QkFBd0I7Z0JBQ3hCLFdBQVc7Z0JBQ1gsc0JBQXNCO2dCQUN0Qix1QkFBdUI7Z0JBQ3ZCLHlCQUF5QjtnQkFDekIsd0JBQXdCO2dCQUN4QixzQkFBc0I7YUFDdkI7WUFDRCxTQUFTLEVBQUUsQ0FBQyxFQUFFLFlBQVksRUFBRSxPQUFPLEVBQUUsSUFBSSxFQUFFLEdBQUcsRUFBRSxDQUFDO1NBQ2xELEVBQ0Q7WUFDRSxRQUFRLEVBQUUsaUJBQWlCO1lBQzNCLGtJQUFrSTtZQUNsSSxJQUFJLEVBQUUsY0FBYztZQUNwQixlQUFlLEVBQUUsWUFBWTtZQUM3QixXQUFXLEVBQUU7Z0JBQ1gsWUFBWSxFQUFFLGNBQWM7Z0JBQzVCLFVBQVU7Z0JBQ1YsMkJBQTJCO2dCQUMzQiwrRUFBK0U7Z0JBQy9FLFVBQVU7Z0JBQ1Ysa0JBQWtCO2FBQ25CO1lBQ0QsU0FBUyxFQUFFLENBQUMsRUFBRSxZQUFZLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRSxHQUFHLEVBQUUsQ0FBQztTQUNsRCxFQUNEO1lBQ0UsUUFBUSxFQUFFLGlCQUFpQjtZQUMzQixrSUFBa0k7WUFDbEksSUFBSSxFQUFFLGlCQUFpQjtZQUN2QixlQUFlLEVBQUUsWUFBWTtZQUM3QixXQUFXLEVBQUU7Z0JBQ1gscUJBQXFCO2dCQUNyQiwwQkFBMEI7Z0JBQzFCLHVCQUF1QjthQUN4QjtZQUNELFNBQVMsRUFBRSxDQUFDLEVBQUUsWUFBWSxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsR0FBRyxFQUFFLENBQUM7U0FDbEQsQ0FDRixDQUFDO0lBQ0osQ0FBQztJQUVELE9BQU8sSUFBQSxvQ0FBbUIsRUFBQztRQUN6QixNQUFNLEVBQUUsRUFBRSxJQUFJLEVBQUUscUJBQXFCLEVBQUUsU0FBUyxFQUFFLFFBQVEsRUFBRSxRQUFRLEVBQUU7UUFDdEUsUUFBUTtRQUNSLE1BQU0sRUFBRSxPQUFPO0tBQ2hCLENBQUMsQ0FBQztBQUNMLENBQUMsQ0FBQyJ9

package/VNet/FirewallPolicies/CloudPCFirewallPolicy.d.ts

@@ -1,14 +1,16 @@
-import { Input } from '@pulumi/pulumi';
-import { FirewallRuleProps } from '../FirewallRules/types';
+import { Input } from "@pulumi/pulumi";
+import { FirewallPolicyRuleCollectionResults } from "../types";
 interface Props {
-    name: string;
-    vnetAddressSpace: Array<Input<string>>;
-    location: Input<string>;
-    allowFullOutboundAddress?: Array<Input<string>>;
+    name?: string;
+    priority: number;
+    subnetSpaces: Array<Input<string>>;
+    allowAllOutbound?: boolean;
     allowIpCheckApi?: boolean;
-    enableCloudPcRules?: boolean;
-    enableDeveloperResources?: boolean;
-    enableAzureResources?: boolean;
+    allowsAzure?: boolean;
+    allowsAzDevOps?: boolean;
+    allowsK8sTools?: boolean;
+    allowsSearch?: boolean;
+    allowsOffice365?: boolean;
 }
-declare const _default: ({ name, location, vnetAddressSpace, enableCloudPcRules, enableDeveloperResources, enableAzureResources, allowIpCheckApi, allowFullOutboundAddress, }: Props) => Array<FirewallRuleProps>;
+declare const _default: ({ name, priority, subnetSpaces, allowsOffice365, allowsAzure, allowsAzDevOps, allowsK8sTools, allowIpCheckApi, allowsSearch, allowAllOutbound, }: Props) => FirewallPolicyRuleCollectionResults;
 export default _default;