@fjall/components-infrastructure 0.88.1 → 0.88.4

package/dist/lib/layers/layers/secrets-resolver/bin/resolve-secrets.mjs

@@ -0,0 +1,212 @@
+/**
+ * Fjall Secrets Resolver — runs before Lambda handler via AWS_LAMBDA_EXEC_WRAPPER.
+ *
+ * Resolves secrets from two sources using the AWS Parameters and Secrets Extension
+ * HTTP cache at localhost:2773:
+ *
+ * 1. SSM Parameter Store (user-managed secrets via `fjall secrets set`)
+ *    Reads SSM_SECRETS_PATH + SSM_SECRET_NAMES, fetches each parameter,
+ *    exports as environment variables.
+ *
+ * 2. Secrets Manager (CDK-managed secrets, e.g. database credentials)
+ *    Scans for *_SECRET_ARN env vars, fetches each secret,
+ *    optionally extracts a JSON field via the matching *_SECRET_FIELD var,
+ *    exports as the prefix (e.g. DATABASE_PASSWORD_SECRET_ARN → DATABASE_PASSWORD).
+ *
+ * Outputs `export KEY='value'` lines to stdout. The bash wrapper evals this output
+ * and then execs into the Lambda runtime.
+ *
+ * The Extension may not be ready immediately during INIT phase, so all HTTP
+ * calls use a retry loop with exponential backoff.
+ */
+
+const EXTENSION_PORT = process.env.PARAMETERS_SECRETS_EXTENSION_HTTP_PORT || "2773";
+const EXTENSION_URL = `http://localhost:${EXTENSION_PORT}`;
+const MAX_RETRIES = 5;
+const INITIAL_DELAY_MS = 100;
+/** Per-request timeout — generous for localhost; total budget bounded by Lambda INIT timeout */
+const REQUEST_TIMEOUT_MS = 2000;
+
+/**
+ * Fetch from the Extension HTTP API with retry and exponential backoff.
+ * The Extension starts during INIT phase 1 (Extension init) and the wrapper
+ * runs during INIT phase 2 (Runtime init), so it is usually ready — but
+ * a retry loop handles the timing edge case.
+ */
+async function fetchWithRetry(path) {
+  let delay = INITIAL_DELAY_MS;
+  let lastError;
+
+  for (let attempt = 0; attempt < MAX_RETRIES; attempt++) {
+    try {
+      const response = await fetch(`${EXTENSION_URL}${path}`, {
+        headers: {
+          "X-Aws-Parameters-Secrets-Token": process.env.AWS_SESSION_TOKEN,
+        },
+        signal: AbortSignal.timeout(REQUEST_TIMEOUT_MS),
+      });
+      if (response.ok) {
+        return await response.json();
+      }
+      // 4xx errors (e.g. secret not found) — don't retry
+      if (response.status >= 400 && response.status < 500) {
+        const body = await response.text().catch(() => "");
+        const err = new Error(`Extension returned ${response.status}: ${body}`);
+        err.nonRetriable = true;
+        throw err;
+      }
+      // 5xx — retriable
+      const body = await response.text().catch(() => "");
+      lastError = new Error(`Extension returned ${response.status}: ${body}`);
+    } catch (err) {
+      if (err.nonRetriable) {
+        throw err;
+      }
+      lastError = err;
+    }
+
+    // Retry with backoff (both 5xx and network errors)
+    if (attempt < MAX_RETRIES - 1) {
+      await new Promise((r) => setTimeout(r, delay));
+      delay *= 2;
+    }
+  }
+
+  throw new Error(
+    `Failed to reach Extension after ${MAX_RETRIES} attempts: ${lastError?.message}`,
+  );
+}
+
+/**
+ * Escape a value for safe inclusion in a shell `export KEY='value'` statement.
+ * Single-quotes are the safest quoting mechanism — only embedded single-quotes
+ * need escaping via the close-reopen pattern: ' → '\''
+ */
+function shellEscape(value) {
+  return "'" + value.replace(/'/g, "'\\''") + "'";
+}
+
+// POSIX env var names: letters, digits, underscores; must not start with a digit
+const VALID_ENV_NAME = /^[a-zA-Z_][a-zA-Z0-9_]*$/;
+
+function assertValidEnvName(name, source) {
+  if (!VALID_ENV_NAME.test(name)) {
+    process.stderr.write(
+      `[fjall-resolver] Invalid env var name '${name}' from ${source}. ` +
+        `Names must match [a-zA-Z_][a-zA-Z0-9_]* (no dots or hyphens).\n`,
+    );
+    process.exit(1);
+  }
+}
+
+/**
+ * Resolve SSM Parameter Store secrets.
+ * Reads SSM_SECRETS_PATH and SSM_SECRET_NAMES, fetches each SecureString parameter.
+ */
+async function resolveSsmSecrets() {
+  const basePath = process.env.SSM_SECRETS_PATH;
+  const secretNames = process.env.SSM_SECRET_NAMES;
+
+  if (!basePath || !secretNames) return [];
+
+  const names = secretNames.split(",").filter(Boolean);
+  const exports = [];
+
+  for (const name of names) {
+    assertValidEnvName(name, "SSM_SECRET_NAMES");
+    const paramPath = `${basePath}/${name}`;
+    const encodedPath = encodeURIComponent(paramPath);
+
+    try {
+      const data = await fetchWithRetry(
+        `/systemsmanager/parameters/get?name=${encodedPath}&withDecryption=true`,
+      );
+      const value = data?.Parameter?.Value;
+      if (value !== undefined && value !== null) {
+        exports.push(`export ${name}=${shellEscape(value)}`);
+      }
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      process.stderr.write(
+        `[fjall-resolver] Failed to resolve SSM parameter ${paramPath}: ${msg}\n`,
+      );
+      process.exit(1);
+    }
+  }
+
+  return exports;
+}
+
+/**
+ * Resolve Secrets Manager secrets.
+ * Scans for *_SECRET_ARN env vars, fetches each secret from SM,
+ * optionally extracts a JSON field, and exports as the prefix.
+ */
+async function resolveSecretsManagerSecrets() {
+  const exports = [];
+
+  for (const [key, arn] of Object.entries(process.env)) {
+    if (!key.endsWith("_SECRET_ARN") || !arn) continue;
+
+    const prefix = key.slice(0, -"_SECRET_ARN".length);
+    assertValidEnvName(prefix, "Secrets Manager");
+    const fieldKey = `${prefix}_SECRET_FIELD`;
+    const field = process.env[fieldKey];
+
+    const encodedArn = encodeURIComponent(arn);
+
+    try {
+      const data = await fetchWithRetry(
+        `/secretsmanager/get?secretId=${encodedArn}`,
+      );
+
+      let value;
+      if (field && data?.SecretString) {
+        let parsed;
+        try {
+          parsed = JSON.parse(data.SecretString);
+        } catch {
+          throw new Error(
+            `Secret is not valid JSON but field '${field}' was requested. Store the secret as a JSON object.`,
+          );
+        }
+        value = parsed[field];
+        if (value === undefined) {
+          throw new Error(
+            `Field '${field}' not found in secret (${Object.keys(parsed).length} fields present).`,
+          );
+        }
+      } else {
+        value = data?.SecretString;
+      }
+
+      if (value !== undefined && value !== null) {
+        exports.push(`export ${prefix}=${shellEscape(String(value))}`);
+      }
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      process.stderr.write(
+        `[fjall-resolver] Failed to resolve SM secret ${prefix} (${arn}): ${msg}\n`,
+      );
+      process.exit(1);
+    }
+  }
+
+  return exports;
+}
+
+async function main() {
+  const ssmExports = await resolveSsmSecrets();
+  const smExports = await resolveSecretsManagerSecrets();
+  const allExports = [...ssmExports, ...smExports];
+
+  if (allExports.length > 0) {
+    process.stdout.write(allExports.join("\n") + "\n");
+  }
+}
+
+main().catch((err) => {
+  const msg = err instanceof Error ? err.message : String(err);
+  process.stderr.write(`[fjall-resolver] Fatal error: ${msg}\n`);
+  process.exit(1);
+});

package/dist/lib/layers/secrets-resolver/bin/resolve-secrets

@@ -0,0 +1,30 @@
+#!/bin/bash
+# Fjall Secrets Resolver Wrapper
+#
+# Invoked by AWS_LAMBDA_EXEC_WRAPPER before the Lambda runtime starts.
+# Calls the Node.js resolver to fetch secrets from the AWS Parameters and
+# Secrets Extension, then execs into the original runtime bootstrap.
+#
+# The resolver outputs `export KEY='value'` lines which we eval to inject
+# secrets as environment variables visible to the handler.
+
+set -euo pipefail
+
+# Only run resolver if secrets are configured
+if [ -n "${SSM_SECRET_NAMES:-}" ] || env | grep -q '_SECRET_ARN='; then
+  RESOLVER_OUTPUT=$(/var/lang/bin/node /opt/bin/resolve-secrets.mjs)
+  if [ -n "$RESOLVER_OUTPUT" ]; then
+    # Validate each line matches `export NAME='...'` before eval to prevent
+    # accidental code execution if the resolver ever emits unexpected output
+    while IFS= read -r line; do
+      if [[ "$line" =~ ^export\ [a-zA-Z_][a-zA-Z0-9_]*= ]]; then
+        eval "$line"
+      else
+        echo "[fjall-resolver] Unexpected output from resolver: ${line:0:80}" >&2
+        exit 1
+      fi
+    done <<< "$RESOLVER_OUTPUT"
+  fi
+fi
+
+exec "$@"

package/dist/lib/layers/secrets-resolver/bin/resolve-secrets.mjs

@@ -0,0 +1,212 @@
+/**
+ * Fjall Secrets Resolver — runs before Lambda handler via AWS_LAMBDA_EXEC_WRAPPER.
+ *
+ * Resolves secrets from two sources using the AWS Parameters and Secrets Extension
+ * HTTP cache at localhost:2773:
+ *
+ * 1. SSM Parameter Store (user-managed secrets via `fjall secrets set`)
+ *    Reads SSM_SECRETS_PATH + SSM_SECRET_NAMES, fetches each parameter,
+ *    exports as environment variables.
+ *
+ * 2. Secrets Manager (CDK-managed secrets, e.g. database credentials)
+ *    Scans for *_SECRET_ARN env vars, fetches each secret,
+ *    optionally extracts a JSON field via the matching *_SECRET_FIELD var,
+ *    exports as the prefix (e.g. DATABASE_PASSWORD_SECRET_ARN → DATABASE_PASSWORD).
+ *
+ * Outputs `export KEY='value'` lines to stdout. The bash wrapper evals this output
+ * and then execs into the Lambda runtime.
+ *
+ * The Extension may not be ready immediately during INIT phase, so all HTTP
+ * calls use a retry loop with exponential backoff.
+ */
+
+const EXTENSION_PORT = process.env.PARAMETERS_SECRETS_EXTENSION_HTTP_PORT || "2773";
+const EXTENSION_URL = `http://localhost:${EXTENSION_PORT}`;
+const MAX_RETRIES = 5;
+const INITIAL_DELAY_MS = 100;
+/** Per-request timeout — generous for localhost; total budget bounded by Lambda INIT timeout */
+const REQUEST_TIMEOUT_MS = 2000;
+
+/**
+ * Fetch from the Extension HTTP API with retry and exponential backoff.
+ * The Extension starts during INIT phase 1 (Extension init) and the wrapper
+ * runs during INIT phase 2 (Runtime init), so it is usually ready — but
+ * a retry loop handles the timing edge case.
+ */
+async function fetchWithRetry(path) {
+  let delay = INITIAL_DELAY_MS;
+  let lastError;
+
+  for (let attempt = 0; attempt < MAX_RETRIES; attempt++) {
+    try {
+      const response = await fetch(`${EXTENSION_URL}${path}`, {
+        headers: {
+          "X-Aws-Parameters-Secrets-Token": process.env.AWS_SESSION_TOKEN,
+        },
+        signal: AbortSignal.timeout(REQUEST_TIMEOUT_MS),
+      });
+      if (response.ok) {
+        return await response.json();
+      }
+      // 4xx errors (e.g. secret not found) — don't retry
+      if (response.status >= 400 && response.status < 500) {
+        const body = await response.text().catch(() => "");
+        const err = new Error(`Extension returned ${response.status}: ${body}`);
+        err.nonRetriable = true;
+        throw err;
+      }
+      // 5xx — retriable
+      const body = await response.text().catch(() => "");
+      lastError = new Error(`Extension returned ${response.status}: ${body}`);
+    } catch (err) {
+      if (err.nonRetriable) {
+        throw err;
+      }
+      lastError = err;
+    }
+
+    // Retry with backoff (both 5xx and network errors)
+    if (attempt < MAX_RETRIES - 1) {
+      await new Promise((r) => setTimeout(r, delay));
+      delay *= 2;
+    }
+  }
+
+  throw new Error(
+    `Failed to reach Extension after ${MAX_RETRIES} attempts: ${lastError?.message}`,
+  );
+}
+
+/**
+ * Escape a value for safe inclusion in a shell `export KEY='value'` statement.
+ * Single-quotes are the safest quoting mechanism — only embedded single-quotes
+ * need escaping via the close-reopen pattern: ' → '\''
+ */
+function shellEscape(value) {
+  return "'" + value.replace(/'/g, "'\\''") + "'";
+}
+
+// POSIX env var names: letters, digits, underscores; must not start with a digit
+const VALID_ENV_NAME = /^[a-zA-Z_][a-zA-Z0-9_]*$/;
+
+function assertValidEnvName(name, source) {
+  if (!VALID_ENV_NAME.test(name)) {
+    process.stderr.write(
+      `[fjall-resolver] Invalid env var name '${name}' from ${source}. ` +
+        `Names must match [a-zA-Z_][a-zA-Z0-9_]* (no dots or hyphens).\n`,
+    );
+    process.exit(1);
+  }
+}
+
+/**
+ * Resolve SSM Parameter Store secrets.
+ * Reads SSM_SECRETS_PATH and SSM_SECRET_NAMES, fetches each SecureString parameter.
+ */
+async function resolveSsmSecrets() {
+  const basePath = process.env.SSM_SECRETS_PATH;
+  const secretNames = process.env.SSM_SECRET_NAMES;
+
+  if (!basePath || !secretNames) return [];
+
+  const names = secretNames.split(",").filter(Boolean);
+  const exports = [];
+
+  for (const name of names) {
+    assertValidEnvName(name, "SSM_SECRET_NAMES");
+    const paramPath = `${basePath}/${name}`;
+    const encodedPath = encodeURIComponent(paramPath);
+
+    try {
+      const data = await fetchWithRetry(
+        `/systemsmanager/parameters/get?name=${encodedPath}&withDecryption=true`,
+      );
+      const value = data?.Parameter?.Value;
+      if (value !== undefined && value !== null) {
+        exports.push(`export ${name}=${shellEscape(value)}`);
+      }
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      process.stderr.write(
+        `[fjall-resolver] Failed to resolve SSM parameter ${paramPath}: ${msg}\n`,
+      );
+      process.exit(1);
+    }
+  }
+
+  return exports;
+}
+
+/**
+ * Resolve Secrets Manager secrets.
+ * Scans for *_SECRET_ARN env vars, fetches each secret from SM,
+ * optionally extracts a JSON field, and exports as the prefix.
+ */
+async function resolveSecretsManagerSecrets() {
+  const exports = [];
+
+  for (const [key, arn] of Object.entries(process.env)) {
+    if (!key.endsWith("_SECRET_ARN") || !arn) continue;
+
+    const prefix = key.slice(0, -"_SECRET_ARN".length);
+    assertValidEnvName(prefix, "Secrets Manager");
+    const fieldKey = `${prefix}_SECRET_FIELD`;
+    const field = process.env[fieldKey];
+
+    const encodedArn = encodeURIComponent(arn);
+
+    try {
+      const data = await fetchWithRetry(
+        `/secretsmanager/get?secretId=${encodedArn}`,
+      );
+
+      let value;
+      if (field && data?.SecretString) {
+        let parsed;
+        try {
+          parsed = JSON.parse(data.SecretString);
+        } catch {
+          throw new Error(
+            `Secret is not valid JSON but field '${field}' was requested. Store the secret as a JSON object.`,
+          );
+        }
+        value = parsed[field];
+        if (value === undefined) {
+          throw new Error(
+            `Field '${field}' not found in secret (${Object.keys(parsed).length} fields present).`,
+          );
+        }
+      } else {
+        value = data?.SecretString;
+      }
+
+      if (value !== undefined && value !== null) {
+        exports.push(`export ${prefix}=${shellEscape(String(value))}`);
+      }
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      process.stderr.write(
+        `[fjall-resolver] Failed to resolve SM secret ${prefix} (${arn}): ${msg}\n`,
+      );
+      process.exit(1);
+    }
+  }
+
+  return exports;
+}
+
+async function main() {
+  const ssmExports = await resolveSsmSecrets();
+  const smExports = await resolveSecretsManagerSecrets();
+  const allExports = [...ssmExports, ...smExports];
+
+  if (allExports.length > 0) {
+    process.stdout.write(allExports.join("\n") + "\n");
+  }
+}
+
+main().catch((err) => {
+  const msg = err instanceof Error ? err.message : String(err);
+  process.stderr.write(`[fjall-resolver] Fatal error: ${msg}\n`);
+  process.exit(1);
+});

package/dist/lib/patterns/aws/account.js

@@ -4,6 +4,9 @@ exports.Account = void 0;
 const aws_cdk_lib_1 = require("aws-cdk-lib");
 const aws_1 = require("../../config/aws");
 const cloudTrail_1 = require("../../config/aws/cloudTrail");
+const oidcConnector_1 = require("../../config/aws/oidcConnector");
+const accountMonitoringRole_1 = require("../../config/aws/accountMonitoringRole");
+const accountAuditRole_1 = require("../../config/aws/accountAuditRole");
 const getConfig_1 = require("../../utils/getConfig");
 const disasterRecovery_1 = require("../../config/aws/disasterRecovery");
 class Account extends aws_cdk_lib_1.Stack {
@@ -17,35 +20,58 @@ class Account extends aws_cdk_lib_1.Stack {
         super(scope, id, props);
         this.organisationType = "account";
         this.resolvedRegion = region;
-        const organisation = new aws_1.OrganisationId(this, "OrganisationId");
-        const account = new aws_1.AccountId(this, "AccountId");
+        const orgId = this.node.tryGetContext("orgId");
+        if (orgId) {
+            new aws_cdk_lib_1.CfnOutput(this, "OrganisationIdOutput", {
+                key: "OrganisationId",
+                value: orgId,
+                exportName: "OrganisationId"
+            });
+        }
+        new aws_cdk_lib_1.CfnOutput(this, "AccountIdOutput", {
+            key: "AccountId",
+            value: this.account,
+            exportName: "AccountId",
+            description: "AWS Account ID for this account"
+        });
         const eventBus = new aws_1.DefaultEventBus(this, "EventBus");
-        if (id === "Account") {
-            new aws_1.IpamPoolId(this, "IpamPoolId", {
-                accountId,
-                region,
-                ownerId: aws_cdk_lib_1.Fn.select(4, aws_cdk_lib_1.Fn.split(":", organisation.organisationAccountArn.value))
+        const ipamPoolId = this.node.tryGetContext("ipamPoolId");
+        if (id === "Account" && ipamPoolId) {
+            const regionSuffix = region.replace(/-/g, "");
+            new aws_cdk_lib_1.CfnOutput(this, "IpamPoolIdOutput", {
+                key: `IpamPoolId${accountId}${regionSuffix}`,
+                value: ipamPoolId,
+                exportName: `IpamPoolId${accountId}${regionSuffix}`
             });
         }
+        const fjallOrgId = this.node.tryGetContext("fjallOrgId");
+        if (id === "Account" && fjallOrgId) {
+            new oidcConnector_1.OidcConnector(this, "OidcConnector", { fjallOrgId });
+        }
+        // Per-account monitoring role (unconditional; ExternalId added when orgId known)
+        new accountMonitoringRole_1.AccountMonitoringRole(this, "MonitoringRole", fjallOrgId ? { fjallOrgId } : undefined);
+        // Per-account audit role (conditional on fjallOrgId)
+        if (fjallOrgId) {
+            new accountAuditRole_1.AccountAuditRole(this, "AuditRole", { fjallOrgId });
+        }
         new cloudTrail_1.ManagementEventsTrail(this, "CloudTrail", {
-            accountId: account.accountId.value,
+            accountId: this.account,
             region
         });
         new aws_1.EcrDefaultImage(this, "EcrDefaultImage", {
             region,
-            accountId: account.accountId.value,
+            accountId: this.account,
             eventBusArn: eventBus.defaultEventBusArn.value
         });
         const environment = config.environment || "unknown";
-        const isComplianceAccount = environment === "compliance";
-        const isReplicationRegion = config.disasterRecoveryRegion && region === config.disasterRecoveryRegion;
-        if (environment === "production" ||
-            isComplianceAccount ||
-            isReplicationRegion) {
-            new disasterRecovery_1.DisasterRecovery(this, "DisasterRecovery", {
-                region,
-                accountId
-            });
+        if (config.disasterRecoveryRegion) {
+            const isComplianceAccount = environment === "compliance";
+            if (environment === "production" || isComplianceAccount) {
+                new disasterRecovery_1.DisasterRecovery(this, "DisasterRecovery", {
+                    region,
+                    accountId
+                });
+            }
         }
         new aws_cdk_lib_1.CfnOutput(this, "Environment", {
             key: "Environment",
@@ -56,4 +82,4 @@ class Account extends aws_cdk_lib_1.Stack {
     }
 }
 exports.Account = Account;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWNjb3VudC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL2xpYi9wYXR0ZXJucy9hd3MvYWNjb3VudC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSw2Q0FBb0U7QUFDcEUsMENBTTBCO0FBRTFCLDREQUFvRTtBQUNwRSxxREFBa0Q7QUFDbEQsd0VBQXFFO0FBUXJFLE1BQWEsT0FBUSxTQUFRLG1CQUFLO0lBSWhDLFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBbUI7UUFDM0QsTUFBTSxNQUFNLEdBQUcsSUFBQSxxQkFBUyxHQUFFLENBQUM7UUFDM0IsTUFBTSxTQUFTLEdBQUcsS0FBSyxDQUFDLFNBQVMsSUFBSSxNQUFNLENBQUMsU0FBUyxDQUFDO1FBQ3RELE1BQU0sTUFBTSxHQUFHLEtBQUssQ0FBQyxNQUFNLElBQUksTUFBTSxDQUFDLE1BQU0sQ0FBQztRQUU3QyxJQUFJLENBQUMsU0FBUyxFQUFFLENBQUM7WUFDZixNQUFNLElBQUksS0FBSyxDQUNiLG9HQUFvRyxDQUNyRyxDQUFDO1FBQ0osQ0FBQztRQUVELEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxFQUFFLEtBQUssQ0FBQyxDQUFDO1FBZFYscUJBQWdCLEdBQXFCLFNBQVMsQ0FBQztRQWdCN0QsSUFBSSxDQUFDLGNBQWMsR0FBRyxNQUFNLENBQUM7UUFFN0IsTUFBTSxZQUFZLEdBQUcsSUFBSSxvQkFBYyxDQUFDLElBQUksRUFBRSxnQkFBZ0IsQ0FBQyxDQUFDO1FBRWhFLE1BQU0sT0FBTyxHQUFHLElBQUksZUFBUyxDQUFDLElBQUksRUFBRSxXQUFXLENBQUMsQ0FBQztRQUVqRCxNQUFNLFFBQVEsR0FBRyxJQUFJLHFCQUFlLENBQUMsSUFBSSxFQUFFLFVBQVUsQ0FBQyxDQUFDO1FBRXZELElBQUksRUFBRSxLQUFLLFNBQVMsRUFBRSxDQUFDO1lBQ3JCLElBQUksZ0JBQVUsQ0FBQyxJQUFJLEVBQUUsWUFBWSxFQUFFO2dCQUNqQyxTQUFTO2dCQUNULE1BQU07Z0JBQ04sT0FBTyxFQUFFLGdCQUFFLENBQUMsTUFBTSxDQUNoQixDQUFDLEVBQ0QsZ0JBQUUsQ0FBQyxLQUFLLENBQUMsR0FBRyxFQUFFLFlBQVksQ0FBQyxzQkFBc0IsQ0FBQyxLQUFLLENBQUMsQ0FDekQ7YUFDRixDQUFDLENBQUM7UUFDTCxDQUFDO1FBRUQsSUFBSSxrQ0FBcUIsQ0FBQyxJQUFJLEVBQUUsWUFBWSxFQUFFO1lBQzVDLFNBQVMsRUFBRSxPQUFPLENBQUMsU0FBUyxDQUFDLEtBQUs7WUFDbEMsTUFBTTtTQUNQLENBQUMsQ0FBQztRQUVILElBQUkscUJBQWUsQ0FBQyxJQUFJLEVBQUUsaUJBQWlCLEVBQUU7WUFDM0MsTUFBTTtZQUNOLFNBQVMsRUFBRSxPQUFPLENBQUMsU0FBUyxDQUFDLEtBQUs7WUFDbEMsV0FBVyxFQUFFLFFBQVEsQ0FBQyxrQkFBa0IsQ0FBQyxLQUFLO1NBQy9DLENBQUMsQ0FBQztRQUVILE1BQU0sV0FBVyxHQUFHLE1BQU0sQ0FBQyxXQUFXLElBQUksU0FBUyxDQUFDO1FBRXBELE1BQU0sbUJBQW1CLEdBQUcsV0FBVyxLQUFLLFlBQVksQ0FBQztRQUN6RCxNQUFNLG1CQUFtQixHQUN2QixNQUFNLENBQUMsc0JBQXNCLElBQUksTUFBTSxLQUFLLE1BQU0sQ0FBQyxzQkFBc0IsQ0FBQztRQUU1RSxJQUNFLFdBQVcsS0FBSyxZQUFZO1lBQzVCLG1CQUFtQjtZQUNuQixtQkFBbUIsRUFDbkIsQ0FBQztZQUNELElBQUksbUNBQWdCLENBQUMsSUFBSSxFQUFFLGtCQUFrQixFQUFFO2dCQUM3QyxNQUFNO2dCQUNOLFNBQVM7YUFDVixDQUFDLENBQUM7UUFDTCxDQUFDO1FBRUQsSUFBSSx1QkFBUyxDQUFDLElBQUksRUFBRSxhQUFhLEVBQUU7WUFDakMsR0FBRyxFQUFFLGFBQWE7WUFDbEIsS0FBSyxFQUFFLFdBQVc7WUFDbEIsVUFBVSxFQUFFLGFBQWE7WUFDekIsV0FBVyxFQUNULDRFQUE0RTtTQUMvRSxDQUFDLENBQUM7SUFDTCxDQUFDO0NBQ0Y7QUF4RUQsMEJBd0VDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgQ2ZuT3V0cHV0LCBGbiwgU3RhY2ssIHR5cGUgU3RhY2tQcm9wcyB9IGZyb20gXCJhd3MtY2RrLWxpYlwiO1xuaW1wb3J0IHtcbiAgT3JnYW5pc2F0aW9uSWQsXG4gIEFjY291bnRJZCxcbiAgSXBhbVBvb2xJZCxcbiAgRWNyRGVmYXVsdEltYWdlLFxuICBEZWZhdWx0RXZlbnRCdXNcbn0gZnJvbSBcIi4uLy4uL2NvbmZpZy9hd3NcIjtcbmltcG9ydCB7IHR5cGUgQ29uc3RydWN0IH0gZnJvbSBcImNvbnN0cnVjdHNcIjtcbmltcG9ydCB7IE1hbmFnZW1lbnRFdmVudHNUcmFpbCB9IGZyb20gXCIuLi8uLi9jb25maWcvYXdzL2Nsb3VkVHJhaWxcIjtcbmltcG9ydCB7IGdldENvbmZpZyB9IGZyb20gXCIuLi8uLi91dGlscy9nZXRDb25maWdcIjtcbmltcG9ydCB7IERpc2FzdGVyUmVjb3ZlcnkgfSBmcm9tIFwiLi4vLi4vY29uZmlnL2F3cy9kaXNhc3RlclJlY292ZXJ5XCI7XG5pbXBvcnQgdHlwZSB7IE9yZ2FuaXNhdGlvblR5cGUgfSBmcm9tIFwiLi9pbnRlcmZhY2VzL29yZ2FuaXNhdGlvblwiO1xuXG5leHBvcnQgaW50ZXJmYWNlIEFjY291bnRQcm9wcyBleHRlbmRzIFN0YWNrUHJvcHMge1xuICBhY2NvdW50SWQ/OiBzdHJpbmc7XG4gIHJlZ2lvbj86IHN0cmluZztcbn1cblxuZXhwb3J0IGNsYXNzIEFjY291bnQgZXh0ZW5kcyBTdGFjayB7XG4gIHB1YmxpYyByZWFkb25seSBvcmdhbmlzYXRpb25UeXBlOiBPcmdhbmlzYXRpb25UeXBlID0gXCJhY2NvdW50XCI7XG4gIHByb3RlY3RlZCByZWFkb25seSByZXNvbHZlZFJlZ2lvbjogc3RyaW5nO1xuXG4gIGNvbnN0cnVjdG9yKHNjb3BlOiBDb25zdHJ1Y3QsIGlkOiBzdHJpbmcsIHByb3BzOiBBY2NvdW50UHJvcHMpIHtcbiAgICBjb25zdCBjb25maWcgPSBnZXRDb25maWcoKTtcbiAgICBjb25zdCBhY2NvdW50SWQgPSBwcm9wcy5hY2NvdW50SWQgPz8gY29uZmlnLmFjY291bnRJZDtcbiAgICBjb25zdCByZWdpb24gPSBwcm9wcy5yZWdpb24gPz8gY29uZmlnLnJlZ2lvbjtcblxuICAgIGlmICghYWNjb3VudElkKSB7XG4gICAgICB0aHJvdyBuZXcgRXJyb3IoXG4gICAgICAgIFwiQWNjb3VudCByZXF1aXJlcyBhbiBhY2NvdW50IElELiBQcm92aWRlIGl0IHZpYSBhY2NvdW50SWQgb3IgZW5zdXJlIENESyBjb250ZXh0IGluY2x1ZGVzIGFjY291bnRJZC5cIlxuICAgICAgKTtcbiAgICB9XG5cbiAgICBzdXBlcihzY29wZSwgaWQsIHByb3BzKTtcblxuICAgIHRoaXMucmVzb2x2ZWRSZWdpb24gPSByZWdpb247XG5cbiAgICBjb25zdCBvcmdhbmlzYXRpb24gPSBuZXcgT3JnYW5pc2F0aW9uSWQodGhpcywgXCJPcmdhbmlzYXRpb25JZFwiKTtcblxuICAgIGNvbnN0IGFjY291bnQgPSBuZXcgQWNjb3VudElkKHRoaXMsIFwiQWNjb3VudElkXCIpO1xuXG4gICAgY29uc3QgZXZlbnRCdXMgPSBuZXcgRGVmYXVsdEV2ZW50QnVzKHRoaXMsIFwiRXZlbnRCdXNcIik7XG5cbiAgICBpZiAoaWQgPT09IFwiQWNjb3VudFwiKSB7XG4gICAgICBuZXcgSXBhbVBvb2xJZCh0aGlzLCBcIklwYW1Qb29sSWRcIiwge1xuICAgICAgICBhY2NvdW50SWQsXG4gICAgICAgIHJlZ2lvbixcbiAgICAgICAgb3duZXJJZDogRm4uc2VsZWN0KFxuICAgICAgICAgIDQsXG4gICAgICAgICAgRm4uc3BsaXQoXCI6XCIsIG9yZ2FuaXNhdGlvbi5vcmdhbmlzYXRpb25BY2NvdW50QXJuLnZhbHVlKVxuICAgICAgICApXG4gICAgICB9KTtcbiAgICB9XG5cbiAgICBuZXcgTWFuYWdlbWVudEV2ZW50c1RyYWlsKHRoaXMsIFwiQ2xvdWRUcmFpbFwiLCB7XG4gICAgICBhY2NvdW50SWQ6IGFjY291bnQuYWNjb3VudElkLnZhbHVlLFxuICAgICAgcmVnaW9uXG4gICAgfSk7XG5cbiAgICBuZXcgRWNyRGVmYXVsdEltYWdlKHRoaXMsIFwiRWNyRGVmYXVsdEltYWdlXCIsIHtcbiAgICAgIHJlZ2lvbixcbiAgICAgIGFjY291bnRJZDogYWNjb3VudC5hY2NvdW50SWQudmFsdWUsXG4gICAgICBldmVudEJ1c0FybjogZXZlbnRCdXMuZGVmYXVsdEV2ZW50QnVzQXJuLnZhbHVlXG4gICAgfSk7XG5cbiAgICBjb25zdCBlbnZpcm9ubWVudCA9IGNvbmZpZy5lbnZpcm9ubWVudCB8fCBcInVua25vd25cIjtcblxuICAgIGNvbnN0IGlzQ29tcGxpYW5jZUFjY291bnQgPSBlbnZpcm9ubWVudCA9PT0gXCJjb21wbGlhbmNlXCI7XG4gICAgY29uc3QgaXNSZXBsaWNhdGlvblJlZ2lvbiA9XG4gICAgICBjb25maWcuZGlzYXN0ZXJSZWNvdmVyeVJlZ2lvbiAmJiByZWdpb24gPT09IGNvbmZpZy5kaXNhc3RlclJlY292ZXJ5UmVnaW9uO1xuXG4gICAgaWYgKFxuICAgICAgZW52aXJvbm1lbnQgPT09IFwicHJvZHVjdGlvblwiIHx8XG4gICAgICBpc0NvbXBsaWFuY2VBY2NvdW50IHx8XG4gICAgICBpc1JlcGxpY2F0aW9uUmVnaW9uXG4gICAgKSB7XG4gICAgICBuZXcgRGlzYXN0ZXJSZWNvdmVyeSh0aGlzLCBcIkRpc2FzdGVyUmVjb3ZlcnlcIiwge1xuICAgICAgICByZWdpb24sXG4gICAgICAgIGFjY291bnRJZFxuICAgICAgfSk7XG4gICAgfVxuXG4gICAgbmV3IENmbk91dHB1dCh0aGlzLCBcIkVudmlyb25tZW50XCIsIHtcbiAgICAgIGtleTogXCJFbnZpcm9ubWVudFwiLFxuICAgICAgdmFsdWU6IGVudmlyb25tZW50LFxuICAgICAgZXhwb3J0TmFtZTogXCJFbnZpcm9ubWVudFwiLFxuICAgICAgZGVzY3JpcHRpb246XG4gICAgICAgIFwiRW52aXJvbm1lbnQgdHlwZSBmb3IgdGhpcyBhY2NvdW50IChlLmcuLCBwcm9kdWN0aW9uLCBzdGFnaW5nLCBkZXZlbG9wbWVudClcIlxuICAgIH0pO1xuICB9XG59XG4iXX0=
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWNjb3VudC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL2xpYi9wYXR0ZXJucy9hd3MvYWNjb3VudC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSw2Q0FBZ0U7QUFDaEUsMENBQW9FO0FBRXBFLDREQUFvRTtBQUNwRSxrRUFBK0Q7QUFDL0Qsa0ZBQStFO0FBQy9FLHdFQUFxRTtBQUNyRSxxREFBa0Q7QUFDbEQsd0VBQXFFO0FBUXJFLE1BQWEsT0FBUSxTQUFRLG1CQUFLO0lBSWhDLFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBbUI7UUFDM0QsTUFBTSxNQUFNLEdBQUcsSUFBQSxxQkFBUyxHQUFFLENBQUM7UUFDM0IsTUFBTSxTQUFTLEdBQUcsS0FBSyxDQUFDLFNBQVMsSUFBSSxNQUFNLENBQUMsU0FBUyxDQUFDO1FBQ3RELE1BQU0sTUFBTSxHQUFHLEtBQUssQ0FBQyxNQUFNLElBQUksTUFBTSxDQUFDLE1BQU0sQ0FBQztRQUU3QyxJQUFJLENBQUMsU0FBUyxFQUFFLENBQUM7WUFDZixNQUFNLElBQUksS0FBSyxDQUNiLG9HQUFvRyxDQUNyRyxDQUFDO1FBQ0osQ0FBQztRQUVELEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxFQUFFLEtBQUssQ0FBQyxDQUFDO1FBZFYscUJBQWdCLEdBQXFCLFNBQVMsQ0FBQztRQWdCN0QsSUFBSSxDQUFDLGNBQWMsR0FBRyxNQUFNLENBQUM7UUFFN0IsTUFBTSxLQUFLLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQyxhQUFhLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDL0MsSUFBSSxLQUFLLEVBQUUsQ0FBQztZQUNWLElBQUksdUJBQVMsQ0FBQyxJQUFJLEVBQUUsc0JBQXNCLEVBQUU7Z0JBQzFDLEdBQUcsRUFBRSxnQkFBZ0I7Z0JBQ3JCLEtBQUssRUFBRSxLQUFLO2dCQUNaLFVBQVUsRUFBRSxnQkFBZ0I7YUFDN0IsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztRQUVELElBQUksdUJBQVMsQ0FBQyxJQUFJLEVBQUUsaUJBQWlCLEVBQUU7WUFDckMsR0FBRyxFQUFFLFdBQVc7WUFDaEIsS0FBSyxFQUFFLElBQUksQ0FBQyxPQUFPO1lBQ25CLFVBQVUsRUFBRSxXQUFXO1lBQ3ZCLFdBQVcsRUFBRSxpQ0FBaUM7U0FDL0MsQ0FBQyxDQUFDO1FBRUgsTUFBTSxRQUFRLEdBQUcsSUFBSSxxQkFBZSxDQUFDLElBQUksRUFBRSxVQUFVLENBQUMsQ0FBQztRQUV2RCxNQUFNLFVBQVUsR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDLGFBQWEsQ0FBQyxZQUFZLENBQUMsQ0FBQztRQUN6RCxJQUFJLEVBQUUsS0FBSyxTQUFTLElBQUksVUFBVSxFQUFFLENBQUM7WUFDbkMsTUFBTSxZQUFZLEdBQUcsTUFBTSxDQUFDLE9BQU8sQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLENBQUM7WUFDOUMsSUFBSSx1QkFBUyxDQUFDLElBQUksRUFBRSxrQkFBa0IsRUFBRTtnQkFDdEMsR0FBRyxFQUFFLGFBQWEsU0FBUyxHQUFHLFlBQVksRUFBRTtnQkFDNUMsS0FBSyxFQUFFLFVBQVU7Z0JBQ2pCLFVBQVUsRUFBRSxhQUFhLFNBQVMsR0FBRyxZQUFZLEVBQUU7YUFDcEQsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztRQUVELE1BQU0sVUFBVSxHQUFHLElBQUksQ0FBQyxJQUFJLENBQUMsYUFBYSxDQUFDLFlBQVksQ0FBQyxDQUFDO1FBQ3pELElBQUksRUFBRSxLQUFLLFNBQVMsSUFBSSxVQUFVLEVBQUUsQ0FBQztZQUNuQyxJQUFJLDZCQUFhLENBQUMsSUFBSSxFQUFFLGVBQWUsRUFBRSxFQUFFLFVBQVUsRUFBRSxDQUFDLENBQUM7UUFDM0QsQ0FBQztRQUVELGlGQUFpRjtRQUNqRixJQUFJLDZDQUFxQixDQUN2QixJQUFJLEVBQ0osZ0JBQWdCLEVBQ2hCLFVBQVUsQ0FBQyxDQUFDLENBQUMsRUFBRSxVQUFVLEVBQUUsQ0FBQyxDQUFDLENBQUMsU0FBUyxDQUN4QyxDQUFDO1FBRUYscURBQXFEO1FBQ3JELElBQUksVUFBVSxFQUFFLENBQUM7WUFDZixJQUFJLG1DQUFnQixDQUFDLElBQUksRUFBRSxXQUFXLEVBQUUsRUFBRSxVQUFVLEVBQUUsQ0FBQyxDQUFDO1FBQzFELENBQUM7UUFFRCxJQUFJLGtDQUFxQixDQUFDLElBQUksRUFBRSxZQUFZLEVBQUU7WUFDNUMsU0FBUyxFQUFFLElBQUksQ0FBQyxPQUFPO1lBQ3ZCLE1BQU07U0FDUCxDQUFDLENBQUM7UUFFSCxJQUFJLHFCQUFlLENBQUMsSUFBSSxFQUFFLGlCQUFpQixFQUFFO1lBQzNDLE1BQU07WUFDTixTQUFTLEVBQUUsSUFBSSxDQUFDLE9BQU87WUFDdkIsV0FBVyxFQUFFLFFBQVEsQ0FBQyxrQkFBa0IsQ0FBQyxLQUFLO1NBQy9DLENBQUMsQ0FBQztRQUVILE1BQU0sV0FBVyxHQUFHLE1BQU0sQ0FBQyxXQUFXLElBQUksU0FBUyxDQUFDO1FBRXBELElBQUksTUFBTSxDQUFDLHNCQUFzQixFQUFFLENBQUM7WUFDbEMsTUFBTSxtQkFBbUIsR0FBRyxXQUFXLEtBQUssWUFBWSxDQUFDO1lBRXpELElBQUksV0FBVyxLQUFLLFlBQVksSUFBSSxtQkFBbUIsRUFBRSxDQUFDO2dCQUN4RCxJQUFJLG1DQUFnQixDQUFDLElBQUksRUFBRSxrQkFBa0IsRUFBRTtvQkFDN0MsTUFBTTtvQkFDTixTQUFTO2lCQUNWLENBQUMsQ0FBQztZQUNMLENBQUM7UUFDSCxDQUFDO1FBRUQsSUFBSSx1QkFBUyxDQUFDLElBQUksRUFBRSxhQUFhLEVBQUU7WUFDakMsR0FBRyxFQUFFLGFBQWE7WUFDbEIsS0FBSyxFQUFFLFdBQVc7WUFDbEIsVUFBVSxFQUFFLGFBQWE7WUFDekIsV0FBVyxFQUNULDRFQUE0RTtTQUMvRSxDQUFDLENBQUM7SUFDTCxDQUFDO0NBQ0Y7QUFoR0QsMEJBZ0dDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgQ2ZuT3V0cHV0LCBTdGFjaywgdHlwZSBTdGFja1Byb3BzIH0gZnJvbSBcImF3cy1jZGstbGliXCI7XG5pbXBvcnQgeyBFY3JEZWZhdWx0SW1hZ2UsIERlZmF1bHRFdmVudEJ1cyB9IGZyb20gXCIuLi8uLi9jb25maWcvYXdzXCI7XG5pbXBvcnQgeyB0eXBlIENvbnN0cnVjdCB9IGZyb20gXCJjb25zdHJ1Y3RzXCI7XG5pbXBvcnQgeyBNYW5hZ2VtZW50RXZlbnRzVHJhaWwgfSBmcm9tIFwiLi4vLi4vY29uZmlnL2F3cy9jbG91ZFRyYWlsXCI7XG5pbXBvcnQgeyBPaWRjQ29ubmVjdG9yIH0gZnJvbSBcIi4uLy4uL2NvbmZpZy9hd3Mvb2lkY0Nvbm5lY3RvclwiO1xuaW1wb3J0IHsgQWNjb3VudE1vbml0b3JpbmdSb2xlIH0gZnJvbSBcIi4uLy4uL2NvbmZpZy9hd3MvYWNjb3VudE1vbml0b3JpbmdSb2xlXCI7XG5pbXBvcnQgeyBBY2NvdW50QXVkaXRSb2xlIH0gZnJvbSBcIi4uLy4uL2NvbmZpZy9hd3MvYWNjb3VudEF1ZGl0Um9sZVwiO1xuaW1wb3J0IHsgZ2V0Q29uZmlnIH0gZnJvbSBcIi4uLy4uL3V0aWxzL2dldENvbmZpZ1wiO1xuaW1wb3J0IHsgRGlzYXN0ZXJSZWNvdmVyeSB9IGZyb20gXCIuLi8uLi9jb25maWcvYXdzL2Rpc2FzdGVyUmVjb3ZlcnlcIjtcbmltcG9ydCB0eXBlIHsgT3JnYW5pc2F0aW9uVHlwZSB9IGZyb20gXCIuL2ludGVyZmFjZXMvb3JnYW5pc2F0aW9uXCI7XG5cbmV4cG9ydCBpbnRlcmZhY2UgQWNjb3VudFByb3BzIGV4dGVuZHMgU3RhY2tQcm9wcyB7XG4gIGFjY291bnRJZD86IHN0cmluZztcbiAgcmVnaW9uPzogc3RyaW5nO1xufVxuXG5leHBvcnQgY2xhc3MgQWNjb3VudCBleHRlbmRzIFN0YWNrIHtcbiAgcHVibGljIHJlYWRvbmx5IG9yZ2FuaXNhdGlvblR5cGU6IE9yZ2FuaXNhdGlvblR5cGUgPSBcImFjY291bnRcIjtcbiAgcHJvdGVjdGVkIHJlYWRvbmx5IHJlc29sdmVkUmVnaW9uOiBzdHJpbmc7XG5cbiAgY29uc3RydWN0b3Ioc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZywgcHJvcHM6IEFjY291bnRQcm9wcykge1xuICAgIGNvbnN0IGNvbmZpZyA9IGdldENvbmZpZygpO1xuICAgIGNvbnN0IGFjY291bnRJZCA9IHByb3BzLmFjY291bnRJZCA/PyBjb25maWcuYWNjb3VudElkO1xuICAgIGNvbnN0IHJlZ2lvbiA9IHByb3BzLnJlZ2lvbiA/PyBjb25maWcucmVnaW9uO1xuXG4gICAgaWYgKCFhY2NvdW50SWQpIHtcbiAgICAgIHRocm93IG5ldyBFcnJvcihcbiAgICAgICAgXCJBY2NvdW50IHJlcXVpcmVzIGFuIGFjY291bnQgSUQuIFByb3ZpZGUgaXQgdmlhIGFjY291bnRJZCBvciBlbnN1cmUgQ0RLIGNvbnRleHQgaW5jbHVkZXMgYWNjb3VudElkLlwiXG4gICAgICApO1xuICAgIH1cblxuICAgIHN1cGVyKHNjb3BlLCBpZCwgcHJvcHMpO1xuXG4gICAgdGhpcy5yZXNvbHZlZFJlZ2lvbiA9IHJlZ2lvbjtcblxuICAgIGNvbnN0IG9yZ0lkID0gdGhpcy5ub2RlLnRyeUdldENvbnRleHQoXCJvcmdJZFwiKTtcbiAgICBpZiAob3JnSWQpIHtcbiAgICAgIG5ldyBDZm5PdXRwdXQodGhpcywgXCJPcmdhbmlzYXRpb25JZE91dHB1dFwiLCB7XG4gICAgICAgIGtleTogXCJPcmdhbmlzYXRpb25JZFwiLFxuICAgICAgICB2YWx1ZTogb3JnSWQsXG4gICAgICAgIGV4cG9ydE5hbWU6IFwiT3JnYW5pc2F0aW9uSWRcIlxuICAgICAgfSk7XG4gICAgfVxuXG4gICAgbmV3IENmbk91dHB1dCh0aGlzLCBcIkFjY291bnRJZE91dHB1dFwiLCB7XG4gICAgICBrZXk6IFwiQWNjb3VudElkXCIsXG4gICAgICB2YWx1ZTogdGhpcy5hY2NvdW50LFxuICAgICAgZXhwb3J0TmFtZTogXCJBY2NvdW50SWRcIixcbiAgICAgIGRlc2NyaXB0aW9uOiBcIkFXUyBBY2NvdW50IElEIGZvciB0aGlzIGFjY291bnRcIlxuICAgIH0pO1xuXG4gICAgY29uc3QgZXZlbnRCdXMgPSBuZXcgRGVmYXVsdEV2ZW50QnVzKHRoaXMsIFwiRXZlbnRCdXNcIik7XG5cbiAgICBjb25zdCBpcGFtUG9vbElkID0gdGhpcy5ub2RlLnRyeUdldENvbnRleHQoXCJpcGFtUG9vbElkXCIpO1xuICAgIGlmIChpZCA9PT0gXCJBY2NvdW50XCIgJiYgaXBhbVBvb2xJZCkge1xuICAgICAgY29uc3QgcmVnaW9uU3VmZml4ID0gcmVnaW9uLnJlcGxhY2UoLy0vZywgXCJcIik7XG4gICAgICBuZXcgQ2ZuT3V0cHV0KHRoaXMsIFwiSXBhbVBvb2xJZE91dHB1dFwiLCB7XG4gICAgICAgIGtleTogYElwYW1Qb29sSWQke2FjY291bnRJZH0ke3JlZ2lvblN1ZmZpeH1gLFxuICAgICAgICB2YWx1ZTogaXBhbVBvb2xJZCxcbiAgICAgICAgZXhwb3J0TmFtZTogYElwYW1Qb29sSWQke2FjY291bnRJZH0ke3JlZ2lvblN1ZmZpeH1gXG4gICAgICB9KTtcbiAgICB9XG5cbiAgICBjb25zdCBmamFsbE9yZ0lkID0gdGhpcy5ub2RlLnRyeUdldENvbnRleHQoXCJmamFsbE9yZ0lkXCIpO1xuICAgIGlmIChpZCA9PT0gXCJBY2NvdW50XCIgJiYgZmphbGxPcmdJZCkge1xuICAgICAgbmV3IE9pZGNDb25uZWN0b3IodGhpcywgXCJPaWRjQ29ubmVjdG9yXCIsIHsgZmphbGxPcmdJZCB9KTtcbiAgICB9XG5cbiAgICAvLyBQZXItYWNjb3VudCBtb25pdG9yaW5nIHJvbGUgKHVuY29uZGl0aW9uYWw7IEV4dGVybmFsSWQgYWRkZWQgd2hlbiBvcmdJZCBrbm93bilcbiAgICBuZXcgQWNjb3VudE1vbml0b3JpbmdSb2xlKFxuICAgICAgdGhpcyxcbiAgICAgIFwiTW9uaXRvcmluZ1JvbGVcIixcbiAgICAgIGZqYWxsT3JnSWQgPyB7IGZqYWxsT3JnSWQgfSA6IHVuZGVmaW5lZFxuICAgICk7XG5cbiAgICAvLyBQZXItYWNjb3VudCBhdWRpdCByb2xlIChjb25kaXRpb25hbCBvbiBmamFsbE9yZ0lkKVxuICAgIGlmIChmamFsbE9yZ0lkKSB7XG4gICAgICBuZXcgQWNjb3VudEF1ZGl0Um9sZSh0aGlzLCBcIkF1ZGl0Um9sZVwiLCB7IGZqYWxsT3JnSWQgfSk7XG4gICAgfVxuXG4gICAgbmV3IE1hbmFnZW1lbnRFdmVudHNUcmFpbCh0aGlzLCBcIkNsb3VkVHJhaWxcIiwge1xuICAgICAgYWNjb3VudElkOiB0aGlzLmFjY291bnQsXG4gICAgICByZWdpb25cbiAgICB9KTtcblxuICAgIG5ldyBFY3JEZWZhdWx0SW1hZ2UodGhpcywgXCJFY3JEZWZhdWx0SW1hZ2VcIiwge1xuICAgICAgcmVnaW9uLFxuICAgICAgYWNjb3VudElkOiB0aGlzLmFjY291bnQsXG4gICAgICBldmVudEJ1c0FybjogZXZlbnRCdXMuZGVmYXVsdEV2ZW50QnVzQXJuLnZhbHVlXG4gICAgfSk7XG5cbiAgICBjb25zdCBlbnZpcm9ubWVudCA9IGNvbmZpZy5lbnZpcm9ubWVudCB8fCBcInVua25vd25cIjtcblxuICAgIGlmIChjb25maWcuZGlzYXN0ZXJSZWNvdmVyeVJlZ2lvbikge1xuICAgICAgY29uc3QgaXNDb21wbGlhbmNlQWNjb3VudCA9IGVudmlyb25tZW50ID09PSBcImNvbXBsaWFuY2VcIjtcblxuICAgICAgaWYgKGVudmlyb25tZW50ID09PSBcInByb2R1Y3Rpb25cIiB8fCBpc0NvbXBsaWFuY2VBY2NvdW50KSB7XG4gICAgICAgIG5ldyBEaXNhc3RlclJlY292ZXJ5KHRoaXMsIFwiRGlzYXN0ZXJSZWNvdmVyeVwiLCB7XG4gICAgICAgICAgcmVnaW9uLFxuICAgICAgICAgIGFjY291bnRJZFxuICAgICAgICB9KTtcbiAgICAgIH1cbiAgICB9XG5cbiAgICBuZXcgQ2ZuT3V0cHV0KHRoaXMsIFwiRW52aXJvbm1lbnRcIiwge1xuICAgICAga2V5OiBcIkVudmlyb25tZW50XCIsXG4gICAgICB2YWx1ZTogZW52aXJvbm1lbnQsXG4gICAgICBleHBvcnROYW1lOiBcIkVudmlyb25tZW50XCIsXG4gICAgICBkZXNjcmlwdGlvbjpcbiAgICAgICAgXCJFbnZpcm9ubWVudCB0eXBlIGZvciB0aGlzIGFjY291bnQgKGUuZy4sIHByb2R1Y3Rpb24sIHN0YWdpbmcsIGRldmVsb3BtZW50KVwiXG4gICAgfSk7XG4gIH1cbn1cbiJdfQ==