@fjall/components-infrastructure 0.89.4 → 0.89.6

package/dist/lib/config/aws/disasterRecovery.js

@@ -1,14 +1,11 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.DisasterRecovery = void 0;
-const aws_cdk_lib_1 = require("aws-cdk-lib");
-const constructs_1 = require("constructs");
-const backup_1 = require("../../resources/aws/backup");
-const aws_backup_1 = require("aws-cdk-lib/aws-backup");
-const events = require("aws-cdk-lib/aws-events");
-const aws_iam_1 = require("aws-cdk-lib/aws-iam");
-const app_1 = require("../../app");
-const validationLogger_1 = require("../../utils/validationLogger");
+import { CfnOutput, Duration, RemovalPolicy } from "aws-cdk-lib";
+import { Construct } from "constructs";
+import { BackupVault, BackupPlan } from "../../resources/aws/backup/index.js";
+import { BackupPlanRule, BackupVault as Vault } from "aws-cdk-lib/aws-backup";
+import * as events from "aws-cdk-lib/aws-events";
+import { AccountPrincipal, Effect, PolicyStatement } from "aws-cdk-lib/aws-iam";
+import App from "../../app.js";
+import { parseOrgConfig } from "../../utils/orgConfigParser.js";
 // Backup retention constants (in days)
 const RETENTION_PERIODS = {
     STANDARD: 90,
@@ -20,45 +17,33 @@ const RETENTION_PERIODS = {
 };
 // Backup window constants
 const BACKUP_WINDOWS = {
-    START: aws_cdk_lib_1.Duration.minutes(60),
-    COMPLETION: aws_cdk_lib_1.Duration.hours(12),
-    COMPLETION_SHORT: aws_cdk_lib_1.Duration.hours(2)
+    START: Duration.minutes(60),
+    COMPLETION: Duration.hours(12),
+    COMPLETION_SHORT: Duration.hours(2)
 };
+const BACKUP_VAULT_NAME = "backupVault";
 // Vault lock constants
 const VAULT_LOCK = {
-    MIN_RETENTION: aws_cdk_lib_1.Duration.days(365),
-    MAX_RETENTION: aws_cdk_lib_1.Duration.days(36500),
-    GRACE_PERIOD: aws_cdk_lib_1.Duration.days(3)
+    MIN_RETENTION: Duration.days(365),
+    MAX_RETENTION: Duration.days(36500),
+    GRACE_PERIOD: Duration.days(3)
 };
-class DisasterRecovery extends constructs_1.Construct {
+export class DisasterRecovery extends Construct {
+    backupVault;
+    backupPlans;
+    customBackupPlans;
     constructor(scope, id, props) {
         super(scope, id);
         // Read org config from CDK context
-        const app = app_1.default.getInstance();
+        const app = App.getInstance();
         const orgConfigRaw = app.node.tryGetContext("orgConfig");
-        let orgConfig;
-        if (typeof orgConfigRaw === "string") {
-            try {
-                const parsed = JSON.parse(orgConfigRaw);
-                orgConfig =
-                    typeof parsed === "object" && parsed !== null
-                        ? parsed
-                        : undefined;
-            }
-            catch (err) {
-                validationLogger_1.FjallLogger.warn(`[fjall] Failed to parse orgConfig from CDK context: ${err instanceof Error ? err.message : String(err)}`);
-            }
-        }
-        const providerAccounts = Array.isArray(orgConfig?.providerAccounts)
-            ? orgConfig.providerAccounts
-            : [];
+        const orgConfig = parseOrgConfig(typeof orgConfigRaw === "string" ? orgConfigRaw : undefined);
+        const providerAccounts = orgConfig.providerAccounts;
         // Determine if this is a compliance account
         const account = providerAccounts.find((pa) => pa.id === props.accountId);
         const isComplianceAccount = account?.environment === "compliance";
         // Get DR configuration
-        const disasterRecoveryRegion = typeof orgConfig?.disasterRecoveryRegion === "string"
-            ? orgConfig.disasterRecoveryRegion
-            : undefined;
+        const disasterRecoveryRegion = orgConfig.disasterRecoveryRegion;
         // Look up compliance account for cross-account replication
         // Skip if the compliance account (prevent self-replication)
         const disasterRecoveryAccount = isComplianceAccount
@@ -66,7 +51,7 @@ class DisasterRecovery extends constructs_1.Construct {
             : providerAccounts.find((pa) => pa.environment === "compliance");
         // Construct cross-account DR vault ARN (compliance account in DR region)
         const disasterRecoveryVaultArn = disasterRecoveryAccount && disasterRecoveryRegion
-            ? `arn:aws:backup:${disasterRecoveryRegion}:${disasterRecoveryAccount.id}:backup-vault:backupVault`
+            ? `arn:aws:backup:${disasterRecoveryRegion}:${disasterRecoveryAccount.id}:backup-vault:${BACKUP_VAULT_NAME}`
             : undefined;
         // Compliance accounts get vault locks for protection
         const lockConfiguration = isComplianceAccount
@@ -77,9 +62,9 @@ class DisasterRecovery extends constructs_1.Construct {
             }
             : undefined;
         // Create primary backup vault
-        this.backupVault = new backup_1.BackupVault(this, "BackupVault", {
-            vaultName: "backupVault",
-            removalPolicy: aws_cdk_lib_1.RemovalPolicy.DESTROY,
+        this.backupVault = new BackupVault(this, "BackupVault", {
+            vaultName: BACKUP_VAULT_NAME,
+            removalPolicy: RemovalPolicy.RETAIN,
             lockConfiguration: lockConfiguration
         });
         // Configure cross-account access policies
@@ -87,9 +72,9 @@ class DisasterRecovery extends constructs_1.Construct {
             const allAccounts = providerAccounts;
             const productionAccounts = allAccounts.filter((acc) => acc.environment === "production");
             if (productionAccounts.length > 0) {
-                const copyStatement = new aws_iam_1.PolicyStatement({
-                    effect: aws_iam_1.Effect.ALLOW,
-                    principals: productionAccounts.map((acc) => new aws_iam_1.AccountPrincipal(acc.id)),
+                const copyStatement = new PolicyStatement({
+                    effect: Effect.ALLOW,
+                    principals: productionAccounts.map((acc) => new AccountPrincipal(acc.id)),
                     actions: ["backup:CopyIntoBackupVault"],
                     resources: ["*"]
                 });
@@ -99,23 +84,23 @@ class DisasterRecovery extends constructs_1.Construct {
         // Construct cross-region replication vault ARN (same account, DR region)
         // Only replicate if DR region exists AND is different from current region
         const replicationVaultArn = disasterRecoveryRegion && disasterRecoveryRegion !== props.region
-            ? `arn:aws:backup:${disasterRecoveryRegion}:${props.accountId}:backup-vault:backupVault`
+            ? `arn:aws:backup:${disasterRecoveryRegion}:${props.accountId}:backup-vault:${BACKUP_VAULT_NAME}`
             : undefined;
         // Create all three backup plans
         this.backupPlans = {
-            standard: new backup_1.BackupPlan(this, "StandardBackupPlan", {
+            standard: new BackupPlan(this, "StandardBackupPlan", {
                 planName: "standard",
                 rules: this.createStandardBackupRules("standard"),
                 tagValue: "default",
                 backupVault: this.backupVault
             }),
-            resilient: new backup_1.BackupPlan(this, "ResilientBackupPlan", {
+            resilient: new BackupPlan(this, "ResilientBackupPlan", {
                 planName: "resilient",
                 rules: this.createResilientBackupRules("resilient", replicationVaultArn),
                 tagValue: "resilient",
                 backupVault: this.backupVault
             }),
-            enterprise: new backup_1.BackupPlan(this, "EnterpriseBackupPlan", {
+            enterprise: new BackupPlan(this, "EnterpriseBackupPlan", {
                 planName: "enterprise",
                 rules: this.createEnterpriseBackupRules("enterprise", replicationVaultArn, disasterRecoveryVaultArn),
                 tagValue: "enterprise",
@@ -124,8 +109,8 @@ class DisasterRecovery extends constructs_1.Construct {
         };
         // Create custom backup plans if provided
         if (props.customBackupPlans && props.customBackupPlans.length > 0) {
-            this.customBackupPlans = props.customBackupPlans.map((config, index) => {
-                return new backup_1.BackupPlan(this, `CustomBackupPlan${index}`, {
+            this.customBackupPlans = props.customBackupPlans.map((config) => {
+                return new BackupPlan(this, `CustomBackupPlan-${config.planName}`, {
                     planName: config.planName,
                     rules: config.rules,
                     tagValue: config.tagValue,
@@ -134,44 +119,44 @@ class DisasterRecovery extends constructs_1.Construct {
             });
         }
         // Export disaster recovery configuration
-        new aws_cdk_lib_1.CfnOutput(this, "DisasterRecoveryEnabled", {
+        new CfnOutput(this, "DisasterRecoveryEnabled", {
             key: "DisasterRecoveryEnabled",
             value: "true",
-            exportName: "DisasterRecoveryEnabled"
+            exportName: `${id}DisasterRecoveryEnabled`
         });
         if (disasterRecoveryRegion) {
-            new aws_cdk_lib_1.CfnOutput(this, "ReplicationRegion", {
+            new CfnOutput(this, "ReplicationRegion", {
                 key: "ReplicationRegion",
                 value: disasterRecoveryRegion,
-                exportName: "ReplicationRegion"
+                exportName: `${id}ReplicationRegion`
             });
         }
         if (isComplianceAccount) {
-            new aws_cdk_lib_1.CfnOutput(this, "VaultLockEnabled", {
+            new CfnOutput(this, "VaultLockEnabled", {
                 key: "VaultLockEnabled",
                 value: "true",
-                exportName: "VaultLockEnabled"
+                exportName: `${id}VaultLockEnabled`
             });
         }
     }
     createStandardBackupRules(planName) {
         return [
-            new aws_backup_1.BackupPlanRule({
+            new BackupPlanRule({
                 ruleName: `${planName}Daily`,
                 scheduleExpression: events.Schedule.cron({ hour: "2", minute: "0" }), // 2 AM daily
-                deleteAfter: aws_cdk_lib_1.Duration.days(RETENTION_PERIODS.STANDARD),
+                deleteAfter: Duration.days(RETENTION_PERIODS.STANDARD),
                 startWindow: BACKUP_WINDOWS.START,
                 completionWindow: BACKUP_WINDOWS.COMPLETION
             })
         ];
     }
     createResilientBackupRules(planName, replicationVaultArn) {
-        const copyActions = this.createCopyActions(planName, replicationVaultArn, undefined, aws_cdk_lib_1.Duration.days(RETENTION_PERIODS.ENTERPRISE_CONTINUOUS), undefined);
+        const copyActions = this.createCopyActions(planName, replicationVaultArn, undefined, Duration.days(RETENTION_PERIODS.ENTERPRISE_CONTINUOUS), undefined);
         return [
-            new aws_backup_1.BackupPlanRule({
+            new BackupPlanRule({
                 ruleName: `${planName}Daily`,
                 scheduleExpression: events.Schedule.cron({ hour: "2", minute: "0" }), // 2 AM daily
-                deleteAfter: aws_cdk_lib_1.Duration.days(RETENTION_PERIODS.ENTERPRISE_CONTINUOUS),
+                deleteAfter: Duration.days(RETENTION_PERIODS.ENTERPRISE_CONTINUOUS),
                 enableContinuousBackup: true,
                 startWindow: BACKUP_WINDOWS.START,
                 completionWindow: BACKUP_WINDOWS.COMPLETION,
@@ -180,25 +165,25 @@ class DisasterRecovery extends constructs_1.Construct {
         ];
     }
     createEnterpriseBackupRules(planName, replicationVaultArn, disasterRecoveryVaultArn) {
-        const continuousCopyActions = this.createCopyActions(`${planName}Continuous`, replicationVaultArn, disasterRecoveryVaultArn, aws_cdk_lib_1.Duration.days(RETENTION_PERIODS.ENTERPRISE_CONTINUOUS), undefined);
-        const complianceCopyActions = this.createCopyActions(`${planName}Compliance`, replicationVaultArn, disasterRecoveryVaultArn, aws_cdk_lib_1.Duration.days(RETENTION_PERIODS.ENTERPRISE_COMPLIANCE), aws_cdk_lib_1.Duration.days(RETENTION_PERIODS.COLD_STORAGE_ONE_YEAR));
+        const continuousCopyActions = this.createCopyActions(`${planName}Continuous`, replicationVaultArn, disasterRecoveryVaultArn, Duration.days(RETENTION_PERIODS.ENTERPRISE_CONTINUOUS), undefined);
+        const complianceCopyActions = this.createCopyActions(`${planName}Compliance`, replicationVaultArn, disasterRecoveryVaultArn, Duration.days(RETENTION_PERIODS.ENTERPRISE_COMPLIANCE), Duration.days(RETENTION_PERIODS.COLD_STORAGE_ONE_YEAR));
         return [
             // Continuous backup (35-day max PITR window)
-            new aws_backup_1.BackupPlanRule({
+            new BackupPlanRule({
                 ruleName: `${planName}Continuous`,
                 scheduleExpression: events.Schedule.cron({ hour: "2", minute: "0" }), // Daily for continuous backup
-                deleteAfter: aws_cdk_lib_1.Duration.days(RETENTION_PERIODS.ENTERPRISE_CONTINUOUS),
+                deleteAfter: Duration.days(RETENTION_PERIODS.ENTERPRISE_CONTINUOUS),
                 enableContinuousBackup: true,
                 startWindow: BACKUP_WINDOWS.START,
                 completionWindow: BACKUP_WINDOWS.COMPLETION,
                 copyActions: continuousCopyActions
             }),
             // Hourly snapshots for long-term compliance (7 years)
-            new aws_backup_1.BackupPlanRule({
+            new BackupPlanRule({
                 ruleName: `${planName}HourlyCompliance`,
                 scheduleExpression: events.Schedule.cron({ minute: "0" }), // Every hour
-                deleteAfter: aws_cdk_lib_1.Duration.days(RETENTION_PERIODS.ENTERPRISE_COMPLIANCE),
-                moveToColdStorageAfter: aws_cdk_lib_1.Duration.days(RETENTION_PERIODS.COLD_STORAGE_ONE_YEAR),
+                deleteAfter: Duration.days(RETENTION_PERIODS.ENTERPRISE_COMPLIANCE),
+                moveToColdStorageAfter: Duration.days(RETENTION_PERIODS.COLD_STORAGE_ONE_YEAR),
                 startWindow: BACKUP_WINDOWS.START,
                 completionWindow: BACKUP_WINDOWS.COMPLETION_SHORT,
                 copyActions: complianceCopyActions
@@ -210,7 +195,7 @@ class DisasterRecovery extends constructs_1.Construct {
         // Cross-region replication
         if (replicationVaultArn) {
             const replicationAction = {
-                destinationBackupVault: aws_backup_1.BackupVault.fromBackupVaultArn(this, `${planName}ReplicationVaultRef`, replicationVaultArn),
+                destinationBackupVault: Vault.fromBackupVaultArn(this, `${planName}ReplicationVaultRef`, replicationVaultArn),
                 ...(deleteAfter && { deleteAfter }),
                 // Only add cold storage if specified and >= 90 days
                 ...(moveToColdStorageAfter &&
@@ -224,7 +209,7 @@ class DisasterRecovery extends constructs_1.Construct {
         // Cross-account DR vault
         if (disasterRecoveryVaultArn) {
             const drAction = {
-                destinationBackupVault: aws_backup_1.BackupVault.fromBackupVaultArn(this, `${planName}DisasterRecoveryVaultRef`, disasterRecoveryVaultArn),
+                destinationBackupVault: Vault.fromBackupVaultArn(this, `${planName}DisasterRecoveryVaultRef`, disasterRecoveryVaultArn),
                 ...(deleteAfter && { deleteAfter }),
                 // Only add cold storage if specified and >= 90 days
                 ...(moveToColdStorageAfter &&
@@ -238,5 +223,3 @@ class DisasterRecovery extends constructs_1.Construct {
         return actions.length > 0 ? actions : undefined;
     }
 }
-exports.DisasterRecovery = DisasterRecovery;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZGlzYXN0ZXJSZWNvdmVyeS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL2xpYi9jb25maWcvYXdzL2Rpc2FzdGVyUmVjb3ZlcnkudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsNkNBQWlFO0FBQ2pFLDJDQUF1QztBQUN2Qyx1REFBcUU7QUFDckUsdURBSWdDO0FBQ2hDLGlEQUFpRDtBQUNqRCxpREFBZ0Y7QUFFaEYsbUNBQTRCO0FBQzVCLG1FQUEyRDtBQUUzRCx1Q0FBdUM7QUFDdkMsTUFBTSxpQkFBaUIsR0FBRztJQUN4QixRQUFRLEVBQUUsRUFBRTtJQUNaLFNBQVMsRUFBRSxHQUFHO0lBQ2QscUJBQXFCLEVBQUUsRUFBRSxFQUFFLGdDQUFnQztJQUMzRCxxQkFBcUIsRUFBRSxJQUFJLEVBQUUsVUFBVTtJQUN2QyxvQkFBb0IsRUFBRSxFQUFFLEVBQUUsY0FBYztJQUN4QyxxQkFBcUIsRUFBRSxHQUFHO0NBQ2xCLENBQUM7QUFFWCwwQkFBMEI7QUFDMUIsTUFBTSxjQUFjLEdBQUc7SUFDckIsS0FBSyxFQUFFLHNCQUFRLENBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztJQUMzQixVQUFVLEVBQUUsc0JBQVEsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDO0lBQzlCLGdCQUFnQixFQUFFLHNCQUFRLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQztDQUMzQixDQUFDO0FBRVgsdUJBQXVCO0FBQ3ZCLE1BQU0sVUFBVSxHQUFHO0lBQ2pCLGFBQWEsRUFBRSxzQkFBUSxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUM7SUFDakMsYUFBYSxFQUFFLHNCQUFRLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQztJQUNuQyxZQUFZLEVBQUUsc0JBQVEsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDO0NBQ3RCLENBQUM7QUFjWCxNQUFhLGdCQUFpQixTQUFRLHNCQUFTO0lBUzdDLFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBNEI7UUFDcEUsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztRQUVqQixtQ0FBbUM7UUFDbkMsTUFBTSxHQUFHLEdBQUcsYUFBRyxDQUFDLFdBQVcsRUFBRSxDQUFDO1FBQzlCLE1BQU0sWUFBWSxHQUFHLEdBQUcsQ0FBQyxJQUFJLENBQUMsYUFBYSxDQUFDLFdBQVcsQ0FBQyxDQUFDO1FBQ3pELElBQUksU0FBOEMsQ0FBQztRQUNuRCxJQUFJLE9BQU8sWUFBWSxLQUFLLFFBQVEsRUFBRSxDQUFDO1lBQ3JDLElBQUksQ0FBQztnQkFDSCxNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLFlBQVksQ0FBQyxDQUFDO2dCQUN4QyxTQUFTO29CQUNQLE9BQU8sTUFBTSxLQUFLLFFBQVEsSUFBSSxNQUFNLEtBQUssSUFBSTt3QkFDM0MsQ0FBQyxDQUFFLE1BQWtDO3dCQUNyQyxDQUFDLENBQUMsU0FBUyxDQUFDO1lBQ2xCLENBQUM7WUFBQyxPQUFPLEdBQUcsRUFBRSxDQUFDO2dCQUNiLDhCQUFXLENBQUMsSUFBSSxDQUNkLHVEQUF1RCxHQUFHLFlBQVksS0FBSyxDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FDMUcsQ0FBQztZQUNKLENBQUM7UUFDSCxDQUFDO1FBQ0QsTUFBTSxnQkFBZ0IsR0FBRyxLQUFLLENBQUMsT0FBTyxDQUFDLFNBQVMsRUFBRSxnQkFBZ0IsQ0FBQztZQUNqRSxDQUFDLENBQUUsU0FBUyxDQUFDLGdCQUFzQztZQUNuRCxDQUFDLENBQUMsRUFBRSxDQUFDO1FBRVAsNENBQTRDO1FBQzVDLE1BQU0sT0FBTyxHQUFHLGdCQUFnQixDQUFDLElBQUksQ0FBQyxDQUFDLEVBQUUsRUFBRSxFQUFFLENBQUMsRUFBRSxDQUFDLEVBQUUsS0FBSyxLQUFLLENBQUMsU0FBUyxDQUFDLENBQUM7UUFDekUsTUFBTSxtQkFBbUIsR0FBRyxPQUFPLEVBQUUsV0FBVyxLQUFLLFlBQVksQ0FBQztRQUVsRSx1QkFBdUI7UUFDdkIsTUFBTSxzQkFBc0IsR0FDMUIsT0FBTyxTQUFTLEVBQUUsc0JBQXNCLEtBQUssUUFBUTtZQUNuRCxDQUFDLENBQUMsU0FBUyxDQUFDLHNCQUFzQjtZQUNsQyxDQUFDLENBQUMsU0FBUyxDQUFDO1FBRWhCLDJEQUEyRDtRQUMzRCw0REFBNEQ7UUFDNUQsTUFBTSx1QkFBdUIsR0FBRyxtQkFBbUI7WUFDakQsQ0FBQyxDQUFDLFNBQVM7WUFDWCxDQUFDLENBQUMsZ0JBQWdCLENBQUMsSUFBSSxDQUFDLENBQUMsRUFBRSxFQUFFLEVBQUUsQ0FBQyxFQUFFLENBQUMsV0FBVyxLQUFLLFlBQVksQ0FBQyxDQUFDO1FBRW5FLHlFQUF5RTtRQUN6RSxNQUFNLHdCQUF3QixHQUM1Qix1QkFBdUIsSUFBSSxzQkFBc0I7WUFDL0MsQ0FBQyxDQUFDLGtCQUFrQixzQkFBc0IsSUFBSSx1QkFBdUIsQ0FBQyxFQUFFLDJCQUEyQjtZQUNuRyxDQUFDLENBQUMsU0FBUyxDQUFDO1FBRWhCLHFEQUFxRDtRQUNyRCxNQUFNLGlCQUFpQixHQUFHLG1CQUFtQjtZQUMzQyxDQUFDLENBQUM7Z0JBQ0UsWUFBWSxFQUFFLFVBQVUsQ0FBQyxhQUFhO2dCQUN0QyxZQUFZLEVBQUUsVUFBVSxDQUFDLGFBQWE7Z0JBQ3RDLGFBQWEsRUFBRSxVQUFVLENBQUMsWUFBWTthQUN2QztZQUNILENBQUMsQ0FBQyxTQUFTLENBQUM7UUFFZCw4QkFBOEI7UUFDOUIsSUFBSSxDQUFDLFdBQVcsR0FBRyxJQUFJLG9CQUFXLENBQUMsSUFBSSxFQUFFLGFBQWEsRUFBRTtZQUN0RCxTQUFTLEVBQUUsYUFBYTtZQUN4QixhQUFhLEVBQUUsMkJBQWEsQ0FBQyxPQUFPO1lBQ3BDLGlCQUFpQixFQUFFLGlCQUFpQjtTQUNyQyxDQUFDLENBQUM7UUFFSCwwQ0FBMEM7UUFFMUMsSUFBSSxtQkFBbUIsRUFBRSxDQUFDO1lBQ3hCLE1BQU0sV0FBVyxHQUFHLGdCQUFnQixDQUFDO1lBQ3JDLE1BQU0sa0JBQWtCLEdBQUcsV0FBVyxDQUFDLE1BQU0sQ0FDM0MsQ0FBQyxHQUFHLEVBQUUsRUFBRSxDQUFDLEdBQUcsQ0FBQyxXQUFXLEtBQUssWUFBWSxDQUMxQyxDQUFDO1lBRUYsSUFBSSxrQkFBa0IsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxFQUFFLENBQUM7Z0JBQ2xDLE1BQU0sYUFBYSxHQUFHLElBQUkseUJBQWUsQ0FBQztvQkFDeEMsTUFBTSxFQUFFLGdCQUFNLENBQUMsS0FBSztvQkFDcEIsVUFBVSxFQUFFLGtCQUFrQixDQUFDLEdBQUcsQ0FDaEMsQ0FBQyxHQUFHLEVBQUUsRUFBRSxDQUFDLElBQUksMEJBQWdCLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxDQUN0QztvQkFDRCxPQUFPLEVBQUUsQ0FBQyw0QkFBNEIsQ0FBQztvQkFDdkMsU0FBUyxFQUFFLENBQUMsR0FBRyxDQUFDO2lCQUNqQixDQUFDLENBQUM7Z0JBQ0gsSUFBSSxDQUFDLFdBQVcsQ0FBQyxLQUFLLENBQUMsaUJBQWlCLENBQUMsYUFBYSxDQUFDLENBQUM7WUFDMUQsQ0FBQztRQUNILENBQUM7UUFFRCx5RUFBeUU7UUFDekUsMEVBQTBFO1FBQzFFLE1BQU0sbUJBQW1CLEdBQ3ZCLHNCQUFzQixJQUFJLHNCQUFzQixLQUFLLEtBQUssQ0FBQyxNQUFNO1lBQy9ELENBQUMsQ0FBQyxrQkFBa0Isc0JBQXNCLElBQUksS0FBSyxDQUFDLFNBQVMsMkJBQTJCO1lBQ3hGLENBQUMsQ0FBQyxTQUFTLENBQUM7UUFFaEIsZ0NBQWdDO1FBQ2hDLElBQUksQ0FBQyxXQUFXLEdBQUc7WUFDakIsUUFBUSxFQUFFLElBQUksbUJBQVUsQ0FBQyxJQUFJLEVBQUUsb0JBQW9CLEVBQUU7Z0JBQ25ELFFBQVEsRUFBRSxVQUFVO2dCQUNwQixLQUFLLEVBQUUsSUFBSSxDQUFDLHlCQUF5QixDQUFDLFVBQVUsQ0FBQztnQkFDakQsUUFBUSxFQUFFLFNBQVM7Z0JBQ25CLFdBQVcsRUFBRSxJQUFJLENBQUMsV0FBVzthQUM5QixDQUFDO1lBQ0YsU0FBUyxFQUFFLElBQUksbUJBQVUsQ0FBQyxJQUFJLEVBQUUscUJBQXFCLEVBQUU7Z0JBQ3JELFFBQVEsRUFBRSxXQUFXO2dCQUNyQixLQUFLLEVBQUUsSUFBSSxDQUFDLDBCQUEwQixDQUNwQyxXQUFXLEVBQ1gsbUJBQW1CLENBQ3BCO2dCQUNELFFBQVEsRUFBRSxXQUFXO2dCQUNyQixXQUFXLEVBQUUsSUFBSSxDQUFDLFdBQVc7YUFDOUIsQ0FBQztZQUNGLFVBQVUsRUFBRSxJQUFJLG1CQUFVLENBQUMsSUFBSSxFQUFFLHNCQUFzQixFQUFFO2dCQUN2RCxRQUFRLEVBQUUsWUFBWTtnQkFDdEIsS0FBSyxFQUFFLElBQUksQ0FBQywyQkFBMkIsQ0FDckMsWUFBWSxFQUNaLG1CQUFtQixFQUNuQix3QkFBd0IsQ0FDekI7Z0JBQ0QsUUFBUSxFQUFFLFlBQVk7Z0JBQ3RCLFdBQVcsRUFBRSxJQUFJLENBQUMsV0FBVzthQUM5QixDQUFDO1NBQ0gsQ0FBQztRQUVGLHlDQUF5QztRQUN6QyxJQUFJLEtBQUssQ0FBQyxpQkFBaUIsSUFBSSxLQUFLLENBQUMsaUJBQWlCLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQ2xFLElBQUksQ0FBQyxpQkFBaUIsR0FBRyxLQUFLLENBQUMsaUJBQWlCLENBQUMsR0FBRyxDQUFDLENBQUMsTUFBTSxFQUFFLEtBQUssRUFBRSxFQUFFO2dCQUNyRSxPQUFPLElBQUksbUJBQVUsQ0FBQyxJQUFJLEVBQUUsbUJBQW1CLEtBQUssRUFBRSxFQUFFO29CQUN0RCxRQUFRLEVBQUUsTUFBTSxDQUFDLFFBQVE7b0JBQ3pCLEtBQUssRUFBRSxNQUFNLENBQUMsS0FBSztvQkFDbkIsUUFBUSxFQUFFLE1BQU0sQ0FBQyxRQUFRO29CQUN6QixXQUFXLEVBQUUsSUFBSSxDQUFDLFdBQVc7aUJBQzlCLENBQUMsQ0FBQztZQUNMLENBQUMsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztRQUVELHlDQUF5QztRQUN6QyxJQUFJLHVCQUFTLENBQUMsSUFBSSxFQUFFLHlCQUF5QixFQUFFO1lBQzdDLEdBQUcsRUFBRSx5QkFBeUI7WUFDOUIsS0FBSyxFQUFFLE1BQU07WUFDYixVQUFVLEVBQUUseUJBQXlCO1NBQ3RDLENBQUMsQ0FBQztRQUVILElBQUksc0JBQXNCLEVBQUUsQ0FBQztZQUMzQixJQUFJLHVCQUFTLENBQUMsSUFBSSxFQUFFLG1CQUFtQixFQUFFO2dCQUN2QyxHQUFHLEVBQUUsbUJBQW1CO2dCQUN4QixLQUFLLEVBQUUsc0JBQXNCO2dCQUM3QixVQUFVLEVBQUUsbUJBQW1CO2FBQ2hDLENBQUMsQ0FBQztRQUNMLENBQUM7UUFFRCxJQUFJLG1CQUFtQixFQUFFLENBQUM7WUFDeEIsSUFBSSx1QkFBUyxDQUFDLElBQUksRUFBRSxrQkFBa0IsRUFBRTtnQkFDdEMsR0FBRyxFQUFFLGtCQUFrQjtnQkFDdkIsS0FBSyxFQUFFLE1BQU07Z0JBQ2IsVUFBVSxFQUFFLGtCQUFrQjthQUMvQixDQUFDLENBQUM7UUFDTCxDQUFDO0lBQ0gsQ0FBQztJQUVPLHlCQUF5QixDQUFDLFFBQWdCO1FBQ2hELE9BQU87WUFDTCxJQUFJLDJCQUFjLENBQUM7Z0JBQ2pCLFFBQVEsRUFBRSxHQUFHLFFBQVEsT0FBTztnQkFDNUIsa0JBQWtCLEVBQUUsTUFBTSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsRUFBRSxJQUFJLEVBQUUsR0FBRyxFQUFFLE1BQU0sRUFBRSxHQUFHLEVBQUUsQ0FBQyxFQUFFLGFBQWE7Z0JBQ25GLFdBQVcsRUFBRSxzQkFBUSxDQUFDLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxRQUFRLENBQUM7Z0JBQ3RELFdBQVcsRUFBRSxjQUFjLENBQUMsS0FBSztnQkFDakMsZ0JBQWdCLEVBQUUsY0FBYyxDQUFDLFVBQVU7YUFDNUMsQ0FBQztTQUNILENBQUM7SUFDSixDQUFDO0lBRU8sMEJBQTBCLENBQ2hDLFFBQWdCLEVBQ2hCLG1CQUE0QjtRQUU1QixNQUFNLFdBQVcsR0FBRyxJQUFJLENBQUMsaUJBQWlCLENBQ3hDLFFBQVEsRUFDUixtQkFBbUIsRUFDbkIsU0FBUyxFQUNULHNCQUFRLENBQUMsSUFBSSxDQUFDLGlCQUFpQixDQUFDLHFCQUFxQixDQUFDLEVBQ3RELFNBQVMsQ0FDVixDQUFDO1FBRUYsT0FBTztZQUNMLElBQUksMkJBQWMsQ0FBQztnQkFDakIsUUFBUSxFQUFFLEdBQUcsUUFBUSxPQUFPO2dCQUM1QixrQkFBa0IsRUFBRSxNQUFNLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxFQUFFLElBQUksRUFBRSxHQUFHLEVBQUUsTUFBTSxFQUFFLEdBQUcsRUFBRSxDQUFDLEVBQUUsYUFBYTtnQkFDbkYsV0FBVyxFQUFFLHNCQUFRLENBQUMsSUFBSSxDQUFDLGlCQUFpQixDQUFDLHFCQUFxQixDQUFDO2dCQUNuRSxzQkFBc0IsRUFBRSxJQUFJO2dCQUM1QixXQUFXLEVBQUUsY0FBYyxDQUFDLEtBQUs7Z0JBQ2pDLGdCQUFnQixFQUFFLGNBQWMsQ0FBQyxVQUFVO2dCQUMzQyxXQUFXO2FBQ1osQ0FBQztTQUNILENBQUM7SUFDSixDQUFDO0lBRU8sMkJBQTJCLENBQ2pDLFFBQWdCLEVBQ2hCLG1CQUE0QixFQUM1Qix3QkFBaUM7UUFFakMsTUFBTSxxQkFBcUIsR0FBRyxJQUFJLENBQUMsaUJBQWlCLENBQ2xELEdBQUcsUUFBUSxZQUFZLEVBQ3ZCLG1CQUFtQixFQUNuQix3QkFBd0IsRUFDeEIsc0JBQVEsQ0FBQyxJQUFJLENBQUMsaUJBQWlCLENBQUMscUJBQXFCLENBQUMsRUFDdEQsU0FBUyxDQUNWLENBQUM7UUFFRixNQUFNLHFCQUFxQixHQUFHLElBQUksQ0FBQyxpQkFBaUIsQ0FDbEQsR0FBRyxRQUFRLFlBQVksRUFDdkIsbUJBQW1CLEVBQ25CLHdCQUF3QixFQUN4QixzQkFBUSxDQUFDLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxxQkFBcUIsQ0FBQyxFQUN0RCxzQkFBUSxDQUFDLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxxQkFBcUIsQ0FBQyxDQUN2RCxDQUFDO1FBRUYsT0FBTztZQUNMLDZDQUE2QztZQUM3QyxJQUFJLDJCQUFjLENBQUM7Z0JBQ2pCLFFBQVEsRUFBRSxHQUFHLFFBQVEsWUFBWTtnQkFDakMsa0JBQWtCLEVBQUUsTUFBTSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsRUFBRSxJQUFJLEVBQUUsR0FBRyxFQUFFLE1BQU0sRUFBRSxHQUFHLEVBQUUsQ0FBQyxFQUFFLDhCQUE4QjtnQkFDcEcsV0FBVyxFQUFFLHNCQUFRLENBQUMsSUFBSSxDQUFDLGlCQUFpQixDQUFDLHFCQUFxQixDQUFDO2dCQUNuRSxzQkFBc0IsRUFBRSxJQUFJO2dCQUM1QixXQUFXLEVBQUUsY0FBYyxDQUFDLEtBQUs7Z0JBQ2pDLGdCQUFnQixFQUFFLGNBQWMsQ0FBQyxVQUFVO2dCQUMzQyxXQUFXLEVBQUUscUJBQXFCO2FBQ25DLENBQUM7WUFDRixzREFBc0Q7WUFDdEQsSUFBSSwyQkFBYyxDQUFDO2dCQUNqQixRQUFRLEVBQUUsR0FBRyxRQUFRLGtCQUFrQjtnQkFDdkMsa0JBQWtCLEVBQUUsTUFBTSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsRUFBRSxNQUFNLEVBQUUsR0FBRyxFQUFFLENBQUMsRUFBRSxhQUFhO2dCQUN4RSxXQUFXLEVBQUUsc0JBQVEsQ0FBQyxJQUFJLENBQUMsaUJBQWlCLENBQUMscUJBQXFCLENBQUM7Z0JBQ25FLHNCQUFzQixFQUFFLHNCQUFRLENBQUMsSUFBSSxDQUNuQyxpQkFBaUIsQ0FBQyxxQkFBcUIsQ0FDeEM7Z0JBQ0QsV0FBVyxFQUFFLGNBQWMsQ0FBQyxLQUFLO2dCQUNqQyxnQkFBZ0IsRUFBRSxjQUFjLENBQUMsZ0JBQWdCO2dCQUNqRCxXQUFXLEVBQUUscUJBQXFCO2FBQ25DLENBQUM7U0FDSCxDQUFDO0lBQ0osQ0FBQztJQUVPLGlCQUFpQixDQUN2QixRQUFnQixFQUNoQixtQkFBNEIsRUFDNUIsd0JBQWlDLEVBQ2pDLFdBQXNCLEVBQ3RCLHNCQUFpQztRQUVqQyxNQUFNLE9BQU8sR0FBZ0MsRUFBRSxDQUFDO1FBRWhELDJCQUEyQjtRQUMzQixJQUFJLG1CQUFtQixFQUFFLENBQUM7WUFDeEIsTUFBTSxpQkFBaUIsR0FBOEI7Z0JBQ25ELHNCQUFzQixFQUFFLHdCQUFLLENBQUMsa0JBQWtCLENBQzlDLElBQUksRUFDSixHQUFHLFFBQVEscUJBQXFCLEVBQ2hDLG1CQUFtQixDQUNwQjtnQkFDRCxHQUFHLENBQUMsV0FBVyxJQUFJLEVBQUUsV0FBVyxFQUFFLENBQUM7Z0JBQ25DLG9EQUFvRDtnQkFDcEQsR0FBRyxDQUFDLHNCQUFzQjtvQkFDMUIsc0JBQXNCLENBQUMsTUFBTSxFQUFFO3dCQUM3QixpQkFBaUIsQ0FBQyxvQkFBb0I7b0JBQ3RDLENBQUMsQ0FBQyxFQUFFLHNCQUFzQixFQUFFO29CQUM1QixDQUFDLENBQUMsRUFBRSxDQUFDO2FBQ1IsQ0FBQztZQUNGLE9BQU8sQ0FBQyxJQUFJLENBQUMsaUJBQWlCLENBQUMsQ0FBQztRQUNsQyxDQUFDO1FBRUQseUJBQXlCO1FBQ3pCLElBQUksd0JBQXdCLEVBQUUsQ0FBQztZQUM3QixNQUFNLFFBQVEsR0FBOEI7Z0JBQzFDLHNCQUFzQixFQUFFLHdCQUFLLENBQUMsa0JBQWtCLENBQzlDLElBQUksRUFDSixHQUFHLFFBQVEsMEJBQTBCLEVBQ3JDLHdCQUF3QixDQUN6QjtnQkFDRCxHQUFHLENBQUMsV0FBVyxJQUFJLEVBQUUsV0FBVyxFQUFFLENBQUM7Z0JBQ25DLG9EQUFvRDtnQkFDcEQsR0FBRyxDQUFDLHNCQUFzQjtvQkFDMUIsc0JBQXNCLENBQUMsTUFBTSxFQUFFO3dCQUM3QixpQkFBaUIsQ0FBQyxvQkFBb0I7b0JBQ3RDLENBQUMsQ0FBQyxFQUFFLHNCQUFzQixFQUFFO29CQUM1QixDQUFDLENBQUMsRUFBRSxDQUFDO2FBQ1IsQ0FBQztZQUNGLE9BQU8sQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLENBQUM7UUFDekIsQ0FBQztRQUVELE9BQU8sT0FBTyxDQUFDLE1BQU0sR0FBRyxDQUFDLENBQUMsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsU0FBUyxDQUFDO0lBQ2xELENBQUM7Q0FDRjtBQXpTRCw0Q0F5U0MiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBDZm5PdXRwdXQsIER1cmF0aW9uLCBSZW1vdmFsUG9saWN5IH0gZnJvbSBcImF3cy1jZGstbGliXCI7XG5pbXBvcnQgeyBDb25zdHJ1Y3QgfSBmcm9tIFwiY29uc3RydWN0c1wiO1xuaW1wb3J0IHsgQmFja3VwVmF1bHQsIEJhY2t1cFBsYW4gfSBmcm9tIFwiLi4vLi4vcmVzb3VyY2VzL2F3cy9iYWNrdXBcIjtcbmltcG9ydCB7XG4gIEJhY2t1cFBsYW5SdWxlLFxuICB0eXBlIEJhY2t1cFBsYW5Db3B5QWN0aW9uUHJvcHMsXG4gIEJhY2t1cFZhdWx0IGFzIFZhdWx0XG59IGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtYmFja3VwXCI7XG5pbXBvcnQgKiBhcyBldmVudHMgZnJvbSBcImF3cy1jZGstbGliL2F3cy1ldmVudHNcIjtcbmltcG9ydCB7IEFjY291bnRQcmluY2lwYWwsIEVmZmVjdCwgUG9saWN5U3RhdGVtZW50IH0gZnJvbSBcImF3cy1jZGstbGliL2F3cy1pYW1cIjtcbmltcG9ydCB7IHR5cGUgUHJvdmlkZXJBY2NvdW50IH0gZnJvbSBcIkBmamFsbC91dGlsXCI7XG5pbXBvcnQgQXBwIGZyb20gXCIuLi8uLi9hcHBcIjtcbmltcG9ydCB7IEZqYWxsTG9nZ2VyIH0gZnJvbSBcIi4uLy4uL3V0aWxzL3ZhbGlkYXRpb25Mb2dnZXJcIjtcblxuLy8gQmFja3VwIHJldGVudGlvbiBjb25zdGFudHMgKGluIGRheXMpXG5jb25zdCBSRVRFTlRJT05fUEVSSU9EUyA9IHtcbiAgU1RBTkRBUkQ6IDkwLFxuICBSRVNJTElFTlQ6IDM2NSxcbiAgRU5URVJQUklTRV9DT05USU5VT1VTOiAzNSwgLy8gQVdTIG1heCBmb3IgY29udGludW91cyBiYWNrdXBcbiAgRU5URVJQUklTRV9DT01QTElBTkNFOiAyNTU1LCAvLyA3IHllYXJzXG4gIENPTERfU1RPUkFHRV9NSU5JTVVNOiA5MCwgLy8gQVdTIG1pbmltdW1cbiAgQ09MRF9TVE9SQUdFX09ORV9ZRUFSOiAzNjVcbn0gYXMgY29uc3Q7XG5cbi8vIEJhY2t1cCB3aW5kb3cgY29uc3RhbnRzXG5jb25zdCBCQUNLVVBfV0lORE9XUyA9IHtcbiAgU1RBUlQ6IER1cmF0aW9uLm1pbnV0ZXMoNjApLFxuICBDT01QTEVUSU9OOiBEdXJhdGlvbi5ob3VycygxMiksXG4gIENPTVBMRVRJT05fU0hPUlQ6IER1cmF0aW9uLmhvdXJzKDIpXG59IGFzIGNvbnN0O1xuXG4vLyBWYXVsdCBsb2NrIGNvbnN0YW50c1xuY29uc3QgVkFVTFRfTE9DSyA9IHtcbiAgTUlOX1JFVEVOVElPTjogRHVyYXRpb24uZGF5cygzNjUpLFxuICBNQVhfUkVURU5USU9OOiBEdXJhdGlvbi5kYXlzKDM2NTAwKSxcbiAgR1JBQ0VfUEVSSU9EOiBEdXJhdGlvbi5kYXlzKDMpXG59IGFzIGNvbnN0O1xuXG5leHBvcnQgaW50ZXJmYWNlIEN1c3RvbUJhY2t1cFBsYW5Db25maWcge1xuICBwbGFuTmFtZTogc3RyaW5nO1xuICBydWxlczogQmFja3VwUGxhblJ1bGVbXTtcbiAgdGFnVmFsdWU6IHN0cmluZztcbn1cblxuZXhwb3J0IGludGVyZmFjZSBEaXNhc3RlclJlY292ZXJ5UHJvcHMge1xuICByZWdpb246IHN0cmluZztcbiAgYWNjb3VudElkOiBzdHJpbmc7XG4gIGN1c3RvbUJhY2t1cFBsYW5zPzogQ3VzdG9tQmFja3VwUGxhbkNvbmZpZ1tdO1xufVxuXG5leHBvcnQgY2xhc3MgRGlzYXN0ZXJSZWNvdmVyeSBleHRlbmRzIENvbnN0cnVjdCB7XG4gIHB1YmxpYyByZWFkb25seSBiYWNrdXBWYXVsdDogQmFja3VwVmF1bHQ7XG4gIHB1YmxpYyByZWFkb25seSBiYWNrdXBQbGFuczoge1xuICAgIHN0YW5kYXJkOiBCYWNrdXBQbGFuO1xuICAgIHJlc2lsaWVudDogQmFja3VwUGxhbjtcbiAgICBlbnRlcnByaXNlOiBCYWNrdXBQbGFuO1xuICB9O1xuICBwdWJsaWMgcmVhZG9ubHkgY3VzdG9tQmFja3VwUGxhbnM/OiBCYWNrdXBQbGFuW107XG5cbiAgY29uc3RydWN0b3Ioc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZywgcHJvcHM6IERpc2FzdGVyUmVjb3ZlcnlQcm9wcykge1xuICAgIHN1cGVyKHNjb3BlLCBpZCk7XG5cbiAgICAvLyBSZWFkIG9yZyBjb25maWcgZnJvbSBDREsgY29udGV4dFxuICAgIGNvbnN0IGFwcCA9IEFwcC5nZXRJbnN0YW5jZSgpO1xuICAgIGNvbnN0IG9yZ0NvbmZpZ1JhdyA9IGFwcC5ub2RlLnRyeUdldENvbnRleHQoXCJvcmdDb25maWdcIik7XG4gICAgbGV0IG9yZ0NvbmZpZzogUmVjb3JkPHN0cmluZywgdW5rbm93bj4gfCB1bmRlZmluZWQ7XG4gICAgaWYgKHR5cGVvZiBvcmdDb25maWdSYXcgPT09IFwic3RyaW5nXCIpIHtcbiAgICAgIHRyeSB7XG4gICAgICAgIGNvbnN0IHBhcnNlZCA9IEpTT04ucGFyc2Uob3JnQ29uZmlnUmF3KTtcbiAgICAgICAgb3JnQ29uZmlnID1cbiAgICAgICAgICB0eXBlb2YgcGFyc2VkID09PSBcIm9iamVjdFwiICYmIHBhcnNlZCAhPT0gbnVsbFxuICAgICAgICAgICAgPyAocGFyc2VkIGFzIFJlY29yZDxzdHJpbmcsIHVua25vd24+KVxuICAgICAgICAgICAgOiB1bmRlZmluZWQ7XG4gICAgICB9IGNhdGNoIChlcnIpIHtcbiAgICAgICAgRmphbGxMb2dnZXIud2FybihcbiAgICAgICAgICBgW2ZqYWxsXSBGYWlsZWQgdG8gcGFyc2Ugb3JnQ29uZmlnIGZyb20gQ0RLIGNvbnRleHQ6ICR7ZXJyIGluc3RhbmNlb2YgRXJyb3IgPyBlcnIubWVzc2FnZSA6IFN0cmluZyhlcnIpfWBcbiAgICAgICAgKTtcbiAgICAgIH1cbiAgICB9XG4gICAgY29uc3QgcHJvdmlkZXJBY2NvdW50cyA9IEFycmF5LmlzQXJyYXkob3JnQ29uZmlnPy5wcm92aWRlckFjY291bnRzKVxuICAgICAgPyAob3JnQ29uZmlnLnByb3ZpZGVyQWNjb3VudHMgYXMgUHJvdmlkZXJBY2NvdW50W10pXG4gICAgICA6IFtdO1xuXG4gICAgLy8gRGV0ZXJtaW5lIGlmIHRoaXMgaXMgYSBjb21wbGlhbmNlIGFjY291bnRcbiAgICBjb25zdCBhY2NvdW50ID0gcHJvdmlkZXJBY2NvdW50cy5maW5kKChwYSkgPT4gcGEuaWQgPT09IHByb3BzLmFjY291bnRJZCk7XG4gICAgY29uc3QgaXNDb21wbGlhbmNlQWNjb3VudCA9IGFjY291bnQ/LmVudmlyb25tZW50ID09PSBcImNvbXBsaWFuY2VcIjtcblxuICAgIC8vIEdldCBEUiBjb25maWd1cmF0aW9uXG4gICAgY29uc3QgZGlzYXN0ZXJSZWNvdmVyeVJlZ2lvbiA9XG4gICAgICB0eXBlb2Ygb3JnQ29uZmlnPy5kaXNhc3RlclJlY292ZXJ5UmVnaW9uID09PSBcInN0cmluZ1wiXG4gICAgICAgID8gb3JnQ29uZmlnLmRpc2FzdGVyUmVjb3ZlcnlSZWdpb25cbiAgICAgICAgOiB1bmRlZmluZWQ7XG5cbiAgICAvLyBMb29rIHVwIGNvbXBsaWFuY2UgYWNjb3VudCBmb3IgY3Jvc3MtYWNjb3VudCByZXBsaWNhdGlvblxuICAgIC8vIFNraXAgaWYgdGhlIGNvbXBsaWFuY2UgYWNjb3VudCAocHJldmVudCBzZWxmLXJlcGxpY2F0aW9uKVxuICAgIGNvbnN0IGRpc2FzdGVyUmVjb3ZlcnlBY2NvdW50ID0gaXNDb21wbGlhbmNlQWNjb3VudFxuICAgICAgPyB1bmRlZmluZWRcbiAgICAgIDogcHJvdmlkZXJBY2NvdW50cy5maW5kKChwYSkgPT4gcGEuZW52aXJvbm1lbnQgPT09IFwiY29tcGxpYW5jZVwiKTtcblxuICAgIC8vIENvbnN0cnVjdCBjcm9zcy1hY2NvdW50IERSIHZhdWx0IEFSTiAoY29tcGxpYW5jZSBhY2NvdW50IGluIERSIHJlZ2lvbilcbiAgICBjb25zdCBkaXNhc3RlclJlY292ZXJ5VmF1bHRBcm4gPVxuICAgICAgZGlzYXN0ZXJSZWNvdmVyeUFjY291bnQgJiYgZGlzYXN0ZXJSZWNvdmVyeVJlZ2lvblxuICAgICAgICA/IGBhcm46YXdzOmJhY2t1cDoke2Rpc2FzdGVyUmVjb3ZlcnlSZWdpb259OiR7ZGlzYXN0ZXJSZWNvdmVyeUFjY291bnQuaWR9OmJhY2t1cC12YXVsdDpiYWNrdXBWYXVsdGBcbiAgICAgICAgOiB1bmRlZmluZWQ7XG5cbiAgICAvLyBDb21wbGlhbmNlIGFjY291bnRzIGdldCB2YXVsdCBsb2NrcyBmb3IgcHJvdGVjdGlvblxuICAgIGNvbnN0IGxvY2tDb25maWd1cmF0aW9uID0gaXNDb21wbGlhbmNlQWNjb3VudFxuICAgICAgPyB7XG4gICAgICAgICAgbWluUmV0ZW50aW9uOiBWQVVMVF9MT0NLLk1JTl9SRVRFTlRJT04sXG4gICAgICAgICAgbWF4UmV0ZW50aW9uOiBWQVVMVF9MT0NLLk1BWF9SRVRFTlRJT04sXG4gICAgICAgICAgY2hhbmdlYWJsZUZvcjogVkFVTFRfTE9DSy5HUkFDRV9QRVJJT0RcbiAgICAgICAgfVxuICAgICAgOiB1bmRlZmluZWQ7XG5cbiAgICAvLyBDcmVhdGUgcHJpbWFyeSBiYWNrdXAgdmF1bHRcbiAgICB0aGlzLmJhY2t1cFZhdWx0ID0gbmV3IEJhY2t1cFZhdWx0KHRoaXMsIFwiQmFja3VwVmF1bHRcIiwge1xuICAgICAgdmF1bHROYW1lOiBcImJhY2t1cFZhdWx0XCIsXG4gICAgICByZW1vdmFsUG9saWN5OiBSZW1vdmFsUG9saWN5LkRFU1RST1ksXG4gICAgICBsb2NrQ29uZmlndXJhdGlvbjogbG9ja0NvbmZpZ3VyYXRpb25cbiAgICB9KTtcblxuICAgIC8vIENvbmZpZ3VyZSBjcm9zcy1hY2NvdW50IGFjY2VzcyBwb2xpY2llc1xuXG4gICAgaWYgKGlzQ29tcGxpYW5jZUFjY291bnQpIHtcbiAgICAgIGNvbnN0IGFsbEFjY291bnRzID0gcHJvdmlkZXJBY2NvdW50cztcbiAgICAgIGNvbnN0IHByb2R1Y3Rpb25BY2NvdW50cyA9IGFsbEFjY291bnRzLmZpbHRlcihcbiAgICAgICAgKGFjYykgPT4gYWNjLmVudmlyb25tZW50ID09PSBcInByb2R1Y3Rpb25cIlxuICAgICAgKTtcblxuICAgICAgaWYgKHByb2R1Y3Rpb25BY2NvdW50cy5sZW5ndGggPiAwKSB7XG4gICAgICAgIGNvbnN0IGNvcHlTdGF0ZW1lbnQgPSBuZXcgUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgICBlZmZlY3Q6IEVmZmVjdC5BTExPVyxcbiAgICAgICAgICBwcmluY2lwYWxzOiBwcm9kdWN0aW9uQWNjb3VudHMubWFwKFxuICAgICAgICAgICAgKGFjYykgPT4gbmV3IEFjY291bnRQcmluY2lwYWwoYWNjLmlkKVxuICAgICAgICAgICksXG4gICAgICAgICAgYWN0aW9uczogW1wiYmFja3VwOkNvcHlJbnRvQmFja3VwVmF1bHRcIl0sXG4gICAgICAgICAgcmVzb3VyY2VzOiBbXCIqXCJdXG4gICAgICAgIH0pO1xuICAgICAgICB0aGlzLmJhY2t1cFZhdWx0LnZhdWx0LmFkZFRvQWNjZXNzUG9saWN5KGNvcHlTdGF0ZW1lbnQpO1xuICAgICAgfVxuICAgIH1cblxuICAgIC8vIENvbnN0cnVjdCBjcm9zcy1yZWdpb24gcmVwbGljYXRpb24gdmF1bHQgQVJOIChzYW1lIGFjY291bnQsIERSIHJlZ2lvbilcbiAgICAvLyBPbmx5IHJlcGxpY2F0ZSBpZiBEUiByZWdpb24gZXhpc3RzIEFORCBpcyBkaWZmZXJlbnQgZnJvbSBjdXJyZW50IHJlZ2lvblxuICAgIGNvbnN0IHJlcGxpY2F0aW9uVmF1bHRBcm4gPVxuICAgICAgZGlzYXN0ZXJSZWNvdmVyeVJlZ2lvbiAmJiBkaXNhc3RlclJlY292ZXJ5UmVnaW9uICE9PSBwcm9wcy5yZWdpb25cbiAgICAgICAgPyBgYXJuOmF3czpiYWNrdXA6JHtkaXNhc3RlclJlY292ZXJ5UmVnaW9ufToke3Byb3BzLmFjY291bnRJZH06YmFja3VwLXZhdWx0OmJhY2t1cFZhdWx0YFxuICAgICAgICA6IHVuZGVmaW5lZDtcblxuICAgIC8vIENyZWF0ZSBhbGwgdGhyZWUgYmFja3VwIHBsYW5zXG4gICAgdGhpcy5iYWNrdXBQbGFucyA9IHtcbiAgICAgIHN0YW5kYXJkOiBuZXcgQmFja3VwUGxhbih0aGlzLCBcIlN0YW5kYXJkQmFja3VwUGxhblwiLCB7XG4gICAgICAgIHBsYW5OYW1lOiBcInN0YW5kYXJkXCIsXG4gICAgICAgIHJ1bGVzOiB0aGlzLmNyZWF0ZVN0YW5kYXJkQmFja3VwUnVsZXMoXCJzdGFuZGFyZFwiKSxcbiAgICAgICAgdGFnVmFsdWU6IFwiZGVmYXVsdFwiLFxuICAgICAgICBiYWNrdXBWYXVsdDogdGhpcy5iYWNrdXBWYXVsdFxuICAgICAgfSksXG4gICAgICByZXNpbGllbnQ6IG5ldyBCYWNrdXBQbGFuKHRoaXMsIFwiUmVzaWxpZW50QmFja3VwUGxhblwiLCB7XG4gICAgICAgIHBsYW5OYW1lOiBcInJlc2lsaWVudFwiLFxuICAgICAgICBydWxlczogdGhpcy5jcmVhdGVSZXNpbGllbnRCYWNrdXBSdWxlcyhcbiAgICAgICAgICBcInJlc2lsaWVudFwiLFxuICAgICAgICAgIHJlcGxpY2F0aW9uVmF1bHRBcm5cbiAgICAgICAgKSxcbiAgICAgICAgdGFnVmFsdWU6IFwicmVzaWxpZW50XCIsXG4gICAgICAgIGJhY2t1cFZhdWx0OiB0aGlzLmJhY2t1cFZhdWx0XG4gICAgICB9KSxcbiAgICAgIGVudGVycHJpc2U6IG5ldyBCYWNrdXBQbGFuKHRoaXMsIFwiRW50ZXJwcmlzZUJhY2t1cFBsYW5cIiwge1xuICAgICAgICBwbGFuTmFtZTogXCJlbnRlcnByaXNlXCIsXG4gICAgICAgIHJ1bGVzOiB0aGlzLmNyZWF0ZUVudGVycHJpc2VCYWNrdXBSdWxlcyhcbiAgICAgICAgICBcImVudGVycHJpc2VcIixcbiAgICAgICAgICByZXBsaWNhdGlvblZhdWx0QXJuLFxuICAgICAgICAgIGRpc2FzdGVyUmVjb3ZlcnlWYXVsdEFyblxuICAgICAgICApLFxuICAgICAgICB0YWdWYWx1ZTogXCJlbnRlcnByaXNlXCIsXG4gICAgICAgIGJhY2t1cFZhdWx0OiB0aGlzLmJhY2t1cFZhdWx0XG4gICAgICB9KVxuICAgIH07XG5cbiAgICAvLyBDcmVhdGUgY3VzdG9tIGJhY2t1cCBwbGFucyBpZiBwcm92aWRlZFxuICAgIGlmIChwcm9wcy5jdXN0b21CYWNrdXBQbGFucyAmJiBwcm9wcy5jdXN0b21CYWNrdXBQbGFucy5sZW5ndGggPiAwKSB7XG4gICAgICB0aGlzLmN1c3RvbUJhY2t1cFBsYW5zID0gcHJvcHMuY3VzdG9tQmFja3VwUGxhbnMubWFwKChjb25maWcsIGluZGV4KSA9PiB7XG4gICAgICAgIHJldHVybiBuZXcgQmFja3VwUGxhbih0aGlzLCBgQ3VzdG9tQmFja3VwUGxhbiR7aW5kZXh9YCwge1xuICAgICAgICAgIHBsYW5OYW1lOiBjb25maWcucGxhbk5hbWUsXG4gICAgICAgICAgcnVsZXM6IGNvbmZpZy5ydWxlcyxcbiAgICAgICAgICB0YWdWYWx1ZTogY29uZmlnLnRhZ1ZhbHVlLFxuICAgICAgICAgIGJhY2t1cFZhdWx0OiB0aGlzLmJhY2t1cFZhdWx0XG4gICAgICAgIH0pO1xuICAgICAgfSk7XG4gICAgfVxuXG4gICAgLy8gRXhwb3J0IGRpc2FzdGVyIHJlY292ZXJ5IGNvbmZpZ3VyYXRpb25cbiAgICBuZXcgQ2ZuT3V0cHV0KHRoaXMsIFwiRGlzYXN0ZXJSZWNvdmVyeUVuYWJsZWRcIiwge1xuICAgICAga2V5OiBcIkRpc2FzdGVyUmVjb3ZlcnlFbmFibGVkXCIsXG4gICAgICB2YWx1ZTogXCJ0cnVlXCIsXG4gICAgICBleHBvcnROYW1lOiBcIkRpc2FzdGVyUmVjb3ZlcnlFbmFibGVkXCJcbiAgICB9KTtcblxuICAgIGlmIChkaXNhc3RlclJlY292ZXJ5UmVnaW9uKSB7XG4gICAgICBuZXcgQ2ZuT3V0cHV0KHRoaXMsIFwiUmVwbGljYXRpb25SZWdpb25cIiwge1xuICAgICAgICBrZXk6IFwiUmVwbGljYXRpb25SZWdpb25cIixcbiAgICAgICAgdmFsdWU6IGRpc2FzdGVyUmVjb3ZlcnlSZWdpb24sXG4gICAgICAgIGV4cG9ydE5hbWU6IFwiUmVwbGljYXRpb25SZWdpb25cIlxuICAgICAgfSk7XG4gICAgfVxuXG4gICAgaWYgKGlzQ29tcGxpYW5jZUFjY291bnQpIHtcbiAgICAgIG5ldyBDZm5PdXRwdXQodGhpcywgXCJWYXVsdExvY2tFbmFibGVkXCIsIHtcbiAgICAgICAga2V5OiBcIlZhdWx0TG9ja0VuYWJsZWRcIixcbiAgICAgICAgdmFsdWU6IFwidHJ1ZVwiLFxuICAgICAgICBleHBvcnROYW1lOiBcIlZhdWx0TG9ja0VuYWJsZWRcIlxuICAgICAgfSk7XG4gICAgfVxuICB9XG5cbiAgcHJpdmF0ZSBjcmVhdGVTdGFuZGFyZEJhY2t1cFJ1bGVzKHBsYW5OYW1lOiBzdHJpbmcpOiBCYWNrdXBQbGFuUnVsZVtdIHtcbiAgICByZXR1cm4gW1xuICAgICAgbmV3IEJhY2t1cFBsYW5SdWxlKHtcbiAgICAgICAgcnVsZU5hbWU6IGAke3BsYW5OYW1lfURhaWx5YCxcbiAgICAgICAgc2NoZWR1bGVFeHByZXNzaW9uOiBldmVudHMuU2NoZWR1bGUuY3Jvbih7IGhvdXI6IFwiMlwiLCBtaW51dGU6IFwiMFwiIH0pLCAvLyAyIEFNIGRhaWx5XG4gICAgICAgIGRlbGV0ZUFmdGVyOiBEdXJhdGlvbi5kYXlzKFJFVEVOVElPTl9QRVJJT0RTLlNUQU5EQVJEKSxcbiAgICAgICAgc3RhcnRXaW5kb3c6IEJBQ0tVUF9XSU5ET1dTLlNUQVJULFxuICAgICAgICBjb21wbGV0aW9uV2luZG93OiBCQUNLVVBfV0lORE9XUy5DT01QTEVUSU9OXG4gICAgICB9KVxuICAgIF07XG4gIH1cblxuICBwcml2YXRlIGNyZWF0ZVJlc2lsaWVudEJhY2t1cFJ1bGVzKFxuICAgIHBsYW5OYW1lOiBzdHJpbmcsXG4gICAgcmVwbGljYXRpb25WYXVsdEFybj86IHN0cmluZ1xuICApOiBCYWNrdXBQbGFuUnVsZVtdIHtcbiAgICBjb25zdCBjb3B5QWN0aW9ucyA9IHRoaXMuY3JlYXRlQ29weUFjdGlvbnMoXG4gICAgICBwbGFuTmFtZSxcbiAgICAgIHJlcGxpY2F0aW9uVmF1bHRBcm4sXG4gICAgICB1bmRlZmluZWQsXG4gICAgICBEdXJhdGlvbi5kYXlzKFJFVEVOVElPTl9QRVJJT0RTLkVOVEVSUFJJU0VfQ09OVElOVU9VUyksXG4gICAgICB1bmRlZmluZWRcbiAgICApO1xuXG4gICAgcmV0dXJuIFtcbiAgICAgIG5ldyBCYWNrdXBQbGFuUnVsZSh7XG4gICAgICAgIHJ1bGVOYW1lOiBgJHtwbGFuTmFtZX1EYWlseWAsXG4gICAgICAgIHNjaGVkdWxlRXhwcmVzc2lvbjogZXZlbnRzLlNjaGVkdWxlLmNyb24oeyBob3VyOiBcIjJcIiwgbWludXRlOiBcIjBcIiB9KSwgLy8gMiBBTSBkYWlseVxuICAgICAgICBkZWxldGVBZnRlcjogRHVyYXRpb24uZGF5cyhSRVRFTlRJT05fUEVSSU9EUy5FTlRFUlBSSVNFX0NPTlRJTlVPVVMpLFxuICAgICAgICBlbmFibGVDb250aW51b3VzQmFja3VwOiB0cnVlLFxuICAgICAgICBzdGFydFdpbmRvdzogQkFDS1VQX1dJTkRPV1MuU1RBUlQsXG4gICAgICAgIGNvbXBsZXRpb25XaW5kb3c6IEJBQ0tVUF9XSU5ET1dTLkNPTVBMRVRJT04sXG4gICAgICAgIGNvcHlBY3Rpb25zXG4gICAgICB9KVxuICAgIF07XG4gIH1cblxuICBwcml2YXRlIGNyZWF0ZUVudGVycHJpc2VCYWNrdXBSdWxlcyhcbiAgICBwbGFuTmFtZTogc3RyaW5nLFxuICAgIHJlcGxpY2F0aW9uVmF1bHRBcm4/OiBzdHJpbmcsXG4gICAgZGlzYXN0ZXJSZWNvdmVyeVZhdWx0QXJuPzogc3RyaW5nXG4gICk6IEJhY2t1cFBsYW5SdWxlW10ge1xuICAgIGNvbnN0IGNvbnRpbnVvdXNDb3B5QWN0aW9ucyA9IHRoaXMuY3JlYXRlQ29weUFjdGlvbnMoXG4gICAgICBgJHtwbGFuTmFtZX1Db250aW51b3VzYCxcbiAgICAgIHJlcGxpY2F0aW9uVmF1bHRBcm4sXG4gICAgICBkaXNhc3RlclJlY292ZXJ5VmF1bHRBcm4sXG4gICAgICBEdXJhdGlvbi5kYXlzKFJFVEVOVElPTl9QRVJJT0RTLkVOVEVSUFJJU0VfQ09OVElOVU9VUyksXG4gICAgICB1bmRlZmluZWRcbiAgICApO1xuXG4gICAgY29uc3QgY29tcGxpYW5jZUNvcHlBY3Rpb25zID0gdGhpcy5jcmVhdGVDb3B5QWN0aW9ucyhcbiAgICAgIGAke3BsYW5OYW1lfUNvbXBsaWFuY2VgLFxuICAgICAgcmVwbGljYXRpb25WYXVsdEFybixcbiAgICAgIGRpc2FzdGVyUmVjb3ZlcnlWYXVsdEFybixcbiAgICAgIER1cmF0aW9uLmRheXMoUkVURU5USU9OX1BFUklPRFMuRU5URVJQUklTRV9DT01QTElBTkNFKSxcbiAgICAgIER1cmF0aW9uLmRheXMoUkVURU5USU9OX1BFUklPRFMuQ09MRF9TVE9SQUdFX09ORV9ZRUFSKVxuICAgICk7XG5cbiAgICByZXR1cm4gW1xuICAgICAgLy8gQ29udGludW91cyBiYWNrdXAgKDM1LWRheSBtYXggUElUUiB3aW5kb3cpXG4gICAgICBuZXcgQmFja3VwUGxhblJ1bGUoe1xuICAgICAgICBydWxlTmFtZTogYCR7cGxhbk5hbWV9Q29udGludW91c2AsXG4gICAgICAgIHNjaGVkdWxlRXhwcmVzc2lvbjogZXZlbnRzLlNjaGVkdWxlLmNyb24oeyBob3VyOiBcIjJcIiwgbWludXRlOiBcIjBcIiB9KSwgLy8gRGFpbHkgZm9yIGNvbnRpbnVvdXMgYmFja3VwXG4gICAgICAgIGRlbGV0ZUFmdGVyOiBEdXJhdGlvbi5kYXlzKFJFVEVOVElPTl9QRVJJT0RTLkVOVEVSUFJJU0VfQ09OVElOVU9VUyksXG4gICAgICAgIGVuYWJsZUNvbnRpbnVvdXNCYWNrdXA6IHRydWUsXG4gICAgICAgIHN0YXJ0V2luZG93OiBCQUNLVVBfV0lORE9XUy5TVEFSVCxcbiAgICAgICAgY29tcGxldGlvbldpbmRvdzogQkFDS1VQX1dJTkRPV1MuQ09NUExFVElPTixcbiAgICAgICAgY29weUFjdGlvbnM6IGNvbnRpbnVvdXNDb3B5QWN0aW9uc1xuICAgICAgfSksXG4gICAgICAvLyBIb3VybHkgc25hcHNob3RzIGZvciBsb25nLXRlcm0gY29tcGxpYW5jZSAoNyB5ZWFycylcbiAgICAgIG5ldyBCYWNrdXBQbGFuUnVsZSh7XG4gICAgICAgIHJ1bGVOYW1lOiBgJHtwbGFuTmFtZX1Ib3VybHlDb21wbGlhbmNlYCxcbiAgICAgICAgc2NoZWR1bGVFeHByZXNzaW9uOiBldmVudHMuU2NoZWR1bGUuY3Jvbih7IG1pbnV0ZTogXCIwXCIgfSksIC8vIEV2ZXJ5IGhvdXJcbiAgICAgICAgZGVsZXRlQWZ0ZXI6IER1cmF0aW9uLmRheXMoUkVURU5USU9OX1BFUklPRFMuRU5URVJQUklTRV9DT01QTElBTkNFKSxcbiAgICAgICAgbW92ZVRvQ29sZFN0b3JhZ2VBZnRlcjogRHVyYXRpb24uZGF5cyhcbiAgICAgICAgICBSRVRFTlRJT05fUEVSSU9EUy5DT0xEX1NUT1JBR0VfT05FX1lFQVJcbiAgICAgICAgKSxcbiAgICAgICAgc3RhcnRXaW5kb3c6IEJBQ0tVUF9XSU5ET1dTLlNUQVJULFxuICAgICAgICBjb21wbGV0aW9uV2luZG93OiBCQUNLVVBfV0lORE9XUy5DT01QTEVUSU9OX1NIT1JULFxuICAgICAgICBjb3B5QWN0aW9uczogY29tcGxpYW5jZUNvcHlBY3Rpb25zXG4gICAgICB9KVxuICAgIF07XG4gIH1cblxuICBwcml2YXRlIGNyZWF0ZUNvcHlBY3Rpb25zKFxuICAgIHBsYW5OYW1lOiBzdHJpbmcsXG4gICAgcmVwbGljYXRpb25WYXVsdEFybj86IHN0cmluZyxcbiAgICBkaXNhc3RlclJlY292ZXJ5VmF1bHRBcm4/OiBzdHJpbmcsXG4gICAgZGVsZXRlQWZ0ZXI/OiBEdXJhdGlvbixcbiAgICBtb3ZlVG9Db2xkU3RvcmFnZUFmdGVyPzogRHVyYXRpb25cbiAgKTogQmFja3VwUGxhbkNvcHlBY3Rpb25Qcm9wc1tdIHwgdW5kZWZpbmVkIHtcbiAgICBjb25zdCBhY3Rpb25zOiBCYWNrdXBQbGFuQ29weUFjdGlvblByb3BzW10gPSBbXTtcblxuICAgIC8vIENyb3NzLXJlZ2lvbiByZXBsaWNhdGlvblxuICAgIGlmIChyZXBsaWNhdGlvblZhdWx0QXJuKSB7XG4gICAgICBjb25zdCByZXBsaWNhdGlvbkFjdGlvbjogQmFja3VwUGxhbkNvcHlBY3Rpb25Qcm9wcyA9IHtcbiAgICAgICAgZGVzdGluYXRpb25CYWNrdXBWYXVsdDogVmF1bHQuZnJvbUJhY2t1cFZhdWx0QXJuKFxuICAgICAgICAgIHRoaXMsXG4gICAgICAgICAgYCR7cGxhbk5hbWV9UmVwbGljYXRpb25WYXVsdFJlZmAsXG4gICAgICAgICAgcmVwbGljYXRpb25WYXVsdEFyblxuICAgICAgICApLFxuICAgICAgICAuLi4oZGVsZXRlQWZ0ZXIgJiYgeyBkZWxldGVBZnRlciB9KSxcbiAgICAgICAgLy8gT25seSBhZGQgY29sZCBzdG9yYWdlIGlmIHNwZWNpZmllZCBhbmQgPj0gOTAgZGF5c1xuICAgICAgICAuLi4obW92ZVRvQ29sZFN0b3JhZ2VBZnRlciAmJlxuICAgICAgICBtb3ZlVG9Db2xkU3RvcmFnZUFmdGVyLnRvRGF5cygpID49XG4gICAgICAgICAgUkVURU5USU9OX1BFUklPRFMuQ09MRF9TVE9SQUdFX01JTklNVU1cbiAgICAgICAgICA/IHsgbW92ZVRvQ29sZFN0b3JhZ2VBZnRlciB9XG4gICAgICAgICAgOiB7fSlcbiAgICAgIH07XG4gICAgICBhY3Rpb25zLnB1c2gocmVwbGljYXRpb25BY3Rpb24pO1xuICAgIH1cblxuICAgIC8vIENyb3NzLWFjY291bnQgRFIgdmF1bHRcbiAgICBpZiAoZGlzYXN0ZXJSZWNvdmVyeVZhdWx0QXJuKSB7XG4gICAgICBjb25zdCBkckFjdGlvbjogQmFja3VwUGxhbkNvcHlBY3Rpb25Qcm9wcyA9IHtcbiAgICAgICAgZGVzdGluYXRpb25CYWNrdXBWYXVsdDogVmF1bHQuZnJvbUJhY2t1cFZhdWx0QXJuKFxuICAgICAgICAgIHRoaXMsXG4gICAgICAgICAgYCR7cGxhbk5hbWV9RGlzYXN0ZXJSZWNvdmVyeVZhdWx0UmVmYCxcbiAgICAgICAgICBkaXNhc3RlclJlY292ZXJ5VmF1bHRBcm5cbiAgICAgICAgKSxcbiAgICAgICAgLi4uKGRlbGV0ZUFmdGVyICYmIHsgZGVsZXRlQWZ0ZXIgfSksXG4gICAgICAgIC8vIE9ubHkgYWRkIGNvbGQgc3RvcmFnZSBpZiBzcGVjaWZpZWQgYW5kID49IDkwIGRheXNcbiAgICAgICAgLi4uKG1vdmVUb0NvbGRTdG9yYWdlQWZ0ZXIgJiZcbiAgICAgICAgbW92ZVRvQ29sZFN0b3JhZ2VBZnRlci50b0RheXMoKSA+PVxuICAgICAgICAgIFJFVEVOVElPTl9QRVJJT0RTLkNPTERfU1RPUkFHRV9NSU5JTVVNXG4gICAgICAgICAgPyB7IG1vdmVUb0NvbGRTdG9yYWdlQWZ0ZXIgfVxuICAgICAgICAgIDoge30pXG4gICAgICB9O1xuICAgICAgYWN0aW9ucy5wdXNoKGRyQWN0aW9uKTtcbiAgICB9XG5cbiAgICByZXR1cm4gYWN0aW9ucy5sZW5ndGggPiAwID8gYWN0aW9ucyA6IHVuZGVmaW5lZDtcbiAgfVxufVxuIl19

package/dist/lib/config/aws/ebsDefaultEncryption.d.ts

@@ -0,0 +1,8 @@
+import { Construct } from "constructs";
+/**
+ * Enables EBS default encryption at the account level via a Custom Resource.
+ * Stack deletion does NOT revert this setting — security features are preserved.
+ */
+export declare class EbsDefaultEncryption extends Construct {
+    constructor(scope: Construct, id: string);
+}

package/dist/lib/config/aws/ebsDefaultEncryption.js

@@ -0,0 +1,41 @@
+import { Duration } from "aws-cdk-lib";
+import { Effect, PolicyStatement } from "aws-cdk-lib/aws-iam";
+import { Runtime } from "aws-cdk-lib/aws-lambda";
+import { Construct } from "constructs";
+import { CustomResource } from "../../resources/aws/utilities/customResource.js";
+/**
+ * Enables EBS default encryption at the account level via a Custom Resource.
+ * Stack deletion does NOT revert this setting — security features are preserved.
+ */
+export class EbsDefaultEncryption extends Construct {
+    constructor(scope, id) {
+        super(scope, id);
+        new CustomResource(this, "EbsDefaultEncryption", {
+            runtime: Runtime.NODEJS_22_X,
+            timeout: Duration.minutes(5),
+            lambdaDescription: "Enables EBS default encryption at account level",
+            inlinePolicy: [
+                new PolicyStatement({
+                    effect: Effect.ALLOW,
+                    actions: [
+                        "ec2:EnableEbsEncryptionByDefault",
+                        "ec2:GetEbsEncryptionByDefault"
+                    ],
+                    resources: ["*"]
+                })
+            ],
+            inlineCode: `
+const { EC2Client, EnableEbsEncryptionByDefaultCommand } = require('@aws-sdk/client-ec2');
+
+exports.handler = async (event) => {
+  const physicalResourceId = event.PhysicalResourceId || event.LogicalResourceId || 'ebs-default-encryption';
+  if (event.RequestType === 'Delete') {
+    return { PhysicalResourceId: physicalResourceId };
+  }
+  const client = new EC2Client({});
+  await client.send(new EnableEbsEncryptionByDefaultCommand({}));
+  return { PhysicalResourceId: physicalResourceId };
+};`
+        });
+    }
+}

package/dist/lib/config/aws/ecrDefaultImage.js

@@ -1,34 +1,31 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.EcrDefaultImage = void 0;
-const constructs_1 = require("constructs");
-const codeBuild_1 = require("../../resources/aws/utilities/codeBuild");
-const aws_codebuild_1 = require("aws-cdk-lib/aws-codebuild");
-const logGroup_1 = require("../../resources/aws/logging/logGroup");
-const aws_cdk_lib_1 = require("aws-cdk-lib");
-const role_1 = require("../../resources/aws/iam/role");
-const aws_iam_1 = require("aws-cdk-lib/aws-iam");
-const aws_events_1 = require("aws-cdk-lib/aws-events");
-const Targets = require("aws-cdk-lib/aws-events-targets");
-class EcrDefaultImage extends constructs_1.Construct {
+import { Construct } from "constructs";
+import { CodeBuildProject } from "../../resources/aws/utilities/codeBuild.js";
+import { BuildSpec } from "aws-cdk-lib/aws-codebuild";
+import { LogGroup } from "../../resources/aws/logging/logGroup.js";
+import { RemovalPolicy } from "aws-cdk-lib";
+import { Role } from "../../resources/aws/iam/role.js";
+import { PolicyDocument, PolicyStatement, ServicePrincipal } from "aws-cdk-lib/aws-iam";
+import { EventBus, EventField, Rule, RuleTargetInput } from "aws-cdk-lib/aws-events";
+import * as Targets from "aws-cdk-lib/aws-events-targets";
+export class EcrDefaultImage extends Construct {
     constructor(scope, id, props) {
         super(scope, id);
-        const logGroup = new logGroup_1.LogGroup(this, `${id}LogGroup`, {
+        const logGroup = new LogGroup(this, `${id}LogGroup`, {
             logGroupName: `/vpc/codebuild/${id}/`,
-            removalPolicy: aws_cdk_lib_1.RemovalPolicy.DESTROY
+            removalPolicy: RemovalPolicy.DESTROY
         });
-        const ecrDefaultImageRole = new role_1.Role(this, `${id}Role`, {
+        const ecrDefaultImageRole = new Role(this, `${id}Role`, {
             roleName: `ecrDefaultImageRole-${props.region.replace(/-/g, "")}`,
             description: "Role to push default ECR images into new repositories",
-            assumedBy: new aws_iam_1.ServicePrincipal("codebuild.amazonaws.com"),
+            assumedBy: new ServicePrincipal("codebuild.amazonaws.com"),
             inlinePolicies: {
-                ["pushEcrImage"]: new aws_iam_1.PolicyDocument({
+                ["pushEcrImage"]: new PolicyDocument({
                     statements: [
-                        new aws_iam_1.PolicyStatement({
+                        new PolicyStatement({
                             actions: ["ecr:GetAuthorizationToken"],
                             resources: ["*"]
                         }),
-                        new aws_iam_1.PolicyStatement({
+                        new PolicyStatement({
                             actions: [
                                 "ecr:BatchGetImage",
                                 "ecr:GetDownloadUrlForLayer",
@@ -44,9 +41,9 @@ class EcrDefaultImage extends constructs_1.Construct {
                         })
                     ]
                 }),
-                ["writeLogs"]: new aws_iam_1.PolicyDocument({
+                ["writeLogs"]: new PolicyDocument({
                     statements: [
-                        new aws_iam_1.PolicyStatement({
+                        new PolicyStatement({
                             actions: [
                                 "logs:CreateLogGroup",
                                 "logs:CreateLogStream",
@@ -58,10 +55,10 @@ class EcrDefaultImage extends constructs_1.Construct {
                 })
             }
         });
-        const codeBuildProject = new codeBuild_1.CodeBuildProject(this, `${id}CodeBuildProject`, {
+        const codeBuildProject = new CodeBuildProject(this, `${id}CodeBuildProject`, {
             description: "Build and push the default ECR image to new repositories",
             projectName: "ecrDefaultImage",
-            buildSpec: aws_codebuild_1.BuildSpec.fromObject({
+            buildSpec: BuildSpec.fromObject({
                 version: 0.2,
                 phases: {
                     install: {
@@ -90,7 +87,7 @@ class EcrDefaultImage extends constructs_1.Construct {
             role: ecrDefaultImageRole
         });
         const eventInputMapping = {
-            repositoryUri: aws_events_1.EventField.fromPath("$.detail.responseElements.repository.repositoryUri")
+            repositoryUri: EventField.fromPath("$.detail.responseElements.repository.repositoryUri")
         };
         const eventInputTemplate = {
             environmentVariablesOverride: [
@@ -100,11 +97,11 @@ class EcrDefaultImage extends constructs_1.Construct {
                 }
             ]
         };
-        new aws_events_1.Rule(this, `${id}EventRule`, {
+        new Rule(this, `${id}EventRule`, {
             ruleName: "ecrCreationRule",
             description: "Trigger the default ECR image build when a new repository is created",
             enabled: true,
-            eventBus: aws_events_1.EventBus.fromEventBusArn(this, `${id}EventBus`, props.eventBusArn),
+            eventBus: EventBus.fromEventBusArn(this, `${id}EventBus`, props.eventBusArn),
             eventPattern: {
                 source: ["aws.ecr"],
                 detailType: ["AWS API Call via CloudTrail"],
@@ -115,11 +112,9 @@ class EcrDefaultImage extends constructs_1.Construct {
             },
             targets: [
                 new Targets.CodeBuildProject(codeBuildProject.project, {
-                    event: aws_events_1.RuleTargetInput.fromObject(eventInputTemplate)
+                    event: RuleTargetInput.fromObject(eventInputTemplate)
                 })
             ]
         });
     }
 }
-exports.EcrDefaultImage = EcrDefaultImage;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZWNyRGVmYXVsdEltYWdlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vbGliL2NvbmZpZy9hd3MvZWNyRGVmYXVsdEltYWdlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLDJDQUF1QztBQUN2Qyx1RUFBMkU7QUFDM0UsNkRBQXNEO0FBQ3RELG1FQUFnRTtBQUNoRSw2Q0FBNkQ7QUFDN0QsdURBQW9EO0FBQ3BELGlEQUk2QjtBQUM3Qix1REFLZ0M7QUFDaEMsMERBQTBEO0FBUTFELE1BQWEsZUFBZ0IsU0FBUSxzQkFBUztJQUM1QyxZQUFZLEtBQWdCLEVBQUUsRUFBVSxFQUFFLEtBQTJCO1FBQ25FLEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFFakIsTUFBTSxRQUFRLEdBQUcsSUFBSSxtQkFBUSxDQUFDLElBQUksRUFBRSxHQUFHLEVBQUUsVUFBVSxFQUFFO1lBQ25ELFlBQVksRUFBRSxrQkFBa0IsRUFBRSxHQUFHO1lBQ3JDLGFBQWEsRUFBRSwyQkFBYSxDQUFDLE9BQU87U0FDckMsQ0FBQyxDQUFDO1FBRUgsTUFBTSxtQkFBbUIsR0FBRyxJQUFJLFdBQUksQ0FBQyxJQUFJLEVBQUUsR0FBRyxFQUFFLE1BQU0sRUFBRTtZQUN0RCxRQUFRLEVBQUUsdUJBQXVCLEtBQUssQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsRUFBRTtZQUNqRSxXQUFXLEVBQUUsdURBQXVEO1lBQ3BFLFNBQVMsRUFBRSxJQUFJLDBCQUFnQixDQUFDLHlCQUF5QixDQUFDO1lBQzFELGNBQWMsRUFBRTtnQkFDZCxDQUFDLGNBQWMsQ0FBQyxFQUFFLElBQUksd0JBQWMsQ0FBQztvQkFDbkMsVUFBVSxFQUFFO3dCQUNWLElBQUkseUJBQWUsQ0FBQzs0QkFDbEIsT0FBTyxFQUFFLENBQUMsMkJBQTJCLENBQUM7NEJBQ3RDLFNBQVMsRUFBRSxDQUFDLEdBQUcsQ0FBQzt5QkFDakIsQ0FBQzt3QkFDRixJQUFJLHlCQUFlLENBQUM7NEJBQ2xCLE9BQU8sRUFBRTtnQ0FDUCxtQkFBbUI7Z0NBQ25CLDRCQUE0QjtnQ0FDNUIsaUNBQWlDO2dDQUNqQyx5QkFBeUI7Z0NBQ3pCLHFCQUFxQjtnQ0FDckIseUJBQXlCO2dDQUN6QixjQUFjOzZCQUNmOzRCQUNELFNBQVMsRUFBRTtnQ0FDVCxlQUFlLEtBQUssQ0FBQyxNQUFNLElBQUksS0FBSyxDQUFDLFNBQVMsZUFBZTs2QkFDOUQ7eUJBQ0YsQ0FBQztxQkFDSDtpQkFDRixDQUFDO2dCQUNGLENBQUMsV0FBVyxDQUFDLEVBQUUsSUFBSSx3QkFBYyxDQUFDO29CQUNoQyxVQUFVLEVBQUU7d0JBQ1YsSUFBSSx5QkFBZSxDQUFDOzRCQUNsQixPQUFPLEVBQUU7Z0NBQ1AscUJBQXFCO2dDQUNyQixzQkFBc0I7Z0NBQ3RCLG1CQUFtQjs2QkFDcEI7NEJBQ0QsU0FBUyxFQUFFLENBQUMsUUFBUSxDQUFDLFdBQVcsQ0FBQzt5QkFDbEMsQ0FBQztxQkFDSDtpQkFDRixDQUFDO2FBQ0g7U0FDRixDQUFDLENBQUM7UUFFSCxNQUFNLGdCQUFnQixHQUFHLElBQUksNEJBQWdCLENBQzNDLElBQUksRUFDSixHQUFHLEVBQUUsa0JBQWtCLEVBQ3ZCO1lBQ0UsV0FBVyxFQUFFLDBEQUEwRDtZQUN2RSxXQUFXLEVBQUUsaUJBQWlCO1lBQzlCLFNBQVMsRUFBRSx5QkFBUyxDQUFDLFVBQVUsQ0FBQztnQkFDOUIsT0FBTyxFQUFFLEdBQUc7Z0JBQ1osTUFBTSxFQUFFO29CQUNOLE9BQU8sRUFBRTt3QkFDUCxRQUFRLEVBQUU7NEJBQ1IsbUVBQW1FOzRCQUNuRSw2RUFBNkU7NEJBQzdFLHNWQUFzVjt5QkFDdlY7cUJBQ0Y7b0JBQ0QsS0FBSyxFQUFFO3dCQUNMLFFBQVEsRUFBRTs0QkFDUix1QkFBdUI7NEJBQ3ZCLHVDQUF1QyxLQUFLLENBQUMsTUFBTSxtREFBbUQsS0FBSyxDQUFDLFNBQVMsWUFBWSxLQUFLLENBQUMsTUFBTSxnQkFBZ0I7NEJBQzdKLG1FQUFtRTs0QkFDbkUsa0dBQWtHOzRCQUNsRyxvR0FBb0c7eUJBQ3JHO3FCQUNGO2lCQUNGO2FBQ0YsQ0FBQztZQUNGLE9BQU8sRUFBRTtnQkFDUCxVQUFVLEVBQUU7b0JBQ1YsUUFBUSxFQUFFLFFBQVE7aUJBQ25CO2FBQ0Y7WUFDRCxJQUFJLEVBQUUsbUJBQW1CO1NBQzFCLENBQ0YsQ0FBQztRQUVGLE1BQU0saUJBQWlCLEdBQUc7WUFDeEIsYUFBYSxFQUFFLHVCQUFVLENBQUMsUUFBUSxDQUNoQyxvREFBb0QsQ0FDckQ7U0FDRixDQUFDO1FBRUYsTUFBTSxrQkFBa0IsR0FBRztZQUN6Qiw0QkFBNEIsRUFBRTtnQkFDNUI7b0JBQ0UsSUFBSSxFQUFFLGdCQUFnQjtvQkFDdEIsS0FBSyxFQUFFLGlCQUFpQixDQUFDLGFBQWE7aUJBQ3ZDO2FBQ0Y7U0FDRixDQUFDO1FBRUYsSUFBSSxpQkFBSSxDQUFDLElBQUksRUFBRSxHQUFHLEVBQUUsV0FBVyxFQUFFO1lBQy9CLFFBQVEsRUFBRSxpQkFBaUI7WUFDM0IsV0FBVyxFQUNULHNFQUFzRTtZQUN4RSxPQUFPLEVBQUUsSUFBSTtZQUNiLFFBQVEsRUFBRSxxQkFBUSxDQUFDLGVBQWUsQ0FDaEMsSUFBSSxFQUNKLEdBQUcsRUFBRSxVQUFVLEVBQ2YsS0FBSyxDQUFDLFdBQVcsQ0FDbEI7WUFDRCxZQUFZLEVBQUU7Z0JBQ1osTUFBTSxFQUFFLENBQUMsU0FBUyxDQUFDO2dCQUNuQixVQUFVLEVBQUUsQ0FBQyw2QkFBNkIsQ0FBQztnQkFDM0MsTUFBTSxFQUFFO29CQUNOLFdBQVcsRUFBRSxDQUFDLG1CQUFtQixDQUFDO29CQUNsQyxTQUFTLEVBQUUsQ0FBQyxrQkFBa0IsQ0FBQztpQkFDaEM7YUFDRjtZQUNELE9BQU8sRUFBRTtnQkFDUCxJQUFJLE9BQU8sQ0FBQyxnQkFBZ0IsQ0FBQyxnQkFBZ0IsQ0FBQyxPQUFPLEVBQUU7b0JBQ3JELEtBQUssRUFBRSw0QkFBZSxDQUFDLFVBQVUsQ0FBQyxrQkFBa0IsQ0FBQztpQkFDdEQsQ0FBQzthQUNIO1NBQ0YsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztDQUNGO0FBL0hELDBDQStIQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gXCJjb25zdHJ1Y3RzXCI7XG5pbXBvcnQgeyBDb2RlQnVpbGRQcm9qZWN0IH0gZnJvbSBcIi4uLy4uL3Jlc291cmNlcy9hd3MvdXRpbGl0aWVzL2NvZGVCdWlsZFwiO1xuaW1wb3J0IHsgQnVpbGRTcGVjIH0gZnJvbSBcImF3cy1jZGstbGliL2F3cy1jb2RlYnVpbGRcIjtcbmltcG9ydCB7IExvZ0dyb3VwIH0gZnJvbSBcIi4uLy4uL3Jlc291cmNlcy9hd3MvbG9nZ2luZy9sb2dHcm91cFwiO1xuaW1wb3J0IHsgUmVtb3ZhbFBvbGljeSwgdHlwZSBTdGFja1Byb3BzIH0gZnJvbSBcImF3cy1jZGstbGliXCI7XG5pbXBvcnQgeyBSb2xlIH0gZnJvbSBcIi4uLy4uL3Jlc291cmNlcy9hd3MvaWFtL3JvbGVcIjtcbmltcG9ydCB7XG4gIFBvbGljeURvY3VtZW50LFxuICBQb2xpY3lTdGF0ZW1lbnQsXG4gIFNlcnZpY2VQcmluY2lwYWxcbn0gZnJvbSBcImF3cy1jZGstbGliL2F3cy1pYW1cIjtcbmltcG9ydCB7XG4gIEV2ZW50QnVzLFxuICBFdmVudEZpZWxkLFxuICBSdWxlLFxuICBSdWxlVGFyZ2V0SW5wdXRcbn0gZnJvbSBcImF3cy1jZGstbGliL2F3cy1ldmVudHNcIjtcbmltcG9ydCAqIGFzIFRhcmdldHMgZnJvbSBcImF3cy1jZGstbGliL2F3cy1ldmVudHMtdGFyZ2V0c1wiO1xuXG5pbnRlcmZhY2UgRWNyRGVmYXVsdEltYWdlUHJvcHMgZXh0ZW5kcyBTdGFja1Byb3BzIHtcbiAgcmVnaW9uOiBzdHJpbmc7XG4gIGFjY291bnRJZDogc3RyaW5nO1xuICBldmVudEJ1c0Fybjogc3RyaW5nO1xufVxuXG5leHBvcnQgY2xhc3MgRWNyRGVmYXVsdEltYWdlIGV4dGVuZHMgQ29uc3RydWN0IHtcbiAgY29uc3RydWN0b3Ioc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZywgcHJvcHM6IEVjckRlZmF1bHRJbWFnZVByb3BzKSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkKTtcblxuICAgIGNvbnN0IGxvZ0dyb3VwID0gbmV3IExvZ0dyb3VwKHRoaXMsIGAke2lkfUxvZ0dyb3VwYCwge1xuICAgICAgbG9nR3JvdXBOYW1lOiBgL3ZwYy9jb2RlYnVpbGQvJHtpZH0vYCxcbiAgICAgIHJlbW92YWxQb2xpY3k6IFJlbW92YWxQb2xpY3kuREVTVFJPWVxuICAgIH0pO1xuXG4gICAgY29uc3QgZWNyRGVmYXVsdEltYWdlUm9sZSA9IG5ldyBSb2xlKHRoaXMsIGAke2lkfVJvbGVgLCB7XG4gICAgICByb2xlTmFtZTogYGVjckRlZmF1bHRJbWFnZVJvbGUtJHtwcm9wcy5yZWdpb24ucmVwbGFjZSgvLS9nLCBcIlwiKX1gLFxuICAgICAgZGVzY3JpcHRpb246IFwiUm9sZSB0byBwdXNoIGRlZmF1bHQgRUNSIGltYWdlcyBpbnRvIG5ldyByZXBvc2l0b3JpZXNcIixcbiAgICAgIGFzc3VtZWRCeTogbmV3IFNlcnZpY2VQcmluY2lwYWwoXCJjb2RlYnVpbGQuYW1hem9uYXdzLmNvbVwiKSxcbiAgICAgIGlubGluZVBvbGljaWVzOiB7XG4gICAgICAgIFtcInB1c2hFY3JJbWFnZVwiXTogbmV3IFBvbGljeURvY3VtZW50KHtcbiAgICAgICAgICBzdGF0ZW1lbnRzOiBbXG4gICAgICAgICAgICBuZXcgUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgICAgICAgYWN0aW9uczogW1wiZWNyOkdldEF1dGhvcml6YXRpb25Ub2tlblwiXSxcbiAgICAgICAgICAgICAgcmVzb3VyY2VzOiBbXCIqXCJdXG4gICAgICAgICAgICB9KSxcbiAgICAgICAgICAgIG5ldyBQb2xpY3lTdGF0ZW1lbnQoe1xuICAgICAgICAgICAgICBhY3Rpb25zOiBbXG4gICAgICAgICAgICAgICAgXCJlY3I6QmF0Y2hHZXRJbWFnZVwiLFxuICAgICAgICAgICAgICAgIFwiZWNyOkdldERvd25sb2FkVXJsRm9yTGF5ZXJcIixcbiAgICAgICAgICAgICAgICBcImVjcjpCYXRjaENoZWNrTGF5ZXJBdmFpbGFiaWxpdHlcIixcbiAgICAgICAgICAgICAgICBcImVjcjpJbml0aWF0ZUxheWVyVXBsb2FkXCIsXG4gICAgICAgICAgICAgICAgXCJlY3I6VXBsb2FkTGF5ZXJQYXJ0XCIsXG4gICAgICAgICAgICAgICAgXCJlY3I6Q29tcGxldGVMYXllclVwbG9hZFwiLFxuICAgICAgICAgICAgICAgIFwiZWNyOlB1dEltYWdlXCJcbiAgICAgICAgICAgICAgXSxcbiAgICAgICAgICAgICAgcmVzb3VyY2VzOiBbXG4gICAgICAgICAgICAgICAgYGFybjphd3M6ZWNyOiR7cHJvcHMucmVnaW9ufToke3Byb3BzLmFjY291bnRJZH06cmVwb3NpdG9yeS8qYFxuICAgICAgICAgICAgICBdXG4gICAgICAgICAgICB9KVxuICAgICAgICAgIF1cbiAgICAgICAgfSksXG4gICAgICAgIFtcIndyaXRlTG9nc1wiXTogbmV3IFBvbGljeURvY3VtZW50KHtcbiAgICAgICAgICBzdGF0ZW1lbnRzOiBbXG4gICAgICAgICAgICBuZXcgUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgICAgICAgYWN0aW9uczogW1xuICAgICAgICAgICAgICAgIFwibG9nczpDcmVhdGVMb2dHcm91cFwiLFxuICAgICAgICAgICAgICAgIFwibG9nczpDcmVhdGVMb2dTdHJlYW1cIixcbiAgICAgICAgICAgICAgICBcImxvZ3M6UHV0TG9nRXZlbnRzXCJcbiAgICAgICAgICAgICAgXSxcbiAgICAgICAgICAgICAgcmVzb3VyY2VzOiBbbG9nR3JvdXAubG9nR3JvdXBBcm5dXG4gICAgICAgICAgICB9KVxuICAgICAgICAgIF1cbiAgICAgICAgfSlcbiAgICAgIH1cbiAgICB9KTtcblxuICAgIGNvbnN0IGNvZGVCdWlsZFByb2plY3QgPSBuZXcgQ29kZUJ1aWxkUHJvamVjdChcbiAgICAgIHRoaXMsXG4gICAgICBgJHtpZH1Db2RlQnVpbGRQcm9qZWN0YCxcbiAgICAgIHtcbiAgICAgICAgZGVzY3JpcHRpb246IFwiQnVpbGQgYW5kIHB1c2ggdGhlIGRlZmF1bHQgRUNSIGltYWdlIHRvIG5ldyByZXBvc2l0b3JpZXNcIixcbiAgICAgICAgcHJvamVjdE5hbWU6IFwiZWNyRGVmYXVsdEltYWdlXCIsXG4gICAgICAgIGJ1aWxkU3BlYzogQnVpbGRTcGVjLmZyb21PYmplY3Qoe1xuICAgICAgICAgIHZlcnNpb246IDAuMixcbiAgICAgICAgICBwaGFzZXM6IHtcbiAgICAgICAgICAgIGluc3RhbGw6IHtcbiAgICAgICAgICAgICAgY29tbWFuZHM6IFtcbiAgICAgICAgICAgICAgICAvLyBFbnN1cmUgYnVpbGR4IGlzIGF2YWlsYWJsZSAoaW5zdGFsbHMgbGF0ZXN0IGlmIG1pc3Npbmcvb3V0ZGF0ZWQpXG4gICAgICAgICAgICAgICAgLy8gRGV0ZWN0IGFyY2hpdGVjdHVyZSBkeW5hbWljYWxseSB0byBzdXBwb3J0IGJvdGggeDg2XzY0IGFuZCBBUk02NCBDb2RlQnVpbGRcbiAgICAgICAgICAgICAgICBcImRvY2tlciBidWlsZHggdmVyc2lvbiB8fCAobWtkaXIgLXAgfi8uZG9ja2VyL2NsaS1wbHVnaW5zICYmIEFSQ0g9JCh1bmFtZSAtbSB8IHNlZCAncy94ODZfNjQvYW1kNjQvJyB8IHNlZCAncy9hYXJjaDY0L2FybTY0LycpICYmIGN1cmwgLXNTTCBodHRwczovL2dpdGh1Yi5jb20vZG9ja2VyL2J1aWxkeC9yZWxlYXNlcy9sYXRlc3QvZG93bmxvYWQvYnVpbGR4LSQodW5hbWUgLXMgfCB0ciAnWzp1cHBlcjpdJyAnWzpsb3dlcjpdJyktJHtBUkNIfSAtbyB+Ly5kb2NrZXIvY2xpLXBsdWdpbnMvZG9ja2VyLWJ1aWxkeCAmJiBjaG1vZCAreCB+Ly5kb2NrZXIvY2xpLXBsdWdpbnMvZG9ja2VyLWJ1aWxkeClcIlxuICAgICAgICAgICAgICBdXG4gICAgICAgICAgICB9LFxuICAgICAgICAgICAgYnVpbGQ6IHtcbiAgICAgICAgICAgICAgY29tbWFuZHM6IFtcbiAgICAgICAgICAgICAgICAvLyBMb2dpbiB0byBwcml2YXRlIEVDUlxuICAgICAgICAgICAgICAgIGBhd3MgZWNyIGdldC1sb2dpbi1wYXNzd29yZCAtLXJlZ2lvbiAke3Byb3BzLnJlZ2lvbn0gfCBkb2NrZXIgbG9naW4gLS11c2VybmFtZSBBV1MgLS1wYXNzd29yZC1zdGRpbiAke3Byb3BzLmFjY291bnRJZH0uZGtyLmVjci4ke3Byb3BzLnJlZ2lvbn0uYW1hem9uYXdzLmNvbWAsXG4gICAgICAgICAgICAgICAgLy8gQ29weSBtdWx0aS1hcmNoIG1hbmlmZXN0cyBkaXJlY3RseSAocHJlc2VydmVzIGFsbCBhcmNoaXRlY3R1cmVzKVxuICAgICAgICAgICAgICAgIFwiZG9ja2VyIGJ1aWxkeCBpbWFnZXRvb2xzIGNyZWF0ZSAtLXRhZyAkRUNSX1JFUE9TSVRPUlk6bGF0ZXN0IHB1YmxpYy5lY3IuYXdzL2ZqYWxsL3dlbGNvbWU6bGF0ZXN0XCIsXG4gICAgICAgICAgICAgICAgXCJkb2NrZXIgYnVpbGR4IGltYWdldG9vbHMgY3JlYXRlIC0tdGFnICRFQ1JfUkVQT1NJVE9SWTpiYWNrZW5kIHB1YmxpYy5lY3IuYXdzL2ZqYWxsL3dlbGNvbWU6YmFja2VuZFwiXG4gICAgICAgICAgICAgIF1cbiAgICAgICAgICAgIH1cbiAgICAgICAgICB9XG4gICAgICAgIH0pLFxuICAgICAgICBsb2dnaW5nOiB7XG4gICAgICAgICAgY2xvdWRXYXRjaDoge1xuICAgICAgICAgICAgbG9nR3JvdXA6IGxvZ0dyb3VwXG4gICAgICAgICAgfVxuICAgICAgICB9LFxuICAgICAgICByb2xlOiBlY3JEZWZhdWx0SW1hZ2VSb2xlXG4gICAgICB9XG4gICAgKTtcblxuICAgIGNvbnN0IGV2ZW50SW5wdXRNYXBwaW5nID0ge1xuICAgICAgcmVwb3NpdG9yeVVyaTogRXZlbnRGaWVsZC5mcm9tUGF0aChcbiAgICAgICAgXCIkLmRldGFpbC5yZXNwb25zZUVsZW1lbnRzLnJlcG9zaXRvcnkucmVwb3NpdG9yeVVyaVwiXG4gICAgICApXG4gICAgfTtcblxuICAgIGNvbnN0IGV2ZW50SW5wdXRUZW1wbGF0ZSA9IHtcbiAgICAgIGVudmlyb25tZW50VmFyaWFibGVzT3ZlcnJpZGU6IFtcbiAgICAgICAge1xuICAgICAgICAgIG5hbWU6IFwiRUNSX1JFUE9TSVRPUllcIixcbiAgICAgICAgICB2YWx1ZTogZXZlbnRJbnB1dE1hcHBpbmcucmVwb3NpdG9yeVVyaVxuICAgICAgICB9XG4gICAgICBdXG4gICAgfTtcblxuICAgIG5ldyBSdWxlKHRoaXMsIGAke2lkfUV2ZW50UnVsZWAsIHtcbiAgICAgIHJ1bGVOYW1lOiBcImVjckNyZWF0aW9uUnVsZVwiLFxuICAgICAgZGVzY3JpcHRpb246XG4gICAgICAgIFwiVHJpZ2dlciB0aGUgZGVmYXVsdCBFQ1IgaW1hZ2UgYnVpbGQgd2hlbiBhIG5ldyByZXBvc2l0b3J5IGlzIGNyZWF0ZWRcIixcbiAgICAgIGVuYWJsZWQ6IHRydWUsXG4gICAgICBldmVudEJ1czogRXZlbnRCdXMuZnJvbUV2ZW50QnVzQXJuKFxuICAgICAgICB0aGlzLFxuICAgICAgICBgJHtpZH1FdmVudEJ1c2AsXG4gICAgICAgIHByb3BzLmV2ZW50QnVzQXJuXG4gICAgICApLFxuICAgICAgZXZlbnRQYXR0ZXJuOiB7XG4gICAgICAgIHNvdXJjZTogW1wiYXdzLmVjclwiXSxcbiAgICAgICAgZGV0YWlsVHlwZTogW1wiQVdTIEFQSSBDYWxsIHZpYSBDbG91ZFRyYWlsXCJdLFxuICAgICAgICBkZXRhaWw6IHtcbiAgICAgICAgICBldmVudFNvdXJjZTogW1wiZWNyLmFtYXpvbmF3cy5jb21cIl0sXG4gICAgICAgICAgZXZlbnROYW1lOiBbXCJDcmVhdGVSZXBvc2l0b3J5XCJdXG4gICAgICAgIH1cbiAgICAgIH0sXG4gICAgICB0YXJnZXRzOiBbXG4gICAgICAgIG5ldyBUYXJnZXRzLkNvZGVCdWlsZFByb2plY3QoY29kZUJ1aWxkUHJvamVjdC5wcm9qZWN0LCB7XG4gICAgICAgICAgZXZlbnQ6IFJ1bGVUYXJnZXRJbnB1dC5mcm9tT2JqZWN0KGV2ZW50SW5wdXRUZW1wbGF0ZSlcbiAgICAgICAgfSlcbiAgICAgIF1cbiAgICB9KTtcbiAgfVxufVxuIl19

package/dist/lib/config/aws/eventBus.js

@@ -1,24 +1,21 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.DefaultEventBus = void 0;
-const aws_cdk_lib_1 = require("aws-cdk-lib");
-const Events = require("aws-cdk-lib/aws-events");
-const constructs_1 = require("constructs");
-class DefaultEventBus extends constructs_1.Construct {
+import { CfnOutput } from "aws-cdk-lib";
+import * as Events from "aws-cdk-lib/aws-events";
+import { Construct } from "constructs";
+export class DefaultEventBus extends Construct {
+    defaultEventBusName;
+    defaultEventBusArn;
     constructor(scope, id) {
         super(scope, id);
         const eventBridge = Events.EventBus.fromEventBusName(this, "defaultEventBus", "default");
-        this.defaultEventBusName = new aws_cdk_lib_1.CfnOutput(this, "defaultEventBusName", {
+        this.defaultEventBusName = new CfnOutput(this, "defaultEventBusName", {
             key: `defaultEventBusName`,
             value: eventBridge.eventBusName,
             exportName: "defaultEventBusName"
         });
-        this.defaultEventBusArn = new aws_cdk_lib_1.CfnOutput(this, "defaultEventBusArn", {
+        this.defaultEventBusArn = new CfnOutput(this, "defaultEventBusArn", {
             key: `defaultEventBusArn`,
             value: eventBridge.eventBusArn,
             exportName: "defaultEventBusArn"
         });
     }
 }
-exports.DefaultEventBus = DefaultEventBus;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZXZlbnRCdXMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9saWIvY29uZmlnL2F3cy9ldmVudEJ1cy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSw2Q0FBd0M7QUFDeEMsaURBQWlEO0FBQ2pELDJDQUF1QztBQUV2QyxNQUFhLGVBQWdCLFNBQVEsc0JBQVM7SUFJNUMsWUFBWSxLQUFnQixFQUFFLEVBQVU7UUFDdEMsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztRQUVqQixNQUFNLFdBQVcsR0FBRyxNQUFNLENBQUMsUUFBUSxDQUFDLGdCQUFnQixDQUNsRCxJQUFJLEVBQ0osaUJBQWlCLEVBQ2pCLFNBQVMsQ0FDVixDQUFDO1FBRUYsSUFBSSxDQUFDLG1CQUFtQixHQUFHLElBQUksdUJBQVMsQ0FBQyxJQUFJLEVBQUUscUJBQXFCLEVBQUU7WUFDcEUsR0FBRyxFQUFFLHFCQUFxQjtZQUMxQixLQUFLLEVBQUUsV0FBVyxDQUFDLFlBQVk7WUFDL0IsVUFBVSxFQUFFLHFCQUFxQjtTQUNsQyxDQUFDLENBQUM7UUFFSCxJQUFJLENBQUMsa0JBQWtCLEdBQUcsSUFBSSx1QkFBUyxDQUFDLElBQUksRUFBRSxvQkFBb0IsRUFBRTtZQUNsRSxHQUFHLEVBQUUsb0JBQW9CO1lBQ3pCLEtBQUssRUFBRSxXQUFXLENBQUMsV0FBVztZQUM5QixVQUFVLEVBQUUsb0JBQW9CO1NBQ2pDLENBQUMsQ0FBQztJQUNMLENBQUM7Q0FDRjtBQXpCRCwwQ0F5QkMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBDZm5PdXRwdXQgfSBmcm9tIFwiYXdzLWNkay1saWJcIjtcbmltcG9ydCAqIGFzIEV2ZW50cyBmcm9tIFwiYXdzLWNkay1saWIvYXdzLWV2ZW50c1wiO1xuaW1wb3J0IHsgQ29uc3RydWN0IH0gZnJvbSBcImNvbnN0cnVjdHNcIjtcblxuZXhwb3J0IGNsYXNzIERlZmF1bHRFdmVudEJ1cyBleHRlbmRzIENvbnN0cnVjdCB7XG4gIHB1YmxpYyByZWFkb25seSBkZWZhdWx0RXZlbnRCdXNOYW1lOiBDZm5PdXRwdXQ7XG4gIHB1YmxpYyByZWFkb25seSBkZWZhdWx0RXZlbnRCdXNBcm46IENmbk91dHB1dDtcblxuICBjb25zdHJ1Y3RvcihzY29wZTogQ29uc3RydWN0LCBpZDogc3RyaW5nKSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkKTtcblxuICAgIGNvbnN0IGV2ZW50QnJpZGdlID0gRXZlbnRzLkV2ZW50QnVzLmZyb21FdmVudEJ1c05hbWUoXG4gICAgICB0aGlzLFxuICAgICAgXCJkZWZhdWx0RXZlbnRCdXNcIixcbiAgICAgIFwiZGVmYXVsdFwiXG4gICAgKTtcblxuICAgIHRoaXMuZGVmYXVsdEV2ZW50QnVzTmFtZSA9IG5ldyBDZm5PdXRwdXQodGhpcywgXCJkZWZhdWx0RXZlbnRCdXNOYW1lXCIsIHtcbiAgICAgIGtleTogYGRlZmF1bHRFdmVudEJ1c05hbWVgLFxuICAgICAgdmFsdWU6IGV2ZW50QnJpZGdlLmV2ZW50QnVzTmFtZSxcbiAgICAgIGV4cG9ydE5hbWU6IFwiZGVmYXVsdEV2ZW50QnVzTmFtZVwiXG4gICAgfSk7XG5cbiAgICB0aGlzLmRlZmF1bHRFdmVudEJ1c0FybiA9IG5ldyBDZm5PdXRwdXQodGhpcywgXCJkZWZhdWx0RXZlbnRCdXNBcm5cIiwge1xuICAgICAga2V5OiBgZGVmYXVsdEV2ZW50QnVzQXJuYCxcbiAgICAgIHZhbHVlOiBldmVudEJyaWRnZS5ldmVudEJ1c0FybixcbiAgICAgIGV4cG9ydE5hbWU6IFwiZGVmYXVsdEV2ZW50QnVzQXJuXCJcbiAgICB9KTtcbiAgfVxufVxuIl19

package/dist/lib/config/aws/guardDutyDetector.d.ts

@@ -0,0 +1,16 @@
+import { CfnDetector } from "aws-cdk-lib/aws-guardduty";
+import { Construct } from "constructs";
+export interface GuardDutyDetectorProps {
+    /** Enable S3 data event analysis. Default: true */
+    enableS3Logs?: boolean;
+    /** Enable EKS audit log analysis. Default: false */
+    enableEksAuditLogs?: boolean;
+}
+/**
+ * Per-account GuardDuty detector for continuous threat detection.
+ * Analyses VPC Flow Logs, CloudTrail management events, and DNS logs.
+ */
+export declare class GuardDutyDetector extends Construct {
+    readonly detector: CfnDetector;
+    constructor(scope: Construct, id: string, props?: GuardDutyDetectorProps);
+}

package/dist/lib/config/aws/guardDutyDetector.js

@@ -0,0 +1,26 @@
+import { CfnDetector } from "aws-cdk-lib/aws-guardduty";
+import { Construct } from "constructs";
+/**
+ * Per-account GuardDuty detector for continuous threat detection.
+ * Analyses VPC Flow Logs, CloudTrail management events, and DNS logs.
+ */
+export class GuardDutyDetector extends Construct {
+    detector;
+    constructor(scope, id, props) {
+        super(scope, id);
+        this.detector = new CfnDetector(this, "Detector", {
+            enable: true,
+            findingPublishingFrequency: "FIFTEEN_MINUTES",
+            features: [
+                {
+                    name: "S3_DATA_EVENTS",
+                    status: props?.enableS3Logs !== false ? "ENABLED" : "DISABLED"
+                },
+                {
+                    name: "EKS_AUDIT_LOGS",
+                    status: props?.enableEksAuditLogs ? "ENABLED" : "DISABLED"
+                }
+            ]
+        });
+    }
+}

package/dist/lib/config/aws/identityCenter.d.ts

@@ -1,6 +1,6 @@
 import { type Construct } from "constructs";
 import { NestedStack, type NestedStackProps } from "aws-cdk-lib";
-import { type KeyValue } from "../../types";
+import { type KeyValue } from "../../types.js";
 interface IdentityCenterProps extends NestedStackProps {
     accounts: KeyValue;
     tags?: KeyValue[];