@fjall/components-infrastructure 0.5.0 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/lib/config/aws/identityCenter.js +19 -11
- package/dist/lib/resources/aws/iam/identityCenter/assignment.d.ts +0 -2
- package/dist/lib/resources/aws/iam/identityCenter/assignment.js +3 -20
- package/dist/lib/resources/aws/iam/identityCenter/assignmentNew.d.ts +11 -0
- package/dist/lib/resources/aws/iam/identityCenter/assignmentNew.js +102 -0
- package/dist/lib/resources/aws/iam/identityCenter/attachManagedPolicy.js +7 -6
- package/dist/lib/resources/aws/iam/identityCenter/group.js +5 -5
- package/dist/lib/resources/aws/iam/identityCenter/lambda/assignmentHandler.d.ts +24 -0
- package/dist/lib/resources/aws/iam/identityCenter/lambda/assignmentHandler.js +246 -0
- package/dist/lib/resources/aws/iam/identityCenter/permissionSet.d.ts +0 -2
- package/dist/lib/resources/aws/iam/identityCenter/permissionSet.js +9 -12
- package/package.json +4 -3
|
@@ -9,6 +9,8 @@ const awsCustomResource_1 = require("../../resources/aws/utilities/awsCustomReso
|
|
|
9
9
|
const stripAndCamelCase_1 = require("../../utils/stripAndCamelCase");
|
|
10
10
|
const identityCenter_1 = require("../../resources/aws/iam/identityCenter");
|
|
11
11
|
const attachManagedPolicy_1 = require("../../resources/aws/iam/identityCenter/attachManagedPolicy");
|
|
12
|
+
const cdk_time_sleep_1 = require("cdk-time-sleep");
|
|
13
|
+
const aws_cdk_lib_1 = require("aws-cdk-lib");
|
|
12
14
|
const defaultPermissionSets = {
|
|
13
15
|
AdministratorAccess: {
|
|
14
16
|
Policy: "arn:aws:iam::aws:policy/AdministratorAccess",
|
|
@@ -64,25 +66,27 @@ class IdentityCenter extends constructs_1.Construct {
|
|
|
64
66
|
createPermissionSet(props) {
|
|
65
67
|
// Create permission sets
|
|
66
68
|
for (const [name, config] of Object.entries(defaultPermissionSets)) {
|
|
69
|
+
// Create Groups
|
|
70
|
+
const group = new identityCenter_1.Group(this, `${name}Group`, {
|
|
71
|
+
displayName: name,
|
|
72
|
+
identityStoreId: this.identityStoreId,
|
|
73
|
+
description: `Group for associated ${name} permission set`
|
|
74
|
+
});
|
|
67
75
|
const permissionSet = new identityCenter_1.PermissionSet(this, `PermissionSet${name}`, {
|
|
68
76
|
name: name,
|
|
69
77
|
instanceArn: this.identityCenterArn,
|
|
70
78
|
description: config.Description,
|
|
71
79
|
tags: props.tags
|
|
72
80
|
});
|
|
81
|
+
permissionSet.node.addDependency(group);
|
|
73
82
|
// Attach Policies to Permission Sets
|
|
74
|
-
new attachManagedPolicy_1.AttachManagedPolicy(this, `AttachManagedPolicy${name}`, {
|
|
83
|
+
const attachManagedPolicy = new attachManagedPolicy_1.AttachManagedPolicy(this, `AttachManagedPolicy${name}`, {
|
|
75
84
|
instanceArn: this.identityCenterArn,
|
|
76
85
|
permissionSet: name,
|
|
77
86
|
permissionSetArn: permissionSet.getPermissionSetArn(),
|
|
78
87
|
managedPolicyArn: config.Policy
|
|
79
88
|
});
|
|
80
|
-
|
|
81
|
-
const group = new identityCenter_1.Group(this, `${permissionSet}Group`, {
|
|
82
|
-
displayName: name,
|
|
83
|
-
identityStoreId: this.identityStoreId,
|
|
84
|
-
description: `Group for associated ${permissionSet} permission set`
|
|
85
|
-
});
|
|
89
|
+
attachManagedPolicy.node.addDependency(permissionSet);
|
|
86
90
|
new cfnOutput_1.CfnOutput(this, `${name}GroupId`, {
|
|
87
91
|
key: `${name}GroupId`,
|
|
88
92
|
value: group.getGroupId(),
|
|
@@ -90,18 +94,22 @@ class IdentityCenter extends constructs_1.Construct {
|
|
|
90
94
|
});
|
|
91
95
|
// Assign Groups to AWS Accounts
|
|
92
96
|
for (const [accountName, accountId] of Object.entries(props.accounts)) {
|
|
93
|
-
new identityCenter_1.Assignment(this, `${(0, stripAndCamelCase_1.stripAndCamelCase)(accountName)}${permissionSet}Association`, {
|
|
97
|
+
const assignment = new identityCenter_1.Assignment(this, `${(0, stripAndCamelCase_1.stripAndCamelCase)(accountName)}${permissionSet}Association`, {
|
|
94
98
|
instanceArn: this.identityCenterArn,
|
|
95
99
|
permissionSetArn: permissionSet.getPermissionSetArn(),
|
|
96
100
|
principalType: "GROUP",
|
|
97
101
|
principalId: group.getGroupId(),
|
|
98
102
|
targetType: "AWS_ACCOUNT",
|
|
99
|
-
targetId: accountId
|
|
100
|
-
|
|
103
|
+
targetId: accountId
|
|
104
|
+
});
|
|
105
|
+
const sleep = new cdk_time_sleep_1.TimeSleep(this, `${(0, stripAndCamelCase_1.stripAndCamelCase)(accountName)}${permissionSet}assignmentSleep`, {
|
|
106
|
+
destroyDuration: aws_cdk_lib_1.Duration.seconds(60)
|
|
101
107
|
});
|
|
108
|
+
sleep.node.addDependency(attachManagedPolicy);
|
|
109
|
+
assignment.node.addDependency(sleep);
|
|
102
110
|
}
|
|
103
111
|
}
|
|
104
112
|
}
|
|
105
113
|
}
|
|
106
114
|
exports.IdentityCenter = IdentityCenter;
|
|
107
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaWRlbnRpdHlDZW50ZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9saWIvY29uZmlnL2F3cy9pZGVudGl0eUNlbnRlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSxnRUFBZ0U7QUFDaEUsMkNBQXVDO0FBQ3ZDLGlEQUFzRDtBQUN0RCx1RUFBb0U7QUFDcEUsdUZBQW9GO0FBRXBGLHFFQUFrRTtBQUNsRSwyRUFJZ0Q7QUFDaEQsb0dBQWlHO0FBWWpHLE1BQU0scUJBQXFCLEdBQXdDO0lBQ2pFLG1CQUFtQixFQUFFO1FBQ25CLE1BQU0sRUFBRSw2Q0FBNkM7UUFDckQsV0FBVyxFQUFFLDBEQUEwRDtLQUN4RTtJQUNELGNBQWMsRUFBRTtRQUNkLE1BQU0sRUFBRSx3Q0FBd0M7UUFDaEQsV0FBVyxFQUFFLHFEQUFxRDtLQUNuRTtJQUNELE9BQU8sRUFBRTtRQUNQLE1BQU0sRUFBRSxrREFBa0Q7UUFDMUQsV0FBVyxFQUFFLDhDQUE4QztLQUM1RDtDQUNGLENBQUM7QUFFRixNQUFhLGNBQWUsU0FBUSxzQkFBUztJQUkzQyxZQUFZLEtBQWdCLEVBQUUsRUFBVSxFQUFFLEtBQTBCO1FBQ2xFLEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFFakIsSUFBSSxDQUFDLDBCQUEwQixFQUFFLENBQUM7UUFDbEMsSUFBSSxDQUFDLG1CQUFtQixDQUFDLEtBQUssQ0FBQyxDQUFDO0lBQ2xDLENBQUM7SUFFRCwwQkFBMEI7UUFDeEIsTUFBTSxjQUFjLEdBQUcsSUFBSSxxQ0FBaUIsQ0FDMUMsSUFBSSxFQUNKLDRCQUE0QixFQUM1QjtZQUNFLFlBQVksRUFBRSw0QkFBNEI7WUFDMUMsUUFBUSxFQUFFO2dCQUNSLE9BQU8sRUFBRSxXQUFXO2dCQUNwQixNQUFNLEVBQUUsc0JBQXNCO2dCQUM5QixVQUFVLEVBQUU7b0JBQ1YsVUFBVSxFQUFFLENBQUM7aUJBQ2Q7Z0JBQ0Qsa0JBQWtCLEVBQUUsZUFBZSxDQUFDLGtCQUFrQixDQUFDLEVBQUUsQ0FDdkQsNEJBQTRCLENBQzdCO2FBQ0Y7WUFDRCxNQUFNLEVBQUUsZUFBZSxDQUFDLHVCQUF1QixDQUFDLGNBQWMsQ0FBQztnQkFDN0QsSUFBSSx5QkFBZSxDQUFDO29CQUNsQixPQUFPLEVBQUUsQ0FBQyxtQkFBbUIsQ0FBQztvQkFDOUIsU0FBUyxFQUFFLENBQUMsR0FBRyxDQUFDO2lCQUNqQixDQUFDO2FBQ0gsQ0FBQztZQUNGLFlBQVksRUFBRSwyQkFBMkI7U0FDMUMsQ0FDRixDQUFDO1FBRUYsSUFBSSxDQUFDLGlCQUFpQixHQUFHLGNBQWMsQ0FBQyxnQkFBZ0IsQ0FDdEQseUJBQXlCLENBQzFCLENBQUM7UUFDRixJQUFJLENBQUMsZUFBZSxHQUFHLGNBQWMsQ0FBQyxnQkFBZ0IsQ0FDcEQsNkJBQTZCLENBQzlCLENBQUM7UUFDRixJQUFJLHFCQUFTLENBQUMsSUFBSSxFQUFFLG1CQUFtQixFQUFFO1lBQ3ZDLEdBQUcsRUFBRSxtQkFBbUI7WUFDeEIsS0FBSyxFQUFFLElBQUksQ0FBQyxpQkFBaUI7WUFDN0IsVUFBVSxFQUFFLG1CQUFtQjtTQUNoQyxDQUFDLENBQUM7UUFDSCxJQUFJLHFCQUFTLENBQUMsSUFBSSxFQUFFLGlCQUFpQixFQUFFO1lBQ3JDLEdBQUcsRUFBRSxpQkFBaUI7WUFDdEIsS0FBSyxFQUFFLElBQUksQ0FBQyxlQUFlO1lBQzNCLFVBQVUsRUFBRSxpQkFBaUI7U0FDOUIsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVELG1CQUFtQixDQUFDLEtBQTBCO1FBQzVDLHlCQUF5QjtRQUN6QixLQUFLLE1BQU0sQ0FBQyxJQUFJLEVBQUUsTUFBTSxDQUFDLElBQUksTUFBTSxDQUFDLE9BQU8sQ0FBQyxxQkFBcUIsQ0FBQyxFQUFFLENBQUM7WUFDbkUsTUFBTSxhQUFhLEdBQUcsSUFBSSw4QkFBYSxDQUFDLElBQUksRUFBRSxnQkFBZ0IsSUFBSSxFQUFFLEVBQUU7Z0JBQ3BFLElBQUksRUFBRSxJQUFJO2dCQUNWLFdBQVcsRUFBRSxJQUFJLENBQUMsaUJBQWlCO2dCQUNuQyxXQUFXLEVBQUUsTUFBTSxDQUFDLFdBQVc7Z0JBQy9CLElBQUksRUFBRSxLQUFLLENBQUMsSUFBSTthQUNqQixDQUFDLENBQUM7WUFFSCxxQ0FBcUM7WUFDckMsSUFBSSx5Q0FBbUIsQ0FBQyxJQUFJLEVBQUUsc0JBQXNCLElBQUksRUFBRSxFQUFFO2dCQUMxRCxXQUFXLEVBQUUsSUFBSSxDQUFDLGlCQUFpQjtnQkFDbkMsYUFBYSxFQUFFLElBQUk7Z0JBQ25CLGdCQUFnQixFQUFFLGFBQWEsQ0FBQyxtQkFBbUIsRUFBRTtnQkFDckQsZ0JBQWdCLEVBQUUsTUFBTSxDQUFDLE1BQU07YUFDaEMsQ0FBQyxDQUFDO1lBRUgsZ0JBQWdCO1lBQ2hCLE1BQU0sS0FBSyxHQUFHLElBQUksc0JBQUssQ0FBQyxJQUFJLEVBQUUsR0FBRyxhQUFhLE9BQU8sRUFBRTtnQkFDckQsV0FBVyxFQUFFLElBQUk7Z0JBQ2pCLGVBQWUsRUFBRSxJQUFJLENBQUMsZUFBZTtnQkFDckMsV0FBVyxFQUFFLHdCQUF3QixhQUFhLGlCQUFpQjthQUNwRSxDQUFDLENBQUM7WUFFSCxJQUFJLHFCQUFTLENBQUMsSUFBSSxFQUFFLEdBQUcsSUFBSSxTQUFTLEVBQUU7Z0JBQ3BDLEdBQUcsRUFBRSxHQUFHLElBQUksU0FBUztnQkFDckIsS0FBSyxFQUFFLEtBQUssQ0FBQyxVQUFVLEVBQUU7Z0JBQ3pCLFVBQVUsRUFBRSxHQUFHLElBQUksU0FBUzthQUM3QixDQUFDLENBQUM7WUFFSCxnQ0FBZ0M7WUFDaEMsS0FBSyxNQUFNLENBQUMsV0FBVyxFQUFFLFNBQVMsQ0FBQyxJQUFJLE1BQU0sQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDLFFBQVEsQ0FBQyxFQUFFLENBQUM7Z0JBQ3RFLElBQUksMkJBQVUsQ0FDWixJQUFJLEVBQ0osR0FBRyxJQUFBLHFDQUFpQixFQUFDLFdBQVcsQ0FBQyxHQUFHLGFBQWEsYUFBYSxFQUM5RDtvQkFDRSxXQUFXLEVBQUUsSUFBSSxDQUFDLGlCQUFpQjtvQkFDbkMsZ0JBQWdCLEVBQUUsYUFBYSxDQUFDLG1CQUFtQixFQUFFO29CQUNyRCxhQUFhLEVBQUUsT0FBTztvQkFDdEIsV0FBVyxFQUFFLEtBQUssQ0FBQyxVQUFVLEVBQUU7b0JBQy9CLFVBQVUsRUFBRSxhQUFhO29CQUN6QixRQUFRLEVBQUUsU0FBUztvQkFDbkIsVUFBVSxFQUFFLGFBQWEsQ0FBQyxtQkFBbUI7aUJBQzlDLENBQ0YsQ0FBQztZQUNKLENBQUM7UUFDSCxDQUFDO0lBQ0gsQ0FBQztDQUNGO0FBeEdELHdDQXdHQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCAqIGFzIGN1c3RvbVJlc291cmNlcyBmcm9tIFwiYXdzLWNkay1saWIvY3VzdG9tLXJlc291cmNlc1wiO1xuaW1wb3J0IHsgQ29uc3RydWN0IH0gZnJvbSBcImNvbnN0cnVjdHNcIjtcbmltcG9ydCB7IFBvbGljeVN0YXRlbWVudCB9IGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtaWFtXCI7XG5pbXBvcnQgeyBDZm5PdXRwdXQgfSBmcm9tIFwiLi4vLi4vcmVzb3VyY2VzL2F3cy91dGlsaXRpZXMvY2ZuT3V0cHV0XCI7XG5pbXBvcnQgeyBBd3NDdXN0b21SZXNvdXJjZSB9IGZyb20gXCIuLi8uLi9yZXNvdXJjZXMvYXdzL3V0aWxpdGllcy9hd3NDdXN0b21SZXNvdXJjZVwiO1xuaW1wb3J0IHsgS2V5VmFsdWUgfSBmcm9tIFwiLi4vLi4vdHlwZXNcIjtcbmltcG9ydCB7IHN0cmlwQW5kQ2FtZWxDYXNlIH0gZnJvbSBcIi4uLy4uL3V0aWxzL3N0cmlwQW5kQ2FtZWxDYXNlXCI7XG5pbXBvcnQge1xuICBHcm91cCxcbiAgUGVybWlzc2lvblNldCxcbiAgQXNzaWdubWVudFxufSBmcm9tIFwiLi4vLi4vcmVzb3VyY2VzL2F3cy9pYW0vaWRlbnRpdHlDZW50ZXJcIjtcbmltcG9ydCB7IEF0dGFjaE1hbmFnZWRQb2xpY3kgfSBmcm9tIFwiLi4vLi4vcmVzb3VyY2VzL2F3cy9pYW0vaWRlbnRpdHlDZW50ZXIvYXR0YWNoTWFuYWdlZFBvbGljeVwiO1xuXG5pbnRlcmZhY2UgSWRlbnRpdHlDZW50ZXJQcm9wcyB7XG4gIGFjY291bnRzOiBLZXlWYWx1ZTtcbiAgdGFncz86IEtleVZhbHVlW107XG59XG5cbmV4cG9ydCBpbnRlcmZhY2UgUGVybWlzc2lvblNldENvbmZpZyB7XG4gIFBvbGljeTogc3RyaW5nO1xuICBEZXNjcmlwdGlvbj86IHN0cmluZztcbn1cblxuY29uc3QgZGVmYXVsdFBlcm1pc3Npb25TZXRzOiBSZWNvcmQ8c3RyaW5nLCBQZXJtaXNzaW9uU2V0Q29uZmlnPiA9IHtcbiAgQWRtaW5pc3RyYXRvckFjY2Vzczoge1xuICAgIFBvbGljeTogXCJhcm46YXdzOmlhbTo6YXdzOnBvbGljeS9BZG1pbmlzdHJhdG9yQWNjZXNzXCIsXG4gICAgRGVzY3JpcHRpb246IFwiUGVybWlzc2lvbiBzZXQgZm9yIGFzc29jaWF0ZWQgQWRtaW5pc3RyYXRvckFjY2VzcyBwb2xpY3lcIlxuICB9LFxuICBSZWFkT25seUFjY2Vzczoge1xuICAgIFBvbGljeTogXCJhcm46YXdzOmlhbTo6YXdzOnBvbGljeS9SZWFkT25seUFjY2Vzc1wiLFxuICAgIERlc2NyaXB0aW9uOiBcIlBlcm1pc3Npb24gc2V0IGZvciBhc3NvY2lhdGVkIFJlYWRPbmx5QWNjZXNzIHBvbGljeVwiXG4gIH0sXG4gIEJpbGxpbmc6IHtcbiAgICBQb2xpY3k6IFwiYXJuOmF3czppYW06OmF3czpwb2xpY3kvQVdTQmlsbGluZ1JlYWRPbmx5QWNjZXNzXCIsXG4gICAgRGVzY3JpcHRpb246IFwiUGVybWlzc2lvbiBzZXQgZm9yIGFzc29jaWF0ZWQgQmlsbGluZyBwb2xpY3lcIlxuICB9XG59O1xuXG5leHBvcnQgY2xhc3MgSWRlbnRpdHlDZW50ZXIgZXh0ZW5kcyBDb25zdHJ1Y3Qge1xuICBwdWJsaWMgaWRlbnRpdHlTdG9yZUlkOiBzdHJpbmc7XG4gIHB1YmxpYyBpZGVudGl0eUNlbnRlckFybjogc3RyaW5nO1xuXG4gIGNvbnN0cnVjdG9yKHNjb3BlOiBDb25zdHJ1Y3QsIGlkOiBzdHJpbmcsIHByb3BzOiBJZGVudGl0eUNlbnRlclByb3BzKSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkKTtcblxuICAgIHRoaXMubGlzdElkZW50aXR5Q2VudGVySW5zdGFuY2UoKTtcbiAgICB0aGlzLmNyZWF0ZVBlcm1pc3Npb25TZXQocHJvcHMpO1xuICB9XG5cbiAgbGlzdElkZW50aXR5Q2VudGVySW5zdGFuY2UoKSB7XG4gICAgY29uc3QgY3VzdG9tUmVzb3VyY2UgPSBuZXcgQXdzQ3VzdG9tUmVzb3VyY2UoXG4gICAgICB0aGlzLFxuICAgICAgXCJsaXN0SWRlbnRpdHlDZW50ZXJJbnN0YW5jZVwiLFxuICAgICAge1xuICAgICAgICBmdW5jdGlvbk5hbWU6IFwibGlzdElkZW50aXR5Q2VudGVySW5zdGFuY2VcIixcbiAgICAgICAgb25DcmVhdGU6IHtcbiAgICAgICAgICBzZXJ2aWNlOiBcInNzby1hZG1pblwiLFxuICAgICAgICAgIGFjdGlvbjogXCJMaXN0SW5zdGFuY2VzQ29tbWFuZFwiLFxuICAgICAgICAgIHBhcmFtZXRlcnM6IHtcbiAgICAgICAgICAgIE1heFJlc3VsdHM6IDFcbiAgICAgICAgICB9LFxuICAgICAgICAgIHBoeXNpY2FsUmVzb3VyY2VJZDogY3VzdG9tUmVzb3VyY2VzLlBoeXNpY2FsUmVzb3VyY2VJZC5vZihcbiAgICAgICAgICAgIFwibGlzdElkZW50aXR5Q2VudGVySW5zdGFuY2VcIlxuICAgICAgICAgIClcbiAgICAgICAgfSxcbiAgICAgICAgcG9saWN5OiBjdXN0b21SZXNvdXJjZXMuQXdzQ3VzdG9tUmVzb3VyY2VQb2xpY3kuZnJvbVN0YXRlbWVudHMoW1xuICAgICAgICAgIG5ldyBQb2xpY3lTdGF0ZW1lbnQoe1xuICAgICAgICAgICAgYWN0aW9uczogW1wic3NvOkxpc3RJbnN0YW5jZXNcIl0sXG4gICAgICAgICAgICByZXNvdXJjZXM6IFtcIipcIl1cbiAgICAgICAgICB9KVxuICAgICAgICBdKSxcbiAgICAgICAgcmVzb3VyY2VUeXBlOiBcIkN1c3RvbTo6SWFtSWRlbnRpdHlDZW50ZXJcIlxuICAgICAgfVxuICAgICk7XG5cbiAgICB0aGlzLmlkZW50aXR5Q2VudGVyQXJuID0gY3VzdG9tUmVzb3VyY2UuZ2V0UmVzcG9uc2VGaWVsZChcbiAgICAgIFwiSW5zdGFuY2VzLjAuSW5zdGFuY2VBcm5cIlxuICAgICk7XG4gICAgdGhpcy5pZGVudGl0eVN0b3JlSWQgPSBjdXN0b21SZXNvdXJjZS5nZXRSZXNwb25zZUZpZWxkKFxuICAgICAgXCJJbnN0YW5jZXMuMC5JZGVudGl0eVN0b3JlSWRcIlxuICAgICk7XG4gICAgbmV3IENmbk91dHB1dCh0aGlzLCBcImlkZW50aXR5Q2VudGVyQXJuXCIsIHtcbiAgICAgIGtleTogXCJpZGVudGl0eUNlbnRlckFyblwiLFxuICAgICAgdmFsdWU6IHRoaXMuaWRlbnRpdHlDZW50ZXJBcm4sXG4gICAgICBleHBvcnROYW1lOiBcImlkZW50aXR5Q2VudGVyQXJuXCJcbiAgICB9KTtcbiAgICBuZXcgQ2ZuT3V0cHV0KHRoaXMsIFwiaWRlbnRpdHlTdG9yZUlkXCIsIHtcbiAgICAgIGtleTogXCJpZGVudGl0eVN0b3JlSURcIixcbiAgICAgIHZhbHVlOiB0aGlzLmlkZW50aXR5U3RvcmVJZCxcbiAgICAgIGV4cG9ydE5hbWU6IFwiaWRlbnRpdHlTdG9yZUlkXCJcbiAgICB9KTtcbiAgfVxuXG4gIGNyZWF0ZVBlcm1pc3Npb25TZXQocHJvcHM6IElkZW50aXR5Q2VudGVyUHJvcHMpIHtcbiAgICAvLyBDcmVhdGUgcGVybWlzc2lvbiBzZXRzXG4gICAgZm9yIChjb25zdCBbbmFtZSwgY29uZmlnXSBvZiBPYmplY3QuZW50cmllcyhkZWZhdWx0UGVybWlzc2lvblNldHMpKSB7XG4gICAgICBjb25zdCBwZXJtaXNzaW9uU2V0ID0gbmV3IFBlcm1pc3Npb25TZXQodGhpcywgYFBlcm1pc3Npb25TZXQke25hbWV9YCwge1xuICAgICAgICBuYW1lOiBuYW1lLFxuICAgICAgICBpbnN0YW5jZUFybjogdGhpcy5pZGVudGl0eUNlbnRlckFybixcbiAgICAgICAgZGVzY3JpcHRpb246IGNvbmZpZy5EZXNjcmlwdGlvbixcbiAgICAgICAgdGFnczogcHJvcHMudGFnc1xuICAgICAgfSk7XG5cbiAgICAgIC8vIEF0dGFjaCBQb2xpY2llcyB0byBQZXJtaXNzaW9uIFNldHNcbiAgICAgIG5ldyBBdHRhY2hNYW5hZ2VkUG9saWN5KHRoaXMsIGBBdHRhY2hNYW5hZ2VkUG9saWN5JHtuYW1lfWAsIHtcbiAgICAgICAgaW5zdGFuY2VBcm46IHRoaXMuaWRlbnRpdHlDZW50ZXJBcm4sXG4gICAgICAgIHBlcm1pc3Npb25TZXQ6IG5hbWUsXG4gICAgICAgIHBlcm1pc3Npb25TZXRBcm46IHBlcm1pc3Npb25TZXQuZ2V0UGVybWlzc2lvblNldEFybigpLFxuICAgICAgICBtYW5hZ2VkUG9saWN5QXJuOiBjb25maWcuUG9saWN5XG4gICAgICB9KTtcblxuICAgICAgLy8gQ3JlYXRlIEdyb3Vwc1xuICAgICAgY29uc3QgZ3JvdXAgPSBuZXcgR3JvdXAodGhpcywgYCR7cGVybWlzc2lvblNldH1Hcm91cGAsIHtcbiAgICAgICAgZGlzcGxheU5hbWU6IG5hbWUsXG4gICAgICAgIGlkZW50aXR5U3RvcmVJZDogdGhpcy5pZGVudGl0eVN0b3JlSWQsXG4gICAgICAgIGRlc2NyaXB0aW9uOiBgR3JvdXAgZm9yIGFzc29jaWF0ZWQgJHtwZXJtaXNzaW9uU2V0fSBwZXJtaXNzaW9uIHNldGBcbiAgICAgIH0pO1xuXG4gICAgICBuZXcgQ2ZuT3V0cHV0KHRoaXMsIGAke25hbWV9R3JvdXBJZGAsIHtcbiAgICAgICAga2V5OiBgJHtuYW1lfUdyb3VwSWRgLFxuICAgICAgICB2YWx1ZTogZ3JvdXAuZ2V0R3JvdXBJZCgpLFxuICAgICAgICBleHBvcnROYW1lOiBgJHtuYW1lfUdyb3VwSWRgXG4gICAgICB9KTtcblxuICAgICAgLy8gQXNzaWduIEdyb3VwcyB0byBBV1MgQWNjb3VudHNcbiAgICAgIGZvciAoY29uc3QgW2FjY291bnROYW1lLCBhY2NvdW50SWRdIG9mIE9iamVjdC5lbnRyaWVzKHByb3BzLmFjY291bnRzKSkge1xuICAgICAgICBuZXcgQXNzaWdubWVudChcbiAgICAgICAgICB0aGlzLFxuICAgICAgICAgIGAke3N0cmlwQW5kQ2FtZWxDYXNlKGFjY291bnROYW1lKX0ke3Blcm1pc3Npb25TZXR9QXNzb2NpYXRpb25gLFxuICAgICAgICAgIHtcbiAgICAgICAgICAgIGluc3RhbmNlQXJuOiB0aGlzLmlkZW50aXR5Q2VudGVyQXJuLFxuICAgICAgICAgICAgcGVybWlzc2lvblNldEFybjogcGVybWlzc2lvblNldC5nZXRQZXJtaXNzaW9uU2V0QXJuKCksXG4gICAgICAgICAgICBwcmluY2lwYWxUeXBlOiBcIkdST1VQXCIsXG4gICAgICAgICAgICBwcmluY2lwYWxJZDogZ3JvdXAuZ2V0R3JvdXBJZCgpLFxuICAgICAgICAgICAgdGFyZ2V0VHlwZTogXCJBV1NfQUNDT1VOVFwiLFxuICAgICAgICAgICAgdGFyZ2V0SWQ6IGFjY291bnRJZCxcbiAgICAgICAgICAgIGRlcGVuZGVuY3k6IHBlcm1pc3Npb25TZXQuZGVsZXRlUGVybWlzc2lvblNldFxuICAgICAgICAgIH1cbiAgICAgICAgKTtcbiAgICAgIH1cbiAgICB9XG4gIH1cbn1cbiJdfQ==
|
|
115
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaWRlbnRpdHlDZW50ZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9saWIvY29uZmlnL2F3cy9pZGVudGl0eUNlbnRlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSxnRUFBZ0U7QUFDaEUsMkNBQXVDO0FBQ3ZDLGlEQUFzRDtBQUN0RCx1RUFBb0U7QUFDcEUsdUZBQW9GO0FBRXBGLHFFQUFrRTtBQUNsRSwyRUFJZ0Q7QUFDaEQsb0dBQWlHO0FBQ2pHLG1EQUEyQztBQUMzQyw2Q0FBdUM7QUFZdkMsTUFBTSxxQkFBcUIsR0FBd0M7SUFDakUsbUJBQW1CLEVBQUU7UUFDbkIsTUFBTSxFQUFFLDZDQUE2QztRQUNyRCxXQUFXLEVBQUUsMERBQTBEO0tBQ3hFO0lBQ0QsY0FBYyxFQUFFO1FBQ2QsTUFBTSxFQUFFLHdDQUF3QztRQUNoRCxXQUFXLEVBQUUscURBQXFEO0tBQ25FO0lBQ0QsT0FBTyxFQUFFO1FBQ1AsTUFBTSxFQUFFLGtEQUFrRDtRQUMxRCxXQUFXLEVBQUUsOENBQThDO0tBQzVEO0NBQ0YsQ0FBQztBQUVGLE1BQWEsY0FBZSxTQUFRLHNCQUFTO0lBSTNDLFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBMEI7UUFDbEUsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztRQUVqQixJQUFJLENBQUMsMEJBQTBCLEVBQUUsQ0FBQztRQUNsQyxJQUFJLENBQUMsbUJBQW1CLENBQUMsS0FBSyxDQUFDLENBQUM7SUFDbEMsQ0FBQztJQUVELDBCQUEwQjtRQUN4QixNQUFNLGNBQWMsR0FBRyxJQUFJLHFDQUFpQixDQUMxQyxJQUFJLEVBQ0osNEJBQTRCLEVBQzVCO1lBQ0UsWUFBWSxFQUFFLDRCQUE0QjtZQUMxQyxRQUFRLEVBQUU7Z0JBQ1IsT0FBTyxFQUFFLFdBQVc7Z0JBQ3BCLE1BQU0sRUFBRSxzQkFBc0I7Z0JBQzlCLFVBQVUsRUFBRTtvQkFDVixVQUFVLEVBQUUsQ0FBQztpQkFDZDtnQkFDRCxrQkFBa0IsRUFBRSxlQUFlLENBQUMsa0JBQWtCLENBQUMsRUFBRSxDQUN2RCw0QkFBNEIsQ0FDN0I7YUFDRjtZQUNELE1BQU0sRUFBRSxlQUFlLENBQUMsdUJBQXVCLENBQUMsY0FBYyxDQUFDO2dCQUM3RCxJQUFJLHlCQUFlLENBQUM7b0JBQ2xCLE9BQU8sRUFBRSxDQUFDLG1CQUFtQixDQUFDO29CQUM5QixTQUFTLEVBQUUsQ0FBQyxHQUFHLENBQUM7aUJBQ2pCLENBQUM7YUFDSCxDQUFDO1lBQ0YsWUFBWSxFQUFFLDJCQUEyQjtTQUMxQyxDQUNGLENBQUM7UUFFRixJQUFJLENBQUMsaUJBQWlCLEdBQUcsY0FBYyxDQUFDLGdCQUFnQixDQUN0RCx5QkFBeUIsQ0FDMUIsQ0FBQztRQUNGLElBQUksQ0FBQyxlQUFlLEdBQUcsY0FBYyxDQUFDLGdCQUFnQixDQUNwRCw2QkFBNkIsQ0FDOUIsQ0FBQztRQUNGLElBQUkscUJBQVMsQ0FBQyxJQUFJLEVBQUUsbUJBQW1CLEVBQUU7WUFDdkMsR0FBRyxFQUFFLG1CQUFtQjtZQUN4QixLQUFLLEVBQUUsSUFBSSxDQUFDLGlCQUFpQjtZQUM3QixVQUFVLEVBQUUsbUJBQW1CO1NBQ2hDLENBQUMsQ0FBQztRQUNILElBQUkscUJBQVMsQ0FBQyxJQUFJLEVBQUUsaUJBQWlCLEVBQUU7WUFDckMsR0FBRyxFQUFFLGlCQUFpQjtZQUN0QixLQUFLLEVBQUUsSUFBSSxDQUFDLGVBQWU7WUFDM0IsVUFBVSxFQUFFLGlCQUFpQjtTQUM5QixDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsbUJBQW1CLENBQUMsS0FBMEI7UUFDNUMseUJBQXlCO1FBQ3pCLEtBQUssTUFBTSxDQUFDLElBQUksRUFBRSxNQUFNLENBQUMsSUFBSSxNQUFNLENBQUMsT0FBTyxDQUFDLHFCQUFxQixDQUFDLEVBQUUsQ0FBQztZQUNuRSxnQkFBZ0I7WUFDaEIsTUFBTSxLQUFLLEdBQUcsSUFBSSxzQkFBSyxDQUFDLElBQUksRUFBRSxHQUFHLElBQUksT0FBTyxFQUFFO2dCQUM1QyxXQUFXLEVBQUUsSUFBSTtnQkFDakIsZUFBZSxFQUFFLElBQUksQ0FBQyxlQUFlO2dCQUNyQyxXQUFXLEVBQUUsd0JBQXdCLElBQUksaUJBQWlCO2FBQzNELENBQUMsQ0FBQztZQUVILE1BQU0sYUFBYSxHQUFHLElBQUksOEJBQWEsQ0FBQyxJQUFJLEVBQUUsZ0JBQWdCLElBQUksRUFBRSxFQUFFO2dCQUNwRSxJQUFJLEVBQUUsSUFBSTtnQkFDVixXQUFXLEVBQUUsSUFBSSxDQUFDLGlCQUFpQjtnQkFDbkMsV0FBVyxFQUFFLE1BQU0sQ0FBQyxXQUFXO2dCQUMvQixJQUFJLEVBQUUsS0FBSyxDQUFDLElBQUk7YUFDakIsQ0FBQyxDQUFDO1lBQ0gsYUFBYSxDQUFDLElBQUksQ0FBQyxhQUFhLENBQUMsS0FBSyxDQUFDLENBQUM7WUFFeEMscUNBQXFDO1lBQ3JDLE1BQU0sbUJBQW1CLEdBQUcsSUFBSSx5Q0FBbUIsQ0FDakQsSUFBSSxFQUNKLHNCQUFzQixJQUFJLEVBQUUsRUFDNUI7Z0JBQ0UsV0FBVyxFQUFFLElBQUksQ0FBQyxpQkFBaUI7Z0JBQ25DLGFBQWEsRUFBRSxJQUFJO2dCQUNuQixnQkFBZ0IsRUFBRSxhQUFhLENBQUMsbUJBQW1CLEVBQUU7Z0JBQ3JELGdCQUFnQixFQUFFLE1BQU0sQ0FBQyxNQUFNO2FBQ2hDLENBQ0YsQ0FBQztZQUNGLG1CQUFtQixDQUFDLElBQUksQ0FBQyxhQUFhLENBQUMsYUFBYSxDQUFDLENBQUM7WUFFdEQsSUFBSSxxQkFBUyxDQUFDLElBQUksRUFBRSxHQUFHLElBQUksU0FBUyxFQUFFO2dCQUNwQyxHQUFHLEVBQUUsR0FBRyxJQUFJLFNBQVM7Z0JBQ3JCLEtBQUssRUFBRSxLQUFLLENBQUMsVUFBVSxFQUFFO2dCQUN6QixVQUFVLEVBQUUsR0FBRyxJQUFJLFNBQVM7YUFDN0IsQ0FBQyxDQUFDO1lBRUgsZ0NBQWdDO1lBQ2hDLEtBQUssTUFBTSxDQUFDLFdBQVcsRUFBRSxTQUFTLENBQUMsSUFBSSxNQUFNLENBQUMsT0FBTyxDQUFDLEtBQUssQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDO2dCQUN0RSxNQUFNLFVBQVUsR0FBRyxJQUFJLDJCQUFVLENBQy9CLElBQUksRUFDSixHQUFHLElBQUEscUNBQWlCLEVBQUMsV0FBVyxDQUFDLEdBQUcsYUFBYSxhQUFhLEVBQzlEO29CQUNFLFdBQVcsRUFBRSxJQUFJLENBQUMsaUJBQWlCO29CQUNuQyxnQkFBZ0IsRUFBRSxhQUFhLENBQUMsbUJBQW1CLEVBQUU7b0JBQ3JELGFBQWEsRUFBRSxPQUFPO29CQUN0QixXQUFXLEVBQUUsS0FBSyxDQUFDLFVBQVUsRUFBRTtvQkFDL0IsVUFBVSxFQUFFLGFBQWE7b0JBQ3pCLFFBQVEsRUFBRSxTQUFTO2lCQUNwQixDQUNGLENBQUM7Z0JBRUYsTUFBTSxLQUFLLEdBQUcsSUFBSSwwQkFBUyxDQUN6QixJQUFJLEVBQ0osR0FBRyxJQUFBLHFDQUFpQixFQUFDLFdBQVcsQ0FBQyxHQUFHLGFBQWEsaUJBQWlCLEVBQ2xFO29CQUNFLGVBQWUsRUFBRSxzQkFBUSxDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7aUJBQ3RDLENBQ0YsQ0FBQztnQkFDRixLQUFLLENBQUMsSUFBSSxDQUFDLGFBQWEsQ0FBQyxtQkFBbUIsQ0FBQyxDQUFDO2dCQUM5QyxVQUFVLENBQUMsSUFBSSxDQUFDLGFBQWEsQ0FBQyxLQUFLLENBQUMsQ0FBQztZQUN2QyxDQUFDO1FBQ0gsQ0FBQztJQUNILENBQUM7Q0FDRjtBQXZIRCx3Q0F1SEMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgKiBhcyBjdXN0b21SZXNvdXJjZXMgZnJvbSBcImF3cy1jZGstbGliL2N1c3RvbS1yZXNvdXJjZXNcIjtcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gXCJjb25zdHJ1Y3RzXCI7XG5pbXBvcnQgeyBQb2xpY3lTdGF0ZW1lbnQgfSBmcm9tIFwiYXdzLWNkay1saWIvYXdzLWlhbVwiO1xuaW1wb3J0IHsgQ2ZuT3V0cHV0IH0gZnJvbSBcIi4uLy4uL3Jlc291cmNlcy9hd3MvdXRpbGl0aWVzL2Nmbk91dHB1dFwiO1xuaW1wb3J0IHsgQXdzQ3VzdG9tUmVzb3VyY2UgfSBmcm9tIFwiLi4vLi4vcmVzb3VyY2VzL2F3cy91dGlsaXRpZXMvYXdzQ3VzdG9tUmVzb3VyY2VcIjtcbmltcG9ydCB7IEtleVZhbHVlIH0gZnJvbSBcIi4uLy4uL3R5cGVzXCI7XG5pbXBvcnQgeyBzdHJpcEFuZENhbWVsQ2FzZSB9IGZyb20gXCIuLi8uLi91dGlscy9zdHJpcEFuZENhbWVsQ2FzZVwiO1xuaW1wb3J0IHtcbiAgR3JvdXAsXG4gIFBlcm1pc3Npb25TZXQsXG4gIEFzc2lnbm1lbnRcbn0gZnJvbSBcIi4uLy4uL3Jlc291cmNlcy9hd3MvaWFtL2lkZW50aXR5Q2VudGVyXCI7XG5pbXBvcnQgeyBBdHRhY2hNYW5hZ2VkUG9saWN5IH0gZnJvbSBcIi4uLy4uL3Jlc291cmNlcy9hd3MvaWFtL2lkZW50aXR5Q2VudGVyL2F0dGFjaE1hbmFnZWRQb2xpY3lcIjtcbmltcG9ydCB7IFRpbWVTbGVlcCB9IGZyb20gXCJjZGstdGltZS1zbGVlcFwiO1xuaW1wb3J0IHsgRHVyYXRpb24gfSBmcm9tIFwiYXdzLWNkay1saWJcIjtcblxuaW50ZXJmYWNlIElkZW50aXR5Q2VudGVyUHJvcHMge1xuICBhY2NvdW50czogS2V5VmFsdWU7XG4gIHRhZ3M/OiBLZXlWYWx1ZVtdO1xufVxuXG5leHBvcnQgaW50ZXJmYWNlIFBlcm1pc3Npb25TZXRDb25maWcge1xuICBQb2xpY3k6IHN0cmluZztcbiAgRGVzY3JpcHRpb24/OiBzdHJpbmc7XG59XG5cbmNvbnN0IGRlZmF1bHRQZXJtaXNzaW9uU2V0czogUmVjb3JkPHN0cmluZywgUGVybWlzc2lvblNldENvbmZpZz4gPSB7XG4gIEFkbWluaXN0cmF0b3JBY2Nlc3M6IHtcbiAgICBQb2xpY3k6IFwiYXJuOmF3czppYW06OmF3czpwb2xpY3kvQWRtaW5pc3RyYXRvckFjY2Vzc1wiLFxuICAgIERlc2NyaXB0aW9uOiBcIlBlcm1pc3Npb24gc2V0IGZvciBhc3NvY2lhdGVkIEFkbWluaXN0cmF0b3JBY2Nlc3MgcG9saWN5XCJcbiAgfSxcbiAgUmVhZE9ubHlBY2Nlc3M6IHtcbiAgICBQb2xpY3k6IFwiYXJuOmF3czppYW06OmF3czpwb2xpY3kvUmVhZE9ubHlBY2Nlc3NcIixcbiAgICBEZXNjcmlwdGlvbjogXCJQZXJtaXNzaW9uIHNldCBmb3IgYXNzb2NpYXRlZCBSZWFkT25seUFjY2VzcyBwb2xpY3lcIlxuICB9LFxuICBCaWxsaW5nOiB7XG4gICAgUG9saWN5OiBcImFybjphd3M6aWFtOjphd3M6cG9saWN5L0FXU0JpbGxpbmdSZWFkT25seUFjY2Vzc1wiLFxuICAgIERlc2NyaXB0aW9uOiBcIlBlcm1pc3Npb24gc2V0IGZvciBhc3NvY2lhdGVkIEJpbGxpbmcgcG9saWN5XCJcbiAgfVxufTtcblxuZXhwb3J0IGNsYXNzIElkZW50aXR5Q2VudGVyIGV4dGVuZHMgQ29uc3RydWN0IHtcbiAgcHVibGljIGlkZW50aXR5U3RvcmVJZDogc3RyaW5nO1xuICBwdWJsaWMgaWRlbnRpdHlDZW50ZXJBcm46IHN0cmluZztcblxuICBjb25zdHJ1Y3RvcihzY29wZTogQ29uc3RydWN0LCBpZDogc3RyaW5nLCBwcm9wczogSWRlbnRpdHlDZW50ZXJQcm9wcykge1xuICAgIHN1cGVyKHNjb3BlLCBpZCk7XG5cbiAgICB0aGlzLmxpc3RJZGVudGl0eUNlbnRlckluc3RhbmNlKCk7XG4gICAgdGhpcy5jcmVhdGVQZXJtaXNzaW9uU2V0KHByb3BzKTtcbiAgfVxuXG4gIGxpc3RJZGVudGl0eUNlbnRlckluc3RhbmNlKCkge1xuICAgIGNvbnN0IGN1c3RvbVJlc291cmNlID0gbmV3IEF3c0N1c3RvbVJlc291cmNlKFxuICAgICAgdGhpcyxcbiAgICAgIFwibGlzdElkZW50aXR5Q2VudGVySW5zdGFuY2VcIixcbiAgICAgIHtcbiAgICAgICAgZnVuY3Rpb25OYW1lOiBcImxpc3RJZGVudGl0eUNlbnRlckluc3RhbmNlXCIsXG4gICAgICAgIG9uQ3JlYXRlOiB7XG4gICAgICAgICAgc2VydmljZTogXCJzc28tYWRtaW5cIixcbiAgICAgICAgICBhY3Rpb246IFwiTGlzdEluc3RhbmNlc0NvbW1hbmRcIixcbiAgICAgICAgICBwYXJhbWV0ZXJzOiB7XG4gICAgICAgICAgICBNYXhSZXN1bHRzOiAxXG4gICAgICAgICAgfSxcbiAgICAgICAgICBwaHlzaWNhbFJlc291cmNlSWQ6IGN1c3RvbVJlc291cmNlcy5QaHlzaWNhbFJlc291cmNlSWQub2YoXG4gICAgICAgICAgICBcImxpc3RJZGVudGl0eUNlbnRlckluc3RhbmNlXCJcbiAgICAgICAgICApXG4gICAgICAgIH0sXG4gICAgICAgIHBvbGljeTogY3VzdG9tUmVzb3VyY2VzLkF3c0N1c3RvbVJlc291cmNlUG9saWN5LmZyb21TdGF0ZW1lbnRzKFtcbiAgICAgICAgICBuZXcgUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgICAgIGFjdGlvbnM6IFtcInNzbzpMaXN0SW5zdGFuY2VzXCJdLFxuICAgICAgICAgICAgcmVzb3VyY2VzOiBbXCIqXCJdXG4gICAgICAgICAgfSlcbiAgICAgICAgXSksXG4gICAgICAgIHJlc291cmNlVHlwZTogXCJDdXN0b206OklhbUlkZW50aXR5Q2VudGVyXCJcbiAgICAgIH1cbiAgICApO1xuXG4gICAgdGhpcy5pZGVudGl0eUNlbnRlckFybiA9IGN1c3RvbVJlc291cmNlLmdldFJlc3BvbnNlRmllbGQoXG4gICAgICBcIkluc3RhbmNlcy4wLkluc3RhbmNlQXJuXCJcbiAgICApO1xuICAgIHRoaXMuaWRlbnRpdHlTdG9yZUlkID0gY3VzdG9tUmVzb3VyY2UuZ2V0UmVzcG9uc2VGaWVsZChcbiAgICAgIFwiSW5zdGFuY2VzLjAuSWRlbnRpdHlTdG9yZUlkXCJcbiAgICApO1xuICAgIG5ldyBDZm5PdXRwdXQodGhpcywgXCJpZGVudGl0eUNlbnRlckFyblwiLCB7XG4gICAgICBrZXk6IFwiaWRlbnRpdHlDZW50ZXJBcm5cIixcbiAgICAgIHZhbHVlOiB0aGlzLmlkZW50aXR5Q2VudGVyQXJuLFxuICAgICAgZXhwb3J0TmFtZTogXCJpZGVudGl0eUNlbnRlckFyblwiXG4gICAgfSk7XG4gICAgbmV3IENmbk91dHB1dCh0aGlzLCBcImlkZW50aXR5U3RvcmVJZFwiLCB7XG4gICAgICBrZXk6IFwiaWRlbnRpdHlTdG9yZUlEXCIsXG4gICAgICB2YWx1ZTogdGhpcy5pZGVudGl0eVN0b3JlSWQsXG4gICAgICBleHBvcnROYW1lOiBcImlkZW50aXR5U3RvcmVJZFwiXG4gICAgfSk7XG4gIH1cblxuICBjcmVhdGVQZXJtaXNzaW9uU2V0KHByb3BzOiBJZGVudGl0eUNlbnRlclByb3BzKSB7XG4gICAgLy8gQ3JlYXRlIHBlcm1pc3Npb24gc2V0c1xuICAgIGZvciAoY29uc3QgW25hbWUsIGNvbmZpZ10gb2YgT2JqZWN0LmVudHJpZXMoZGVmYXVsdFBlcm1pc3Npb25TZXRzKSkge1xuICAgICAgLy8gQ3JlYXRlIEdyb3Vwc1xuICAgICAgY29uc3QgZ3JvdXAgPSBuZXcgR3JvdXAodGhpcywgYCR7bmFtZX1Hcm91cGAsIHtcbiAgICAgICAgZGlzcGxheU5hbWU6IG5hbWUsXG4gICAgICAgIGlkZW50aXR5U3RvcmVJZDogdGhpcy5pZGVudGl0eVN0b3JlSWQsXG4gICAgICAgIGRlc2NyaXB0aW9uOiBgR3JvdXAgZm9yIGFzc29jaWF0ZWQgJHtuYW1lfSBwZXJtaXNzaW9uIHNldGBcbiAgICAgIH0pO1xuXG4gICAgICBjb25zdCBwZXJtaXNzaW9uU2V0ID0gbmV3IFBlcm1pc3Npb25TZXQodGhpcywgYFBlcm1pc3Npb25TZXQke25hbWV9YCwge1xuICAgICAgICBuYW1lOiBuYW1lLFxuICAgICAgICBpbnN0YW5jZUFybjogdGhpcy5pZGVudGl0eUNlbnRlckFybixcbiAgICAgICAgZGVzY3JpcHRpb246IGNvbmZpZy5EZXNjcmlwdGlvbixcbiAgICAgICAgdGFnczogcHJvcHMudGFnc1xuICAgICAgfSk7XG4gICAgICBwZXJtaXNzaW9uU2V0Lm5vZGUuYWRkRGVwZW5kZW5jeShncm91cCk7XG5cbiAgICAgIC8vIEF0dGFjaCBQb2xpY2llcyB0byBQZXJtaXNzaW9uIFNldHNcbiAgICAgIGNvbnN0IGF0dGFjaE1hbmFnZWRQb2xpY3kgPSBuZXcgQXR0YWNoTWFuYWdlZFBvbGljeShcbiAgICAgICAgdGhpcyxcbiAgICAgICAgYEF0dGFjaE1hbmFnZWRQb2xpY3kke25hbWV9YCxcbiAgICAgICAge1xuICAgICAgICAgIGluc3RhbmNlQXJuOiB0aGlzLmlkZW50aXR5Q2VudGVyQXJuLFxuICAgICAgICAgIHBlcm1pc3Npb25TZXQ6IG5hbWUsXG4gICAgICAgICAgcGVybWlzc2lvblNldEFybjogcGVybWlzc2lvblNldC5nZXRQZXJtaXNzaW9uU2V0QXJuKCksXG4gICAgICAgICAgbWFuYWdlZFBvbGljeUFybjogY29uZmlnLlBvbGljeVxuICAgICAgICB9XG4gICAgICApO1xuICAgICAgYXR0YWNoTWFuYWdlZFBvbGljeS5ub2RlLmFkZERlcGVuZGVuY3kocGVybWlzc2lvblNldCk7XG5cbiAgICAgIG5ldyBDZm5PdXRwdXQodGhpcywgYCR7bmFtZX1Hcm91cElkYCwge1xuICAgICAgICBrZXk6IGAke25hbWV9R3JvdXBJZGAsXG4gICAgICAgIHZhbHVlOiBncm91cC5nZXRHcm91cElkKCksXG4gICAgICAgIGV4cG9ydE5hbWU6IGAke25hbWV9R3JvdXBJZGBcbiAgICAgIH0pO1xuXG4gICAgICAvLyBBc3NpZ24gR3JvdXBzIHRvIEFXUyBBY2NvdW50c1xuICAgICAgZm9yIChjb25zdCBbYWNjb3VudE5hbWUsIGFjY291bnRJZF0gb2YgT2JqZWN0LmVudHJpZXMocHJvcHMuYWNjb3VudHMpKSB7XG4gICAgICAgIGNvbnN0IGFzc2lnbm1lbnQgPSBuZXcgQXNzaWdubWVudChcbiAgICAgICAgICB0aGlzLFxuICAgICAgICAgIGAke3N0cmlwQW5kQ2FtZWxDYXNlKGFjY291bnROYW1lKX0ke3Blcm1pc3Npb25TZXR9QXNzb2NpYXRpb25gLFxuICAgICAgICAgIHtcbiAgICAgICAgICAgIGluc3RhbmNlQXJuOiB0aGlzLmlkZW50aXR5Q2VudGVyQXJuLFxuICAgICAgICAgICAgcGVybWlzc2lvblNldEFybjogcGVybWlzc2lvblNldC5nZXRQZXJtaXNzaW9uU2V0QXJuKCksXG4gICAgICAgICAgICBwcmluY2lwYWxUeXBlOiBcIkdST1VQXCIsXG4gICAgICAgICAgICBwcmluY2lwYWxJZDogZ3JvdXAuZ2V0R3JvdXBJZCgpLFxuICAgICAgICAgICAgdGFyZ2V0VHlwZTogXCJBV1NfQUNDT1VOVFwiLFxuICAgICAgICAgICAgdGFyZ2V0SWQ6IGFjY291bnRJZFxuICAgICAgICAgIH1cbiAgICAgICAgKTtcblxuICAgICAgICBjb25zdCBzbGVlcCA9IG5ldyBUaW1lU2xlZXAoXG4gICAgICAgICAgdGhpcyxcbiAgICAgICAgICBgJHtzdHJpcEFuZENhbWVsQ2FzZShhY2NvdW50TmFtZSl9JHtwZXJtaXNzaW9uU2V0fWFzc2lnbm1lbnRTbGVlcGAsXG4gICAgICAgICAge1xuICAgICAgICAgICAgZGVzdHJveUR1cmF0aW9uOiBEdXJhdGlvbi5zZWNvbmRzKDYwKVxuICAgICAgICAgIH1cbiAgICAgICAgKTtcbiAgICAgICAgc2xlZXAubm9kZS5hZGREZXBlbmRlbmN5KGF0dGFjaE1hbmFnZWRQb2xpY3kpO1xuICAgICAgICBhc3NpZ25tZW50Lm5vZGUuYWRkRGVwZW5kZW5jeShzbGVlcCk7XG4gICAgICB9XG4gICAgfVxuICB9XG59XG4iXX0=
|
|
@@ -1,5 +1,4 @@
|
|
|
1
1
|
import { Construct } from "constructs";
|
|
2
|
-
import { AwsCustomResource } from "../../utilities/awsCustomResource";
|
|
3
2
|
export declare class Assignment extends Construct {
|
|
4
3
|
constructor(scope: Construct, id: string, props: {
|
|
5
4
|
instanceArn: string;
|
|
@@ -8,6 +7,5 @@ export declare class Assignment extends Construct {
|
|
|
8
7
|
principalId: string;
|
|
9
8
|
targetType: string;
|
|
10
9
|
targetId: string;
|
|
11
|
-
dependency?: AwsCustomResource;
|
|
12
10
|
});
|
|
13
11
|
}
|
|
@@ -9,7 +9,7 @@ class Assignment extends constructs_1.Construct {
|
|
|
9
9
|
constructor(scope, id, props) {
|
|
10
10
|
super(scope, id);
|
|
11
11
|
const physicalId = `assignment${props.permissionSetArn}to${props.principalId}`;
|
|
12
|
-
const assignment = new awsCustomResource_1.AwsCustomResource(this,
|
|
12
|
+
const assignment = new awsCustomResource_1.AwsCustomResource(this, `assignment`, {
|
|
13
13
|
functionName: physicalId,
|
|
14
14
|
onCreate: {
|
|
15
15
|
service: "sso-admin",
|
|
@@ -24,19 +24,6 @@ class Assignment extends constructs_1.Construct {
|
|
|
24
24
|
},
|
|
25
25
|
physicalResourceId: customResources.PhysicalResourceId.of(physicalId)
|
|
26
26
|
},
|
|
27
|
-
onUpdate: {
|
|
28
|
-
service: "sso-admin",
|
|
29
|
-
action: "UpdateAccountAssignment", // TODO: This is not a valid action
|
|
30
|
-
parameters: {
|
|
31
|
-
InstanceArn: props.instanceArn,
|
|
32
|
-
TargetId: props.targetId,
|
|
33
|
-
TargetType: props.targetType,
|
|
34
|
-
PermissionSetArn: props.permissionSetArn,
|
|
35
|
-
PrincipalType: props.principalType,
|
|
36
|
-
PrincipalId: props.principalId
|
|
37
|
-
},
|
|
38
|
-
physicalResourceId: customResources.PhysicalResourceId.of(physicalId)
|
|
39
|
-
},
|
|
40
27
|
onDelete: {
|
|
41
28
|
service: "sso-admin",
|
|
42
29
|
action: "DeleteAccountAssignment", // https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/sso-admin/command/DeleteAccountAssignmentCommand
|
|
@@ -53,18 +40,14 @@ class Assignment extends constructs_1.Construct {
|
|
|
53
40
|
new aws_iam_1.PolicyStatement({
|
|
54
41
|
actions: [
|
|
55
42
|
"sso:CreateAccountAssignment",
|
|
56
|
-
"sso:UpdateAccountAssignment",
|
|
57
43
|
"sso:DeleteAccountAssignment"
|
|
58
44
|
],
|
|
59
45
|
resources: ["*"]
|
|
60
46
|
})
|
|
61
47
|
]),
|
|
62
|
-
resourceType: "Custom::
|
|
48
|
+
resourceType: "Custom::SSOAccountAssignment"
|
|
63
49
|
});
|
|
64
|
-
if (props.dependency) {
|
|
65
|
-
assignment.node.addDependency(props.dependency);
|
|
66
|
-
}
|
|
67
50
|
}
|
|
68
51
|
}
|
|
69
52
|
exports.Assignment = Assignment;
|
|
70
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
53
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXNzaWdubWVudC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uLy4uLy4uL2xpYi9yZXNvdXJjZXMvYXdzL2lhbS9pZGVudGl0eUNlbnRlci9hc3NpZ25tZW50LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLGlEQUFzRDtBQUN0RCwyQ0FBdUM7QUFDdkMsZ0VBQWdFO0FBQ2hFLHlFQUFzRTtBQUV0RSxNQUFhLFVBQVcsU0FBUSxzQkFBUztJQUN2QyxZQUNFLEtBQWdCLEVBQ2hCLEVBQVUsRUFDVixLQU9DO1FBRUQsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztRQUVqQixNQUFNLFVBQVUsR0FBRyxhQUFhLEtBQUssQ0FBQyxnQkFBZ0IsS0FBSyxLQUFLLENBQUMsV0FBVyxFQUFFLENBQUM7UUFFL0UsTUFBTSxVQUFVLEdBQUcsSUFBSSxxQ0FBaUIsQ0FBQyxJQUFJLEVBQUUsWUFBWSxFQUFFO1lBQzNELFlBQVksRUFBRSxVQUFVO1lBQ3hCLFFBQVEsRUFBRTtnQkFDUixPQUFPLEVBQUUsV0FBVztnQkFDcEIsTUFBTSxFQUFFLHlCQUF5QixFQUFFLGlIQUFpSDtnQkFDcEosVUFBVSxFQUFFO29CQUNWLFdBQVcsRUFBRSxLQUFLLENBQUMsV0FBVztvQkFDOUIsUUFBUSxFQUFFLEtBQUssQ0FBQyxRQUFRO29CQUN4QixVQUFVLEVBQUUsS0FBSyxDQUFDLFVBQVU7b0JBQzVCLGdCQUFnQixFQUFFLEtBQUssQ0FBQyxnQkFBZ0I7b0JBQ3hDLGFBQWEsRUFBRSxLQUFLLENBQUMsYUFBYTtvQkFDbEMsV0FBVyxFQUFFLEtBQUssQ0FBQyxXQUFXO2lCQUMvQjtnQkFDRCxrQkFBa0IsRUFBRSxlQUFlLENBQUMsa0JBQWtCLENBQUMsRUFBRSxDQUFDLFVBQVUsQ0FBQzthQUN0RTtZQUNELFFBQVEsRUFBRTtnQkFDUixPQUFPLEVBQUUsV0FBVztnQkFDcEIsTUFBTSxFQUFFLHlCQUF5QixFQUFFLGlIQUFpSDtnQkFDcEosVUFBVSxFQUFFO29CQUNWLFdBQVcsRUFBRSxLQUFLLENBQUMsV0FBVztvQkFDOUIsUUFBUSxFQUFFLEtBQUssQ0FBQyxRQUFRO29CQUN4QixVQUFVLEVBQUUsS0FBSyxDQUFDLFVBQVU7b0JBQzVCLGdCQUFnQixFQUFFLEtBQUssQ0FBQyxnQkFBZ0I7b0JBQ3hDLGFBQWEsRUFBRSxLQUFLLENBQUMsYUFBYTtvQkFDbEMsV0FBVyxFQUFFLEtBQUssQ0FBQyxXQUFXO2lCQUMvQjthQUNGO1lBQ0QsTUFBTSxFQUFFLGVBQWUsQ0FBQyx1QkFBdUIsQ0FBQyxjQUFjLENBQUM7Z0JBQzdELElBQUkseUJBQWUsQ0FBQztvQkFDbEIsT0FBTyxFQUFFO3dCQUNQLDZCQUE2Qjt3QkFDN0IsNkJBQTZCO3FCQUM5QjtvQkFDRCxTQUFTLEVBQUUsQ0FBQyxHQUFHLENBQUM7aUJBQ2pCLENBQUM7YUFDSCxDQUFDO1lBQ0YsWUFBWSxFQUFFLDhCQUE4QjtTQUM3QyxDQUFDLENBQUM7SUFDTCxDQUFDO0NBQ0Y7QUF4REQsZ0NBd0RDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgUG9saWN5U3RhdGVtZW50IH0gZnJvbSBcImF3cy1jZGstbGliL2F3cy1pYW1cIjtcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gXCJjb25zdHJ1Y3RzXCI7XG5pbXBvcnQgKiBhcyBjdXN0b21SZXNvdXJjZXMgZnJvbSBcImF3cy1jZGstbGliL2N1c3RvbS1yZXNvdXJjZXNcIjtcbmltcG9ydCB7IEF3c0N1c3RvbVJlc291cmNlIH0gZnJvbSBcIi4uLy4uL3V0aWxpdGllcy9hd3NDdXN0b21SZXNvdXJjZVwiO1xuXG5leHBvcnQgY2xhc3MgQXNzaWdubWVudCBleHRlbmRzIENvbnN0cnVjdCB7XG4gIGNvbnN0cnVjdG9yKFxuICAgIHNjb3BlOiBDb25zdHJ1Y3QsXG4gICAgaWQ6IHN0cmluZyxcbiAgICBwcm9wczoge1xuICAgICAgaW5zdGFuY2VBcm46IHN0cmluZztcbiAgICAgIHBlcm1pc3Npb25TZXRBcm46IHN0cmluZztcbiAgICAgIHByaW5jaXBhbFR5cGU6IHN0cmluZztcbiAgICAgIHByaW5jaXBhbElkOiBzdHJpbmc7XG4gICAgICB0YXJnZXRUeXBlOiBzdHJpbmc7XG4gICAgICB0YXJnZXRJZDogc3RyaW5nO1xuICAgIH1cbiAgKSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkKTtcblxuICAgIGNvbnN0IHBoeXNpY2FsSWQgPSBgYXNzaWdubWVudCR7cHJvcHMucGVybWlzc2lvblNldEFybn10byR7cHJvcHMucHJpbmNpcGFsSWR9YDtcblxuICAgIGNvbnN0IGFzc2lnbm1lbnQgPSBuZXcgQXdzQ3VzdG9tUmVzb3VyY2UodGhpcywgYGFzc2lnbm1lbnRgLCB7XG4gICAgICBmdW5jdGlvbk5hbWU6IHBoeXNpY2FsSWQsXG4gICAgICBvbkNyZWF0ZToge1xuICAgICAgICBzZXJ2aWNlOiBcInNzby1hZG1pblwiLFxuICAgICAgICBhY3Rpb246IFwiQ3JlYXRlQWNjb3VudEFzc2lnbm1lbnRcIiwgLy8gaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL0FXU0phdmFTY3JpcHRTREsvdjMvbGF0ZXN0L2NsaWVudC9zc28tYWRtaW4vY29tbWFuZC9DcmVhdGVBY2NvdW50QXNzaWdubWVudENvbW1hbmRcbiAgICAgICAgcGFyYW1ldGVyczoge1xuICAgICAgICAgIEluc3RhbmNlQXJuOiBwcm9wcy5pbnN0YW5jZUFybixcbiAgICAgICAgICBUYXJnZXRJZDogcHJvcHMudGFyZ2V0SWQsXG4gICAgICAgICAgVGFyZ2V0VHlwZTogcHJvcHMudGFyZ2V0VHlwZSxcbiAgICAgICAgICBQZXJtaXNzaW9uU2V0QXJuOiBwcm9wcy5wZXJtaXNzaW9uU2V0QXJuLFxuICAgICAgICAgIFByaW5jaXBhbFR5cGU6IHByb3BzLnByaW5jaXBhbFR5cGUsXG4gICAgICAgICAgUHJpbmNpcGFsSWQ6IHByb3BzLnByaW5jaXBhbElkXG4gICAgICAgIH0sXG4gICAgICAgIHBoeXNpY2FsUmVzb3VyY2VJZDogY3VzdG9tUmVzb3VyY2VzLlBoeXNpY2FsUmVzb3VyY2VJZC5vZihwaHlzaWNhbElkKVxuICAgICAgfSxcbiAgICAgIG9uRGVsZXRlOiB7XG4gICAgICAgIHNlcnZpY2U6IFwic3NvLWFkbWluXCIsXG4gICAgICAgIGFjdGlvbjogXCJEZWxldGVBY2NvdW50QXNzaWdubWVudFwiLCAvLyBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vQVdTSmF2YVNjcmlwdFNESy92My9sYXRlc3QvY2xpZW50L3Nzby1hZG1pbi9jb21tYW5kL0RlbGV0ZUFjY291bnRBc3NpZ25tZW50Q29tbWFuZFxuICAgICAgICBwYXJhbWV0ZXJzOiB7XG4gICAgICAgICAgSW5zdGFuY2VBcm46IHByb3BzLmluc3RhbmNlQXJuLFxuICAgICAgICAgIFRhcmdldElkOiBwcm9wcy50YXJnZXRJZCxcbiAgICAgICAgICBUYXJnZXRUeXBlOiBwcm9wcy50YXJnZXRUeXBlLFxuICAgICAgICAgIFBlcm1pc3Npb25TZXRBcm46IHByb3BzLnBlcm1pc3Npb25TZXRBcm4sXG4gICAgICAgICAgUHJpbmNpcGFsVHlwZTogcHJvcHMucHJpbmNpcGFsVHlwZSxcbiAgICAgICAgICBQcmluY2lwYWxJZDogcHJvcHMucHJpbmNpcGFsSWRcbiAgICAgICAgfVxuICAgICAgfSxcbiAgICAgIHBvbGljeTogY3VzdG9tUmVzb3VyY2VzLkF3c0N1c3RvbVJlc291cmNlUG9saWN5LmZyb21TdGF0ZW1lbnRzKFtcbiAgICAgICAgbmV3IFBvbGljeVN0YXRlbWVudCh7XG4gICAgICAgICAgYWN0aW9uczogW1xuICAgICAgICAgICAgXCJzc286Q3JlYXRlQWNjb3VudEFzc2lnbm1lbnRcIixcbiAgICAgICAgICAgIFwic3NvOkRlbGV0ZUFjY291bnRBc3NpZ25tZW50XCJcbiAgICAgICAgICBdLFxuICAgICAgICAgIHJlc291cmNlczogW1wiKlwiXVxuICAgICAgICB9KVxuICAgICAgXSksXG4gICAgICByZXNvdXJjZVR5cGU6IFwiQ3VzdG9tOjpTU09BY2NvdW50QXNzaWdubWVudFwiXG4gICAgfSk7XG4gIH1cbn1cbiJdfQ==
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import { Construct } from "constructs";
|
|
2
|
+
export declare class AssignmentNew extends Construct {
|
|
3
|
+
constructor(scope: Construct, id: string, props: {
|
|
4
|
+
instanceArn: string;
|
|
5
|
+
permissionSetArn: string;
|
|
6
|
+
principalType: string;
|
|
7
|
+
principalId: string;
|
|
8
|
+
targetType: string;
|
|
9
|
+
targetId: string;
|
|
10
|
+
});
|
|
11
|
+
}
|
|
@@ -0,0 +1,102 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.AssignmentNew = void 0;
|
|
4
|
+
const aws_cdk_lib_1 = require("aws-cdk-lib");
|
|
5
|
+
const aws_iam_1 = require("aws-cdk-lib/aws-iam");
|
|
6
|
+
const aws_lambda_1 = require("aws-cdk-lib/aws-lambda");
|
|
7
|
+
const aws_logs_1 = require("aws-cdk-lib/aws-logs");
|
|
8
|
+
const custom_resources_1 = require("aws-cdk-lib/custom-resources");
|
|
9
|
+
const constructs_1 = require("constructs");
|
|
10
|
+
const path_1 = require("path");
|
|
11
|
+
const aws_cdk_lib_2 = require("aws-cdk-lib");
|
|
12
|
+
class AssignmentNew extends constructs_1.Construct {
|
|
13
|
+
constructor(scope, id, props) {
|
|
14
|
+
super(scope, id);
|
|
15
|
+
// 1. Create a dedicated IAM role with the necessary permissions
|
|
16
|
+
const lambdaRole = new aws_iam_1.Role(this, `${id}LambdaRole`, {
|
|
17
|
+
assumedBy: new aws_iam_1.ServicePrincipal("lambda.amazonaws.com"),
|
|
18
|
+
description: `Role for AWS Identity Center Assignment for ${id}`,
|
|
19
|
+
inlinePolicies: {
|
|
20
|
+
// CloudWatch Logs permissions
|
|
21
|
+
"logs-policy": new aws_iam_1.PolicyDocument({
|
|
22
|
+
statements: [
|
|
23
|
+
new aws_iam_1.PolicyStatement({
|
|
24
|
+
effect: aws_iam_1.Effect.ALLOW,
|
|
25
|
+
actions: [
|
|
26
|
+
"logs:CreateLogGroup",
|
|
27
|
+
"logs:CreateLogStream",
|
|
28
|
+
"logs:PutLogEvents"
|
|
29
|
+
],
|
|
30
|
+
resources: ["*"]
|
|
31
|
+
})
|
|
32
|
+
]
|
|
33
|
+
}),
|
|
34
|
+
// SSO Admin permissions - comprehensive permissions for both sso: and sso-admin: namespaces
|
|
35
|
+
"sso-admin-policy": new aws_iam_1.PolicyDocument({
|
|
36
|
+
statements: [
|
|
37
|
+
new aws_iam_1.PolicyStatement({
|
|
38
|
+
effect: aws_iam_1.Effect.ALLOW,
|
|
39
|
+
actions: [
|
|
40
|
+
// SSO Admin permissions (using both prefixes to ensure compatibility)
|
|
41
|
+
"sso:*",
|
|
42
|
+
"sso-admin:CreateAccountAssignment",
|
|
43
|
+
"sso-admin:DeleteAccountAssignment",
|
|
44
|
+
"sso-admin:ListAccountAssignments",
|
|
45
|
+
"sso-admin:DescribeAccountAssignmentCreationStatus",
|
|
46
|
+
"sso-admin:DescribeAccountAssignmentDeletionStatus",
|
|
47
|
+
// Original SSO permissions (may still be needed)
|
|
48
|
+
"sso:CreateAccountAssignment",
|
|
49
|
+
"sso:UpdateAccountAssignment",
|
|
50
|
+
"sso:DeleteAccountAssignment",
|
|
51
|
+
"sso:ListAccountAssignments",
|
|
52
|
+
"sso:DescribeAccountAssignmentCreationStatus",
|
|
53
|
+
"sso:DescribeAccountAssignmentDeletionStatus",
|
|
54
|
+
// Identity Store permissions
|
|
55
|
+
"identitystore:DescribeGroup",
|
|
56
|
+
"identitystore:ListGroupMemberships",
|
|
57
|
+
"identitystore:ListUsers",
|
|
58
|
+
"identitystore:ListGroups",
|
|
59
|
+
// Organizations permissions that may be needed for cross-account operations
|
|
60
|
+
"organizations:DescribeAccount",
|
|
61
|
+
"organizations:ListAccounts"
|
|
62
|
+
],
|
|
63
|
+
resources: ["*"]
|
|
64
|
+
})
|
|
65
|
+
]
|
|
66
|
+
})
|
|
67
|
+
}
|
|
68
|
+
});
|
|
69
|
+
// 2. Create the Lambda function with the dedicated role
|
|
70
|
+
const lambda = new aws_lambda_1.Function(this, `${id}Lambda`, {
|
|
71
|
+
runtime: aws_lambda_1.Runtime.NODEJS_18_X,
|
|
72
|
+
code: aws_lambda_1.Code.fromAsset((0, path_1.join)(__dirname, "lambda")),
|
|
73
|
+
handler: "assignmentHandler.handler",
|
|
74
|
+
role: lambdaRole,
|
|
75
|
+
timeout: aws_cdk_lib_1.Duration.minutes(5),
|
|
76
|
+
description: `AWS Identity Center Assignment Handler for ${id}`,
|
|
77
|
+
logRetention: aws_logs_1.RetentionDays.ONE_WEEK,
|
|
78
|
+
memorySize: 256 // Increase memory for better performance
|
|
79
|
+
});
|
|
80
|
+
// 3. Create a custom resource provider
|
|
81
|
+
const provider = new custom_resources_1.Provider(this, `${id}Provider`, {
|
|
82
|
+
onEventHandler: lambda,
|
|
83
|
+
logRetention: aws_logs_1.RetentionDays.ONE_WEEK
|
|
84
|
+
});
|
|
85
|
+
// 4. Create the custom resource
|
|
86
|
+
new aws_cdk_lib_2.CustomResource(this, `${id}Resource`, {
|
|
87
|
+
serviceToken: provider.serviceToken,
|
|
88
|
+
properties: {
|
|
89
|
+
InstanceArn: props.instanceArn,
|
|
90
|
+
PermissionSetArn: props.permissionSetArn,
|
|
91
|
+
PrincipalType: props.principalType,
|
|
92
|
+
PrincipalId: props.principalId,
|
|
93
|
+
TargetType: props.targetType,
|
|
94
|
+
TargetId: props.targetId,
|
|
95
|
+
// Add a timestamp to ensure updates are processed
|
|
96
|
+
Timestamp: new Date().toISOString()
|
|
97
|
+
}
|
|
98
|
+
});
|
|
99
|
+
}
|
|
100
|
+
}
|
|
101
|
+
exports.AssignmentNew = AssignmentNew;
|
|
102
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXNzaWdubWVudE5ldy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uLy4uLy4uL2xpYi9yZXNvdXJjZXMvYXdzL2lhbS9pZGVudGl0eUNlbnRlci9hc3NpZ25tZW50TmV3LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLDZDQUF1QztBQUN2QyxpREFNNkI7QUFDN0IsdURBQWlFO0FBQ2pFLG1EQUFxRDtBQUNyRCxtRUFBd0Q7QUFDeEQsMkNBQXVDO0FBQ3ZDLCtCQUE0QjtBQUM1Qiw2Q0FBNkM7QUFFN0MsTUFBYSxhQUFjLFNBQVEsc0JBQVM7SUFDMUMsWUFDRSxLQUFnQixFQUNoQixFQUFVLEVBQ1YsS0FPQztRQUVELEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFFakIsZ0VBQWdFO1FBQ2hFLE1BQU0sVUFBVSxHQUFHLElBQUksY0FBSSxDQUFDLElBQUksRUFBRSxHQUFHLEVBQUUsWUFBWSxFQUFFO1lBQ25ELFNBQVMsRUFBRSxJQUFJLDBCQUFnQixDQUFDLHNCQUFzQixDQUFDO1lBQ3ZELFdBQVcsRUFBRSwrQ0FBK0MsRUFBRSxFQUFFO1lBQ2hFLGNBQWMsRUFBRTtnQkFDZCw4QkFBOEI7Z0JBQzlCLGFBQWEsRUFBRSxJQUFJLHdCQUFjLENBQUM7b0JBQ2hDLFVBQVUsRUFBRTt3QkFDVixJQUFJLHlCQUFlLENBQUM7NEJBQ2xCLE1BQU0sRUFBRSxnQkFBTSxDQUFDLEtBQUs7NEJBQ3BCLE9BQU8sRUFBRTtnQ0FDUCxxQkFBcUI7Z0NBQ3JCLHNCQUFzQjtnQ0FDdEIsbUJBQW1COzZCQUNwQjs0QkFDRCxTQUFTLEVBQUUsQ0FBQyxHQUFHLENBQUM7eUJBQ2pCLENBQUM7cUJBQ0g7aUJBQ0YsQ0FBQztnQkFDRiw0RkFBNEY7Z0JBQzVGLGtCQUFrQixFQUFFLElBQUksd0JBQWMsQ0FBQztvQkFDckMsVUFBVSxFQUFFO3dCQUNWLElBQUkseUJBQWUsQ0FBQzs0QkFDbEIsTUFBTSxFQUFFLGdCQUFNLENBQUMsS0FBSzs0QkFDcEIsT0FBTyxFQUFFO2dDQUNQLHNFQUFzRTtnQ0FDdEUsT0FBTztnQ0FDUCxtQ0FBbUM7Z0NBQ25DLG1DQUFtQztnQ0FDbkMsa0NBQWtDO2dDQUNsQyxtREFBbUQ7Z0NBQ25ELG1EQUFtRDtnQ0FFbkQsaURBQWlEO2dDQUNqRCw2QkFBNkI7Z0NBQzdCLDZCQUE2QjtnQ0FDN0IsNkJBQTZCO2dDQUM3Qiw0QkFBNEI7Z0NBQzVCLDZDQUE2QztnQ0FDN0MsNkNBQTZDO2dDQUU3Qyw2QkFBNkI7Z0NBQzdCLDZCQUE2QjtnQ0FDN0Isb0NBQW9DO2dDQUNwQyx5QkFBeUI7Z0NBQ3pCLDBCQUEwQjtnQ0FFMUIsNEVBQTRFO2dDQUM1RSwrQkFBK0I7Z0NBQy9CLDRCQUE0Qjs2QkFDN0I7NEJBQ0QsU0FBUyxFQUFFLENBQUMsR0FBRyxDQUFDO3lCQUNqQixDQUFDO3FCQUNIO2lCQUNGLENBQUM7YUFDSDtTQUNGLENBQUMsQ0FBQztRQUVILHdEQUF3RDtRQUN4RCxNQUFNLE1BQU0sR0FBRyxJQUFJLHFCQUFRLENBQUMsSUFBSSxFQUFFLEdBQUcsRUFBRSxRQUFRLEVBQUU7WUFDL0MsT0FBTyxFQUFFLG9CQUFPLENBQUMsV0FBVztZQUM1QixJQUFJLEVBQUUsaUJBQUksQ0FBQyxTQUFTLENBQUMsSUFBQSxXQUFJLEVBQUMsU0FBUyxFQUFFLFFBQVEsQ0FBQyxDQUFDO1lBQy9DLE9BQU8sRUFBRSwyQkFBMkI7WUFDcEMsSUFBSSxFQUFFLFVBQVU7WUFDaEIsT0FBTyxFQUFFLHNCQUFRLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQztZQUM1QixXQUFXLEVBQUUsOENBQThDLEVBQUUsRUFBRTtZQUMvRCxZQUFZLEVBQUUsd0JBQWEsQ0FBQyxRQUFRO1lBQ3BDLFVBQVUsRUFBRSxHQUFHLENBQUMseUNBQXlDO1NBQzFELENBQUMsQ0FBQztRQUVILHVDQUF1QztRQUN2QyxNQUFNLFFBQVEsR0FBRyxJQUFJLDJCQUFRLENBQUMsSUFBSSxFQUFFLEdBQUcsRUFBRSxVQUFVLEVBQUU7WUFDbkQsY0FBYyxFQUFFLE1BQU07WUFDdEIsWUFBWSxFQUFFLHdCQUFhLENBQUMsUUFBUTtTQUNyQyxDQUFDLENBQUM7UUFFSCxnQ0FBZ0M7UUFDaEMsSUFBSSw0QkFBYyxDQUFDLElBQUksRUFBRSxHQUFHLEVBQUUsVUFBVSxFQUFFO1lBQ3hDLFlBQVksRUFBRSxRQUFRLENBQUMsWUFBWTtZQUNuQyxVQUFVLEVBQUU7Z0JBQ1YsV0FBVyxFQUFFLEtBQUssQ0FBQyxXQUFXO2dCQUM5QixnQkFBZ0IsRUFBRSxLQUFLLENBQUMsZ0JBQWdCO2dCQUN4QyxhQUFhLEVBQUUsS0FBSyxDQUFDLGFBQWE7Z0JBQ2xDLFdBQVcsRUFBRSxLQUFLLENBQUMsV0FBVztnQkFDOUIsVUFBVSxFQUFFLEtBQUssQ0FBQyxVQUFVO2dCQUM1QixRQUFRLEVBQUUsS0FBSyxDQUFDLFFBQVE7Z0JBQ3hCLGtEQUFrRDtnQkFDbEQsU0FBUyxFQUFFLElBQUksSUFBSSxFQUFFLENBQUMsV0FBVyxFQUFFO2FBQ3BDO1NBQ0YsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztDQUNGO0FBMUdELHNDQTBHQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IER1cmF0aW9uIH0gZnJvbSBcImF3cy1jZGstbGliXCI7XG5pbXBvcnQge1xuICBQb2xpY3lEb2N1bWVudCxcbiAgUG9saWN5U3RhdGVtZW50LFxuICBFZmZlY3QsXG4gIFJvbGUsXG4gIFNlcnZpY2VQcmluY2lwYWxcbn0gZnJvbSBcImF3cy1jZGstbGliL2F3cy1pYW1cIjtcbmltcG9ydCB7IENvZGUsIEZ1bmN0aW9uLCBSdW50aW1lIH0gZnJvbSBcImF3cy1jZGstbGliL2F3cy1sYW1iZGFcIjtcbmltcG9ydCB7IFJldGVudGlvbkRheXMgfSBmcm9tIFwiYXdzLWNkay1saWIvYXdzLWxvZ3NcIjtcbmltcG9ydCB7IFByb3ZpZGVyIH0gZnJvbSBcImF3cy1jZGstbGliL2N1c3RvbS1yZXNvdXJjZXNcIjtcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gXCJjb25zdHJ1Y3RzXCI7XG5pbXBvcnQgeyBqb2luIH0gZnJvbSBcInBhdGhcIjtcbmltcG9ydCB7IEN1c3RvbVJlc291cmNlIH0gZnJvbSBcImF3cy1jZGstbGliXCI7XG5cbmV4cG9ydCBjbGFzcyBBc3NpZ25tZW50TmV3IGV4dGVuZHMgQ29uc3RydWN0IHtcbiAgY29uc3RydWN0b3IoXG4gICAgc2NvcGU6IENvbnN0cnVjdCxcbiAgICBpZDogc3RyaW5nLFxuICAgIHByb3BzOiB7XG4gICAgICBpbnN0YW5jZUFybjogc3RyaW5nO1xuICAgICAgcGVybWlzc2lvblNldEFybjogc3RyaW5nO1xuICAgICAgcHJpbmNpcGFsVHlwZTogc3RyaW5nO1xuICAgICAgcHJpbmNpcGFsSWQ6IHN0cmluZztcbiAgICAgIHRhcmdldFR5cGU6IHN0cmluZztcbiAgICAgIHRhcmdldElkOiBzdHJpbmc7XG4gICAgfVxuICApIHtcbiAgICBzdXBlcihzY29wZSwgaWQpO1xuXG4gICAgLy8gMS4gQ3JlYXRlIGEgZGVkaWNhdGVkIElBTSByb2xlIHdpdGggdGhlIG5lY2Vzc2FyeSBwZXJtaXNzaW9uc1xuICAgIGNvbnN0IGxhbWJkYVJvbGUgPSBuZXcgUm9sZSh0aGlzLCBgJHtpZH1MYW1iZGFSb2xlYCwge1xuICAgICAgYXNzdW1lZEJ5OiBuZXcgU2VydmljZVByaW5jaXBhbChcImxhbWJkYS5hbWF6b25hd3MuY29tXCIpLFxuICAgICAgZGVzY3JpcHRpb246IGBSb2xlIGZvciBBV1MgSWRlbnRpdHkgQ2VudGVyIEFzc2lnbm1lbnQgZm9yICR7aWR9YCxcbiAgICAgIGlubGluZVBvbGljaWVzOiB7XG4gICAgICAgIC8vIENsb3VkV2F0Y2ggTG9ncyBwZXJtaXNzaW9uc1xuICAgICAgICBcImxvZ3MtcG9saWN5XCI6IG5ldyBQb2xpY3lEb2N1bWVudCh7XG4gICAgICAgICAgc3RhdGVtZW50czogW1xuICAgICAgICAgICAgbmV3IFBvbGljeVN0YXRlbWVudCh7XG4gICAgICAgICAgICAgIGVmZmVjdDogRWZmZWN0LkFMTE9XLFxuICAgICAgICAgICAgICBhY3Rpb25zOiBbXG4gICAgICAgICAgICAgICAgXCJsb2dzOkNyZWF0ZUxvZ0dyb3VwXCIsXG4gICAgICAgICAgICAgICAgXCJsb2dzOkNyZWF0ZUxvZ1N0cmVhbVwiLFxuICAgICAgICAgICAgICAgIFwibG9nczpQdXRMb2dFdmVudHNcIlxuICAgICAgICAgICAgICBdLFxuICAgICAgICAgICAgICByZXNvdXJjZXM6IFtcIipcIl1cbiAgICAgICAgICAgIH0pXG4gICAgICAgICAgXVxuICAgICAgICB9KSxcbiAgICAgICAgLy8gU1NPIEFkbWluIHBlcm1pc3Npb25zIC0gY29tcHJlaGVuc2l2ZSBwZXJtaXNzaW9ucyBmb3IgYm90aCBzc286IGFuZCBzc28tYWRtaW46IG5hbWVzcGFjZXNcbiAgICAgICAgXCJzc28tYWRtaW4tcG9saWN5XCI6IG5ldyBQb2xpY3lEb2N1bWVudCh7XG4gICAgICAgICAgc3RhdGVtZW50czogW1xuICAgICAgICAgICAgbmV3IFBvbGljeVN0YXRlbWVudCh7XG4gICAgICAgICAgICAgIGVmZmVjdDogRWZmZWN0LkFMTE9XLFxuICAgICAgICAgICAgICBhY3Rpb25zOiBbXG4gICAgICAgICAgICAgICAgLy8gU1NPIEFkbWluIHBlcm1pc3Npb25zICh1c2luZyBib3RoIHByZWZpeGVzIHRvIGVuc3VyZSBjb21wYXRpYmlsaXR5KVxuICAgICAgICAgICAgICAgIFwic3NvOipcIixcbiAgICAgICAgICAgICAgICBcInNzby1hZG1pbjpDcmVhdGVBY2NvdW50QXNzaWdubWVudFwiLFxuICAgICAgICAgICAgICAgIFwic3NvLWFkbWluOkRlbGV0ZUFjY291bnRBc3NpZ25tZW50XCIsXG4gICAgICAgICAgICAgICAgXCJzc28tYWRtaW46TGlzdEFjY291bnRBc3NpZ25tZW50c1wiLFxuICAgICAgICAgICAgICAgIFwic3NvLWFkbWluOkRlc2NyaWJlQWNjb3VudEFzc2lnbm1lbnRDcmVhdGlvblN0YXR1c1wiLFxuICAgICAgICAgICAgICAgIFwic3NvLWFkbWluOkRlc2NyaWJlQWNjb3VudEFzc2lnbm1lbnREZWxldGlvblN0YXR1c1wiLFxuXG4gICAgICAgICAgICAgICAgLy8gT3JpZ2luYWwgU1NPIHBlcm1pc3Npb25zIChtYXkgc3RpbGwgYmUgbmVlZGVkKVxuICAgICAgICAgICAgICAgIFwic3NvOkNyZWF0ZUFjY291bnRBc3NpZ25tZW50XCIsXG4gICAgICAgICAgICAgICAgXCJzc286VXBkYXRlQWNjb3VudEFzc2lnbm1lbnRcIixcbiAgICAgICAgICAgICAgICBcInNzbzpEZWxldGVBY2NvdW50QXNzaWdubWVudFwiLFxuICAgICAgICAgICAgICAgIFwic3NvOkxpc3RBY2NvdW50QXNzaWdubWVudHNcIixcbiAgICAgICAgICAgICAgICBcInNzbzpEZXNjcmliZUFjY291bnRBc3NpZ25tZW50Q3JlYXRpb25TdGF0dXNcIixcbiAgICAgICAgICAgICAgICBcInNzbzpEZXNjcmliZUFjY291bnRBc3NpZ25tZW50RGVsZXRpb25TdGF0dXNcIixcblxuICAgICAgICAgICAgICAgIC8vIElkZW50aXR5IFN0b3JlIHBlcm1pc3Npb25zXG4gICAgICAgICAgICAgICAgXCJpZGVudGl0eXN0b3JlOkRlc2NyaWJlR3JvdXBcIixcbiAgICAgICAgICAgICAgICBcImlkZW50aXR5c3RvcmU6TGlzdEdyb3VwTWVtYmVyc2hpcHNcIixcbiAgICAgICAgICAgICAgICBcImlkZW50aXR5c3RvcmU6TGlzdFVzZXJzXCIsXG4gICAgICAgICAgICAgICAgXCJpZGVudGl0eXN0b3JlOkxpc3RHcm91cHNcIixcblxuICAgICAgICAgICAgICAgIC8vIE9yZ2FuaXphdGlvbnMgcGVybWlzc2lvbnMgdGhhdCBtYXkgYmUgbmVlZGVkIGZvciBjcm9zcy1hY2NvdW50IG9wZXJhdGlvbnNcbiAgICAgICAgICAgICAgICBcIm9yZ2FuaXphdGlvbnM6RGVzY3JpYmVBY2NvdW50XCIsXG4gICAgICAgICAgICAgICAgXCJvcmdhbml6YXRpb25zOkxpc3RBY2NvdW50c1wiXG4gICAgICAgICAgICAgIF0sXG4gICAgICAgICAgICAgIHJlc291cmNlczogW1wiKlwiXVxuICAgICAgICAgICAgfSlcbiAgICAgICAgICBdXG4gICAgICAgIH0pXG4gICAgICB9XG4gICAgfSk7XG5cbiAgICAvLyAyLiBDcmVhdGUgdGhlIExhbWJkYSBmdW5jdGlvbiB3aXRoIHRoZSBkZWRpY2F0ZWQgcm9sZVxuICAgIGNvbnN0IGxhbWJkYSA9IG5ldyBGdW5jdGlvbih0aGlzLCBgJHtpZH1MYW1iZGFgLCB7XG4gICAgICBydW50aW1lOiBSdW50aW1lLk5PREVKU18xOF9YLFxuICAgICAgY29kZTogQ29kZS5mcm9tQXNzZXQoam9pbihfX2Rpcm5hbWUsIFwibGFtYmRhXCIpKSxcbiAgICAgIGhhbmRsZXI6IFwiYXNzaWdubWVudEhhbmRsZXIuaGFuZGxlclwiLFxuICAgICAgcm9sZTogbGFtYmRhUm9sZSxcbiAgICAgIHRpbWVvdXQ6IER1cmF0aW9uLm1pbnV0ZXMoNSksXG4gICAgICBkZXNjcmlwdGlvbjogYEFXUyBJZGVudGl0eSBDZW50ZXIgQXNzaWdubWVudCBIYW5kbGVyIGZvciAke2lkfWAsXG4gICAgICBsb2dSZXRlbnRpb246IFJldGVudGlvbkRheXMuT05FX1dFRUssXG4gICAgICBtZW1vcnlTaXplOiAyNTYgLy8gSW5jcmVhc2UgbWVtb3J5IGZvciBiZXR0ZXIgcGVyZm9ybWFuY2VcbiAgICB9KTtcblxuICAgIC8vIDMuIENyZWF0ZSBhIGN1c3RvbSByZXNvdXJjZSBwcm92aWRlclxuICAgIGNvbnN0IHByb3ZpZGVyID0gbmV3IFByb3ZpZGVyKHRoaXMsIGAke2lkfVByb3ZpZGVyYCwge1xuICAgICAgb25FdmVudEhhbmRsZXI6IGxhbWJkYSxcbiAgICAgIGxvZ1JldGVudGlvbjogUmV0ZW50aW9uRGF5cy5PTkVfV0VFS1xuICAgIH0pO1xuXG4gICAgLy8gNC4gQ3JlYXRlIHRoZSBjdXN0b20gcmVzb3VyY2VcbiAgICBuZXcgQ3VzdG9tUmVzb3VyY2UodGhpcywgYCR7aWR9UmVzb3VyY2VgLCB7XG4gICAgICBzZXJ2aWNlVG9rZW46IHByb3ZpZGVyLnNlcnZpY2VUb2tlbixcbiAgICAgIHByb3BlcnRpZXM6IHtcbiAgICAgICAgSW5zdGFuY2VBcm46IHByb3BzLmluc3RhbmNlQXJuLFxuICAgICAgICBQZXJtaXNzaW9uU2V0QXJuOiBwcm9wcy5wZXJtaXNzaW9uU2V0QXJuLFxuICAgICAgICBQcmluY2lwYWxUeXBlOiBwcm9wcy5wcmluY2lwYWxUeXBlLFxuICAgICAgICBQcmluY2lwYWxJZDogcHJvcHMucHJpbmNpcGFsSWQsXG4gICAgICAgIFRhcmdldFR5cGU6IHByb3BzLnRhcmdldFR5cGUsXG4gICAgICAgIFRhcmdldElkOiBwcm9wcy50YXJnZXRJZCxcbiAgICAgICAgLy8gQWRkIGEgdGltZXN0YW1wIHRvIGVuc3VyZSB1cGRhdGVzIGFyZSBwcm9jZXNzZWRcbiAgICAgICAgVGltZXN0YW1wOiBuZXcgRGF0ZSgpLnRvSVNPU3RyaW5nKClcbiAgICAgIH1cbiAgICB9KTtcbiAgfVxufVxuIl19
|
|
@@ -32,11 +32,12 @@ class AttachManagedPolicy extends constructs_1.Construct {
|
|
|
32
32
|
policy: customResources.AwsCustomResourcePolicy.fromStatements([
|
|
33
33
|
new aws_iam_1.PolicyStatement({
|
|
34
34
|
actions: [
|
|
35
|
-
"sso
|
|
36
|
-
|
|
37
|
-
"sso:
|
|
38
|
-
"sso:
|
|
39
|
-
"sso:
|
|
35
|
+
"sso:*"
|
|
36
|
+
// TODO: Move into a role policy for entire ManagedOrganisation custom resources
|
|
37
|
+
// "sso:ProvisionPermissionSet",
|
|
38
|
+
// "sso:AttachManagedPolicyToPermissionSet",
|
|
39
|
+
// "sso:DetachManagedPolicyFromPermissionSet",
|
|
40
|
+
// "sso:TagResource"
|
|
40
41
|
],
|
|
41
42
|
resources: ["*"]
|
|
42
43
|
})
|
|
@@ -46,4 +47,4 @@ class AttachManagedPolicy extends constructs_1.Construct {
|
|
|
46
47
|
}
|
|
47
48
|
}
|
|
48
49
|
exports.AttachManagedPolicy = AttachManagedPolicy;
|
|
49
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
50
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXR0YWNoTWFuYWdlZFBvbGljeS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uLy4uLy4uL2xpYi9yZXNvdXJjZXMvYXdzL2lhbS9pZGVudGl0eUNlbnRlci9hdHRhY2hNYW5hZ2VkUG9saWN5LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLGlEQUFzRDtBQUN0RCwyQ0FBdUM7QUFDdkMsZ0VBQWdFO0FBQ2hFLHlFQUFzRTtBQVN0RSxNQUFhLG1CQUFvQixTQUFRLHNCQUFTO0lBQ2hELFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBK0I7UUFDdkUsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztRQUVqQixJQUFJLHFDQUFpQixDQUFDLElBQUksRUFBRSxxQkFBcUIsRUFBRTtZQUNqRCxZQUFZLEVBQUUsOEJBQThCLEtBQUssQ0FBQyxhQUFhLEVBQUU7WUFDakUsUUFBUSxFQUFFO2dCQUNSLE9BQU8sRUFBRSxXQUFXO2dCQUNwQixNQUFNLEVBQUUsb0NBQW9DLEVBQUUsNEhBQTRIO2dCQUMxSyxVQUFVLEVBQUU7b0JBQ1YsV0FBVyxFQUFFLEtBQUssQ0FBQyxXQUFXO29CQUM5QixnQkFBZ0IsRUFBRSxLQUFLLENBQUMsZ0JBQWdCO29CQUN4QyxnQkFBZ0IsRUFBRSxLQUFLLENBQUMsZ0JBQWdCO2lCQUN6QztnQkFDRCxrQkFBa0IsRUFBRSxlQUFlLENBQUMsa0JBQWtCLENBQUMsRUFBRSxDQUN2RCxxQ0FBcUMsS0FBSyxDQUFDLGFBQWEsRUFBRSxDQUMzRDthQUNGO1lBQ0QsUUFBUSxFQUFFO2dCQUNSLE9BQU8sRUFBRSxXQUFXO2dCQUNwQixNQUFNLEVBQUUsc0NBQXNDLEVBQUUsK0hBQStIO2dCQUMvSyxVQUFVLEVBQUU7b0JBQ1YsV0FBVyxFQUFFLEtBQUssQ0FBQyxXQUFXO29CQUM5QixnQkFBZ0IsRUFBRSxLQUFLLENBQUMsZ0JBQWdCO29CQUN4QyxnQkFBZ0IsRUFBRSxLQUFLLENBQUMsZ0JBQWdCO2lCQUN6QzthQUNGO1lBQ0QsTUFBTSxFQUFFLGVBQWUsQ0FBQyx1QkFBdUIsQ0FBQyxjQUFjLENBQUM7Z0JBQzdELElBQUkseUJBQWUsQ0FBQztvQkFDbEIsT0FBTyxFQUFFO3dCQUNQLE9BQU87d0JBQ1AsZ0ZBQWdGO3dCQUNoRixnQ0FBZ0M7d0JBQ2hDLDRDQUE0Qzt3QkFDNUMsOENBQThDO3dCQUM5QyxvQkFBb0I7cUJBQ3JCO29CQUNELFNBQVMsRUFBRSxDQUFDLEdBQUcsQ0FBQztpQkFDakIsQ0FBQzthQUNILENBQUM7WUFDRixZQUFZLEVBQUUsdUJBQXVCO1NBQ3RDLENBQUMsQ0FBQztJQUNMLENBQUM7Q0FDRjtBQTNDRCxrREEyQ0MiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBQb2xpY3lTdGF0ZW1lbnQgfSBmcm9tIFwiYXdzLWNkay1saWIvYXdzLWlhbVwiO1xuaW1wb3J0IHsgQ29uc3RydWN0IH0gZnJvbSBcImNvbnN0cnVjdHNcIjtcbmltcG9ydCAqIGFzIGN1c3RvbVJlc291cmNlcyBmcm9tIFwiYXdzLWNkay1saWIvY3VzdG9tLXJlc291cmNlc1wiO1xuaW1wb3J0IHsgQXdzQ3VzdG9tUmVzb3VyY2UgfSBmcm9tIFwiLi4vLi4vdXRpbGl0aWVzL2F3c0N1c3RvbVJlc291cmNlXCI7XG5cbmludGVyZmFjZSBBdHRhY2hNYW5hZ2VkUG9saWN5UHJvcHMge1xuICBpbnN0YW5jZUFybjogc3RyaW5nO1xuICBwZXJtaXNzaW9uU2V0OiBzdHJpbmc7XG4gIHBlcm1pc3Npb25TZXRBcm46IHN0cmluZztcbiAgbWFuYWdlZFBvbGljeUFybjogc3RyaW5nO1xufVxuXG5leHBvcnQgY2xhc3MgQXR0YWNoTWFuYWdlZFBvbGljeSBleHRlbmRzIENvbnN0cnVjdCB7XG4gIGNvbnN0cnVjdG9yKHNjb3BlOiBDb25zdHJ1Y3QsIGlkOiBzdHJpbmcsIHByb3BzOiBBdHRhY2hNYW5hZ2VkUG9saWN5UHJvcHMpIHtcbiAgICBzdXBlcihzY29wZSwgaWQpO1xuXG4gICAgbmV3IEF3c0N1c3RvbVJlc291cmNlKHRoaXMsIFwiYXR0YWNoTWFuYWdlZFBvbGljeVwiLCB7XG4gICAgICBmdW5jdGlvbk5hbWU6IGBhdHRhY2hQb2xpY3lUb1Blcm1pc3Npb25TZXQke3Byb3BzLnBlcm1pc3Npb25TZXR9YCxcbiAgICAgIG9uQ3JlYXRlOiB7XG4gICAgICAgIHNlcnZpY2U6IFwic3NvLWFkbWluXCIsXG4gICAgICAgIGFjdGlvbjogXCJBdHRhY2hNYW5hZ2VkUG9saWN5VG9QZXJtaXNzaW9uU2V0XCIsIC8vIGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9BV1NKYXZhU2NyaXB0U0RLL3YzL2xhdGVzdC9jbGllbnQvc3NvLWFkbWluL2NvbW1hbmQvQXR0YWNoTWFuYWdlZFBvbGljeVRvUGVybWlzc2lvblNldENvbW1hbmRcbiAgICAgICAgcGFyYW1ldGVyczoge1xuICAgICAgICAgIEluc3RhbmNlQXJuOiBwcm9wcy5pbnN0YW5jZUFybixcbiAgICAgICAgICBQZXJtaXNzaW9uU2V0QXJuOiBwcm9wcy5wZXJtaXNzaW9uU2V0QXJuLFxuICAgICAgICAgIE1hbmFnZWRQb2xpY3lBcm46IHByb3BzLm1hbmFnZWRQb2xpY3lBcm5cbiAgICAgICAgfSxcbiAgICAgICAgcGh5c2ljYWxSZXNvdXJjZUlkOiBjdXN0b21SZXNvdXJjZXMuUGh5c2ljYWxSZXNvdXJjZUlkLm9mKFxuICAgICAgICAgIGBhdHRhY2hNYW5hZ2VkUG9saWN5VG9QZXJtaXNzaW9uU2V0JHtwcm9wcy5wZXJtaXNzaW9uU2V0fWBcbiAgICAgICAgKVxuICAgICAgfSxcbiAgICAgIG9uRGVsZXRlOiB7XG4gICAgICAgIHNlcnZpY2U6IFwic3NvLWFkbWluXCIsXG4gICAgICAgIGFjdGlvbjogXCJEZXRhY2hNYW5hZ2VkUG9saWN5RnJvbVBlcm1pc3Npb25TZXRcIiwgLy8gaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL0FXU0phdmFTY3JpcHRTREsvdjMvbGF0ZXN0L2NsaWVudC9zc28tYWRtaW4vY29tbWFuZC9EZXRhY2hNYW5hZ2VkUG9saWN5RnJvbVBlcm1pc3Npb25TZXRDb21tYW5kL1xuICAgICAgICBwYXJhbWV0ZXJzOiB7XG4gICAgICAgICAgSW5zdGFuY2VBcm46IHByb3BzLmluc3RhbmNlQXJuLFxuICAgICAgICAgIFBlcm1pc3Npb25TZXRBcm46IHByb3BzLnBlcm1pc3Npb25TZXRBcm4sXG4gICAgICAgICAgTWFuYWdlZFBvbGljeUFybjogcHJvcHMubWFuYWdlZFBvbGljeUFyblxuICAgICAgICB9XG4gICAgICB9LFxuICAgICAgcG9saWN5OiBjdXN0b21SZXNvdXJjZXMuQXdzQ3VzdG9tUmVzb3VyY2VQb2xpY3kuZnJvbVN0YXRlbWVudHMoW1xuICAgICAgICBuZXcgUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgICBhY3Rpb25zOiBbXG4gICAgICAgICAgICBcInNzbzoqXCJcbiAgICAgICAgICAgIC8vIFRPRE86IE1vdmUgaW50byBhIHJvbGUgcG9saWN5IGZvciBlbnRpcmUgTWFuYWdlZE9yZ2FuaXNhdGlvbiBjdXN0b20gcmVzb3VyY2VzXG4gICAgICAgICAgICAvLyBcInNzbzpQcm92aXNpb25QZXJtaXNzaW9uU2V0XCIsXG4gICAgICAgICAgICAvLyBcInNzbzpBdHRhY2hNYW5hZ2VkUG9saWN5VG9QZXJtaXNzaW9uU2V0XCIsXG4gICAgICAgICAgICAvLyBcInNzbzpEZXRhY2hNYW5hZ2VkUG9saWN5RnJvbVBlcm1pc3Npb25TZXRcIixcbiAgICAgICAgICAgIC8vIFwic3NvOlRhZ1Jlc291cmNlXCJcbiAgICAgICAgICBdLFxuICAgICAgICAgIHJlc291cmNlczogW1wiKlwiXVxuICAgICAgICB9KVxuICAgICAgXSksXG4gICAgICByZXNvdXJjZVR5cGU6IFwiQ3VzdG9tOjpQZXJtaXNzaW9uU2V0XCJcbiAgICB9KTtcbiAgfVxufVxuIl19
|
|
@@ -10,7 +10,7 @@ class Group extends constructs_1.Construct {
|
|
|
10
10
|
super(scope, id);
|
|
11
11
|
const physicalId = `identityStoreGroup${props.displayName}`;
|
|
12
12
|
// Create Group
|
|
13
|
-
const
|
|
13
|
+
const createGroup = new awsCustomResource_1.AwsCustomResource(this, "createIdentityStoreGroup", {
|
|
14
14
|
functionName: `createIdentityStoreGroup${props.displayName}`,
|
|
15
15
|
onCreate: {
|
|
16
16
|
service: "identitystore",
|
|
@@ -29,9 +29,9 @@ class Group extends constructs_1.Construct {
|
|
|
29
29
|
})
|
|
30
30
|
])
|
|
31
31
|
});
|
|
32
|
-
this.groupId =
|
|
32
|
+
this.groupId = createGroup.getResponseField("GroupId");
|
|
33
33
|
// Update Group
|
|
34
|
-
new awsCustomResource_1.AwsCustomResource(this, "updateIdentityStoreGroup", {
|
|
34
|
+
const updateGroup = new awsCustomResource_1.AwsCustomResource(this, "updateIdentityStoreGroup", {
|
|
35
35
|
functionName: `updateIdentityStoreGroup${props.displayName}`,
|
|
36
36
|
onUpdate: {
|
|
37
37
|
service: "identitystore",
|
|
@@ -62,7 +62,7 @@ class Group extends constructs_1.Construct {
|
|
|
62
62
|
resourceType: "Custom::Group"
|
|
63
63
|
});
|
|
64
64
|
// Delete Group
|
|
65
|
-
new awsCustomResource_1.AwsCustomResource(this, "deleteIdentityStoreGroup", {
|
|
65
|
+
const deleteGroup = new awsCustomResource_1.AwsCustomResource(this, "deleteIdentityStoreGroup", {
|
|
66
66
|
functionName: `deleteIdentityStoreGroup${props.displayName}`,
|
|
67
67
|
onDelete: {
|
|
68
68
|
service: "identitystore",
|
|
@@ -86,4 +86,4 @@ class Group extends constructs_1.Construct {
|
|
|
86
86
|
}
|
|
87
87
|
}
|
|
88
88
|
exports.Group = Group;
|
|
89
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
89
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZ3JvdXAuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi8uLi9saWIvcmVzb3VyY2VzL2F3cy9pYW0vaWRlbnRpdHlDZW50ZXIvZ3JvdXAudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsaURBQXNEO0FBQ3RELDJDQUF1QztBQUN2QyxnRUFBZ0U7QUFDaEUseUVBQXNFO0FBT3RFLE1BQWEsS0FBTSxTQUFRLHNCQUFTO0lBR2xDLFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBaUI7UUFDekQsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztRQUVqQixNQUFNLFVBQVUsR0FBRyxxQkFBcUIsS0FBSyxDQUFDLFdBQVcsRUFBRSxDQUFDO1FBRTVELGVBQWU7UUFDZixNQUFNLFdBQVcsR0FBRyxJQUFJLHFDQUFpQixDQUN2QyxJQUFJLEVBQ0osMEJBQTBCLEVBQzFCO1lBQ0UsWUFBWSxFQUFFLDJCQUEyQixLQUFLLENBQUMsV0FBVyxFQUFFO1lBQzVELFFBQVEsRUFBRTtnQkFDUixPQUFPLEVBQUUsZUFBZTtnQkFDeEIsTUFBTSxFQUFFLGFBQWEsRUFBRSx5R0FBeUc7Z0JBQ2hJLFVBQVUsRUFBRTtvQkFDVixXQUFXLEVBQUUsS0FBSyxDQUFDLFdBQVc7b0JBQzlCLGVBQWUsRUFBRSxLQUFLLENBQUMsZUFBZTtvQkFDdEMsV0FBVyxFQUFFLEtBQUssQ0FBQyxXQUFXO2lCQUMvQjtnQkFDRCxrQkFBa0IsRUFBRSxlQUFlLENBQUMsa0JBQWtCLENBQUMsRUFBRSxDQUFDLFVBQVUsQ0FBQzthQUN0RTtZQUNELE1BQU0sRUFBRSxlQUFlLENBQUMsdUJBQXVCLENBQUMsY0FBYyxDQUFDO2dCQUM3RCxJQUFJLHlCQUFlLENBQUM7b0JBQ2xCLE9BQU8sRUFBRSxDQUFDLDJCQUEyQixDQUFDO29CQUN0QyxTQUFTLEVBQUUsQ0FBQyxHQUFHLENBQUM7aUJBQ2pCLENBQUM7YUFDSCxDQUFDO1NBQ0gsQ0FDRixDQUFDO1FBRUYsSUFBSSxDQUFDLE9BQU8sR0FBRyxXQUFXLENBQUMsZ0JBQWdCLENBQUMsU0FBUyxDQUFDLENBQUM7UUFFdkQsZUFBZTtRQUNmLE1BQU0sV0FBVyxHQUFHLElBQUkscUNBQWlCLENBQ3ZDLElBQUksRUFDSiwwQkFBMEIsRUFDMUI7WUFDRSxZQUFZLEVBQUUsMkJBQTJCLEtBQUssQ0FBQyxXQUFXLEVBQUU7WUFDNUQsUUFBUSxFQUFFO2dCQUNSLE9BQU8sRUFBRSxlQUFlO2dCQUN4QixNQUFNLEVBQUUsYUFBYSxFQUFFLHlHQUF5RztnQkFDaEksVUFBVSxFQUFFO29CQUNWLE9BQU8sRUFBRSxJQUFJLENBQUMsT0FBTztvQkFDckIsZUFBZSxFQUFFLEtBQUssQ0FBQyxlQUFlO29CQUN0Qyx5REFBeUQ7b0JBQ3pELFVBQVUsRUFBRTt3QkFDVjs0QkFDRSxhQUFhLEVBQUUsYUFBYTs0QkFDNUIsY0FBYyxFQUFFLEtBQUssQ0FBQyxXQUFXO3lCQUNsQzt3QkFDRDs0QkFDRSxhQUFhLEVBQUUsYUFBYTs0QkFDNUIsY0FBYyxFQUFFLEtBQUssQ0FBQyxXQUFXO3lCQUNsQztxQkFDRjtpQkFDRjtnQkFDRCxrQkFBa0IsRUFBRSxlQUFlLENBQUMsa0JBQWtCLENBQUMsRUFBRSxDQUFDLFVBQVUsQ0FBQzthQUN0RTtZQUNELE1BQU0sRUFBRSxlQUFlLENBQUMsdUJBQXVCLENBQUMsY0FBYyxDQUFDO2dCQUM3RCxJQUFJLHlCQUFlLENBQUM7b0JBQ2xCLE9BQU8sRUFBRSxDQUFDLDJCQUEyQixDQUFDO29CQUN0QyxTQUFTLEVBQUUsQ0FBQyxHQUFHLENBQUM7aUJBQ2pCLENBQUM7YUFDSCxDQUFDO1lBQ0YsWUFBWSxFQUFFLGVBQWU7U0FDOUIsQ0FDRixDQUFDO1FBRUYsZUFBZTtRQUNmLE1BQU0sV0FBVyxHQUFHLElBQUkscUNBQWlCLENBQ3ZDLElBQUksRUFDSiwwQkFBMEIsRUFDMUI7WUFDRSxZQUFZLEVBQUUsMkJBQTJCLEtBQUssQ0FBQyxXQUFXLEVBQUU7WUFDNUQsUUFBUSxFQUFFO2dCQUNSLE9BQU8sRUFBRSxlQUFlO2dCQUN4QixNQUFNLEVBQUUsYUFBYSxFQUFFLHlHQUF5RztnQkFDaEksVUFBVSxFQUFFO29CQUNWLE9BQU8sRUFBRSxJQUFJLENBQUMsT0FBTztvQkFDckIsZUFBZSxFQUFFLEtBQUssQ0FBQyxlQUFlO2lCQUN2QzthQUNGO1lBQ0QsTUFBTSxFQUFFLGVBQWUsQ0FBQyx1QkFBdUIsQ0FBQyxjQUFjLENBQUM7Z0JBQzdELElBQUkseUJBQWUsQ0FBQztvQkFDbEIsT0FBTyxFQUFFLENBQUMsMkJBQTJCLENBQUM7b0JBQ3RDLFNBQVMsRUFBRSxDQUFDLEdBQUcsQ0FBQztpQkFDakIsQ0FBQzthQUNILENBQUM7WUFDRixZQUFZLEVBQUUsZUFBZTtTQUM5QixDQUNGLENBQUM7SUFDSixDQUFDO0lBRU0sVUFBVTtRQUNmLE9BQU8sSUFBSSxDQUFDLE9BQU8sQ0FBQztJQUN0QixDQUFDO0NBQ0Y7QUFuR0Qsc0JBbUdDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgUG9saWN5U3RhdGVtZW50IH0gZnJvbSBcImF3cy1jZGstbGliL2F3cy1pYW1cIjtcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gXCJjb25zdHJ1Y3RzXCI7XG5pbXBvcnQgKiBhcyBjdXN0b21SZXNvdXJjZXMgZnJvbSBcImF3cy1jZGstbGliL2N1c3RvbS1yZXNvdXJjZXNcIjtcbmltcG9ydCB7IEF3c0N1c3RvbVJlc291cmNlIH0gZnJvbSBcIi4uLy4uL3V0aWxpdGllcy9hd3NDdXN0b21SZXNvdXJjZVwiO1xuXG5pbnRlcmZhY2UgR3JvdXBQcm9wcyB7XG4gIGRpc3BsYXlOYW1lOiBzdHJpbmc7XG4gIGlkZW50aXR5U3RvcmVJZDogc3RyaW5nO1xuICBkZXNjcmlwdGlvbj86IHN0cmluZztcbn1cbmV4cG9ydCBjbGFzcyBHcm91cCBleHRlbmRzIENvbnN0cnVjdCB7XG4gIHByaXZhdGUgZ3JvdXBJZDogc3RyaW5nO1xuXG4gIGNvbnN0cnVjdG9yKHNjb3BlOiBDb25zdHJ1Y3QsIGlkOiBzdHJpbmcsIHByb3BzOiBHcm91cFByb3BzKSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkKTtcblxuICAgIGNvbnN0IHBoeXNpY2FsSWQgPSBgaWRlbnRpdHlTdG9yZUdyb3VwJHtwcm9wcy5kaXNwbGF5TmFtZX1gO1xuXG4gICAgLy8gQ3JlYXRlIEdyb3VwXG4gICAgY29uc3QgY3JlYXRlR3JvdXAgPSBuZXcgQXdzQ3VzdG9tUmVzb3VyY2UoXG4gICAgICB0aGlzLFxuICAgICAgXCJjcmVhdGVJZGVudGl0eVN0b3JlR3JvdXBcIixcbiAgICAgIHtcbiAgICAgICAgZnVuY3Rpb25OYW1lOiBgY3JlYXRlSWRlbnRpdHlTdG9yZUdyb3VwJHtwcm9wcy5kaXNwbGF5TmFtZX1gLFxuICAgICAgICBvbkNyZWF0ZToge1xuICAgICAgICAgIHNlcnZpY2U6IFwiaWRlbnRpdHlzdG9yZVwiLFxuICAgICAgICAgIGFjdGlvbjogXCJDcmVhdGVHcm91cFwiLCAvLyBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vQVdTSmF2YVNjcmlwdFNESy92My9sYXRlc3QvY2xpZW50L2lkZW50aXR5c3RvcmUvY29tbWFuZC9DcmVhdGVHcm91cENvbW1hbmRcbiAgICAgICAgICBwYXJhbWV0ZXJzOiB7XG4gICAgICAgICAgICBEaXNwbGF5TmFtZTogcHJvcHMuZGlzcGxheU5hbWUsXG4gICAgICAgICAgICBJZGVudGl0eVN0b3JlSWQ6IHByb3BzLmlkZW50aXR5U3RvcmVJZCxcbiAgICAgICAgICAgIERlc2NyaXB0aW9uOiBwcm9wcy5kZXNjcmlwdGlvblxuICAgICAgICAgIH0sXG4gICAgICAgICAgcGh5c2ljYWxSZXNvdXJjZUlkOiBjdXN0b21SZXNvdXJjZXMuUGh5c2ljYWxSZXNvdXJjZUlkLm9mKHBoeXNpY2FsSWQpXG4gICAgICAgIH0sXG4gICAgICAgIHBvbGljeTogY3VzdG9tUmVzb3VyY2VzLkF3c0N1c3RvbVJlc291cmNlUG9saWN5LmZyb21TdGF0ZW1lbnRzKFtcbiAgICAgICAgICBuZXcgUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgICAgIGFjdGlvbnM6IFtcImlkZW50aXR5c3RvcmU6Q3JlYXRlR3JvdXBcIl0sXG4gICAgICAgICAgICByZXNvdXJjZXM6IFtcIipcIl1cbiAgICAgICAgICB9KVxuICAgICAgICBdKVxuICAgICAgfVxuICAgICk7XG5cbiAgICB0aGlzLmdyb3VwSWQgPSBjcmVhdGVHcm91cC5nZXRSZXNwb25zZUZpZWxkKFwiR3JvdXBJZFwiKTtcblxuICAgIC8vIFVwZGF0ZSBHcm91cFxuICAgIGNvbnN0IHVwZGF0ZUdyb3VwID0gbmV3IEF3c0N1c3RvbVJlc291cmNlKFxuICAgICAgdGhpcyxcbiAgICAgIFwidXBkYXRlSWRlbnRpdHlTdG9yZUdyb3VwXCIsXG4gICAgICB7XG4gICAgICAgIGZ1bmN0aW9uTmFtZTogYHVwZGF0ZUlkZW50aXR5U3RvcmVHcm91cCR7cHJvcHMuZGlzcGxheU5hbWV9YCxcbiAgICAgICAgb25VcGRhdGU6IHtcbiAgICAgICAgICBzZXJ2aWNlOiBcImlkZW50aXR5c3RvcmVcIixcbiAgICAgICAgICBhY3Rpb246IFwiVXBkYXRlR3JvdXBcIiwgLy8gaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL0FXU0phdmFTY3JpcHRTREsvdjMvbGF0ZXN0L2NsaWVudC9pZGVudGl0eXN0b3JlL2NvbW1hbmQvVXBkYXRlR3JvdXBDb21tYW5kXG4gICAgICAgICAgcGFyYW1ldGVyczoge1xuICAgICAgICAgICAgR3JvdXBJZDogdGhpcy5ncm91cElkLFxuICAgICAgICAgICAgSWRlbnRpdHlTdG9yZUlkOiBwcm9wcy5pZGVudGl0eVN0b3JlSWQsXG4gICAgICAgICAgICAvLyBUT0RPOiBTdXBwcG9ydCB0YWtpbmcgaW4gYW55IGNoYW5nZXMgYW5kIHVwZGF0aW5nIHRoZW1cbiAgICAgICAgICAgIE9wZXJhdGlvbnM6IFtcbiAgICAgICAgICAgICAge1xuICAgICAgICAgICAgICAgIEF0dHJpYnV0ZVBhdGg6IFwiRGlzcGxheU5hbWVcIixcbiAgICAgICAgICAgICAgICBBdHRyaWJ1dGVWYWx1ZTogcHJvcHMuZGlzcGxheU5hbWVcbiAgICAgICAgICAgICAgfSxcbiAgICAgICAgICAgICAge1xuICAgICAgICAgICAgICAgIEF0dHJpYnV0ZVBhdGg6IFwiRGVzY3JpcHRpb25cIixcbiAgICAgICAgICAgICAgICBBdHRyaWJ1dGVWYWx1ZTogcHJvcHMuZGVzY3JpcHRpb25cbiAgICAgICAgICAgICAgfVxuICAgICAgICAgICAgXVxuICAgICAgICAgIH0sXG4gICAgICAgICAgcGh5c2ljYWxSZXNvdXJjZUlkOiBjdXN0b21SZXNvdXJjZXMuUGh5c2ljYWxSZXNvdXJjZUlkLm9mKHBoeXNpY2FsSWQpXG4gICAgICAgIH0sXG4gICAgICAgIHBvbGljeTogY3VzdG9tUmVzb3VyY2VzLkF3c0N1c3RvbVJlc291cmNlUG9saWN5LmZyb21TdGF0ZW1lbnRzKFtcbiAgICAgICAgICBuZXcgUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgICAgIGFjdGlvbnM6IFtcImlkZW50aXR5c3RvcmU6VXBkYXRlR3JvdXBcIl0sXG4gICAgICAgICAgICByZXNvdXJjZXM6IFtcIipcIl1cbiAgICAgICAgICB9KVxuICAgICAgICBdKSxcbiAgICAgICAgcmVzb3VyY2VUeXBlOiBcIkN1c3RvbTo6R3JvdXBcIlxuICAgICAgfVxuICAgICk7XG5cbiAgICAvLyBEZWxldGUgR3JvdXBcbiAgICBjb25zdCBkZWxldGVHcm91cCA9IG5ldyBBd3NDdXN0b21SZXNvdXJjZShcbiAgICAgIHRoaXMsXG4gICAgICBcImRlbGV0ZUlkZW50aXR5U3RvcmVHcm91cFwiLFxuICAgICAge1xuICAgICAgICBmdW5jdGlvbk5hbWU6IGBkZWxldGVJZGVudGl0eVN0b3JlR3JvdXAke3Byb3BzLmRpc3BsYXlOYW1lfWAsXG4gICAgICAgIG9uRGVsZXRlOiB7XG4gICAgICAgICAgc2VydmljZTogXCJpZGVudGl0eXN0b3JlXCIsXG4gICAgICAgICAgYWN0aW9uOiBcIkRlbGV0ZUdyb3VwXCIsIC8vIGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9BV1NKYXZhU2NyaXB0U0RLL3YzL2xhdGVzdC9jbGllbnQvaWRlbnRpdHlzdG9yZS9jb21tYW5kL0RlbGV0ZUdyb3VwQ29tbWFuZFxuICAgICAgICAgIHBhcmFtZXRlcnM6IHtcbiAgICAgICAgICAgIEdyb3VwSWQ6IHRoaXMuZ3JvdXBJZCxcbiAgICAgICAgICAgIElkZW50aXR5U3RvcmVJZDogcHJvcHMuaWRlbnRpdHlTdG9yZUlkXG4gICAgICAgICAgfVxuICAgICAgICB9LFxuICAgICAgICBwb2xpY3k6IGN1c3RvbVJlc291cmNlcy5Bd3NDdXN0b21SZXNvdXJjZVBvbGljeS5mcm9tU3RhdGVtZW50cyhbXG4gICAgICAgICAgbmV3IFBvbGljeVN0YXRlbWVudCh7XG4gICAgICAgICAgICBhY3Rpb25zOiBbXCJpZGVudGl0eXN0b3JlOkRlbGV0ZUdyb3VwXCJdLFxuICAgICAgICAgICAgcmVzb3VyY2VzOiBbXCIqXCJdXG4gICAgICAgICAgfSlcbiAgICAgICAgXSksXG4gICAgICAgIHJlc291cmNlVHlwZTogXCJDdXN0b206Okdyb3VwXCJcbiAgICAgIH1cbiAgICApO1xuICB9XG5cbiAgcHVibGljIGdldEdyb3VwSWQoKTogc3RyaW5nIHtcbiAgICByZXR1cm4gdGhpcy5ncm91cElkO1xuICB9XG59XG4iXX0=
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
interface CloudFormationEvent {
|
|
2
|
+
RequestType: "Create" | "Update" | "Delete";
|
|
3
|
+
ResponseURL: string;
|
|
4
|
+
StackId: string;
|
|
5
|
+
RequestId: string;
|
|
6
|
+
ResourceType: string;
|
|
7
|
+
LogicalResourceId: string;
|
|
8
|
+
PhysicalResourceId?: string;
|
|
9
|
+
ResourceProperties: {
|
|
10
|
+
ServiceToken: string;
|
|
11
|
+
InstanceArn: string;
|
|
12
|
+
PermissionSetArn: string;
|
|
13
|
+
PrincipalType: string;
|
|
14
|
+
PrincipalId: string;
|
|
15
|
+
TargetType: string;
|
|
16
|
+
TargetId: string;
|
|
17
|
+
[key: string]: any;
|
|
18
|
+
};
|
|
19
|
+
OldResourceProperties?: {
|
|
20
|
+
[key: string]: any;
|
|
21
|
+
};
|
|
22
|
+
}
|
|
23
|
+
export declare const handler: (event: CloudFormationEvent) => Promise<any>;
|
|
24
|
+
export {};
|
|
@@ -0,0 +1,246 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.handler = void 0;
|
|
4
|
+
const client_sso_admin_1 = require("@aws-sdk/client-sso-admin");
|
|
5
|
+
const client_sts_1 = require("@aws-sdk/client-sts");
|
|
6
|
+
const client_s3_1 = require("@aws-sdk/client-s3");
|
|
7
|
+
const ssoAdmin = new client_sso_admin_1.SSOAdminClient();
|
|
8
|
+
const sts = new client_sts_1.STSClient();
|
|
9
|
+
const s3 = new client_s3_1.S3Client();
|
|
10
|
+
// Helper function to add delay
|
|
11
|
+
const sleep = (ms) => new Promise((resolve) => setTimeout(resolve, ms));
|
|
12
|
+
// Function to send response to CloudFormation
|
|
13
|
+
const sendResponse = async (event, response) => {
|
|
14
|
+
console.info("Sending CloudFormation response:");
|
|
15
|
+
console.info(`Status: ${response.Status}`);
|
|
16
|
+
console.info(`PhysicalResourceId: ${response.PhysicalResourceId}`);
|
|
17
|
+
if (response.Reason) {
|
|
18
|
+
console.info(`Reason: ${response.Reason}`);
|
|
19
|
+
}
|
|
20
|
+
const responseBody = JSON.stringify(response);
|
|
21
|
+
console.info(`Sending response to: ${event.ResponseURL}`);
|
|
22
|
+
try {
|
|
23
|
+
// Extract bucket and key from the pre-signed URL
|
|
24
|
+
const url = new URL(event.ResponseURL);
|
|
25
|
+
const bucketName = url.hostname.split(".")[0];
|
|
26
|
+
const key = url.pathname.substring(1); // remove leading slash
|
|
27
|
+
// Use S3 client to upload directly
|
|
28
|
+
await s3.send(new client_s3_1.PutObjectCommand({
|
|
29
|
+
Bucket: bucketName,
|
|
30
|
+
Key: key,
|
|
31
|
+
Body: responseBody,
|
|
32
|
+
ContentType: "application/json"
|
|
33
|
+
}));
|
|
34
|
+
console.info(`Status code: 200`);
|
|
35
|
+
console.info(`Status message: OK`);
|
|
36
|
+
}
|
|
37
|
+
catch (error) {
|
|
38
|
+
console.error("Error sending response:", error);
|
|
39
|
+
throw error;
|
|
40
|
+
}
|
|
41
|
+
};
|
|
42
|
+
// Function to check if an assignment exists
|
|
43
|
+
const verifyAssignmentExists = async (instanceArn, permissionSetArn, targetId, principalId, principalType, retries = 10, delay = 5000) => {
|
|
44
|
+
for (let attempt = 1; attempt <= retries; attempt++) {
|
|
45
|
+
try {
|
|
46
|
+
console.info(`Verifying assignment exists - attempt ${attempt}/${retries}`);
|
|
47
|
+
const listResponse = await ssoAdmin.send(new client_sso_admin_1.ListAccountAssignmentsCommand({
|
|
48
|
+
InstanceArn: instanceArn,
|
|
49
|
+
AccountId: targetId,
|
|
50
|
+
PermissionSetArn: permissionSetArn
|
|
51
|
+
}));
|
|
52
|
+
const assignments = listResponse.AccountAssignments || [];
|
|
53
|
+
console.info(`Found ${assignments.length} assignments for account ${targetId} and permission set`);
|
|
54
|
+
const exists = assignments.some((assignment) => assignment.PrincipalId === principalId &&
|
|
55
|
+
assignment.PrincipalType === principalType);
|
|
56
|
+
if (exists) {
|
|
57
|
+
console.info("Assignment exists");
|
|
58
|
+
return true;
|
|
59
|
+
}
|
|
60
|
+
if (attempt < retries) {
|
|
61
|
+
console.info(`Assignment not found, waiting ${delay / 1000} seconds before retrying...`);
|
|
62
|
+
await sleep(delay);
|
|
63
|
+
}
|
|
64
|
+
}
|
|
65
|
+
catch (error) {
|
|
66
|
+
console.error(`Error verifying assignment (attempt ${attempt}/${retries}):`, error);
|
|
67
|
+
if (attempt < retries) {
|
|
68
|
+
console.info(`Waiting ${delay / 1000} seconds before retrying...`);
|
|
69
|
+
await sleep(delay);
|
|
70
|
+
}
|
|
71
|
+
}
|
|
72
|
+
}
|
|
73
|
+
console.info("Assignment not found after maximum retries");
|
|
74
|
+
return false;
|
|
75
|
+
};
|
|
76
|
+
// Handle CloudFormation custom resource event
|
|
77
|
+
const handler = async (event) => {
|
|
78
|
+
console.info("Received event: ", JSON.stringify(event, null, 2));
|
|
79
|
+
// Log environment variables (without sensitive data)
|
|
80
|
+
console.info("Environment variables: " +
|
|
81
|
+
JSON.stringify({
|
|
82
|
+
AWS_REGION: process.env.AWS_REGION,
|
|
83
|
+
AWS_EXECUTION_ENV: process.env.AWS_EXECUTION_ENV,
|
|
84
|
+
AWS_LAMBDA_FUNCTION_NAME: process.env.AWS_LAMBDA_FUNCTION_NAME,
|
|
85
|
+
AWS_LAMBDA_FUNCTION_VERSION: process.env.AWS_LAMBDA_FUNCTION_VERSION,
|
|
86
|
+
AWS_LAMBDA_FUNCTION_MEMORY_SIZE: process.env.AWS_LAMBDA_FUNCTION_MEMORY_SIZE
|
|
87
|
+
}));
|
|
88
|
+
// Get current identity for debugging purposes
|
|
89
|
+
try {
|
|
90
|
+
const identity = await sts.send(new client_sts_1.GetCallerIdentityCommand({}));
|
|
91
|
+
console.info("Current identity: ", JSON.stringify(identity, null, 2));
|
|
92
|
+
}
|
|
93
|
+
catch (error) {
|
|
94
|
+
console.error("Error getting caller identity:", error);
|
|
95
|
+
}
|
|
96
|
+
const { InstanceArn: instanceArn, PermissionSetArn: permissionSetArn, PrincipalType: principalTypeStr, PrincipalId: principalId, TargetType: targetTypeStr, TargetId: targetId } = event.ResourceProperties;
|
|
97
|
+
// Convert string types to enum types
|
|
98
|
+
const principalType = principalTypeStr;
|
|
99
|
+
const targetType = targetTypeStr;
|
|
100
|
+
// Generate a consistent physical ID regardless of whether the assignment exists
|
|
101
|
+
const physicalResourceId = event.PhysicalResourceId ||
|
|
102
|
+
`${permissionSetArn}-${principalId}-${targetId}`;
|
|
103
|
+
// Prepare the response
|
|
104
|
+
const response = {
|
|
105
|
+
Status: "SUCCESS",
|
|
106
|
+
PhysicalResourceId: physicalResourceId,
|
|
107
|
+
StackId: event.StackId,
|
|
108
|
+
RequestId: event.RequestId,
|
|
109
|
+
LogicalResourceId: event.LogicalResourceId
|
|
110
|
+
};
|
|
111
|
+
const MAX_RETRIES = 5;
|
|
112
|
+
try {
|
|
113
|
+
switch (event.RequestType) {
|
|
114
|
+
case "Create":
|
|
115
|
+
case "Update":
|
|
116
|
+
const operation = event.RequestType === "Create" ? "Creating" : "Updating";
|
|
117
|
+
// Check if assignment already exists for updates to avoid errors
|
|
118
|
+
if (event.RequestType === "Update") {
|
|
119
|
+
const exists = await verifyAssignmentExists(instanceArn, permissionSetArn, targetId, principalId, principalTypeStr);
|
|
120
|
+
if (exists) {
|
|
121
|
+
console.info("Assignment already exists for update operation - no action needed");
|
|
122
|
+
await sendResponse(event, response);
|
|
123
|
+
return response;
|
|
124
|
+
}
|
|
125
|
+
}
|
|
126
|
+
// Create the assignment
|
|
127
|
+
for (let attempt = 1; attempt <= MAX_RETRIES; attempt++) {
|
|
128
|
+
console.info(`Attempt ${attempt}/${MAX_RETRIES}`);
|
|
129
|
+
console.info(`${operation} Account Assignment`);
|
|
130
|
+
try {
|
|
131
|
+
await ssoAdmin.send(new client_sso_admin_1.CreateAccountAssignmentCommand({
|
|
132
|
+
InstanceArn: instanceArn,
|
|
133
|
+
PermissionSetArn: permissionSetArn,
|
|
134
|
+
PrincipalType: principalType,
|
|
135
|
+
PrincipalId: principalId,
|
|
136
|
+
TargetType: targetType,
|
|
137
|
+
TargetId: targetId
|
|
138
|
+
}));
|
|
139
|
+
console.info("Create assignment command sent successfully");
|
|
140
|
+
console.info("Verifying assignment exists");
|
|
141
|
+
// Verify the assignment was created
|
|
142
|
+
const exists = await verifyAssignmentExists(instanceArn, permissionSetArn, targetId, principalId, principalTypeStr);
|
|
143
|
+
if (exists) {
|
|
144
|
+
console.info("Assignment verified successfully");
|
|
145
|
+
await sendResponse(event, response);
|
|
146
|
+
return response;
|
|
147
|
+
}
|
|
148
|
+
else {
|
|
149
|
+
throw new Error("Assignment verification failed: Assignment not found after creation");
|
|
150
|
+
}
|
|
151
|
+
}
|
|
152
|
+
catch (error) {
|
|
153
|
+
console.error(`Error in attempt ${attempt}:`, error);
|
|
154
|
+
// If it's the last attempt, propagate the error
|
|
155
|
+
if (attempt === MAX_RETRIES) {
|
|
156
|
+
throw error;
|
|
157
|
+
}
|
|
158
|
+
// If it's a ConflictException or the assignment already exists, consider it a success
|
|
159
|
+
if (error.name === "ConflictException" ||
|
|
160
|
+
error.message.includes("already exists") ||
|
|
161
|
+
(await verifyAssignmentExists(instanceArn, permissionSetArn, targetId, principalId, principalTypeStr))) {
|
|
162
|
+
console.info("Assignment already exists or was created successfully");
|
|
163
|
+
await sendResponse(event, response);
|
|
164
|
+
return response;
|
|
165
|
+
}
|
|
166
|
+
// Otherwise, wait and retry
|
|
167
|
+
await sleep(2000 * attempt); // Exponential backoff
|
|
168
|
+
}
|
|
169
|
+
}
|
|
170
|
+
break;
|
|
171
|
+
case "Delete":
|
|
172
|
+
// Check if assignment exists before attempting deletion
|
|
173
|
+
const assignmentExists = await verifyAssignmentExists(instanceArn, permissionSetArn, targetId, principalId, principalTypeStr);
|
|
174
|
+
if (!assignmentExists) {
|
|
175
|
+
console.info("Assignment does not exist, no need to delete");
|
|
176
|
+
await sendResponse(event, response);
|
|
177
|
+
return response;
|
|
178
|
+
}
|
|
179
|
+
// Delete the assignment
|
|
180
|
+
for (let attempt = 1; attempt <= MAX_RETRIES; attempt++) {
|
|
181
|
+
console.info(`Attempt ${attempt}/${MAX_RETRIES}`);
|
|
182
|
+
console.info("Deleting Account Assignment");
|
|
183
|
+
try {
|
|
184
|
+
await ssoAdmin.send(new client_sso_admin_1.DeleteAccountAssignmentCommand({
|
|
185
|
+
InstanceArn: instanceArn,
|
|
186
|
+
PermissionSetArn: permissionSetArn,
|
|
187
|
+
PrincipalType: principalType,
|
|
188
|
+
PrincipalId: principalId,
|
|
189
|
+
TargetType: targetType,
|
|
190
|
+
TargetId: targetId
|
|
191
|
+
}));
|
|
192
|
+
console.info("Delete assignment command sent successfully");
|
|
193
|
+
console.info("Verifying assignment does not exist");
|
|
194
|
+
// Here we're inverting the logic - wait for the assignment to NOT exist
|
|
195
|
+
const stillExists = await verifyAssignmentExists(instanceArn, permissionSetArn, targetId, principalId, principalTypeStr);
|
|
196
|
+
if (!stillExists) {
|
|
197
|
+
console.info("Assignment deleted successfully");
|
|
198
|
+
await sendResponse(event, response);
|
|
199
|
+
return response;
|
|
200
|
+
}
|
|
201
|
+
else {
|
|
202
|
+
// On the final attempt, consider it an error if it still exists
|
|
203
|
+
if (attempt === MAX_RETRIES) {
|
|
204
|
+
throw new Error("Assignment verification failed: Assignment still exists after deletion");
|
|
205
|
+
}
|
|
206
|
+
// Otherwise, wait and retry the verification
|
|
207
|
+
console.info(`Assignment still exists after deletion attempt ${attempt}, waiting...`);
|
|
208
|
+
await sleep(3000);
|
|
209
|
+
}
|
|
210
|
+
}
|
|
211
|
+
catch (error) {
|
|
212
|
+
console.error(`Error in delete attempt ${attempt}:`, error);
|
|
213
|
+
// If it's a ResourceNotFoundException, consider it a success
|
|
214
|
+
if (error.name === "ResourceNotFoundException" ||
|
|
215
|
+
error.message.includes("does not exist")) {
|
|
216
|
+
console.info("Assignment does not exist or was already deleted");
|
|
217
|
+
await sendResponse(event, response);
|
|
218
|
+
return response;
|
|
219
|
+
}
|
|
220
|
+
// On the last attempt, propagate the error
|
|
221
|
+
if (attempt === MAX_RETRIES) {
|
|
222
|
+
throw error;
|
|
223
|
+
}
|
|
224
|
+
// Otherwise, wait and retry
|
|
225
|
+
await sleep(2000 * attempt);
|
|
226
|
+
}
|
|
227
|
+
}
|
|
228
|
+
break;
|
|
229
|
+
}
|
|
230
|
+
}
|
|
231
|
+
catch (error) {
|
|
232
|
+
console.error(`Operation failed: ${error.message}`, error);
|
|
233
|
+
response.Status = "FAILED";
|
|
234
|
+
response.Reason = `${event.RequestType} operation failed: ${error.message}`;
|
|
235
|
+
try {
|
|
236
|
+
await sendResponse(event, response);
|
|
237
|
+
}
|
|
238
|
+
catch (responseError) {
|
|
239
|
+
console.error("Failed to send response to CloudFormation:", responseError);
|
|
240
|
+
}
|
|
241
|
+
throw error;
|
|
242
|
+
}
|
|
243
|
+
return response;
|
|
244
|
+
};
|
|
245
|
+
exports.handler = handler;
|
|
246
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXNzaWdubWVudEhhbmRsZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi8uLi8uLi9saWIvcmVzb3VyY2VzL2F3cy9pYW0vaWRlbnRpdHlDZW50ZXIvbGFtYmRhL2Fzc2lnbm1lbnRIYW5kbGVyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLGdFQVFtQztBQUNuQyxvREFBMEU7QUFDMUUsa0RBQWdFO0FBcUNoRSxNQUFNLFFBQVEsR0FBRyxJQUFJLGlDQUFjLEVBQUUsQ0FBQztBQUN0QyxNQUFNLEdBQUcsR0FBRyxJQUFJLHNCQUFTLEVBQUUsQ0FBQztBQUM1QixNQUFNLEVBQUUsR0FBRyxJQUFJLG9CQUFRLEVBQUUsQ0FBQztBQUUxQiwrQkFBK0I7QUFDL0IsTUFBTSxLQUFLLEdBQUcsQ0FBQyxFQUFVLEVBQUUsRUFBRSxDQUFDLElBQUksT0FBTyxDQUFDLENBQUMsT0FBTyxFQUFFLEVBQUUsQ0FBQyxVQUFVLENBQUMsT0FBTyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUM7QUFFaEYsOENBQThDO0FBQzlDLE1BQU0sWUFBWSxHQUFHLEtBQUssRUFDeEIsS0FBMEIsRUFDMUIsUUFBZ0MsRUFDakIsRUFBRTtJQUNqQixPQUFPLENBQUMsSUFBSSxDQUFDLGtDQUFrQyxDQUFDLENBQUM7SUFDakQsT0FBTyxDQUFDLElBQUksQ0FBQyxXQUFXLFFBQVEsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxDQUFDO0lBQzNDLE9BQU8sQ0FBQyxJQUFJLENBQUMsdUJBQXVCLFFBQVEsQ0FBQyxrQkFBa0IsRUFBRSxDQUFDLENBQUM7SUFDbkUsSUFBSSxRQUFRLENBQUMsTUFBTSxFQUFFLENBQUM7UUFDcEIsT0FBTyxDQUFDLElBQUksQ0FBQyxXQUFXLFFBQVEsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxDQUFDO0lBQzdDLENBQUM7SUFFRCxNQUFNLFlBQVksR0FBRyxJQUFJLENBQUMsU0FBUyxDQUFDLFFBQVEsQ0FBQyxDQUFDO0lBQzlDLE9BQU8sQ0FBQyxJQUFJLENBQUMsd0JBQXdCLEtBQUssQ0FBQyxXQUFXLEVBQUUsQ0FBQyxDQUFDO0lBRTFELElBQUksQ0FBQztRQUNILGlEQUFpRDtRQUNqRCxNQUFNLEdBQUcsR0FBRyxJQUFJLEdBQUcsQ0FBQyxLQUFLLENBQUMsV0FBVyxDQUFDLENBQUM7UUFDdkMsTUFBTSxVQUFVLEdBQUcsR0FBRyxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDOUMsTUFBTSxHQUFHLEdBQUcsR0FBRyxDQUFDLFFBQVEsQ0FBQyxTQUFTLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyx1QkFBdUI7UUFFOUQsbUNBQW1DO1FBQ25DLE1BQU0sRUFBRSxDQUFDLElBQUksQ0FDWCxJQUFJLDRCQUFnQixDQUFDO1lBQ25CLE1BQU0sRUFBRSxVQUFVO1lBQ2xCLEdBQUcsRUFBRSxHQUFHO1lBQ1IsSUFBSSxFQUFFLFlBQVk7WUFDbEIsV0FBVyxFQUFFLGtCQUFrQjtTQUNoQyxDQUFDLENBQ0gsQ0FBQztRQUVGLE9BQU8sQ0FBQyxJQUFJLENBQUMsa0JBQWtCLENBQUMsQ0FBQztRQUNqQyxPQUFPLENBQUMsSUFBSSxDQUFDLG9CQUFvQixDQUFDLENBQUM7SUFDckMsQ0FBQztJQUFDLE9BQU8sS0FBSyxFQUFFLENBQUM7UUFDZixPQUFPLENBQUMsS0FBSyxDQUFDLHlCQUF5QixFQUFFLEtBQUssQ0FBQyxDQUFDO1FBQ2hELE1BQU0sS0FBSyxDQUFDO0lBQ2QsQ0FBQztBQUNILENBQUMsQ0FBQztBQUVGLDRDQUE0QztBQUM1QyxNQUFNLHNCQUFzQixHQUFHLEtBQUssRUFDbEMsV0FBbUIsRUFDbkIsZ0JBQXdCLEVBQ3hCLFFBQWdCLEVBQ2hCLFdBQW1CLEVBQ25CLGFBQXFCLEVBQ3JCLE9BQU8sR0FBRyxFQUFFLEVBQ1osS0FBSyxHQUFHLElBQUksRUFDTSxFQUFFO0lBQ3BCLEtBQUssSUFBSSxPQUFPLEdBQUcsQ0FBQyxFQUFFLE9BQU8sSUFBSSxPQUFPLEVBQUUsT0FBTyxFQUFFLEVBQUUsQ0FBQztRQUNwRCxJQUFJLENBQUM7WUFDSCxPQUFPLENBQUMsSUFBSSxDQUNWLHlDQUF5QyxPQUFPLElBQUksT0FBTyxFQUFFLENBQzlELENBQUM7WUFFRixNQUFNLFlBQVksR0FBRyxNQUFNLFFBQVEsQ0FBQyxJQUFJLENBQ3RDLElBQUksZ0RBQTZCLENBQUM7Z0JBQ2hDLFdBQVcsRUFBRSxXQUFXO2dCQUN4QixTQUFTLEVBQUUsUUFBUTtnQkFDbkIsZ0JBQWdCLEVBQUUsZ0JBQWdCO2FBQ25DLENBQUMsQ0FDSCxDQUFDO1lBRUYsTUFBTSxXQUFXLEdBQUcsWUFBWSxDQUFDLGtCQUFrQixJQUFJLEVBQUUsQ0FBQztZQUUxRCxPQUFPLENBQUMsSUFBSSxDQUNWLFNBQVMsV0FBVyxDQUFDLE1BQU0sNEJBQTRCLFFBQVEscUJBQXFCLENBQ3JGLENBQUM7WUFFRixNQUFNLE1BQU0sR0FBRyxXQUFXLENBQUMsSUFBSSxDQUM3QixDQUFDLFVBQTZCLEVBQUUsRUFBRSxDQUNoQyxVQUFVLENBQUMsV0FBVyxLQUFLLFdBQVc7Z0JBQ3RDLFVBQVUsQ0FBQyxhQUFhLEtBQU0sYUFBK0IsQ0FDaEUsQ0FBQztZQUVGLElBQUksTUFBTSxFQUFFLENBQUM7Z0JBQ1gsT0FBTyxDQUFDLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxDQUFDO2dCQUNsQyxPQUFPLElBQUksQ0FBQztZQUNkLENBQUM7WUFFRCxJQUFJLE9BQU8sR0FBRyxPQUFPLEVBQUUsQ0FBQztnQkFDdEIsT0FBTyxDQUFDLElBQUksQ0FDVixpQ0FDRSxLQUFLLEdBQUcsSUFDViw2QkFBNkIsQ0FDOUIsQ0FBQztnQkFDRixNQUFNLEtBQUssQ0FBQyxLQUFLLENBQUMsQ0FBQztZQUNyQixDQUFDO1FBQ0gsQ0FBQztRQUFDLE9BQU8sS0FBVSxFQUFFLENBQUM7WUFDcEIsT0FBTyxDQUFDLEtBQUssQ0FDWCx1Q0FBdUMsT0FBTyxJQUFJLE9BQU8sSUFBSSxFQUM3RCxLQUFLLENBQ04sQ0FBQztZQUVGLElBQUksT0FBTyxHQUFHLE9BQU8sRUFBRSxDQUFDO2dCQUN0QixPQUFPLENBQUMsSUFBSSxDQUFDLFdBQVcsS0FBSyxHQUFHLElBQUksNkJBQTZCLENBQUMsQ0FBQztnQkFDbkUsTUFBTSxLQUFLLENBQUMsS0FBSyxDQUFDLENBQUM7WUFDckIsQ0FBQztRQUNILENBQUM7SUFDSCxDQUFDO0lBRUQsT0FBTyxDQUFDLElBQUksQ0FBQyw0Q0FBNEMsQ0FBQyxDQUFDO0lBQzNELE9BQU8sS0FBSyxDQUFDO0FBQ2YsQ0FBQyxDQUFDO0FBRUYsOENBQThDO0FBQ3ZDLE1BQU0sT0FBTyxHQUFHLEtBQUssRUFBRSxLQUEwQixFQUFnQixFQUFFO0lBQ3hFLE9BQU8sQ0FBQyxJQUFJLENBQUMsa0JBQWtCLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FBQyxLQUFLLEVBQUUsSUFBSSxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUM7SUFFakUscURBQXFEO0lBQ3JELE9BQU8sQ0FBQyxJQUFJLENBQ1YseUJBQXlCO1FBQ3ZCLElBQUksQ0FBQyxTQUFTLENBQUM7WUFDYixVQUFVLEVBQUUsT0FBTyxDQUFDLEdBQUcsQ0FBQyxVQUFVO1lBQ2xDLGlCQUFpQixFQUFFLE9BQU8sQ0FBQyxHQUFHLENBQUMsaUJBQWlCO1lBQ2hELHdCQUF3QixFQUFFLE9BQU8sQ0FBQyxHQUFHLENBQUMsd0JBQXdCO1lBQzlELDJCQUEyQixFQUFFLE9BQU8sQ0FBQyxHQUFHLENBQUMsMkJBQTJCO1lBQ3BFLCtCQUErQixFQUM3QixPQUFPLENBQUMsR0FBRyxDQUFDLCtCQUErQjtTQUM5QyxDQUFDLENBQ0wsQ0FBQztJQUVGLDhDQUE4QztJQUM5QyxJQUFJLENBQUM7UUFDSCxNQUFNLFFBQVEsR0FBRyxNQUFNLEdBQUcsQ0FBQyxJQUFJLENBQUMsSUFBSSxxQ0FBd0IsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDO1FBQ2xFLE9BQU8sQ0FBQyxJQUFJLENBQUMsb0JBQW9CLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FBQyxRQUFRLEVBQUUsSUFBSSxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUM7SUFDeEUsQ0FBQztJQUFDLE9BQU8sS0FBSyxFQUFFLENBQUM7UUFDZixPQUFPLENBQUMsS0FBSyxDQUFDLGdDQUFnQyxFQUFFLEtBQUssQ0FBQyxDQUFDO0lBQ3pELENBQUM7SUFFRCxNQUFNLEVBQ0osV0FBVyxFQUFFLFdBQVcsRUFDeEIsZ0JBQWdCLEVBQUUsZ0JBQWdCLEVBQ2xDLGFBQWEsRUFBRSxnQkFBZ0IsRUFDL0IsV0FBVyxFQUFFLFdBQVcsRUFDeEIsVUFBVSxFQUFFLGFBQWEsRUFDekIsUUFBUSxFQUFFLFFBQVEsRUFDbkIsR0FBRyxLQUFLLENBQUMsa0JBQWtCLENBQUM7SUFFN0IscUNBQXFDO0lBQ3JDLE1BQU0sYUFBYSxHQUFHLGdCQUFpQyxDQUFDO0lBQ3hELE1BQU0sVUFBVSxHQUFHLGFBQTJCLENBQUM7SUFFL0MsZ0ZBQWdGO0lBQ2hGLE1BQU0sa0JBQWtCLEdBQ3RCLEtBQUssQ0FBQyxrQkFBa0I7UUFDeEIsR0FBRyxnQkFBZ0IsSUFBSSxXQUFXLElBQUksUUFBUSxFQUFFLENBQUM7SUFFbkQsdUJBQXVCO0lBQ3ZCLE1BQU0sUUFBUSxHQUEyQjtRQUN2QyxNQUFNLEVBQUUsU0FBUztRQUNqQixrQkFBa0IsRUFBRSxrQkFBa0I7UUFDdEMsT0FBTyxFQUFFLEtBQUssQ0FBQyxPQUFPO1FBQ3RCLFNBQVMsRUFBRSxLQUFLLENBQUMsU0FBUztRQUMxQixpQkFBaUIsRUFBRSxLQUFLLENBQUMsaUJBQWlCO0tBQzNDLENBQUM7SUFFRixNQUFNLFdBQVcsR0FBRyxDQUFDLENBQUM7SUFFdEIsSUFBSSxDQUFDO1FBQ0gsUUFBUSxLQUFLLENBQUMsV0FBVyxFQUFFLENBQUM7WUFDMUIsS0FBSyxRQUFRLENBQUM7WUFDZCxLQUFLLFFBQVE7Z0JBQ1gsTUFBTSxTQUFTLEdBQ2IsS0FBSyxDQUFDLFdBQVcsS0FBSyxRQUFRLENBQUMsQ0FBQyxDQUFDLFVBQVUsQ0FBQyxDQUFDLENBQUMsVUFBVSxDQUFDO2dCQUUzRCxpRUFBaUU7Z0JBQ2pFLElBQUksS0FBSyxDQUFDLFdBQVcsS0FBSyxRQUFRLEVBQUUsQ0FBQztvQkFDbkMsTUFBTSxNQUFNLEdBQUcsTUFBTSxzQkFBc0IsQ0FDekMsV0FBVyxFQUNYLGdCQUFnQixFQUNoQixRQUFRLEVBQ1IsV0FBVyxFQUNYLGdCQUFnQixDQUNqQixDQUFDO29CQUVGLElBQUksTUFBTSxFQUFFLENBQUM7d0JBQ1gsT0FBTyxDQUFDLElBQUksQ0FDVixtRUFBbUUsQ0FDcEUsQ0FBQzt3QkFDRixNQUFNLFlBQVksQ0FBQyxLQUFLLEVBQUUsUUFBUSxDQUFDLENBQUM7d0JBQ3BDLE9BQU8sUUFBUSxDQUFDO29CQUNsQixDQUFDO2dCQUNILENBQUM7Z0JBRUQsd0JBQXdCO2dCQUN4QixLQUFLLElBQUksT0FBTyxHQUFHLENBQUMsRUFBRSxPQUFPLElBQUksV0FBVyxFQUFFLE9BQU8sRUFBRSxFQUFFLENBQUM7b0JBQ3hELE9BQU8sQ0FBQyxJQUFJLENBQUMsV0FBVyxPQUFPLElBQUksV0FBVyxFQUFFLENBQUMsQ0FBQztvQkFDbEQsT0FBTyxDQUFDLElBQUksQ0FBQyxHQUFHLFNBQVMscUJBQXFCLENBQUMsQ0FBQztvQkFFaEQsSUFBSSxDQUFDO3dCQUNILE1BQU0sUUFBUSxDQUFDLElBQUksQ0FDakIsSUFBSSxpREFBOEIsQ0FBQzs0QkFDakMsV0FBVyxFQUFFLFdBQVc7NEJBQ3hCLGdCQUFnQixFQUFFLGdCQUFnQjs0QkFDbEMsYUFBYSxFQUFFLGFBQWE7NEJBQzVCLFdBQVcsRUFBRSxXQUFXOzRCQUN4QixVQUFVLEVBQUUsVUFBVTs0QkFDdEIsUUFBUSxFQUFFLFFBQVE7eUJBQ25CLENBQUMsQ0FDSCxDQUFDO3dCQUVGLE9BQU8sQ0FBQyxJQUFJLENBQUMsNkNBQTZDLENBQUMsQ0FBQzt3QkFDNUQsT0FBTyxDQUFDLElBQUksQ0FBQyw2QkFBNkIsQ0FBQyxDQUFDO3dCQUU1QyxvQ0FBb0M7d0JBQ3BDLE1BQU0sTUFBTSxHQUFHLE1BQU0sc0JBQXNCLENBQ3pDLFdBQVcsRUFDWCxnQkFBZ0IsRUFDaEIsUUFBUSxFQUNSLFdBQVcsRUFDWCxnQkFBZ0IsQ0FDakIsQ0FBQzt3QkFFRixJQUFJLE1BQU0sRUFBRSxDQUFDOzRCQUNYLE9BQU8sQ0FBQyxJQUFJLENBQUMsa0NBQWtDLENBQUMsQ0FBQzs0QkFDakQsTUFBTSxZQUFZLENBQUMsS0FBSyxFQUFFLFFBQVEsQ0FBQyxDQUFDOzRCQUNwQyxPQUFPLFFBQVEsQ0FBQzt3QkFDbEIsQ0FBQzs2QkFBTSxDQUFDOzRCQUNOLE1BQU0sSUFBSSxLQUFLLENBQ2IscUVBQXFFLENBQ3RFLENBQUM7d0JBQ0osQ0FBQztvQkFDSCxDQUFDO29CQUFDLE9BQU8sS0FBVSxFQUFFLENBQUM7d0JBQ3BCLE9BQU8sQ0FBQyxLQUFLLENBQUMsb0JBQW9CLE9BQU8sR0FBRyxFQUFFLEtBQUssQ0FBQyxDQUFDO3dCQUVyRCxnREFBZ0Q7d0JBQ2hELElBQUksT0FBTyxLQUFLLFdBQVcsRUFBRSxDQUFDOzRCQUM1QixNQUFNLEtBQUssQ0FBQzt3QkFDZCxDQUFDO3dCQUVELHNGQUFzRjt3QkFDdEYsSUFDRSxLQUFLLENBQUMsSUFBSSxLQUFLLG1CQUFtQjs0QkFDbEMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsZ0JBQWdCLENBQUM7NEJBQ3hDLENBQUMsTUFBTSxzQkFBc0IsQ0FDM0IsV0FBVyxFQUNYLGdCQUFnQixFQUNoQixRQUFRLEVBQ1IsV0FBVyxFQUNYLGdCQUFnQixDQUNqQixDQUFDLEVBQ0YsQ0FBQzs0QkFDRCxPQUFPLENBQUMsSUFBSSxDQUNWLHVEQUF1RCxDQUN4RCxDQUFDOzRCQUNGLE1BQU0sWUFBWSxDQUFDLEtBQUssRUFBRSxRQUFRLENBQUMsQ0FBQzs0QkFDcEMsT0FBTyxRQUFRLENBQUM7d0JBQ2xCLENBQUM7d0JBRUQsNEJBQTRCO3dCQUM1QixNQUFNLEtBQUssQ0FBQyxJQUFJLEdBQUcsT0FBTyxDQUFDLENBQUMsQ0FBQyxzQkFBc0I7b0JBQ3JELENBQUM7Z0JBQ0gsQ0FBQztnQkFFRCxNQUFNO1lBRVIsS0FBSyxRQUFRO2dCQUNYLHdEQUF3RDtnQkFDeEQsTUFBTSxnQkFBZ0IsR0FBRyxNQUFNLHNCQUFzQixDQUNuRCxXQUFXLEVBQ1gsZ0JBQWdCLEVBQ2hCLFFBQVEsRUFDUixXQUFXLEVBQ1gsZ0JBQWdCLENBQ2pCLENBQUM7Z0JBRUYsSUFBSSxDQUFDLGdCQUFnQixFQUFFLENBQUM7b0JBQ3RCLE9BQU8sQ0FBQyxJQUFJLENBQUMsOENBQThDLENBQUMsQ0FBQztvQkFDN0QsTUFBTSxZQUFZLENBQUMsS0FBSyxFQUFFLFFBQVEsQ0FBQyxDQUFDO29CQUNwQyxPQUFPLFFBQVEsQ0FBQztnQkFDbEIsQ0FBQztnQkFFRCx3QkFBd0I7Z0JBQ3hCLEtBQUssSUFBSSxPQUFPLEdBQUcsQ0FBQyxFQUFFLE9BQU8sSUFBSSxXQUFXLEVBQUUsT0FBTyxFQUFFLEVBQUUsQ0FBQztvQkFDeEQsT0FBTyxDQUFDLElBQUksQ0FBQyxXQUFXLE9BQU8sSUFBSSxXQUFXLEVBQUUsQ0FBQyxDQUFDO29CQUNsRCxPQUFPLENBQUMsSUFBSSxDQUFDLDZCQUE2QixDQUFDLENBQUM7b0JBRTVDLElBQUksQ0FBQzt3QkFDSCxNQUFNLFFBQVEsQ0FBQyxJQUFJLENBQ2pCLElBQUksaURBQThCLENBQUM7NEJBQ2pDLFdBQVcsRUFBRSxXQUFXOzRCQUN4QixnQkFBZ0IsRUFBRSxnQkFBZ0I7NEJBQ2xDLGFBQWEsRUFBRSxhQUFhOzRCQUM1QixXQUFXLEVBQUUsV0FBVzs0QkFDeEIsVUFBVSxFQUFFLFVBQVU7NEJBQ3RCLFFBQVEsRUFBRSxRQUFRO3lCQUNuQixDQUFDLENBQ0gsQ0FBQzt3QkFFRixPQUFPLENBQUMsSUFBSSxDQUFDLDZDQUE2QyxDQUFDLENBQUM7d0JBQzVELE9BQU8sQ0FBQyxJQUFJLENBQUMscUNBQXFDLENBQUMsQ0FBQzt3QkFFcEQsd0VBQXdFO3dCQUN4RSxNQUFNLFdBQVcsR0FBRyxNQUFNLHNCQUFzQixDQUM5QyxXQUFXLEVBQ1gsZ0JBQWdCLEVBQ2hCLFFBQVEsRUFDUixXQUFXLEVBQ1gsZ0JBQWdCLENBQ2pCLENBQUM7d0JBRUYsSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDOzRCQUNqQixPQUFPLENBQUMsSUFBSSxDQUFDLGlDQUFpQyxDQUFDLENBQUM7NEJBQ2hELE1BQU0sWUFBWSxDQUFDLEtBQUssRUFBRSxRQUFRLENBQUMsQ0FBQzs0QkFDcEMsT0FBTyxRQUFRLENBQUM7d0JBQ2xCLENBQUM7NkJBQU0sQ0FBQzs0QkFDTixnRUFBZ0U7NEJBQ2hFLElBQUksT0FBTyxLQUFLLFdBQVcsRUFBRSxDQUFDO2dDQUM1QixNQUFNLElBQUksS0FBSyxDQUNiLHdFQUF3RSxDQUN6RSxDQUFDOzRCQUNKLENBQUM7NEJBRUQsNkNBQTZDOzRCQUM3QyxPQUFPLENBQUMsSUFBSSxDQUNWLGtEQUFrRCxPQUFPLGNBQWMsQ0FDeEUsQ0FBQzs0QkFDRixNQUFNLEtBQUssQ0FBQyxJQUFJLENBQUMsQ0FBQzt3QkFDcEIsQ0FBQztvQkFDSCxDQUFDO29CQUFDLE9BQU8sS0FBVSxFQUFFLENBQUM7d0JBQ3BCLE9BQU8sQ0FBQyxLQUFLLENBQUMsMkJBQTJCLE9BQU8sR0FBRyxFQUFFLEtBQUssQ0FBQyxDQUFDO3dCQUU1RCw2REFBNkQ7d0JBQzdELElBQ0UsS0FBSyxDQUFDLElBQUksS0FBSywyQkFBMkI7NEJBQzFDLEtBQUssQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDLGdCQUFnQixDQUFDLEVBQ3hDLENBQUM7NEJBQ0QsT0FBTyxDQUFDLElBQUksQ0FBQyxrREFBa0QsQ0FBQyxDQUFDOzRCQUNqRSxNQUFNLFlBQVksQ0FBQyxLQUFLLEVBQUUsUUFBUSxDQUFDLENBQUM7NEJBQ3BDLE9BQU8sUUFBUSxDQUFDO3dCQUNsQixDQUFDO3dCQUVELDJDQUEyQzt3QkFDM0MsSUFBSSxPQUFPLEtBQUssV0FBVyxFQUFFLENBQUM7NEJBQzVCLE1BQU0sS0FBSyxDQUFDO3dCQUNkLENBQUM7d0JBRUQsNEJBQTRCO3dCQUM1QixNQUFNLEtBQUssQ0FBQyxJQUFJLEdBQUcsT0FBTyxDQUFDLENBQUM7b0JBQzlCLENBQUM7Z0JBQ0gsQ0FBQztnQkFFRCxNQUFNO1FBQ1YsQ0FBQztJQUNILENBQUM7SUFBQyxPQUFPLEtBQVUsRUFBRSxDQUFDO1FBQ3BCLE9BQU8sQ0FBQyxLQUFLLENBQUMscUJBQXFCLEtBQUssQ0FBQyxPQUFPLEVBQUUsRUFBRSxLQUFLLENBQUMsQ0FBQztRQUMzRCxRQUFRLENBQUMsTUFBTSxHQUFHLFFBQVEsQ0FBQztRQUMzQixRQUFRLENBQUMsTUFBTSxHQUFHLEdBQUcsS0FBSyxDQUFDLFdBQVcsc0JBQXNCLEtBQUssQ0FBQyxPQUFPLEVBQUUsQ0FBQztRQUU1RSxJQUFJLENBQUM7WUFDSCxNQUFNLFlBQVksQ0FBQyxLQUFLLEVBQUUsUUFBUSxDQUFDLENBQUM7UUFDdEMsQ0FBQztRQUFDLE9BQU8sYUFBYSxFQUFFLENBQUM7WUFDdkIsT0FBTyxDQUFDLEtBQUssQ0FDWCw0Q0FBNEMsRUFDNUMsYUFBYSxDQUNkLENBQUM7UUFDSixDQUFDO1FBRUQsTUFBTSxLQUFLLENBQUM7SUFDZCxDQUFDO0lBRUQsT0FBTyxRQUFRLENBQUM7QUFDbEIsQ0FBQyxDQUFDO0FBalFXLFFBQUEsT0FBTyxXQWlRbEIiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQge1xuICBTU09BZG1pbkNsaWVudCxcbiAgQ3JlYXRlQWNjb3VudEFzc2lnbm1lbnRDb21tYW5kLFxuICBEZWxldGVBY2NvdW50QXNzaWdubWVudENvbW1hbmQsXG4gIExpc3RBY2NvdW50QXNzaWdubWVudHNDb21tYW5kLFxuICBBY2NvdW50QXNzaWdubWVudCxcbiAgUHJpbmNpcGFsVHlwZSxcbiAgVGFyZ2V0VHlwZVxufSBmcm9tIFwiQGF3cy1zZGsvY2xpZW50LXNzby1hZG1pblwiO1xuaW1wb3J0IHsgU1RTQ2xpZW50LCBHZXRDYWxsZXJJZGVudGl0eUNvbW1hbmQgfSBmcm9tIFwiQGF3cy1zZGsvY2xpZW50LXN0c1wiO1xuaW1wb3J0IHsgUHV0T2JqZWN0Q29tbWFuZCwgUzNDbGllbnQgfSBmcm9tIFwiQGF3cy1zZGsvY2xpZW50LXMzXCI7XG5cbmludGVyZmFjZSBDbG91ZEZvcm1hdGlvbkV2ZW50IHtcbiAgUmVxdWVzdFR5cGU6IFwiQ3JlYXRlXCIgfCBcIlVwZGF0ZVwiIHwgXCJEZWxldGVcIjtcbiAgUmVzcG9uc2VVUkw6IHN0cmluZztcbiAgU3RhY2tJZDogc3RyaW5nO1xuICBSZXF1ZXN0SWQ6IHN0cmluZztcbiAgUmVzb3VyY2VUeXBlOiBzdHJpbmc7XG4gIExvZ2ljYWxSZXNvdXJjZUlkOiBzdHJpbmc7XG4gIFBoeXNpY2FsUmVzb3VyY2VJZD86IHN0cmluZztcbiAgUmVzb3VyY2VQcm9wZXJ0aWVzOiB7XG4gICAgU2VydmljZVRva2VuOiBzdHJpbmc7XG4gICAgSW5zdGFuY2VBcm46IHN0cmluZztcbiAgICBQZXJtaXNzaW9uU2V0QXJuOiBzdHJpbmc7XG4gICAgUHJpbmNpcGFsVHlwZTogc3RyaW5nO1xuICAgIFByaW5jaXBhbElkOiBzdHJpbmc7XG4gICAgVGFyZ2V0VHlwZTogc3RyaW5nO1xuICAgIFRhcmdldElkOiBzdHJpbmc7XG4gICAgW2tleTogc3RyaW5nXTogYW55O1xuICB9O1xuICBPbGRSZXNvdXJjZVByb3BlcnRpZXM/OiB7XG4gICAgW2tleTogc3RyaW5nXTogYW55O1xuICB9O1xufVxuXG5pbnRlcmZhY2UgQ2xvdWRGb3JtYXRpb25SZXNwb25zZSB7XG4gIFN0YXR1czogXCJTVUNDRVNTXCIgfCBcIkZBSUxFRFwiO1xuICBQaHlzaWNhbFJlc291cmNlSWQ6IHN0cmluZztcbiAgU3RhY2tJZDogc3RyaW5nO1xuICBSZXF1ZXN0SWQ6IHN0cmluZztcbiAgTG9naWNhbFJlc291cmNlSWQ6IHN0cmluZztcbiAgUmVhc29uPzogc3RyaW5nO1xuICBEYXRhPzoge1xuICAgIFtrZXk6IHN0cmluZ106IGFueTtcbiAgfTtcbn1cblxuY29uc3Qgc3NvQWRtaW4gPSBuZXcgU1NPQWRtaW5DbGllbnQoKTtcbmNvbnN0IHN0cyA9IG5ldyBTVFNDbGllbnQoKTtcbmNvbnN0IHMzID0gbmV3IFMzQ2xpZW50KCk7XG5cbi8vIEhlbHBlciBmdW5jdGlvbiB0byBhZGQgZGVsYXlcbmNvbnN0IHNsZWVwID0gKG1zOiBudW1iZXIpID0+IG5ldyBQcm9taXNlKChyZXNvbHZlKSA9PiBzZXRUaW1lb3V0KHJlc29sdmUsIG1zKSk7XG5cbi8vIEZ1bmN0aW9uIHRvIHNlbmQgcmVzcG9uc2UgdG8gQ2xvdWRGb3JtYXRpb25cbmNvbnN0IHNlbmRSZXNwb25zZSA9IGFzeW5jIChcbiAgZXZlbnQ6IENsb3VkRm9ybWF0aW9uRXZlbnQsXG4gIHJlc3BvbnNlOiBDbG91ZEZvcm1hdGlvblJlc3BvbnNlXG4pOiBQcm9taXNlPHZvaWQ+ID0+IHtcbiAgY29uc29sZS5pbmZvKFwiU2VuZGluZyBDbG91ZEZvcm1hdGlvbiByZXNwb25zZTpcIik7XG4gIGNvbnNvbGUuaW5mbyhgU3RhdHVzOiAke3Jlc3BvbnNlLlN0YXR1c31gKTtcbiAgY29uc29sZS5pbmZvKGBQaHlzaWNhbFJlc291cmNlSWQ6ICR7cmVzcG9uc2UuUGh5c2ljYWxSZXNvdXJjZUlkfWApO1xuICBpZiAocmVzcG9uc2UuUmVhc29uKSB7XG4gICAgY29uc29sZS5pbmZvKGBSZWFzb246ICR7cmVzcG9uc2UuUmVhc29ufWApO1xuICB9XG5cbiAgY29uc3QgcmVzcG9uc2VCb2R5ID0gSlNPTi5zdHJpbmdpZnkocmVzcG9uc2UpO1xuICBjb25zb2xlLmluZm8oYFNlbmRpbmcgcmVzcG9uc2UgdG86ICR7ZXZlbnQuUmVzcG9uc2VVUkx9YCk7XG5cbiAgdHJ5IHtcbiAgICAvLyBFeHRyYWN0IGJ1Y2tldCBhbmQga2V5IGZyb20gdGhlIHByZS1zaWduZWQgVVJMXG4gICAgY29uc3QgdXJsID0gbmV3IFVSTChldmVudC5SZXNwb25zZVVSTCk7XG4gICAgY29uc3QgYnVja2V0TmFtZSA9IHVybC5ob3N0bmFtZS5zcGxpdChcIi5cIilbMF07XG4gICAgY29uc3Qga2V5ID0gdXJsLnBhdGhuYW1lLnN1YnN0cmluZygxKTsgLy8gcmVtb3ZlIGxlYWRpbmcgc2xhc2hcblxuICAgIC8vIFVzZSBTMyBjbGllbnQgdG8gdXBsb2FkIGRpcmVjdGx5XG4gICAgYXdhaXQgczMuc2VuZChcbiAgICAgIG5ldyBQdXRPYmplY3RDb21tYW5kKHtcbiAgICAgICAgQnVja2V0OiBidWNrZXROYW1lLFxuICAgICAgICBLZXk6IGtleSxcbiAgICAgICAgQm9keTogcmVzcG9uc2VCb2R5LFxuICAgICAgICBDb250ZW50VHlwZTogXCJhcHBsaWNhdGlvbi9qc29uXCJcbiAgICAgIH0pXG4gICAgKTtcblxuICAgIGNvbnNvbGUuaW5mbyhgU3RhdHVzIGNvZGU6IDIwMGApO1xuICAgIGNvbnNvbGUuaW5mbyhgU3RhdHVzIG1lc3NhZ2U6IE9LYCk7XG4gIH0gY2F0Y2ggKGVycm9yKSB7XG4gICAgY29uc29sZS5lcnJvcihcIkVycm9yIHNlbmRpbmcgcmVzcG9uc2U6XCIsIGVycm9yKTtcbiAgICB0aHJvdyBlcnJvcjtcbiAgfVxufTtcblxuLy8gRnVuY3Rpb24gdG8gY2hlY2sgaWYgYW4gYXNzaWdubWVudCBleGlzdHNcbmNvbnN0IHZlcmlmeUFzc2lnbm1lbnRFeGlzdHMgPSBhc3luYyAoXG4gIGluc3RhbmNlQXJuOiBzdHJpbmcsXG4gIHBlcm1pc3Npb25TZXRBcm46IHN0cmluZyxcbiAgdGFyZ2V0SWQ6IHN0cmluZyxcbiAgcHJpbmNpcGFsSWQ6IHN0cmluZyxcbiAgcHJpbmNpcGFsVHlwZTogc3RyaW5nLFxuICByZXRyaWVzID0gMTAsXG4gIGRlbGF5ID0gNTAwMFxuKTogUHJvbWlzZTxib29sZWFuPiA9PiB7XG4gIGZvciAobGV0IGF0dGVtcHQgPSAxOyBhdHRlbXB0IDw9IHJldHJpZXM7IGF0dGVtcHQrKykge1xuICAgIHRyeSB7XG4gICAgICBjb25zb2xlLmluZm8oXG4gICAgICAgIGBWZXJpZnlpbmcgYXNzaWdubWVudCBleGlzdHMgLSBhdHRlbXB0ICR7YXR0ZW1wdH0vJHtyZXRyaWVzfWBcbiAgICAgICk7XG5cbiAgICAgIGNvbnN0IGxpc3RSZXNwb25zZSA9IGF3YWl0IHNzb0FkbWluLnNlbmQoXG4gICAgICAgIG5ldyBMaXN0QWNjb3VudEFzc2lnbm1lbnRzQ29tbWFuZCh7XG4gICAgICAgICAgSW5zdGFuY2VBcm46IGluc3RhbmNlQXJuLFxuICAgICAgICAgIEFjY291bnRJZDogdGFyZ2V0SWQsXG4gICAgICAgICAgUGVybWlzc2lvblNldEFybjogcGVybWlzc2lvblNldEFyblxuICAgICAgICB9KVxuICAgICAgKTtcblxuICAgICAgY29uc3QgYXNzaWdubWVudHMgPSBsaXN0UmVzcG9uc2UuQWNjb3VudEFzc2lnbm1lbnRzIHx8IFtdO1xuXG4gICAgICBjb25zb2xlLmluZm8oXG4gICAgICAgIGBGb3VuZCAke2Fzc2lnbm1lbnRzLmxlbmd0aH0gYXNzaWdubWVudHMgZm9yIGFjY291bnQgJHt0YXJnZXRJZH0gYW5kIHBlcm1pc3Npb24gc2V0YFxuICAgICAgKTtcblxuICAgICAgY29uc3QgZXhpc3RzID0gYXNzaWdubWVudHMuc29tZShcbiAgICAgICAgKGFzc2lnbm1lbnQ6IEFjY291bnRBc3NpZ25tZW50KSA9PlxuICAgICAgICAgIGFzc2lnbm1lbnQuUHJpbmNpcGFsSWQgPT09IHByaW5jaXBhbElkICYmXG4gICAgICAgICAgYXNzaWdubWVudC5QcmluY2lwYWxUeXBlID09PSAocHJpbmNpcGFsVHlwZSBhcyBQcmluY2lwYWxUeXBlKVxuICAgICAgKTtcblxuICAgICAgaWYgKGV4aXN0cykge1xuICAgICAgICBjb25zb2xlLmluZm8oXCJBc3NpZ25tZW50IGV4aXN0c1wiKTtcbiAgICAgICAgcmV0dXJuIHRydWU7XG4gICAgICB9XG5cbiAgICAgIGlmIChhdHRlbXB0IDwgcmV0cmllcykge1xuICAgICAgICBjb25zb2xlLmluZm8oXG4gICAgICAgICAgYEFzc2lnbm1lbnQgbm90IGZvdW5kLCB3YWl0aW5nICR7XG4gICAgICAgICAgICBkZWxheSAvIDEwMDBcbiAgICAgICAgICB9IHNlY29uZHMgYmVmb3JlIHJldHJ5aW5nLi4uYFxuICAgICAgICApO1xuICAgICAgICBhd2FpdCBzbGVlcChkZWxheSk7XG4gICAgICB9XG4gICAgfSBjYXRjaCAoZXJyb3I6IGFueSkge1xuICAgICAgY29uc29sZS5lcnJvcihcbiAgICAgICAgYEVycm9yIHZlcmlmeWluZyBhc3NpZ25tZW50IChhdHRlbXB0ICR7YXR0ZW1wdH0vJHtyZXRyaWVzfSk6YCxcbiAgICAgICAgZXJyb3JcbiAgICAgICk7XG5cbiAgICAgIGlmIChhdHRlbXB0IDwgcmV0cmllcykge1xuICAgICAgICBjb25zb2xlLmluZm8oYFdhaXRpbmcgJHtkZWxheSAvIDEwMDB9IHNlY29uZHMgYmVmb3JlIHJldHJ5aW5nLi4uYCk7XG4gICAgICAgIGF3YWl0IHNsZWVwKGRlbGF5KTtcbiAgICAgIH1cbiAgICB9XG4gIH1cblxuICBjb25zb2xlLmluZm8oXCJBc3NpZ25tZW50IG5vdCBmb3VuZCBhZnRlciBtYXhpbXVtIHJldHJpZXNcIik7XG4gIHJldHVybiBmYWxzZTtcbn07XG5cbi8vIEhhbmRsZSBDbG91ZEZvcm1hdGlvbiBjdXN0b20gcmVzb3VyY2UgZXZlbnRcbmV4cG9ydCBjb25zdCBoYW5kbGVyID0gYXN5bmMgKGV2ZW50OiBDbG91ZEZvcm1hdGlvbkV2ZW50KTogUHJvbWlzZTxhbnk+ID0+IHtcbiAgY29uc29sZS5pbmZvKFwiUmVjZWl2ZWQgZXZlbnQ6IFwiLCBKU09OLnN0cmluZ2lmeShldmVudCwgbnVsbCwgMikpO1xuXG4gIC8vIExvZyBlbnZpcm9ubWVudCB2YXJpYWJsZXMgKHdpdGhvdXQgc2Vuc2l0aXZlIGRhdGEpXG4gIGNvbnNvbGUuaW5mbyhcbiAgICBcIkVudmlyb25tZW50IHZhcmlhYmxlczogXCIgK1xuICAgICAgSlNPTi5zdHJpbmdpZnkoe1xuICAgICAgICBBV1NfUkVHSU9OOiBwcm9jZXNzLmVudi5BV1NfUkVHSU9OLFxuICAgICAgICBBV1NfRVhFQ1VUSU9OX0VOVjogcHJvY2Vzcy5lbnYuQVdTX0VYRUNVVElPTl9FTlYsXG4gICAgICAgIEFXU19MQU1CREFfRlVOQ1RJT05fTkFNRTogcHJvY2Vzcy5lbnYuQVdTX0xBTUJEQV9GVU5DVElPTl9OQU1FLFxuICAgICAgICBBV1NfTEFNQkRBX0ZVTkNUSU9OX1ZFUlNJT046IHByb2Nlc3MuZW52LkFXU19MQU1CREFfRlVOQ1RJT05fVkVSU0lPTixcbiAgICAgICAgQVdTX0xBTUJEQV9GVU5DVElPTl9NRU1PUllfU0laRTpcbiAgICAgICAgICBwcm9jZXNzLmVudi5BV1NfTEFNQkRBX0ZVTkNUSU9OX01FTU9SWV9TSVpFXG4gICAgICB9KVxuICApO1xuXG4gIC8vIEdldCBjdXJyZW50IGlkZW50aXR5IGZvciBkZWJ1Z2dpbmcgcHVycG9zZXNcbiAgdHJ5IHtcbiAgICBjb25zdCBpZGVudGl0eSA9IGF3YWl0IHN0cy5zZW5kKG5ldyBHZXRDYWxsZXJJZGVudGl0eUNvbW1hbmQoe30pKTtcbiAgICBjb25zb2xlLmluZm8oXCJDdXJyZW50IGlkZW50aXR5OiBcIiwgSlNPTi5zdHJpbmdpZnkoaWRlbnRpdHksIG51bGwsIDIpKTtcbiAgfSBjYXRjaCAoZXJyb3IpIHtcbiAgICBjb25zb2xlLmVycm9yKFwiRXJyb3IgZ2V0dGluZyBjYWxsZXIgaWRlbnRpdHk6XCIsIGVycm9yKTtcbiAgfVxuXG4gIGNvbnN0IHtcbiAgICBJbnN0YW5jZUFybjogaW5zdGFuY2VBcm4sXG4gICAgUGVybWlzc2lvblNldEFybjogcGVybWlzc2lvblNldEFybixcbiAgICBQcmluY2lwYWxUeXBlOiBwcmluY2lwYWxUeXBlU3RyLFxuICAgIFByaW5jaXBhbElkOiBwcmluY2lwYWxJZCxcbiAgICBUYXJnZXRUeXBlOiB0YXJnZXRUeXBlU3RyLFxuICAgIFRhcmdldElkOiB0YXJnZXRJZFxuICB9ID0gZXZlbnQuUmVzb3VyY2VQcm9wZXJ0aWVzO1xuXG4gIC8vIENvbnZlcnQgc3RyaW5nIHR5cGVzIHRvIGVudW0gdHlwZXNcbiAgY29uc3QgcHJpbmNpcGFsVHlwZSA9IHByaW5jaXBhbFR5cGVTdHIgYXMgUHJpbmNpcGFsVHlwZTtcbiAgY29uc3QgdGFyZ2V0VHlwZSA9IHRhcmdldFR5cGVTdHIgYXMgVGFyZ2V0VHlwZTtcblxuICAvLyBHZW5lcmF0ZSBhIGNvbnNpc3RlbnQgcGh5c2ljYWwgSUQgcmVnYXJkbGVzcyBvZiB3aGV0aGVyIHRoZSBhc3NpZ25tZW50IGV4aXN0c1xuICBjb25zdCBwaHlzaWNhbFJlc291cmNlSWQgPVxuICAgIGV2ZW50LlBoeXNpY2FsUmVzb3VyY2VJZCB8fFxuICAgIGAke3Blcm1pc3Npb25TZXRBcm59LSR7cHJpbmNpcGFsSWR9LSR7dGFyZ2V0SWR9YDtcblxuICAvLyBQcmVwYXJlIHRoZSByZXNwb25zZVxuICBjb25zdCByZXNwb25zZTogQ2xvdWRGb3JtYXRpb25SZXNwb25zZSA9IHtcbiAgICBTdGF0dXM6IFwiU1VDQ0VTU1wiLFxuICAgIFBoeXNpY2FsUmVzb3VyY2VJZDogcGh5c2ljYWxSZXNvdXJjZUlkLFxuICAgIFN0YWNrSWQ6IGV2ZW50LlN0YWNrSWQsXG4gICAgUmVxdWVzdElkOiBldmVudC5SZXF1ZXN0SWQsXG4gICAgTG9naWNhbFJlc291cmNlSWQ6IGV2ZW50LkxvZ2ljYWxSZXNvdXJjZUlkXG4gIH07XG5cbiAgY29uc3QgTUFYX1JFVFJJRVMgPSA1O1xuXG4gIHRyeSB7XG4gICAgc3dpdGNoIChldmVudC5SZXF1ZXN0VHlwZSkge1xuICAgICAgY2FzZSBcIkNyZWF0ZVwiOlxuICAgICAgY2FzZSBcIlVwZGF0ZVwiOlxuICAgICAgICBjb25zdCBvcGVyYXRpb24gPVxuICAgICAgICAgIGV2ZW50LlJlcXVlc3RUeXBlID09PSBcIkNyZWF0ZVwiID8gXCJDcmVhdGluZ1wiIDogXCJVcGRhdGluZ1wiO1xuXG4gICAgICAgIC8vIENoZWNrIGlmIGFzc2lnbm1lbnQgYWxyZWFkeSBleGlzdHMgZm9yIHVwZGF0ZXMgdG8gYXZvaWQgZXJyb3JzXG4gICAgICAgIGlmIChldmVudC5SZXF1ZXN0VHlwZSA9PT0gXCJVcGRhdGVcIikge1xuICAgICAgICAgIGNvbnN0IGV4aXN0cyA9IGF3YWl0IHZlcmlmeUFzc2lnbm1lbnRFeGlzdHMoXG4gICAgICAgICAgICBpbnN0YW5jZUFybixcbiAgICAgICAgICAgIHBlcm1pc3Npb25TZXRBcm4sXG4gICAgICAgICAgICB0YXJnZXRJZCxcbiAgICAgICAgICAgIHByaW5jaXBhbElkLFxuICAgICAgICAgICAgcHJpbmNpcGFsVHlwZVN0clxuICAgICAgICAgICk7XG5cbiAgICAgICAgICBpZiAoZXhpc3RzKSB7XG4gICAgICAgICAgICBjb25zb2xlLmluZm8oXG4gICAgICAgICAgICAgIFwiQXNzaWdubWVudCBhbHJlYWR5IGV4aXN0cyBmb3IgdXBkYXRlIG9wZXJhdGlvbiAtIG5vIGFjdGlvbiBuZWVkZWRcIlxuICAgICAgICAgICAgKTtcbiAgICAgICAgICAgIGF3YWl0IHNlbmRSZXNwb25zZShldmVudCwgcmVzcG9uc2UpO1xuICAgICAgICAgICAgcmV0dXJuIHJlc3BvbnNlO1xuICAgICAgICAgIH1cbiAgICAgICAgfVxuXG4gICAgICAgIC8vIENyZWF0ZSB0aGUgYXNzaWdubWVudFxuICAgICAgICBmb3IgKGxldCBhdHRlbXB0ID0gMTsgYXR0ZW1wdCA8PSBNQVhfUkVUUklFUzsgYXR0ZW1wdCsrKSB7XG4gICAgICAgICAgY29uc29sZS5pbmZvKGBBdHRlbXB0ICR7YXR0ZW1wdH0vJHtNQVhfUkVUUklFU31gKTtcbiAgICAgICAgICBjb25zb2xlLmluZm8oYCR7b3BlcmF0aW9ufSBBY2NvdW50IEFzc2lnbm1lbnRgKTtcblxuICAgICAgICAgIHRyeSB7XG4gICAgICAgICAgICBhd2FpdCBzc29BZG1pbi5zZW5kKFxuICAgICAgICAgICAgICBuZXcgQ3JlYXRlQWNjb3VudEFzc2lnbm1lbnRDb21tYW5kKHtcbiAgICAgICAgICAgICAgICBJbnN0YW5jZUFybjogaW5zdGFuY2VBcm4sXG4gICAgICAgICAgICAgICAgUGVybWlzc2lvblNldEFybjogcGVybWlzc2lvblNldEFybixcbiAgICAgICAgICAgICAgICBQcmluY2lwYWxUeXBlOiBwcmluY2lwYWxUeXBlLFxuICAgICAgICAgICAgICAgIFByaW5jaXBhbElkOiBwcmluY2lwYWxJZCxcbiAgICAgICAgICAgICAgICBUYXJnZXRUeXBlOiB0YXJnZXRUeXBlLFxuICAgICAgICAgICAgICAgIFRhcmdldElkOiB0YXJnZXRJZFxuICAgICAgICAgICAgICB9KVxuICAgICAgICAgICAgKTtcblxuICAgICAgICAgICAgY29uc29sZS5pbmZvKFwiQ3JlYXRlIGFzc2lnbm1lbnQgY29tbWFuZCBzZW50IHN1Y2Nlc3NmdWxseVwiKTtcbiAgICAgICAgICAgIGNvbnNvbGUuaW5mbyhcIlZlcmlmeWluZyBhc3NpZ25tZW50IGV4aXN0c1wiKTtcblxuICAgICAgICAgICAgLy8gVmVyaWZ5IHRoZSBhc3NpZ25tZW50IHdhcyBjcmVhdGVkXG4gICAgICAgICAgICBjb25zdCBleGlzdHMgPSBhd2FpdCB2ZXJpZnlBc3NpZ25tZW50RXhpc3RzKFxuICAgICAgICAgICAgICBpbnN0YW5jZUFybixcbiAgICAgICAgICAgICAgcGVybWlzc2lvblNldEFybixcbiAgICAgICAgICAgICAgdGFyZ2V0SWQsXG4gICAgICAgICAgICAgIHByaW5jaXBhbElkLFxuICAgICAgICAgICAgICBwcmluY2lwYWxUeXBlU3RyXG4gICAgICAgICAgICApO1xuXG4gICAgICAgICAgICBpZiAoZXhpc3RzKSB7XG4gICAgICAgICAgICAgIGNvbnNvbGUuaW5mbyhcIkFzc2lnbm1lbnQgdmVyaWZpZWQgc3VjY2Vzc2Z1bGx5XCIpO1xuICAgICAgICAgICAgICBhd2FpdCBzZW5kUmVzcG9uc2UoZXZlbnQsIHJlc3BvbnNlKTtcbiAgICAgICAgICAgICAgcmV0dXJuIHJlc3BvbnNlO1xuICAgICAgICAgICAgfSBlbHNlIHtcbiAgICAgICAgICAgICAgdGhyb3cgbmV3IEVycm9yKFxuICAgICAgICAgICAgICAgIFwiQXNzaWdubWVudCB2ZXJpZmljYXRpb24gZmFpbGVkOiBBc3NpZ25tZW50IG5vdCBmb3VuZCBhZnRlciBjcmVhdGlvblwiXG4gICAgICAgICAgICAgICk7XG4gICAgICAgICAgICB9XG4gICAgICAgICAgfSBjYXRjaCAoZXJyb3I6IGFueSkge1xuICAgICAgICAgICAgY29uc29sZS5lcnJvcihgRXJyb3IgaW4gYXR0ZW1wdCAke2F0dGVtcHR9OmAsIGVycm9yKTtcblxuICAgICAgICAgICAgLy8gSWYgaXQncyB0aGUgbGFzdCBhdHRlbXB0LCBwcm9wYWdhdGUgdGhlIGVycm9yXG4gICAgICAgICAgICBpZiAoYXR0ZW1wdCA9PT0gTUFYX1JFVFJJRVMpIHtcbiAgICAgICAgICAgICAgdGhyb3cgZXJyb3I7XG4gICAgICAgICAgICB9XG5cbiAgICAgICAgICAgIC8vIElmIGl0J3MgYSBDb25mbGljdEV4Y2VwdGlvbiBvciB0aGUgYXNzaWdubWVudCBhbHJlYWR5IGV4aXN0cywgY29uc2lkZXIgaXQgYSBzdWNjZXNzXG4gICAgICAgICAgICBpZiAoXG4gICAgICAgICAgICAgIGVycm9yLm5hbWUgPT09IFwiQ29uZmxpY3RFeGNlcHRpb25cIiB8fFxuICAgICAgICAgICAgICBlcnJvci5tZXNzYWdlLmluY2x1ZGVzKFwiYWxyZWFkeSBleGlzdHNcIikgfHxcbiAgICAgICAgICAgICAgKGF3YWl0IHZlcmlmeUFzc2lnbm1lbnRFeGlzdHMoXG4gICAgICAgICAgICAgICAgaW5zdGFuY2VBcm4sXG4gICAgICAgICAgICAgICAgcGVybWlzc2lvblNldEFybixcbiAgICAgICAgICAgICAgICB0YXJnZXRJZCxcbiAgICAgICAgICAgICAgICBwcmluY2lwYWxJZCxcbiAgICAgICAgICAgICAgICBwcmluY2lwYWxUeXBlU3RyXG4gICAgICAgICAgICAgICkpXG4gICAgICAgICAgICApIHtcbiAgICAgICAgICAgICAgY29uc29sZS5pbmZvKFxuICAgICAgICAgICAgICAgIFwiQXNzaWdubWVudCBhbHJlYWR5IGV4aXN0cyBvciB3YXMgY3JlYXRlZCBzdWNjZXNzZnVsbHlcIlxuICAgICAgICAgICAgICApO1xuICAgICAgICAgICAgICBhd2FpdCBzZW5kUmVzcG9uc2UoZXZlbnQsIHJlc3BvbnNlKTtcbiAgICAgICAgICAgICAgcmV0dXJuIHJlc3BvbnNlO1xuICAgICAgICAgICAgfVxuXG4gICAgICAgICAgICAvLyBPdGhlcndpc2UsIHdhaXQgYW5kIHJldHJ5XG4gICAgICAgICAgICBhd2FpdCBzbGVlcCgyMDAwICogYXR0ZW1wdCk7IC8vIEV4cG9uZW50aWFsIGJhY2tvZmZcbiAgICAgICAgICB9XG4gICAgICAgIH1cblxuICAgICAgICBicmVhaztcblxuICAgICAgY2FzZSBcIkRlbGV0ZVwiOlxuICAgICAgICAvLyBDaGVjayBpZiBhc3NpZ25tZW50IGV4aXN0cyBiZWZvcmUgYXR0ZW1wdGluZyBkZWxldGlvblxuICAgICAgICBjb25zdCBhc3NpZ25tZW50RXhpc3RzID0gYXdhaXQgdmVyaWZ5QXNzaWdubWVudEV4aXN0cyhcbiAgICAgICAgICBpbnN0YW5jZUFybixcbiAgICAgICAgICBwZXJtaXNzaW9uU2V0QXJuLFxuICAgICAgICAgIHRhcmdldElkLFxuICAgICAgICAgIHByaW5jaXBhbElkLFxuICAgICAgICAgIHByaW5jaXBhbFR5cGVTdHJcbiAgICAgICAgKTtcblxuICAgICAgICBpZiAoIWFzc2lnbm1lbnRFeGlzdHMpIHtcbiAgICAgICAgICBjb25zb2xlLmluZm8oXCJBc3NpZ25tZW50IGRvZXMgbm90IGV4aXN0LCBubyBuZWVkIHRvIGRlbGV0ZVwiKTtcbiAgICAgICAgICBhd2FpdCBzZW5kUmVzcG9uc2UoZXZlbnQsIHJlc3BvbnNlKTtcbiAgICAgICAgICByZXR1cm4gcmVzcG9uc2U7XG4gICAgICAgIH1cblxuICAgICAgICAvLyBEZWxldGUgdGhlIGFzc2lnbm1lbnRcbiAgICAgICAgZm9yIChsZXQgYXR0ZW1wdCA9IDE7IGF0dGVtcHQgPD0gTUFYX1JFVFJJRVM7IGF0dGVtcHQrKykge1xuICAgICAgICAgIGNvbnNvbGUuaW5mbyhgQXR0ZW1wdCAke2F0dGVtcHR9LyR7TUFYX1JFVFJJRVN9YCk7XG4gICAgICAgICAgY29uc29sZS5pbmZvKFwiRGVsZXRpbmcgQWNjb3VudCBBc3NpZ25tZW50XCIpO1xuXG4gICAgICAgICAgdHJ5IHtcbiAgICAgICAgICAgIGF3YWl0IHNzb0FkbWluLnNlbmQoXG4gICAgICAgICAgICAgIG5ldyBEZWxldGVBY2NvdW50QXNzaWdubWVudENvbW1hbmQoe1xuICAgICAgICAgICAgICAgIEluc3RhbmNlQXJuOiBpbnN0YW5jZUFybixcbiAgICAgICAgICAgICAgICBQZXJtaXNzaW9uU2V0QXJuOiBwZXJtaXNzaW9uU2V0QXJuLFxuICAgICAgICAgICAgICAgIFByaW5jaXBhbFR5cGU6IHByaW5jaXBhbFR5cGUsXG4gICAgICAgICAgICAgICAgUHJpbmNpcGFsSWQ6IHByaW5jaXBhbElkLFxuICAgICAgICAgICAgICAgIFRhcmdldFR5cGU6IHRhcmdldFR5cGUsXG4gICAgICAgICAgICAgICAgVGFyZ2V0SWQ6IHRhcmdldElkXG4gICAgICAgICAgICAgIH0pXG4gICAgICAgICAgICApO1xuXG4gICAgICAgICAgICBjb25zb2xlLmluZm8oXCJEZWxldGUgYXNzaWdubWVudCBjb21tYW5kIHNlbnQgc3VjY2Vzc2Z1bGx5XCIpO1xuICAgICAgICAgICAgY29uc29sZS5pbmZvKFwiVmVyaWZ5aW5nIGFzc2lnbm1lbnQgZG9lcyBub3QgZXhpc3RcIik7XG5cbiAgICAgICAgICAgIC8vIEhlcmUgd2UncmUgaW52ZXJ0aW5nIHRoZSBsb2dpYyAtIHdhaXQgZm9yIHRoZSBhc3NpZ25tZW50IHRvIE5PVCBleGlzdFxuICAgICAgICAgICAgY29uc3Qgc3RpbGxFeGlzdHMgPSBhd2FpdCB2ZXJpZnlBc3NpZ25tZW50RXhpc3RzKFxuICAgICAgICAgICAgICBpbnN0YW5jZUFybixcbiAgICAgICAgICAgICAgcGVybWlzc2lvblNldEFybixcbiAgICAgICAgICAgICAgdGFyZ2V0SWQsXG4gICAgICAgICAgICAgIHByaW5jaXBhbElkLFxuICAgICAgICAgICAgICBwcmluY2lwYWxUeXBlU3RyXG4gICAgICAgICAgICApO1xuXG4gICAgICAgICAgICBpZiAoIXN0aWxsRXhpc3RzKSB7XG4gICAgICAgICAgICAgIGNvbnNvbGUuaW5mbyhcIkFzc2lnbm1lbnQgZGVsZXRlZCBzdWNjZXNzZnVsbHlcIik7XG4gICAgICAgICAgICAgIGF3YWl0IHNlbmRSZXNwb25zZShldmVudCwgcmVzcG9uc2UpO1xuICAgICAgICAgICAgICByZXR1cm4gcmVzcG9uc2U7XG4gICAgICAgICAgICB9IGVsc2Uge1xuICAgICAgICAgICAgICAvLyBPbiB0aGUgZmluYWwgYXR0ZW1wdCwgY29uc2lkZXIgaXQgYW4gZXJyb3IgaWYgaXQgc3RpbGwgZXhpc3RzXG4gICAgICAgICAgICAgIGlmIChhdHRlbXB0ID09PSBNQVhfUkVUUklFUykge1xuICAgICAgICAgICAgICAgIHRocm93IG5ldyBFcnJvcihcbiAgICAgICAgICAgICAgICAgIFwiQXNzaWdubWVudCB2ZXJpZmljYXRpb24gZmFpbGVkOiBBc3NpZ25tZW50IHN0aWxsIGV4aXN0cyBhZnRlciBkZWxldGlvblwiXG4gICAgICAgICAgICAgICAgKTtcbiAgICAgICAgICAgICAgfVxuXG4gICAgICAgICAgICAgIC8vIE90aGVyd2lzZSwgd2FpdCBhbmQgcmV0cnkgdGhlIHZlcmlmaWNhdGlvblxuICAgICAgICAgICAgICBjb25zb2xlLmluZm8oXG4gICAgICAgICAgICAgICAgYEFzc2lnbm1lbnQgc3RpbGwgZXhpc3RzIGFmdGVyIGRlbGV0aW9uIGF0dGVtcHQgJHthdHRlbXB0fSwgd2FpdGluZy4uLmBcbiAgICAgICAgICAgICAgKTtcbiAgICAgICAgICAgICAgYXdhaXQgc2xlZXAoMzAwMCk7XG4gICAgICAgICAgICB9XG4gICAgICAgICAgfSBjYXRjaCAoZXJyb3I6IGFueSkge1xuICAgICAgICAgICAgY29uc29sZS5lcnJvcihgRXJyb3IgaW4gZGVsZXRlIGF0dGVtcHQgJHthdHRlbXB0fTpgLCBlcnJvcik7XG5cbiAgICAgICAgICAgIC8vIElmIGl0J3MgYSBSZXNvdXJjZU5vdEZvdW5kRXhjZXB0aW9uLCBjb25zaWRlciBpdCBhIHN1Y2Nlc3NcbiAgICAgICAgICAgIGlmIChcbiAgICAgICAgICAgICAgZXJyb3IubmFtZSA9PT0gXCJSZXNvdXJjZU5vdEZvdW5kRXhjZXB0aW9uXCIgfHxcbiAgICAgICAgICAgICAgZXJyb3IubWVzc2FnZS5pbmNsdWRlcyhcImRvZXMgbm90IGV4aXN0XCIpXG4gICAgICAgICAgICApIHtcbiAgICAgICAgICAgICAgY29uc29sZS5pbmZvKFwiQXNzaWdubWVudCBkb2VzIG5vdCBleGlzdCBvciB3YXMgYWxyZWFkeSBkZWxldGVkXCIpO1xuICAgICAgICAgICAgICBhd2FpdCBzZW5kUmVzcG9uc2UoZXZlbnQsIHJlc3BvbnNlKTtcbiAgICAgICAgICAgICAgcmV0dXJuIHJlc3BvbnNlO1xuICAgICAgICAgICAgfVxuXG4gICAgICAgICAgICAvLyBPbiB0aGUgbGFzdCBhdHRlbXB0LCBwcm9wYWdhdGUgdGhlIGVycm9yXG4gICAgICAgICAgICBpZiAoYXR0ZW1wdCA9PT0gTUFYX1JFVFJJRVMpIHtcbiAgICAgICAgICAgICAgdGhyb3cgZXJyb3I7XG4gICAgICAgICAgICB9XG5cbiAgICAgICAgICAgIC8vIE90aGVyd2lzZSwgd2FpdCBhbmQgcmV0cnlcbiAgICAgICAgICAgIGF3YWl0IHNsZWVwKDIwMDAgKiBhdHRlbXB0KTtcbiAgICAgICAgICB9XG4gICAgICAgIH1cblxuICAgICAgICBicmVhaztcbiAgICB9XG4gIH0gY2F0Y2ggKGVycm9yOiBhbnkpIHtcbiAgICBjb25zb2xlLmVycm9yKGBPcGVyYXRpb24gZmFpbGVkOiAke2Vycm9yLm1lc3NhZ2V9YCwgZXJyb3IpO1xuICAgIHJlc3BvbnNlLlN0YXR1cyA9IFwiRkFJTEVEXCI7XG4gICAgcmVzcG9uc2UuUmVhc29uID0gYCR7ZXZlbnQuUmVxdWVzdFR5cGV9IG9wZXJhdGlvbiBmYWlsZWQ6ICR7ZXJyb3IubWVzc2FnZX1gO1xuXG4gICAgdHJ5IHtcbiAgICAgIGF3YWl0IHNlbmRSZXNwb25zZShldmVudCwgcmVzcG9uc2UpO1xuICAgIH0gY2F0Y2ggKHJlc3BvbnNlRXJyb3IpIHtcbiAgICAgIGNvbnNvbGUuZXJyb3IoXG4gICAgICAgIFwiRmFpbGVkIHRvIHNlbmQgcmVzcG9uc2UgdG8gQ2xvdWRGb3JtYXRpb246XCIsXG4gICAgICAgIHJlc3BvbnNlRXJyb3JcbiAgICAgICk7XG4gICAgfVxuXG4gICAgdGhyb3cgZXJyb3I7XG4gIH1cblxuICByZXR1cm4gcmVzcG9uc2U7XG59O1xuIl19
|
|
@@ -1,9 +1,7 @@
|
|
|
1
1
|
import { Construct } from "constructs";
|
|
2
|
-
import { AwsCustomResource } from "../../utilities/awsCustomResource";
|
|
3
2
|
import { KeyValue } from "../../../../types";
|
|
4
3
|
export declare class PermissionSet extends Construct {
|
|
5
4
|
private permissionSetArn;
|
|
6
|
-
deletePermissionSet: AwsCustomResource;
|
|
7
5
|
constructor(scope: Construct, id: string, props: {
|
|
8
6
|
name: string;
|
|
9
7
|
instanceArn: string;
|
|
@@ -5,9 +5,6 @@ const aws_iam_1 = require("aws-cdk-lib/aws-iam");
|
|
|
5
5
|
const constructs_1 = require("constructs");
|
|
6
6
|
const customResources = require("aws-cdk-lib/custom-resources");
|
|
7
7
|
const awsCustomResource_1 = require("../../utilities/awsCustomResource");
|
|
8
|
-
// function transformManagedPolicies(policies?: string[]) {
|
|
9
|
-
// return policies?.map((arn) => ({ Arn: arn }));
|
|
10
|
-
// }
|
|
11
8
|
function transformTags(tags) {
|
|
12
9
|
return tags?.map(({ key, value }) => ({ Key: key, Value: value }));
|
|
13
10
|
}
|
|
@@ -15,7 +12,7 @@ class PermissionSet extends constructs_1.Construct {
|
|
|
15
12
|
constructor(scope, id, props) {
|
|
16
13
|
super(scope, id);
|
|
17
14
|
const physicalId = `permissionSet${props.name}`;
|
|
18
|
-
const
|
|
15
|
+
const createPermissionSet = new awsCustomResource_1.AwsCustomResource(this, "createPermissionSet", {
|
|
19
16
|
functionName: `createPermissionSet${props.name}`,
|
|
20
17
|
onCreate: {
|
|
21
18
|
service: "sso-admin",
|
|
@@ -24,7 +21,6 @@ class PermissionSet extends constructs_1.Construct {
|
|
|
24
21
|
Name: props.name,
|
|
25
22
|
InstanceArn: props.instanceArn,
|
|
26
23
|
Description: props.description,
|
|
27
|
-
// ManagedPolicies: transformManagedPolicies(props.managedPolicies),
|
|
28
24
|
Tags: transformTags(props.tags)
|
|
29
25
|
},
|
|
30
26
|
physicalResourceId: customResources.PhysicalResourceId.of(physicalId)
|
|
@@ -32,17 +28,18 @@ class PermissionSet extends constructs_1.Construct {
|
|
|
32
28
|
policy: customResources.AwsCustomResourcePolicy.fromStatements([
|
|
33
29
|
new aws_iam_1.PolicyStatement({
|
|
34
30
|
actions: [
|
|
35
|
-
"sso
|
|
36
|
-
|
|
37
|
-
"sso:
|
|
31
|
+
"sso:*"
|
|
32
|
+
// TODO: Move into a role policy for entire ManagedOrganisation custom resources
|
|
33
|
+
// "sso:ProvisionPermissionSet",
|
|
34
|
+
// "sso:TagResource"
|
|
38
35
|
],
|
|
39
36
|
resources: ["*"]
|
|
40
37
|
})
|
|
41
38
|
]),
|
|
42
39
|
resourceType: "Custom::PermissionSet"
|
|
43
40
|
});
|
|
44
|
-
this.permissionSetArn =
|
|
45
|
-
new awsCustomResource_1.AwsCustomResource(this, "updatePermissionSet", {
|
|
41
|
+
this.permissionSetArn = createPermissionSet.getResponseField("PermissionSet.PermissionSetArn");
|
|
42
|
+
const updatePermissionSet = new awsCustomResource_1.AwsCustomResource(this, "updatePermissionSet", {
|
|
46
43
|
functionName: `updatePermissionSet${props.name}`,
|
|
47
44
|
onUpdate: {
|
|
48
45
|
service: "sso-admin",
|
|
@@ -66,7 +63,7 @@ class PermissionSet extends constructs_1.Construct {
|
|
|
66
63
|
]),
|
|
67
64
|
resourceType: "Custom::PermissionSet"
|
|
68
65
|
});
|
|
69
|
-
|
|
66
|
+
const deletePermissionSet = new awsCustomResource_1.AwsCustomResource(this, "deletePermissionSet", {
|
|
70
67
|
functionName: `deletePermissionSet${props.name}`,
|
|
71
68
|
onDelete: {
|
|
72
69
|
service: "sso-admin",
|
|
@@ -94,4 +91,4 @@ class PermissionSet extends constructs_1.Construct {
|
|
|
94
91
|
}
|
|
95
92
|
}
|
|
96
93
|
exports.PermissionSet = PermissionSet;
|
|
97
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
94
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGVybWlzc2lvblNldC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uLy4uLy4uL2xpYi9yZXNvdXJjZXMvYXdzL2lhbS9pZGVudGl0eUNlbnRlci9wZXJtaXNzaW9uU2V0LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLGlEQUFzRDtBQUN0RCwyQ0FBdUM7QUFDdkMsZ0VBQWdFO0FBQ2hFLHlFQUFzRTtBQUd0RSxTQUFTLGFBQWEsQ0FBQyxJQUFpQjtJQUN0QyxPQUFPLElBQUksRUFBRSxHQUFHLENBQUMsQ0FBQyxFQUFFLEdBQUcsRUFBRSxLQUFLLEVBQUUsRUFBRSxFQUFFLENBQUMsQ0FBQyxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsS0FBSyxFQUFFLEtBQUssRUFBRSxDQUFDLENBQUMsQ0FBQztBQUNyRSxDQUFDO0FBRUQsTUFBYSxhQUFjLFNBQVEsc0JBQVM7SUFHMUMsWUFDRSxLQUFnQixFQUNoQixFQUFVLEVBQ1YsS0FNQztRQUVELEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFFakIsTUFBTSxVQUFVLEdBQUcsZ0JBQWdCLEtBQUssQ0FBQyxJQUFJLEVBQUUsQ0FBQztRQUVoRCxNQUFNLG1CQUFtQixHQUFHLElBQUkscUNBQWlCLENBQy9DLElBQUksRUFDSixxQkFBcUIsRUFDckI7WUFDRSxZQUFZLEVBQUUsc0JBQXNCLEtBQUssQ0FBQyxJQUFJLEVBQUU7WUFDaEQsUUFBUSxFQUFFO2dCQUNSLE9BQU8sRUFBRSxXQUFXO2dCQUNwQixNQUFNLEVBQUUscUJBQXFCLEVBQUUsNkdBQTZHO2dCQUM1SSxVQUFVLEVBQUU7b0JBQ1YsSUFBSSxFQUFFLEtBQUssQ0FBQyxJQUFJO29CQUNoQixXQUFXLEVBQUUsS0FBSyxDQUFDLFdBQVc7b0JBQzlCLFdBQVcsRUFBRSxLQUFLLENBQUMsV0FBVztvQkFDOUIsSUFBSSxFQUFFLGFBQWEsQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDO2lCQUNoQztnQkFDRCxrQkFBa0IsRUFBRSxlQUFlLENBQUMsa0JBQWtCLENBQUMsRUFBRSxDQUFDLFVBQVUsQ0FBQzthQUN0RTtZQUNELE1BQU0sRUFBRSxlQUFlLENBQUMsdUJBQXVCLENBQUMsY0FBYyxDQUFDO2dCQUM3RCxJQUFJLHlCQUFlLENBQUM7b0JBQ2xCLE9BQU8sRUFBRTt3QkFDUCxPQUFPO3dCQUNQLGdGQUFnRjt3QkFDaEYsZ0NBQWdDO3dCQUNoQyxvQkFBb0I7cUJBQ3JCO29CQUNELFNBQVMsRUFBRSxDQUFDLEdBQUcsQ0FBQztpQkFDakIsQ0FBQzthQUNILENBQUM7WUFDRixZQUFZLEVBQUUsdUJBQXVCO1NBQ3RDLENBQ0YsQ0FBQztRQUVGLElBQUksQ0FBQyxnQkFBZ0IsR0FBRyxtQkFBbUIsQ0FBQyxnQkFBZ0IsQ0FDMUQsZ0NBQWdDLENBQ2pDLENBQUM7UUFFRixNQUFNLG1CQUFtQixHQUFHLElBQUkscUNBQWlCLENBQy9DLElBQUksRUFDSixxQkFBcUIsRUFDckI7WUFDRSxZQUFZLEVBQUUsc0JBQXNCLEtBQUssQ0FBQyxJQUFJLEVBQUU7WUFDaEQsUUFBUSxFQUFFO2dCQUNSLE9BQU8sRUFBRSxXQUFXO2dCQUNwQixNQUFNLEVBQUUscUJBQXFCLEVBQUUsNkdBQTZHO2dCQUM1SSxVQUFVLEVBQUU7b0JBQ1YsV0FBVyxFQUFFLEtBQUssQ0FBQyxXQUFXO29CQUM5QixnQkFBZ0IsRUFBRSxJQUFJLENBQUMsZ0JBQWdCO29CQUN2QyxXQUFXLEVBQUUsS0FBSyxDQUFDLFdBQVc7aUJBQy9CO2dCQUNELGtCQUFrQixFQUFFLGVBQWUsQ0FBQyxrQkFBa0IsQ0FBQyxFQUFFLENBQUMsVUFBVSxDQUFDO2FBQ3RFO1lBQ0QsTUFBTSxFQUFFLGVBQWUsQ0FBQyx1QkFBdUIsQ0FBQyxjQUFjLENBQUM7Z0JBQzdELElBQUkseUJBQWUsQ0FBQztvQkFDbEIsT0FBTyxFQUFFO3dCQUNQLHlCQUF5Qjt3QkFDekIsNEJBQTRCO3dCQUM1QixpQkFBaUI7cUJBQ2xCO29CQUNELFNBQVMsRUFBRSxDQUFDLEdBQUcsQ0FBQztpQkFDakIsQ0FBQzthQUNILENBQUM7WUFDRixZQUFZLEVBQUUsdUJBQXVCO1NBQ3RDLENBQ0YsQ0FBQztRQUVGLE1BQU0sbUJBQW1CLEdBQUcsSUFBSSxxQ0FBaUIsQ0FDL0MsSUFBSSxFQUNKLHFCQUFxQixFQUNyQjtZQUNFLFlBQVksRUFBRSxzQkFBc0IsS0FBSyxDQUFDLElBQUksRUFBRTtZQUNoRCxRQUFRLEVBQUU7Z0JBQ1IsT0FBTyxFQUFFLFdBQVc7Z0JBQ3BCLE1BQU0sRUFBRSxxQkFBcUIsRUFBRSw2R0FBNkc7Z0JBQzVJLFVBQVUsRUFBRTtvQkFDVixXQUFXLEVBQUUsS0FBSyxDQUFDLFdBQVc7b0JBQzlCLGdCQUFnQixFQUFFLElBQUksQ0FBQyxnQkFBZ0I7aUJBQ3hDO2FBQ0Y7WUFDRCxNQUFNLEVBQUUsZUFBZSxDQUFDLHVCQUF1QixDQUFDLGNBQWMsQ0FBQztnQkFDN0QsSUFBSSx5QkFBZSxDQUFDO29CQUNsQixPQUFPLEVBQUU7d0JBQ1AseUJBQXlCO3dCQUN6Qix5QkFBeUI7d0JBQ3pCLGlCQUFpQjtxQkFDbEI7b0JBQ0QsU0FBUyxFQUFFLENBQUMsR0FBRyxDQUFDO2lCQUNqQixDQUFDO2FBQ0gsQ0FBQztZQUNGLFlBQVksRUFBRSx1QkFBdUI7U0FDdEMsQ0FDRixDQUFDO0lBQ0osQ0FBQztJQUNNLG1CQUFtQjtRQUN4QixPQUFPLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQztJQUMvQixDQUFDO0NBQ0Y7QUFoSEQsc0NBZ0hDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgUG9saWN5U3RhdGVtZW50IH0gZnJvbSBcImF3cy1jZGstbGliL2F3cy1pYW1cIjtcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gXCJjb25zdHJ1Y3RzXCI7XG5pbXBvcnQgKiBhcyBjdXN0b21SZXNvdXJjZXMgZnJvbSBcImF3cy1jZGstbGliL2N1c3RvbS1yZXNvdXJjZXNcIjtcbmltcG9ydCB7IEF3c0N1c3RvbVJlc291cmNlIH0gZnJvbSBcIi4uLy4uL3V0aWxpdGllcy9hd3NDdXN0b21SZXNvdXJjZVwiO1xuaW1wb3J0IHsgS2V5VmFsdWUgfSBmcm9tIFwiLi4vLi4vLi4vLi4vdHlwZXNcIjtcblxuZnVuY3Rpb24gdHJhbnNmb3JtVGFncyh0YWdzPzogS2V5VmFsdWVbXSkge1xuICByZXR1cm4gdGFncz8ubWFwKCh7IGtleSwgdmFsdWUgfSkgPT4gKHsgS2V5OiBrZXksIFZhbHVlOiB2YWx1ZSB9KSk7XG59XG5cbmV4cG9ydCBjbGFzcyBQZXJtaXNzaW9uU2V0IGV4dGVuZHMgQ29uc3RydWN0IHtcbiAgcHJpdmF0ZSBwZXJtaXNzaW9uU2V0QXJuOiBzdHJpbmc7XG5cbiAgY29uc3RydWN0b3IoXG4gICAgc2NvcGU6IENvbnN0cnVjdCxcbiAgICBpZDogc3RyaW5nLFxuICAgIHByb3BzOiB7XG4gICAgICBuYW1lOiBzdHJpbmc7XG4gICAgICBpbnN0YW5jZUFybjogc3RyaW5nO1xuICAgICAgZGVzY3JpcHRpb24/OiBzdHJpbmc7XG4gICAgICBtYW5hZ2VkUG9saWNpZXM/OiBzdHJpbmdbXTtcbiAgICAgIHRhZ3M/OiBLZXlWYWx1ZVtdO1xuICAgIH1cbiAgKSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkKTtcblxuICAgIGNvbnN0IHBoeXNpY2FsSWQgPSBgcGVybWlzc2lvblNldCR7cHJvcHMubmFtZX1gO1xuXG4gICAgY29uc3QgY3JlYXRlUGVybWlzc2lvblNldCA9IG5ldyBBd3NDdXN0b21SZXNvdXJjZShcbiAgICAgIHRoaXMsXG4gICAgICBcImNyZWF0ZVBlcm1pc3Npb25TZXRcIixcbiAgICAgIHtcbiAgICAgICAgZnVuY3Rpb25OYW1lOiBgY3JlYXRlUGVybWlzc2lvblNldCR7cHJvcHMubmFtZX1gLFxuICAgICAgICBvbkNyZWF0ZToge1xuICAgICAgICAgIHNlcnZpY2U6IFwic3NvLWFkbWluXCIsXG4gICAgICAgICAgYWN0aW9uOiBcIkNyZWF0ZVBlcm1pc3Npb25TZXRcIiwgLy8gaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL0FXU0phdmFTY3JpcHRTREsvdjMvbGF0ZXN0L2NsaWVudC9zc28tYWRtaW4vY29tbWFuZC9DcmVhdGVQZXJtaXNzaW9uU2V0Q29tbWFuZFxuICAgICAgICAgIHBhcmFtZXRlcnM6IHtcbiAgICAgICAgICAgIE5hbWU6IHByb3BzLm5hbWUsXG4gICAgICAgICAgICBJbnN0YW5jZUFybjogcHJvcHMuaW5zdGFuY2VBcm4sXG4gICAgICAgICAgICBEZXNjcmlwdGlvbjogcHJvcHMuZGVzY3JpcHRpb24sXG4gICAgICAgICAgICBUYWdzOiB0cmFuc2Zvcm1UYWdzKHByb3BzLnRhZ3MpXG4gICAgICAgICAgfSxcbiAgICAgICAgICBwaHlzaWNhbFJlc291cmNlSWQ6IGN1c3RvbVJlc291cmNlcy5QaHlzaWNhbFJlc291cmNlSWQub2YocGh5c2ljYWxJZClcbiAgICAgICAgfSxcbiAgICAgICAgcG9saWN5OiBjdXN0b21SZXNvdXJjZXMuQXdzQ3VzdG9tUmVzb3VyY2VQb2xpY3kuZnJvbVN0YXRlbWVudHMoW1xuICAgICAgICAgIG5ldyBQb2xpY3lTdGF0ZW1lbnQoe1xuICAgICAgICAgICAgYWN0aW9uczogW1xuICAgICAgICAgICAgICBcInNzbzoqXCJcbiAgICAgICAgICAgICAgLy8gVE9ETzogTW92ZSBpbnRvIGEgcm9sZSBwb2xpY3kgZm9yIGVudGlyZSBNYW5hZ2VkT3JnYW5pc2F0aW9uIGN1c3RvbSByZXNvdXJjZXNcbiAgICAgICAgICAgICAgLy8gXCJzc286UHJvdmlzaW9uUGVybWlzc2lvblNldFwiLFxuICAgICAgICAgICAgICAvLyBcInNzbzpUYWdSZXNvdXJjZVwiXG4gICAgICAgICAgICBdLFxuICAgICAgICAgICAgcmVzb3VyY2VzOiBbXCIqXCJdXG4gICAgICAgICAgfSlcbiAgICAgICAgXSksXG4gICAgICAgIHJlc291cmNlVHlwZTogXCJDdXN0b206OlBlcm1pc3Npb25TZXRcIlxuICAgICAgfVxuICAgICk7XG5cbiAgICB0aGlzLnBlcm1pc3Npb25TZXRBcm4gPSBjcmVhdGVQZXJtaXNzaW9uU2V0LmdldFJlc3BvbnNlRmllbGQoXG4gICAgICBcIlBlcm1pc3Npb25TZXQuUGVybWlzc2lvblNldEFyblwiXG4gICAgKTtcblxuICAgIGNvbnN0IHVwZGF0ZVBlcm1pc3Npb25TZXQgPSBuZXcgQXdzQ3VzdG9tUmVzb3VyY2UoXG4gICAgICB0aGlzLFxuICAgICAgXCJ1cGRhdGVQZXJtaXNzaW9uU2V0XCIsXG4gICAgICB7XG4gICAgICAgIGZ1bmN0aW9uTmFtZTogYHVwZGF0ZVBlcm1pc3Npb25TZXQke3Byb3BzLm5hbWV9YCxcbiAgICAgICAgb25VcGRhdGU6IHtcbiAgICAgICAgICBzZXJ2aWNlOiBcInNzby1hZG1pblwiLFxuICAgICAgICAgIGFjdGlvbjogXCJVcGRhdGVQZXJtaXNzaW9uU2V0XCIsIC8vIGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9BV1NKYXZhU2NyaXB0U0RLL3YzL2xhdGVzdC9jbGllbnQvc3NvLWFkbWluL2NvbW1hbmQvVXBkYXRlUGVybWlzc2lvblNldENvbW1hbmRcbiAgICAgICAgICBwYXJhbWV0ZXJzOiB7XG4gICAgICAgICAgICBJbnN0YW5jZUFybjogcHJvcHMuaW5zdGFuY2VBcm4sXG4gICAgICAgICAgICBQZXJtaXNzaW9uU2V0QXJuOiB0aGlzLnBlcm1pc3Npb25TZXRBcm4sXG4gICAgICAgICAgICBEZXNjcmlwdGlvbjogcHJvcHMuZGVzY3JpcHRpb25cbiAgICAgICAgICB9LFxuICAgICAgICAgIHBoeXNpY2FsUmVzb3VyY2VJZDogY3VzdG9tUmVzb3VyY2VzLlBoeXNpY2FsUmVzb3VyY2VJZC5vZihwaHlzaWNhbElkKVxuICAgICAgICB9LFxuICAgICAgICBwb2xpY3k6IGN1c3RvbVJlc291cmNlcy5Bd3NDdXN0b21SZXNvdXJjZVBvbGljeS5mcm9tU3RhdGVtZW50cyhbXG4gICAgICAgICAgbmV3IFBvbGljeVN0YXRlbWVudCh7XG4gICAgICAgICAgICBhY3Rpb25zOiBbXG4gICAgICAgICAgICAgIFwic3NvOlVwZGF0ZVBlcm1pc3Npb25TZXRcIixcbiAgICAgICAgICAgICAgXCJzc286UHJvdmlzaW9uUGVybWlzc2lvblNldFwiLFxuICAgICAgICAgICAgICBcInNzbzpUYWdSZXNvdXJjZVwiXG4gICAgICAgICAgICBdLFxuICAgICAgICAgICAgcmVzb3VyY2VzOiBbXCIqXCJdXG4gICAgICAgICAgfSlcbiAgICAgICAgXSksXG4gICAgICAgIHJlc291cmNlVHlwZTogXCJDdXN0b206OlBlcm1pc3Npb25TZXRcIlxuICAgICAgfVxuICAgICk7XG5cbiAgICBjb25zdCBkZWxldGVQZXJtaXNzaW9uU2V0ID0gbmV3IEF3c0N1c3RvbVJlc291cmNlKFxuICAgICAgdGhpcyxcbiAgICAgIFwiZGVsZXRlUGVybWlzc2lvblNldFwiLFxuICAgICAge1xuICAgICAgICBmdW5jdGlvbk5hbWU6IGBkZWxldGVQZXJtaXNzaW9uU2V0JHtwcm9wcy5uYW1lfWAsXG4gICAgICAgIG9uRGVsZXRlOiB7XG4gICAgICAgICAgc2VydmljZTogXCJzc28tYWRtaW5cIixcbiAgICAgICAgICBhY3Rpb246IFwiRGVsZXRlUGVybWlzc2lvblNldFwiLCAvLyBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vQVdTSmF2YVNjcmlwdFNESy92My9sYXRlc3QvY2xpZW50L3Nzby1hZG1pbi9jb21tYW5kL0RlbGV0ZVBlcm1pc3Npb25TZXRDb21tYW5kXG4gICAgICAgICAgcGFyYW1ldGVyczoge1xuICAgICAgICAgICAgSW5zdGFuY2VBcm46IHByb3BzLmluc3RhbmNlQXJuLFxuICAgICAgICAgICAgUGVybWlzc2lvblNldEFybjogdGhpcy5wZXJtaXNzaW9uU2V0QXJuXG4gICAgICAgICAgfVxuICAgICAgICB9LFxuICAgICAgICBwb2xpY3k6IGN1c3RvbVJlc291cmNlcy5Bd3NDdXN0b21SZXNvdXJjZVBvbGljeS5mcm9tU3RhdGVtZW50cyhbXG4gICAgICAgICAgbmV3IFBvbGljeVN0YXRlbWVudCh7XG4gICAgICAgICAgICBhY3Rpb25zOiBbXG4gICAgICAgICAgICAgIFwic3NvOlVwZGF0ZVBlcm1pc3Npb25TZXRcIixcbiAgICAgICAgICAgICAgXCJzc286RGVsZXRlUGVybWlzc2lvblNldFwiLFxuICAgICAgICAgICAgICBcInNzbzpUYWdSZXNvdXJjZVwiXG4gICAgICAgICAgICBdLFxuICAgICAgICAgICAgcmVzb3VyY2VzOiBbXCIqXCJdXG4gICAgICAgICAgfSlcbiAgICAgICAgXSksXG4gICAgICAgIHJlc291cmNlVHlwZTogXCJDdXN0b206OlBlcm1pc3Npb25TZXRcIlxuICAgICAgfVxuICAgICk7XG4gIH1cbiAgcHVibGljIGdldFBlcm1pc3Npb25TZXRBcm4oKTogc3RyaW5nIHtcbiAgICByZXR1cm4gdGhpcy5wZXJtaXNzaW9uU2V0QXJuO1xuICB9XG59XG4iXX0=
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@fjall/components-infrastructure",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.7.0",
|
|
4
4
|
"bin": {
|
|
5
5
|
"infrastructure": "bin/infrastructure.js"
|
|
6
6
|
},
|
|
@@ -35,11 +35,12 @@
|
|
|
35
35
|
"dependencies": {
|
|
36
36
|
"@aws-sdk/client-cost-explorer": "^3.717.0",
|
|
37
37
|
"@aws-sdk/client-organizations": "^3.716.0",
|
|
38
|
-
"@fjall/util": "^0.
|
|
38
|
+
"@fjall/util": "^0.7.0",
|
|
39
39
|
"@pepperize/cdk-organizations": "^0.7.135",
|
|
40
40
|
"aws-cdk": "^2.146.0",
|
|
41
41
|
"aws-cdk-lib": "^2.146.0",
|
|
42
42
|
"aws-lambda": "^1.0.7",
|
|
43
|
+
"cdk-time-sleep": "^1.0.0",
|
|
43
44
|
"constructs": "^10.0.0",
|
|
44
45
|
"source-map-support": "^0.5.21",
|
|
45
46
|
"uuid": "^10.0.0"
|
|
@@ -47,5 +48,5 @@
|
|
|
47
48
|
"overrides": {
|
|
48
49
|
"@smithy/core": "2.5.5"
|
|
49
50
|
},
|
|
50
|
-
"gitHead": "
|
|
51
|
+
"gitHead": "9eef79f12237b08a87a44e4dab94847c14782d40"
|
|
51
52
|
}
|