@fjall/components-infrastructure 0.88.1 → 0.88.3

package/dist/lib/config/aws/identityCenterGroupMembership.js

@@ -4,6 +4,8 @@ exports.IdentityCenterGroupMembership = void 0;
 const aws_cdk_lib_1 = require("aws-cdk-lib");
 const customResources = require("aws-cdk-lib/custom-resources");
 const awsCustomResource_1 = require("../../resources/aws/utilities/awsCustomResource");
+const IDENTITY_STORE_SERVICE = "identityStore";
+const IDENTITY_CENTER_USERS_RESOURCE_TYPE = "Custom::IdentityCenterUsers";
 // TODO: This requires a deletion and recreation to update
 class IdentityCenterGroupMembership extends aws_cdk_lib_1.NestedStack {
     constructor(scope, id, props) {
@@ -18,40 +20,28 @@ class IdentityCenterGroupMembership extends aws_cdk_lib_1.NestedStack {
                 .join("") +
                 props.groupName.charAt(0).toUpperCase() +
                 props.groupName.slice(1);
-            const listUser = new awsCustomResource_1.AwsCustomResource(this, `ListUsersResource${memberGroup}`, {
-                onCreate: {
-                    service: "identityStore",
-                    action: "listUsers",
-                    parameters: {
-                        IdentityStoreId: identityStoreId,
-                        Filters: [
-                            {
-                                AttributePath: "UserName",
-                                AttributeValue: member
-                            }
-                        ]
-                    },
-                    physicalResourceId: customResources.PhysicalResourceId.of(`listUsers${memberGroup}`)
+            const listUsersCall = {
+                service: IDENTITY_STORE_SERVICE,
+                action: "listUsers",
+                parameters: {
+                    IdentityStoreId: identityStoreId,
+                    Filters: [
+                        {
+                            AttributePath: "UserName",
+                            AttributeValue: member
+                        }
+                    ]
                 },
-                onUpdate: {
-                    service: "identityStore",
-                    action: "listusers",
-                    parameters: {
-                        IdentityStoreId: identityStoreId,
-                        Filters: [
-                            {
-                                AttributePath: "UserName",
-                                AttributeValue: member
-                            }
-                        ]
-                    },
-                    physicalResourceId: customResources.PhysicalResourceId.of(`listUsers${memberGroup}`)
-                }
+                physicalResourceId: customResources.PhysicalResourceId.of(`listUsers${memberGroup}`)
+            };
+            const listUser = new awsCustomResource_1.AwsCustomResource(this, `ListUsersResource${memberGroup}`, {
+                onCreate: listUsersCall,
+                onUpdate: listUsersCall
             });
             const userId = listUser.getResponseField("Users.0.UserId");
             const groupMembershipId = new awsCustomResource_1.AwsCustomResource(this, `CreateGroupMembershipResource${memberGroup}`, {
                 onCreate: {
-                    service: "identityStore",
+                    service: IDENTITY_STORE_SERVICE,
                     action: "createGroupMembership",
                     parameters: {
                         GroupId: groupId,
@@ -62,11 +52,11 @@ class IdentityCenterGroupMembership extends aws_cdk_lib_1.NestedStack {
                     },
                     physicalResourceId: customResources.PhysicalResourceId.of(`createGroupMembership${memberGroup}`)
                 },
-                resourceType: "Custom::IdentityCenterUsers"
+                resourceType: IDENTITY_CENTER_USERS_RESOURCE_TYPE
             });
             const refreshMembership = new awsCustomResource_1.AwsCustomResource(this, `RefreshMembershipResource${memberGroup}`, {
                 onUpdate: {
-                    service: "identityStore",
+                    service: IDENTITY_STORE_SERVICE,
                     action: "deleteGroupMembership",
                     parameters: {
                         IdentityStoreId: identityStoreId,
@@ -74,11 +64,11 @@ class IdentityCenterGroupMembership extends aws_cdk_lib_1.NestedStack {
                     },
                     physicalResourceId: customResources.PhysicalResourceId.of(`refreshGroupMembership${memberGroup}`)
                 },
-                resourceType: "Custom::IdentityCenterUsers"
+                resourceType: IDENTITY_CENTER_USERS_RESOURCE_TYPE
             });
             const recreateMembership = new awsCustomResource_1.AwsCustomResource(this, `RecreateGroupMembershipResource${memberGroup}`, {
                 onUpdate: {
-                    service: "identityStore",
+                    service: IDENTITY_STORE_SERVICE,
                     action: "createGroupMembership",
                     parameters: {
                         GroupId: groupId,
@@ -89,22 +79,22 @@ class IdentityCenterGroupMembership extends aws_cdk_lib_1.NestedStack {
                     },
                     physicalResourceId: customResources.PhysicalResourceId.of(`recreateGroupMembership${memberGroup}`)
                 },
-                resourceType: "Custom::IdentityCenterUsers"
+                resourceType: IDENTITY_CENTER_USERS_RESOURCE_TYPE
             });
             refreshMembership.node.addDependency(recreateMembership);
             new awsCustomResource_1.AwsCustomResource(this, `DeleteGroupMembershipResource${memberGroup}`, {
                 onDelete: {
-                    service: "identityStore",
+                    service: IDENTITY_STORE_SERVICE,
                     action: "deleteGroupMembership",
                     parameters: {
                         IdentityStoreId: identityStoreId,
                         MembershipId: groupMembershipId.getResponseField("MembershipId")
                     }
                 },
-                resourceType: "Custom::IdentityCenterUsers"
+                resourceType: IDENTITY_CENTER_USERS_RESOURCE_TYPE
             });
         }
     }
 }
 exports.IdentityCenterGroupMembership = IdentityCenterGroupMembership;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaWRlbnRpdHlDZW50ZXJHcm91cE1lbWJlcnNoaXAuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9saWIvY29uZmlnL2F3cy9pZGVudGl0eUNlbnRlckdyb3VwTWVtYmVyc2hpcC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSw2Q0FBK0Q7QUFDL0QsZ0VBQWdFO0FBQ2hFLHVGQUFvRjtBQVFwRiwwREFBMEQ7QUFDMUQsTUFBYSw2QkFBOEIsU0FBUSx5QkFBVztJQUM1RCxZQUNFLEtBQWdCLEVBQ2hCLEVBQVUsRUFDVixLQUF5QztRQUV6QyxLQUFLLENBQUMsS0FBSyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBRWpCLE1BQU0sZUFBZSxHQUFHLGdCQUFFLENBQUMsV0FBVyxDQUFDLGlCQUFpQixDQUFDLENBQUM7UUFDMUQsTUFBTSxPQUFPLEdBQUcsZ0JBQUUsQ0FBQyxXQUFXLENBQUMsR0FBRyxLQUFLLENBQUMsU0FBUyxTQUFTLENBQUMsQ0FBQztRQUU1RCxLQUFLLE1BQU0sTUFBTSxJQUFJLEtBQUssQ0FBQyxZQUFZLEVBQUUsQ0FBQztZQUN4QyxNQUFNLFdBQVcsR0FDZixNQUFNO2lCQUNILEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUM7aUJBQ2IsS0FBSyxDQUFDLGNBQWMsQ0FBQztpQkFDckIsR0FBRyxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxDQUFDLFdBQVcsRUFBRSxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUM7aUJBQzNELElBQUksQ0FBQyxFQUFFLENBQUM7Z0JBQ1gsS0FBSyxDQUFDLFNBQVMsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLENBQUMsV0FBVyxFQUFFO2dCQUN2QyxLQUFLLENBQUMsU0FBUyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQztZQUUzQixNQUFNLFFBQVEsR0FBRyxJQUFJLHFDQUFpQixDQUNwQyxJQUFJLEVBQ0osb0JBQW9CLFdBQVcsRUFBRSxFQUNqQztnQkFDRSxRQUFRLEVBQUU7b0JBQ1IsT0FBTyxFQUFFLGVBQWU7b0JBQ3hCLE1BQU0sRUFBRSxXQUFXO29CQUNuQixVQUFVLEVBQUU7d0JBQ1YsZUFBZSxFQUFFLGVBQWU7d0JBQ2hDLE9BQU8sRUFBRTs0QkFDUDtnQ0FDRSxhQUFhLEVBQUUsVUFBVTtnQ0FDekIsY0FBYyxFQUFFLE1BQU07NkJBQ3ZCO3lCQUNGO3FCQUNGO29CQUNELGtCQUFrQixFQUFFLGVBQWUsQ0FBQyxrQkFBa0IsQ0FBQyxFQUFFLENBQ3ZELFlBQVksV0FBVyxFQUFFLENBQzFCO2lCQUNGO2dCQUNELFFBQVEsRUFBRTtvQkFDUixPQUFPLEVBQUUsZUFBZTtvQkFDeEIsTUFBTSxFQUFFLFdBQVc7b0JBQ25CLFVBQVUsRUFBRTt3QkFDVixlQUFlLEVBQUUsZUFBZTt3QkFDaEMsT0FBTyxFQUFFOzRCQUNQO2dDQUNFLGFBQWEsRUFBRSxVQUFVO2dDQUN6QixjQUFjLEVBQUUsTUFBTTs2QkFDdkI7eUJBQ0Y7cUJBQ0Y7b0JBQ0Qsa0JBQWtCLEVBQUUsZUFBZSxDQUFDLGtCQUFrQixDQUFDLEVBQUUsQ0FDdkQsWUFBWSxXQUFXLEVBQUUsQ0FDMUI7aUJBQ0Y7YUFDRixDQUNGLENBQUM7WUFFRixNQUFNLE1BQU0sR0FBRyxRQUFRLENBQUMsZ0JBQWdCLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztZQUUzRCxNQUFNLGlCQUFpQixHQUFHLElBQUkscUNBQWlCLENBQzdDLElBQUksRUFDSixnQ0FBZ0MsV0FBVyxFQUFFLEVBQzdDO2dCQUNFLFFBQVEsRUFBRTtvQkFDUixPQUFPLEVBQUUsZUFBZTtvQkFDeEIsTUFBTSxFQUFFLHVCQUF1QjtvQkFDL0IsVUFBVSxFQUFFO3dCQUNWLE9BQU8sRUFBRSxPQUFPO3dCQUNoQixlQUFlLEVBQUUsZUFBZTt3QkFDaEMsUUFBUSxFQUFFOzRCQUNSLE1BQU0sRUFBRSxNQUFNO3lCQUNmO3FCQUNGO29CQUNELGtCQUFrQixFQUFFLGVBQWUsQ0FBQyxrQkFBa0IsQ0FBQyxFQUFFLENBQ3ZELHdCQUF3QixXQUFXLEVBQUUsQ0FDdEM7aUJBQ0Y7Z0JBQ0QsWUFBWSxFQUFFLDZCQUE2QjthQUM1QyxDQUNGLENBQUM7WUFFRixNQUFNLGlCQUFpQixHQUFHLElBQUkscUNBQWlCLENBQzdDLElBQUksRUFDSiw0QkFBNEIsV0FBVyxFQUFFLEVBQ3pDO2dCQUNFLFFBQVEsRUFBRTtvQkFDUixPQUFPLEVBQUUsZUFBZTtvQkFDeEIsTUFBTSxFQUFFLHVCQUF1QjtvQkFDL0IsVUFBVSxFQUFFO3dCQUNWLGVBQWUsRUFBRSxlQUFlO3dCQUNoQyxZQUFZLEVBQUUsaUJBQWlCLENBQUMsZ0JBQWdCLENBQUMsY0FBYyxDQUFDO3FCQUNqRTtvQkFDRCxrQkFBa0IsRUFBRSxlQUFlLENBQUMsa0JBQWtCLENBQUMsRUFBRSxDQUN2RCx5QkFBeUIsV0FBVyxFQUFFLENBQ3ZDO2lCQUNGO2dCQUNELFlBQVksRUFBRSw2QkFBNkI7YUFDNUMsQ0FDRixDQUFDO1lBRUYsTUFBTSxrQkFBa0IsR0FBRyxJQUFJLHFDQUFpQixDQUM5QyxJQUFJLEVBQ0osa0NBQWtDLFdBQVcsRUFBRSxFQUMvQztnQkFDRSxRQUFRLEVBQUU7b0JBQ1IsT0FBTyxFQUFFLGVBQWU7b0JBQ3hCLE1BQU0sRUFBRSx1QkFBdUI7b0JBQy9CLFVBQVUsRUFBRTt3QkFDVixPQUFPLEVBQUUsT0FBTzt3QkFDaEIsZUFBZSxFQUFFLGVBQWU7d0JBQ2hDLFFBQVEsRUFBRTs0QkFDUixNQUFNLEVBQUUsTUFBTTt5QkFDZjtxQkFDRjtvQkFDRCxrQkFBa0IsRUFBRSxlQUFlLENBQUMsa0JBQWtCLENBQUMsRUFBRSxDQUN2RCwwQkFBMEIsV0FBVyxFQUFFLENBQ3hDO2lCQUNGO2dCQUNELFlBQVksRUFBRSw2QkFBNkI7YUFDNUMsQ0FDRixDQUFDO1lBRUYsaUJBQWlCLENBQUMsSUFBSSxDQUFDLGFBQWEsQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDO1lBRXpELElBQUkscUNBQWlCLENBQ25CLElBQUksRUFDSixnQ0FBZ0MsV0FBVyxFQUFFLEVBQzdDO2dCQUNFLFFBQVEsRUFBRTtvQkFDUixPQUFPLEVBQUUsZUFBZTtvQkFDeEIsTUFBTSxFQUFFLHVCQUF1QjtvQkFDL0IsVUFBVSxFQUFFO3dCQUNWLGVBQWUsRUFBRSxlQUFlO3dCQUNoQyxZQUFZLEVBQUUsaUJBQWlCLENBQUMsZ0JBQWdCLENBQUMsY0FBYyxDQUFDO3FCQUNqRTtpQkFDRjtnQkFDRCxZQUFZLEVBQUUsNkJBQTZCO2FBQzVDLENBQ0YsQ0FBQztRQUNKLENBQUM7SUFDSCxDQUFDO0NBQ0Y7QUFoSkQsc0VBZ0pDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgRm4sIE5lc3RlZFN0YWNrLCB0eXBlIFN0YWNrUHJvcHMgfSBmcm9tIFwiYXdzLWNkay1saWJcIjtcbmltcG9ydCAqIGFzIGN1c3RvbVJlc291cmNlcyBmcm9tIFwiYXdzLWNkay1saWIvY3VzdG9tLXJlc291cmNlc1wiO1xuaW1wb3J0IHsgQXdzQ3VzdG9tUmVzb3VyY2UgfSBmcm9tIFwiLi4vLi4vcmVzb3VyY2VzL2F3cy91dGlsaXRpZXMvYXdzQ3VzdG9tUmVzb3VyY2VcIjtcbmltcG9ydCB7IHR5cGUgQ29uc3RydWN0IH0gZnJvbSBcImNvbnN0cnVjdHNcIjtcblxuaW50ZXJmYWNlIElkZW50aXR5Q2VudGVyR3JvdXBNZW1iZXJzaGlwUHJvcHMgZXh0ZW5kcyBTdGFja1Byb3BzIHtcbiAgZ3JvdXBOYW1lOiBzdHJpbmc7XG4gIGdyb3VwTWVtYmVyczogc3RyaW5nW107XG59XG5cbi8vIFRPRE86IFRoaXMgcmVxdWlyZXMgYSBkZWxldGlvbiBhbmQgcmVjcmVhdGlvbiB0byB1cGRhdGVcbmV4cG9ydCBjbGFzcyBJZGVudGl0eUNlbnRlckdyb3VwTWVtYmVyc2hpcCBleHRlbmRzIE5lc3RlZFN0YWNrIHtcbiAgY29uc3RydWN0b3IoXG4gICAgc2NvcGU6IENvbnN0cnVjdCxcbiAgICBpZDogc3RyaW5nLFxuICAgIHByb3BzOiBJZGVudGl0eUNlbnRlckdyb3VwTWVtYmVyc2hpcFByb3BzXG4gICkge1xuICAgIHN1cGVyKHNjb3BlLCBpZCk7XG5cbiAgICBjb25zdCBpZGVudGl0eVN0b3JlSWQgPSBGbi5pbXBvcnRWYWx1ZShcImlkZW50aXR5U3RvcmVJZFwiKTtcbiAgICBjb25zdCBncm91cElkID0gRm4uaW1wb3J0VmFsdWUoYCR7cHJvcHMuZ3JvdXBOYW1lfUdyb3VwSWRgKTtcblxuICAgIGZvciAoY29uc3QgbWVtYmVyIG9mIHByb3BzLmdyb3VwTWVtYmVycykge1xuICAgICAgY29uc3QgbWVtYmVyR3JvdXAgPVxuICAgICAgICBtZW1iZXJcbiAgICAgICAgICAuc3BsaXQoXCJAXCIpWzBdXG4gICAgICAgICAgLnNwbGl0KC9bXmEtekEtWjAtOV0vKVxuICAgICAgICAgIC5tYXAoKHBhcnQpID0+IHBhcnQuY2hhckF0KDApLnRvVXBwZXJDYXNlKCkgKyBwYXJ0LnNsaWNlKDEpKVxuICAgICAgICAgIC5qb2luKFwiXCIpICtcbiAgICAgICAgcHJvcHMuZ3JvdXBOYW1lLmNoYXJBdCgwKS50b1VwcGVyQ2FzZSgpICtcbiAgICAgICAgcHJvcHMuZ3JvdXBOYW1lLnNsaWNlKDEpO1xuXG4gICAgICBjb25zdCBsaXN0VXNlciA9IG5ldyBBd3NDdXN0b21SZXNvdXJjZShcbiAgICAgICAgdGhpcyxcbiAgICAgICAgYExpc3RVc2Vyc1Jlc291cmNlJHttZW1iZXJHcm91cH1gLFxuICAgICAgICB7XG4gICAgICAgICAgb25DcmVhdGU6IHtcbiAgICAgICAgICAgIHNlcnZpY2U6IFwiaWRlbnRpdHlTdG9yZVwiLFxuICAgICAgICAgICAgYWN0aW9uOiBcImxpc3RVc2Vyc1wiLFxuICAgICAgICAgICAgcGFyYW1ldGVyczoge1xuICAgICAgICAgICAgICBJZGVudGl0eVN0b3JlSWQ6IGlkZW50aXR5U3RvcmVJZCxcbiAgICAgICAgICAgICAgRmlsdGVyczogW1xuICAgICAgICAgICAgICAgIHtcbiAgICAgICAgICAgICAgICAgIEF0dHJpYnV0ZVBhdGg6IFwiVXNlck5hbWVcIixcbiAgICAgICAgICAgICAgICAgIEF0dHJpYnV0ZVZhbHVlOiBtZW1iZXJcbiAgICAgICAgICAgICAgICB9XG4gICAgICAgICAgICAgIF1cbiAgICAgICAgICAgIH0sXG4gICAgICAgICAgICBwaHlzaWNhbFJlc291cmNlSWQ6IGN1c3RvbVJlc291cmNlcy5QaHlzaWNhbFJlc291cmNlSWQub2YoXG4gICAgICAgICAgICAgIGBsaXN0VXNlcnMke21lbWJlckdyb3VwfWBcbiAgICAgICAgICAgIClcbiAgICAgICAgICB9LFxuICAgICAgICAgIG9uVXBkYXRlOiB7XG4gICAgICAgICAgICBzZXJ2aWNlOiBcImlkZW50aXR5U3RvcmVcIixcbiAgICAgICAgICAgIGFjdGlvbjogXCJsaXN0dXNlcnNcIixcbiAgICAgICAgICAgIHBhcmFtZXRlcnM6IHtcbiAgICAgICAgICAgICAgSWRlbnRpdHlTdG9yZUlkOiBpZGVudGl0eVN0b3JlSWQsXG4gICAgICAgICAgICAgIEZpbHRlcnM6IFtcbiAgICAgICAgICAgICAgICB7XG4gICAgICAgICAgICAgICAgICBBdHRyaWJ1dGVQYXRoOiBcIlVzZXJOYW1lXCIsXG4gICAgICAgICAgICAgICAgICBBdHRyaWJ1dGVWYWx1ZTogbWVtYmVyXG4gICAgICAgICAgICAgICAgfVxuICAgICAgICAgICAgICBdXG4gICAgICAgICAgICB9LFxuICAgICAgICAgICAgcGh5c2ljYWxSZXNvdXJjZUlkOiBjdXN0b21SZXNvdXJjZXMuUGh5c2ljYWxSZXNvdXJjZUlkLm9mKFxuICAgICAgICAgICAgICBgbGlzdFVzZXJzJHttZW1iZXJHcm91cH1gXG4gICAgICAgICAgICApXG4gICAgICAgICAgfVxuICAgICAgICB9XG4gICAgICApO1xuXG4gICAgICBjb25zdCB1c2VySWQgPSBsaXN0VXNlci5nZXRSZXNwb25zZUZpZWxkKFwiVXNlcnMuMC5Vc2VySWRcIik7XG5cbiAgICAgIGNvbnN0IGdyb3VwTWVtYmVyc2hpcElkID0gbmV3IEF3c0N1c3RvbVJlc291cmNlKFxuICAgICAgICB0aGlzLFxuICAgICAgICBgQ3JlYXRlR3JvdXBNZW1iZXJzaGlwUmVzb3VyY2Uke21lbWJlckdyb3VwfWAsXG4gICAgICAgIHtcbiAgICAgICAgICBvbkNyZWF0ZToge1xuICAgICAgICAgICAgc2VydmljZTogXCJpZGVudGl0eVN0b3JlXCIsXG4gICAgICAgICAgICBhY3Rpb246IFwiY3JlYXRlR3JvdXBNZW1iZXJzaGlwXCIsXG4gICAgICAgICAgICBwYXJhbWV0ZXJzOiB7XG4gICAgICAgICAgICAgIEdyb3VwSWQ6IGdyb3VwSWQsXG4gICAgICAgICAgICAgIElkZW50aXR5U3RvcmVJZDogaWRlbnRpdHlTdG9yZUlkLFxuICAgICAgICAgICAgICBNZW1iZXJJZDoge1xuICAgICAgICAgICAgICAgIFVzZXJJZDogdXNlcklkXG4gICAgICAgICAgICAgIH1cbiAgICAgICAgICAgIH0sXG4gICAgICAgICAgICBwaHlzaWNhbFJlc291cmNlSWQ6IGN1c3RvbVJlc291cmNlcy5QaHlzaWNhbFJlc291cmNlSWQub2YoXG4gICAgICAgICAgICAgIGBjcmVhdGVHcm91cE1lbWJlcnNoaXAke21lbWJlckdyb3VwfWBcbiAgICAgICAgICAgIClcbiAgICAgICAgICB9LFxuICAgICAgICAgIHJlc291cmNlVHlwZTogXCJDdXN0b206OklkZW50aXR5Q2VudGVyVXNlcnNcIlxuICAgICAgICB9XG4gICAgICApO1xuXG4gICAgICBjb25zdCByZWZyZXNoTWVtYmVyc2hpcCA9IG5ldyBBd3NDdXN0b21SZXNvdXJjZShcbiAgICAgICAgdGhpcyxcbiAgICAgICAgYFJlZnJlc2hNZW1iZXJzaGlwUmVzb3VyY2Uke21lbWJlckdyb3VwfWAsXG4gICAgICAgIHtcbiAgICAgICAgICBvblVwZGF0ZToge1xuICAgICAgICAgICAgc2VydmljZTogXCJpZGVudGl0eVN0b3JlXCIsXG4gICAgICAgICAgICBhY3Rpb246IFwiZGVsZXRlR3JvdXBNZW1iZXJzaGlwXCIsXG4gICAgICAgICAgICBwYXJhbWV0ZXJzOiB7XG4gICAgICAgICAgICAgIElkZW50aXR5U3RvcmVJZDogaWRlbnRpdHlTdG9yZUlkLFxuICAgICAgICAgICAgICBNZW1iZXJzaGlwSWQ6IGdyb3VwTWVtYmVyc2hpcElkLmdldFJlc3BvbnNlRmllbGQoXCJNZW1iZXJzaGlwSWRcIilcbiAgICAgICAgICAgIH0sXG4gICAgICAgICAgICBwaHlzaWNhbFJlc291cmNlSWQ6IGN1c3RvbVJlc291cmNlcy5QaHlzaWNhbFJlc291cmNlSWQub2YoXG4gICAgICAgICAgICAgIGByZWZyZXNoR3JvdXBNZW1iZXJzaGlwJHttZW1iZXJHcm91cH1gXG4gICAgICAgICAgICApXG4gICAgICAgICAgfSxcbiAgICAgICAgICByZXNvdXJjZVR5cGU6IFwiQ3VzdG9tOjpJZGVudGl0eUNlbnRlclVzZXJzXCJcbiAgICAgICAgfVxuICAgICAgKTtcblxuICAgICAgY29uc3QgcmVjcmVhdGVNZW1iZXJzaGlwID0gbmV3IEF3c0N1c3RvbVJlc291cmNlKFxuICAgICAgICB0aGlzLFxuICAgICAgICBgUmVjcmVhdGVHcm91cE1lbWJlcnNoaXBSZXNvdXJjZSR7bWVtYmVyR3JvdXB9YCxcbiAgICAgICAge1xuICAgICAgICAgIG9uVXBkYXRlOiB7XG4gICAgICAgICAgICBzZXJ2aWNlOiBcImlkZW50aXR5U3RvcmVcIixcbiAgICAgICAgICAgIGFjdGlvbjogXCJjcmVhdGVHcm91cE1lbWJlcnNoaXBcIixcbiAgICAgICAgICAgIHBhcmFtZXRlcnM6IHtcbiAgICAgICAgICAgICAgR3JvdXBJZDogZ3JvdXBJZCxcbiAgICAgICAgICAgICAgSWRlbnRpdHlTdG9yZUlkOiBpZGVudGl0eVN0b3JlSWQsXG4gICAgICAgICAgICAgIE1lbWJlcklkOiB7XG4gICAgICAgICAgICAgICAgVXNlcklkOiB1c2VySWRcbiAgICAgICAgICAgICAgfVxuICAgICAgICAgICAgfSxcbiAgICAgICAgICAgIHBoeXNpY2FsUmVzb3VyY2VJZDogY3VzdG9tUmVzb3VyY2VzLlBoeXNpY2FsUmVzb3VyY2VJZC5vZihcbiAgICAgICAgICAgICAgYHJlY3JlYXRlR3JvdXBNZW1iZXJzaGlwJHttZW1iZXJHcm91cH1gXG4gICAgICAgICAgICApXG4gICAgICAgICAgfSxcbiAgICAgICAgICByZXNvdXJjZVR5cGU6IFwiQ3VzdG9tOjpJZGVudGl0eUNlbnRlclVzZXJzXCJcbiAgICAgICAgfVxuICAgICAgKTtcblxuICAgICAgcmVmcmVzaE1lbWJlcnNoaXAubm9kZS5hZGREZXBlbmRlbmN5KHJlY3JlYXRlTWVtYmVyc2hpcCk7XG5cbiAgICAgIG5ldyBBd3NDdXN0b21SZXNvdXJjZShcbiAgICAgICAgdGhpcyxcbiAgICAgICAgYERlbGV0ZUdyb3VwTWVtYmVyc2hpcFJlc291cmNlJHttZW1iZXJHcm91cH1gLFxuICAgICAgICB7XG4gICAgICAgICAgb25EZWxldGU6IHtcbiAgICAgICAgICAgIHNlcnZpY2U6IFwiaWRlbnRpdHlTdG9yZVwiLFxuICAgICAgICAgICAgYWN0aW9uOiBcImRlbGV0ZUdyb3VwTWVtYmVyc2hpcFwiLFxuICAgICAgICAgICAgcGFyYW1ldGVyczoge1xuICAgICAgICAgICAgICBJZGVudGl0eVN0b3JlSWQ6IGlkZW50aXR5U3RvcmVJZCxcbiAgICAgICAgICAgICAgTWVtYmVyc2hpcElkOiBncm91cE1lbWJlcnNoaXBJZC5nZXRSZXNwb25zZUZpZWxkKFwiTWVtYmVyc2hpcElkXCIpXG4gICAgICAgICAgICB9XG4gICAgICAgICAgfSxcbiAgICAgICAgICByZXNvdXJjZVR5cGU6IFwiQ3VzdG9tOjpJZGVudGl0eUNlbnRlclVzZXJzXCJcbiAgICAgICAgfVxuICAgICAgKTtcbiAgICB9XG4gIH1cbn1cbiJdfQ==
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaWRlbnRpdHlDZW50ZXJHcm91cE1lbWJlcnNoaXAuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9saWIvY29uZmlnL2F3cy9pZGVudGl0eUNlbnRlckdyb3VwTWVtYmVyc2hpcC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSw2Q0FBK0Q7QUFDL0QsZ0VBQWdFO0FBQ2hFLHVGQUFvRjtBQVFwRixNQUFNLHNCQUFzQixHQUFHLGVBQWUsQ0FBQztBQUMvQyxNQUFNLG1DQUFtQyxHQUFHLDZCQUE2QixDQUFDO0FBRTFFLDBEQUEwRDtBQUMxRCxNQUFhLDZCQUE4QixTQUFRLHlCQUFXO0lBQzVELFlBQ0UsS0FBZ0IsRUFDaEIsRUFBVSxFQUNWLEtBQXlDO1FBRXpDLEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFFakIsTUFBTSxlQUFlLEdBQUcsZ0JBQUUsQ0FBQyxXQUFXLENBQUMsaUJBQWlCLENBQUMsQ0FBQztRQUMxRCxNQUFNLE9BQU8sR0FBRyxnQkFBRSxDQUFDLFdBQVcsQ0FBQyxHQUFHLEtBQUssQ0FBQyxTQUFTLFNBQVMsQ0FBQyxDQUFDO1FBRTVELEtBQUssTUFBTSxNQUFNLElBQUksS0FBSyxDQUFDLFlBQVksRUFBRSxDQUFDO1lBQ3hDLE1BQU0sV0FBVyxHQUNmLE1BQU07aUJBQ0gsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQztpQkFDYixLQUFLLENBQUMsY0FBYyxDQUFDO2lCQUNyQixHQUFHLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLENBQUMsV0FBVyxFQUFFLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQztpQkFDM0QsSUFBSSxDQUFDLEVBQUUsQ0FBQztnQkFDWCxLQUFLLENBQUMsU0FBUyxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsQ0FBQyxXQUFXLEVBQUU7Z0JBQ3ZDLEtBQUssQ0FBQyxTQUFTLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDO1lBRTNCLE1BQU0sYUFBYSxHQUFHO2dCQUNwQixPQUFPLEVBQUUsc0JBQXNCO2dCQUMvQixNQUFNLEVBQUUsV0FBVztnQkFDbkIsVUFBVSxFQUFFO29CQUNWLGVBQWUsRUFBRSxlQUFlO29CQUNoQyxPQUFPLEVBQUU7d0JBQ1A7NEJBQ0UsYUFBYSxFQUFFLFVBQVU7NEJBQ3pCLGNBQWMsRUFBRSxNQUFNO3lCQUN2QjtxQkFDRjtpQkFDRjtnQkFDRCxrQkFBa0IsRUFBRSxlQUFlLENBQUMsa0JBQWtCLENBQUMsRUFBRSxDQUN2RCxZQUFZLFdBQVcsRUFBRSxDQUMxQjthQUNGLENBQUM7WUFFRixNQUFNLFFBQVEsR0FBRyxJQUFJLHFDQUFpQixDQUNwQyxJQUFJLEVBQ0osb0JBQW9CLFdBQVcsRUFBRSxFQUNqQztnQkFDRSxRQUFRLEVBQUUsYUFBYTtnQkFDdkIsUUFBUSxFQUFFLGFBQWE7YUFDeEIsQ0FDRixDQUFDO1lBRUYsTUFBTSxNQUFNLEdBQUcsUUFBUSxDQUFDLGdCQUFnQixDQUFDLGdCQUFnQixDQUFDLENBQUM7WUFFM0QsTUFBTSxpQkFBaUIsR0FBRyxJQUFJLHFDQUFpQixDQUM3QyxJQUFJLEVBQ0osZ0NBQWdDLFdBQVcsRUFBRSxFQUM3QztnQkFDRSxRQUFRLEVBQUU7b0JBQ1IsT0FBTyxFQUFFLHNCQUFzQjtvQkFDL0IsTUFBTSxFQUFFLHVCQUF1QjtvQkFDL0IsVUFBVSxFQUFFO3dCQUNWLE9BQU8sRUFBRSxPQUFPO3dCQUNoQixlQUFlLEVBQUUsZUFBZTt3QkFDaEMsUUFBUSxFQUFFOzRCQUNSLE1BQU0sRUFBRSxNQUFNO3lCQUNmO3FCQUNGO29CQUNELGtCQUFrQixFQUFFLGVBQWUsQ0FBQyxrQkFBa0IsQ0FBQyxFQUFFLENBQ3ZELHdCQUF3QixXQUFXLEVBQUUsQ0FDdEM7aUJBQ0Y7Z0JBQ0QsWUFBWSxFQUFFLG1DQUFtQzthQUNsRCxDQUNGLENBQUM7WUFFRixNQUFNLGlCQUFpQixHQUFHLElBQUkscUNBQWlCLENBQzdDLElBQUksRUFDSiw0QkFBNEIsV0FBVyxFQUFFLEVBQ3pDO2dCQUNFLFFBQVEsRUFBRTtvQkFDUixPQUFPLEVBQUUsc0JBQXNCO29CQUMvQixNQUFNLEVBQUUsdUJBQXVCO29CQUMvQixVQUFVLEVBQUU7d0JBQ1YsZUFBZSxFQUFFLGVBQWU7d0JBQ2hDLFlBQVksRUFBRSxpQkFBaUIsQ0FBQyxnQkFBZ0IsQ0FBQyxjQUFjLENBQUM7cUJBQ2pFO29CQUNELGtCQUFrQixFQUFFLGVBQWUsQ0FBQyxrQkFBa0IsQ0FBQyxFQUFFLENBQ3ZELHlCQUF5QixXQUFXLEVBQUUsQ0FDdkM7aUJBQ0Y7Z0JBQ0QsWUFBWSxFQUFFLG1DQUFtQzthQUNsRCxDQUNGLENBQUM7WUFFRixNQUFNLGtCQUFrQixHQUFHLElBQUkscUNBQWlCLENBQzlDLElBQUksRUFDSixrQ0FBa0MsV0FBVyxFQUFFLEVBQy9DO2dCQUNFLFFBQVEsRUFBRTtvQkFDUixPQUFPLEVBQUUsc0JBQXNCO29CQUMvQixNQUFNLEVBQUUsdUJBQXVCO29CQUMvQixVQUFVLEVBQUU7d0JBQ1YsT0FBTyxFQUFFLE9BQU87d0JBQ2hCLGVBQWUsRUFBRSxlQUFlO3dCQUNoQyxRQUFRLEVBQUU7NEJBQ1IsTUFBTSxFQUFFLE1BQU07eUJBQ2Y7cUJBQ0Y7b0JBQ0Qsa0JBQWtCLEVBQUUsZUFBZSxDQUFDLGtCQUFrQixDQUFDLEVBQUUsQ0FDdkQsMEJBQTBCLFdBQVcsRUFBRSxDQUN4QztpQkFDRjtnQkFDRCxZQUFZLEVBQUUsbUNBQW1DO2FBQ2xELENBQ0YsQ0FBQztZQUVGLGlCQUFpQixDQUFDLElBQUksQ0FBQyxhQUFhLENBQUMsa0JBQWtCLENBQUMsQ0FBQztZQUV6RCxJQUFJLHFDQUFpQixDQUNuQixJQUFJLEVBQ0osZ0NBQWdDLFdBQVcsRUFBRSxFQUM3QztnQkFDRSxRQUFRLEVBQUU7b0JBQ1IsT0FBTyxFQUFFLHNCQUFzQjtvQkFDL0IsTUFBTSxFQUFFLHVCQUF1QjtvQkFDL0IsVUFBVSxFQUFFO3dCQUNWLGVBQWUsRUFBRSxlQUFlO3dCQUNoQyxZQUFZLEVBQUUsaUJBQWlCLENBQUMsZ0JBQWdCLENBQUMsY0FBYyxDQUFDO3FCQUNqRTtpQkFDRjtnQkFDRCxZQUFZLEVBQUUsbUNBQW1DO2FBQ2xELENBQ0YsQ0FBQztRQUNKLENBQUM7SUFDSCxDQUFDO0NBQ0Y7QUFuSUQsc0VBbUlDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgRm4sIE5lc3RlZFN0YWNrLCB0eXBlIFN0YWNrUHJvcHMgfSBmcm9tIFwiYXdzLWNkay1saWJcIjtcbmltcG9ydCAqIGFzIGN1c3RvbVJlc291cmNlcyBmcm9tIFwiYXdzLWNkay1saWIvY3VzdG9tLXJlc291cmNlc1wiO1xuaW1wb3J0IHsgQXdzQ3VzdG9tUmVzb3VyY2UgfSBmcm9tIFwiLi4vLi4vcmVzb3VyY2VzL2F3cy91dGlsaXRpZXMvYXdzQ3VzdG9tUmVzb3VyY2VcIjtcbmltcG9ydCB7IHR5cGUgQ29uc3RydWN0IH0gZnJvbSBcImNvbnN0cnVjdHNcIjtcblxuaW50ZXJmYWNlIElkZW50aXR5Q2VudGVyR3JvdXBNZW1iZXJzaGlwUHJvcHMgZXh0ZW5kcyBTdGFja1Byb3BzIHtcbiAgZ3JvdXBOYW1lOiBzdHJpbmc7XG4gIGdyb3VwTWVtYmVyczogc3RyaW5nW107XG59XG5cbmNvbnN0IElERU5USVRZX1NUT1JFX1NFUlZJQ0UgPSBcImlkZW50aXR5U3RvcmVcIjtcbmNvbnN0IElERU5USVRZX0NFTlRFUl9VU0VSU19SRVNPVVJDRV9UWVBFID0gXCJDdXN0b206OklkZW50aXR5Q2VudGVyVXNlcnNcIjtcblxuLy8gVE9ETzogVGhpcyByZXF1aXJlcyBhIGRlbGV0aW9uIGFuZCByZWNyZWF0aW9uIHRvIHVwZGF0ZVxuZXhwb3J0IGNsYXNzIElkZW50aXR5Q2VudGVyR3JvdXBNZW1iZXJzaGlwIGV4dGVuZHMgTmVzdGVkU3RhY2sge1xuICBjb25zdHJ1Y3RvcihcbiAgICBzY29wZTogQ29uc3RydWN0LFxuICAgIGlkOiBzdHJpbmcsXG4gICAgcHJvcHM6IElkZW50aXR5Q2VudGVyR3JvdXBNZW1iZXJzaGlwUHJvcHNcbiAgKSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkKTtcblxuICAgIGNvbnN0IGlkZW50aXR5U3RvcmVJZCA9IEZuLmltcG9ydFZhbHVlKFwiaWRlbnRpdHlTdG9yZUlkXCIpO1xuICAgIGNvbnN0IGdyb3VwSWQgPSBGbi5pbXBvcnRWYWx1ZShgJHtwcm9wcy5ncm91cE5hbWV9R3JvdXBJZGApO1xuXG4gICAgZm9yIChjb25zdCBtZW1iZXIgb2YgcHJvcHMuZ3JvdXBNZW1iZXJzKSB7XG4gICAgICBjb25zdCBtZW1iZXJHcm91cCA9XG4gICAgICAgIG1lbWJlclxuICAgICAgICAgIC5zcGxpdChcIkBcIilbMF1cbiAgICAgICAgICAuc3BsaXQoL1teYS16QS1aMC05XS8pXG4gICAgICAgICAgLm1hcCgocGFydCkgPT4gcGFydC5jaGFyQXQoMCkudG9VcHBlckNhc2UoKSArIHBhcnQuc2xpY2UoMSkpXG4gICAgICAgICAgLmpvaW4oXCJcIikgK1xuICAgICAgICBwcm9wcy5ncm91cE5hbWUuY2hhckF0KDApLnRvVXBwZXJDYXNlKCkgK1xuICAgICAgICBwcm9wcy5ncm91cE5hbWUuc2xpY2UoMSk7XG5cbiAgICAgIGNvbnN0IGxpc3RVc2Vyc0NhbGwgPSB7XG4gICAgICAgIHNlcnZpY2U6IElERU5USVRZX1NUT1JFX1NFUlZJQ0UsXG4gICAgICAgIGFjdGlvbjogXCJsaXN0VXNlcnNcIixcbiAgICAgICAgcGFyYW1ldGVyczoge1xuICAgICAgICAgIElkZW50aXR5U3RvcmVJZDogaWRlbnRpdHlTdG9yZUlkLFxuICAgICAgICAgIEZpbHRlcnM6IFtcbiAgICAgICAgICAgIHtcbiAgICAgICAgICAgICAgQXR0cmlidXRlUGF0aDogXCJVc2VyTmFtZVwiLFxuICAgICAgICAgICAgICBBdHRyaWJ1dGVWYWx1ZTogbWVtYmVyXG4gICAgICAgICAgICB9XG4gICAgICAgICAgXVxuICAgICAgICB9LFxuICAgICAgICBwaHlzaWNhbFJlc291cmNlSWQ6IGN1c3RvbVJlc291cmNlcy5QaHlzaWNhbFJlc291cmNlSWQub2YoXG4gICAgICAgICAgYGxpc3RVc2VycyR7bWVtYmVyR3JvdXB9YFxuICAgICAgICApXG4gICAgICB9O1xuXG4gICAgICBjb25zdCBsaXN0VXNlciA9IG5ldyBBd3NDdXN0b21SZXNvdXJjZShcbiAgICAgICAgdGhpcyxcbiAgICAgICAgYExpc3RVc2Vyc1Jlc291cmNlJHttZW1iZXJHcm91cH1gLFxuICAgICAgICB7XG4gICAgICAgICAgb25DcmVhdGU6IGxpc3RVc2Vyc0NhbGwsXG4gICAgICAgICAgb25VcGRhdGU6IGxpc3RVc2Vyc0NhbGxcbiAgICAgICAgfVxuICAgICAgKTtcblxuICAgICAgY29uc3QgdXNlcklkID0gbGlzdFVzZXIuZ2V0UmVzcG9uc2VGaWVsZChcIlVzZXJzLjAuVXNlcklkXCIpO1xuXG4gICAgICBjb25zdCBncm91cE1lbWJlcnNoaXBJZCA9IG5ldyBBd3NDdXN0b21SZXNvdXJjZShcbiAgICAgICAgdGhpcyxcbiAgICAgICAgYENyZWF0ZUdyb3VwTWVtYmVyc2hpcFJlc291cmNlJHttZW1iZXJHcm91cH1gLFxuICAgICAgICB7XG4gICAgICAgICAgb25DcmVhdGU6IHtcbiAgICAgICAgICAgIHNlcnZpY2U6IElERU5USVRZX1NUT1JFX1NFUlZJQ0UsXG4gICAgICAgICAgICBhY3Rpb246IFwiY3JlYXRlR3JvdXBNZW1iZXJzaGlwXCIsXG4gICAgICAgICAgICBwYXJhbWV0ZXJzOiB7XG4gICAgICAgICAgICAgIEdyb3VwSWQ6IGdyb3VwSWQsXG4gICAgICAgICAgICAgIElkZW50aXR5U3RvcmVJZDogaWRlbnRpdHlTdG9yZUlkLFxuICAgICAgICAgICAgICBNZW1iZXJJZDoge1xuICAgICAgICAgICAgICAgIFVzZXJJZDogdXNlcklkXG4gICAgICAgICAgICAgIH1cbiAgICAgICAgICAgIH0sXG4gICAgICAgICAgICBwaHlzaWNhbFJlc291cmNlSWQ6IGN1c3RvbVJlc291cmNlcy5QaHlzaWNhbFJlc291cmNlSWQub2YoXG4gICAgICAgICAgICAgIGBjcmVhdGVHcm91cE1lbWJlcnNoaXAke21lbWJlckdyb3VwfWBcbiAgICAgICAgICAgIClcbiAgICAgICAgICB9LFxuICAgICAgICAgIHJlc291cmNlVHlwZTogSURFTlRJVFlfQ0VOVEVSX1VTRVJTX1JFU09VUkNFX1RZUEVcbiAgICAgICAgfVxuICAgICAgKTtcblxuICAgICAgY29uc3QgcmVmcmVzaE1lbWJlcnNoaXAgPSBuZXcgQXdzQ3VzdG9tUmVzb3VyY2UoXG4gICAgICAgIHRoaXMsXG4gICAgICAgIGBSZWZyZXNoTWVtYmVyc2hpcFJlc291cmNlJHttZW1iZXJHcm91cH1gLFxuICAgICAgICB7XG4gICAgICAgICAgb25VcGRhdGU6IHtcbiAgICAgICAgICAgIHNlcnZpY2U6IElERU5USVRZX1NUT1JFX1NFUlZJQ0UsXG4gICAgICAgICAgICBhY3Rpb246IFwiZGVsZXRlR3JvdXBNZW1iZXJzaGlwXCIsXG4gICAgICAgICAgICBwYXJhbWV0ZXJzOiB7XG4gICAgICAgICAgICAgIElkZW50aXR5U3RvcmVJZDogaWRlbnRpdHlTdG9yZUlkLFxuICAgICAgICAgICAgICBNZW1iZXJzaGlwSWQ6IGdyb3VwTWVtYmVyc2hpcElkLmdldFJlc3BvbnNlRmllbGQoXCJNZW1iZXJzaGlwSWRcIilcbiAgICAgICAgICAgIH0sXG4gICAgICAgICAgICBwaHlzaWNhbFJlc291cmNlSWQ6IGN1c3RvbVJlc291cmNlcy5QaHlzaWNhbFJlc291cmNlSWQub2YoXG4gICAgICAgICAgICAgIGByZWZyZXNoR3JvdXBNZW1iZXJzaGlwJHttZW1iZXJHcm91cH1gXG4gICAgICAgICAgICApXG4gICAgICAgICAgfSxcbiAgICAgICAgICByZXNvdXJjZVR5cGU6IElERU5USVRZX0NFTlRFUl9VU0VSU19SRVNPVVJDRV9UWVBFXG4gICAgICAgIH1cbiAgICAgICk7XG5cbiAgICAgIGNvbnN0IHJlY3JlYXRlTWVtYmVyc2hpcCA9IG5ldyBBd3NDdXN0b21SZXNvdXJjZShcbiAgICAgICAgdGhpcyxcbiAgICAgICAgYFJlY3JlYXRlR3JvdXBNZW1iZXJzaGlwUmVzb3VyY2Uke21lbWJlckdyb3VwfWAsXG4gICAgICAgIHtcbiAgICAgICAgICBvblVwZGF0ZToge1xuICAgICAgICAgICAgc2VydmljZTogSURFTlRJVFlfU1RPUkVfU0VSVklDRSxcbiAgICAgICAgICAgIGFjdGlvbjogXCJjcmVhdGVHcm91cE1lbWJlcnNoaXBcIixcbiAgICAgICAgICAgIHBhcmFtZXRlcnM6IHtcbiAgICAgICAgICAgICAgR3JvdXBJZDogZ3JvdXBJZCxcbiAgICAgICAgICAgICAgSWRlbnRpdHlTdG9yZUlkOiBpZGVudGl0eVN0b3JlSWQsXG4gICAgICAgICAgICAgIE1lbWJlcklkOiB7XG4gICAgICAgICAgICAgICAgVXNlcklkOiB1c2VySWRcbiAgICAgICAgICAgICAgfVxuICAgICAgICAgICAgfSxcbiAgICAgICAgICAgIHBoeXNpY2FsUmVzb3VyY2VJZDogY3VzdG9tUmVzb3VyY2VzLlBoeXNpY2FsUmVzb3VyY2VJZC5vZihcbiAgICAgICAgICAgICAgYHJlY3JlYXRlR3JvdXBNZW1iZXJzaGlwJHttZW1iZXJHcm91cH1gXG4gICAgICAgICAgICApXG4gICAgICAgICAgfSxcbiAgICAgICAgICByZXNvdXJjZVR5cGU6IElERU5USVRZX0NFTlRFUl9VU0VSU19SRVNPVVJDRV9UWVBFXG4gICAgICAgIH1cbiAgICAgICk7XG5cbiAgICAgIHJlZnJlc2hNZW1iZXJzaGlwLm5vZGUuYWRkRGVwZW5kZW5jeShyZWNyZWF0ZU1lbWJlcnNoaXApO1xuXG4gICAgICBuZXcgQXdzQ3VzdG9tUmVzb3VyY2UoXG4gICAgICAgIHRoaXMsXG4gICAgICAgIGBEZWxldGVHcm91cE1lbWJlcnNoaXBSZXNvdXJjZSR7bWVtYmVyR3JvdXB9YCxcbiAgICAgICAge1xuICAgICAgICAgIG9uRGVsZXRlOiB7XG4gICAgICAgICAgICBzZXJ2aWNlOiBJREVOVElUWV9TVE9SRV9TRVJWSUNFLFxuICAgICAgICAgICAgYWN0aW9uOiBcImRlbGV0ZUdyb3VwTWVtYmVyc2hpcFwiLFxuICAgICAgICAgICAgcGFyYW1ldGVyczoge1xuICAgICAgICAgICAgICBJZGVudGl0eVN0b3JlSWQ6IGlkZW50aXR5U3RvcmVJZCxcbiAgICAgICAgICAgICAgTWVtYmVyc2hpcElkOiBncm91cE1lbWJlcnNoaXBJZC5nZXRSZXNwb25zZUZpZWxkKFwiTWVtYmVyc2hpcElkXCIpXG4gICAgICAgICAgICB9XG4gICAgICAgICAgfSxcbiAgICAgICAgICByZXNvdXJjZVR5cGU6IElERU5USVRZX0NFTlRFUl9VU0VSU19SRVNPVVJDRV9UWVBFXG4gICAgICAgIH1cbiAgICAgICk7XG4gICAgfVxuICB9XG59XG4iXX0=

package/dist/lib/config/aws/index.d.ts

@@ -1,11 +1,4 @@
-export * from "./backupGlobalSettings";
-export * from "./costAllocationTags";
 export * from "./identityCenter";
 export * from "./ipam";
-export * from "./ipamDelegateAdmin";
-export * from "./ipamPoolId";
-export * from "./ramSharing";
-export * from "./accountId";
 export * from "./ecrDefaultImage";
 export * from "./eventBus";
-export * from "./organisationId";

package/dist/lib/config/aws/index.js

@@ -14,15 +14,8 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-__exportStar(require("./backupGlobalSettings"), exports);
-__exportStar(require("./costAllocationTags"), exports);
 __exportStar(require("./identityCenter"), exports);
 __exportStar(require("./ipam"), exports);
-__exportStar(require("./ipamDelegateAdmin"), exports);
-__exportStar(require("./ipamPoolId"), exports);
-__exportStar(require("./ramSharing"), exports);
-__exportStar(require("./accountId"), exports);
 __exportStar(require("./ecrDefaultImage"), exports);
 __exportStar(require("./eventBus"), exports);
-__exportStar(require("./organisationId"), exports);
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9saWIvY29uZmlnL2F3cy9pbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7O0FBQUEseURBQXVDO0FBQ3ZDLHVEQUFxQztBQUNyQyxtREFBaUM7QUFDakMseUNBQXVCO0FBQ3ZCLHNEQUFvQztBQUNwQywrQ0FBNkI7QUFDN0IsK0NBQTZCO0FBQzdCLDhDQUE0QjtBQUM1QixvREFBa0M7QUFDbEMsNkNBQTJCO0FBQzNCLG1EQUFpQyIsInNvdXJjZXNDb250ZW50IjpbImV4cG9ydCAqIGZyb20gXCIuL2JhY2t1cEdsb2JhbFNldHRpbmdzXCI7XG5leHBvcnQgKiBmcm9tIFwiLi9jb3N0QWxsb2NhdGlvblRhZ3NcIjtcbmV4cG9ydCAqIGZyb20gXCIuL2lkZW50aXR5Q2VudGVyXCI7XG5leHBvcnQgKiBmcm9tIFwiLi9pcGFtXCI7XG5leHBvcnQgKiBmcm9tIFwiLi9pcGFtRGVsZWdhdGVBZG1pblwiO1xuZXhwb3J0ICogZnJvbSBcIi4vaXBhbVBvb2xJZFwiO1xuZXhwb3J0ICogZnJvbSBcIi4vcmFtU2hhcmluZ1wiO1xuZXhwb3J0ICogZnJvbSBcIi4vYWNjb3VudElkXCI7XG5leHBvcnQgKiBmcm9tIFwiLi9lY3JEZWZhdWx0SW1hZ2VcIjtcbmV4cG9ydCAqIGZyb20gXCIuL2V2ZW50QnVzXCI7XG5leHBvcnQgKiBmcm9tIFwiLi9vcmdhbmlzYXRpb25JZFwiO1xuIl19
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9saWIvY29uZmlnL2F3cy9pbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsbURBQWlDO0FBQ2pDLHlDQUF1QjtBQUN2QixvREFBa0M7QUFDbEMsNkNBQTJCIiwic291cmNlc0NvbnRlbnQiOlsiZXhwb3J0ICogZnJvbSBcIi4vaWRlbnRpdHlDZW50ZXJcIjtcbmV4cG9ydCAqIGZyb20gXCIuL2lwYW1cIjtcbmV4cG9ydCAqIGZyb20gXCIuL2VjckRlZmF1bHRJbWFnZVwiO1xuZXhwb3J0ICogZnJvbSBcIi4vZXZlbnRCdXNcIjtcbiJdfQ==

package/dist/lib/layers/layers/secrets-resolver/bin/resolve-secrets

@@ -0,0 +1,30 @@
+#!/bin/bash
+# Fjall Secrets Resolver Wrapper
+#
+# Invoked by AWS_LAMBDA_EXEC_WRAPPER before the Lambda runtime starts.
+# Calls the Node.js resolver to fetch secrets from the AWS Parameters and
+# Secrets Extension, then execs into the original runtime bootstrap.
+#
+# The resolver outputs `export KEY='value'` lines which we eval to inject
+# secrets as environment variables visible to the handler.
+
+set -euo pipefail
+
+# Only run resolver if secrets are configured
+if [ -n "${SSM_SECRET_NAMES:-}" ] || env | grep -q '_SECRET_ARN='; then
+  RESOLVER_OUTPUT=$(/var/lang/bin/node /opt/bin/resolve-secrets.mjs)
+  if [ -n "$RESOLVER_OUTPUT" ]; then
+    # Validate each line matches `export NAME='...'` before eval to prevent
+    # accidental code execution if the resolver ever emits unexpected output
+    while IFS= read -r line; do
+      if [[ "$line" =~ ^export\ [a-zA-Z_][a-zA-Z0-9_]*= ]]; then
+        eval "$line"
+      else
+        echo "[fjall-resolver] Unexpected output from resolver: ${line:0:80}" >&2
+        exit 1
+      fi
+    done <<< "$RESOLVER_OUTPUT"
+  fi
+fi
+
+exec "$@"

package/dist/lib/layers/layers/secrets-resolver/bin/resolve-secrets.mjs

@@ -0,0 +1,212 @@
+/**
+ * Fjall Secrets Resolver — runs before Lambda handler via AWS_LAMBDA_EXEC_WRAPPER.
+ *
+ * Resolves secrets from two sources using the AWS Parameters and Secrets Extension
+ * HTTP cache at localhost:2773:
+ *
+ * 1. SSM Parameter Store (user-managed secrets via `fjall secrets set`)
+ *    Reads SSM_SECRETS_PATH + SSM_SECRET_NAMES, fetches each parameter,
+ *    exports as environment variables.
+ *
+ * 2. Secrets Manager (CDK-managed secrets, e.g. database credentials)
+ *    Scans for *_SECRET_ARN env vars, fetches each secret,
+ *    optionally extracts a JSON field via the matching *_SECRET_FIELD var,
+ *    exports as the prefix (e.g. DATABASE_PASSWORD_SECRET_ARN → DATABASE_PASSWORD).
+ *
+ * Outputs `export KEY='value'` lines to stdout. The bash wrapper evals this output
+ * and then execs into the Lambda runtime.
+ *
+ * The Extension may not be ready immediately during INIT phase, so all HTTP
+ * calls use a retry loop with exponential backoff.
+ */
+
+const EXTENSION_PORT = process.env.PARAMETERS_SECRETS_EXTENSION_HTTP_PORT || "2773";
+const EXTENSION_URL = `http://localhost:${EXTENSION_PORT}`;
+const MAX_RETRIES = 5;
+const INITIAL_DELAY_MS = 100;
+/** Per-request timeout — generous for localhost; total budget bounded by Lambda INIT timeout */
+const REQUEST_TIMEOUT_MS = 2000;
+
+/**
+ * Fetch from the Extension HTTP API with retry and exponential backoff.
+ * The Extension starts during INIT phase 1 (Extension init) and the wrapper
+ * runs during INIT phase 2 (Runtime init), so it is usually ready — but
+ * a retry loop handles the timing edge case.
+ */
+async function fetchWithRetry(path) {
+  let delay = INITIAL_DELAY_MS;
+  let lastError;
+
+  for (let attempt = 0; attempt < MAX_RETRIES; attempt++) {
+    try {
+      const response = await fetch(`${EXTENSION_URL}${path}`, {
+        headers: {
+          "X-Aws-Parameters-Secrets-Token": process.env.AWS_SESSION_TOKEN,
+        },
+        signal: AbortSignal.timeout(REQUEST_TIMEOUT_MS),
+      });
+      if (response.ok) {
+        return await response.json();
+      }
+      // 4xx errors (e.g. secret not found) — don't retry
+      if (response.status >= 400 && response.status < 500) {
+        const body = await response.text().catch(() => "");
+        const err = new Error(`Extension returned ${response.status}: ${body}`);
+        err.nonRetriable = true;
+        throw err;
+      }
+      // 5xx — retriable
+      const body = await response.text().catch(() => "");
+      lastError = new Error(`Extension returned ${response.status}: ${body}`);
+    } catch (err) {
+      if (err.nonRetriable) {
+        throw err;
+      }
+      lastError = err;
+    }
+
+    // Retry with backoff (both 5xx and network errors)
+    if (attempt < MAX_RETRIES - 1) {
+      await new Promise((r) => setTimeout(r, delay));
+      delay *= 2;
+    }
+  }
+
+  throw new Error(
+    `Failed to reach Extension after ${MAX_RETRIES} attempts: ${lastError?.message}`,
+  );
+}
+
+/**
+ * Escape a value for safe inclusion in a shell `export KEY='value'` statement.
+ * Single-quotes are the safest quoting mechanism — only embedded single-quotes
+ * need escaping via the close-reopen pattern: ' → '\''
+ */
+function shellEscape(value) {
+  return "'" + value.replace(/'/g, "'\\''") + "'";
+}
+
+// POSIX env var names: letters, digits, underscores; must not start with a digit
+const VALID_ENV_NAME = /^[a-zA-Z_][a-zA-Z0-9_]*$/;
+
+function assertValidEnvName(name, source) {
+  if (!VALID_ENV_NAME.test(name)) {
+    process.stderr.write(
+      `[fjall-resolver] Invalid env var name '${name}' from ${source}. ` +
+        `Names must match [a-zA-Z_][a-zA-Z0-9_]* (no dots or hyphens).\n`,
+    );
+    process.exit(1);
+  }
+}
+
+/**
+ * Resolve SSM Parameter Store secrets.
+ * Reads SSM_SECRETS_PATH and SSM_SECRET_NAMES, fetches each SecureString parameter.
+ */
+async function resolveSsmSecrets() {
+  const basePath = process.env.SSM_SECRETS_PATH;
+  const secretNames = process.env.SSM_SECRET_NAMES;
+
+  if (!basePath || !secretNames) return [];
+
+  const names = secretNames.split(",").filter(Boolean);
+  const exports = [];
+
+  for (const name of names) {
+    assertValidEnvName(name, "SSM_SECRET_NAMES");
+    const paramPath = `${basePath}/${name}`;
+    const encodedPath = encodeURIComponent(paramPath);
+
+    try {
+      const data = await fetchWithRetry(
+        `/systemsmanager/parameters/get?name=${encodedPath}&withDecryption=true`,
+      );
+      const value = data?.Parameter?.Value;
+      if (value !== undefined && value !== null) {
+        exports.push(`export ${name}=${shellEscape(value)}`);
+      }
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      process.stderr.write(
+        `[fjall-resolver] Failed to resolve SSM parameter ${paramPath}: ${msg}\n`,
+      );
+      process.exit(1);
+    }
+  }
+
+  return exports;
+}
+
+/**
+ * Resolve Secrets Manager secrets.
+ * Scans for *_SECRET_ARN env vars, fetches each secret from SM,
+ * optionally extracts a JSON field, and exports as the prefix.
+ */
+async function resolveSecretsManagerSecrets() {
+  const exports = [];
+
+  for (const [key, arn] of Object.entries(process.env)) {
+    if (!key.endsWith("_SECRET_ARN") || !arn) continue;
+
+    const prefix = key.slice(0, -"_SECRET_ARN".length);
+    assertValidEnvName(prefix, "Secrets Manager");
+    const fieldKey = `${prefix}_SECRET_FIELD`;
+    const field = process.env[fieldKey];
+
+    const encodedArn = encodeURIComponent(arn);
+
+    try {
+      const data = await fetchWithRetry(
+        `/secretsmanager/get?secretId=${encodedArn}`,
+      );
+
+      let value;
+      if (field && data?.SecretString) {
+        let parsed;
+        try {
+          parsed = JSON.parse(data.SecretString);
+        } catch {
+          throw new Error(
+            `Secret is not valid JSON but field '${field}' was requested. Store the secret as a JSON object.`,
+          );
+        }
+        value = parsed[field];
+        if (value === undefined) {
+          throw new Error(
+            `Field '${field}' not found in secret (${Object.keys(parsed).length} fields present).`,
+          );
+        }
+      } else {
+        value = data?.SecretString;
+      }
+
+      if (value !== undefined && value !== null) {
+        exports.push(`export ${prefix}=${shellEscape(String(value))}`);
+      }
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      process.stderr.write(
+        `[fjall-resolver] Failed to resolve SM secret ${prefix} (${arn}): ${msg}\n`,
+      );
+      process.exit(1);
+    }
+  }
+
+  return exports;
+}
+
+async function main() {
+  const ssmExports = await resolveSsmSecrets();
+  const smExports = await resolveSecretsManagerSecrets();
+  const allExports = [...ssmExports, ...smExports];
+
+  if (allExports.length > 0) {
+    process.stdout.write(allExports.join("\n") + "\n");
+  }
+}
+
+main().catch((err) => {
+  const msg = err instanceof Error ? err.message : String(err);
+  process.stderr.write(`[fjall-resolver] Fatal error: ${msg}\n`);
+  process.exit(1);
+});

package/dist/lib/layers/secrets-resolver/bin/resolve-secrets

@@ -0,0 +1,30 @@
+#!/bin/bash
+# Fjall Secrets Resolver Wrapper
+#
+# Invoked by AWS_LAMBDA_EXEC_WRAPPER before the Lambda runtime starts.
+# Calls the Node.js resolver to fetch secrets from the AWS Parameters and
+# Secrets Extension, then execs into the original runtime bootstrap.
+#
+# The resolver outputs `export KEY='value'` lines which we eval to inject
+# secrets as environment variables visible to the handler.
+
+set -euo pipefail
+
+# Only run resolver if secrets are configured
+if [ -n "${SSM_SECRET_NAMES:-}" ] || env | grep -q '_SECRET_ARN='; then
+  RESOLVER_OUTPUT=$(/var/lang/bin/node /opt/bin/resolve-secrets.mjs)
+  if [ -n "$RESOLVER_OUTPUT" ]; then
+    # Validate each line matches `export NAME='...'` before eval to prevent
+    # accidental code execution if the resolver ever emits unexpected output
+    while IFS= read -r line; do
+      if [[ "$line" =~ ^export\ [a-zA-Z_][a-zA-Z0-9_]*= ]]; then
+        eval "$line"
+      else
+        echo "[fjall-resolver] Unexpected output from resolver: ${line:0:80}" >&2
+        exit 1
+      fi
+    done <<< "$RESOLVER_OUTPUT"
+  fi
+fi
+
+exec "$@"