@jaypie/constructs 1.1.18 → 1.1.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. package/LICENSE.txt +1 -1
  2. package/dist/cjs/JaypieSsoGroups.d.ts +93 -0
  3. package/dist/cjs/__tests__/JaypieSsoGroups.spec.d.ts +1 -0
  4. package/dist/cjs/index.cjs +249 -0
  5. package/dist/cjs/index.cjs.map +1 -1
  6. package/dist/cjs/index.d.ts +1 -0
  7. package/dist/esm/JaypieSsoGroups.d.ts +93 -0
  8. package/dist/esm/__tests__/JaypieSsoGroups.spec.d.ts +1 -0
  9. package/dist/esm/index.d.ts +1 -0
  10. package/dist/esm/index.js +248 -1
  11. package/dist/esm/index.js.map +1 -1
  12. package/package.json +2 -2
package/LICENSE.txt CHANGED
@@ -1,6 +1,6 @@
1
1
  MIT License
2
2
 
3
- Copyright (c) 2024 Finlayson Studio, LLC
3
+ Copyright (c) 2025 Finlayson Studio, LLC
4
4
 
5
5
  Permission is hereby granted, free of charge, to any person obtaining a copy
6
6
  of this software and associated documentation files (the "Software"), to deal
package/dist/cjs/JaypieSsoGroups.d.ts ADDED
@@ -0,0 +1,93 @@
1
+ import { Construct } from "constructs";
2
+ import * as sso from "aws-cdk-lib/aws-sso";
3
+ /**
4
+ * Account categories for SSO group assignments
5
+ */
6
+ export interface JaypieSsoAccountMap {
7
+ development: string[];
8
+ management: string[];
9
+ operations: string[];
10
+ production: string[];
11
+ sandbox: string[];
12
+ security: string[];
13
+ stage: string[];
14
+ }
15
+ /**
16
+ * Mapping of group types to Google Workspace group GUIDs
17
+ */
18
+ export interface JaypieSsoGroupMap {
19
+ administrators: string;
20
+ analysts: string;
21
+ developers: string;
22
+ }
23
+ /**
24
+ * Properties for the JaypieSsoGroups construct
25
+ */
26
+ export interface JaypieSsoGroupsProps {
27
+ /**
28
+ * ARN of the IAM Identity Center instance
29
+ */
30
+ instanceArn: string;
31
+ /**
32
+ * Mapping of account categories to AWS account IDs
33
+ */
34
+ accountMap: JaypieSsoAccountMap;
35
+ /**
36
+ * Mapping of group types to Google Workspace group GUIDs
37
+ */
38
+ groupMap: JaypieSsoGroupMap;
39
+ }
40
+ /**
41
+ * Permission set types with corresponding AWS managed policies
42
+ */
43
+ export declare enum PermissionSetType {
44
+ ADMINISTRATOR = "Administrator",
45
+ ANALYST = "Analyst",
46
+ DEVELOPER = "Developer"
47
+ }
48
+ /**
49
+ * Construct to simplify AWS SSO group management.
50
+ * This construct encapsulates the complexity of creating permission sets
51
+ * and assigning them to groups across multiple AWS accounts.
52
+ */
53
+ export declare class JaypieSsoGroups extends Construct {
54
+ private readonly permissionSets;
55
+ private readonly instanceArn;
56
+ constructor(scope: Construct, id: string, props: JaypieSsoGroupsProps);
57
+ /**
58
+ * Creates the Administrator permission set with AdministratorAccess policy
59
+ * and billing access
60
+ */
61
+ private createAdministratorPermissionSet;
62
+ /**
63
+ * Creates the Analyst permission set with ReadOnlyAccess policy
64
+ * and limited write access
65
+ */
66
+ private createAnalystPermissionSet;
67
+ /**
68
+ * Creates the Developer permission set with SystemAdministrator policy
69
+ * and expanded write access
70
+ */
71
+ private createDeveloperPermissionSet;
72
+ /**
73
+ * Gets the permission set for the specified type
74
+ */
75
+ getPermissionSet(type: PermissionSetType): sso.CfnPermissionSet;
76
+ /**
77
+ * Creates assignments between permission sets, groups, and accounts
78
+ * based on the provided configuration
79
+ */
80
+ private createPermissionSetAssignments;
81
+ /**
82
+ * Assigns Administrator permissions to appropriate accounts
83
+ */
84
+ private assignAdministratorPermissions;
85
+ /**
86
+ * Assigns Analyst permissions to appropriate accounts
87
+ */
88
+ private assignAnalystPermissions;
89
+ /**
90
+ * Assigns Developer permissions to appropriate accounts
91
+ */
92
+ private assignDeveloperPermissions;
93
+ }
package/dist/cjs/__tests__/JaypieSsoGroups.spec.d.ts ADDED
@@ -0,0 +1 @@
1
+ export {};
package/dist/cjs/index.cjs CHANGED
@@ -10,6 +10,7 @@ var awsRoute53 = require('aws-cdk-lib/aws-route53');
10
10
  var lambda = require('aws-cdk-lib/aws-lambda');
11
11
  var sqs = require('aws-cdk-lib/aws-sqs');
12
12
  var lambdaEventSources = require('aws-cdk-lib/aws-lambda-event-sources');
13
+ var sso = require('aws-cdk-lib/aws-sso');
13
14
 
14
15
  function _interopNamespaceDefault(e) {
15
16
  var n = Object.create(null);
@@ -33,6 +34,7 @@ var secretsmanager__namespace = /*#__PURE__*/_interopNamespaceDefault(secretsman
33
34
  var lambda__namespace = /*#__PURE__*/_interopNamespaceDefault(lambda);
34
35
  var sqs__namespace = /*#__PURE__*/_interopNamespaceDefault(sqs);
35
36
  var lambdaEventSources__namespace = /*#__PURE__*/_interopNamespaceDefault(lambdaEventSources);
37
+ var sso__namespace = /*#__PURE__*/_interopNamespaceDefault(sso);
36
38
 
37
39
  // It is a consumer if the environment is ephemeral
38
40
  function checkEnvIsConsumer(env = process.env) {
@@ -473,6 +475,252 @@ class JaypieQueuedLambda extends constructs.Construct {
473
475
  }
474
476
  }
475
477
 
478
+ /**
479
+ * Permission set types with corresponding AWS managed policies
480
+ */
481
+ exports.PermissionSetType = void 0;
482
+ (function (PermissionSetType) {
483
+ PermissionSetType["ADMINISTRATOR"] = "Administrator";
484
+ PermissionSetType["ANALYST"] = "Analyst";
485
+ PermissionSetType["DEVELOPER"] = "Developer";
486
+ })(exports.PermissionSetType || (exports.PermissionSetType = {}));
487
+ /**
488
+ * Construct to simplify AWS SSO group management.
489
+ * This construct encapsulates the complexity of creating permission sets
490
+ * and assigning them to groups across multiple AWS accounts.
491
+ */
492
+ class JaypieSsoGroups extends constructs.Construct {
493
+ constructor(scope, id, props) {
494
+ super(scope, id);
495
+ this.permissionSets = {};
496
+ this.instanceArn = props.instanceArn;
497
+ // Create the permission sets
498
+ this.createAdministratorPermissionSet();
499
+ this.createAnalystPermissionSet();
500
+ this.createDeveloperPermissionSet();
501
+ // Create the assignments
502
+ this.createPermissionSetAssignments(props);
503
+ }
504
+ /**
505
+ * Creates the Administrator permission set with AdministratorAccess policy
506
+ * and billing access
507
+ */
508
+ createAdministratorPermissionSet() {
509
+ const permissionSet = new sso__namespace.CfnPermissionSet(this, "AdministratorPermissionSet", {
510
+ instanceArn: this.instanceArn,
511
+ name: exports.PermissionSetType.ADMINISTRATOR,
512
+ description: "Full administrative access to all AWS services and resources",
513
+ sessionDuration: cdk.Duration.hours(8).toIsoString(),
514
+ managedPolicies: ["arn:aws:iam::aws:policy/AdministratorAccess"],
515
+ inlinePolicy: {
516
+ Version: "2012-10-17",
517
+ Statement: [
518
+ {
519
+ Effect: "Allow",
520
+ Action: [
521
+ "aws-portal:ViewBilling",
522
+ "aws-portal:ModifyBilling",
523
+ "aws-portal:ViewAccount",
524
+ "aws-portal:ModifyAccount",
525
+ "budgets:ViewBudget",
526
+ "budgets:ModifyBudget",
527
+ ],
528
+ Resource: "*",
529
+ },
530
+ ],
531
+ },
532
+ });
533
+ cdk.Tags.of(permissionSet).add(cdk$1.CDK.TAG.SERVICE, cdk$1.CDK.SERVICE.SSO);
534
+ this.permissionSets[exports.PermissionSetType.ADMINISTRATOR] = permissionSet;
535
+ }
536
+ /**
537
+ * Creates the Analyst permission set with ReadOnlyAccess policy
538
+ * and limited write access
539
+ */
540
+ createAnalystPermissionSet() {
541
+ const permissionSet = new sso__namespace.CfnPermissionSet(this, "AnalystPermissionSet", {
542
+ instanceArn: this.instanceArn,
543
+ name: exports.PermissionSetType.ANALYST,
544
+ description: "Read-only access with billing visibility and limited write access",
545
+ sessionDuration: cdk.Duration.hours(4).toIsoString(),
546
+ managedPolicies: ["arn:aws:iam::aws:policy/ReadOnlyAccess"],
547
+ inlinePolicy: {
548
+ Version: "2012-10-17",
549
+ Statement: [
550
+ {
551
+ Effect: "Allow",
552
+ Action: [
553
+ "aws-portal:ViewBilling",
554
+ "aws-portal:ViewAccount",
555
+ "budgets:ViewBudget",
556
+ "cloudwatch:PutDashboard",
557
+ "cloudwatch:PutMetricData",
558
+ "s3:PutObject",
559
+ "s3:GetObject",
560
+ "s3:ListBucket",
561
+ ],
562
+ Resource: "*",
563
+ },
564
+ ],
565
+ },
566
+ });
567
+ cdk.Tags.of(permissionSet).add(cdk$1.CDK.TAG.SERVICE, cdk$1.CDK.SERVICE.SSO);
568
+ this.permissionSets[exports.PermissionSetType.ANALYST] = permissionSet;
569
+ }
570
+ /**
571
+ * Creates the Developer permission set with SystemAdministrator policy
572
+ * and expanded write access
573
+ */
574
+ createDeveloperPermissionSet() {
575
+ const permissionSet = new sso__namespace.CfnPermissionSet(this, "DeveloperPermissionSet", {
576
+ instanceArn: this.instanceArn,
577
+ name: exports.PermissionSetType.DEVELOPER,
578
+ description: "System administrator access with expanded write permissions",
579
+ sessionDuration: cdk.Duration.hours(8).toIsoString(),
580
+ managedPolicies: [
581
+ "arn:aws:iam::aws:policy/job-function/SystemAdministrator",
582
+ ],
583
+ inlinePolicy: {
584
+ Version: "2012-10-17",
585
+ Statement: [
586
+ {
587
+ Effect: "Allow",
588
+ Action: [
589
+ "cloudwatch:*",
590
+ "logs:*",
591
+ "lambda:*",
592
+ "apigateway:*",
593
+ "dynamodb:*",
594
+ "s3:*",
595
+ "sns:*",
596
+ "sqs:*",
597
+ "events:*",
598
+ "ecr:*",
599
+ "ecs:*",
600
+ "codebuild:*",
601
+ ],
602
+ Resource: "*",
603
+ },
604
+ {
605
+ Effect: "Deny",
606
+ Action: [
607
+ "iam:*User*",
608
+ "iam:*Role*",
609
+ "iam:*Policy*",
610
+ "organizations:*",
611
+ "account:*",
612
+ ],
613
+ Resource: "*",
614
+ },
615
+ ],
616
+ },
617
+ });
618
+ cdk.Tags.of(permissionSet).add(cdk$1.CDK.TAG.SERVICE, cdk$1.CDK.SERVICE.SSO);
619
+ this.permissionSets[exports.PermissionSetType.DEVELOPER] = permissionSet;
620
+ }
621
+ /**
622
+ * Gets the permission set for the specified type
623
+ */
624
+ getPermissionSet(type) {
625
+ return this.permissionSets[type];
626
+ }
627
+ /**
628
+ * Creates assignments between permission sets, groups, and accounts
629
+ * based on the provided configuration
630
+ */
631
+ createPermissionSetAssignments(props) {
632
+ // Administrator assignments
633
+ this.assignAdministratorPermissions(props);
634
+ // Analyst assignments
635
+ this.assignAnalystPermissions(props);
636
+ // Developer assignments
637
+ this.assignDeveloperPermissions(props);
638
+ }
639
+ /**
640
+ * Assigns Administrator permissions to appropriate accounts
641
+ */
642
+ assignAdministratorPermissions(props) {
643
+ const administratorGroup = props.groupMap.administrators;
644
+ const administratorPermissionSet = this.permissionSets[exports.PermissionSetType.ADMINISTRATOR];
645
+ // Administrators get access to all accounts
646
+ const allAccounts = [
647
+ ...props.accountMap.development,
648
+ ...props.accountMap.management,
649
+ ...props.accountMap.operations,
650
+ ...props.accountMap.production,
651
+ ...props.accountMap.sandbox,
652
+ ...props.accountMap.security,
653
+ ...props.accountMap.stage,
654
+ ];
655
+ // Create assignments for each account
656
+ allAccounts.forEach((accountId, index) => {
657
+ const assignment = new sso__namespace.CfnAssignment(this, `AdministratorAssignment${index}`, {
658
+ instanceArn: this.instanceArn,
659
+ permissionSetArn: administratorPermissionSet.attrPermissionSetArn,
660
+ principalId: administratorGroup,
661
+ principalType: "GROUP",
662
+ targetId: accountId,
663
+ targetType: "AWS_ACCOUNT",
664
+ });
665
+ cdk.Tags.of(assignment).add(cdk$1.CDK.TAG.SERVICE, cdk$1.CDK.SERVICE.SSO);
666
+ cdk.Tags.of(assignment).add("Group", "administrators");
667
+ });
668
+ }
669
+ /**
670
+ * Assigns Analyst permissions to appropriate accounts
671
+ */
672
+ assignAnalystPermissions(props) {
673
+ const analystGroup = props.groupMap.analysts;
674
+ const analystPermissionSet = this.permissionSets[exports.PermissionSetType.ANALYST];
675
+ // Analysts get access to development, management, sandbox, and stage accounts
676
+ const analystAccounts = [
677
+ ...props.accountMap.development,
678
+ ...props.accountMap.management,
679
+ ...props.accountMap.sandbox,
680
+ ...props.accountMap.stage,
681
+ ];
682
+ // Create assignments for each account
683
+ analystAccounts.forEach((accountId, index) => {
684
+ const assignment = new sso__namespace.CfnAssignment(this, `AnalystAssignment${index}`, {
685
+ instanceArn: this.instanceArn,
686
+ permissionSetArn: analystPermissionSet.attrPermissionSetArn,
687
+ principalId: analystGroup,
688
+ principalType: "GROUP",
689
+ targetId: accountId,
690
+ targetType: "AWS_ACCOUNT",
691
+ });
692
+ cdk.Tags.of(assignment).add(cdk$1.CDK.TAG.SERVICE, cdk$1.CDK.SERVICE.SSO);
693
+ cdk.Tags.of(assignment).add("Group", "analysts");
694
+ });
695
+ }
696
+ /**
697
+ * Assigns Developer permissions to appropriate accounts
698
+ */
699
+ assignDeveloperPermissions(props) {
700
+ const developerGroup = props.groupMap.developers;
701
+ const developerPermissionSet = this.permissionSets[exports.PermissionSetType.DEVELOPER];
702
+ // Developers get access to development, sandbox, and stage accounts
703
+ const developerAccounts = [
704
+ ...props.accountMap.development,
705
+ ...props.accountMap.sandbox,
706
+ ...props.accountMap.stage,
707
+ ];
708
+ // Create assignments for each account
709
+ developerAccounts.forEach((accountId, index) => {
710
+ const assignment = new sso__namespace.CfnAssignment(this, `DeveloperAssignment${index}`, {
711
+ instanceArn: this.instanceArn,
712
+ permissionSetArn: developerPermissionSet.attrPermissionSetArn,
713
+ principalId: developerGroup,
714
+ principalType: "GROUP",
715
+ targetId: accountId,
716
+ targetType: "AWS_ACCOUNT",
717
+ });
718
+ cdk.Tags.of(assignment).add(cdk$1.CDK.TAG.SERVICE, cdk$1.CDK.SERVICE.SSO);
719
+ cdk.Tags.of(assignment).add("Group", "developers");
720
+ });
721
+ }
722
+ }
723
+
476
724
  class JaypieTraceSigningKeySecret extends JaypieEnvSecret {
477
725
  constructor(scope, id = "TraceSigningKey", props) {
478
726
  const defaultProps = {
@@ -490,5 +738,6 @@ exports.JaypieHostedZone = JaypieHostedZone;
490
738
  exports.JaypieMongoDbSecret = JaypieMongoDbSecret;
491
739
  exports.JaypieOpenAiSecret = JaypieOpenAiSecret;
492
740
  exports.JaypieQueuedLambda = JaypieQueuedLambda;
741
+ exports.JaypieSsoGroups = JaypieSsoGroups;
493
742
  exports.JaypieTraceSigningKeySecret = JaypieTraceSigningKeySecret;
494
743
  //# sourceMappingURL=index.cjs.map
package/dist/cjs/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.cjs","sources":["../../../src/JaypieEnvSecret.ts","../../../src/JaypieHostedZone.ts","../../../src/JaypieMongoDbSecret.ts","../../../src/JaypieOpenAiSecret.ts","../../../src/JaypieQueuedLambda.ts","../../../src/JaypieTraceSigningKeySecret.ts"],"sourcesContent":["import { Construct } from \"constructs\";\nimport {\n CfnOutput,\n Fn,\n SecretValue,\n Tags,\n RemovalPolicy,\n Stack,\n} from \"aws-cdk-lib\";\nimport * as secretsmanager from \"aws-cdk-lib/aws-secretsmanager\";\nimport { CDK } from \"@jaypie/cdk\";\nimport {\n ISecret,\n ISecretAttachmentTarget,\n RotationSchedule,\n RotationScheduleOptions,\n} from \"aws-cdk-lib/aws-secretsmanager\";\nimport { IKey } from \"aws-cdk-lib/aws-kms\";\nimport {\n Grant,\n IGrantable,\n PolicyStatement,\n AddToResourcePolicyResult,\n} from \"aws-cdk-lib/aws-iam\";\n\n// It is a consumer if the environment is ephemeral\nfunction checkEnvIsConsumer(env = process.env): boolean {\n return (\n env.PROJECT_ENV === CDK.ENV.PERSONAL ||\n !!env.CDK_ENV_PERSONAL ||\n /** @deprecated */ env.PROJECT_ENV === \"ephemeral\" ||\n /** @deprecated */ !!env.CDK_ENV_EPHEMERAL\n );\n}\n\nfunction checkEnvIsProvider(env = process.env): boolean {\n return env.PROJECT_ENV === CDK.ENV.SANDBOX;\n}\n\nfunction cleanName(name: string): string {\n return name.replace(/[^a-zA-Z0-9:-]/g, \"\");\n}\n\nfunction exportEnvName(name: string, env = process.env): string {\n let rawName;\n if (checkEnvIsProvider(env)) {\n rawName = `env-${env.PROJECT_ENV}-${env.PROJECT_KEY}-${name}`;\n // Clean the entire name to only allow alphanumeric, colons, and hyphens\n return cleanName(rawName);\n } else {\n if (checkEnvIsConsumer(env)) {\n rawName = `env-${CDK.ENV.SANDBOX}-${env.PROJECT_KEY}-${name}`;\n } else {\n rawName = `env-${env.PROJECT_ENV}-${env.PROJECT_KEY}-${name}`;\n }\n }\n return cleanName(rawName);\n}\n\nexport interface JaypieEnvSecretProps {\n consumer?: boolean;\n envKey?: string;\n export?: string;\n provider?: boolean;\n roleTag?: string;\n vendorTag?: string;\n value?: string;\n}\n\nexport class JaypieEnvSecret extends Construct implements ISecret {\n private readonly _envKey?: string;\n private readonly _secret: secretsmanager.ISecret;\n\n constructor(scope: Construct, id: string, props?: JaypieEnvSecretProps) {\n super(scope, id);\n\n const {\n consumer = checkEnvIsConsumer(),\n envKey,\n export: exportParam,\n provider = checkEnvIsProvider(),\n roleTag,\n vendorTag,\n value,\n } = props || {};\n\n this._envKey = envKey;\n\n let exportName;\n\n if (!exportParam) {\n exportName = exportEnvName(id);\n } else {\n exportName = cleanName(exportParam);\n }\n\n if (consumer) {\n const secretName = Fn.importValue(exportName);\n this._secret = secretsmanager.Secret.fromSecretNameV2(\n this,\n id,\n secretName,\n );\n\n // Add CfnOutput for consumer secrets\n new CfnOutput(this, `ConsumedName`, {\n value: this._secret.secretName,\n });\n } else {\n const secretValue =\n envKey && process.env[envKey] ? process.env[envKey] : value;\n\n const secretProps: secretsmanager.SecretProps = {\n secretStringValue: secretValue\n ? SecretValue.unsafePlainText(secretValue)\n : undefined,\n };\n\n this._secret = new secretsmanager.Secret(this, id, secretProps);\n\n if (roleTag) {\n Tags.of(this._secret).add(CDK.TAG.ROLE, roleTag);\n }\n\n if (vendorTag) {\n Tags.of(this._secret).add(CDK.TAG.VENDOR, vendorTag);\n }\n\n if (provider) {\n new CfnOutput(this, `ProvidedName`, {\n value: this._secret.secretName,\n exportName,\n });\n } else {\n new CfnOutput(this, `CreatedName`, {\n value: this._secret.secretName,\n });\n }\n }\n }\n\n // IResource implementation\n public get stack(): Stack {\n return Stack.of(this);\n }\n\n public get env(): { account: string; region: string } {\n return {\n account: Stack.of(this).account,\n region: Stack.of(this).region,\n };\n }\n\n public applyRemovalPolicy(policy: RemovalPolicy): void {\n this._secret.applyRemovalPolicy(policy);\n }\n\n // ISecret implementation\n public get secretArn(): string {\n return this._secret.secretArn;\n }\n\n public get secretName(): string {\n return this._secret.secretName;\n }\n\n public get secretFullArn(): string | undefined {\n return this._secret.secretFullArn;\n }\n\n public get encryptionKey(): IKey | undefined {\n return this._secret.encryptionKey;\n }\n\n public get secretValue(): SecretValue {\n return this._secret.secretValue;\n }\n\n public secretValueFromJson(key: string): SecretValue {\n return this._secret.secretValueFromJson(key);\n }\n\n public grantRead(grantee: IGrantable, versionStages?: string[]): Grant {\n return this._secret.grantRead(grantee, versionStages);\n }\n\n public grantWrite(grantee: IGrantable): Grant {\n return this._secret.grantWrite(grantee);\n }\n\n public addRotationSchedule(\n id: string,\n options: RotationScheduleOptions,\n ): RotationSchedule {\n return this._secret.addRotationSchedule(id, options);\n }\n\n public addToResourcePolicy(\n statement: PolicyStatement,\n ): AddToResourcePolicyResult {\n return this._secret.addToResourcePolicy(statement);\n }\n\n public denyAccountRootDelete(): void {\n this._secret.denyAccountRootDelete();\n }\n\n public attach(target: ISecretAttachmentTarget): ISecret {\n return this._secret.attach(target);\n }\n\n public get envKey(): string | undefined {\n return this._envKey;\n }\n}\n","import { CDK } from \"@jaypie/cdk\";\nimport * as cdk from \"aws-cdk-lib\";\nimport { ServicePrincipal } from \"aws-cdk-lib/aws-iam\";\nimport {\n LogGroup,\n FilterPattern,\n RetentionDays,\n ILogGroup,\n} from \"aws-cdk-lib/aws-logs\";\nimport { HostedZone, IHostedZone } from \"aws-cdk-lib/aws-route53\";\nimport { Construct } from \"constructs\";\nimport { LambdaDestination } from \"aws-cdk-lib/aws-logs-destinations\";\n\nconst SERVICE = {\n ROUTE53: \"route53.amazonaws.com\",\n} as const;\n\ninterface JaypieHostedZoneProps {\n /**\n * The domain name for the hosted zone\n */\n zoneName: string;\n /**\n * The service tag value\n * @default CDK.SERVICE.INFRASTRUCTURE\n */\n service?: string;\n /**\n * Optional project tag value\n */\n project?: string;\n /**\n * Optional log destination\n */\n destination?: LambdaDestination;\n}\n\nexport class JaypieHostedZone extends Construct {\n public readonly hostedZone: IHostedZone;\n public readonly logGroup: ILogGroup;\n\n /**\n * Create a new hosted zone with query logging\n */\n constructor(scope: Construct, id: string, props: JaypieHostedZoneProps) {\n super(scope, id);\n\n const { destination, zoneName, project } = props;\n const service = props.service || CDK.SERVICE.INFRASTRUCTURE;\n\n // Create the log group\n this.logGroup = new LogGroup(this, \"LogGroup\", {\n logGroupName: process.env.PROJECT_NONCE\n ? `/aws/route53/${zoneName}-${process.env.PROJECT_NONCE}`\n : `/aws/route53/${zoneName}`,\n retention: RetentionDays.ONE_WEEK,\n });\n\n // Add tags\n cdk.Tags.of(this.logGroup).add(CDK.TAG.SERVICE, service);\n cdk.Tags.of(this.logGroup).add(CDK.TAG.ROLE, CDK.ROLE.NETWORKING);\n if (project) {\n cdk.Tags.of(this.logGroup).add(CDK.TAG.PROJECT, project);\n }\n\n // Grant Route 53 permissions to write to the log group\n this.logGroup.grantWrite(new ServicePrincipal(SERVICE.ROUTE53));\n\n // Add destination if provided\n if (destination) {\n this.logGroup.addSubscriptionFilter(\"DatadogLambdaDestination\", {\n destination,\n filterPattern: FilterPattern.allEvents(),\n });\n }\n\n // Create the hosted zone\n this.hostedZone = new HostedZone(this, \"HostedZone\", {\n queryLogsLogGroupArn: this.logGroup.logGroupArn,\n zoneName,\n });\n\n // Add tags\n cdk.Tags.of(this.hostedZone).add(CDK.TAG.SERVICE, service);\n cdk.Tags.of(this.hostedZone).add(CDK.TAG.ROLE, CDK.ROLE.NETWORKING);\n if (project) {\n cdk.Tags.of(this.hostedZone).add(CDK.TAG.PROJECT, project);\n }\n }\n}\n","import { Construct } from \"constructs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport { JaypieEnvSecret, JaypieEnvSecretProps } from \"./JaypieEnvSecret\";\n\nexport class JaypieMongoDbSecret extends JaypieEnvSecret {\n constructor(\n scope: Construct,\n id = \"MongoConnectionString\",\n props?: JaypieEnvSecretProps,\n ) {\n const defaultProps: JaypieEnvSecretProps = {\n envKey: \"MONGODB_URI\",\n roleTag: CDK.ROLE.STORAGE,\n vendorTag: CDK.VENDOR.MONGODB,\n ...props,\n };\n\n super(scope, id, defaultProps);\n }\n}\n","import { Construct } from \"constructs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport { JaypieEnvSecret, JaypieEnvSecretProps } from \"./JaypieEnvSecret\";\n\nexport class JaypieOpenAiSecret extends JaypieEnvSecret {\n constructor(\n scope: Construct,\n id = \"OpenAiApiKey\",\n props?: JaypieEnvSecretProps,\n ) {\n const defaultProps: JaypieEnvSecretProps = {\n envKey: \"OPENAI_API_KEY\",\n roleTag: CDK.ROLE.PROCESSING,\n vendorTag: CDK.VENDOR.OPENAI,\n ...props,\n };\n\n super(scope, id, defaultProps);\n }\n}\n","import { Construct } from \"constructs\";\nimport { Duration, Tags, Stack, RemovalPolicy } from \"aws-cdk-lib\";\nimport * as lambda from \"aws-cdk-lib/aws-lambda\";\nimport * as sqs from \"aws-cdk-lib/aws-sqs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport * as lambdaEventSources from \"aws-cdk-lib/aws-lambda-event-sources\";\nimport * as iam from \"aws-cdk-lib/aws-iam\";\nimport * as cloudwatch from \"aws-cdk-lib/aws-cloudwatch\";\nimport * as kms from \"aws-cdk-lib/aws-kms\";\nimport * as secretsmanager from \"aws-cdk-lib/aws-secretsmanager\";\nimport { JaypieEnvSecret } from \"./JaypieEnvSecret.js\";\n\nexport interface JaypieQueuedLambdaProps {\n batchSize?: number;\n code: lambda.Code | string;\n environment?: { [key: string]: string };\n envSecrets?: { [key: string]: secretsmanager.ISecret };\n fifo?: boolean;\n handler: string;\n layers?: lambda.ILayerVersion[];\n logRetention?: number;\n memorySize?: number;\n paramsAndSecrets?: lambda.ParamsAndSecretsLayerVersion;\n reservedConcurrentExecutions?: number;\n roleTag?: string;\n runtime?: lambda.Runtime;\n secrets?: JaypieEnvSecret[];\n timeout?: Duration | number;\n vendorTag?: string;\n visibilityTimeout?: Duration | number;\n}\n\nexport class JaypieQueuedLambda\n extends Construct\n implements lambda.IFunction, sqs.IQueue\n{\n private readonly _queue: sqs.Queue;\n private readonly _lambda: lambda.Function;\n private readonly _code: lambda.Code;\n\n constructor(scope: Construct, id: string, props: JaypieQueuedLambdaProps) {\n super(scope, id);\n\n const {\n batchSize = 1,\n code,\n environment = {},\n envSecrets = {},\n fifo = true,\n handler = \"index.handler\",\n layers = [],\n logRetention = CDK.LAMBDA.LOG_RETENTION,\n memorySize = CDK.LAMBDA.MEMORY_SIZE,\n paramsAndSecrets,\n reservedConcurrentExecutions,\n roleTag,\n runtime = lambda.Runtime.NODEJS_20_X,\n secrets = [],\n timeout = Duration.seconds(CDK.DURATION.LAMBDA_WORKER),\n vendorTag,\n visibilityTimeout = Duration.seconds(CDK.DURATION.LAMBDA_WORKER),\n } = props;\n\n this._code = typeof code === \"string\" ? lambda.Code.fromAsset(code) : code;\n\n // Create SQS Queue\n this._queue = new sqs.Queue(this, \"Queue\", {\n fifo,\n visibilityTimeout:\n typeof visibilityTimeout === \"number\"\n ? Duration.seconds(visibilityTimeout)\n : visibilityTimeout,\n });\n if (roleTag) {\n Tags.of(this._queue).add(CDK.TAG.ROLE, roleTag);\n }\n if (vendorTag) {\n Tags.of(this._queue).add(CDK.TAG.VENDOR, vendorTag);\n }\n\n // Process secrets environment variables\n const secretsEnvironment = Object.entries(envSecrets).reduce(\n (acc, [key, secret]) => ({\n ...acc,\n [`SECRET_${key}`]: secret.secretName,\n }),\n {},\n );\n\n // Process JaypieEnvSecret array\n const jaypieSecretsEnvironment = secrets.reduce((acc, secret) => {\n if (secret.envKey) {\n return {\n ...acc,\n [`SECRET_${secret.envKey}`]: secret.secretName,\n };\n }\n return acc;\n }, {});\n\n // Create Lambda Function\n this._lambda = new lambda.Function(this, \"Function\", {\n code: this._code,\n environment: {\n CDK_ENV_QUEUE_URL: this._queue.queueUrl,\n ...environment,\n ...secretsEnvironment,\n ...jaypieSecretsEnvironment,\n },\n handler,\n layers,\n logRetention,\n memorySize,\n paramsAndSecrets,\n reservedConcurrentExecutions,\n runtime,\n timeout:\n typeof timeout === \"number\" ? Duration.seconds(timeout) : timeout,\n });\n\n // Grant secret read permissions\n Object.values(envSecrets).forEach((secret) => {\n secret.grantRead(this._lambda);\n });\n\n // Grant read permissions for JaypieEnvSecrets\n secrets.forEach((secret) => {\n secret.grantRead(this);\n secret.grantRead(this._lambda);\n });\n\n this._queue.grantConsumeMessages(this._lambda);\n this._queue.grantSendMessages(this._lambda);\n this._lambda.addEventSource(\n new lambdaEventSources.SqsEventSource(this._queue, {\n batchSize,\n }),\n );\n if (roleTag) {\n Tags.of(this._lambda).add(CDK.TAG.ROLE, roleTag);\n }\n if (vendorTag) {\n Tags.of(this._lambda).add(CDK.TAG.VENDOR, vendorTag);\n }\n }\n\n // Public accessors\n public get queue(): sqs.Queue {\n return this._queue;\n }\n\n public get lambda(): lambda.Function {\n return this._lambda;\n }\n\n public get code(): lambda.Code {\n return this._code;\n }\n\n // IFunction implementation\n public get functionArn(): string {\n return this._lambda.functionArn;\n }\n\n public get functionName(): string {\n return this._lambda.functionName;\n }\n\n public get grantPrincipal(): import(\"aws-cdk-lib/aws-iam\").IPrincipal {\n return this._lambda.grantPrincipal;\n }\n\n public get role(): import(\"aws-cdk-lib/aws-iam\").IRole | undefined {\n return this._lambda.role;\n }\n\n public get architecture(): lambda.Architecture {\n return this._lambda.architecture;\n }\n\n public get connections(): import(\"aws-cdk-lib/aws-ec2\").Connections {\n return this._lambda.connections;\n }\n\n public get isBoundToVpc(): boolean {\n return this._lambda.isBoundToVpc;\n }\n\n public get latestVersion(): lambda.IVersion {\n return this._lambda.latestVersion;\n }\n\n public get permissionsNode(): import(\"constructs\").Node {\n return this._lambda.permissionsNode;\n }\n\n public get resourceArnsForGrantInvoke(): string[] {\n return this._lambda.resourceArnsForGrantInvoke;\n }\n\n public addEventSource(source: lambda.IEventSource): void {\n this._lambda.addEventSource(source);\n }\n\n public addEventSourceMapping(\n id: string,\n options: lambda.EventSourceMappingOptions,\n ): lambda.EventSourceMapping {\n return this._lambda.addEventSourceMapping(id, options);\n }\n\n public addFunctionUrl(\n options?: lambda.FunctionUrlOptions,\n ): lambda.FunctionUrl {\n return this._lambda.addFunctionUrl(options);\n }\n\n public addPermission(id: string, permission: lambda.Permission): void {\n this._lambda.addPermission(id, permission);\n }\n\n public addToRolePolicy(\n statement: import(\"aws-cdk-lib/aws-iam\").PolicyStatement,\n ): void {\n this._lambda.addToRolePolicy(statement);\n }\n\n public configureAsyncInvoke(options: lambda.EventInvokeConfigOptions): void {\n this._lambda.configureAsyncInvoke(options);\n }\n\n public grantInvoke(\n grantee: import(\"aws-cdk-lib/aws-iam\").IGrantable,\n ): import(\"aws-cdk-lib/aws-iam\").Grant {\n return this._lambda.grantInvoke(grantee);\n }\n\n public grantInvokeCompositePrincipal(\n compositePrincipal: import(\"aws-cdk-lib/aws-iam\").CompositePrincipal,\n ): import(\"aws-cdk-lib/aws-iam\").Grant[] {\n return this._lambda.grantInvokeCompositePrincipal(compositePrincipal);\n }\n\n public grantInvokeUrl(\n grantee: import(\"aws-cdk-lib/aws-iam\").IGrantable,\n ): import(\"aws-cdk-lib/aws-iam\").Grant {\n return this._lambda.grantInvokeUrl(grantee);\n }\n\n public metric(\n metricName: string,\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metric(metricName, props);\n }\n\n public metricDuration(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricDuration(props);\n }\n\n public metricErrors(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricErrors(props);\n }\n\n public metricInvocations(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricInvocations(props);\n }\n\n public metricThrottles(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricThrottles(props);\n }\n\n // Additional IFunction implementation\n public grantInvokeLatestVersion(grantee: iam.IGrantable): iam.Grant {\n return this._lambda.grantInvokeLatestVersion(grantee);\n }\n\n public grantInvokeVersion(\n grantee: iam.IGrantable,\n version: lambda.Version,\n ): iam.Grant {\n return this._lambda.grantInvokeVersion(grantee, version);\n }\n\n public get env() {\n return {\n account: Stack.of(this).account,\n region: Stack.of(this).region,\n };\n }\n\n public get stack(): Stack {\n return this._lambda.stack;\n }\n\n public applyRemovalPolicy(policy: RemovalPolicy): void {\n this._lambda.applyRemovalPolicy(policy);\n this._queue.applyRemovalPolicy(policy);\n }\n\n // IQueue implementation\n public get fifo(): boolean {\n return this._queue.fifo;\n }\n\n public get queueArn(): string {\n return this._queue.queueArn;\n }\n\n public get queueName(): string {\n return this._queue.queueName;\n }\n\n public get queueUrl(): string {\n return this._queue.queueUrl;\n }\n\n public get encryptionMasterKey(): kms.IKey | undefined {\n return this._queue.encryptionMasterKey;\n }\n\n public addToResourcePolicy(\n statement: iam.PolicyStatement,\n ): iam.AddToResourcePolicyResult {\n return this._queue.addToResourcePolicy(statement);\n }\n\n public grant(grantee: iam.IGrantable, ...actions: string[]): iam.Grant {\n return this._queue.grant(grantee, ...actions);\n }\n\n public grantConsumeMessages(grantee: iam.IGrantable): iam.Grant {\n return this._queue.grantConsumeMessages(grantee);\n }\n\n public grantPurge(grantee: iam.IGrantable): iam.Grant {\n return this._queue.grantPurge(grantee);\n }\n\n public grantSendMessages(grantee: iam.IGrantable): iam.Grant {\n return this._queue.grantSendMessages(grantee);\n }\n\n // Queue metrics\n public metricApproximateAgeOfOldestMessage(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateAgeOfOldestMessage(props);\n }\n\n public metricApproximateNumberOfMessagesDelayed(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateNumberOfMessagesDelayed(props);\n }\n\n public metricApproximateNumberOfMessagesNotVisible(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateNumberOfMessagesNotVisible(props);\n }\n\n public metricApproximateNumberOfMessagesVisible(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateNumberOfMessagesVisible(props);\n }\n\n public metricNumberOfEmptyReceives(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfEmptyReceives(props);\n }\n\n public metricNumberOfMessagesDeleted(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfMessagesDeleted(props);\n }\n\n public metricNumberOfMessagesReceived(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfMessagesReceived(props);\n }\n\n public metricNumberOfMessagesSent(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfMessagesSent(props);\n }\n\n public metricSentMessageSize(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricSentMessageSize(props);\n }\n}\n","import { Construct } from \"constructs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport { JaypieEnvSecret, JaypieEnvSecretProps } from \"./JaypieEnvSecret\";\n\nexport class JaypieTraceSigningKeySecret extends JaypieEnvSecret {\n constructor(\n scope: Construct,\n id = \"TraceSigningKey\",\n props?: JaypieEnvSecretProps,\n ) {\n const defaultProps: JaypieEnvSecretProps = {\n envKey: \"TRACE_SIGNING_KEY\",\n roleTag: CDK.ROLE.API,\n vendorTag: CDK.VENDOR.KNOWTRACE,\n ...props,\n };\n\n super(scope, id, defaultProps);\n }\n}\n"],"names":["CDK","Construct","Fn","secretsmanager","CfnOutput","SecretValue","Tags","Stack","LogGroup","RetentionDays","cdk","ServicePrincipal","FilterPattern","HostedZone","lambda","Duration","sqs","lambdaEventSources"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAyBA;AACA,SAAS,kBAAkB,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,EAAA;IAC3C,QACE,GAAG,CAAC,WAAW,KAAKA,SAAG,CAAC,GAAG,CAAC,QAAQ;QACpC,CAAC,CAAC,GAAG,CAAC,gBAAgB;AACtB,2BAAmB,GAAG,CAAC,WAAW,KAAK,WAAW;AAClD,2BAAmB,CAAC,CAAC,GAAG,CAAC,iBAAiB;AAE9C;AAEA,SAAS,kBAAkB,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,EAAA;IAC3C,OAAO,GAAG,CAAC,WAAW,KAAKA,SAAG,CAAC,GAAG,CAAC,OAAO;AAC5C;AAEA,SAAS,SAAS,CAAC,IAAY,EAAA;IAC7B,OAAO,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,EAAE,CAAC;AAC5C;AAEA,SAAS,aAAa,CAAC,IAAY,EAAE,GAAG,GAAG,OAAO,CAAC,GAAG,EAAA;AACpD,IAAA,IAAI,OAAO;AACX,IAAA,IAAI,kBAAkB,CAAC,GAAG,CAAC,EAAE;AAC3B,QAAA,OAAO,GAAG,CAAA,IAAA,EAAO,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,IAAI,CAAA,CAAE;;AAE7D,QAAA,OAAO,SAAS,CAAC,OAAO,CAAC;;SACpB;AACL,QAAA,IAAI,kBAAkB,CAAC,GAAG,CAAC,EAAE;AAC3B,YAAA,OAAO,GAAG,CAAA,IAAA,EAAOA,SAAG,CAAC,GAAG,CAAC,OAAO,CAAI,CAAA,EAAA,GAAG,CAAC,WAAW,CAAI,CAAA,EAAA,IAAI,EAAE;;aACxD;AACL,YAAA,OAAO,GAAG,CAAA,IAAA,EAAO,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,IAAI,CAAA,CAAE;;;AAGjE,IAAA,OAAO,SAAS,CAAC,OAAO,CAAC;AAC3B;AAYM,MAAO,eAAgB,SAAQC,oBAAS,CAAA;AAI5C,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA4B,EAAA;AACpE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;QAEhB,MAAM,EACJ,QAAQ,GAAG,kBAAkB,EAAE,EAC/B,MAAM,EACN,MAAM,EAAE,WAAW,EACnB,QAAQ,GAAG,kBAAkB,EAAE,EAC/B,OAAO,EACP,SAAS,EACT,KAAK,GACN,GAAG,KAAK,IAAI,EAAE;AAEf,QAAA,IAAI,CAAC,OAAO,GAAG,MAAM;AAErB,QAAA,IAAI,UAAU;QAEd,IAAI,CAAC,WAAW,EAAE;AAChB,YAAA,UAAU,GAAG,aAAa,CAAC,EAAE,CAAC;;aACzB;AACL,YAAA,UAAU,GAAG,SAAS,CAAC,WAAW,CAAC;;QAGrC,IAAI,QAAQ,EAAE;YACZ,MAAM,UAAU,GAAGC,MAAE,CAAC,WAAW,CAAC,UAAU,CAAC;AAC7C,YAAA,IAAI,CAAC,OAAO,GAAGC,yBAAc,CAAC,MAAM,CAAC,gBAAgB,CACnD,IAAI,EACJ,EAAE,EACF,UAAU,CACX;;AAGD,YAAA,IAAIC,aAAS,CAAC,IAAI,EAAE,cAAc,EAAE;AAClC,gBAAA,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU;AAC/B,aAAA,CAAC;;aACG;YACL,MAAM,WAAW,GACf,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,KAAK;AAE7D,YAAA,MAAM,WAAW,GAA+B;AAC9C,gBAAA,iBAAiB,EAAE;AACjB,sBAAEC,eAAW,CAAC,eAAe,CAAC,WAAW;AACzC,sBAAE,SAAS;aACd;AAED,YAAA,IAAI,CAAC,OAAO,GAAG,IAAIF,yBAAc,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,EAAE,WAAW,CAAC;YAE/D,IAAI,OAAO,EAAE;AACX,gBAAAG,QAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC;;YAGlD,IAAI,SAAS,EAAE;AACb,gBAAAM,QAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC;;YAGtD,IAAI,QAAQ,EAAE;AACZ,gBAAA,IAAII,aAAS,CAAC,IAAI,EAAE,cAAc,EAAE;AAClC,oBAAA,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU;oBAC9B,UAAU;AACX,iBAAA,CAAC;;iBACG;AACL,gBAAA,IAAIA,aAAS,CAAC,IAAI,EAAE,aAAa,EAAE;AACjC,oBAAA,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU;AAC/B,iBAAA,CAAC;;;;;AAMR,IAAA,IAAW,KAAK,GAAA;AACd,QAAA,OAAOG,SAAK,CAAC,EAAE,CAAC,IAAI,CAAC;;AAGvB,IAAA,IAAW,GAAG,GAAA;QACZ,OAAO;YACL,OAAO,EAAEA,SAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,OAAO;YAC/B,MAAM,EAAEA,SAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM;SAC9B;;AAGI,IAAA,kBAAkB,CAAC,MAAqB,EAAA;AAC7C,QAAA,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,CAAC;;;AAIzC,IAAA,IAAW,SAAS,GAAA;AAClB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS;;AAG/B,IAAA,IAAW,UAAU,GAAA;AACnB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU;;AAGhC,IAAA,IAAW,aAAa,GAAA;AACtB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,aAAa;;AAGnC,IAAA,IAAW,aAAa,GAAA;AACtB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,aAAa;;AAGnC,IAAA,IAAW,WAAW,GAAA;AACpB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW;;AAG1B,IAAA,mBAAmB,CAAC,GAAW,EAAA;QACpC,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,GAAG,CAAC;;IAGvC,SAAS,CAAC,OAAmB,EAAE,aAAwB,EAAA;QAC5D,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,OAAO,EAAE,aAAa,CAAC;;AAGhD,IAAA,UAAU,CAAC,OAAmB,EAAA;QACnC,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC;;IAGlC,mBAAmB,CACxB,EAAU,EACV,OAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,EAAE,EAAE,OAAO,CAAC;;AAG/C,IAAA,mBAAmB,CACxB,SAA0B,EAAA;QAE1B,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,SAAS,CAAC;;IAG7C,qBAAqB,GAAA;AAC1B,QAAA,IAAI,CAAC,OAAO,CAAC,qBAAqB,EAAE;;AAG/B,IAAA,MAAM,CAAC,MAA+B,EAAA;QAC3C,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC;;AAGpC,IAAA,IAAW,MAAM,GAAA;QACf,OAAO,IAAI,CAAC,OAAO;;AAEtB;;ACzMD,MAAM,OAAO,GAAG;AACd,IAAA,OAAO,EAAE,uBAAuB;CACxB;AAsBJ,MAAO,gBAAiB,SAAQN,oBAAS,CAAA;AAI7C;;AAEG;AACH,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA4B,EAAA;AACpE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;QAEhB,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,OAAO,EAAE,GAAG,KAAK;QAChD,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,IAAID,SAAG,CAAC,OAAO,CAAC,cAAc;;QAG3D,IAAI,CAAC,QAAQ,GAAG,IAAIQ,gBAAQ,CAAC,IAAI,EAAE,UAAU,EAAE;AAC7C,YAAA,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC;kBACtB,gBAAgB,QAAQ,CAAA,CAAA,EAAI,OAAO,CAAC,GAAG,CAAC,aAAa,CAAE;kBACvD,CAAgB,aAAA,EAAA,QAAQ,CAAE,CAAA;YAC9B,SAAS,EAAEC,qBAAa,CAAC,QAAQ;AAClC,SAAA,CAAC;;QAGFC,cAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,CAACV,SAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;QACxDU,cAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,CAACV,SAAG,CAAC,GAAG,CAAC,IAAI,EAAEA,SAAG,CAAC,IAAI,CAAC,UAAU,CAAC;QACjE,IAAI,OAAO,EAAE;YACXU,cAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,CAACV,SAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;;;AAI1D,QAAA,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAIW,uBAAgB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;;QAG/D,IAAI,WAAW,EAAE;AACf,YAAA,IAAI,CAAC,QAAQ,CAAC,qBAAqB,CAAC,0BAA0B,EAAE;gBAC9D,WAAW;AACX,gBAAA,aAAa,EAAEC,qBAAa,CAAC,SAAS,EAAE;AACzC,aAAA,CAAC;;;QAIJ,IAAI,CAAC,UAAU,GAAG,IAAIC,qBAAU,CAAC,IAAI,EAAE,YAAY,EAAE;AACnD,YAAA,oBAAoB,EAAE,IAAI,CAAC,QAAQ,CAAC,WAAW;YAC/C,QAAQ;AACT,SAAA,CAAC;;QAGFH,cAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,GAAG,CAACV,SAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;QAC1DU,cAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,GAAG,CAACV,SAAG,CAAC,GAAG,CAAC,IAAI,EAAEA,SAAG,CAAC,IAAI,CAAC,UAAU,CAAC;QACnE,IAAI,OAAO,EAAE;YACXU,cAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,GAAG,CAACV,SAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;;;AAG/D;;ACrFK,MAAO,mBAAoB,SAAQ,eAAe,CAAA;AACtD,IAAA,WAAA,CACE,KAAgB,EAChB,EAAE,GAAG,uBAAuB,EAC5B,KAA4B,EAAA;AAE5B,QAAA,MAAM,YAAY,GAAyB;AACzC,YAAA,MAAM,EAAE,aAAa;AACrB,YAAA,OAAO,EAAEA,SAAG,CAAC,IAAI,CAAC,OAAO;AACzB,YAAA,SAAS,EAAEA,SAAG,CAAC,MAAM,CAAC,OAAO;AAC7B,YAAA,GAAG,KAAK;SACT;AAED,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,YAAY,CAAC;;AAEjC;;ACfK,MAAO,kBAAmB,SAAQ,eAAe,CAAA;AACrD,IAAA,WAAA,CACE,KAAgB,EAChB,EAAE,GAAG,cAAc,EACnB,KAA4B,EAAA;AAE5B,QAAA,MAAM,YAAY,GAAyB;AACzC,YAAA,MAAM,EAAE,gBAAgB;AACxB,YAAA,OAAO,EAAEA,SAAG,CAAC,IAAI,CAAC,UAAU;AAC5B,YAAA,SAAS,EAAEA,SAAG,CAAC,MAAM,CAAC,MAAM;AAC5B,YAAA,GAAG,KAAK;SACT;AAED,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,YAAY,CAAC;;AAEjC;;ACaK,MAAO,kBACX,SAAQC,oBAAS,CAAA;AAOjB,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA8B,EAAA;AACtE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;AAEhB,QAAA,MAAM,EACJ,SAAS,GAAG,CAAC,EACb,IAAI,EACJ,WAAW,GAAG,EAAE,EAChB,UAAU,GAAG,EAAE,EACf,IAAI,GAAG,IAAI,EACX,OAAO,GAAG,eAAe,EACzB,MAAM,GAAG,EAAE,EACX,YAAY,GAAGD,SAAG,CAAC,MAAM,CAAC,aAAa,EACvC,UAAU,GAAGA,SAAG,CAAC,MAAM,CAAC,WAAW,EACnC,gBAAgB,EAChB,4BAA4B,EAC5B,OAAO,EACP,OAAO,GAAGc,iBAAM,CAAC,OAAO,CAAC,WAAW,EACpC,OAAO,GAAG,EAAE,EACZ,OAAO,GAAGC,YAAQ,CAAC,OAAO,CAACf,SAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,EACtD,SAAS,EACT,iBAAiB,GAAGe,YAAQ,CAAC,OAAO,CAACf,SAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,GACjE,GAAG,KAAK;QAET,IAAI,CAAC,KAAK,GAAG,OAAO,IAAI,KAAK,QAAQ,GAAGc,iBAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,IAAI;;QAG1E,IAAI,CAAC,MAAM,GAAG,IAAIE,cAAG,CAAC,KAAK,CAAC,IAAI,EAAE,OAAO,EAAE;YACzC,IAAI;AACJ,YAAA,iBAAiB,EACf,OAAO,iBAAiB,KAAK;AAC3B,kBAAED,YAAQ,CAAC,OAAO,CAAC,iBAAiB;AACpC,kBAAE,iBAAiB;AACxB,SAAA,CAAC;QACF,IAAI,OAAO,EAAE;AACX,YAAAT,QAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC;;QAEjD,IAAI,SAAS,EAAE;AACb,YAAAM,QAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC;;;QAIrD,MAAM,kBAAkB,GAAG,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,MAAM,CAC1D,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM;AACvB,YAAA,GAAG,GAAG;AACN,YAAA,CAAC,UAAU,GAAG,CAAA,CAAE,GAAG,MAAM,CAAC,UAAU;SACrC,CAAC,EACF,EAAE,CACH;;QAGD,MAAM,wBAAwB,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,MAAM,KAAI;AAC9D,YAAA,IAAI,MAAM,CAAC,MAAM,EAAE;gBACjB,OAAO;AACL,oBAAA,GAAG,GAAG;oBACN,CAAC,CAAA,OAAA,EAAU,MAAM,CAAC,MAAM,EAAE,GAAG,MAAM,CAAC,UAAU;iBAC/C;;AAEH,YAAA,OAAO,GAAG;SACX,EAAE,EAAE,CAAC;;QAGN,IAAI,CAAC,OAAO,GAAG,IAAIc,iBAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,UAAU,EAAE;YACnD,IAAI,EAAE,IAAI,CAAC,KAAK;AAChB,YAAA,WAAW,EAAE;AACX,gBAAA,iBAAiB,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;AACvC,gBAAA,GAAG,WAAW;AACd,gBAAA,GAAG,kBAAkB;AACrB,gBAAA,GAAG,wBAAwB;AAC5B,aAAA;YACD,OAAO;YACP,MAAM;YACN,YAAY;YACZ,UAAU;YACV,gBAAgB;YAChB,4BAA4B;YAC5B,OAAO;AACP,YAAA,OAAO,EACL,OAAO,OAAO,KAAK,QAAQ,GAAGC,YAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO;AACpE,SAAA,CAAC;;QAGF,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,KAAI;AAC3C,YAAA,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC;AAChC,SAAC,CAAC;;AAGF,QAAA,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,KAAI;AACzB,YAAA,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC;AACtB,YAAA,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC;AAChC,SAAC,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC;QAC9C,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC;AAC3C,QAAA,IAAI,CAAC,OAAO,CAAC,cAAc,CACzB,IAAIE,6BAAkB,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,EAAE;YACjD,SAAS;AACV,SAAA,CAAC,CACH;QACD,IAAI,OAAO,EAAE;AACX,YAAAX,QAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC;;QAElD,IAAI,SAAS,EAAE;AACb,YAAAM,QAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC;;;;AAKxD,IAAA,IAAW,KAAK,GAAA;QACd,OAAO,IAAI,CAAC,MAAM;;AAGpB,IAAA,IAAW,MAAM,GAAA;QACf,OAAO,IAAI,CAAC,OAAO;;AAGrB,IAAA,IAAW,IAAI,GAAA;QACb,OAAO,IAAI,CAAC,KAAK;;;AAInB,IAAA,IAAW,WAAW,GAAA;AACpB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW;;AAGjC,IAAA,IAAW,YAAY,GAAA;AACrB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY;;AAGlC,IAAA,IAAW,cAAc,GAAA;AACvB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc;;AAGpC,IAAA,IAAW,IAAI,GAAA;AACb,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI;;AAG1B,IAAA,IAAW,YAAY,GAAA;AACrB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY;;AAGlC,IAAA,IAAW,WAAW,GAAA;AACpB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW;;AAGjC,IAAA,IAAW,YAAY,GAAA;AACrB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY;;AAGlC,IAAA,IAAW,aAAa,GAAA;AACtB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,aAAa;;AAGnC,IAAA,IAAW,eAAe,GAAA;AACxB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe;;AAGrC,IAAA,IAAW,0BAA0B,GAAA;AACnC,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,0BAA0B;;AAGzC,IAAA,cAAc,CAAC,MAA2B,EAAA;AAC/C,QAAA,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,MAAM,CAAC;;IAG9B,qBAAqB,CAC1B,EAAU,EACV,OAAyC,EAAA;QAEzC,OAAO,IAAI,CAAC,OAAO,CAAC,qBAAqB,CAAC,EAAE,EAAE,OAAO,CAAC;;AAGjD,IAAA,cAAc,CACnB,OAAmC,EAAA;QAEnC,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,OAAO,CAAC;;IAGtC,aAAa,CAAC,EAAU,EAAE,UAA6B,EAAA;QAC5D,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,EAAE,UAAU,CAAC;;AAGrC,IAAA,eAAe,CACpB,SAAwD,EAAA;AAExD,QAAA,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,SAAS,CAAC;;AAGlC,IAAA,oBAAoB,CAAC,OAAwC,EAAA;AAClE,QAAA,IAAI,CAAC,OAAO,CAAC,oBAAoB,CAAC,OAAO,CAAC;;AAGrC,IAAA,WAAW,CAChB,OAAiD,EAAA;QAEjD,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC;;AAGnC,IAAA,6BAA6B,CAClC,kBAAoE,EAAA;QAEpE,OAAO,IAAI,CAAC,OAAO,CAAC,6BAA6B,CAAC,kBAAkB,CAAC;;AAGhE,IAAA,cAAc,CACnB,OAAiD,EAAA;QAEjD,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,OAAO,CAAC;;IAGtC,MAAM,CACX,UAAkB,EAClB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,EAAE,KAAK,CAAC;;AAGxC,IAAA,cAAc,CACnB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,KAAK,CAAC;;AAGpC,IAAA,YAAY,CACjB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,KAAK,CAAC;;AAGlC,IAAA,iBAAiB,CACtB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC,KAAK,CAAC;;AAGvC,IAAA,eAAe,CACpB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC;;;AAIrC,IAAA,wBAAwB,CAAC,OAAuB,EAAA;QACrD,OAAO,IAAI,CAAC,OAAO,CAAC,wBAAwB,CAAC,OAAO,CAAC;;IAGhD,kBAAkB,CACvB,OAAuB,EACvB,OAAuB,EAAA;QAEvB,OAAO,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,OAAO,EAAE,OAAO,CAAC;;AAG1D,IAAA,IAAW,GAAG,GAAA;QACZ,OAAO;YACL,OAAO,EAAEO,SAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,OAAO;YAC/B,MAAM,EAAEA,SAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM;SAC9B;;AAGH,IAAA,IAAW,KAAK,GAAA;AACd,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK;;AAGpB,IAAA,kBAAkB,CAAC,MAAqB,EAAA;AAC7C,QAAA,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,CAAC;AACvC,QAAA,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC,MAAM,CAAC;;;AAIxC,IAAA,IAAW,IAAI,GAAA;AACb,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI;;AAGzB,IAAA,IAAW,QAAQ,GAAA;AACjB,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ;;AAG7B,IAAA,IAAW,SAAS,GAAA;AAClB,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS;;AAG9B,IAAA,IAAW,QAAQ,GAAA;AACjB,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ;;AAG7B,IAAA,IAAW,mBAAmB,GAAA;AAC5B,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,mBAAmB;;AAGjC,IAAA,mBAAmB,CACxB,SAA8B,EAAA;QAE9B,OAAO,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC,SAAS,CAAC;;AAG5C,IAAA,KAAK,CAAC,OAAuB,EAAE,GAAG,OAAiB,EAAA;QACxD,OAAO,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,GAAG,OAAO,CAAC;;AAGxC,IAAA,oBAAoB,CAAC,OAAuB,EAAA;QACjD,OAAO,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,OAAO,CAAC;;AAG3C,IAAA,UAAU,CAAC,OAAuB,EAAA;QACvC,OAAO,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC;;AAGjC,IAAA,iBAAiB,CAAC,OAAuB,EAAA;QAC9C,OAAO,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,OAAO,CAAC;;;AAIxC,IAAA,mCAAmC,CACxC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,mCAAmC,CAAC,KAAK,CAAC;;AAGxD,IAAA,wCAAwC,CAC7C,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,wCAAwC,CAAC,KAAK,CAAC;;AAG7D,IAAA,2CAA2C,CAChD,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,2CAA2C,CAAC,KAAK,CAAC;;AAGhE,IAAA,wCAAwC,CAC7C,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,wCAAwC,CAAC,KAAK,CAAC;;AAG7D,IAAA,2BAA2B,CAChC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,2BAA2B,CAAC,KAAK,CAAC;;AAGhD,IAAA,6BAA6B,CAClC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,6BAA6B,CAAC,KAAK,CAAC;;AAGlD,IAAA,8BAA8B,CACnC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,8BAA8B,CAAC,KAAK,CAAC;;AAGnD,IAAA,0BAA0B,CAC/B,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,0BAA0B,CAAC,KAAK,CAAC;;AAG/C,IAAA,qBAAqB,CAC1B,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC,KAAK,CAAC;;AAElD;;ACjZK,MAAO,2BAA4B,SAAQ,eAAe,CAAA;AAC9D,IAAA,WAAA,CACE,KAAgB,EAChB,EAAE,GAAG,iBAAiB,EACtB,KAA4B,EAAA;AAE5B,QAAA,MAAM,YAAY,GAAyB;AACzC,YAAA,MAAM,EAAE,mBAAmB;AAC3B,YAAA,OAAO,EAAEP,SAAG,CAAC,IAAI,CAAC,GAAG;AACrB,YAAA,SAAS,EAAEA,SAAG,CAAC,MAAM,CAAC,SAAS;AAC/B,YAAA,GAAG,KAAK;SACT;AAED,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,YAAY,CAAC;;AAEjC;;;;;;;;;"}
1
+ {"version":3,"file":"index.cjs","sources":["../../../src/JaypieEnvSecret.ts","../../../src/JaypieHostedZone.ts","../../../src/JaypieMongoDbSecret.ts","../../../src/JaypieOpenAiSecret.ts","../../../src/JaypieQueuedLambda.ts","../../../src/JaypieSsoGroups.ts","../../../src/JaypieTraceSigningKeySecret.ts"],"sourcesContent":["import { Construct } from \"constructs\";\nimport {\n CfnOutput,\n Fn,\n SecretValue,\n Tags,\n RemovalPolicy,\n Stack,\n} from \"aws-cdk-lib\";\nimport * as secretsmanager from \"aws-cdk-lib/aws-secretsmanager\";\nimport { CDK } from \"@jaypie/cdk\";\nimport {\n ISecret,\n ISecretAttachmentTarget,\n RotationSchedule,\n RotationScheduleOptions,\n} from \"aws-cdk-lib/aws-secretsmanager\";\nimport { IKey } from \"aws-cdk-lib/aws-kms\";\nimport {\n Grant,\n IGrantable,\n PolicyStatement,\n AddToResourcePolicyResult,\n} from \"aws-cdk-lib/aws-iam\";\n\n// It is a consumer if the environment is ephemeral\nfunction checkEnvIsConsumer(env = process.env): boolean {\n return (\n env.PROJECT_ENV === CDK.ENV.PERSONAL ||\n !!env.CDK_ENV_PERSONAL ||\n /** @deprecated */ env.PROJECT_ENV === \"ephemeral\" ||\n /** @deprecated */ !!env.CDK_ENV_EPHEMERAL\n );\n}\n\nfunction checkEnvIsProvider(env = process.env): boolean {\n return env.PROJECT_ENV === CDK.ENV.SANDBOX;\n}\n\nfunction cleanName(name: string): string {\n return name.replace(/[^a-zA-Z0-9:-]/g, \"\");\n}\n\nfunction exportEnvName(name: string, env = process.env): string {\n let rawName;\n if (checkEnvIsProvider(env)) {\n rawName = `env-${env.PROJECT_ENV}-${env.PROJECT_KEY}-${name}`;\n // Clean the entire name to only allow alphanumeric, colons, and hyphens\n return cleanName(rawName);\n } else {\n if (checkEnvIsConsumer(env)) {\n rawName = `env-${CDK.ENV.SANDBOX}-${env.PROJECT_KEY}-${name}`;\n } else {\n rawName = `env-${env.PROJECT_ENV}-${env.PROJECT_KEY}-${name}`;\n }\n }\n return cleanName(rawName);\n}\n\nexport interface JaypieEnvSecretProps {\n consumer?: boolean;\n envKey?: string;\n export?: string;\n provider?: boolean;\n roleTag?: string;\n vendorTag?: string;\n value?: string;\n}\n\nexport class JaypieEnvSecret extends Construct implements ISecret {\n private readonly _envKey?: string;\n private readonly _secret: secretsmanager.ISecret;\n\n constructor(scope: Construct, id: string, props?: JaypieEnvSecretProps) {\n super(scope, id);\n\n const {\n consumer = checkEnvIsConsumer(),\n envKey,\n export: exportParam,\n provider = checkEnvIsProvider(),\n roleTag,\n vendorTag,\n value,\n } = props || {};\n\n this._envKey = envKey;\n\n let exportName;\n\n if (!exportParam) {\n exportName = exportEnvName(id);\n } else {\n exportName = cleanName(exportParam);\n }\n\n if (consumer) {\n const secretName = Fn.importValue(exportName);\n this._secret = secretsmanager.Secret.fromSecretNameV2(\n this,\n id,\n secretName,\n );\n\n // Add CfnOutput for consumer secrets\n new CfnOutput(this, `ConsumedName`, {\n value: this._secret.secretName,\n });\n } else {\n const secretValue =\n envKey && process.env[envKey] ? process.env[envKey] : value;\n\n const secretProps: secretsmanager.SecretProps = {\n secretStringValue: secretValue\n ? SecretValue.unsafePlainText(secretValue)\n : undefined,\n };\n\n this._secret = new secretsmanager.Secret(this, id, secretProps);\n\n if (roleTag) {\n Tags.of(this._secret).add(CDK.TAG.ROLE, roleTag);\n }\n\n if (vendorTag) {\n Tags.of(this._secret).add(CDK.TAG.VENDOR, vendorTag);\n }\n\n if (provider) {\n new CfnOutput(this, `ProvidedName`, {\n value: this._secret.secretName,\n exportName,\n });\n } else {\n new CfnOutput(this, `CreatedName`, {\n value: this._secret.secretName,\n });\n }\n }\n }\n\n // IResource implementation\n public get stack(): Stack {\n return Stack.of(this);\n }\n\n public get env(): { account: string; region: string } {\n return {\n account: Stack.of(this).account,\n region: Stack.of(this).region,\n };\n }\n\n public applyRemovalPolicy(policy: RemovalPolicy): void {\n this._secret.applyRemovalPolicy(policy);\n }\n\n // ISecret implementation\n public get secretArn(): string {\n return this._secret.secretArn;\n }\n\n public get secretName(): string {\n return this._secret.secretName;\n }\n\n public get secretFullArn(): string | undefined {\n return this._secret.secretFullArn;\n }\n\n public get encryptionKey(): IKey | undefined {\n return this._secret.encryptionKey;\n }\n\n public get secretValue(): SecretValue {\n return this._secret.secretValue;\n }\n\n public secretValueFromJson(key: string): SecretValue {\n return this._secret.secretValueFromJson(key);\n }\n\n public grantRead(grantee: IGrantable, versionStages?: string[]): Grant {\n return this._secret.grantRead(grantee, versionStages);\n }\n\n public grantWrite(grantee: IGrantable): Grant {\n return this._secret.grantWrite(grantee);\n }\n\n public addRotationSchedule(\n id: string,\n options: RotationScheduleOptions,\n ): RotationSchedule {\n return this._secret.addRotationSchedule(id, options);\n }\n\n public addToResourcePolicy(\n statement: PolicyStatement,\n ): AddToResourcePolicyResult {\n return this._secret.addToResourcePolicy(statement);\n }\n\n public denyAccountRootDelete(): void {\n this._secret.denyAccountRootDelete();\n }\n\n public attach(target: ISecretAttachmentTarget): ISecret {\n return this._secret.attach(target);\n }\n\n public get envKey(): string | undefined {\n return this._envKey;\n }\n}\n","import { CDK } from \"@jaypie/cdk\";\nimport * as cdk from \"aws-cdk-lib\";\nimport { ServicePrincipal } from \"aws-cdk-lib/aws-iam\";\nimport {\n LogGroup,\n FilterPattern,\n RetentionDays,\n ILogGroup,\n} from \"aws-cdk-lib/aws-logs\";\nimport { HostedZone, IHostedZone } from \"aws-cdk-lib/aws-route53\";\nimport { Construct } from \"constructs\";\nimport { LambdaDestination } from \"aws-cdk-lib/aws-logs-destinations\";\n\nconst SERVICE = {\n ROUTE53: \"route53.amazonaws.com\",\n} as const;\n\ninterface JaypieHostedZoneProps {\n /**\n * The domain name for the hosted zone\n */\n zoneName: string;\n /**\n * The service tag value\n * @default CDK.SERVICE.INFRASTRUCTURE\n */\n service?: string;\n /**\n * Optional project tag value\n */\n project?: string;\n /**\n * Optional log destination\n */\n destination?: LambdaDestination;\n}\n\nexport class JaypieHostedZone extends Construct {\n public readonly hostedZone: IHostedZone;\n public readonly logGroup: ILogGroup;\n\n /**\n * Create a new hosted zone with query logging\n */\n constructor(scope: Construct, id: string, props: JaypieHostedZoneProps) {\n super(scope, id);\n\n const { destination, zoneName, project } = props;\n const service = props.service || CDK.SERVICE.INFRASTRUCTURE;\n\n // Create the log group\n this.logGroup = new LogGroup(this, \"LogGroup\", {\n logGroupName: process.env.PROJECT_NONCE\n ? `/aws/route53/${zoneName}-${process.env.PROJECT_NONCE}`\n : `/aws/route53/${zoneName}`,\n retention: RetentionDays.ONE_WEEK,\n });\n\n // Add tags\n cdk.Tags.of(this.logGroup).add(CDK.TAG.SERVICE, service);\n cdk.Tags.of(this.logGroup).add(CDK.TAG.ROLE, CDK.ROLE.NETWORKING);\n if (project) {\n cdk.Tags.of(this.logGroup).add(CDK.TAG.PROJECT, project);\n }\n\n // Grant Route 53 permissions to write to the log group\n this.logGroup.grantWrite(new ServicePrincipal(SERVICE.ROUTE53));\n\n // Add destination if provided\n if (destination) {\n this.logGroup.addSubscriptionFilter(\"DatadogLambdaDestination\", {\n destination,\n filterPattern: FilterPattern.allEvents(),\n });\n }\n\n // Create the hosted zone\n this.hostedZone = new HostedZone(this, \"HostedZone\", {\n queryLogsLogGroupArn: this.logGroup.logGroupArn,\n zoneName,\n });\n\n // Add tags\n cdk.Tags.of(this.hostedZone).add(CDK.TAG.SERVICE, service);\n cdk.Tags.of(this.hostedZone).add(CDK.TAG.ROLE, CDK.ROLE.NETWORKING);\n if (project) {\n cdk.Tags.of(this.hostedZone).add(CDK.TAG.PROJECT, project);\n }\n }\n}\n","import { Construct } from \"constructs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport { JaypieEnvSecret, JaypieEnvSecretProps } from \"./JaypieEnvSecret\";\n\nexport class JaypieMongoDbSecret extends JaypieEnvSecret {\n constructor(\n scope: Construct,\n id = \"MongoConnectionString\",\n props?: JaypieEnvSecretProps,\n ) {\n const defaultProps: JaypieEnvSecretProps = {\n envKey: \"MONGODB_URI\",\n roleTag: CDK.ROLE.STORAGE,\n vendorTag: CDK.VENDOR.MONGODB,\n ...props,\n };\n\n super(scope, id, defaultProps);\n }\n}\n","import { Construct } from \"constructs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport { JaypieEnvSecret, JaypieEnvSecretProps } from \"./JaypieEnvSecret\";\n\nexport class JaypieOpenAiSecret extends JaypieEnvSecret {\n constructor(\n scope: Construct,\n id = \"OpenAiApiKey\",\n props?: JaypieEnvSecretProps,\n ) {\n const defaultProps: JaypieEnvSecretProps = {\n envKey: \"OPENAI_API_KEY\",\n roleTag: CDK.ROLE.PROCESSING,\n vendorTag: CDK.VENDOR.OPENAI,\n ...props,\n };\n\n super(scope, id, defaultProps);\n }\n}\n","import { Construct } from \"constructs\";\nimport { Duration, Tags, Stack, RemovalPolicy } from \"aws-cdk-lib\";\nimport * as lambda from \"aws-cdk-lib/aws-lambda\";\nimport * as sqs from \"aws-cdk-lib/aws-sqs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport * as lambdaEventSources from \"aws-cdk-lib/aws-lambda-event-sources\";\nimport * as iam from \"aws-cdk-lib/aws-iam\";\nimport * as cloudwatch from \"aws-cdk-lib/aws-cloudwatch\";\nimport * as kms from \"aws-cdk-lib/aws-kms\";\nimport * as secretsmanager from \"aws-cdk-lib/aws-secretsmanager\";\nimport { JaypieEnvSecret } from \"./JaypieEnvSecret.js\";\n\nexport interface JaypieQueuedLambdaProps {\n batchSize?: number;\n code: lambda.Code | string;\n environment?: { [key: string]: string };\n envSecrets?: { [key: string]: secretsmanager.ISecret };\n fifo?: boolean;\n handler: string;\n layers?: lambda.ILayerVersion[];\n logRetention?: number;\n memorySize?: number;\n paramsAndSecrets?: lambda.ParamsAndSecretsLayerVersion;\n reservedConcurrentExecutions?: number;\n roleTag?: string;\n runtime?: lambda.Runtime;\n secrets?: JaypieEnvSecret[];\n timeout?: Duration | number;\n vendorTag?: string;\n visibilityTimeout?: Duration | number;\n}\n\nexport class JaypieQueuedLambda\n extends Construct\n implements lambda.IFunction, sqs.IQueue\n{\n private readonly _queue: sqs.Queue;\n private readonly _lambda: lambda.Function;\n private readonly _code: lambda.Code;\n\n constructor(scope: Construct, id: string, props: JaypieQueuedLambdaProps) {\n super(scope, id);\n\n const {\n batchSize = 1,\n code,\n environment = {},\n envSecrets = {},\n fifo = true,\n handler = \"index.handler\",\n layers = [],\n logRetention = CDK.LAMBDA.LOG_RETENTION,\n memorySize = CDK.LAMBDA.MEMORY_SIZE,\n paramsAndSecrets,\n reservedConcurrentExecutions,\n roleTag,\n runtime = lambda.Runtime.NODEJS_20_X,\n secrets = [],\n timeout = Duration.seconds(CDK.DURATION.LAMBDA_WORKER),\n vendorTag,\n visibilityTimeout = Duration.seconds(CDK.DURATION.LAMBDA_WORKER),\n } = props;\n\n this._code = typeof code === \"string\" ? lambda.Code.fromAsset(code) : code;\n\n // Create SQS Queue\n this._queue = new sqs.Queue(this, \"Queue\", {\n fifo,\n visibilityTimeout:\n typeof visibilityTimeout === \"number\"\n ? Duration.seconds(visibilityTimeout)\n : visibilityTimeout,\n });\n if (roleTag) {\n Tags.of(this._queue).add(CDK.TAG.ROLE, roleTag);\n }\n if (vendorTag) {\n Tags.of(this._queue).add(CDK.TAG.VENDOR, vendorTag);\n }\n\n // Process secrets environment variables\n const secretsEnvironment = Object.entries(envSecrets).reduce(\n (acc, [key, secret]) => ({\n ...acc,\n [`SECRET_${key}`]: secret.secretName,\n }),\n {},\n );\n\n // Process JaypieEnvSecret array\n const jaypieSecretsEnvironment = secrets.reduce((acc, secret) => {\n if (secret.envKey) {\n return {\n ...acc,\n [`SECRET_${secret.envKey}`]: secret.secretName,\n };\n }\n return acc;\n }, {});\n\n // Create Lambda Function\n this._lambda = new lambda.Function(this, \"Function\", {\n code: this._code,\n environment: {\n CDK_ENV_QUEUE_URL: this._queue.queueUrl,\n ...environment,\n ...secretsEnvironment,\n ...jaypieSecretsEnvironment,\n },\n handler,\n layers,\n logRetention,\n memorySize,\n paramsAndSecrets,\n reservedConcurrentExecutions,\n runtime,\n timeout:\n typeof timeout === \"number\" ? Duration.seconds(timeout) : timeout,\n });\n\n // Grant secret read permissions\n Object.values(envSecrets).forEach((secret) => {\n secret.grantRead(this._lambda);\n });\n\n // Grant read permissions for JaypieEnvSecrets\n secrets.forEach((secret) => {\n secret.grantRead(this);\n secret.grantRead(this._lambda);\n });\n\n this._queue.grantConsumeMessages(this._lambda);\n this._queue.grantSendMessages(this._lambda);\n this._lambda.addEventSource(\n new lambdaEventSources.SqsEventSource(this._queue, {\n batchSize,\n }),\n );\n if (roleTag) {\n Tags.of(this._lambda).add(CDK.TAG.ROLE, roleTag);\n }\n if (vendorTag) {\n Tags.of(this._lambda).add(CDK.TAG.VENDOR, vendorTag);\n }\n }\n\n // Public accessors\n public get queue(): sqs.Queue {\n return this._queue;\n }\n\n public get lambda(): lambda.Function {\n return this._lambda;\n }\n\n public get code(): lambda.Code {\n return this._code;\n }\n\n // IFunction implementation\n public get functionArn(): string {\n return this._lambda.functionArn;\n }\n\n public get functionName(): string {\n return this._lambda.functionName;\n }\n\n public get grantPrincipal(): import(\"aws-cdk-lib/aws-iam\").IPrincipal {\n return this._lambda.grantPrincipal;\n }\n\n public get role(): import(\"aws-cdk-lib/aws-iam\").IRole | undefined {\n return this._lambda.role;\n }\n\n public get architecture(): lambda.Architecture {\n return this._lambda.architecture;\n }\n\n public get connections(): import(\"aws-cdk-lib/aws-ec2\").Connections {\n return this._lambda.connections;\n }\n\n public get isBoundToVpc(): boolean {\n return this._lambda.isBoundToVpc;\n }\n\n public get latestVersion(): lambda.IVersion {\n return this._lambda.latestVersion;\n }\n\n public get permissionsNode(): import(\"constructs\").Node {\n return this._lambda.permissionsNode;\n }\n\n public get resourceArnsForGrantInvoke(): string[] {\n return this._lambda.resourceArnsForGrantInvoke;\n }\n\n public addEventSource(source: lambda.IEventSource): void {\n this._lambda.addEventSource(source);\n }\n\n public addEventSourceMapping(\n id: string,\n options: lambda.EventSourceMappingOptions,\n ): lambda.EventSourceMapping {\n return this._lambda.addEventSourceMapping(id, options);\n }\n\n public addFunctionUrl(\n options?: lambda.FunctionUrlOptions,\n ): lambda.FunctionUrl {\n return this._lambda.addFunctionUrl(options);\n }\n\n public addPermission(id: string, permission: lambda.Permission): void {\n this._lambda.addPermission(id, permission);\n }\n\n public addToRolePolicy(\n statement: import(\"aws-cdk-lib/aws-iam\").PolicyStatement,\n ): void {\n this._lambda.addToRolePolicy(statement);\n }\n\n public configureAsyncInvoke(options: lambda.EventInvokeConfigOptions): void {\n this._lambda.configureAsyncInvoke(options);\n }\n\n public grantInvoke(\n grantee: import(\"aws-cdk-lib/aws-iam\").IGrantable,\n ): import(\"aws-cdk-lib/aws-iam\").Grant {\n return this._lambda.grantInvoke(grantee);\n }\n\n public grantInvokeCompositePrincipal(\n compositePrincipal: import(\"aws-cdk-lib/aws-iam\").CompositePrincipal,\n ): import(\"aws-cdk-lib/aws-iam\").Grant[] {\n return this._lambda.grantInvokeCompositePrincipal(compositePrincipal);\n }\n\n public grantInvokeUrl(\n grantee: import(\"aws-cdk-lib/aws-iam\").IGrantable,\n ): import(\"aws-cdk-lib/aws-iam\").Grant {\n return this._lambda.grantInvokeUrl(grantee);\n }\n\n public metric(\n metricName: string,\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metric(metricName, props);\n }\n\n public metricDuration(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricDuration(props);\n }\n\n public metricErrors(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricErrors(props);\n }\n\n public metricInvocations(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricInvocations(props);\n }\n\n public metricThrottles(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricThrottles(props);\n }\n\n // Additional IFunction implementation\n public grantInvokeLatestVersion(grantee: iam.IGrantable): iam.Grant {\n return this._lambda.grantInvokeLatestVersion(grantee);\n }\n\n public grantInvokeVersion(\n grantee: iam.IGrantable,\n version: lambda.Version,\n ): iam.Grant {\n return this._lambda.grantInvokeVersion(grantee, version);\n }\n\n public get env() {\n return {\n account: Stack.of(this).account,\n region: Stack.of(this).region,\n };\n }\n\n public get stack(): Stack {\n return this._lambda.stack;\n }\n\n public applyRemovalPolicy(policy: RemovalPolicy): void {\n this._lambda.applyRemovalPolicy(policy);\n this._queue.applyRemovalPolicy(policy);\n }\n\n // IQueue implementation\n public get fifo(): boolean {\n return this._queue.fifo;\n }\n\n public get queueArn(): string {\n return this._queue.queueArn;\n }\n\n public get queueName(): string {\n return this._queue.queueName;\n }\n\n public get queueUrl(): string {\n return this._queue.queueUrl;\n }\n\n public get encryptionMasterKey(): kms.IKey | undefined {\n return this._queue.encryptionMasterKey;\n }\n\n public addToResourcePolicy(\n statement: iam.PolicyStatement,\n ): iam.AddToResourcePolicyResult {\n return this._queue.addToResourcePolicy(statement);\n }\n\n public grant(grantee: iam.IGrantable, ...actions: string[]): iam.Grant {\n return this._queue.grant(grantee, ...actions);\n }\n\n public grantConsumeMessages(grantee: iam.IGrantable): iam.Grant {\n return this._queue.grantConsumeMessages(grantee);\n }\n\n public grantPurge(grantee: iam.IGrantable): iam.Grant {\n return this._queue.grantPurge(grantee);\n }\n\n public grantSendMessages(grantee: iam.IGrantable): iam.Grant {\n return this._queue.grantSendMessages(grantee);\n }\n\n // Queue metrics\n public metricApproximateAgeOfOldestMessage(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateAgeOfOldestMessage(props);\n }\n\n public metricApproximateNumberOfMessagesDelayed(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateNumberOfMessagesDelayed(props);\n }\n\n public metricApproximateNumberOfMessagesNotVisible(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateNumberOfMessagesNotVisible(props);\n }\n\n public metricApproximateNumberOfMessagesVisible(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateNumberOfMessagesVisible(props);\n }\n\n public metricNumberOfEmptyReceives(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfEmptyReceives(props);\n }\n\n public metricNumberOfMessagesDeleted(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfMessagesDeleted(props);\n }\n\n public metricNumberOfMessagesReceived(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfMessagesReceived(props);\n }\n\n public metricNumberOfMessagesSent(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfMessagesSent(props);\n }\n\n public metricSentMessageSize(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricSentMessageSize(props);\n }\n}\n","import { Construct } from \"constructs\";\nimport { Tags, Duration } from \"aws-cdk-lib\";\nimport * as sso from \"aws-cdk-lib/aws-sso\";\nimport { CDK } from \"@jaypie/cdk\";\n\n/**\n * Account categories for SSO group assignments\n */\nexport interface JaypieSsoAccountMap {\n development: string[];\n management: string[];\n operations: string[];\n production: string[];\n sandbox: string[];\n security: string[];\n stage: string[];\n}\n\n/**\n * Mapping of group types to Google Workspace group GUIDs\n */\nexport interface JaypieSsoGroupMap {\n administrators: string;\n analysts: string;\n developers: string;\n}\n\n/**\n * Properties for the JaypieSsoGroups construct\n */\nexport interface JaypieSsoGroupsProps {\n /**\n * ARN of the IAM Identity Center instance\n */\n instanceArn: string;\n\n /**\n * Mapping of account categories to AWS account IDs\n */\n accountMap: JaypieSsoAccountMap;\n\n /**\n * Mapping of group types to Google Workspace group GUIDs\n */\n groupMap: JaypieSsoGroupMap;\n}\n\n/**\n * Permission set types with corresponding AWS managed policies\n */\nexport enum PermissionSetType {\n ADMINISTRATOR = \"Administrator\",\n ANALYST = \"Analyst\",\n DEVELOPER = \"Developer\",\n}\n\n/**\n * Construct to simplify AWS SSO group management.\n * This construct encapsulates the complexity of creating permission sets\n * and assigning them to groups across multiple AWS accounts.\n */\nexport class JaypieSsoGroups extends Construct {\n private readonly permissionSets: Record<\n PermissionSetType,\n sso.CfnPermissionSet\n > = {} as Record<PermissionSetType, sso.CfnPermissionSet>;\n private readonly instanceArn: string;\n\n constructor(scope: Construct, id: string, props: JaypieSsoGroupsProps) {\n super(scope, id);\n\n this.instanceArn = props.instanceArn;\n\n // Create the permission sets\n this.createAdministratorPermissionSet();\n this.createAnalystPermissionSet();\n this.createDeveloperPermissionSet();\n\n // Create the assignments\n this.createPermissionSetAssignments(props);\n }\n\n /**\n * Creates the Administrator permission set with AdministratorAccess policy\n * and billing access\n */\n private createAdministratorPermissionSet(): void {\n const permissionSet = new sso.CfnPermissionSet(\n this,\n \"AdministratorPermissionSet\",\n {\n instanceArn: this.instanceArn,\n name: PermissionSetType.ADMINISTRATOR,\n description:\n \"Full administrative access to all AWS services and resources\",\n sessionDuration: Duration.hours(8).toIsoString(),\n managedPolicies: [\"arn:aws:iam::aws:policy/AdministratorAccess\"],\n inlinePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Effect: \"Allow\",\n Action: [\n \"aws-portal:ViewBilling\",\n \"aws-portal:ModifyBilling\",\n \"aws-portal:ViewAccount\",\n \"aws-portal:ModifyAccount\",\n \"budgets:ViewBudget\",\n \"budgets:ModifyBudget\",\n ],\n Resource: \"*\",\n },\n ],\n },\n },\n );\n\n Tags.of(permissionSet).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n\n this.permissionSets[PermissionSetType.ADMINISTRATOR] = permissionSet;\n }\n\n /**\n * Creates the Analyst permission set with ReadOnlyAccess policy\n * and limited write access\n */\n private createAnalystPermissionSet(): void {\n const permissionSet = new sso.CfnPermissionSet(\n this,\n \"AnalystPermissionSet\",\n {\n instanceArn: this.instanceArn,\n name: PermissionSetType.ANALYST,\n description:\n \"Read-only access with billing visibility and limited write access\",\n sessionDuration: Duration.hours(4).toIsoString(),\n managedPolicies: [\"arn:aws:iam::aws:policy/ReadOnlyAccess\"],\n inlinePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Effect: \"Allow\",\n Action: [\n \"aws-portal:ViewBilling\",\n \"aws-portal:ViewAccount\",\n \"budgets:ViewBudget\",\n \"cloudwatch:PutDashboard\",\n \"cloudwatch:PutMetricData\",\n \"s3:PutObject\",\n \"s3:GetObject\",\n \"s3:ListBucket\",\n ],\n Resource: \"*\",\n },\n ],\n },\n },\n );\n\n Tags.of(permissionSet).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n\n this.permissionSets[PermissionSetType.ANALYST] = permissionSet;\n }\n\n /**\n * Creates the Developer permission set with SystemAdministrator policy\n * and expanded write access\n */\n private createDeveloperPermissionSet(): void {\n const permissionSet = new sso.CfnPermissionSet(\n this,\n \"DeveloperPermissionSet\",\n {\n instanceArn: this.instanceArn,\n name: PermissionSetType.DEVELOPER,\n description:\n \"System administrator access with expanded write permissions\",\n sessionDuration: Duration.hours(8).toIsoString(),\n managedPolicies: [\n \"arn:aws:iam::aws:policy/job-function/SystemAdministrator\",\n ],\n inlinePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Effect: \"Allow\",\n Action: [\n \"cloudwatch:*\",\n \"logs:*\",\n \"lambda:*\",\n \"apigateway:*\",\n \"dynamodb:*\",\n \"s3:*\",\n \"sns:*\",\n \"sqs:*\",\n \"events:*\",\n \"ecr:*\",\n \"ecs:*\",\n \"codebuild:*\",\n ],\n Resource: \"*\",\n },\n {\n Effect: \"Deny\",\n Action: [\n \"iam:*User*\",\n \"iam:*Role*\",\n \"iam:*Policy*\",\n \"organizations:*\",\n \"account:*\",\n ],\n Resource: \"*\",\n },\n ],\n },\n },\n );\n\n Tags.of(permissionSet).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n\n this.permissionSets[PermissionSetType.DEVELOPER] = permissionSet;\n }\n\n /**\n * Gets the permission set for the specified type\n */\n public getPermissionSet(type: PermissionSetType): sso.CfnPermissionSet {\n return this.permissionSets[type];\n }\n\n /**\n * Creates assignments between permission sets, groups, and accounts\n * based on the provided configuration\n */\n private createPermissionSetAssignments(props: JaypieSsoGroupsProps): void {\n // Administrator assignments\n this.assignAdministratorPermissions(props);\n\n // Analyst assignments\n this.assignAnalystPermissions(props);\n\n // Developer assignments\n this.assignDeveloperPermissions(props);\n }\n\n /**\n * Assigns Administrator permissions to appropriate accounts\n */\n private assignAdministratorPermissions(props: JaypieSsoGroupsProps): void {\n const administratorGroup = props.groupMap.administrators;\n const administratorPermissionSet =\n this.permissionSets[PermissionSetType.ADMINISTRATOR];\n\n // Administrators get access to all accounts\n const allAccounts = [\n ...props.accountMap.development,\n ...props.accountMap.management,\n ...props.accountMap.operations,\n ...props.accountMap.production,\n ...props.accountMap.sandbox,\n ...props.accountMap.security,\n ...props.accountMap.stage,\n ];\n\n // Create assignments for each account\n allAccounts.forEach((accountId, index) => {\n const assignment = new sso.CfnAssignment(\n this,\n `AdministratorAssignment${index}`,\n {\n instanceArn: this.instanceArn,\n permissionSetArn: administratorPermissionSet.attrPermissionSetArn,\n principalId: administratorGroup,\n principalType: \"GROUP\",\n targetId: accountId,\n targetType: \"AWS_ACCOUNT\",\n },\n );\n\n Tags.of(assignment).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n Tags.of(assignment).add(\"Group\", \"administrators\");\n });\n }\n\n /**\n * Assigns Analyst permissions to appropriate accounts\n */\n private assignAnalystPermissions(props: JaypieSsoGroupsProps): void {\n const analystGroup = props.groupMap.analysts;\n const analystPermissionSet = this.permissionSets[PermissionSetType.ANALYST];\n\n // Analysts get access to development, management, sandbox, and stage accounts\n const analystAccounts = [\n ...props.accountMap.development,\n ...props.accountMap.management,\n ...props.accountMap.sandbox,\n ...props.accountMap.stage,\n ];\n\n // Create assignments for each account\n analystAccounts.forEach((accountId, index) => {\n const assignment = new sso.CfnAssignment(\n this,\n `AnalystAssignment${index}`,\n {\n instanceArn: this.instanceArn,\n permissionSetArn: analystPermissionSet.attrPermissionSetArn,\n principalId: analystGroup,\n principalType: \"GROUP\",\n targetId: accountId,\n targetType: \"AWS_ACCOUNT\",\n },\n );\n\n Tags.of(assignment).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n Tags.of(assignment).add(\"Group\", \"analysts\");\n });\n }\n\n /**\n * Assigns Developer permissions to appropriate accounts\n */\n private assignDeveloperPermissions(props: JaypieSsoGroupsProps): void {\n const developerGroup = props.groupMap.developers;\n const developerPermissionSet =\n this.permissionSets[PermissionSetType.DEVELOPER];\n\n // Developers get access to development, sandbox, and stage accounts\n const developerAccounts = [\n ...props.accountMap.development,\n ...props.accountMap.sandbox,\n ...props.accountMap.stage,\n ];\n\n // Create assignments for each account\n developerAccounts.forEach((accountId, index) => {\n const assignment = new sso.CfnAssignment(\n this,\n `DeveloperAssignment${index}`,\n {\n instanceArn: this.instanceArn,\n permissionSetArn: developerPermissionSet.attrPermissionSetArn,\n principalId: developerGroup,\n principalType: \"GROUP\",\n targetId: accountId,\n targetType: \"AWS_ACCOUNT\",\n },\n );\n\n Tags.of(assignment).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n Tags.of(assignment).add(\"Group\", \"developers\");\n });\n }\n}\n","import { Construct } from \"constructs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport { JaypieEnvSecret, JaypieEnvSecretProps } from \"./JaypieEnvSecret\";\n\nexport class JaypieTraceSigningKeySecret extends JaypieEnvSecret {\n constructor(\n scope: Construct,\n id = \"TraceSigningKey\",\n props?: JaypieEnvSecretProps,\n ) {\n const defaultProps: JaypieEnvSecretProps = {\n envKey: \"TRACE_SIGNING_KEY\",\n roleTag: CDK.ROLE.API,\n vendorTag: CDK.VENDOR.KNOWTRACE,\n ...props,\n };\n\n super(scope, id, defaultProps);\n }\n}\n"],"names":["CDK","Construct","Fn","secretsmanager","CfnOutput","SecretValue","Tags","Stack","LogGroup","RetentionDays","cdk","ServicePrincipal","FilterPattern","HostedZone","lambda","Duration","sqs","lambdaEventSources","PermissionSetType","sso"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAyBA;AACA,SAAS,kBAAkB,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,EAAA;IAC3C,QACE,GAAG,CAAC,WAAW,KAAKA,SAAG,CAAC,GAAG,CAAC,QAAQ;QACpC,CAAC,CAAC,GAAG,CAAC,gBAAgB;AACtB,2BAAmB,GAAG,CAAC,WAAW,KAAK,WAAW;AAClD,2BAAmB,CAAC,CAAC,GAAG,CAAC,iBAAiB;AAE9C;AAEA,SAAS,kBAAkB,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,EAAA;IAC3C,OAAO,GAAG,CAAC,WAAW,KAAKA,SAAG,CAAC,GAAG,CAAC,OAAO;AAC5C;AAEA,SAAS,SAAS,CAAC,IAAY,EAAA;IAC7B,OAAO,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,EAAE,CAAC;AAC5C;AAEA,SAAS,aAAa,CAAC,IAAY,EAAE,GAAG,GAAG,OAAO,CAAC,GAAG,EAAA;AACpD,IAAA,IAAI,OAAO;AACX,IAAA,IAAI,kBAAkB,CAAC,GAAG,CAAC,EAAE;AAC3B,QAAA,OAAO,GAAG,CAAA,IAAA,EAAO,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,IAAI,CAAA,CAAE;;AAE7D,QAAA,OAAO,SAAS,CAAC,OAAO,CAAC;;SACpB;AACL,QAAA,IAAI,kBAAkB,CAAC,GAAG,CAAC,EAAE;AAC3B,YAAA,OAAO,GAAG,CAAA,IAAA,EAAOA,SAAG,CAAC,GAAG,CAAC,OAAO,CAAI,CAAA,EAAA,GAAG,CAAC,WAAW,CAAI,CAAA,EAAA,IAAI,EAAE;;aACxD;AACL,YAAA,OAAO,GAAG,CAAA,IAAA,EAAO,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,IAAI,CAAA,CAAE;;;AAGjE,IAAA,OAAO,SAAS,CAAC,OAAO,CAAC;AAC3B;AAYM,MAAO,eAAgB,SAAQC,oBAAS,CAAA;AAI5C,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA4B,EAAA;AACpE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;QAEhB,MAAM,EACJ,QAAQ,GAAG,kBAAkB,EAAE,EAC/B,MAAM,EACN,MAAM,EAAE,WAAW,EACnB,QAAQ,GAAG,kBAAkB,EAAE,EAC/B,OAAO,EACP,SAAS,EACT,KAAK,GACN,GAAG,KAAK,IAAI,EAAE;AAEf,QAAA,IAAI,CAAC,OAAO,GAAG,MAAM;AAErB,QAAA,IAAI,UAAU;QAEd,IAAI,CAAC,WAAW,EAAE;AAChB,YAAA,UAAU,GAAG,aAAa,CAAC,EAAE,CAAC;;aACzB;AACL,YAAA,UAAU,GAAG,SAAS,CAAC,WAAW,CAAC;;QAGrC,IAAI,QAAQ,EAAE;YACZ,MAAM,UAAU,GAAGC,MAAE,CAAC,WAAW,CAAC,UAAU,CAAC;AAC7C,YAAA,IAAI,CAAC,OAAO,GAAGC,yBAAc,CAAC,MAAM,CAAC,gBAAgB,CACnD,IAAI,EACJ,EAAE,EACF,UAAU,CACX;;AAGD,YAAA,IAAIC,aAAS,CAAC,IAAI,EAAE,cAAc,EAAE;AAClC,gBAAA,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU;AAC/B,aAAA,CAAC;;aACG;YACL,MAAM,WAAW,GACf,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,KAAK;AAE7D,YAAA,MAAM,WAAW,GAA+B;AAC9C,gBAAA,iBAAiB,EAAE;AACjB,sBAAEC,eAAW,CAAC,eAAe,CAAC,WAAW;AACzC,sBAAE,SAAS;aACd;AAED,YAAA,IAAI,CAAC,OAAO,GAAG,IAAIF,yBAAc,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,EAAE,WAAW,CAAC;YAE/D,IAAI,OAAO,EAAE;AACX,gBAAAG,QAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC;;YAGlD,IAAI,SAAS,EAAE;AACb,gBAAAM,QAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC;;YAGtD,IAAI,QAAQ,EAAE;AACZ,gBAAA,IAAII,aAAS,CAAC,IAAI,EAAE,cAAc,EAAE;AAClC,oBAAA,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU;oBAC9B,UAAU;AACX,iBAAA,CAAC;;iBACG;AACL,gBAAA,IAAIA,aAAS,CAAC,IAAI,EAAE,aAAa,EAAE;AACjC,oBAAA,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU;AAC/B,iBAAA,CAAC;;;;;AAMR,IAAA,IAAW,KAAK,GAAA;AACd,QAAA,OAAOG,SAAK,CAAC,EAAE,CAAC,IAAI,CAAC;;AAGvB,IAAA,IAAW,GAAG,GAAA;QACZ,OAAO;YACL,OAAO,EAAEA,SAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,OAAO;YAC/B,MAAM,EAAEA,SAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM;SAC9B;;AAGI,IAAA,kBAAkB,CAAC,MAAqB,EAAA;AAC7C,QAAA,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,CAAC;;;AAIzC,IAAA,IAAW,SAAS,GAAA;AAClB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS;;AAG/B,IAAA,IAAW,UAAU,GAAA;AACnB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU;;AAGhC,IAAA,IAAW,aAAa,GAAA;AACtB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,aAAa;;AAGnC,IAAA,IAAW,aAAa,GAAA;AACtB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,aAAa;;AAGnC,IAAA,IAAW,WAAW,GAAA;AACpB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW;;AAG1B,IAAA,mBAAmB,CAAC,GAAW,EAAA;QACpC,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,GAAG,CAAC;;IAGvC,SAAS,CAAC,OAAmB,EAAE,aAAwB,EAAA;QAC5D,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,OAAO,EAAE,aAAa,CAAC;;AAGhD,IAAA,UAAU,CAAC,OAAmB,EAAA;QACnC,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC;;IAGlC,mBAAmB,CACxB,EAAU,EACV,OAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,EAAE,EAAE,OAAO,CAAC;;AAG/C,IAAA,mBAAmB,CACxB,SAA0B,EAAA;QAE1B,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,SAAS,CAAC;;IAG7C,qBAAqB,GAAA;AAC1B,QAAA,IAAI,CAAC,OAAO,CAAC,qBAAqB,EAAE;;AAG/B,IAAA,MAAM,CAAC,MAA+B,EAAA;QAC3C,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC;;AAGpC,IAAA,IAAW,MAAM,GAAA;QACf,OAAO,IAAI,CAAC,OAAO;;AAEtB;;ACzMD,MAAM,OAAO,GAAG;AACd,IAAA,OAAO,EAAE,uBAAuB;CACxB;AAsBJ,MAAO,gBAAiB,SAAQN,oBAAS,CAAA;AAI7C;;AAEG;AACH,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA4B,EAAA;AACpE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;QAEhB,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,OAAO,EAAE,GAAG,KAAK;QAChD,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,IAAID,SAAG,CAAC,OAAO,CAAC,cAAc;;QAG3D,IAAI,CAAC,QAAQ,GAAG,IAAIQ,gBAAQ,CAAC,IAAI,EAAE,UAAU,EAAE;AAC7C,YAAA,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC;kBACtB,gBAAgB,QAAQ,CAAA,CAAA,EAAI,OAAO,CAAC,GAAG,CAAC,aAAa,CAAE;kBACvD,CAAgB,aAAA,EAAA,QAAQ,CAAE,CAAA;YAC9B,SAAS,EAAEC,qBAAa,CAAC,QAAQ;AAClC,SAAA,CAAC;;QAGFC,cAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,CAACV,SAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;QACxDU,cAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,CAACV,SAAG,CAAC,GAAG,CAAC,IAAI,EAAEA,SAAG,CAAC,IAAI,CAAC,UAAU,CAAC;QACjE,IAAI,OAAO,EAAE;YACXU,cAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,CAACV,SAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;;;AAI1D,QAAA,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAIW,uBAAgB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;;QAG/D,IAAI,WAAW,EAAE;AACf,YAAA,IAAI,CAAC,QAAQ,CAAC,qBAAqB,CAAC,0BAA0B,EAAE;gBAC9D,WAAW;AACX,gBAAA,aAAa,EAAEC,qBAAa,CAAC,SAAS,EAAE;AACzC,aAAA,CAAC;;;QAIJ,IAAI,CAAC,UAAU,GAAG,IAAIC,qBAAU,CAAC,IAAI,EAAE,YAAY,EAAE;AACnD,YAAA,oBAAoB,EAAE,IAAI,CAAC,QAAQ,CAAC,WAAW;YAC/C,QAAQ;AACT,SAAA,CAAC;;QAGFH,cAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,GAAG,CAACV,SAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;QAC1DU,cAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,GAAG,CAACV,SAAG,CAAC,GAAG,CAAC,IAAI,EAAEA,SAAG,CAAC,IAAI,CAAC,UAAU,CAAC;QACnE,IAAI,OAAO,EAAE;YACXU,cAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,GAAG,CAACV,SAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;;;AAG/D;;ACrFK,MAAO,mBAAoB,SAAQ,eAAe,CAAA;AACtD,IAAA,WAAA,CACE,KAAgB,EAChB,EAAE,GAAG,uBAAuB,EAC5B,KAA4B,EAAA;AAE5B,QAAA,MAAM,YAAY,GAAyB;AACzC,YAAA,MAAM,EAAE,aAAa;AACrB,YAAA,OAAO,EAAEA,SAAG,CAAC,IAAI,CAAC,OAAO;AACzB,YAAA,SAAS,EAAEA,SAAG,CAAC,MAAM,CAAC,OAAO;AAC7B,YAAA,GAAG,KAAK;SACT;AAED,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,YAAY,CAAC;;AAEjC;;ACfK,MAAO,kBAAmB,SAAQ,eAAe,CAAA;AACrD,IAAA,WAAA,CACE,KAAgB,EAChB,EAAE,GAAG,cAAc,EACnB,KAA4B,EAAA;AAE5B,QAAA,MAAM,YAAY,GAAyB;AACzC,YAAA,MAAM,EAAE,gBAAgB;AACxB,YAAA,OAAO,EAAEA,SAAG,CAAC,IAAI,CAAC,UAAU;AAC5B,YAAA,SAAS,EAAEA,SAAG,CAAC,MAAM,CAAC,MAAM;AAC5B,YAAA,GAAG,KAAK;SACT;AAED,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,YAAY,CAAC;;AAEjC;;ACaK,MAAO,kBACX,SAAQC,oBAAS,CAAA;AAOjB,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA8B,EAAA;AACtE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;AAEhB,QAAA,MAAM,EACJ,SAAS,GAAG,CAAC,EACb,IAAI,EACJ,WAAW,GAAG,EAAE,EAChB,UAAU,GAAG,EAAE,EACf,IAAI,GAAG,IAAI,EACX,OAAO,GAAG,eAAe,EACzB,MAAM,GAAG,EAAE,EACX,YAAY,GAAGD,SAAG,CAAC,MAAM,CAAC,aAAa,EACvC,UAAU,GAAGA,SAAG,CAAC,MAAM,CAAC,WAAW,EACnC,gBAAgB,EAChB,4BAA4B,EAC5B,OAAO,EACP,OAAO,GAAGc,iBAAM,CAAC,OAAO,CAAC,WAAW,EACpC,OAAO,GAAG,EAAE,EACZ,OAAO,GAAGC,YAAQ,CAAC,OAAO,CAACf,SAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,EACtD,SAAS,EACT,iBAAiB,GAAGe,YAAQ,CAAC,OAAO,CAACf,SAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,GACjE,GAAG,KAAK;QAET,IAAI,CAAC,KAAK,GAAG,OAAO,IAAI,KAAK,QAAQ,GAAGc,iBAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,IAAI;;QAG1E,IAAI,CAAC,MAAM,GAAG,IAAIE,cAAG,CAAC,KAAK,CAAC,IAAI,EAAE,OAAO,EAAE;YACzC,IAAI;AACJ,YAAA,iBAAiB,EACf,OAAO,iBAAiB,KAAK;AAC3B,kBAAED,YAAQ,CAAC,OAAO,CAAC,iBAAiB;AACpC,kBAAE,iBAAiB;AACxB,SAAA,CAAC;QACF,IAAI,OAAO,EAAE;AACX,YAAAT,QAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC;;QAEjD,IAAI,SAAS,EAAE;AACb,YAAAM,QAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC;;;QAIrD,MAAM,kBAAkB,GAAG,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,MAAM,CAC1D,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM;AACvB,YAAA,GAAG,GAAG;AACN,YAAA,CAAC,UAAU,GAAG,CAAA,CAAE,GAAG,MAAM,CAAC,UAAU;SACrC,CAAC,EACF,EAAE,CACH;;QAGD,MAAM,wBAAwB,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,MAAM,KAAI;AAC9D,YAAA,IAAI,MAAM,CAAC,MAAM,EAAE;gBACjB,OAAO;AACL,oBAAA,GAAG,GAAG;oBACN,CAAC,CAAA,OAAA,EAAU,MAAM,CAAC,MAAM,EAAE,GAAG,MAAM,CAAC,UAAU;iBAC/C;;AAEH,YAAA,OAAO,GAAG;SACX,EAAE,EAAE,CAAC;;QAGN,IAAI,CAAC,OAAO,GAAG,IAAIc,iBAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,UAAU,EAAE;YACnD,IAAI,EAAE,IAAI,CAAC,KAAK;AAChB,YAAA,WAAW,EAAE;AACX,gBAAA,iBAAiB,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;AACvC,gBAAA,GAAG,WAAW;AACd,gBAAA,GAAG,kBAAkB;AACrB,gBAAA,GAAG,wBAAwB;AAC5B,aAAA;YACD,OAAO;YACP,MAAM;YACN,YAAY;YACZ,UAAU;YACV,gBAAgB;YAChB,4BAA4B;YAC5B,OAAO;AACP,YAAA,OAAO,EACL,OAAO,OAAO,KAAK,QAAQ,GAAGC,YAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO;AACpE,SAAA,CAAC;;QAGF,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,KAAI;AAC3C,YAAA,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC;AAChC,SAAC,CAAC;;AAGF,QAAA,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,KAAI;AACzB,YAAA,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC;AACtB,YAAA,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC;AAChC,SAAC,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC;QAC9C,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC;AAC3C,QAAA,IAAI,CAAC,OAAO,CAAC,cAAc,CACzB,IAAIE,6BAAkB,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,EAAE;YACjD,SAAS;AACV,SAAA,CAAC,CACH;QACD,IAAI,OAAO,EAAE;AACX,YAAAX,QAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC;;QAElD,IAAI,SAAS,EAAE;AACb,YAAAM,QAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC;;;;AAKxD,IAAA,IAAW,KAAK,GAAA;QACd,OAAO,IAAI,CAAC,MAAM;;AAGpB,IAAA,IAAW,MAAM,GAAA;QACf,OAAO,IAAI,CAAC,OAAO;;AAGrB,IAAA,IAAW,IAAI,GAAA;QACb,OAAO,IAAI,CAAC,KAAK;;;AAInB,IAAA,IAAW,WAAW,GAAA;AACpB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW;;AAGjC,IAAA,IAAW,YAAY,GAAA;AACrB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY;;AAGlC,IAAA,IAAW,cAAc,GAAA;AACvB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc;;AAGpC,IAAA,IAAW,IAAI,GAAA;AACb,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI;;AAG1B,IAAA,IAAW,YAAY,GAAA;AACrB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY;;AAGlC,IAAA,IAAW,WAAW,GAAA;AACpB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW;;AAGjC,IAAA,IAAW,YAAY,GAAA;AACrB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY;;AAGlC,IAAA,IAAW,aAAa,GAAA;AACtB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,aAAa;;AAGnC,IAAA,IAAW,eAAe,GAAA;AACxB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe;;AAGrC,IAAA,IAAW,0BAA0B,GAAA;AACnC,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,0BAA0B;;AAGzC,IAAA,cAAc,CAAC,MAA2B,EAAA;AAC/C,QAAA,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,MAAM,CAAC;;IAG9B,qBAAqB,CAC1B,EAAU,EACV,OAAyC,EAAA;QAEzC,OAAO,IAAI,CAAC,OAAO,CAAC,qBAAqB,CAAC,EAAE,EAAE,OAAO,CAAC;;AAGjD,IAAA,cAAc,CACnB,OAAmC,EAAA;QAEnC,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,OAAO,CAAC;;IAGtC,aAAa,CAAC,EAAU,EAAE,UAA6B,EAAA;QAC5D,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,EAAE,UAAU,CAAC;;AAGrC,IAAA,eAAe,CACpB,SAAwD,EAAA;AAExD,QAAA,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,SAAS,CAAC;;AAGlC,IAAA,oBAAoB,CAAC,OAAwC,EAAA;AAClE,QAAA,IAAI,CAAC,OAAO,CAAC,oBAAoB,CAAC,OAAO,CAAC;;AAGrC,IAAA,WAAW,CAChB,OAAiD,EAAA;QAEjD,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC;;AAGnC,IAAA,6BAA6B,CAClC,kBAAoE,EAAA;QAEpE,OAAO,IAAI,CAAC,OAAO,CAAC,6BAA6B,CAAC,kBAAkB,CAAC;;AAGhE,IAAA,cAAc,CACnB,OAAiD,EAAA;QAEjD,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,OAAO,CAAC;;IAGtC,MAAM,CACX,UAAkB,EAClB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,EAAE,KAAK,CAAC;;AAGxC,IAAA,cAAc,CACnB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,KAAK,CAAC;;AAGpC,IAAA,YAAY,CACjB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,KAAK,CAAC;;AAGlC,IAAA,iBAAiB,CACtB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC,KAAK,CAAC;;AAGvC,IAAA,eAAe,CACpB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC;;;AAIrC,IAAA,wBAAwB,CAAC,OAAuB,EAAA;QACrD,OAAO,IAAI,CAAC,OAAO,CAAC,wBAAwB,CAAC,OAAO,CAAC;;IAGhD,kBAAkB,CACvB,OAAuB,EACvB,OAAuB,EAAA;QAEvB,OAAO,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,OAAO,EAAE,OAAO,CAAC;;AAG1D,IAAA,IAAW,GAAG,GAAA;QACZ,OAAO;YACL,OAAO,EAAEO,SAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,OAAO;YAC/B,MAAM,EAAEA,SAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM;SAC9B;;AAGH,IAAA,IAAW,KAAK,GAAA;AACd,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK;;AAGpB,IAAA,kBAAkB,CAAC,MAAqB,EAAA;AAC7C,QAAA,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,CAAC;AACvC,QAAA,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC,MAAM,CAAC;;;AAIxC,IAAA,IAAW,IAAI,GAAA;AACb,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI;;AAGzB,IAAA,IAAW,QAAQ,GAAA;AACjB,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ;;AAG7B,IAAA,IAAW,SAAS,GAAA;AAClB,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS;;AAG9B,IAAA,IAAW,QAAQ,GAAA;AACjB,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ;;AAG7B,IAAA,IAAW,mBAAmB,GAAA;AAC5B,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,mBAAmB;;AAGjC,IAAA,mBAAmB,CACxB,SAA8B,EAAA;QAE9B,OAAO,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC,SAAS,CAAC;;AAG5C,IAAA,KAAK,CAAC,OAAuB,EAAE,GAAG,OAAiB,EAAA;QACxD,OAAO,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,GAAG,OAAO,CAAC;;AAGxC,IAAA,oBAAoB,CAAC,OAAuB,EAAA;QACjD,OAAO,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,OAAO,CAAC;;AAG3C,IAAA,UAAU,CAAC,OAAuB,EAAA;QACvC,OAAO,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC;;AAGjC,IAAA,iBAAiB,CAAC,OAAuB,EAAA;QAC9C,OAAO,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,OAAO,CAAC;;;AAIxC,IAAA,mCAAmC,CACxC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,mCAAmC,CAAC,KAAK,CAAC;;AAGxD,IAAA,wCAAwC,CAC7C,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,wCAAwC,CAAC,KAAK,CAAC;;AAG7D,IAAA,2CAA2C,CAChD,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,2CAA2C,CAAC,KAAK,CAAC;;AAGhE,IAAA,wCAAwC,CAC7C,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,wCAAwC,CAAC,KAAK,CAAC;;AAG7D,IAAA,2BAA2B,CAChC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,2BAA2B,CAAC,KAAK,CAAC;;AAGhD,IAAA,6BAA6B,CAClC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,6BAA6B,CAAC,KAAK,CAAC;;AAGlD,IAAA,8BAA8B,CACnC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,8BAA8B,CAAC,KAAK,CAAC;;AAGnD,IAAA,0BAA0B,CAC/B,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,0BAA0B,CAAC,KAAK,CAAC;;AAG/C,IAAA,qBAAqB,CAC1B,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC,KAAK,CAAC;;AAElD;;ACtWD;;AAEG;AACSW;AAAZ,CAAA,UAAY,iBAAiB,EAAA;AAC3B,IAAA,iBAAA,CAAA,eAAA,CAAA,GAAA,eAA+B;AAC/B,IAAA,iBAAA,CAAA,SAAA,CAAA,GAAA,SAAmB;AACnB,IAAA,iBAAA,CAAA,WAAA,CAAA,GAAA,WAAuB;AACzB,CAAC,EAJWA,yBAAiB,KAAjBA,yBAAiB,GAI5B,EAAA,CAAA,CAAA;AAED;;;;AAIG;AACG,MAAO,eAAgB,SAAQjB,oBAAS,CAAA;AAO5C,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA2B,EAAA;AACnE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;QAPD,IAAc,CAAA,cAAA,GAG3B,EAAqD;AAMvD,QAAA,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC,WAAW;;QAGpC,IAAI,CAAC,gCAAgC,EAAE;QACvC,IAAI,CAAC,0BAA0B,EAAE;QACjC,IAAI,CAAC,4BAA4B,EAAE;;AAGnC,QAAA,IAAI,CAAC,8BAA8B,CAAC,KAAK,CAAC;;AAG5C;;;AAGG;IACK,gCAAgC,GAAA;QACtC,MAAM,aAAa,GAAG,IAAIkB,cAAG,CAAC,gBAAgB,CAC5C,IAAI,EACJ,4BAA4B,EAC5B;YACE,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,IAAI,EAAED,yBAAiB,CAAC,aAAa;AACrC,YAAA,WAAW,EACT,8DAA8D;YAChE,eAAe,EAAEH,YAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE;YAChD,eAAe,EAAE,CAAC,6CAA6C,CAAC;AAChE,YAAA,YAAY,EAAE;AACZ,gBAAA,OAAO,EAAE,YAAY;AACrB,gBAAA,SAAS,EAAE;AACT,oBAAA;AACE,wBAAA,MAAM,EAAE,OAAO;AACf,wBAAA,MAAM,EAAE;4BACN,wBAAwB;4BACxB,0BAA0B;4BAC1B,wBAAwB;4BACxB,0BAA0B;4BAC1B,oBAAoB;4BACpB,sBAAsB;AACvB,yBAAA;AACD,wBAAA,QAAQ,EAAE,GAAG;AACd,qBAAA;AACF,iBAAA;AACF,aAAA;AACF,SAAA,CACF;QAEDT,QAAI,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,OAAO,EAAEA,SAAG,CAAC,OAAO,CAAC,GAAG,CAAC;QAE5D,IAAI,CAAC,cAAc,CAACkB,yBAAiB,CAAC,aAAa,CAAC,GAAG,aAAa;;AAGtE;;;AAGG;IACK,0BAA0B,GAAA;QAChC,MAAM,aAAa,GAAG,IAAIC,cAAG,CAAC,gBAAgB,CAC5C,IAAI,EACJ,sBAAsB,EACtB;YACE,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,IAAI,EAAED,yBAAiB,CAAC,OAAO;AAC/B,YAAA,WAAW,EACT,mEAAmE;YACrE,eAAe,EAAEH,YAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE;YAChD,eAAe,EAAE,CAAC,wCAAwC,CAAC;AAC3D,YAAA,YAAY,EAAE;AACZ,gBAAA,OAAO,EAAE,YAAY;AACrB,gBAAA,SAAS,EAAE;AACT,oBAAA;AACE,wBAAA,MAAM,EAAE,OAAO;AACf,wBAAA,MAAM,EAAE;4BACN,wBAAwB;4BACxB,wBAAwB;4BACxB,oBAAoB;4BACpB,yBAAyB;4BACzB,0BAA0B;4BAC1B,cAAc;4BACd,cAAc;4BACd,eAAe;AAChB,yBAAA;AACD,wBAAA,QAAQ,EAAE,GAAG;AACd,qBAAA;AACF,iBAAA;AACF,aAAA;AACF,SAAA,CACF;QAEDT,QAAI,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,OAAO,EAAEA,SAAG,CAAC,OAAO,CAAC,GAAG,CAAC;QAE5D,IAAI,CAAC,cAAc,CAACkB,yBAAiB,CAAC,OAAO,CAAC,GAAG,aAAa;;AAGhE;;;AAGG;IACK,4BAA4B,GAAA;QAClC,MAAM,aAAa,GAAG,IAAIC,cAAG,CAAC,gBAAgB,CAC5C,IAAI,EACJ,wBAAwB,EACxB;YACE,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,IAAI,EAAED,yBAAiB,CAAC,SAAS;AACjC,YAAA,WAAW,EACT,6DAA6D;YAC/D,eAAe,EAAEH,YAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE;AAChD,YAAA,eAAe,EAAE;gBACf,0DAA0D;AAC3D,aAAA;AACD,YAAA,YAAY,EAAE;AACZ,gBAAA,OAAO,EAAE,YAAY;AACrB,gBAAA,SAAS,EAAE;AACT,oBAAA;AACE,wBAAA,MAAM,EAAE,OAAO;AACf,wBAAA,MAAM,EAAE;4BACN,cAAc;4BACd,QAAQ;4BACR,UAAU;4BACV,cAAc;4BACd,YAAY;4BACZ,MAAM;4BACN,OAAO;4BACP,OAAO;4BACP,UAAU;4BACV,OAAO;4BACP,OAAO;4BACP,aAAa;AACd,yBAAA;AACD,wBAAA,QAAQ,EAAE,GAAG;AACd,qBAAA;AACD,oBAAA;AACE,wBAAA,MAAM,EAAE,MAAM;AACd,wBAAA,MAAM,EAAE;4BACN,YAAY;4BACZ,YAAY;4BACZ,cAAc;4BACd,iBAAiB;4BACjB,WAAW;AACZ,yBAAA;AACD,wBAAA,QAAQ,EAAE,GAAG;AACd,qBAAA;AACF,iBAAA;AACF,aAAA;AACF,SAAA,CACF;QAEDT,QAAI,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,OAAO,EAAEA,SAAG,CAAC,OAAO,CAAC,GAAG,CAAC;QAE5D,IAAI,CAAC,cAAc,CAACkB,yBAAiB,CAAC,SAAS,CAAC,GAAG,aAAa;;AAGlE;;AAEG;AACI,IAAA,gBAAgB,CAAC,IAAuB,EAAA;AAC7C,QAAA,OAAO,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC;;AAGlC;;;AAGG;AACK,IAAA,8BAA8B,CAAC,KAA2B,EAAA;;AAEhE,QAAA,IAAI,CAAC,8BAA8B,CAAC,KAAK,CAAC;;AAG1C,QAAA,IAAI,CAAC,wBAAwB,CAAC,KAAK,CAAC;;AAGpC,QAAA,IAAI,CAAC,0BAA0B,CAAC,KAAK,CAAC;;AAGxC;;AAEG;AACK,IAAA,8BAA8B,CAAC,KAA2B,EAAA;AAChE,QAAA,MAAM,kBAAkB,GAAG,KAAK,CAAC,QAAQ,CAAC,cAAc;QACxD,MAAM,0BAA0B,GAC9B,IAAI,CAAC,cAAc,CAACA,yBAAiB,CAAC,aAAa,CAAC;;AAGtD,QAAA,MAAM,WAAW,GAAG;AAClB,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,WAAW;AAC/B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,UAAU;AAC9B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,UAAU;AAC9B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,UAAU;AAC9B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,OAAO;AAC3B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,QAAQ;AAC5B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,KAAK;SAC1B;;QAGD,WAAW,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,KAAK,KAAI;AACvC,YAAA,MAAM,UAAU,GAAG,IAAIC,cAAG,CAAC,aAAa,CACtC,IAAI,EACJ,CAAA,uBAAA,EAA0B,KAAK,CAAA,CAAE,EACjC;gBACE,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,gBAAgB,EAAE,0BAA0B,CAAC,oBAAoB;AACjE,gBAAA,WAAW,EAAE,kBAAkB;AAC/B,gBAAA,aAAa,EAAE,OAAO;AACtB,gBAAA,QAAQ,EAAE,SAAS;AACnB,gBAAA,UAAU,EAAE,aAAa;AAC1B,aAAA,CACF;YAEDb,QAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,OAAO,EAAEA,SAAG,CAAC,OAAO,CAAC,GAAG,CAAC;AACzD,YAAAM,QAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,gBAAgB,CAAC;AACpD,SAAC,CAAC;;AAGJ;;AAEG;AACK,IAAA,wBAAwB,CAAC,KAA2B,EAAA;AAC1D,QAAA,MAAM,YAAY,GAAG,KAAK,CAAC,QAAQ,CAAC,QAAQ;QAC5C,MAAM,oBAAoB,GAAG,IAAI,CAAC,cAAc,CAACY,yBAAiB,CAAC,OAAO,CAAC;;AAG3E,QAAA,MAAM,eAAe,GAAG;AACtB,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,WAAW;AAC/B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,UAAU;AAC9B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,OAAO;AAC3B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,KAAK;SAC1B;;QAGD,eAAe,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,KAAK,KAAI;AAC3C,YAAA,MAAM,UAAU,GAAG,IAAIC,cAAG,CAAC,aAAa,CACtC,IAAI,EACJ,CAAA,iBAAA,EAAoB,KAAK,CAAA,CAAE,EAC3B;gBACE,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,gBAAgB,EAAE,oBAAoB,CAAC,oBAAoB;AAC3D,gBAAA,WAAW,EAAE,YAAY;AACzB,gBAAA,aAAa,EAAE,OAAO;AACtB,gBAAA,QAAQ,EAAE,SAAS;AACnB,gBAAA,UAAU,EAAE,aAAa;AAC1B,aAAA,CACF;YAEDb,QAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,OAAO,EAAEA,SAAG,CAAC,OAAO,CAAC,GAAG,CAAC;AACzD,YAAAM,QAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,UAAU,CAAC;AAC9C,SAAC,CAAC;;AAGJ;;AAEG;AACK,IAAA,0BAA0B,CAAC,KAA2B,EAAA;AAC5D,QAAA,MAAM,cAAc,GAAG,KAAK,CAAC,QAAQ,CAAC,UAAU;QAChD,MAAM,sBAAsB,GAC1B,IAAI,CAAC,cAAc,CAACY,yBAAiB,CAAC,SAAS,CAAC;;AAGlD,QAAA,MAAM,iBAAiB,GAAG;AACxB,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,WAAW;AAC/B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,OAAO;AAC3B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,KAAK;SAC1B;;QAGD,iBAAiB,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,KAAK,KAAI;AAC7C,YAAA,MAAM,UAAU,GAAG,IAAIC,cAAG,CAAC,aAAa,CACtC,IAAI,EACJ,CAAA,mBAAA,EAAsB,KAAK,CAAA,CAAE,EAC7B;gBACE,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,gBAAgB,EAAE,sBAAsB,CAAC,oBAAoB;AAC7D,gBAAA,WAAW,EAAE,cAAc;AAC3B,gBAAA,aAAa,EAAE,OAAO;AACtB,gBAAA,QAAQ,EAAE,SAAS;AACnB,gBAAA,UAAU,EAAE,aAAa;AAC1B,aAAA,CACF;YAEDb,QAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,OAAO,EAAEA,SAAG,CAAC,OAAO,CAAC,GAAG,CAAC;AACzD,YAAAM,QAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,YAAY,CAAC;AAChD,SAAC,CAAC;;AAEL;;AC7VK,MAAO,2BAA4B,SAAQ,eAAe,CAAA;AAC9D,IAAA,WAAA,CACE,KAAgB,EAChB,EAAE,GAAG,iBAAiB,EACtB,KAA4B,EAAA;AAE5B,QAAA,MAAM,YAAY,GAAyB;AACzC,YAAA,MAAM,EAAE,mBAAmB;AAC3B,YAAA,OAAO,EAAEN,SAAG,CAAC,IAAI,CAAC,GAAG;AACrB,YAAA,SAAS,EAAEA,SAAG,CAAC,MAAM,CAAC,SAAS;AAC/B,YAAA,GAAG,KAAK;SACT;AAED,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,YAAY,CAAC;;AAEjC;;;;;;;;;;"}
package/dist/cjs/index.d.ts CHANGED
@@ -3,4 +3,5 @@ export { JaypieHostedZone } from "./JaypieHostedZone";
3
3
  export { JaypieMongoDbSecret } from "./JaypieMongoDbSecret";
4
4
  export { JaypieOpenAiSecret } from "./JaypieOpenAiSecret";
5
5
  export { JaypieQueuedLambda } from "./JaypieQueuedLambda";
6
+ export { JaypieSsoAccountMap, JaypieSsoGroups, JaypieSsoGroupMap, JaypieSsoGroupsProps, PermissionSetType, } from "./JaypieSsoGroups";
6
7
  export { JaypieTraceSigningKeySecret } from "./JaypieTraceSigningKeySecret";
package/dist/esm/JaypieSsoGroups.d.ts ADDED
@@ -0,0 +1,93 @@
1
+ import { Construct } from "constructs";
2
+ import * as sso from "aws-cdk-lib/aws-sso";
3
+ /**
4
+ * Account categories for SSO group assignments
5
+ */
6
+ export interface JaypieSsoAccountMap {
7
+ development: string[];
8
+ management: string[];
9
+ operations: string[];
10
+ production: string[];
11
+ sandbox: string[];
12
+ security: string[];
13
+ stage: string[];
14
+ }
15
+ /**
16
+ * Mapping of group types to Google Workspace group GUIDs
17
+ */
18
+ export interface JaypieSsoGroupMap {
19
+ administrators: string;
20
+ analysts: string;
21
+ developers: string;
22
+ }
23
+ /**
24
+ * Properties for the JaypieSsoGroups construct
25
+ */
26
+ export interface JaypieSsoGroupsProps {
27
+ /**
28
+ * ARN of the IAM Identity Center instance
29
+ */
30
+ instanceArn: string;
31
+ /**
32
+ * Mapping of account categories to AWS account IDs
33
+ */
34
+ accountMap: JaypieSsoAccountMap;
35
+ /**
36
+ * Mapping of group types to Google Workspace group GUIDs
37
+ */
38
+ groupMap: JaypieSsoGroupMap;
39
+ }
40
+ /**
41
+ * Permission set types with corresponding AWS managed policies
42
+ */
43
+ export declare enum PermissionSetType {
44
+ ADMINISTRATOR = "Administrator",
45
+ ANALYST = "Analyst",
46
+ DEVELOPER = "Developer"
47
+ }
48
+ /**
49
+ * Construct to simplify AWS SSO group management.
50
+ * This construct encapsulates the complexity of creating permission sets
51
+ * and assigning them to groups across multiple AWS accounts.
52
+ */
53
+ export declare class JaypieSsoGroups extends Construct {
54
+ private readonly permissionSets;
55
+ private readonly instanceArn;
56
+ constructor(scope: Construct, id: string, props: JaypieSsoGroupsProps);
57
+ /**
58
+ * Creates the Administrator permission set with AdministratorAccess policy
59
+ * and billing access
60
+ */
61
+ private createAdministratorPermissionSet;
62
+ /**
63
+ * Creates the Analyst permission set with ReadOnlyAccess policy
64
+ * and limited write access
65
+ */
66
+ private createAnalystPermissionSet;
67
+ /**
68
+ * Creates the Developer permission set with SystemAdministrator policy
69
+ * and expanded write access
70
+ */
71
+ private createDeveloperPermissionSet;
72
+ /**
73
+ * Gets the permission set for the specified type
74
+ */
75
+ getPermissionSet(type: PermissionSetType): sso.CfnPermissionSet;
76
+ /**
77
+ * Creates assignments between permission sets, groups, and accounts
78
+ * based on the provided configuration
79
+ */
80
+ private createPermissionSetAssignments;
81
+ /**
82
+ * Assigns Administrator permissions to appropriate accounts
83
+ */
84
+ private assignAdministratorPermissions;
85
+ /**
86
+ * Assigns Analyst permissions to appropriate accounts
87
+ */
88
+ private assignAnalystPermissions;
89
+ /**
90
+ * Assigns Developer permissions to appropriate accounts
91
+ */
92
+ private assignDeveloperPermissions;
93
+ }
package/dist/esm/__tests__/JaypieSsoGroups.spec.d.ts ADDED
@@ -0,0 +1 @@
1
+ export {};
package/dist/esm/index.d.ts CHANGED
@@ -3,4 +3,5 @@ export { JaypieHostedZone } from "./JaypieHostedZone";
3
3
  export { JaypieMongoDbSecret } from "./JaypieMongoDbSecret";
4
4
  export { JaypieOpenAiSecret } from "./JaypieOpenAiSecret";
5
5
  export { JaypieQueuedLambda } from "./JaypieQueuedLambda";
6
+ export { JaypieSsoAccountMap, JaypieSsoGroups, JaypieSsoGroupMap, JaypieSsoGroupsProps, PermissionSetType, } from "./JaypieSsoGroups";
6
7
  export { JaypieTraceSigningKeySecret } from "./JaypieTraceSigningKeySecret";
package/dist/esm/index.js CHANGED
@@ -9,6 +9,7 @@ import { HostedZone } from 'aws-cdk-lib/aws-route53';
9
9
  import * as lambda from 'aws-cdk-lib/aws-lambda';
10
10
  import * as sqs from 'aws-cdk-lib/aws-sqs';
11
11
  import * as lambdaEventSources from 'aws-cdk-lib/aws-lambda-event-sources';
12
+ import * as sso from 'aws-cdk-lib/aws-sso';
12
13
 
13
14
  // It is a consumer if the environment is ephemeral
14
15
  function checkEnvIsConsumer(env = process.env) {
@@ -449,6 +450,252 @@ class JaypieQueuedLambda extends Construct {
449
450
  }
450
451
  }
451
452
 
453
+ /**
454
+ * Permission set types with corresponding AWS managed policies
455
+ */
456
+ var PermissionSetType;
457
+ (function (PermissionSetType) {
458
+ PermissionSetType["ADMINISTRATOR"] = "Administrator";
459
+ PermissionSetType["ANALYST"] = "Analyst";
460
+ PermissionSetType["DEVELOPER"] = "Developer";
461
+ })(PermissionSetType || (PermissionSetType = {}));
462
+ /**
463
+ * Construct to simplify AWS SSO group management.
464
+ * This construct encapsulates the complexity of creating permission sets
465
+ * and assigning them to groups across multiple AWS accounts.
466
+ */
467
+ class JaypieSsoGroups extends Construct {
468
+ constructor(scope, id, props) {
469
+ super(scope, id);
470
+ this.permissionSets = {};
471
+ this.instanceArn = props.instanceArn;
472
+ // Create the permission sets
473
+ this.createAdministratorPermissionSet();
474
+ this.createAnalystPermissionSet();
475
+ this.createDeveloperPermissionSet();
476
+ // Create the assignments
477
+ this.createPermissionSetAssignments(props);
478
+ }
479
+ /**
480
+ * Creates the Administrator permission set with AdministratorAccess policy
481
+ * and billing access
482
+ */
483
+ createAdministratorPermissionSet() {
484
+ const permissionSet = new sso.CfnPermissionSet(this, "AdministratorPermissionSet", {
485
+ instanceArn: this.instanceArn,
486
+ name: PermissionSetType.ADMINISTRATOR,
487
+ description: "Full administrative access to all AWS services and resources",
488
+ sessionDuration: Duration.hours(8).toIsoString(),
489
+ managedPolicies: ["arn:aws:iam::aws:policy/AdministratorAccess"],
490
+ inlinePolicy: {
491
+ Version: "2012-10-17",
492
+ Statement: [
493
+ {
494
+ Effect: "Allow",
495
+ Action: [
496
+ "aws-portal:ViewBilling",
497
+ "aws-portal:ModifyBilling",
498
+ "aws-portal:ViewAccount",
499
+ "aws-portal:ModifyAccount",
500
+ "budgets:ViewBudget",
501
+ "budgets:ModifyBudget",
502
+ ],
503
+ Resource: "*",
504
+ },
505
+ ],
506
+ },
507
+ });
508
+ Tags.of(permissionSet).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);
509
+ this.permissionSets[PermissionSetType.ADMINISTRATOR] = permissionSet;
510
+ }
511
+ /**
512
+ * Creates the Analyst permission set with ReadOnlyAccess policy
513
+ * and limited write access
514
+ */
515
+ createAnalystPermissionSet() {
516
+ const permissionSet = new sso.CfnPermissionSet(this, "AnalystPermissionSet", {
517
+ instanceArn: this.instanceArn,
518
+ name: PermissionSetType.ANALYST,
519
+ description: "Read-only access with billing visibility and limited write access",
520
+ sessionDuration: Duration.hours(4).toIsoString(),
521
+ managedPolicies: ["arn:aws:iam::aws:policy/ReadOnlyAccess"],
522
+ inlinePolicy: {
523
+ Version: "2012-10-17",
524
+ Statement: [
525
+ {
526
+ Effect: "Allow",
527
+ Action: [
528
+ "aws-portal:ViewBilling",
529
+ "aws-portal:ViewAccount",
530
+ "budgets:ViewBudget",
531
+ "cloudwatch:PutDashboard",
532
+ "cloudwatch:PutMetricData",
533
+ "s3:PutObject",
534
+ "s3:GetObject",
535
+ "s3:ListBucket",
536
+ ],
537
+ Resource: "*",
538
+ },
539
+ ],
540
+ },
541
+ });
542
+ Tags.of(permissionSet).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);
543
+ this.permissionSets[PermissionSetType.ANALYST] = permissionSet;
544
+ }
545
+ /**
546
+ * Creates the Developer permission set with SystemAdministrator policy
547
+ * and expanded write access
548
+ */
549
+ createDeveloperPermissionSet() {
550
+ const permissionSet = new sso.CfnPermissionSet(this, "DeveloperPermissionSet", {
551
+ instanceArn: this.instanceArn,
552
+ name: PermissionSetType.DEVELOPER,
553
+ description: "System administrator access with expanded write permissions",
554
+ sessionDuration: Duration.hours(8).toIsoString(),
555
+ managedPolicies: [
556
+ "arn:aws:iam::aws:policy/job-function/SystemAdministrator",
557
+ ],
558
+ inlinePolicy: {
559
+ Version: "2012-10-17",
560
+ Statement: [
561
+ {
562
+ Effect: "Allow",
563
+ Action: [
564
+ "cloudwatch:*",
565
+ "logs:*",
566
+ "lambda:*",
567
+ "apigateway:*",
568
+ "dynamodb:*",
569
+ "s3:*",
570
+ "sns:*",
571
+ "sqs:*",
572
+ "events:*",
573
+ "ecr:*",
574
+ "ecs:*",
575
+ "codebuild:*",
576
+ ],
577
+ Resource: "*",
578
+ },
579
+ {
580
+ Effect: "Deny",
581
+ Action: [
582
+ "iam:*User*",
583
+ "iam:*Role*",
584
+ "iam:*Policy*",
585
+ "organizations:*",
586
+ "account:*",
587
+ ],
588
+ Resource: "*",
589
+ },
590
+ ],
591
+ },
592
+ });
593
+ Tags.of(permissionSet).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);
594
+ this.permissionSets[PermissionSetType.DEVELOPER] = permissionSet;
595
+ }
596
+ /**
597
+ * Gets the permission set for the specified type
598
+ */
599
+ getPermissionSet(type) {
600
+ return this.permissionSets[type];
601
+ }
602
+ /**
603
+ * Creates assignments between permission sets, groups, and accounts
604
+ * based on the provided configuration
605
+ */
606
+ createPermissionSetAssignments(props) {
607
+ // Administrator assignments
608
+ this.assignAdministratorPermissions(props);
609
+ // Analyst assignments
610
+ this.assignAnalystPermissions(props);
611
+ // Developer assignments
612
+ this.assignDeveloperPermissions(props);
613
+ }
614
+ /**
615
+ * Assigns Administrator permissions to appropriate accounts
616
+ */
617
+ assignAdministratorPermissions(props) {
618
+ const administratorGroup = props.groupMap.administrators;
619
+ const administratorPermissionSet = this.permissionSets[PermissionSetType.ADMINISTRATOR];
620
+ // Administrators get access to all accounts
621
+ const allAccounts = [
622
+ ...props.accountMap.development,
623
+ ...props.accountMap.management,
624
+ ...props.accountMap.operations,
625
+ ...props.accountMap.production,
626
+ ...props.accountMap.sandbox,
627
+ ...props.accountMap.security,
628
+ ...props.accountMap.stage,
629
+ ];
630
+ // Create assignments for each account
631
+ allAccounts.forEach((accountId, index) => {
632
+ const assignment = new sso.CfnAssignment(this, `AdministratorAssignment${index}`, {
633
+ instanceArn: this.instanceArn,
634
+ permissionSetArn: administratorPermissionSet.attrPermissionSetArn,
635
+ principalId: administratorGroup,
636
+ principalType: "GROUP",
637
+ targetId: accountId,
638
+ targetType: "AWS_ACCOUNT",
639
+ });
640
+ Tags.of(assignment).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);
641
+ Tags.of(assignment).add("Group", "administrators");
642
+ });
643
+ }
644
+ /**
645
+ * Assigns Analyst permissions to appropriate accounts
646
+ */
647
+ assignAnalystPermissions(props) {
648
+ const analystGroup = props.groupMap.analysts;
649
+ const analystPermissionSet = this.permissionSets[PermissionSetType.ANALYST];
650
+ // Analysts get access to development, management, sandbox, and stage accounts
651
+ const analystAccounts = [
652
+ ...props.accountMap.development,
653
+ ...props.accountMap.management,
654
+ ...props.accountMap.sandbox,
655
+ ...props.accountMap.stage,
656
+ ];
657
+ // Create assignments for each account
658
+ analystAccounts.forEach((accountId, index) => {
659
+ const assignment = new sso.CfnAssignment(this, `AnalystAssignment${index}`, {
660
+ instanceArn: this.instanceArn,
661
+ permissionSetArn: analystPermissionSet.attrPermissionSetArn,
662
+ principalId: analystGroup,
663
+ principalType: "GROUP",
664
+ targetId: accountId,
665
+ targetType: "AWS_ACCOUNT",
666
+ });
667
+ Tags.of(assignment).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);
668
+ Tags.of(assignment).add("Group", "analysts");
669
+ });
670
+ }
671
+ /**
672
+ * Assigns Developer permissions to appropriate accounts
673
+ */
674
+ assignDeveloperPermissions(props) {
675
+ const developerGroup = props.groupMap.developers;
676
+ const developerPermissionSet = this.permissionSets[PermissionSetType.DEVELOPER];
677
+ // Developers get access to development, sandbox, and stage accounts
678
+ const developerAccounts = [
679
+ ...props.accountMap.development,
680
+ ...props.accountMap.sandbox,
681
+ ...props.accountMap.stage,
682
+ ];
683
+ // Create assignments for each account
684
+ developerAccounts.forEach((accountId, index) => {
685
+ const assignment = new sso.CfnAssignment(this, `DeveloperAssignment${index}`, {
686
+ instanceArn: this.instanceArn,
687
+ permissionSetArn: developerPermissionSet.attrPermissionSetArn,
688
+ principalId: developerGroup,
689
+ principalType: "GROUP",
690
+ targetId: accountId,
691
+ targetType: "AWS_ACCOUNT",
692
+ });
693
+ Tags.of(assignment).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);
694
+ Tags.of(assignment).add("Group", "developers");
695
+ });
696
+ }
697
+ }
698
+
452
699
  class JaypieTraceSigningKeySecret extends JaypieEnvSecret {
453
700
  constructor(scope, id = "TraceSigningKey", props) {
454
701
  const defaultProps = {
@@ -461,5 +708,5 @@ class JaypieTraceSigningKeySecret extends JaypieEnvSecret {
461
708
  }
462
709
  }
463
710
 
464
- export { JaypieEnvSecret, JaypieHostedZone, JaypieMongoDbSecret, JaypieOpenAiSecret, JaypieQueuedLambda, JaypieTraceSigningKeySecret };
711
+ export { JaypieEnvSecret, JaypieHostedZone, JaypieMongoDbSecret, JaypieOpenAiSecret, JaypieQueuedLambda, JaypieSsoGroups, JaypieTraceSigningKeySecret, PermissionSetType };
465
712
  //# sourceMappingURL=index.js.map
package/dist/esm/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sources":["../../../src/JaypieEnvSecret.ts","../../../src/JaypieHostedZone.ts","../../../src/JaypieMongoDbSecret.ts","../../../src/JaypieOpenAiSecret.ts","../../../src/JaypieQueuedLambda.ts","../../../src/JaypieTraceSigningKeySecret.ts"],"sourcesContent":["import { Construct } from \"constructs\";\nimport {\n CfnOutput,\n Fn,\n SecretValue,\n Tags,\n RemovalPolicy,\n Stack,\n} from \"aws-cdk-lib\";\nimport * as secretsmanager from \"aws-cdk-lib/aws-secretsmanager\";\nimport { CDK } from \"@jaypie/cdk\";\nimport {\n ISecret,\n ISecretAttachmentTarget,\n RotationSchedule,\n RotationScheduleOptions,\n} from \"aws-cdk-lib/aws-secretsmanager\";\nimport { IKey } from \"aws-cdk-lib/aws-kms\";\nimport {\n Grant,\n IGrantable,\n PolicyStatement,\n AddToResourcePolicyResult,\n} from \"aws-cdk-lib/aws-iam\";\n\n// It is a consumer if the environment is ephemeral\nfunction checkEnvIsConsumer(env = process.env): boolean {\n return (\n env.PROJECT_ENV === CDK.ENV.PERSONAL ||\n !!env.CDK_ENV_PERSONAL ||\n /** @deprecated */ env.PROJECT_ENV === \"ephemeral\" ||\n /** @deprecated */ !!env.CDK_ENV_EPHEMERAL\n );\n}\n\nfunction checkEnvIsProvider(env = process.env): boolean {\n return env.PROJECT_ENV === CDK.ENV.SANDBOX;\n}\n\nfunction cleanName(name: string): string {\n return name.replace(/[^a-zA-Z0-9:-]/g, \"\");\n}\n\nfunction exportEnvName(name: string, env = process.env): string {\n let rawName;\n if (checkEnvIsProvider(env)) {\n rawName = `env-${env.PROJECT_ENV}-${env.PROJECT_KEY}-${name}`;\n // Clean the entire name to only allow alphanumeric, colons, and hyphens\n return cleanName(rawName);\n } else {\n if (checkEnvIsConsumer(env)) {\n rawName = `env-${CDK.ENV.SANDBOX}-${env.PROJECT_KEY}-${name}`;\n } else {\n rawName = `env-${env.PROJECT_ENV}-${env.PROJECT_KEY}-${name}`;\n }\n }\n return cleanName(rawName);\n}\n\nexport interface JaypieEnvSecretProps {\n consumer?: boolean;\n envKey?: string;\n export?: string;\n provider?: boolean;\n roleTag?: string;\n vendorTag?: string;\n value?: string;\n}\n\nexport class JaypieEnvSecret extends Construct implements ISecret {\n private readonly _envKey?: string;\n private readonly _secret: secretsmanager.ISecret;\n\n constructor(scope: Construct, id: string, props?: JaypieEnvSecretProps) {\n super(scope, id);\n\n const {\n consumer = checkEnvIsConsumer(),\n envKey,\n export: exportParam,\n provider = checkEnvIsProvider(),\n roleTag,\n vendorTag,\n value,\n } = props || {};\n\n this._envKey = envKey;\n\n let exportName;\n\n if (!exportParam) {\n exportName = exportEnvName(id);\n } else {\n exportName = cleanName(exportParam);\n }\n\n if (consumer) {\n const secretName = Fn.importValue(exportName);\n this._secret = secretsmanager.Secret.fromSecretNameV2(\n this,\n id,\n secretName,\n );\n\n // Add CfnOutput for consumer secrets\n new CfnOutput(this, `ConsumedName`, {\n value: this._secret.secretName,\n });\n } else {\n const secretValue =\n envKey && process.env[envKey] ? process.env[envKey] : value;\n\n const secretProps: secretsmanager.SecretProps = {\n secretStringValue: secretValue\n ? SecretValue.unsafePlainText(secretValue)\n : undefined,\n };\n\n this._secret = new secretsmanager.Secret(this, id, secretProps);\n\n if (roleTag) {\n Tags.of(this._secret).add(CDK.TAG.ROLE, roleTag);\n }\n\n if (vendorTag) {\n Tags.of(this._secret).add(CDK.TAG.VENDOR, vendorTag);\n }\n\n if (provider) {\n new CfnOutput(this, `ProvidedName`, {\n value: this._secret.secretName,\n exportName,\n });\n } else {\n new CfnOutput(this, `CreatedName`, {\n value: this._secret.secretName,\n });\n }\n }\n }\n\n // IResource implementation\n public get stack(): Stack {\n return Stack.of(this);\n }\n\n public get env(): { account: string; region: string } {\n return {\n account: Stack.of(this).account,\n region: Stack.of(this).region,\n };\n }\n\n public applyRemovalPolicy(policy: RemovalPolicy): void {\n this._secret.applyRemovalPolicy(policy);\n }\n\n // ISecret implementation\n public get secretArn(): string {\n return this._secret.secretArn;\n }\n\n public get secretName(): string {\n return this._secret.secretName;\n }\n\n public get secretFullArn(): string | undefined {\n return this._secret.secretFullArn;\n }\n\n public get encryptionKey(): IKey | undefined {\n return this._secret.encryptionKey;\n }\n\n public get secretValue(): SecretValue {\n return this._secret.secretValue;\n }\n\n public secretValueFromJson(key: string): SecretValue {\n return this._secret.secretValueFromJson(key);\n }\n\n public grantRead(grantee: IGrantable, versionStages?: string[]): Grant {\n return this._secret.grantRead(grantee, versionStages);\n }\n\n public grantWrite(grantee: IGrantable): Grant {\n return this._secret.grantWrite(grantee);\n }\n\n public addRotationSchedule(\n id: string,\n options: RotationScheduleOptions,\n ): RotationSchedule {\n return this._secret.addRotationSchedule(id, options);\n }\n\n public addToResourcePolicy(\n statement: PolicyStatement,\n ): AddToResourcePolicyResult {\n return this._secret.addToResourcePolicy(statement);\n }\n\n public denyAccountRootDelete(): void {\n this._secret.denyAccountRootDelete();\n }\n\n public attach(target: ISecretAttachmentTarget): ISecret {\n return this._secret.attach(target);\n }\n\n public get envKey(): string | undefined {\n return this._envKey;\n }\n}\n","import { CDK } from \"@jaypie/cdk\";\nimport * as cdk from \"aws-cdk-lib\";\nimport { ServicePrincipal } from \"aws-cdk-lib/aws-iam\";\nimport {\n LogGroup,\n FilterPattern,\n RetentionDays,\n ILogGroup,\n} from \"aws-cdk-lib/aws-logs\";\nimport { HostedZone, IHostedZone } from \"aws-cdk-lib/aws-route53\";\nimport { Construct } from \"constructs\";\nimport { LambdaDestination } from \"aws-cdk-lib/aws-logs-destinations\";\n\nconst SERVICE = {\n ROUTE53: \"route53.amazonaws.com\",\n} as const;\n\ninterface JaypieHostedZoneProps {\n /**\n * The domain name for the hosted zone\n */\n zoneName: string;\n /**\n * The service tag value\n * @default CDK.SERVICE.INFRASTRUCTURE\n */\n service?: string;\n /**\n * Optional project tag value\n */\n project?: string;\n /**\n * Optional log destination\n */\n destination?: LambdaDestination;\n}\n\nexport class JaypieHostedZone extends Construct {\n public readonly hostedZone: IHostedZone;\n public readonly logGroup: ILogGroup;\n\n /**\n * Create a new hosted zone with query logging\n */\n constructor(scope: Construct, id: string, props: JaypieHostedZoneProps) {\n super(scope, id);\n\n const { destination, zoneName, project } = props;\n const service = props.service || CDK.SERVICE.INFRASTRUCTURE;\n\n // Create the log group\n this.logGroup = new LogGroup(this, \"LogGroup\", {\n logGroupName: process.env.PROJECT_NONCE\n ? `/aws/route53/${zoneName}-${process.env.PROJECT_NONCE}`\n : `/aws/route53/${zoneName}`,\n retention: RetentionDays.ONE_WEEK,\n });\n\n // Add tags\n cdk.Tags.of(this.logGroup).add(CDK.TAG.SERVICE, service);\n cdk.Tags.of(this.logGroup).add(CDK.TAG.ROLE, CDK.ROLE.NETWORKING);\n if (project) {\n cdk.Tags.of(this.logGroup).add(CDK.TAG.PROJECT, project);\n }\n\n // Grant Route 53 permissions to write to the log group\n this.logGroup.grantWrite(new ServicePrincipal(SERVICE.ROUTE53));\n\n // Add destination if provided\n if (destination) {\n this.logGroup.addSubscriptionFilter(\"DatadogLambdaDestination\", {\n destination,\n filterPattern: FilterPattern.allEvents(),\n });\n }\n\n // Create the hosted zone\n this.hostedZone = new HostedZone(this, \"HostedZone\", {\n queryLogsLogGroupArn: this.logGroup.logGroupArn,\n zoneName,\n });\n\n // Add tags\n cdk.Tags.of(this.hostedZone).add(CDK.TAG.SERVICE, service);\n cdk.Tags.of(this.hostedZone).add(CDK.TAG.ROLE, CDK.ROLE.NETWORKING);\n if (project) {\n cdk.Tags.of(this.hostedZone).add(CDK.TAG.PROJECT, project);\n }\n }\n}\n","import { Construct } from \"constructs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport { JaypieEnvSecret, JaypieEnvSecretProps } from \"./JaypieEnvSecret\";\n\nexport class JaypieMongoDbSecret extends JaypieEnvSecret {\n constructor(\n scope: Construct,\n id = \"MongoConnectionString\",\n props?: JaypieEnvSecretProps,\n ) {\n const defaultProps: JaypieEnvSecretProps = {\n envKey: \"MONGODB_URI\",\n roleTag: CDK.ROLE.STORAGE,\n vendorTag: CDK.VENDOR.MONGODB,\n ...props,\n };\n\n super(scope, id, defaultProps);\n }\n}\n","import { Construct } from \"constructs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport { JaypieEnvSecret, JaypieEnvSecretProps } from \"./JaypieEnvSecret\";\n\nexport class JaypieOpenAiSecret extends JaypieEnvSecret {\n constructor(\n scope: Construct,\n id = \"OpenAiApiKey\",\n props?: JaypieEnvSecretProps,\n ) {\n const defaultProps: JaypieEnvSecretProps = {\n envKey: \"OPENAI_API_KEY\",\n roleTag: CDK.ROLE.PROCESSING,\n vendorTag: CDK.VENDOR.OPENAI,\n ...props,\n };\n\n super(scope, id, defaultProps);\n }\n}\n","import { Construct } from \"constructs\";\nimport { Duration, Tags, Stack, RemovalPolicy } from \"aws-cdk-lib\";\nimport * as lambda from \"aws-cdk-lib/aws-lambda\";\nimport * as sqs from \"aws-cdk-lib/aws-sqs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport * as lambdaEventSources from \"aws-cdk-lib/aws-lambda-event-sources\";\nimport * as iam from \"aws-cdk-lib/aws-iam\";\nimport * as cloudwatch from \"aws-cdk-lib/aws-cloudwatch\";\nimport * as kms from \"aws-cdk-lib/aws-kms\";\nimport * as secretsmanager from \"aws-cdk-lib/aws-secretsmanager\";\nimport { JaypieEnvSecret } from \"./JaypieEnvSecret.js\";\n\nexport interface JaypieQueuedLambdaProps {\n batchSize?: number;\n code: lambda.Code | string;\n environment?: { [key: string]: string };\n envSecrets?: { [key: string]: secretsmanager.ISecret };\n fifo?: boolean;\n handler: string;\n layers?: lambda.ILayerVersion[];\n logRetention?: number;\n memorySize?: number;\n paramsAndSecrets?: lambda.ParamsAndSecretsLayerVersion;\n reservedConcurrentExecutions?: number;\n roleTag?: string;\n runtime?: lambda.Runtime;\n secrets?: JaypieEnvSecret[];\n timeout?: Duration | number;\n vendorTag?: string;\n visibilityTimeout?: Duration | number;\n}\n\nexport class JaypieQueuedLambda\n extends Construct\n implements lambda.IFunction, sqs.IQueue\n{\n private readonly _queue: sqs.Queue;\n private readonly _lambda: lambda.Function;\n private readonly _code: lambda.Code;\n\n constructor(scope: Construct, id: string, props: JaypieQueuedLambdaProps) {\n super(scope, id);\n\n const {\n batchSize = 1,\n code,\n environment = {},\n envSecrets = {},\n fifo = true,\n handler = \"index.handler\",\n layers = [],\n logRetention = CDK.LAMBDA.LOG_RETENTION,\n memorySize = CDK.LAMBDA.MEMORY_SIZE,\n paramsAndSecrets,\n reservedConcurrentExecutions,\n roleTag,\n runtime = lambda.Runtime.NODEJS_20_X,\n secrets = [],\n timeout = Duration.seconds(CDK.DURATION.LAMBDA_WORKER),\n vendorTag,\n visibilityTimeout = Duration.seconds(CDK.DURATION.LAMBDA_WORKER),\n } = props;\n\n this._code = typeof code === \"string\" ? lambda.Code.fromAsset(code) : code;\n\n // Create SQS Queue\n this._queue = new sqs.Queue(this, \"Queue\", {\n fifo,\n visibilityTimeout:\n typeof visibilityTimeout === \"number\"\n ? Duration.seconds(visibilityTimeout)\n : visibilityTimeout,\n });\n if (roleTag) {\n Tags.of(this._queue).add(CDK.TAG.ROLE, roleTag);\n }\n if (vendorTag) {\n Tags.of(this._queue).add(CDK.TAG.VENDOR, vendorTag);\n }\n\n // Process secrets environment variables\n const secretsEnvironment = Object.entries(envSecrets).reduce(\n (acc, [key, secret]) => ({\n ...acc,\n [`SECRET_${key}`]: secret.secretName,\n }),\n {},\n );\n\n // Process JaypieEnvSecret array\n const jaypieSecretsEnvironment = secrets.reduce((acc, secret) => {\n if (secret.envKey) {\n return {\n ...acc,\n [`SECRET_${secret.envKey}`]: secret.secretName,\n };\n }\n return acc;\n }, {});\n\n // Create Lambda Function\n this._lambda = new lambda.Function(this, \"Function\", {\n code: this._code,\n environment: {\n CDK_ENV_QUEUE_URL: this._queue.queueUrl,\n ...environment,\n ...secretsEnvironment,\n ...jaypieSecretsEnvironment,\n },\n handler,\n layers,\n logRetention,\n memorySize,\n paramsAndSecrets,\n reservedConcurrentExecutions,\n runtime,\n timeout:\n typeof timeout === \"number\" ? Duration.seconds(timeout) : timeout,\n });\n\n // Grant secret read permissions\n Object.values(envSecrets).forEach((secret) => {\n secret.grantRead(this._lambda);\n });\n\n // Grant read permissions for JaypieEnvSecrets\n secrets.forEach((secret) => {\n secret.grantRead(this);\n secret.grantRead(this._lambda);\n });\n\n this._queue.grantConsumeMessages(this._lambda);\n this._queue.grantSendMessages(this._lambda);\n this._lambda.addEventSource(\n new lambdaEventSources.SqsEventSource(this._queue, {\n batchSize,\n }),\n );\n if (roleTag) {\n Tags.of(this._lambda).add(CDK.TAG.ROLE, roleTag);\n }\n if (vendorTag) {\n Tags.of(this._lambda).add(CDK.TAG.VENDOR, vendorTag);\n }\n }\n\n // Public accessors\n public get queue(): sqs.Queue {\n return this._queue;\n }\n\n public get lambda(): lambda.Function {\n return this._lambda;\n }\n\n public get code(): lambda.Code {\n return this._code;\n }\n\n // IFunction implementation\n public get functionArn(): string {\n return this._lambda.functionArn;\n }\n\n public get functionName(): string {\n return this._lambda.functionName;\n }\n\n public get grantPrincipal(): import(\"aws-cdk-lib/aws-iam\").IPrincipal {\n return this._lambda.grantPrincipal;\n }\n\n public get role(): import(\"aws-cdk-lib/aws-iam\").IRole | undefined {\n return this._lambda.role;\n }\n\n public get architecture(): lambda.Architecture {\n return this._lambda.architecture;\n }\n\n public get connections(): import(\"aws-cdk-lib/aws-ec2\").Connections {\n return this._lambda.connections;\n }\n\n public get isBoundToVpc(): boolean {\n return this._lambda.isBoundToVpc;\n }\n\n public get latestVersion(): lambda.IVersion {\n return this._lambda.latestVersion;\n }\n\n public get permissionsNode(): import(\"constructs\").Node {\n return this._lambda.permissionsNode;\n }\n\n public get resourceArnsForGrantInvoke(): string[] {\n return this._lambda.resourceArnsForGrantInvoke;\n }\n\n public addEventSource(source: lambda.IEventSource): void {\n this._lambda.addEventSource(source);\n }\n\n public addEventSourceMapping(\n id: string,\n options: lambda.EventSourceMappingOptions,\n ): lambda.EventSourceMapping {\n return this._lambda.addEventSourceMapping(id, options);\n }\n\n public addFunctionUrl(\n options?: lambda.FunctionUrlOptions,\n ): lambda.FunctionUrl {\n return this._lambda.addFunctionUrl(options);\n }\n\n public addPermission(id: string, permission: lambda.Permission): void {\n this._lambda.addPermission(id, permission);\n }\n\n public addToRolePolicy(\n statement: import(\"aws-cdk-lib/aws-iam\").PolicyStatement,\n ): void {\n this._lambda.addToRolePolicy(statement);\n }\n\n public configureAsyncInvoke(options: lambda.EventInvokeConfigOptions): void {\n this._lambda.configureAsyncInvoke(options);\n }\n\n public grantInvoke(\n grantee: import(\"aws-cdk-lib/aws-iam\").IGrantable,\n ): import(\"aws-cdk-lib/aws-iam\").Grant {\n return this._lambda.grantInvoke(grantee);\n }\n\n public grantInvokeCompositePrincipal(\n compositePrincipal: import(\"aws-cdk-lib/aws-iam\").CompositePrincipal,\n ): import(\"aws-cdk-lib/aws-iam\").Grant[] {\n return this._lambda.grantInvokeCompositePrincipal(compositePrincipal);\n }\n\n public grantInvokeUrl(\n grantee: import(\"aws-cdk-lib/aws-iam\").IGrantable,\n ): import(\"aws-cdk-lib/aws-iam\").Grant {\n return this._lambda.grantInvokeUrl(grantee);\n }\n\n public metric(\n metricName: string,\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metric(metricName, props);\n }\n\n public metricDuration(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricDuration(props);\n }\n\n public metricErrors(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricErrors(props);\n }\n\n public metricInvocations(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricInvocations(props);\n }\n\n public metricThrottles(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricThrottles(props);\n }\n\n // Additional IFunction implementation\n public grantInvokeLatestVersion(grantee: iam.IGrantable): iam.Grant {\n return this._lambda.grantInvokeLatestVersion(grantee);\n }\n\n public grantInvokeVersion(\n grantee: iam.IGrantable,\n version: lambda.Version,\n ): iam.Grant {\n return this._lambda.grantInvokeVersion(grantee, version);\n }\n\n public get env() {\n return {\n account: Stack.of(this).account,\n region: Stack.of(this).region,\n };\n }\n\n public get stack(): Stack {\n return this._lambda.stack;\n }\n\n public applyRemovalPolicy(policy: RemovalPolicy): void {\n this._lambda.applyRemovalPolicy(policy);\n this._queue.applyRemovalPolicy(policy);\n }\n\n // IQueue implementation\n public get fifo(): boolean {\n return this._queue.fifo;\n }\n\n public get queueArn(): string {\n return this._queue.queueArn;\n }\n\n public get queueName(): string {\n return this._queue.queueName;\n }\n\n public get queueUrl(): string {\n return this._queue.queueUrl;\n }\n\n public get encryptionMasterKey(): kms.IKey | undefined {\n return this._queue.encryptionMasterKey;\n }\n\n public addToResourcePolicy(\n statement: iam.PolicyStatement,\n ): iam.AddToResourcePolicyResult {\n return this._queue.addToResourcePolicy(statement);\n }\n\n public grant(grantee: iam.IGrantable, ...actions: string[]): iam.Grant {\n return this._queue.grant(grantee, ...actions);\n }\n\n public grantConsumeMessages(grantee: iam.IGrantable): iam.Grant {\n return this._queue.grantConsumeMessages(grantee);\n }\n\n public grantPurge(grantee: iam.IGrantable): iam.Grant {\n return this._queue.grantPurge(grantee);\n }\n\n public grantSendMessages(grantee: iam.IGrantable): iam.Grant {\n return this._queue.grantSendMessages(grantee);\n }\n\n // Queue metrics\n public metricApproximateAgeOfOldestMessage(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateAgeOfOldestMessage(props);\n }\n\n public metricApproximateNumberOfMessagesDelayed(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateNumberOfMessagesDelayed(props);\n }\n\n public metricApproximateNumberOfMessagesNotVisible(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateNumberOfMessagesNotVisible(props);\n }\n\n public metricApproximateNumberOfMessagesVisible(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateNumberOfMessagesVisible(props);\n }\n\n public metricNumberOfEmptyReceives(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfEmptyReceives(props);\n }\n\n public metricNumberOfMessagesDeleted(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfMessagesDeleted(props);\n }\n\n public metricNumberOfMessagesReceived(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfMessagesReceived(props);\n }\n\n public metricNumberOfMessagesSent(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfMessagesSent(props);\n }\n\n public metricSentMessageSize(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricSentMessageSize(props);\n }\n}\n","import { Construct } from \"constructs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport { JaypieEnvSecret, JaypieEnvSecretProps } from \"./JaypieEnvSecret\";\n\nexport class JaypieTraceSigningKeySecret extends JaypieEnvSecret {\n constructor(\n scope: Construct,\n id = \"TraceSigningKey\",\n props?: JaypieEnvSecretProps,\n ) {\n const defaultProps: JaypieEnvSecretProps = {\n envKey: \"TRACE_SIGNING_KEY\",\n roleTag: CDK.ROLE.API,\n vendorTag: CDK.VENDOR.KNOWTRACE,\n ...props,\n };\n\n super(scope, id, defaultProps);\n }\n}\n"],"names":[],"mappings":";;;;;;;;;;;;AAyBA;AACA,SAAS,kBAAkB,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,EAAA;IAC3C,QACE,GAAG,CAAC,WAAW,KAAK,GAAG,CAAC,GAAG,CAAC,QAAQ;QACpC,CAAC,CAAC,GAAG,CAAC,gBAAgB;AACtB,2BAAmB,GAAG,CAAC,WAAW,KAAK,WAAW;AAClD,2BAAmB,CAAC,CAAC,GAAG,CAAC,iBAAiB;AAE9C;AAEA,SAAS,kBAAkB,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,EAAA;IAC3C,OAAO,GAAG,CAAC,WAAW,KAAK,GAAG,CAAC,GAAG,CAAC,OAAO;AAC5C;AAEA,SAAS,SAAS,CAAC,IAAY,EAAA;IAC7B,OAAO,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,EAAE,CAAC;AAC5C;AAEA,SAAS,aAAa,CAAC,IAAY,EAAE,GAAG,GAAG,OAAO,CAAC,GAAG,EAAA;AACpD,IAAA,IAAI,OAAO;AACX,IAAA,IAAI,kBAAkB,CAAC,GAAG,CAAC,EAAE;AAC3B,QAAA,OAAO,GAAG,CAAA,IAAA,EAAO,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,IAAI,CAAA,CAAE;;AAE7D,QAAA,OAAO,SAAS,CAAC,OAAO,CAAC;;SACpB;AACL,QAAA,IAAI,kBAAkB,CAAC,GAAG,CAAC,EAAE;AAC3B,YAAA,OAAO,GAAG,CAAA,IAAA,EAAO,GAAG,CAAC,GAAG,CAAC,OAAO,CAAI,CAAA,EAAA,GAAG,CAAC,WAAW,CAAI,CAAA,EAAA,IAAI,EAAE;;aACxD;AACL,YAAA,OAAO,GAAG,CAAA,IAAA,EAAO,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,IAAI,CAAA,CAAE;;;AAGjE,IAAA,OAAO,SAAS,CAAC,OAAO,CAAC;AAC3B;AAYM,MAAO,eAAgB,SAAQ,SAAS,CAAA;AAI5C,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA4B,EAAA;AACpE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;QAEhB,MAAM,EACJ,QAAQ,GAAG,kBAAkB,EAAE,EAC/B,MAAM,EACN,MAAM,EAAE,WAAW,EACnB,QAAQ,GAAG,kBAAkB,EAAE,EAC/B,OAAO,EACP,SAAS,EACT,KAAK,GACN,GAAG,KAAK,IAAI,EAAE;AAEf,QAAA,IAAI,CAAC,OAAO,GAAG,MAAM;AAErB,QAAA,IAAI,UAAU;QAEd,IAAI,CAAC,WAAW,EAAE;AAChB,YAAA,UAAU,GAAG,aAAa,CAAC,EAAE,CAAC;;aACzB;AACL,YAAA,UAAU,GAAG,SAAS,CAAC,WAAW,CAAC;;QAGrC,IAAI,QAAQ,EAAE;YACZ,MAAM,UAAU,GAAG,EAAE,CAAC,WAAW,CAAC,UAAU,CAAC;AAC7C,YAAA,IAAI,CAAC,OAAO,GAAG,cAAc,CAAC,MAAM,CAAC,gBAAgB,CACnD,IAAI,EACJ,EAAE,EACF,UAAU,CACX;;AAGD,YAAA,IAAI,SAAS,CAAC,IAAI,EAAE,cAAc,EAAE;AAClC,gBAAA,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU;AAC/B,aAAA,CAAC;;aACG;YACL,MAAM,WAAW,GACf,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,KAAK;AAE7D,YAAA,MAAM,WAAW,GAA+B;AAC9C,gBAAA,iBAAiB,EAAE;AACjB,sBAAE,WAAW,CAAC,eAAe,CAAC,WAAW;AACzC,sBAAE,SAAS;aACd;AAED,YAAA,IAAI,CAAC,OAAO,GAAG,IAAI,cAAc,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,EAAE,WAAW,CAAC;YAE/D,IAAI,OAAO,EAAE;AACX,gBAAA,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC;;YAGlD,IAAI,SAAS,EAAE;AACb,gBAAA,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC;;YAGtD,IAAI,QAAQ,EAAE;AACZ,gBAAA,IAAI,SAAS,CAAC,IAAI,EAAE,cAAc,EAAE;AAClC,oBAAA,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU;oBAC9B,UAAU;AACX,iBAAA,CAAC;;iBACG;AACL,gBAAA,IAAI,SAAS,CAAC,IAAI,EAAE,aAAa,EAAE;AACjC,oBAAA,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU;AAC/B,iBAAA,CAAC;;;;;AAMR,IAAA,IAAW,KAAK,GAAA;AACd,QAAA,OAAO,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC;;AAGvB,IAAA,IAAW,GAAG,GAAA;QACZ,OAAO;YACL,OAAO,EAAE,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,OAAO;YAC/B,MAAM,EAAE,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM;SAC9B;;AAGI,IAAA,kBAAkB,CAAC,MAAqB,EAAA;AAC7C,QAAA,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,CAAC;;;AAIzC,IAAA,IAAW,SAAS,GAAA;AAClB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS;;AAG/B,IAAA,IAAW,UAAU,GAAA;AACnB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU;;AAGhC,IAAA,IAAW,aAAa,GAAA;AACtB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,aAAa;;AAGnC,IAAA,IAAW,aAAa,GAAA;AACtB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,aAAa;;AAGnC,IAAA,IAAW,WAAW,GAAA;AACpB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW;;AAG1B,IAAA,mBAAmB,CAAC,GAAW,EAAA;QACpC,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,GAAG,CAAC;;IAGvC,SAAS,CAAC,OAAmB,EAAE,aAAwB,EAAA;QAC5D,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,OAAO,EAAE,aAAa,CAAC;;AAGhD,IAAA,UAAU,CAAC,OAAmB,EAAA;QACnC,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC;;IAGlC,mBAAmB,CACxB,EAAU,EACV,OAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,EAAE,EAAE,OAAO,CAAC;;AAG/C,IAAA,mBAAmB,CACxB,SAA0B,EAAA;QAE1B,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,SAAS,CAAC;;IAG7C,qBAAqB,GAAA;AAC1B,QAAA,IAAI,CAAC,OAAO,CAAC,qBAAqB,EAAE;;AAG/B,IAAA,MAAM,CAAC,MAA+B,EAAA;QAC3C,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC;;AAGpC,IAAA,IAAW,MAAM,GAAA;QACf,OAAO,IAAI,CAAC,OAAO;;AAEtB;;ACzMD,MAAM,OAAO,GAAG;AACd,IAAA,OAAO,EAAE,uBAAuB;CACxB;AAsBJ,MAAO,gBAAiB,SAAQ,SAAS,CAAA;AAI7C;;AAEG;AACH,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA4B,EAAA;AACpE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;QAEhB,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,OAAO,EAAE,GAAG,KAAK;QAChD,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,IAAI,GAAG,CAAC,OAAO,CAAC,cAAc;;QAG3D,IAAI,CAAC,QAAQ,GAAG,IAAI,QAAQ,CAAC,IAAI,EAAE,UAAU,EAAE;AAC7C,YAAA,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC;kBACtB,gBAAgB,QAAQ,CAAA,CAAA,EAAI,OAAO,CAAC,GAAG,CAAC,aAAa,CAAE;kBACvD,CAAgB,aAAA,EAAA,QAAQ,CAAE,CAAA;YAC9B,SAAS,EAAE,aAAa,CAAC,QAAQ;AAClC,SAAA,CAAC;;QAGF,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;QACxD,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC;QACjE,IAAI,OAAO,EAAE;YACX,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;;;AAI1D,QAAA,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,gBAAgB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;;QAG/D,IAAI,WAAW,EAAE;AACf,YAAA,IAAI,CAAC,QAAQ,CAAC,qBAAqB,CAAC,0BAA0B,EAAE;gBAC9D,WAAW;AACX,gBAAA,aAAa,EAAE,aAAa,CAAC,SAAS,EAAE;AACzC,aAAA,CAAC;;;QAIJ,IAAI,CAAC,UAAU,GAAG,IAAI,UAAU,CAAC,IAAI,EAAE,YAAY,EAAE;AACnD,YAAA,oBAAoB,EAAE,IAAI,CAAC,QAAQ,CAAC,WAAW;YAC/C,QAAQ;AACT,SAAA,CAAC;;QAGF,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;QAC1D,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC;QACnE,IAAI,OAAO,EAAE;YACX,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;;;AAG/D;;ACrFK,MAAO,mBAAoB,SAAQ,eAAe,CAAA;AACtD,IAAA,WAAA,CACE,KAAgB,EAChB,EAAE,GAAG,uBAAuB,EAC5B,KAA4B,EAAA;AAE5B,QAAA,MAAM,YAAY,GAAyB;AACzC,YAAA,MAAM,EAAE,aAAa;AACrB,YAAA,OAAO,EAAE,GAAG,CAAC,IAAI,CAAC,OAAO;AACzB,YAAA,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,OAAO;AAC7B,YAAA,GAAG,KAAK;SACT;AAED,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,YAAY,CAAC;;AAEjC;;ACfK,MAAO,kBAAmB,SAAQ,eAAe,CAAA;AACrD,IAAA,WAAA,CACE,KAAgB,EAChB,EAAE,GAAG,cAAc,EACnB,KAA4B,EAAA;AAE5B,QAAA,MAAM,YAAY,GAAyB;AACzC,YAAA,MAAM,EAAE,gBAAgB;AACxB,YAAA,OAAO,EAAE,GAAG,CAAC,IAAI,CAAC,UAAU;AAC5B,YAAA,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,MAAM;AAC5B,YAAA,GAAG,KAAK;SACT;AAED,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,YAAY,CAAC;;AAEjC;;ACaK,MAAO,kBACX,SAAQ,SAAS,CAAA;AAOjB,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA8B,EAAA;AACtE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;AAEhB,QAAA,MAAM,EACJ,SAAS,GAAG,CAAC,EACb,IAAI,EACJ,WAAW,GAAG,EAAE,EAChB,UAAU,GAAG,EAAE,EACf,IAAI,GAAG,IAAI,EACX,OAAO,GAAG,eAAe,EACzB,MAAM,GAAG,EAAE,EACX,YAAY,GAAG,GAAG,CAAC,MAAM,CAAC,aAAa,EACvC,UAAU,GAAG,GAAG,CAAC,MAAM,CAAC,WAAW,EACnC,gBAAgB,EAChB,4BAA4B,EAC5B,OAAO,EACP,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,WAAW,EACpC,OAAO,GAAG,EAAE,EACZ,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,EACtD,SAAS,EACT,iBAAiB,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,GACjE,GAAG,KAAK;QAET,IAAI,CAAC,KAAK,GAAG,OAAO,IAAI,KAAK,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,IAAI;;QAG1E,IAAI,CAAC,MAAM,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,OAAO,EAAE;YACzC,IAAI;AACJ,YAAA,iBAAiB,EACf,OAAO,iBAAiB,KAAK;AAC3B,kBAAE,QAAQ,CAAC,OAAO,CAAC,iBAAiB;AACpC,kBAAE,iBAAiB;AACxB,SAAA,CAAC;QACF,IAAI,OAAO,EAAE;AACX,YAAA,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC;;QAEjD,IAAI,SAAS,EAAE;AACb,YAAA,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC;;;QAIrD,MAAM,kBAAkB,GAAG,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,MAAM,CAC1D,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM;AACvB,YAAA,GAAG,GAAG;AACN,YAAA,CAAC,UAAU,GAAG,CAAA,CAAE,GAAG,MAAM,CAAC,UAAU;SACrC,CAAC,EACF,EAAE,CACH;;QAGD,MAAM,wBAAwB,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,MAAM,KAAI;AAC9D,YAAA,IAAI,MAAM,CAAC,MAAM,EAAE;gBACjB,OAAO;AACL,oBAAA,GAAG,GAAG;oBACN,CAAC,CAAA,OAAA,EAAU,MAAM,CAAC,MAAM,EAAE,GAAG,MAAM,CAAC,UAAU;iBAC/C;;AAEH,YAAA,OAAO,GAAG;SACX,EAAE,EAAE,CAAC;;QAGN,IAAI,CAAC,OAAO,GAAG,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,UAAU,EAAE;YACnD,IAAI,EAAE,IAAI,CAAC,KAAK;AAChB,YAAA,WAAW,EAAE;AACX,gBAAA,iBAAiB,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;AACvC,gBAAA,GAAG,WAAW;AACd,gBAAA,GAAG,kBAAkB;AACrB,gBAAA,GAAG,wBAAwB;AAC5B,aAAA;YACD,OAAO;YACP,MAAM;YACN,YAAY;YACZ,UAAU;YACV,gBAAgB;YAChB,4BAA4B;YAC5B,OAAO;AACP,YAAA,OAAO,EACL,OAAO,OAAO,KAAK,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO;AACpE,SAAA,CAAC;;QAGF,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,KAAI;AAC3C,YAAA,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC;AAChC,SAAC,CAAC;;AAGF,QAAA,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,KAAI;AACzB,YAAA,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC;AACtB,YAAA,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC;AAChC,SAAC,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC;QAC9C,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC;AAC3C,QAAA,IAAI,CAAC,OAAO,CAAC,cAAc,CACzB,IAAI,kBAAkB,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,EAAE;YACjD,SAAS;AACV,SAAA,CAAC,CACH;QACD,IAAI,OAAO,EAAE;AACX,YAAA,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC;;QAElD,IAAI,SAAS,EAAE;AACb,YAAA,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC;;;;AAKxD,IAAA,IAAW,KAAK,GAAA;QACd,OAAO,IAAI,CAAC,MAAM;;AAGpB,IAAA,IAAW,MAAM,GAAA;QACf,OAAO,IAAI,CAAC,OAAO;;AAGrB,IAAA,IAAW,IAAI,GAAA;QACb,OAAO,IAAI,CAAC,KAAK;;;AAInB,IAAA,IAAW,WAAW,GAAA;AACpB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW;;AAGjC,IAAA,IAAW,YAAY,GAAA;AACrB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY;;AAGlC,IAAA,IAAW,cAAc,GAAA;AACvB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc;;AAGpC,IAAA,IAAW,IAAI,GAAA;AACb,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI;;AAG1B,IAAA,IAAW,YAAY,GAAA;AACrB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY;;AAGlC,IAAA,IAAW,WAAW,GAAA;AACpB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW;;AAGjC,IAAA,IAAW,YAAY,GAAA;AACrB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY;;AAGlC,IAAA,IAAW,aAAa,GAAA;AACtB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,aAAa;;AAGnC,IAAA,IAAW,eAAe,GAAA;AACxB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe;;AAGrC,IAAA,IAAW,0BAA0B,GAAA;AACnC,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,0BAA0B;;AAGzC,IAAA,cAAc,CAAC,MAA2B,EAAA;AAC/C,QAAA,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,MAAM,CAAC;;IAG9B,qBAAqB,CAC1B,EAAU,EACV,OAAyC,EAAA;QAEzC,OAAO,IAAI,CAAC,OAAO,CAAC,qBAAqB,CAAC,EAAE,EAAE,OAAO,CAAC;;AAGjD,IAAA,cAAc,CACnB,OAAmC,EAAA;QAEnC,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,OAAO,CAAC;;IAGtC,aAAa,CAAC,EAAU,EAAE,UAA6B,EAAA;QAC5D,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,EAAE,UAAU,CAAC;;AAGrC,IAAA,eAAe,CACpB,SAAwD,EAAA;AAExD,QAAA,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,SAAS,CAAC;;AAGlC,IAAA,oBAAoB,CAAC,OAAwC,EAAA;AAClE,QAAA,IAAI,CAAC,OAAO,CAAC,oBAAoB,CAAC,OAAO,CAAC;;AAGrC,IAAA,WAAW,CAChB,OAAiD,EAAA;QAEjD,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC;;AAGnC,IAAA,6BAA6B,CAClC,kBAAoE,EAAA;QAEpE,OAAO,IAAI,CAAC,OAAO,CAAC,6BAA6B,CAAC,kBAAkB,CAAC;;AAGhE,IAAA,cAAc,CACnB,OAAiD,EAAA;QAEjD,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,OAAO,CAAC;;IAGtC,MAAM,CACX,UAAkB,EAClB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,EAAE,KAAK,CAAC;;AAGxC,IAAA,cAAc,CACnB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,KAAK,CAAC;;AAGpC,IAAA,YAAY,CACjB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,KAAK,CAAC;;AAGlC,IAAA,iBAAiB,CACtB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC,KAAK,CAAC;;AAGvC,IAAA,eAAe,CACpB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC;;;AAIrC,IAAA,wBAAwB,CAAC,OAAuB,EAAA;QACrD,OAAO,IAAI,CAAC,OAAO,CAAC,wBAAwB,CAAC,OAAO,CAAC;;IAGhD,kBAAkB,CACvB,OAAuB,EACvB,OAAuB,EAAA;QAEvB,OAAO,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,OAAO,EAAE,OAAO,CAAC;;AAG1D,IAAA,IAAW,GAAG,GAAA;QACZ,OAAO;YACL,OAAO,EAAE,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,OAAO;YAC/B,MAAM,EAAE,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM;SAC9B;;AAGH,IAAA,IAAW,KAAK,GAAA;AACd,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK;;AAGpB,IAAA,kBAAkB,CAAC,MAAqB,EAAA;AAC7C,QAAA,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,CAAC;AACvC,QAAA,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC,MAAM,CAAC;;;AAIxC,IAAA,IAAW,IAAI,GAAA;AACb,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI;;AAGzB,IAAA,IAAW,QAAQ,GAAA;AACjB,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ;;AAG7B,IAAA,IAAW,SAAS,GAAA;AAClB,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS;;AAG9B,IAAA,IAAW,QAAQ,GAAA;AACjB,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ;;AAG7B,IAAA,IAAW,mBAAmB,GAAA;AAC5B,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,mBAAmB;;AAGjC,IAAA,mBAAmB,CACxB,SAA8B,EAAA;QAE9B,OAAO,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC,SAAS,CAAC;;AAG5C,IAAA,KAAK,CAAC,OAAuB,EAAE,GAAG,OAAiB,EAAA;QACxD,OAAO,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,GAAG,OAAO,CAAC;;AAGxC,IAAA,oBAAoB,CAAC,OAAuB,EAAA;QACjD,OAAO,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,OAAO,CAAC;;AAG3C,IAAA,UAAU,CAAC,OAAuB,EAAA;QACvC,OAAO,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC;;AAGjC,IAAA,iBAAiB,CAAC,OAAuB,EAAA;QAC9C,OAAO,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,OAAO,CAAC;;;AAIxC,IAAA,mCAAmC,CACxC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,mCAAmC,CAAC,KAAK,CAAC;;AAGxD,IAAA,wCAAwC,CAC7C,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,wCAAwC,CAAC,KAAK,CAAC;;AAG7D,IAAA,2CAA2C,CAChD,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,2CAA2C,CAAC,KAAK,CAAC;;AAGhE,IAAA,wCAAwC,CAC7C,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,wCAAwC,CAAC,KAAK,CAAC;;AAG7D,IAAA,2BAA2B,CAChC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,2BAA2B,CAAC,KAAK,CAAC;;AAGhD,IAAA,6BAA6B,CAClC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,6BAA6B,CAAC,KAAK,CAAC;;AAGlD,IAAA,8BAA8B,CACnC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,8BAA8B,CAAC,KAAK,CAAC;;AAGnD,IAAA,0BAA0B,CAC/B,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,0BAA0B,CAAC,KAAK,CAAC;;AAG/C,IAAA,qBAAqB,CAC1B,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC,KAAK,CAAC;;AAElD;;ACjZK,MAAO,2BAA4B,SAAQ,eAAe,CAAA;AAC9D,IAAA,WAAA,CACE,KAAgB,EAChB,EAAE,GAAG,iBAAiB,EACtB,KAA4B,EAAA;AAE5B,QAAA,MAAM,YAAY,GAAyB;AACzC,YAAA,MAAM,EAAE,mBAAmB;AAC3B,YAAA,OAAO,EAAE,GAAG,CAAC,IAAI,CAAC,GAAG;AACrB,YAAA,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS;AAC/B,YAAA,GAAG,KAAK;SACT;AAED,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,YAAY,CAAC;;AAEjC;;;;"}
1
+ {"version":3,"file":"index.js","sources":["../../../src/JaypieEnvSecret.ts","../../../src/JaypieHostedZone.ts","../../../src/JaypieMongoDbSecret.ts","../../../src/JaypieOpenAiSecret.ts","../../../src/JaypieQueuedLambda.ts","../../../src/JaypieSsoGroups.ts","../../../src/JaypieTraceSigningKeySecret.ts"],"sourcesContent":["import { Construct } from \"constructs\";\nimport {\n CfnOutput,\n Fn,\n SecretValue,\n Tags,\n RemovalPolicy,\n Stack,\n} from \"aws-cdk-lib\";\nimport * as secretsmanager from \"aws-cdk-lib/aws-secretsmanager\";\nimport { CDK } from \"@jaypie/cdk\";\nimport {\n ISecret,\n ISecretAttachmentTarget,\n RotationSchedule,\n RotationScheduleOptions,\n} from \"aws-cdk-lib/aws-secretsmanager\";\nimport { IKey } from \"aws-cdk-lib/aws-kms\";\nimport {\n Grant,\n IGrantable,\n PolicyStatement,\n AddToResourcePolicyResult,\n} from \"aws-cdk-lib/aws-iam\";\n\n// It is a consumer if the environment is ephemeral\nfunction checkEnvIsConsumer(env = process.env): boolean {\n return (\n env.PROJECT_ENV === CDK.ENV.PERSONAL ||\n !!env.CDK_ENV_PERSONAL ||\n /** @deprecated */ env.PROJECT_ENV === \"ephemeral\" ||\n /** @deprecated */ !!env.CDK_ENV_EPHEMERAL\n );\n}\n\nfunction checkEnvIsProvider(env = process.env): boolean {\n return env.PROJECT_ENV === CDK.ENV.SANDBOX;\n}\n\nfunction cleanName(name: string): string {\n return name.replace(/[^a-zA-Z0-9:-]/g, \"\");\n}\n\nfunction exportEnvName(name: string, env = process.env): string {\n let rawName;\n if (checkEnvIsProvider(env)) {\n rawName = `env-${env.PROJECT_ENV}-${env.PROJECT_KEY}-${name}`;\n // Clean the entire name to only allow alphanumeric, colons, and hyphens\n return cleanName(rawName);\n } else {\n if (checkEnvIsConsumer(env)) {\n rawName = `env-${CDK.ENV.SANDBOX}-${env.PROJECT_KEY}-${name}`;\n } else {\n rawName = `env-${env.PROJECT_ENV}-${env.PROJECT_KEY}-${name}`;\n }\n }\n return cleanName(rawName);\n}\n\nexport interface JaypieEnvSecretProps {\n consumer?: boolean;\n envKey?: string;\n export?: string;\n provider?: boolean;\n roleTag?: string;\n vendorTag?: string;\n value?: string;\n}\n\nexport class JaypieEnvSecret extends Construct implements ISecret {\n private readonly _envKey?: string;\n private readonly _secret: secretsmanager.ISecret;\n\n constructor(scope: Construct, id: string, props?: JaypieEnvSecretProps) {\n super(scope, id);\n\n const {\n consumer = checkEnvIsConsumer(),\n envKey,\n export: exportParam,\n provider = checkEnvIsProvider(),\n roleTag,\n vendorTag,\n value,\n } = props || {};\n\n this._envKey = envKey;\n\n let exportName;\n\n if (!exportParam) {\n exportName = exportEnvName(id);\n } else {\n exportName = cleanName(exportParam);\n }\n\n if (consumer) {\n const secretName = Fn.importValue(exportName);\n this._secret = secretsmanager.Secret.fromSecretNameV2(\n this,\n id,\n secretName,\n );\n\n // Add CfnOutput for consumer secrets\n new CfnOutput(this, `ConsumedName`, {\n value: this._secret.secretName,\n });\n } else {\n const secretValue =\n envKey && process.env[envKey] ? process.env[envKey] : value;\n\n const secretProps: secretsmanager.SecretProps = {\n secretStringValue: secretValue\n ? SecretValue.unsafePlainText(secretValue)\n : undefined,\n };\n\n this._secret = new secretsmanager.Secret(this, id, secretProps);\n\n if (roleTag) {\n Tags.of(this._secret).add(CDK.TAG.ROLE, roleTag);\n }\n\n if (vendorTag) {\n Tags.of(this._secret).add(CDK.TAG.VENDOR, vendorTag);\n }\n\n if (provider) {\n new CfnOutput(this, `ProvidedName`, {\n value: this._secret.secretName,\n exportName,\n });\n } else {\n new CfnOutput(this, `CreatedName`, {\n value: this._secret.secretName,\n });\n }\n }\n }\n\n // IResource implementation\n public get stack(): Stack {\n return Stack.of(this);\n }\n\n public get env(): { account: string; region: string } {\n return {\n account: Stack.of(this).account,\n region: Stack.of(this).region,\n };\n }\n\n public applyRemovalPolicy(policy: RemovalPolicy): void {\n this._secret.applyRemovalPolicy(policy);\n }\n\n // ISecret implementation\n public get secretArn(): string {\n return this._secret.secretArn;\n }\n\n public get secretName(): string {\n return this._secret.secretName;\n }\n\n public get secretFullArn(): string | undefined {\n return this._secret.secretFullArn;\n }\n\n public get encryptionKey(): IKey | undefined {\n return this._secret.encryptionKey;\n }\n\n public get secretValue(): SecretValue {\n return this._secret.secretValue;\n }\n\n public secretValueFromJson(key: string): SecretValue {\n return this._secret.secretValueFromJson(key);\n }\n\n public grantRead(grantee: IGrantable, versionStages?: string[]): Grant {\n return this._secret.grantRead(grantee, versionStages);\n }\n\n public grantWrite(grantee: IGrantable): Grant {\n return this._secret.grantWrite(grantee);\n }\n\n public addRotationSchedule(\n id: string,\n options: RotationScheduleOptions,\n ): RotationSchedule {\n return this._secret.addRotationSchedule(id, options);\n }\n\n public addToResourcePolicy(\n statement: PolicyStatement,\n ): AddToResourcePolicyResult {\n return this._secret.addToResourcePolicy(statement);\n }\n\n public denyAccountRootDelete(): void {\n this._secret.denyAccountRootDelete();\n }\n\n public attach(target: ISecretAttachmentTarget): ISecret {\n return this._secret.attach(target);\n }\n\n public get envKey(): string | undefined {\n return this._envKey;\n }\n}\n","import { CDK } from \"@jaypie/cdk\";\nimport * as cdk from \"aws-cdk-lib\";\nimport { ServicePrincipal } from \"aws-cdk-lib/aws-iam\";\nimport {\n LogGroup,\n FilterPattern,\n RetentionDays,\n ILogGroup,\n} from \"aws-cdk-lib/aws-logs\";\nimport { HostedZone, IHostedZone } from \"aws-cdk-lib/aws-route53\";\nimport { Construct } from \"constructs\";\nimport { LambdaDestination } from \"aws-cdk-lib/aws-logs-destinations\";\n\nconst SERVICE = {\n ROUTE53: \"route53.amazonaws.com\",\n} as const;\n\ninterface JaypieHostedZoneProps {\n /**\n * The domain name for the hosted zone\n */\n zoneName: string;\n /**\n * The service tag value\n * @default CDK.SERVICE.INFRASTRUCTURE\n */\n service?: string;\n /**\n * Optional project tag value\n */\n project?: string;\n /**\n * Optional log destination\n */\n destination?: LambdaDestination;\n}\n\nexport class JaypieHostedZone extends Construct {\n public readonly hostedZone: IHostedZone;\n public readonly logGroup: ILogGroup;\n\n /**\n * Create a new hosted zone with query logging\n */\n constructor(scope: Construct, id: string, props: JaypieHostedZoneProps) {\n super(scope, id);\n\n const { destination, zoneName, project } = props;\n const service = props.service || CDK.SERVICE.INFRASTRUCTURE;\n\n // Create the log group\n this.logGroup = new LogGroup(this, \"LogGroup\", {\n logGroupName: process.env.PROJECT_NONCE\n ? `/aws/route53/${zoneName}-${process.env.PROJECT_NONCE}`\n : `/aws/route53/${zoneName}`,\n retention: RetentionDays.ONE_WEEK,\n });\n\n // Add tags\n cdk.Tags.of(this.logGroup).add(CDK.TAG.SERVICE, service);\n cdk.Tags.of(this.logGroup).add(CDK.TAG.ROLE, CDK.ROLE.NETWORKING);\n if (project) {\n cdk.Tags.of(this.logGroup).add(CDK.TAG.PROJECT, project);\n }\n\n // Grant Route 53 permissions to write to the log group\n this.logGroup.grantWrite(new ServicePrincipal(SERVICE.ROUTE53));\n\n // Add destination if provided\n if (destination) {\n this.logGroup.addSubscriptionFilter(\"DatadogLambdaDestination\", {\n destination,\n filterPattern: FilterPattern.allEvents(),\n });\n }\n\n // Create the hosted zone\n this.hostedZone = new HostedZone(this, \"HostedZone\", {\n queryLogsLogGroupArn: this.logGroup.logGroupArn,\n zoneName,\n });\n\n // Add tags\n cdk.Tags.of(this.hostedZone).add(CDK.TAG.SERVICE, service);\n cdk.Tags.of(this.hostedZone).add(CDK.TAG.ROLE, CDK.ROLE.NETWORKING);\n if (project) {\n cdk.Tags.of(this.hostedZone).add(CDK.TAG.PROJECT, project);\n }\n }\n}\n","import { Construct } from \"constructs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport { JaypieEnvSecret, JaypieEnvSecretProps } from \"./JaypieEnvSecret\";\n\nexport class JaypieMongoDbSecret extends JaypieEnvSecret {\n constructor(\n scope: Construct,\n id = \"MongoConnectionString\",\n props?: JaypieEnvSecretProps,\n ) {\n const defaultProps: JaypieEnvSecretProps = {\n envKey: \"MONGODB_URI\",\n roleTag: CDK.ROLE.STORAGE,\n vendorTag: CDK.VENDOR.MONGODB,\n ...props,\n };\n\n super(scope, id, defaultProps);\n }\n}\n","import { Construct } from \"constructs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport { JaypieEnvSecret, JaypieEnvSecretProps } from \"./JaypieEnvSecret\";\n\nexport class JaypieOpenAiSecret extends JaypieEnvSecret {\n constructor(\n scope: Construct,\n id = \"OpenAiApiKey\",\n props?: JaypieEnvSecretProps,\n ) {\n const defaultProps: JaypieEnvSecretProps = {\n envKey: \"OPENAI_API_KEY\",\n roleTag: CDK.ROLE.PROCESSING,\n vendorTag: CDK.VENDOR.OPENAI,\n ...props,\n };\n\n super(scope, id, defaultProps);\n }\n}\n","import { Construct } from \"constructs\";\nimport { Duration, Tags, Stack, RemovalPolicy } from \"aws-cdk-lib\";\nimport * as lambda from \"aws-cdk-lib/aws-lambda\";\nimport * as sqs from \"aws-cdk-lib/aws-sqs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport * as lambdaEventSources from \"aws-cdk-lib/aws-lambda-event-sources\";\nimport * as iam from \"aws-cdk-lib/aws-iam\";\nimport * as cloudwatch from \"aws-cdk-lib/aws-cloudwatch\";\nimport * as kms from \"aws-cdk-lib/aws-kms\";\nimport * as secretsmanager from \"aws-cdk-lib/aws-secretsmanager\";\nimport { JaypieEnvSecret } from \"./JaypieEnvSecret.js\";\n\nexport interface JaypieQueuedLambdaProps {\n batchSize?: number;\n code: lambda.Code | string;\n environment?: { [key: string]: string };\n envSecrets?: { [key: string]: secretsmanager.ISecret };\n fifo?: boolean;\n handler: string;\n layers?: lambda.ILayerVersion[];\n logRetention?: number;\n memorySize?: number;\n paramsAndSecrets?: lambda.ParamsAndSecretsLayerVersion;\n reservedConcurrentExecutions?: number;\n roleTag?: string;\n runtime?: lambda.Runtime;\n secrets?: JaypieEnvSecret[];\n timeout?: Duration | number;\n vendorTag?: string;\n visibilityTimeout?: Duration | number;\n}\n\nexport class JaypieQueuedLambda\n extends Construct\n implements lambda.IFunction, sqs.IQueue\n{\n private readonly _queue: sqs.Queue;\n private readonly _lambda: lambda.Function;\n private readonly _code: lambda.Code;\n\n constructor(scope: Construct, id: string, props: JaypieQueuedLambdaProps) {\n super(scope, id);\n\n const {\n batchSize = 1,\n code,\n environment = {},\n envSecrets = {},\n fifo = true,\n handler = \"index.handler\",\n layers = [],\n logRetention = CDK.LAMBDA.LOG_RETENTION,\n memorySize = CDK.LAMBDA.MEMORY_SIZE,\n paramsAndSecrets,\n reservedConcurrentExecutions,\n roleTag,\n runtime = lambda.Runtime.NODEJS_20_X,\n secrets = [],\n timeout = Duration.seconds(CDK.DURATION.LAMBDA_WORKER),\n vendorTag,\n visibilityTimeout = Duration.seconds(CDK.DURATION.LAMBDA_WORKER),\n } = props;\n\n this._code = typeof code === \"string\" ? lambda.Code.fromAsset(code) : code;\n\n // Create SQS Queue\n this._queue = new sqs.Queue(this, \"Queue\", {\n fifo,\n visibilityTimeout:\n typeof visibilityTimeout === \"number\"\n ? Duration.seconds(visibilityTimeout)\n : visibilityTimeout,\n });\n if (roleTag) {\n Tags.of(this._queue).add(CDK.TAG.ROLE, roleTag);\n }\n if (vendorTag) {\n Tags.of(this._queue).add(CDK.TAG.VENDOR, vendorTag);\n }\n\n // Process secrets environment variables\n const secretsEnvironment = Object.entries(envSecrets).reduce(\n (acc, [key, secret]) => ({\n ...acc,\n [`SECRET_${key}`]: secret.secretName,\n }),\n {},\n );\n\n // Process JaypieEnvSecret array\n const jaypieSecretsEnvironment = secrets.reduce((acc, secret) => {\n if (secret.envKey) {\n return {\n ...acc,\n [`SECRET_${secret.envKey}`]: secret.secretName,\n };\n }\n return acc;\n }, {});\n\n // Create Lambda Function\n this._lambda = new lambda.Function(this, \"Function\", {\n code: this._code,\n environment: {\n CDK_ENV_QUEUE_URL: this._queue.queueUrl,\n ...environment,\n ...secretsEnvironment,\n ...jaypieSecretsEnvironment,\n },\n handler,\n layers,\n logRetention,\n memorySize,\n paramsAndSecrets,\n reservedConcurrentExecutions,\n runtime,\n timeout:\n typeof timeout === \"number\" ? Duration.seconds(timeout) : timeout,\n });\n\n // Grant secret read permissions\n Object.values(envSecrets).forEach((secret) => {\n secret.grantRead(this._lambda);\n });\n\n // Grant read permissions for JaypieEnvSecrets\n secrets.forEach((secret) => {\n secret.grantRead(this);\n secret.grantRead(this._lambda);\n });\n\n this._queue.grantConsumeMessages(this._lambda);\n this._queue.grantSendMessages(this._lambda);\n this._lambda.addEventSource(\n new lambdaEventSources.SqsEventSource(this._queue, {\n batchSize,\n }),\n );\n if (roleTag) {\n Tags.of(this._lambda).add(CDK.TAG.ROLE, roleTag);\n }\n if (vendorTag) {\n Tags.of(this._lambda).add(CDK.TAG.VENDOR, vendorTag);\n }\n }\n\n // Public accessors\n public get queue(): sqs.Queue {\n return this._queue;\n }\n\n public get lambda(): lambda.Function {\n return this._lambda;\n }\n\n public get code(): lambda.Code {\n return this._code;\n }\n\n // IFunction implementation\n public get functionArn(): string {\n return this._lambda.functionArn;\n }\n\n public get functionName(): string {\n return this._lambda.functionName;\n }\n\n public get grantPrincipal(): import(\"aws-cdk-lib/aws-iam\").IPrincipal {\n return this._lambda.grantPrincipal;\n }\n\n public get role(): import(\"aws-cdk-lib/aws-iam\").IRole | undefined {\n return this._lambda.role;\n }\n\n public get architecture(): lambda.Architecture {\n return this._lambda.architecture;\n }\n\n public get connections(): import(\"aws-cdk-lib/aws-ec2\").Connections {\n return this._lambda.connections;\n }\n\n public get isBoundToVpc(): boolean {\n return this._lambda.isBoundToVpc;\n }\n\n public get latestVersion(): lambda.IVersion {\n return this._lambda.latestVersion;\n }\n\n public get permissionsNode(): import(\"constructs\").Node {\n return this._lambda.permissionsNode;\n }\n\n public get resourceArnsForGrantInvoke(): string[] {\n return this._lambda.resourceArnsForGrantInvoke;\n }\n\n public addEventSource(source: lambda.IEventSource): void {\n this._lambda.addEventSource(source);\n }\n\n public addEventSourceMapping(\n id: string,\n options: lambda.EventSourceMappingOptions,\n ): lambda.EventSourceMapping {\n return this._lambda.addEventSourceMapping(id, options);\n }\n\n public addFunctionUrl(\n options?: lambda.FunctionUrlOptions,\n ): lambda.FunctionUrl {\n return this._lambda.addFunctionUrl(options);\n }\n\n public addPermission(id: string, permission: lambda.Permission): void {\n this._lambda.addPermission(id, permission);\n }\n\n public addToRolePolicy(\n statement: import(\"aws-cdk-lib/aws-iam\").PolicyStatement,\n ): void {\n this._lambda.addToRolePolicy(statement);\n }\n\n public configureAsyncInvoke(options: lambda.EventInvokeConfigOptions): void {\n this._lambda.configureAsyncInvoke(options);\n }\n\n public grantInvoke(\n grantee: import(\"aws-cdk-lib/aws-iam\").IGrantable,\n ): import(\"aws-cdk-lib/aws-iam\").Grant {\n return this._lambda.grantInvoke(grantee);\n }\n\n public grantInvokeCompositePrincipal(\n compositePrincipal: import(\"aws-cdk-lib/aws-iam\").CompositePrincipal,\n ): import(\"aws-cdk-lib/aws-iam\").Grant[] {\n return this._lambda.grantInvokeCompositePrincipal(compositePrincipal);\n }\n\n public grantInvokeUrl(\n grantee: import(\"aws-cdk-lib/aws-iam\").IGrantable,\n ): import(\"aws-cdk-lib/aws-iam\").Grant {\n return this._lambda.grantInvokeUrl(grantee);\n }\n\n public metric(\n metricName: string,\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metric(metricName, props);\n }\n\n public metricDuration(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricDuration(props);\n }\n\n public metricErrors(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricErrors(props);\n }\n\n public metricInvocations(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricInvocations(props);\n }\n\n public metricThrottles(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricThrottles(props);\n }\n\n // Additional IFunction implementation\n public grantInvokeLatestVersion(grantee: iam.IGrantable): iam.Grant {\n return this._lambda.grantInvokeLatestVersion(grantee);\n }\n\n public grantInvokeVersion(\n grantee: iam.IGrantable,\n version: lambda.Version,\n ): iam.Grant {\n return this._lambda.grantInvokeVersion(grantee, version);\n }\n\n public get env() {\n return {\n account: Stack.of(this).account,\n region: Stack.of(this).region,\n };\n }\n\n public get stack(): Stack {\n return this._lambda.stack;\n }\n\n public applyRemovalPolicy(policy: RemovalPolicy): void {\n this._lambda.applyRemovalPolicy(policy);\n this._queue.applyRemovalPolicy(policy);\n }\n\n // IQueue implementation\n public get fifo(): boolean {\n return this._queue.fifo;\n }\n\n public get queueArn(): string {\n return this._queue.queueArn;\n }\n\n public get queueName(): string {\n return this._queue.queueName;\n }\n\n public get queueUrl(): string {\n return this._queue.queueUrl;\n }\n\n public get encryptionMasterKey(): kms.IKey | undefined {\n return this._queue.encryptionMasterKey;\n }\n\n public addToResourcePolicy(\n statement: iam.PolicyStatement,\n ): iam.AddToResourcePolicyResult {\n return this._queue.addToResourcePolicy(statement);\n }\n\n public grant(grantee: iam.IGrantable, ...actions: string[]): iam.Grant {\n return this._queue.grant(grantee, ...actions);\n }\n\n public grantConsumeMessages(grantee: iam.IGrantable): iam.Grant {\n return this._queue.grantConsumeMessages(grantee);\n }\n\n public grantPurge(grantee: iam.IGrantable): iam.Grant {\n return this._queue.grantPurge(grantee);\n }\n\n public grantSendMessages(grantee: iam.IGrantable): iam.Grant {\n return this._queue.grantSendMessages(grantee);\n }\n\n // Queue metrics\n public metricApproximateAgeOfOldestMessage(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateAgeOfOldestMessage(props);\n }\n\n public metricApproximateNumberOfMessagesDelayed(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateNumberOfMessagesDelayed(props);\n }\n\n public metricApproximateNumberOfMessagesNotVisible(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateNumberOfMessagesNotVisible(props);\n }\n\n public metricApproximateNumberOfMessagesVisible(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateNumberOfMessagesVisible(props);\n }\n\n public metricNumberOfEmptyReceives(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfEmptyReceives(props);\n }\n\n public metricNumberOfMessagesDeleted(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfMessagesDeleted(props);\n }\n\n public metricNumberOfMessagesReceived(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfMessagesReceived(props);\n }\n\n public metricNumberOfMessagesSent(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfMessagesSent(props);\n }\n\n public metricSentMessageSize(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricSentMessageSize(props);\n }\n}\n","import { Construct } from \"constructs\";\nimport { Tags, Duration } from \"aws-cdk-lib\";\nimport * as sso from \"aws-cdk-lib/aws-sso\";\nimport { CDK } from \"@jaypie/cdk\";\n\n/**\n * Account categories for SSO group assignments\n */\nexport interface JaypieSsoAccountMap {\n development: string[];\n management: string[];\n operations: string[];\n production: string[];\n sandbox: string[];\n security: string[];\n stage: string[];\n}\n\n/**\n * Mapping of group types to Google Workspace group GUIDs\n */\nexport interface JaypieSsoGroupMap {\n administrators: string;\n analysts: string;\n developers: string;\n}\n\n/**\n * Properties for the JaypieSsoGroups construct\n */\nexport interface JaypieSsoGroupsProps {\n /**\n * ARN of the IAM Identity Center instance\n */\n instanceArn: string;\n\n /**\n * Mapping of account categories to AWS account IDs\n */\n accountMap: JaypieSsoAccountMap;\n\n /**\n * Mapping of group types to Google Workspace group GUIDs\n */\n groupMap: JaypieSsoGroupMap;\n}\n\n/**\n * Permission set types with corresponding AWS managed policies\n */\nexport enum PermissionSetType {\n ADMINISTRATOR = \"Administrator\",\n ANALYST = \"Analyst\",\n DEVELOPER = \"Developer\",\n}\n\n/**\n * Construct to simplify AWS SSO group management.\n * This construct encapsulates the complexity of creating permission sets\n * and assigning them to groups across multiple AWS accounts.\n */\nexport class JaypieSsoGroups extends Construct {\n private readonly permissionSets: Record<\n PermissionSetType,\n sso.CfnPermissionSet\n > = {} as Record<PermissionSetType, sso.CfnPermissionSet>;\n private readonly instanceArn: string;\n\n constructor(scope: Construct, id: string, props: JaypieSsoGroupsProps) {\n super(scope, id);\n\n this.instanceArn = props.instanceArn;\n\n // Create the permission sets\n this.createAdministratorPermissionSet();\n this.createAnalystPermissionSet();\n this.createDeveloperPermissionSet();\n\n // Create the assignments\n this.createPermissionSetAssignments(props);\n }\n\n /**\n * Creates the Administrator permission set with AdministratorAccess policy\n * and billing access\n */\n private createAdministratorPermissionSet(): void {\n const permissionSet = new sso.CfnPermissionSet(\n this,\n \"AdministratorPermissionSet\",\n {\n instanceArn: this.instanceArn,\n name: PermissionSetType.ADMINISTRATOR,\n description:\n \"Full administrative access to all AWS services and resources\",\n sessionDuration: Duration.hours(8).toIsoString(),\n managedPolicies: [\"arn:aws:iam::aws:policy/AdministratorAccess\"],\n inlinePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Effect: \"Allow\",\n Action: [\n \"aws-portal:ViewBilling\",\n \"aws-portal:ModifyBilling\",\n \"aws-portal:ViewAccount\",\n \"aws-portal:ModifyAccount\",\n \"budgets:ViewBudget\",\n \"budgets:ModifyBudget\",\n ],\n Resource: \"*\",\n },\n ],\n },\n },\n );\n\n Tags.of(permissionSet).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n\n this.permissionSets[PermissionSetType.ADMINISTRATOR] = permissionSet;\n }\n\n /**\n * Creates the Analyst permission set with ReadOnlyAccess policy\n * and limited write access\n */\n private createAnalystPermissionSet(): void {\n const permissionSet = new sso.CfnPermissionSet(\n this,\n \"AnalystPermissionSet\",\n {\n instanceArn: this.instanceArn,\n name: PermissionSetType.ANALYST,\n description:\n \"Read-only access with billing visibility and limited write access\",\n sessionDuration: Duration.hours(4).toIsoString(),\n managedPolicies: [\"arn:aws:iam::aws:policy/ReadOnlyAccess\"],\n inlinePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Effect: \"Allow\",\n Action: [\n \"aws-portal:ViewBilling\",\n \"aws-portal:ViewAccount\",\n \"budgets:ViewBudget\",\n \"cloudwatch:PutDashboard\",\n \"cloudwatch:PutMetricData\",\n \"s3:PutObject\",\n \"s3:GetObject\",\n \"s3:ListBucket\",\n ],\n Resource: \"*\",\n },\n ],\n },\n },\n );\n\n Tags.of(permissionSet).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n\n this.permissionSets[PermissionSetType.ANALYST] = permissionSet;\n }\n\n /**\n * Creates the Developer permission set with SystemAdministrator policy\n * and expanded write access\n */\n private createDeveloperPermissionSet(): void {\n const permissionSet = new sso.CfnPermissionSet(\n this,\n \"DeveloperPermissionSet\",\n {\n instanceArn: this.instanceArn,\n name: PermissionSetType.DEVELOPER,\n description:\n \"System administrator access with expanded write permissions\",\n sessionDuration: Duration.hours(8).toIsoString(),\n managedPolicies: [\n \"arn:aws:iam::aws:policy/job-function/SystemAdministrator\",\n ],\n inlinePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Effect: \"Allow\",\n Action: [\n \"cloudwatch:*\",\n \"logs:*\",\n \"lambda:*\",\n \"apigateway:*\",\n \"dynamodb:*\",\n \"s3:*\",\n \"sns:*\",\n \"sqs:*\",\n \"events:*\",\n \"ecr:*\",\n \"ecs:*\",\n \"codebuild:*\",\n ],\n Resource: \"*\",\n },\n {\n Effect: \"Deny\",\n Action: [\n \"iam:*User*\",\n \"iam:*Role*\",\n \"iam:*Policy*\",\n \"organizations:*\",\n \"account:*\",\n ],\n Resource: \"*\",\n },\n ],\n },\n },\n );\n\n Tags.of(permissionSet).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n\n this.permissionSets[PermissionSetType.DEVELOPER] = permissionSet;\n }\n\n /**\n * Gets the permission set for the specified type\n */\n public getPermissionSet(type: PermissionSetType): sso.CfnPermissionSet {\n return this.permissionSets[type];\n }\n\n /**\n * Creates assignments between permission sets, groups, and accounts\n * based on the provided configuration\n */\n private createPermissionSetAssignments(props: JaypieSsoGroupsProps): void {\n // Administrator assignments\n this.assignAdministratorPermissions(props);\n\n // Analyst assignments\n this.assignAnalystPermissions(props);\n\n // Developer assignments\n this.assignDeveloperPermissions(props);\n }\n\n /**\n * Assigns Administrator permissions to appropriate accounts\n */\n private assignAdministratorPermissions(props: JaypieSsoGroupsProps): void {\n const administratorGroup = props.groupMap.administrators;\n const administratorPermissionSet =\n this.permissionSets[PermissionSetType.ADMINISTRATOR];\n\n // Administrators get access to all accounts\n const allAccounts = [\n ...props.accountMap.development,\n ...props.accountMap.management,\n ...props.accountMap.operations,\n ...props.accountMap.production,\n ...props.accountMap.sandbox,\n ...props.accountMap.security,\n ...props.accountMap.stage,\n ];\n\n // Create assignments for each account\n allAccounts.forEach((accountId, index) => {\n const assignment = new sso.CfnAssignment(\n this,\n `AdministratorAssignment${index}`,\n {\n instanceArn: this.instanceArn,\n permissionSetArn: administratorPermissionSet.attrPermissionSetArn,\n principalId: administratorGroup,\n principalType: \"GROUP\",\n targetId: accountId,\n targetType: \"AWS_ACCOUNT\",\n },\n );\n\n Tags.of(assignment).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n Tags.of(assignment).add(\"Group\", \"administrators\");\n });\n }\n\n /**\n * Assigns Analyst permissions to appropriate accounts\n */\n private assignAnalystPermissions(props: JaypieSsoGroupsProps): void {\n const analystGroup = props.groupMap.analysts;\n const analystPermissionSet = this.permissionSets[PermissionSetType.ANALYST];\n\n // Analysts get access to development, management, sandbox, and stage accounts\n const analystAccounts = [\n ...props.accountMap.development,\n ...props.accountMap.management,\n ...props.accountMap.sandbox,\n ...props.accountMap.stage,\n ];\n\n // Create assignments for each account\n analystAccounts.forEach((accountId, index) => {\n const assignment = new sso.CfnAssignment(\n this,\n `AnalystAssignment${index}`,\n {\n instanceArn: this.instanceArn,\n permissionSetArn: analystPermissionSet.attrPermissionSetArn,\n principalId: analystGroup,\n principalType: \"GROUP\",\n targetId: accountId,\n targetType: \"AWS_ACCOUNT\",\n },\n );\n\n Tags.of(assignment).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n Tags.of(assignment).add(\"Group\", \"analysts\");\n });\n }\n\n /**\n * Assigns Developer permissions to appropriate accounts\n */\n private assignDeveloperPermissions(props: JaypieSsoGroupsProps): void {\n const developerGroup = props.groupMap.developers;\n const developerPermissionSet =\n this.permissionSets[PermissionSetType.DEVELOPER];\n\n // Developers get access to development, sandbox, and stage accounts\n const developerAccounts = [\n ...props.accountMap.development,\n ...props.accountMap.sandbox,\n ...props.accountMap.stage,\n ];\n\n // Create assignments for each account\n developerAccounts.forEach((accountId, index) => {\n const assignment = new sso.CfnAssignment(\n this,\n `DeveloperAssignment${index}`,\n {\n instanceArn: this.instanceArn,\n permissionSetArn: developerPermissionSet.attrPermissionSetArn,\n principalId: developerGroup,\n principalType: \"GROUP\",\n targetId: accountId,\n targetType: \"AWS_ACCOUNT\",\n },\n );\n\n Tags.of(assignment).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n Tags.of(assignment).add(\"Group\", \"developers\");\n });\n }\n}\n","import { Construct } from \"constructs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport { JaypieEnvSecret, JaypieEnvSecretProps } from \"./JaypieEnvSecret\";\n\nexport class JaypieTraceSigningKeySecret extends JaypieEnvSecret {\n constructor(\n scope: Construct,\n id = \"TraceSigningKey\",\n props?: JaypieEnvSecretProps,\n ) {\n const defaultProps: JaypieEnvSecretProps = {\n envKey: \"TRACE_SIGNING_KEY\",\n roleTag: CDK.ROLE.API,\n vendorTag: CDK.VENDOR.KNOWTRACE,\n ...props,\n };\n\n super(scope, id, defaultProps);\n }\n}\n"],"names":[],"mappings":";;;;;;;;;;;;;AAyBA;AACA,SAAS,kBAAkB,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,EAAA;IAC3C,QACE,GAAG,CAAC,WAAW,KAAK,GAAG,CAAC,GAAG,CAAC,QAAQ;QACpC,CAAC,CAAC,GAAG,CAAC,gBAAgB;AACtB,2BAAmB,GAAG,CAAC,WAAW,KAAK,WAAW;AAClD,2BAAmB,CAAC,CAAC,GAAG,CAAC,iBAAiB;AAE9C;AAEA,SAAS,kBAAkB,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,EAAA;IAC3C,OAAO,GAAG,CAAC,WAAW,KAAK,GAAG,CAAC,GAAG,CAAC,OAAO;AAC5C;AAEA,SAAS,SAAS,CAAC,IAAY,EAAA;IAC7B,OAAO,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,EAAE,CAAC;AAC5C;AAEA,SAAS,aAAa,CAAC,IAAY,EAAE,GAAG,GAAG,OAAO,CAAC,GAAG,EAAA;AACpD,IAAA,IAAI,OAAO;AACX,IAAA,IAAI,kBAAkB,CAAC,GAAG,CAAC,EAAE;AAC3B,QAAA,OAAO,GAAG,CAAA,IAAA,EAAO,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,IAAI,CAAA,CAAE;;AAE7D,QAAA,OAAO,SAAS,CAAC,OAAO,CAAC;;SACpB;AACL,QAAA,IAAI,kBAAkB,CAAC,GAAG,CAAC,EAAE;AAC3B,YAAA,OAAO,GAAG,CAAA,IAAA,EAAO,GAAG,CAAC,GAAG,CAAC,OAAO,CAAI,CAAA,EAAA,GAAG,CAAC,WAAW,CAAI,CAAA,EAAA,IAAI,EAAE;;aACxD;AACL,YAAA,OAAO,GAAG,CAAA,IAAA,EAAO,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,IAAI,CAAA,CAAE;;;AAGjE,IAAA,OAAO,SAAS,CAAC,OAAO,CAAC;AAC3B;AAYM,MAAO,eAAgB,SAAQ,SAAS,CAAA;AAI5C,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA4B,EAAA;AACpE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;QAEhB,MAAM,EACJ,QAAQ,GAAG,kBAAkB,EAAE,EAC/B,MAAM,EACN,MAAM,EAAE,WAAW,EACnB,QAAQ,GAAG,kBAAkB,EAAE,EAC/B,OAAO,EACP,SAAS,EACT,KAAK,GACN,GAAG,KAAK,IAAI,EAAE;AAEf,QAAA,IAAI,CAAC,OAAO,GAAG,MAAM;AAErB,QAAA,IAAI,UAAU;QAEd,IAAI,CAAC,WAAW,EAAE;AAChB,YAAA,UAAU,GAAG,aAAa,CAAC,EAAE,CAAC;;aACzB;AACL,YAAA,UAAU,GAAG,SAAS,CAAC,WAAW,CAAC;;QAGrC,IAAI,QAAQ,EAAE;YACZ,MAAM,UAAU,GAAG,EAAE,CAAC,WAAW,CAAC,UAAU,CAAC;AAC7C,YAAA,IAAI,CAAC,OAAO,GAAG,cAAc,CAAC,MAAM,CAAC,gBAAgB,CACnD,IAAI,EACJ,EAAE,EACF,UAAU,CACX;;AAGD,YAAA,IAAI,SAAS,CAAC,IAAI,EAAE,cAAc,EAAE;AAClC,gBAAA,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU;AAC/B,aAAA,CAAC;;aACG;YACL,MAAM,WAAW,GACf,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,KAAK;AAE7D,YAAA,MAAM,WAAW,GAA+B;AAC9C,gBAAA,iBAAiB,EAAE;AACjB,sBAAE,WAAW,CAAC,eAAe,CAAC,WAAW;AACzC,sBAAE,SAAS;aACd;AAED,YAAA,IAAI,CAAC,OAAO,GAAG,IAAI,cAAc,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,EAAE,WAAW,CAAC;YAE/D,IAAI,OAAO,EAAE;AACX,gBAAA,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC;;YAGlD,IAAI,SAAS,EAAE;AACb,gBAAA,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC;;YAGtD,IAAI,QAAQ,EAAE;AACZ,gBAAA,IAAI,SAAS,CAAC,IAAI,EAAE,cAAc,EAAE;AAClC,oBAAA,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU;oBAC9B,UAAU;AACX,iBAAA,CAAC;;iBACG;AACL,gBAAA,IAAI,SAAS,CAAC,IAAI,EAAE,aAAa,EAAE;AACjC,oBAAA,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU;AAC/B,iBAAA,CAAC;;;;;AAMR,IAAA,IAAW,KAAK,GAAA;AACd,QAAA,OAAO,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC;;AAGvB,IAAA,IAAW,GAAG,GAAA;QACZ,OAAO;YACL,OAAO,EAAE,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,OAAO;YAC/B,MAAM,EAAE,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM;SAC9B;;AAGI,IAAA,kBAAkB,CAAC,MAAqB,EAAA;AAC7C,QAAA,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,CAAC;;;AAIzC,IAAA,IAAW,SAAS,GAAA;AAClB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS;;AAG/B,IAAA,IAAW,UAAU,GAAA;AACnB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU;;AAGhC,IAAA,IAAW,aAAa,GAAA;AACtB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,aAAa;;AAGnC,IAAA,IAAW,aAAa,GAAA;AACtB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,aAAa;;AAGnC,IAAA,IAAW,WAAW,GAAA;AACpB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW;;AAG1B,IAAA,mBAAmB,CAAC,GAAW,EAAA;QACpC,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,GAAG,CAAC;;IAGvC,SAAS,CAAC,OAAmB,EAAE,aAAwB,EAAA;QAC5D,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,OAAO,EAAE,aAAa,CAAC;;AAGhD,IAAA,UAAU,CAAC,OAAmB,EAAA;QACnC,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC;;IAGlC,mBAAmB,CACxB,EAAU,EACV,OAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,EAAE,EAAE,OAAO,CAAC;;AAG/C,IAAA,mBAAmB,CACxB,SAA0B,EAAA;QAE1B,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,SAAS,CAAC;;IAG7C,qBAAqB,GAAA;AAC1B,QAAA,IAAI,CAAC,OAAO,CAAC,qBAAqB,EAAE;;AAG/B,IAAA,MAAM,CAAC,MAA+B,EAAA;QAC3C,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC;;AAGpC,IAAA,IAAW,MAAM,GAAA;QACf,OAAO,IAAI,CAAC,OAAO;;AAEtB;;ACzMD,MAAM,OAAO,GAAG;AACd,IAAA,OAAO,EAAE,uBAAuB;CACxB;AAsBJ,MAAO,gBAAiB,SAAQ,SAAS,CAAA;AAI7C;;AAEG;AACH,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA4B,EAAA;AACpE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;QAEhB,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,OAAO,EAAE,GAAG,KAAK;QAChD,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,IAAI,GAAG,CAAC,OAAO,CAAC,cAAc;;QAG3D,IAAI,CAAC,QAAQ,GAAG,IAAI,QAAQ,CAAC,IAAI,EAAE,UAAU,EAAE;AAC7C,YAAA,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC;kBACtB,gBAAgB,QAAQ,CAAA,CAAA,EAAI,OAAO,CAAC,GAAG,CAAC,aAAa,CAAE;kBACvD,CAAgB,aAAA,EAAA,QAAQ,CAAE,CAAA;YAC9B,SAAS,EAAE,aAAa,CAAC,QAAQ;AAClC,SAAA,CAAC;;QAGF,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;QACxD,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC;QACjE,IAAI,OAAO,EAAE;YACX,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;;;AAI1D,QAAA,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,gBAAgB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;;QAG/D,IAAI,WAAW,EAAE;AACf,YAAA,IAAI,CAAC,QAAQ,CAAC,qBAAqB,CAAC,0BAA0B,EAAE;gBAC9D,WAAW;AACX,gBAAA,aAAa,EAAE,aAAa,CAAC,SAAS,EAAE;AACzC,aAAA,CAAC;;;QAIJ,IAAI,CAAC,UAAU,GAAG,IAAI,UAAU,CAAC,IAAI,EAAE,YAAY,EAAE;AACnD,YAAA,oBAAoB,EAAE,IAAI,CAAC,QAAQ,CAAC,WAAW;YAC/C,QAAQ;AACT,SAAA,CAAC;;QAGF,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;QAC1D,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC;QACnE,IAAI,OAAO,EAAE;YACX,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;;;AAG/D;;ACrFK,MAAO,mBAAoB,SAAQ,eAAe,CAAA;AACtD,IAAA,WAAA,CACE,KAAgB,EAChB,EAAE,GAAG,uBAAuB,EAC5B,KAA4B,EAAA;AAE5B,QAAA,MAAM,YAAY,GAAyB;AACzC,YAAA,MAAM,EAAE,aAAa;AACrB,YAAA,OAAO,EAAE,GAAG,CAAC,IAAI,CAAC,OAAO;AACzB,YAAA,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,OAAO;AAC7B,YAAA,GAAG,KAAK;SACT;AAED,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,YAAY,CAAC;;AAEjC;;ACfK,MAAO,kBAAmB,SAAQ,eAAe,CAAA;AACrD,IAAA,WAAA,CACE,KAAgB,EAChB,EAAE,GAAG,cAAc,EACnB,KAA4B,EAAA;AAE5B,QAAA,MAAM,YAAY,GAAyB;AACzC,YAAA,MAAM,EAAE,gBAAgB;AACxB,YAAA,OAAO,EAAE,GAAG,CAAC,IAAI,CAAC,UAAU;AAC5B,YAAA,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,MAAM;AAC5B,YAAA,GAAG,KAAK;SACT;AAED,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,YAAY,CAAC;;AAEjC;;ACaK,MAAO,kBACX,SAAQ,SAAS,CAAA;AAOjB,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA8B,EAAA;AACtE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;AAEhB,QAAA,MAAM,EACJ,SAAS,GAAG,CAAC,EACb,IAAI,EACJ,WAAW,GAAG,EAAE,EAChB,UAAU,GAAG,EAAE,EACf,IAAI,GAAG,IAAI,EACX,OAAO,GAAG,eAAe,EACzB,MAAM,GAAG,EAAE,EACX,YAAY,GAAG,GAAG,CAAC,MAAM,CAAC,aAAa,EACvC,UAAU,GAAG,GAAG,CAAC,MAAM,CAAC,WAAW,EACnC,gBAAgB,EAChB,4BAA4B,EAC5B,OAAO,EACP,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,WAAW,EACpC,OAAO,GAAG,EAAE,EACZ,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,EACtD,SAAS,EACT,iBAAiB,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,GACjE,GAAG,KAAK;QAET,IAAI,CAAC,KAAK,GAAG,OAAO,IAAI,KAAK,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,IAAI;;QAG1E,IAAI,CAAC,MAAM,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,OAAO,EAAE;YACzC,IAAI;AACJ,YAAA,iBAAiB,EACf,OAAO,iBAAiB,KAAK;AAC3B,kBAAE,QAAQ,CAAC,OAAO,CAAC,iBAAiB;AACpC,kBAAE,iBAAiB;AACxB,SAAA,CAAC;QACF,IAAI,OAAO,EAAE;AACX,YAAA,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC;;QAEjD,IAAI,SAAS,EAAE;AACb,YAAA,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC;;;QAIrD,MAAM,kBAAkB,GAAG,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,MAAM,CAC1D,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM;AACvB,YAAA,GAAG,GAAG;AACN,YAAA,CAAC,UAAU,GAAG,CAAA,CAAE,GAAG,MAAM,CAAC,UAAU;SACrC,CAAC,EACF,EAAE,CACH;;QAGD,MAAM,wBAAwB,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,MAAM,KAAI;AAC9D,YAAA,IAAI,MAAM,CAAC,MAAM,EAAE;gBACjB,OAAO;AACL,oBAAA,GAAG,GAAG;oBACN,CAAC,CAAA,OAAA,EAAU,MAAM,CAAC,MAAM,EAAE,GAAG,MAAM,CAAC,UAAU;iBAC/C;;AAEH,YAAA,OAAO,GAAG;SACX,EAAE,EAAE,CAAC;;QAGN,IAAI,CAAC,OAAO,GAAG,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,UAAU,EAAE;YACnD,IAAI,EAAE,IAAI,CAAC,KAAK;AAChB,YAAA,WAAW,EAAE;AACX,gBAAA,iBAAiB,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;AACvC,gBAAA,GAAG,WAAW;AACd,gBAAA,GAAG,kBAAkB;AACrB,gBAAA,GAAG,wBAAwB;AAC5B,aAAA;YACD,OAAO;YACP,MAAM;YACN,YAAY;YACZ,UAAU;YACV,gBAAgB;YAChB,4BAA4B;YAC5B,OAAO;AACP,YAAA,OAAO,EACL,OAAO,OAAO,KAAK,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO;AACpE,SAAA,CAAC;;QAGF,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,KAAI;AAC3C,YAAA,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC;AAChC,SAAC,CAAC;;AAGF,QAAA,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,KAAI;AACzB,YAAA,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC;AACtB,YAAA,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC;AAChC,SAAC,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC;QAC9C,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC;AAC3C,QAAA,IAAI,CAAC,OAAO,CAAC,cAAc,CACzB,IAAI,kBAAkB,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,EAAE;YACjD,SAAS;AACV,SAAA,CAAC,CACH;QACD,IAAI,OAAO,EAAE;AACX,YAAA,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC;;QAElD,IAAI,SAAS,EAAE;AACb,YAAA,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC;;;;AAKxD,IAAA,IAAW,KAAK,GAAA;QACd,OAAO,IAAI,CAAC,MAAM;;AAGpB,IAAA,IAAW,MAAM,GAAA;QACf,OAAO,IAAI,CAAC,OAAO;;AAGrB,IAAA,IAAW,IAAI,GAAA;QACb,OAAO,IAAI,CAAC,KAAK;;;AAInB,IAAA,IAAW,WAAW,GAAA;AACpB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW;;AAGjC,IAAA,IAAW,YAAY,GAAA;AACrB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY;;AAGlC,IAAA,IAAW,cAAc,GAAA;AACvB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc;;AAGpC,IAAA,IAAW,IAAI,GAAA;AACb,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI;;AAG1B,IAAA,IAAW,YAAY,GAAA;AACrB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY;;AAGlC,IAAA,IAAW,WAAW,GAAA;AACpB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW;;AAGjC,IAAA,IAAW,YAAY,GAAA;AACrB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY;;AAGlC,IAAA,IAAW,aAAa,GAAA;AACtB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,aAAa;;AAGnC,IAAA,IAAW,eAAe,GAAA;AACxB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe;;AAGrC,IAAA,IAAW,0BAA0B,GAAA;AACnC,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,0BAA0B;;AAGzC,IAAA,cAAc,CAAC,MAA2B,EAAA;AAC/C,QAAA,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,MAAM,CAAC;;IAG9B,qBAAqB,CAC1B,EAAU,EACV,OAAyC,EAAA;QAEzC,OAAO,IAAI,CAAC,OAAO,CAAC,qBAAqB,CAAC,EAAE,EAAE,OAAO,CAAC;;AAGjD,IAAA,cAAc,CACnB,OAAmC,EAAA;QAEnC,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,OAAO,CAAC;;IAGtC,aAAa,CAAC,EAAU,EAAE,UAA6B,EAAA;QAC5D,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,EAAE,UAAU,CAAC;;AAGrC,IAAA,eAAe,CACpB,SAAwD,EAAA;AAExD,QAAA,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,SAAS,CAAC;;AAGlC,IAAA,oBAAoB,CAAC,OAAwC,EAAA;AAClE,QAAA,IAAI,CAAC,OAAO,CAAC,oBAAoB,CAAC,OAAO,CAAC;;AAGrC,IAAA,WAAW,CAChB,OAAiD,EAAA;QAEjD,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC;;AAGnC,IAAA,6BAA6B,CAClC,kBAAoE,EAAA;QAEpE,OAAO,IAAI,CAAC,OAAO,CAAC,6BAA6B,CAAC,kBAAkB,CAAC;;AAGhE,IAAA,cAAc,CACnB,OAAiD,EAAA;QAEjD,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,OAAO,CAAC;;IAGtC,MAAM,CACX,UAAkB,EAClB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,EAAE,KAAK,CAAC;;AAGxC,IAAA,cAAc,CACnB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,KAAK,CAAC;;AAGpC,IAAA,YAAY,CACjB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,KAAK,CAAC;;AAGlC,IAAA,iBAAiB,CACtB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC,KAAK,CAAC;;AAGvC,IAAA,eAAe,CACpB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC;;;AAIrC,IAAA,wBAAwB,CAAC,OAAuB,EAAA;QACrD,OAAO,IAAI,CAAC,OAAO,CAAC,wBAAwB,CAAC,OAAO,CAAC;;IAGhD,kBAAkB,CACvB,OAAuB,EACvB,OAAuB,EAAA;QAEvB,OAAO,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,OAAO,EAAE,OAAO,CAAC;;AAG1D,IAAA,IAAW,GAAG,GAAA;QACZ,OAAO;YACL,OAAO,EAAE,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,OAAO;YAC/B,MAAM,EAAE,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM;SAC9B;;AAGH,IAAA,IAAW,KAAK,GAAA;AACd,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK;;AAGpB,IAAA,kBAAkB,CAAC,MAAqB,EAAA;AAC7C,QAAA,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,CAAC;AACvC,QAAA,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC,MAAM,CAAC;;;AAIxC,IAAA,IAAW,IAAI,GAAA;AACb,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI;;AAGzB,IAAA,IAAW,QAAQ,GAAA;AACjB,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ;;AAG7B,IAAA,IAAW,SAAS,GAAA;AAClB,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS;;AAG9B,IAAA,IAAW,QAAQ,GAAA;AACjB,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ;;AAG7B,IAAA,IAAW,mBAAmB,GAAA;AAC5B,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,mBAAmB;;AAGjC,IAAA,mBAAmB,CACxB,SAA8B,EAAA;QAE9B,OAAO,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC,SAAS,CAAC;;AAG5C,IAAA,KAAK,CAAC,OAAuB,EAAE,GAAG,OAAiB,EAAA;QACxD,OAAO,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,GAAG,OAAO,CAAC;;AAGxC,IAAA,oBAAoB,CAAC,OAAuB,EAAA;QACjD,OAAO,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,OAAO,CAAC;;AAG3C,IAAA,UAAU,CAAC,OAAuB,EAAA;QACvC,OAAO,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC;;AAGjC,IAAA,iBAAiB,CAAC,OAAuB,EAAA;QAC9C,OAAO,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,OAAO,CAAC;;;AAIxC,IAAA,mCAAmC,CACxC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,mCAAmC,CAAC,KAAK,CAAC;;AAGxD,IAAA,wCAAwC,CAC7C,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,wCAAwC,CAAC,KAAK,CAAC;;AAG7D,IAAA,2CAA2C,CAChD,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,2CAA2C,CAAC,KAAK,CAAC;;AAGhE,IAAA,wCAAwC,CAC7C,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,wCAAwC,CAAC,KAAK,CAAC;;AAG7D,IAAA,2BAA2B,CAChC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,2BAA2B,CAAC,KAAK,CAAC;;AAGhD,IAAA,6BAA6B,CAClC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,6BAA6B,CAAC,KAAK,CAAC;;AAGlD,IAAA,8BAA8B,CACnC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,8BAA8B,CAAC,KAAK,CAAC;;AAGnD,IAAA,0BAA0B,CAC/B,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,0BAA0B,CAAC,KAAK,CAAC;;AAG/C,IAAA,qBAAqB,CAC1B,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC,KAAK,CAAC;;AAElD;;ACtWD;;AAEG;IACS;AAAZ,CAAA,UAAY,iBAAiB,EAAA;AAC3B,IAAA,iBAAA,CAAA,eAAA,CAAA,GAAA,eAA+B;AAC/B,IAAA,iBAAA,CAAA,SAAA,CAAA,GAAA,SAAmB;AACnB,IAAA,iBAAA,CAAA,WAAA,CAAA,GAAA,WAAuB;AACzB,CAAC,EAJW,iBAAiB,KAAjB,iBAAiB,GAI5B,EAAA,CAAA,CAAA;AAED;;;;AAIG;AACG,MAAO,eAAgB,SAAQ,SAAS,CAAA;AAO5C,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA2B,EAAA;AACnE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;QAPD,IAAc,CAAA,cAAA,GAG3B,EAAqD;AAMvD,QAAA,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC,WAAW;;QAGpC,IAAI,CAAC,gCAAgC,EAAE;QACvC,IAAI,CAAC,0BAA0B,EAAE;QACjC,IAAI,CAAC,4BAA4B,EAAE;;AAGnC,QAAA,IAAI,CAAC,8BAA8B,CAAC,KAAK,CAAC;;AAG5C;;;AAGG;IACK,gCAAgC,GAAA;QACtC,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,gBAAgB,CAC5C,IAAI,EACJ,4BAA4B,EAC5B;YACE,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,IAAI,EAAE,iBAAiB,CAAC,aAAa;AACrC,YAAA,WAAW,EACT,8DAA8D;YAChE,eAAe,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE;YAChD,eAAe,EAAE,CAAC,6CAA6C,CAAC;AAChE,YAAA,YAAY,EAAE;AACZ,gBAAA,OAAO,EAAE,YAAY;AACrB,gBAAA,SAAS,EAAE;AACT,oBAAA;AACE,wBAAA,MAAM,EAAE,OAAO;AACf,wBAAA,MAAM,EAAE;4BACN,wBAAwB;4BACxB,0BAA0B;4BAC1B,wBAAwB;4BACxB,0BAA0B;4BAC1B,oBAAoB;4BACpB,sBAAsB;AACvB,yBAAA;AACD,wBAAA,QAAQ,EAAE,GAAG;AACd,qBAAA;AACF,iBAAA;AACF,aAAA;AACF,SAAA,CACF;QAED,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;QAE5D,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,aAAa,CAAC,GAAG,aAAa;;AAGtE;;;AAGG;IACK,0BAA0B,GAAA;QAChC,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,gBAAgB,CAC5C,IAAI,EACJ,sBAAsB,EACtB;YACE,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,IAAI,EAAE,iBAAiB,CAAC,OAAO;AAC/B,YAAA,WAAW,EACT,mEAAmE;YACrE,eAAe,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE;YAChD,eAAe,EAAE,CAAC,wCAAwC,CAAC;AAC3D,YAAA,YAAY,EAAE;AACZ,gBAAA,OAAO,EAAE,YAAY;AACrB,gBAAA,SAAS,EAAE;AACT,oBAAA;AACE,wBAAA,MAAM,EAAE,OAAO;AACf,wBAAA,MAAM,EAAE;4BACN,wBAAwB;4BACxB,wBAAwB;4BACxB,oBAAoB;4BACpB,yBAAyB;4BACzB,0BAA0B;4BAC1B,cAAc;4BACd,cAAc;4BACd,eAAe;AAChB,yBAAA;AACD,wBAAA,QAAQ,EAAE,GAAG;AACd,qBAAA;AACF,iBAAA;AACF,aAAA;AACF,SAAA,CACF;QAED,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;QAE5D,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,OAAO,CAAC,GAAG,aAAa;;AAGhE;;;AAGG;IACK,4BAA4B,GAAA;QAClC,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,gBAAgB,CAC5C,IAAI,EACJ,wBAAwB,EACxB;YACE,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,IAAI,EAAE,iBAAiB,CAAC,SAAS;AACjC,YAAA,WAAW,EACT,6DAA6D;YAC/D,eAAe,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE;AAChD,YAAA,eAAe,EAAE;gBACf,0DAA0D;AAC3D,aAAA;AACD,YAAA,YAAY,EAAE;AACZ,gBAAA,OAAO,EAAE,YAAY;AACrB,gBAAA,SAAS,EAAE;AACT,oBAAA;AACE,wBAAA,MAAM,EAAE,OAAO;AACf,wBAAA,MAAM,EAAE;4BACN,cAAc;4BACd,QAAQ;4BACR,UAAU;4BACV,cAAc;4BACd,YAAY;4BACZ,MAAM;4BACN,OAAO;4BACP,OAAO;4BACP,UAAU;4BACV,OAAO;4BACP,OAAO;4BACP,aAAa;AACd,yBAAA;AACD,wBAAA,QAAQ,EAAE,GAAG;AACd,qBAAA;AACD,oBAAA;AACE,wBAAA,MAAM,EAAE,MAAM;AACd,wBAAA,MAAM,EAAE;4BACN,YAAY;4BACZ,YAAY;4BACZ,cAAc;4BACd,iBAAiB;4BACjB,WAAW;AACZ,yBAAA;AACD,wBAAA,QAAQ,EAAE,GAAG;AACd,qBAAA;AACF,iBAAA;AACF,aAAA;AACF,SAAA,CACF;QAED,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;QAE5D,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,SAAS,CAAC,GAAG,aAAa;;AAGlE;;AAEG;AACI,IAAA,gBAAgB,CAAC,IAAuB,EAAA;AAC7C,QAAA,OAAO,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC;;AAGlC;;;AAGG;AACK,IAAA,8BAA8B,CAAC,KAA2B,EAAA;;AAEhE,QAAA,IAAI,CAAC,8BAA8B,CAAC,KAAK,CAAC;;AAG1C,QAAA,IAAI,CAAC,wBAAwB,CAAC,KAAK,CAAC;;AAGpC,QAAA,IAAI,CAAC,0BAA0B,CAAC,KAAK,CAAC;;AAGxC;;AAEG;AACK,IAAA,8BAA8B,CAAC,KAA2B,EAAA;AAChE,QAAA,MAAM,kBAAkB,GAAG,KAAK,CAAC,QAAQ,CAAC,cAAc;QACxD,MAAM,0BAA0B,GAC9B,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,aAAa,CAAC;;AAGtD,QAAA,MAAM,WAAW,GAAG;AAClB,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,WAAW;AAC/B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,UAAU;AAC9B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,UAAU;AAC9B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,UAAU;AAC9B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,OAAO;AAC3B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,QAAQ;AAC5B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,KAAK;SAC1B;;QAGD,WAAW,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,KAAK,KAAI;AACvC,YAAA,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,aAAa,CACtC,IAAI,EACJ,CAAA,uBAAA,EAA0B,KAAK,CAAA,CAAE,EACjC;gBACE,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,gBAAgB,EAAE,0BAA0B,CAAC,oBAAoB;AACjE,gBAAA,WAAW,EAAE,kBAAkB;AAC/B,gBAAA,aAAa,EAAE,OAAO;AACtB,gBAAA,QAAQ,EAAE,SAAS;AACnB,gBAAA,UAAU,EAAE,aAAa;AAC1B,aAAA,CACF;YAED,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;AACzD,YAAA,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,gBAAgB,CAAC;AACpD,SAAC,CAAC;;AAGJ;;AAEG;AACK,IAAA,wBAAwB,CAAC,KAA2B,EAAA;AAC1D,QAAA,MAAM,YAAY,GAAG,KAAK,CAAC,QAAQ,CAAC,QAAQ;QAC5C,MAAM,oBAAoB,GAAG,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,OAAO,CAAC;;AAG3E,QAAA,MAAM,eAAe,GAAG;AACtB,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,WAAW;AAC/B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,UAAU;AAC9B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,OAAO;AAC3B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,KAAK;SAC1B;;QAGD,eAAe,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,KAAK,KAAI;AAC3C,YAAA,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,aAAa,CACtC,IAAI,EACJ,CAAA,iBAAA,EAAoB,KAAK,CAAA,CAAE,EAC3B;gBACE,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,gBAAgB,EAAE,oBAAoB,CAAC,oBAAoB;AAC3D,gBAAA,WAAW,EAAE,YAAY;AACzB,gBAAA,aAAa,EAAE,OAAO;AACtB,gBAAA,QAAQ,EAAE,SAAS;AACnB,gBAAA,UAAU,EAAE,aAAa;AAC1B,aAAA,CACF;YAED,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;AACzD,YAAA,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,UAAU,CAAC;AAC9C,SAAC,CAAC;;AAGJ;;AAEG;AACK,IAAA,0BAA0B,CAAC,KAA2B,EAAA;AAC5D,QAAA,MAAM,cAAc,GAAG,KAAK,CAAC,QAAQ,CAAC,UAAU;QAChD,MAAM,sBAAsB,GAC1B,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,SAAS,CAAC;;AAGlD,QAAA,MAAM,iBAAiB,GAAG;AACxB,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,WAAW;AAC/B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,OAAO;AAC3B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,KAAK;SAC1B;;QAGD,iBAAiB,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,KAAK,KAAI;AAC7C,YAAA,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,aAAa,CACtC,IAAI,EACJ,CAAA,mBAAA,EAAsB,KAAK,CAAA,CAAE,EAC7B;gBACE,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,gBAAgB,EAAE,sBAAsB,CAAC,oBAAoB;AAC7D,gBAAA,WAAW,EAAE,cAAc;AAC3B,gBAAA,aAAa,EAAE,OAAO;AACtB,gBAAA,QAAQ,EAAE,SAAS;AACnB,gBAAA,UAAU,EAAE,aAAa;AAC1B,aAAA,CACF;YAED,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;AACzD,YAAA,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,YAAY,CAAC;AAChD,SAAC,CAAC;;AAEL;;AC7VK,MAAO,2BAA4B,SAAQ,eAAe,CAAA;AAC9D,IAAA,WAAA,CACE,KAAgB,EAChB,EAAE,GAAG,iBAAiB,EACtB,KAA4B,EAAA;AAE5B,QAAA,MAAM,YAAY,GAAyB;AACzC,YAAA,MAAM,EAAE,mBAAmB;AAC3B,YAAA,OAAO,EAAE,GAAG,CAAC,IAAI,CAAC,GAAG;AACrB,YAAA,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS;AAC/B,YAAA,GAAG,KAAK;SACT;AAED,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,YAAY,CAAC;;AAEjC;;;;"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@jaypie/constructs",
3
- "version": "1.1.18",
3
+ "version": "1.1.19",
4
4
  "description": "CDK constructs for Jaypie applications",
5
5
  "license": "MIT",
6
6
  "author": "Finlayson Studio",
@@ -46,5 +46,5 @@
46
46
  "publishConfig": {
47
47
  "access": "public"
48
48
  },
49
- "gitHead": "1026f2fc0b3f6ae0ca2e1b6495437364f1c4e6fe"
49
+ "gitHead": "c9a990f384f3f54486d6ef97c5c588c2b4a6ed02"
50
50
  }