@jaypie/constructs 1.1.19 → 1.1.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/cjs/JaypieSsoGroups.d.ts +28 -0
  2. package/dist/cjs/index.cjs +100 -70
  3. package/dist/cjs/index.cjs.map +1 -1
  4. package/dist/esm/JaypieSsoGroups.d.ts +28 -0
  5. package/dist/esm/index.js +100 -70
  6. package/dist/esm/index.js.map +1 -1
  7. package/package.json +2 -2
package/dist/cjs/JaypieSsoGroups.d.ts CHANGED
@@ -20,6 +20,15 @@ export interface JaypieSsoGroupMap {
20
20
  analysts: string;
21
21
  developers: string;
22
22
  }
23
+ /**
24
+ * IAM Policy Statement structure for inline policies
25
+ */
26
+ export interface PolicyStatement {
27
+ Effect: "Allow" | "Deny";
28
+ Action: string[] | string;
29
+ Resource: string[] | string;
30
+ Condition?: Record<string, unknown>;
31
+ }
23
32
  /**
24
33
  * Properties for the JaypieSsoGroups construct
25
34
  */
@@ -36,6 +45,16 @@ export interface JaypieSsoGroupsProps {
36
45
  * Mapping of group types to Google Workspace group GUIDs
37
46
  */
38
47
  groupMap: JaypieSsoGroupMap;
48
+ /**
49
+ * Additional inline policy statements to append to each group's permission set
50
+ * Each group can have its own set of policy statements that will be merged
51
+ * with the default policies.
52
+ */
53
+ inlinePolicyStatements?: {
54
+ administrators?: PolicyStatement[];
55
+ analysts?: PolicyStatement[];
56
+ developers?: PolicyStatement[];
57
+ };
39
58
  }
40
59
  /**
41
60
  * Permission set types with corresponding AWS managed policies
@@ -53,6 +72,7 @@ export declare enum PermissionSetType {
53
72
  export declare class JaypieSsoGroups extends Construct {
54
73
  private readonly permissionSets;
55
74
  private readonly instanceArn;
75
+ private readonly props;
56
76
  constructor(scope: Construct, id: string, props: JaypieSsoGroupsProps);
57
77
  /**
58
78
  * Creates the Administrator permission set with AdministratorAccess policy
@@ -73,6 +93,14 @@ export declare class JaypieSsoGroups extends Construct {
73
93
  * Gets the permission set for the specified type
74
94
  */
75
95
  getPermissionSet(type: PermissionSetType): sso.CfnPermissionSet;
96
+ /**
97
+ * Merges default inline policies with additional user-provided policy statements
98
+ *
99
+ * @param defaultPolicy - The default policy object with Version and Statement properties
100
+ * @param additionalStatements - Optional additional policy statements to merge
101
+ * @returns The merged policy object
102
+ */
103
+ private mergeInlinePolicies;
76
104
  /**
77
105
  * Creates assignments between permission sets, groups, and accounts
78
106
  * based on the provided configuration
package/dist/cjs/index.cjs CHANGED
@@ -494,6 +494,7 @@ class JaypieSsoGroups extends constructs.Construct {
494
494
  super(scope, id);
495
495
  this.permissionSets = {};
496
496
  this.instanceArn = props.instanceArn;
497
+ this.props = props;
497
498
  // Create the permission sets
498
499
  this.createAdministratorPermissionSet();
499
500
  this.createAnalystPermissionSet();
@@ -506,29 +507,32 @@ class JaypieSsoGroups extends constructs.Construct {
506
507
  * and billing access
507
508
  */
508
509
  createAdministratorPermissionSet() {
510
+ const defaultInlinePolicy = {
511
+ Version: "2012-10-17",
512
+ Statement: [
513
+ {
514
+ Effect: "Allow",
515
+ Action: [
516
+ "aws-portal:ViewBilling",
517
+ "aws-portal:ModifyBilling",
518
+ "aws-portal:ViewAccount",
519
+ "aws-portal:ModifyAccount",
520
+ "budgets:ViewBudget",
521
+ "budgets:ModifyBudget",
522
+ ],
523
+ Resource: "*",
524
+ },
525
+ ],
526
+ };
527
+ // Merge with any additional policy statements provided for administrators
528
+ const mergedPolicy = this.mergeInlinePolicies(defaultInlinePolicy, this.props?.inlinePolicyStatements?.administrators);
509
529
  const permissionSet = new sso__namespace.CfnPermissionSet(this, "AdministratorPermissionSet", {
510
530
  instanceArn: this.instanceArn,
511
531
  name: exports.PermissionSetType.ADMINISTRATOR,
512
532
  description: "Full administrative access to all AWS services and resources",
513
533
  sessionDuration: cdk.Duration.hours(8).toIsoString(),
514
534
  managedPolicies: ["arn:aws:iam::aws:policy/AdministratorAccess"],
515
- inlinePolicy: {
516
- Version: "2012-10-17",
517
- Statement: [
518
- {
519
- Effect: "Allow",
520
- Action: [
521
- "aws-portal:ViewBilling",
522
- "aws-portal:ModifyBilling",
523
- "aws-portal:ViewAccount",
524
- "aws-portal:ModifyAccount",
525
- "budgets:ViewBudget",
526
- "budgets:ModifyBudget",
527
- ],
528
- Resource: "*",
529
- },
530
- ],
531
- },
535
+ inlinePolicy: mergedPolicy,
532
536
  });
533
537
  cdk.Tags.of(permissionSet).add(cdk$1.CDK.TAG.SERVICE, cdk$1.CDK.SERVICE.SSO);
534
538
  this.permissionSets[exports.PermissionSetType.ADMINISTRATOR] = permissionSet;
@@ -538,31 +542,34 @@ class JaypieSsoGroups extends constructs.Construct {
538
542
  * and limited write access
539
543
  */
540
544
  createAnalystPermissionSet() {
545
+ const defaultInlinePolicy = {
546
+ Version: "2012-10-17",
547
+ Statement: [
548
+ {
549
+ Effect: "Allow",
550
+ Action: [
551
+ "aws-portal:ViewBilling",
552
+ "aws-portal:ViewAccount",
553
+ "budgets:ViewBudget",
554
+ "cloudwatch:PutDashboard",
555
+ "cloudwatch:PutMetricData",
556
+ "s3:PutObject",
557
+ "s3:GetObject",
558
+ "s3:ListBucket",
559
+ ],
560
+ Resource: "*",
561
+ },
562
+ ],
563
+ };
564
+ // Merge with any additional policy statements provided for analysts
565
+ const mergedPolicy = this.mergeInlinePolicies(defaultInlinePolicy, this.props?.inlinePolicyStatements?.analysts);
541
566
  const permissionSet = new sso__namespace.CfnPermissionSet(this, "AnalystPermissionSet", {
542
567
  instanceArn: this.instanceArn,
543
568
  name: exports.PermissionSetType.ANALYST,
544
569
  description: "Read-only access with billing visibility and limited write access",
545
570
  sessionDuration: cdk.Duration.hours(4).toIsoString(),
546
571
  managedPolicies: ["arn:aws:iam::aws:policy/ReadOnlyAccess"],
547
- inlinePolicy: {
548
- Version: "2012-10-17",
549
- Statement: [
550
- {
551
- Effect: "Allow",
552
- Action: [
553
- "aws-portal:ViewBilling",
554
- "aws-portal:ViewAccount",
555
- "budgets:ViewBudget",
556
- "cloudwatch:PutDashboard",
557
- "cloudwatch:PutMetricData",
558
- "s3:PutObject",
559
- "s3:GetObject",
560
- "s3:ListBucket",
561
- ],
562
- Resource: "*",
563
- },
564
- ],
565
- },
572
+ inlinePolicy: mergedPolicy,
566
573
  });
567
574
  cdk.Tags.of(permissionSet).add(cdk$1.CDK.TAG.SERVICE, cdk$1.CDK.SERVICE.SSO);
568
575
  this.permissionSets[exports.PermissionSetType.ANALYST] = permissionSet;
@@ -572,6 +579,42 @@ class JaypieSsoGroups extends constructs.Construct {
572
579
  * and expanded write access
573
580
  */
574
581
  createDeveloperPermissionSet() {
582
+ const defaultInlinePolicy = {
583
+ Version: "2012-10-17",
584
+ Statement: [
585
+ {
586
+ Effect: "Allow",
587
+ Action: [
588
+ "cloudwatch:*",
589
+ "logs:*",
590
+ "lambda:*",
591
+ "apigateway:*",
592
+ "dynamodb:*",
593
+ "s3:*",
594
+ "sns:*",
595
+ "sqs:*",
596
+ "events:*",
597
+ "ecr:*",
598
+ "ecs:*",
599
+ "codebuild:*",
600
+ ],
601
+ Resource: "*",
602
+ },
603
+ {
604
+ Effect: "Deny",
605
+ Action: [
606
+ "iam:*User*",
607
+ "iam:*Role*",
608
+ "iam:*Policy*",
609
+ "organizations:*",
610
+ "account:*",
611
+ ],
612
+ Resource: "*",
613
+ },
614
+ ],
615
+ };
616
+ // Merge with any additional policy statements provided for developers
617
+ const mergedPolicy = this.mergeInlinePolicies(defaultInlinePolicy, this.props?.inlinePolicyStatements?.developers);
575
618
  const permissionSet = new sso__namespace.CfnPermissionSet(this, "DeveloperPermissionSet", {
576
619
  instanceArn: this.instanceArn,
577
620
  name: exports.PermissionSetType.DEVELOPER,
@@ -580,40 +623,7 @@ class JaypieSsoGroups extends constructs.Construct {
580
623
  managedPolicies: [
581
624
  "arn:aws:iam::aws:policy/job-function/SystemAdministrator",
582
625
  ],
583
- inlinePolicy: {
584
- Version: "2012-10-17",
585
- Statement: [
586
- {
587
- Effect: "Allow",
588
- Action: [
589
- "cloudwatch:*",
590
- "logs:*",
591
- "lambda:*",
592
- "apigateway:*",
593
- "dynamodb:*",
594
- "s3:*",
595
- "sns:*",
596
- "sqs:*",
597
- "events:*",
598
- "ecr:*",
599
- "ecs:*",
600
- "codebuild:*",
601
- ],
602
- Resource: "*",
603
- },
604
- {
605
- Effect: "Deny",
606
- Action: [
607
- "iam:*User*",
608
- "iam:*Role*",
609
- "iam:*Policy*",
610
- "organizations:*",
611
- "account:*",
612
- ],
613
- Resource: "*",
614
- },
615
- ],
616
- },
626
+ inlinePolicy: mergedPolicy,
617
627
  });
618
628
  cdk.Tags.of(permissionSet).add(cdk$1.CDK.TAG.SERVICE, cdk$1.CDK.SERVICE.SSO);
619
629
  this.permissionSets[exports.PermissionSetType.DEVELOPER] = permissionSet;
@@ -624,6 +634,26 @@ class JaypieSsoGroups extends constructs.Construct {
624
634
  getPermissionSet(type) {
625
635
  return this.permissionSets[type];
626
636
  }
637
+ /**
638
+ * Merges default inline policies with additional user-provided policy statements
639
+ *
640
+ * @param defaultPolicy - The default policy object with Version and Statement properties
641
+ * @param additionalStatements - Optional additional policy statements to merge
642
+ * @returns The merged policy object
643
+ */
644
+ mergeInlinePolicies(defaultPolicy, additionalStatements) {
645
+ if (!additionalStatements || additionalStatements.length === 0) {
646
+ return defaultPolicy;
647
+ }
648
+ // Create a deep copy of the default policy to avoid modifying the original
649
+ const mergedPolicy = JSON.parse(JSON.stringify(defaultPolicy));
650
+ // Add the additional statements to the existing statements
651
+ mergedPolicy.Statement = [
652
+ ...mergedPolicy.Statement,
653
+ ...additionalStatements,
654
+ ];
655
+ return mergedPolicy;
656
+ }
627
657
  /**
628
658
  * Creates assignments between permission sets, groups, and accounts
629
659
  * based on the provided configuration
package/dist/cjs/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.cjs","sources":["../../../src/JaypieEnvSecret.ts","../../../src/JaypieHostedZone.ts","../../../src/JaypieMongoDbSecret.ts","../../../src/JaypieOpenAiSecret.ts","../../../src/JaypieQueuedLambda.ts","../../../src/JaypieSsoGroups.ts","../../../src/JaypieTraceSigningKeySecret.ts"],"sourcesContent":["import { Construct } from \"constructs\";\nimport {\n CfnOutput,\n Fn,\n SecretValue,\n Tags,\n RemovalPolicy,\n Stack,\n} from \"aws-cdk-lib\";\nimport * as secretsmanager from \"aws-cdk-lib/aws-secretsmanager\";\nimport { CDK } from \"@jaypie/cdk\";\nimport {\n ISecret,\n ISecretAttachmentTarget,\n RotationSchedule,\n RotationScheduleOptions,\n} from \"aws-cdk-lib/aws-secretsmanager\";\nimport { IKey } from \"aws-cdk-lib/aws-kms\";\nimport {\n Grant,\n IGrantable,\n PolicyStatement,\n AddToResourcePolicyResult,\n} from \"aws-cdk-lib/aws-iam\";\n\n// It is a consumer if the environment is ephemeral\nfunction checkEnvIsConsumer(env = process.env): boolean {\n return (\n env.PROJECT_ENV === CDK.ENV.PERSONAL ||\n !!env.CDK_ENV_PERSONAL ||\n /** @deprecated */ env.PROJECT_ENV === \"ephemeral\" ||\n /** @deprecated */ !!env.CDK_ENV_EPHEMERAL\n );\n}\n\nfunction checkEnvIsProvider(env = process.env): boolean {\n return env.PROJECT_ENV === CDK.ENV.SANDBOX;\n}\n\nfunction cleanName(name: string): string {\n return name.replace(/[^a-zA-Z0-9:-]/g, \"\");\n}\n\nfunction exportEnvName(name: string, env = process.env): string {\n let rawName;\n if (checkEnvIsProvider(env)) {\n rawName = `env-${env.PROJECT_ENV}-${env.PROJECT_KEY}-${name}`;\n // Clean the entire name to only allow alphanumeric, colons, and hyphens\n return cleanName(rawName);\n } else {\n if (checkEnvIsConsumer(env)) {\n rawName = `env-${CDK.ENV.SANDBOX}-${env.PROJECT_KEY}-${name}`;\n } else {\n rawName = `env-${env.PROJECT_ENV}-${env.PROJECT_KEY}-${name}`;\n }\n }\n return cleanName(rawName);\n}\n\nexport interface JaypieEnvSecretProps {\n consumer?: boolean;\n envKey?: string;\n export?: string;\n provider?: boolean;\n roleTag?: string;\n vendorTag?: string;\n value?: string;\n}\n\nexport class JaypieEnvSecret extends Construct implements ISecret {\n private readonly _envKey?: string;\n private readonly _secret: secretsmanager.ISecret;\n\n constructor(scope: Construct, id: string, props?: JaypieEnvSecretProps) {\n super(scope, id);\n\n const {\n consumer = checkEnvIsConsumer(),\n envKey,\n export: exportParam,\n provider = checkEnvIsProvider(),\n roleTag,\n vendorTag,\n value,\n } = props || {};\n\n this._envKey = envKey;\n\n let exportName;\n\n if (!exportParam) {\n exportName = exportEnvName(id);\n } else {\n exportName = cleanName(exportParam);\n }\n\n if (consumer) {\n const secretName = Fn.importValue(exportName);\n this._secret = secretsmanager.Secret.fromSecretNameV2(\n this,\n id,\n secretName,\n );\n\n // Add CfnOutput for consumer secrets\n new CfnOutput(this, `ConsumedName`, {\n value: this._secret.secretName,\n });\n } else {\n const secretValue =\n envKey && process.env[envKey] ? process.env[envKey] : value;\n\n const secretProps: secretsmanager.SecretProps = {\n secretStringValue: secretValue\n ? SecretValue.unsafePlainText(secretValue)\n : undefined,\n };\n\n this._secret = new secretsmanager.Secret(this, id, secretProps);\n\n if (roleTag) {\n Tags.of(this._secret).add(CDK.TAG.ROLE, roleTag);\n }\n\n if (vendorTag) {\n Tags.of(this._secret).add(CDK.TAG.VENDOR, vendorTag);\n }\n\n if (provider) {\n new CfnOutput(this, `ProvidedName`, {\n value: this._secret.secretName,\n exportName,\n });\n } else {\n new CfnOutput(this, `CreatedName`, {\n value: this._secret.secretName,\n });\n }\n }\n }\n\n // IResource implementation\n public get stack(): Stack {\n return Stack.of(this);\n }\n\n public get env(): { account: string; region: string } {\n return {\n account: Stack.of(this).account,\n region: Stack.of(this).region,\n };\n }\n\n public applyRemovalPolicy(policy: RemovalPolicy): void {\n this._secret.applyRemovalPolicy(policy);\n }\n\n // ISecret implementation\n public get secretArn(): string {\n return this._secret.secretArn;\n }\n\n public get secretName(): string {\n return this._secret.secretName;\n }\n\n public get secretFullArn(): string | undefined {\n return this._secret.secretFullArn;\n }\n\n public get encryptionKey(): IKey | undefined {\n return this._secret.encryptionKey;\n }\n\n public get secretValue(): SecretValue {\n return this._secret.secretValue;\n }\n\n public secretValueFromJson(key: string): SecretValue {\n return this._secret.secretValueFromJson(key);\n }\n\n public grantRead(grantee: IGrantable, versionStages?: string[]): Grant {\n return this._secret.grantRead(grantee, versionStages);\n }\n\n public grantWrite(grantee: IGrantable): Grant {\n return this._secret.grantWrite(grantee);\n }\n\n public addRotationSchedule(\n id: string,\n options: RotationScheduleOptions,\n ): RotationSchedule {\n return this._secret.addRotationSchedule(id, options);\n }\n\n public addToResourcePolicy(\n statement: PolicyStatement,\n ): AddToResourcePolicyResult {\n return this._secret.addToResourcePolicy(statement);\n }\n\n public denyAccountRootDelete(): void {\n this._secret.denyAccountRootDelete();\n }\n\n public attach(target: ISecretAttachmentTarget): ISecret {\n return this._secret.attach(target);\n }\n\n public get envKey(): string | undefined {\n return this._envKey;\n }\n}\n","import { CDK } from \"@jaypie/cdk\";\nimport * as cdk from \"aws-cdk-lib\";\nimport { ServicePrincipal } from \"aws-cdk-lib/aws-iam\";\nimport {\n LogGroup,\n FilterPattern,\n RetentionDays,\n ILogGroup,\n} from \"aws-cdk-lib/aws-logs\";\nimport { HostedZone, IHostedZone } from \"aws-cdk-lib/aws-route53\";\nimport { Construct } from \"constructs\";\nimport { LambdaDestination } from \"aws-cdk-lib/aws-logs-destinations\";\n\nconst SERVICE = {\n ROUTE53: \"route53.amazonaws.com\",\n} as const;\n\ninterface JaypieHostedZoneProps {\n /**\n * The domain name for the hosted zone\n */\n zoneName: string;\n /**\n * The service tag value\n * @default CDK.SERVICE.INFRASTRUCTURE\n */\n service?: string;\n /**\n * Optional project tag value\n */\n project?: string;\n /**\n * Optional log destination\n */\n destination?: LambdaDestination;\n}\n\nexport class JaypieHostedZone extends Construct {\n public readonly hostedZone: IHostedZone;\n public readonly logGroup: ILogGroup;\n\n /**\n * Create a new hosted zone with query logging\n */\n constructor(scope: Construct, id: string, props: JaypieHostedZoneProps) {\n super(scope, id);\n\n const { destination, zoneName, project } = props;\n const service = props.service || CDK.SERVICE.INFRASTRUCTURE;\n\n // Create the log group\n this.logGroup = new LogGroup(this, \"LogGroup\", {\n logGroupName: process.env.PROJECT_NONCE\n ? `/aws/route53/${zoneName}-${process.env.PROJECT_NONCE}`\n : `/aws/route53/${zoneName}`,\n retention: RetentionDays.ONE_WEEK,\n });\n\n // Add tags\n cdk.Tags.of(this.logGroup).add(CDK.TAG.SERVICE, service);\n cdk.Tags.of(this.logGroup).add(CDK.TAG.ROLE, CDK.ROLE.NETWORKING);\n if (project) {\n cdk.Tags.of(this.logGroup).add(CDK.TAG.PROJECT, project);\n }\n\n // Grant Route 53 permissions to write to the log group\n this.logGroup.grantWrite(new ServicePrincipal(SERVICE.ROUTE53));\n\n // Add destination if provided\n if (destination) {\n this.logGroup.addSubscriptionFilter(\"DatadogLambdaDestination\", {\n destination,\n filterPattern: FilterPattern.allEvents(),\n });\n }\n\n // Create the hosted zone\n this.hostedZone = new HostedZone(this, \"HostedZone\", {\n queryLogsLogGroupArn: this.logGroup.logGroupArn,\n zoneName,\n });\n\n // Add tags\n cdk.Tags.of(this.hostedZone).add(CDK.TAG.SERVICE, service);\n cdk.Tags.of(this.hostedZone).add(CDK.TAG.ROLE, CDK.ROLE.NETWORKING);\n if (project) {\n cdk.Tags.of(this.hostedZone).add(CDK.TAG.PROJECT, project);\n }\n }\n}\n","import { Construct } from \"constructs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport { JaypieEnvSecret, JaypieEnvSecretProps } from \"./JaypieEnvSecret\";\n\nexport class JaypieMongoDbSecret extends JaypieEnvSecret {\n constructor(\n scope: Construct,\n id = \"MongoConnectionString\",\n props?: JaypieEnvSecretProps,\n ) {\n const defaultProps: JaypieEnvSecretProps = {\n envKey: \"MONGODB_URI\",\n roleTag: CDK.ROLE.STORAGE,\n vendorTag: CDK.VENDOR.MONGODB,\n ...props,\n };\n\n super(scope, id, defaultProps);\n }\n}\n","import { Construct } from \"constructs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport { JaypieEnvSecret, JaypieEnvSecretProps } from \"./JaypieEnvSecret\";\n\nexport class JaypieOpenAiSecret extends JaypieEnvSecret {\n constructor(\n scope: Construct,\n id = \"OpenAiApiKey\",\n props?: JaypieEnvSecretProps,\n ) {\n const defaultProps: JaypieEnvSecretProps = {\n envKey: \"OPENAI_API_KEY\",\n roleTag: CDK.ROLE.PROCESSING,\n vendorTag: CDK.VENDOR.OPENAI,\n ...props,\n };\n\n super(scope, id, defaultProps);\n }\n}\n","import { Construct } from \"constructs\";\nimport { Duration, Tags, Stack, RemovalPolicy } from \"aws-cdk-lib\";\nimport * as lambda from \"aws-cdk-lib/aws-lambda\";\nimport * as sqs from \"aws-cdk-lib/aws-sqs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport * as lambdaEventSources from \"aws-cdk-lib/aws-lambda-event-sources\";\nimport * as iam from \"aws-cdk-lib/aws-iam\";\nimport * as cloudwatch from \"aws-cdk-lib/aws-cloudwatch\";\nimport * as kms from \"aws-cdk-lib/aws-kms\";\nimport * as secretsmanager from \"aws-cdk-lib/aws-secretsmanager\";\nimport { JaypieEnvSecret } from \"./JaypieEnvSecret.js\";\n\nexport interface JaypieQueuedLambdaProps {\n batchSize?: number;\n code: lambda.Code | string;\n environment?: { [key: string]: string };\n envSecrets?: { [key: string]: secretsmanager.ISecret };\n fifo?: boolean;\n handler: string;\n layers?: lambda.ILayerVersion[];\n logRetention?: number;\n memorySize?: number;\n paramsAndSecrets?: lambda.ParamsAndSecretsLayerVersion;\n reservedConcurrentExecutions?: number;\n roleTag?: string;\n runtime?: lambda.Runtime;\n secrets?: JaypieEnvSecret[];\n timeout?: Duration | number;\n vendorTag?: string;\n visibilityTimeout?: Duration | number;\n}\n\nexport class JaypieQueuedLambda\n extends Construct\n implements lambda.IFunction, sqs.IQueue\n{\n private readonly _queue: sqs.Queue;\n private readonly _lambda: lambda.Function;\n private readonly _code: lambda.Code;\n\n constructor(scope: Construct, id: string, props: JaypieQueuedLambdaProps) {\n super(scope, id);\n\n const {\n batchSize = 1,\n code,\n environment = {},\n envSecrets = {},\n fifo = true,\n handler = \"index.handler\",\n layers = [],\n logRetention = CDK.LAMBDA.LOG_RETENTION,\n memorySize = CDK.LAMBDA.MEMORY_SIZE,\n paramsAndSecrets,\n reservedConcurrentExecutions,\n roleTag,\n runtime = lambda.Runtime.NODEJS_20_X,\n secrets = [],\n timeout = Duration.seconds(CDK.DURATION.LAMBDA_WORKER),\n vendorTag,\n visibilityTimeout = Duration.seconds(CDK.DURATION.LAMBDA_WORKER),\n } = props;\n\n this._code = typeof code === \"string\" ? lambda.Code.fromAsset(code) : code;\n\n // Create SQS Queue\n this._queue = new sqs.Queue(this, \"Queue\", {\n fifo,\n visibilityTimeout:\n typeof visibilityTimeout === \"number\"\n ? Duration.seconds(visibilityTimeout)\n : visibilityTimeout,\n });\n if (roleTag) {\n Tags.of(this._queue).add(CDK.TAG.ROLE, roleTag);\n }\n if (vendorTag) {\n Tags.of(this._queue).add(CDK.TAG.VENDOR, vendorTag);\n }\n\n // Process secrets environment variables\n const secretsEnvironment = Object.entries(envSecrets).reduce(\n (acc, [key, secret]) => ({\n ...acc,\n [`SECRET_${key}`]: secret.secretName,\n }),\n {},\n );\n\n // Process JaypieEnvSecret array\n const jaypieSecretsEnvironment = secrets.reduce((acc, secret) => {\n if (secret.envKey) {\n return {\n ...acc,\n [`SECRET_${secret.envKey}`]: secret.secretName,\n };\n }\n return acc;\n }, {});\n\n // Create Lambda Function\n this._lambda = new lambda.Function(this, \"Function\", {\n code: this._code,\n environment: {\n CDK_ENV_QUEUE_URL: this._queue.queueUrl,\n ...environment,\n ...secretsEnvironment,\n ...jaypieSecretsEnvironment,\n },\n handler,\n layers,\n logRetention,\n memorySize,\n paramsAndSecrets,\n reservedConcurrentExecutions,\n runtime,\n timeout:\n typeof timeout === \"number\" ? Duration.seconds(timeout) : timeout,\n });\n\n // Grant secret read permissions\n Object.values(envSecrets).forEach((secret) => {\n secret.grantRead(this._lambda);\n });\n\n // Grant read permissions for JaypieEnvSecrets\n secrets.forEach((secret) => {\n secret.grantRead(this);\n secret.grantRead(this._lambda);\n });\n\n this._queue.grantConsumeMessages(this._lambda);\n this._queue.grantSendMessages(this._lambda);\n this._lambda.addEventSource(\n new lambdaEventSources.SqsEventSource(this._queue, {\n batchSize,\n }),\n );\n if (roleTag) {\n Tags.of(this._lambda).add(CDK.TAG.ROLE, roleTag);\n }\n if (vendorTag) {\n Tags.of(this._lambda).add(CDK.TAG.VENDOR, vendorTag);\n }\n }\n\n // Public accessors\n public get queue(): sqs.Queue {\n return this._queue;\n }\n\n public get lambda(): lambda.Function {\n return this._lambda;\n }\n\n public get code(): lambda.Code {\n return this._code;\n }\n\n // IFunction implementation\n public get functionArn(): string {\n return this._lambda.functionArn;\n }\n\n public get functionName(): string {\n return this._lambda.functionName;\n }\n\n public get grantPrincipal(): import(\"aws-cdk-lib/aws-iam\").IPrincipal {\n return this._lambda.grantPrincipal;\n }\n\n public get role(): import(\"aws-cdk-lib/aws-iam\").IRole | undefined {\n return this._lambda.role;\n }\n\n public get architecture(): lambda.Architecture {\n return this._lambda.architecture;\n }\n\n public get connections(): import(\"aws-cdk-lib/aws-ec2\").Connections {\n return this._lambda.connections;\n }\n\n public get isBoundToVpc(): boolean {\n return this._lambda.isBoundToVpc;\n }\n\n public get latestVersion(): lambda.IVersion {\n return this._lambda.latestVersion;\n }\n\n public get permissionsNode(): import(\"constructs\").Node {\n return this._lambda.permissionsNode;\n }\n\n public get resourceArnsForGrantInvoke(): string[] {\n return this._lambda.resourceArnsForGrantInvoke;\n }\n\n public addEventSource(source: lambda.IEventSource): void {\n this._lambda.addEventSource(source);\n }\n\n public addEventSourceMapping(\n id: string,\n options: lambda.EventSourceMappingOptions,\n ): lambda.EventSourceMapping {\n return this._lambda.addEventSourceMapping(id, options);\n }\n\n public addFunctionUrl(\n options?: lambda.FunctionUrlOptions,\n ): lambda.FunctionUrl {\n return this._lambda.addFunctionUrl(options);\n }\n\n public addPermission(id: string, permission: lambda.Permission): void {\n this._lambda.addPermission(id, permission);\n }\n\n public addToRolePolicy(\n statement: import(\"aws-cdk-lib/aws-iam\").PolicyStatement,\n ): void {\n this._lambda.addToRolePolicy(statement);\n }\n\n public configureAsyncInvoke(options: lambda.EventInvokeConfigOptions): void {\n this._lambda.configureAsyncInvoke(options);\n }\n\n public grantInvoke(\n grantee: import(\"aws-cdk-lib/aws-iam\").IGrantable,\n ): import(\"aws-cdk-lib/aws-iam\").Grant {\n return this._lambda.grantInvoke(grantee);\n }\n\n public grantInvokeCompositePrincipal(\n compositePrincipal: import(\"aws-cdk-lib/aws-iam\").CompositePrincipal,\n ): import(\"aws-cdk-lib/aws-iam\").Grant[] {\n return this._lambda.grantInvokeCompositePrincipal(compositePrincipal);\n }\n\n public grantInvokeUrl(\n grantee: import(\"aws-cdk-lib/aws-iam\").IGrantable,\n ): import(\"aws-cdk-lib/aws-iam\").Grant {\n return this._lambda.grantInvokeUrl(grantee);\n }\n\n public metric(\n metricName: string,\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metric(metricName, props);\n }\n\n public metricDuration(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricDuration(props);\n }\n\n public metricErrors(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricErrors(props);\n }\n\n public metricInvocations(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricInvocations(props);\n }\n\n public metricThrottles(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricThrottles(props);\n }\n\n // Additional IFunction implementation\n public grantInvokeLatestVersion(grantee: iam.IGrantable): iam.Grant {\n return this._lambda.grantInvokeLatestVersion(grantee);\n }\n\n public grantInvokeVersion(\n grantee: iam.IGrantable,\n version: lambda.Version,\n ): iam.Grant {\n return this._lambda.grantInvokeVersion(grantee, version);\n }\n\n public get env() {\n return {\n account: Stack.of(this).account,\n region: Stack.of(this).region,\n };\n }\n\n public get stack(): Stack {\n return this._lambda.stack;\n }\n\n public applyRemovalPolicy(policy: RemovalPolicy): void {\n this._lambda.applyRemovalPolicy(policy);\n this._queue.applyRemovalPolicy(policy);\n }\n\n // IQueue implementation\n public get fifo(): boolean {\n return this._queue.fifo;\n }\n\n public get queueArn(): string {\n return this._queue.queueArn;\n }\n\n public get queueName(): string {\n return this._queue.queueName;\n }\n\n public get queueUrl(): string {\n return this._queue.queueUrl;\n }\n\n public get encryptionMasterKey(): kms.IKey | undefined {\n return this._queue.encryptionMasterKey;\n }\n\n public addToResourcePolicy(\n statement: iam.PolicyStatement,\n ): iam.AddToResourcePolicyResult {\n return this._queue.addToResourcePolicy(statement);\n }\n\n public grant(grantee: iam.IGrantable, ...actions: string[]): iam.Grant {\n return this._queue.grant(grantee, ...actions);\n }\n\n public grantConsumeMessages(grantee: iam.IGrantable): iam.Grant {\n return this._queue.grantConsumeMessages(grantee);\n }\n\n public grantPurge(grantee: iam.IGrantable): iam.Grant {\n return this._queue.grantPurge(grantee);\n }\n\n public grantSendMessages(grantee: iam.IGrantable): iam.Grant {\n return this._queue.grantSendMessages(grantee);\n }\n\n // Queue metrics\n public metricApproximateAgeOfOldestMessage(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateAgeOfOldestMessage(props);\n }\n\n public metricApproximateNumberOfMessagesDelayed(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateNumberOfMessagesDelayed(props);\n }\n\n public metricApproximateNumberOfMessagesNotVisible(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateNumberOfMessagesNotVisible(props);\n }\n\n public metricApproximateNumberOfMessagesVisible(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateNumberOfMessagesVisible(props);\n }\n\n public metricNumberOfEmptyReceives(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfEmptyReceives(props);\n }\n\n public metricNumberOfMessagesDeleted(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfMessagesDeleted(props);\n }\n\n public metricNumberOfMessagesReceived(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfMessagesReceived(props);\n }\n\n public metricNumberOfMessagesSent(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfMessagesSent(props);\n }\n\n public metricSentMessageSize(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricSentMessageSize(props);\n }\n}\n","import { Construct } from \"constructs\";\nimport { Tags, Duration } from \"aws-cdk-lib\";\nimport * as sso from \"aws-cdk-lib/aws-sso\";\nimport { CDK } from \"@jaypie/cdk\";\n\n/**\n * Account categories for SSO group assignments\n */\nexport interface JaypieSsoAccountMap {\n development: string[];\n management: string[];\n operations: string[];\n production: string[];\n sandbox: string[];\n security: string[];\n stage: string[];\n}\n\n/**\n * Mapping of group types to Google Workspace group GUIDs\n */\nexport interface JaypieSsoGroupMap {\n administrators: string;\n analysts: string;\n developers: string;\n}\n\n/**\n * Properties for the JaypieSsoGroups construct\n */\nexport interface JaypieSsoGroupsProps {\n /**\n * ARN of the IAM Identity Center instance\n */\n instanceArn: string;\n\n /**\n * Mapping of account categories to AWS account IDs\n */\n accountMap: JaypieSsoAccountMap;\n\n /**\n * Mapping of group types to Google Workspace group GUIDs\n */\n groupMap: JaypieSsoGroupMap;\n}\n\n/**\n * Permission set types with corresponding AWS managed policies\n */\nexport enum PermissionSetType {\n ADMINISTRATOR = \"Administrator\",\n ANALYST = \"Analyst\",\n DEVELOPER = \"Developer\",\n}\n\n/**\n * Construct to simplify AWS SSO group management.\n * This construct encapsulates the complexity of creating permission sets\n * and assigning them to groups across multiple AWS accounts.\n */\nexport class JaypieSsoGroups extends Construct {\n private readonly permissionSets: Record<\n PermissionSetType,\n sso.CfnPermissionSet\n > = {} as Record<PermissionSetType, sso.CfnPermissionSet>;\n private readonly instanceArn: string;\n\n constructor(scope: Construct, id: string, props: JaypieSsoGroupsProps) {\n super(scope, id);\n\n this.instanceArn = props.instanceArn;\n\n // Create the permission sets\n this.createAdministratorPermissionSet();\n this.createAnalystPermissionSet();\n this.createDeveloperPermissionSet();\n\n // Create the assignments\n this.createPermissionSetAssignments(props);\n }\n\n /**\n * Creates the Administrator permission set with AdministratorAccess policy\n * and billing access\n */\n private createAdministratorPermissionSet(): void {\n const permissionSet = new sso.CfnPermissionSet(\n this,\n \"AdministratorPermissionSet\",\n {\n instanceArn: this.instanceArn,\n name: PermissionSetType.ADMINISTRATOR,\n description:\n \"Full administrative access to all AWS services and resources\",\n sessionDuration: Duration.hours(8).toIsoString(),\n managedPolicies: [\"arn:aws:iam::aws:policy/AdministratorAccess\"],\n inlinePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Effect: \"Allow\",\n Action: [\n \"aws-portal:ViewBilling\",\n \"aws-portal:ModifyBilling\",\n \"aws-portal:ViewAccount\",\n \"aws-portal:ModifyAccount\",\n \"budgets:ViewBudget\",\n \"budgets:ModifyBudget\",\n ],\n Resource: \"*\",\n },\n ],\n },\n },\n );\n\n Tags.of(permissionSet).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n\n this.permissionSets[PermissionSetType.ADMINISTRATOR] = permissionSet;\n }\n\n /**\n * Creates the Analyst permission set with ReadOnlyAccess policy\n * and limited write access\n */\n private createAnalystPermissionSet(): void {\n const permissionSet = new sso.CfnPermissionSet(\n this,\n \"AnalystPermissionSet\",\n {\n instanceArn: this.instanceArn,\n name: PermissionSetType.ANALYST,\n description:\n \"Read-only access with billing visibility and limited write access\",\n sessionDuration: Duration.hours(4).toIsoString(),\n managedPolicies: [\"arn:aws:iam::aws:policy/ReadOnlyAccess\"],\n inlinePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Effect: \"Allow\",\n Action: [\n \"aws-portal:ViewBilling\",\n \"aws-portal:ViewAccount\",\n \"budgets:ViewBudget\",\n \"cloudwatch:PutDashboard\",\n \"cloudwatch:PutMetricData\",\n \"s3:PutObject\",\n \"s3:GetObject\",\n \"s3:ListBucket\",\n ],\n Resource: \"*\",\n },\n ],\n },\n },\n );\n\n Tags.of(permissionSet).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n\n this.permissionSets[PermissionSetType.ANALYST] = permissionSet;\n }\n\n /**\n * Creates the Developer permission set with SystemAdministrator policy\n * and expanded write access\n */\n private createDeveloperPermissionSet(): void {\n const permissionSet = new sso.CfnPermissionSet(\n this,\n \"DeveloperPermissionSet\",\n {\n instanceArn: this.instanceArn,\n name: PermissionSetType.DEVELOPER,\n description:\n \"System administrator access with expanded write permissions\",\n sessionDuration: Duration.hours(8).toIsoString(),\n managedPolicies: [\n \"arn:aws:iam::aws:policy/job-function/SystemAdministrator\",\n ],\n inlinePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Effect: \"Allow\",\n Action: [\n \"cloudwatch:*\",\n \"logs:*\",\n \"lambda:*\",\n \"apigateway:*\",\n \"dynamodb:*\",\n \"s3:*\",\n \"sns:*\",\n \"sqs:*\",\n \"events:*\",\n \"ecr:*\",\n \"ecs:*\",\n \"codebuild:*\",\n ],\n Resource: \"*\",\n },\n {\n Effect: \"Deny\",\n Action: [\n \"iam:*User*\",\n \"iam:*Role*\",\n \"iam:*Policy*\",\n \"organizations:*\",\n \"account:*\",\n ],\n Resource: \"*\",\n },\n ],\n },\n },\n );\n\n Tags.of(permissionSet).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n\n this.permissionSets[PermissionSetType.DEVELOPER] = permissionSet;\n }\n\n /**\n * Gets the permission set for the specified type\n */\n public getPermissionSet(type: PermissionSetType): sso.CfnPermissionSet {\n return this.permissionSets[type];\n }\n\n /**\n * Creates assignments between permission sets, groups, and accounts\n * based on the provided configuration\n */\n private createPermissionSetAssignments(props: JaypieSsoGroupsProps): void {\n // Administrator assignments\n this.assignAdministratorPermissions(props);\n\n // Analyst assignments\n this.assignAnalystPermissions(props);\n\n // Developer assignments\n this.assignDeveloperPermissions(props);\n }\n\n /**\n * Assigns Administrator permissions to appropriate accounts\n */\n private assignAdministratorPermissions(props: JaypieSsoGroupsProps): void {\n const administratorGroup = props.groupMap.administrators;\n const administratorPermissionSet =\n this.permissionSets[PermissionSetType.ADMINISTRATOR];\n\n // Administrators get access to all accounts\n const allAccounts = [\n ...props.accountMap.development,\n ...props.accountMap.management,\n ...props.accountMap.operations,\n ...props.accountMap.production,\n ...props.accountMap.sandbox,\n ...props.accountMap.security,\n ...props.accountMap.stage,\n ];\n\n // Create assignments for each account\n allAccounts.forEach((accountId, index) => {\n const assignment = new sso.CfnAssignment(\n this,\n `AdministratorAssignment${index}`,\n {\n instanceArn: this.instanceArn,\n permissionSetArn: administratorPermissionSet.attrPermissionSetArn,\n principalId: administratorGroup,\n principalType: \"GROUP\",\n targetId: accountId,\n targetType: \"AWS_ACCOUNT\",\n },\n );\n\n Tags.of(assignment).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n Tags.of(assignment).add(\"Group\", \"administrators\");\n });\n }\n\n /**\n * Assigns Analyst permissions to appropriate accounts\n */\n private assignAnalystPermissions(props: JaypieSsoGroupsProps): void {\n const analystGroup = props.groupMap.analysts;\n const analystPermissionSet = this.permissionSets[PermissionSetType.ANALYST];\n\n // Analysts get access to development, management, sandbox, and stage accounts\n const analystAccounts = [\n ...props.accountMap.development,\n ...props.accountMap.management,\n ...props.accountMap.sandbox,\n ...props.accountMap.stage,\n ];\n\n // Create assignments for each account\n analystAccounts.forEach((accountId, index) => {\n const assignment = new sso.CfnAssignment(\n this,\n `AnalystAssignment${index}`,\n {\n instanceArn: this.instanceArn,\n permissionSetArn: analystPermissionSet.attrPermissionSetArn,\n principalId: analystGroup,\n principalType: \"GROUP\",\n targetId: accountId,\n targetType: \"AWS_ACCOUNT\",\n },\n );\n\n Tags.of(assignment).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n Tags.of(assignment).add(\"Group\", \"analysts\");\n });\n }\n\n /**\n * Assigns Developer permissions to appropriate accounts\n */\n private assignDeveloperPermissions(props: JaypieSsoGroupsProps): void {\n const developerGroup = props.groupMap.developers;\n const developerPermissionSet =\n this.permissionSets[PermissionSetType.DEVELOPER];\n\n // Developers get access to development, sandbox, and stage accounts\n const developerAccounts = [\n ...props.accountMap.development,\n ...props.accountMap.sandbox,\n ...props.accountMap.stage,\n ];\n\n // Create assignments for each account\n developerAccounts.forEach((accountId, index) => {\n const assignment = new sso.CfnAssignment(\n this,\n `DeveloperAssignment${index}`,\n {\n instanceArn: this.instanceArn,\n permissionSetArn: developerPermissionSet.attrPermissionSetArn,\n principalId: developerGroup,\n principalType: \"GROUP\",\n targetId: accountId,\n targetType: \"AWS_ACCOUNT\",\n },\n );\n\n Tags.of(assignment).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n Tags.of(assignment).add(\"Group\", \"developers\");\n });\n }\n}\n","import { Construct } from \"constructs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport { JaypieEnvSecret, JaypieEnvSecretProps } from \"./JaypieEnvSecret\";\n\nexport class JaypieTraceSigningKeySecret extends JaypieEnvSecret {\n constructor(\n scope: Construct,\n id = \"TraceSigningKey\",\n props?: JaypieEnvSecretProps,\n ) {\n const defaultProps: JaypieEnvSecretProps = {\n envKey: \"TRACE_SIGNING_KEY\",\n roleTag: CDK.ROLE.API,\n vendorTag: CDK.VENDOR.KNOWTRACE,\n ...props,\n };\n\n super(scope, id, defaultProps);\n }\n}\n"],"names":["CDK","Construct","Fn","secretsmanager","CfnOutput","SecretValue","Tags","Stack","LogGroup","RetentionDays","cdk","ServicePrincipal","FilterPattern","HostedZone","lambda","Duration","sqs","lambdaEventSources","PermissionSetType","sso"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAyBA;AACA,SAAS,kBAAkB,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,EAAA;IAC3C,QACE,GAAG,CAAC,WAAW,KAAKA,SAAG,CAAC,GAAG,CAAC,QAAQ;QACpC,CAAC,CAAC,GAAG,CAAC,gBAAgB;AACtB,2BAAmB,GAAG,CAAC,WAAW,KAAK,WAAW;AAClD,2BAAmB,CAAC,CAAC,GAAG,CAAC,iBAAiB;AAE9C;AAEA,SAAS,kBAAkB,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,EAAA;IAC3C,OAAO,GAAG,CAAC,WAAW,KAAKA,SAAG,CAAC,GAAG,CAAC,OAAO;AAC5C;AAEA,SAAS,SAAS,CAAC,IAAY,EAAA;IAC7B,OAAO,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,EAAE,CAAC;AAC5C;AAEA,SAAS,aAAa,CAAC,IAAY,EAAE,GAAG,GAAG,OAAO,CAAC,GAAG,EAAA;AACpD,IAAA,IAAI,OAAO;AACX,IAAA,IAAI,kBAAkB,CAAC,GAAG,CAAC,EAAE;AAC3B,QAAA,OAAO,GAAG,CAAA,IAAA,EAAO,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,IAAI,CAAA,CAAE;;AAE7D,QAAA,OAAO,SAAS,CAAC,OAAO,CAAC;;SACpB;AACL,QAAA,IAAI,kBAAkB,CAAC,GAAG,CAAC,EAAE;AAC3B,YAAA,OAAO,GAAG,CAAA,IAAA,EAAOA,SAAG,CAAC,GAAG,CAAC,OAAO,CAAI,CAAA,EAAA,GAAG,CAAC,WAAW,CAAI,CAAA,EAAA,IAAI,EAAE;;aACxD;AACL,YAAA,OAAO,GAAG,CAAA,IAAA,EAAO,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,IAAI,CAAA,CAAE;;;AAGjE,IAAA,OAAO,SAAS,CAAC,OAAO,CAAC;AAC3B;AAYM,MAAO,eAAgB,SAAQC,oBAAS,CAAA;AAI5C,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA4B,EAAA;AACpE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;QAEhB,MAAM,EACJ,QAAQ,GAAG,kBAAkB,EAAE,EAC/B,MAAM,EACN,MAAM,EAAE,WAAW,EACnB,QAAQ,GAAG,kBAAkB,EAAE,EAC/B,OAAO,EACP,SAAS,EACT,KAAK,GACN,GAAG,KAAK,IAAI,EAAE;AAEf,QAAA,IAAI,CAAC,OAAO,GAAG,MAAM;AAErB,QAAA,IAAI,UAAU;QAEd,IAAI,CAAC,WAAW,EAAE;AAChB,YAAA,UAAU,GAAG,aAAa,CAAC,EAAE,CAAC;;aACzB;AACL,YAAA,UAAU,GAAG,SAAS,CAAC,WAAW,CAAC;;QAGrC,IAAI,QAAQ,EAAE;YACZ,MAAM,UAAU,GAAGC,MAAE,CAAC,WAAW,CAAC,UAAU,CAAC;AAC7C,YAAA,IAAI,CAAC,OAAO,GAAGC,yBAAc,CAAC,MAAM,CAAC,gBAAgB,CACnD,IAAI,EACJ,EAAE,EACF,UAAU,CACX;;AAGD,YAAA,IAAIC,aAAS,CAAC,IAAI,EAAE,cAAc,EAAE;AAClC,gBAAA,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU;AAC/B,aAAA,CAAC;;aACG;YACL,MAAM,WAAW,GACf,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,KAAK;AAE7D,YAAA,MAAM,WAAW,GAA+B;AAC9C,gBAAA,iBAAiB,EAAE;AACjB,sBAAEC,eAAW,CAAC,eAAe,CAAC,WAAW;AACzC,sBAAE,SAAS;aACd;AAED,YAAA,IAAI,CAAC,OAAO,GAAG,IAAIF,yBAAc,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,EAAE,WAAW,CAAC;YAE/D,IAAI,OAAO,EAAE;AACX,gBAAAG,QAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC;;YAGlD,IAAI,SAAS,EAAE;AACb,gBAAAM,QAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC;;YAGtD,IAAI,QAAQ,EAAE;AACZ,gBAAA,IAAII,aAAS,CAAC,IAAI,EAAE,cAAc,EAAE;AAClC,oBAAA,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU;oBAC9B,UAAU;AACX,iBAAA,CAAC;;iBACG;AACL,gBAAA,IAAIA,aAAS,CAAC,IAAI,EAAE,aAAa,EAAE;AACjC,oBAAA,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU;AAC/B,iBAAA,CAAC;;;;;AAMR,IAAA,IAAW,KAAK,GAAA;AACd,QAAA,OAAOG,SAAK,CAAC,EAAE,CAAC,IAAI,CAAC;;AAGvB,IAAA,IAAW,GAAG,GAAA;QACZ,OAAO;YACL,OAAO,EAAEA,SAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,OAAO;YAC/B,MAAM,EAAEA,SAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM;SAC9B;;AAGI,IAAA,kBAAkB,CAAC,MAAqB,EAAA;AAC7C,QAAA,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,CAAC;;;AAIzC,IAAA,IAAW,SAAS,GAAA;AAClB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS;;AAG/B,IAAA,IAAW,UAAU,GAAA;AACnB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU;;AAGhC,IAAA,IAAW,aAAa,GAAA;AACtB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,aAAa;;AAGnC,IAAA,IAAW,aAAa,GAAA;AACtB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,aAAa;;AAGnC,IAAA,IAAW,WAAW,GAAA;AACpB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW;;AAG1B,IAAA,mBAAmB,CAAC,GAAW,EAAA;QACpC,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,GAAG,CAAC;;IAGvC,SAAS,CAAC,OAAmB,EAAE,aAAwB,EAAA;QAC5D,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,OAAO,EAAE,aAAa,CAAC;;AAGhD,IAAA,UAAU,CAAC,OAAmB,EAAA;QACnC,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC;;IAGlC,mBAAmB,CACxB,EAAU,EACV,OAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,EAAE,EAAE,OAAO,CAAC;;AAG/C,IAAA,mBAAmB,CACxB,SAA0B,EAAA;QAE1B,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,SAAS,CAAC;;IAG7C,qBAAqB,GAAA;AAC1B,QAAA,IAAI,CAAC,OAAO,CAAC,qBAAqB,EAAE;;AAG/B,IAAA,MAAM,CAAC,MAA+B,EAAA;QAC3C,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC;;AAGpC,IAAA,IAAW,MAAM,GAAA;QACf,OAAO,IAAI,CAAC,OAAO;;AAEtB;;ACzMD,MAAM,OAAO,GAAG;AACd,IAAA,OAAO,EAAE,uBAAuB;CACxB;AAsBJ,MAAO,gBAAiB,SAAQN,oBAAS,CAAA;AAI7C;;AAEG;AACH,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA4B,EAAA;AACpE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;QAEhB,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,OAAO,EAAE,GAAG,KAAK;QAChD,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,IAAID,SAAG,CAAC,OAAO,CAAC,cAAc;;QAG3D,IAAI,CAAC,QAAQ,GAAG,IAAIQ,gBAAQ,CAAC,IAAI,EAAE,UAAU,EAAE;AAC7C,YAAA,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC;kBACtB,gBAAgB,QAAQ,CAAA,CAAA,EAAI,OAAO,CAAC,GAAG,CAAC,aAAa,CAAE;kBACvD,CAAgB,aAAA,EAAA,QAAQ,CAAE,CAAA;YAC9B,SAAS,EAAEC,qBAAa,CAAC,QAAQ;AAClC,SAAA,CAAC;;QAGFC,cAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,CAACV,SAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;QACxDU,cAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,CAACV,SAAG,CAAC,GAAG,CAAC,IAAI,EAAEA,SAAG,CAAC,IAAI,CAAC,UAAU,CAAC;QACjE,IAAI,OAAO,EAAE;YACXU,cAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,CAACV,SAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;;;AAI1D,QAAA,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAIW,uBAAgB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;;QAG/D,IAAI,WAAW,EAAE;AACf,YAAA,IAAI,CAAC,QAAQ,CAAC,qBAAqB,CAAC,0BAA0B,EAAE;gBAC9D,WAAW;AACX,gBAAA,aAAa,EAAEC,qBAAa,CAAC,SAAS,EAAE;AACzC,aAAA,CAAC;;;QAIJ,IAAI,CAAC,UAAU,GAAG,IAAIC,qBAAU,CAAC,IAAI,EAAE,YAAY,EAAE;AACnD,YAAA,oBAAoB,EAAE,IAAI,CAAC,QAAQ,CAAC,WAAW;YAC/C,QAAQ;AACT,SAAA,CAAC;;QAGFH,cAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,GAAG,CAACV,SAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;QAC1DU,cAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,GAAG,CAACV,SAAG,CAAC,GAAG,CAAC,IAAI,EAAEA,SAAG,CAAC,IAAI,CAAC,UAAU,CAAC;QACnE,IAAI,OAAO,EAAE;YACXU,cAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,GAAG,CAACV,SAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;;;AAG/D;;ACrFK,MAAO,mBAAoB,SAAQ,eAAe,CAAA;AACtD,IAAA,WAAA,CACE,KAAgB,EAChB,EAAE,GAAG,uBAAuB,EAC5B,KAA4B,EAAA;AAE5B,QAAA,MAAM,YAAY,GAAyB;AACzC,YAAA,MAAM,EAAE,aAAa;AACrB,YAAA,OAAO,EAAEA,SAAG,CAAC,IAAI,CAAC,OAAO;AACzB,YAAA,SAAS,EAAEA,SAAG,CAAC,MAAM,CAAC,OAAO;AAC7B,YAAA,GAAG,KAAK;SACT;AAED,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,YAAY,CAAC;;AAEjC;;ACfK,MAAO,kBAAmB,SAAQ,eAAe,CAAA;AACrD,IAAA,WAAA,CACE,KAAgB,EAChB,EAAE,GAAG,cAAc,EACnB,KAA4B,EAAA;AAE5B,QAAA,MAAM,YAAY,GAAyB;AACzC,YAAA,MAAM,EAAE,gBAAgB;AACxB,YAAA,OAAO,EAAEA,SAAG,CAAC,IAAI,CAAC,UAAU;AAC5B,YAAA,SAAS,EAAEA,SAAG,CAAC,MAAM,CAAC,MAAM;AAC5B,YAAA,GAAG,KAAK;SACT;AAED,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,YAAY,CAAC;;AAEjC;;ACaK,MAAO,kBACX,SAAQC,oBAAS,CAAA;AAOjB,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA8B,EAAA;AACtE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;AAEhB,QAAA,MAAM,EACJ,SAAS,GAAG,CAAC,EACb,IAAI,EACJ,WAAW,GAAG,EAAE,EAChB,UAAU,GAAG,EAAE,EACf,IAAI,GAAG,IAAI,EACX,OAAO,GAAG,eAAe,EACzB,MAAM,GAAG,EAAE,EACX,YAAY,GAAGD,SAAG,CAAC,MAAM,CAAC,aAAa,EACvC,UAAU,GAAGA,SAAG,CAAC,MAAM,CAAC,WAAW,EACnC,gBAAgB,EAChB,4BAA4B,EAC5B,OAAO,EACP,OAAO,GAAGc,iBAAM,CAAC,OAAO,CAAC,WAAW,EACpC,OAAO,GAAG,EAAE,EACZ,OAAO,GAAGC,YAAQ,CAAC,OAAO,CAACf,SAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,EACtD,SAAS,EACT,iBAAiB,GAAGe,YAAQ,CAAC,OAAO,CAACf,SAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,GACjE,GAAG,KAAK;QAET,IAAI,CAAC,KAAK,GAAG,OAAO,IAAI,KAAK,QAAQ,GAAGc,iBAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,IAAI;;QAG1E,IAAI,CAAC,MAAM,GAAG,IAAIE,cAAG,CAAC,KAAK,CAAC,IAAI,EAAE,OAAO,EAAE;YACzC,IAAI;AACJ,YAAA,iBAAiB,EACf,OAAO,iBAAiB,KAAK;AAC3B,kBAAED,YAAQ,CAAC,OAAO,CAAC,iBAAiB;AACpC,kBAAE,iBAAiB;AACxB,SAAA,CAAC;QACF,IAAI,OAAO,EAAE;AACX,YAAAT,QAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC;;QAEjD,IAAI,SAAS,EAAE;AACb,YAAAM,QAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC;;;QAIrD,MAAM,kBAAkB,GAAG,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,MAAM,CAC1D,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM;AACvB,YAAA,GAAG,GAAG;AACN,YAAA,CAAC,UAAU,GAAG,CAAA,CAAE,GAAG,MAAM,CAAC,UAAU;SACrC,CAAC,EACF,EAAE,CACH;;QAGD,MAAM,wBAAwB,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,MAAM,KAAI;AAC9D,YAAA,IAAI,MAAM,CAAC,MAAM,EAAE;gBACjB,OAAO;AACL,oBAAA,GAAG,GAAG;oBACN,CAAC,CAAA,OAAA,EAAU,MAAM,CAAC,MAAM,EAAE,GAAG,MAAM,CAAC,UAAU;iBAC/C;;AAEH,YAAA,OAAO,GAAG;SACX,EAAE,EAAE,CAAC;;QAGN,IAAI,CAAC,OAAO,GAAG,IAAIc,iBAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,UAAU,EAAE;YACnD,IAAI,EAAE,IAAI,CAAC,KAAK;AAChB,YAAA,WAAW,EAAE;AACX,gBAAA,iBAAiB,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;AACvC,gBAAA,GAAG,WAAW;AACd,gBAAA,GAAG,kBAAkB;AACrB,gBAAA,GAAG,wBAAwB;AAC5B,aAAA;YACD,OAAO;YACP,MAAM;YACN,YAAY;YACZ,UAAU;YACV,gBAAgB;YAChB,4BAA4B;YAC5B,OAAO;AACP,YAAA,OAAO,EACL,OAAO,OAAO,KAAK,QAAQ,GAAGC,YAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO;AACpE,SAAA,CAAC;;QAGF,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,KAAI;AAC3C,YAAA,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC;AAChC,SAAC,CAAC;;AAGF,QAAA,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,KAAI;AACzB,YAAA,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC;AACtB,YAAA,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC;AAChC,SAAC,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC;QAC9C,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC;AAC3C,QAAA,IAAI,CAAC,OAAO,CAAC,cAAc,CACzB,IAAIE,6BAAkB,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,EAAE;YACjD,SAAS;AACV,SAAA,CAAC,CACH;QACD,IAAI,OAAO,EAAE;AACX,YAAAX,QAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC;;QAElD,IAAI,SAAS,EAAE;AACb,YAAAM,QAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC;;;;AAKxD,IAAA,IAAW,KAAK,GAAA;QACd,OAAO,IAAI,CAAC,MAAM;;AAGpB,IAAA,IAAW,MAAM,GAAA;QACf,OAAO,IAAI,CAAC,OAAO;;AAGrB,IAAA,IAAW,IAAI,GAAA;QACb,OAAO,IAAI,CAAC,KAAK;;;AAInB,IAAA,IAAW,WAAW,GAAA;AACpB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW;;AAGjC,IAAA,IAAW,YAAY,GAAA;AACrB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY;;AAGlC,IAAA,IAAW,cAAc,GAAA;AACvB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc;;AAGpC,IAAA,IAAW,IAAI,GAAA;AACb,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI;;AAG1B,IAAA,IAAW,YAAY,GAAA;AACrB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY;;AAGlC,IAAA,IAAW,WAAW,GAAA;AACpB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW;;AAGjC,IAAA,IAAW,YAAY,GAAA;AACrB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY;;AAGlC,IAAA,IAAW,aAAa,GAAA;AACtB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,aAAa;;AAGnC,IAAA,IAAW,eAAe,GAAA;AACxB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe;;AAGrC,IAAA,IAAW,0BAA0B,GAAA;AACnC,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,0BAA0B;;AAGzC,IAAA,cAAc,CAAC,MAA2B,EAAA;AAC/C,QAAA,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,MAAM,CAAC;;IAG9B,qBAAqB,CAC1B,EAAU,EACV,OAAyC,EAAA;QAEzC,OAAO,IAAI,CAAC,OAAO,CAAC,qBAAqB,CAAC,EAAE,EAAE,OAAO,CAAC;;AAGjD,IAAA,cAAc,CACnB,OAAmC,EAAA;QAEnC,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,OAAO,CAAC;;IAGtC,aAAa,CAAC,EAAU,EAAE,UAA6B,EAAA;QAC5D,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,EAAE,UAAU,CAAC;;AAGrC,IAAA,eAAe,CACpB,SAAwD,EAAA;AAExD,QAAA,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,SAAS,CAAC;;AAGlC,IAAA,oBAAoB,CAAC,OAAwC,EAAA;AAClE,QAAA,IAAI,CAAC,OAAO,CAAC,oBAAoB,CAAC,OAAO,CAAC;;AAGrC,IAAA,WAAW,CAChB,OAAiD,EAAA;QAEjD,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC;;AAGnC,IAAA,6BAA6B,CAClC,kBAAoE,EAAA;QAEpE,OAAO,IAAI,CAAC,OAAO,CAAC,6BAA6B,CAAC,kBAAkB,CAAC;;AAGhE,IAAA,cAAc,CACnB,OAAiD,EAAA;QAEjD,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,OAAO,CAAC;;IAGtC,MAAM,CACX,UAAkB,EAClB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,EAAE,KAAK,CAAC;;AAGxC,IAAA,cAAc,CACnB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,KAAK,CAAC;;AAGpC,IAAA,YAAY,CACjB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,KAAK,CAAC;;AAGlC,IAAA,iBAAiB,CACtB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC,KAAK,CAAC;;AAGvC,IAAA,eAAe,CACpB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC;;;AAIrC,IAAA,wBAAwB,CAAC,OAAuB,EAAA;QACrD,OAAO,IAAI,CAAC,OAAO,CAAC,wBAAwB,CAAC,OAAO,CAAC;;IAGhD,kBAAkB,CACvB,OAAuB,EACvB,OAAuB,EAAA;QAEvB,OAAO,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,OAAO,EAAE,OAAO,CAAC;;AAG1D,IAAA,IAAW,GAAG,GAAA;QACZ,OAAO;YACL,OAAO,EAAEO,SAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,OAAO;YAC/B,MAAM,EAAEA,SAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM;SAC9B;;AAGH,IAAA,IAAW,KAAK,GAAA;AACd,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK;;AAGpB,IAAA,kBAAkB,CAAC,MAAqB,EAAA;AAC7C,QAAA,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,CAAC;AACvC,QAAA,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC,MAAM,CAAC;;;AAIxC,IAAA,IAAW,IAAI,GAAA;AACb,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI;;AAGzB,IAAA,IAAW,QAAQ,GAAA;AACjB,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ;;AAG7B,IAAA,IAAW,SAAS,GAAA;AAClB,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS;;AAG9B,IAAA,IAAW,QAAQ,GAAA;AACjB,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ;;AAG7B,IAAA,IAAW,mBAAmB,GAAA;AAC5B,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,mBAAmB;;AAGjC,IAAA,mBAAmB,CACxB,SAA8B,EAAA;QAE9B,OAAO,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC,SAAS,CAAC;;AAG5C,IAAA,KAAK,CAAC,OAAuB,EAAE,GAAG,OAAiB,EAAA;QACxD,OAAO,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,GAAG,OAAO,CAAC;;AAGxC,IAAA,oBAAoB,CAAC,OAAuB,EAAA;QACjD,OAAO,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,OAAO,CAAC;;AAG3C,IAAA,UAAU,CAAC,OAAuB,EAAA;QACvC,OAAO,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC;;AAGjC,IAAA,iBAAiB,CAAC,OAAuB,EAAA;QAC9C,OAAO,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,OAAO,CAAC;;;AAIxC,IAAA,mCAAmC,CACxC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,mCAAmC,CAAC,KAAK,CAAC;;AAGxD,IAAA,wCAAwC,CAC7C,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,wCAAwC,CAAC,KAAK,CAAC;;AAG7D,IAAA,2CAA2C,CAChD,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,2CAA2C,CAAC,KAAK,CAAC;;AAGhE,IAAA,wCAAwC,CAC7C,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,wCAAwC,CAAC,KAAK,CAAC;;AAG7D,IAAA,2BAA2B,CAChC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,2BAA2B,CAAC,KAAK,CAAC;;AAGhD,IAAA,6BAA6B,CAClC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,6BAA6B,CAAC,KAAK,CAAC;;AAGlD,IAAA,8BAA8B,CACnC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,8BAA8B,CAAC,KAAK,CAAC;;AAGnD,IAAA,0BAA0B,CAC/B,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,0BAA0B,CAAC,KAAK,CAAC;;AAG/C,IAAA,qBAAqB,CAC1B,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC,KAAK,CAAC;;AAElD;;ACtWD;;AAEG;AACSW;AAAZ,CAAA,UAAY,iBAAiB,EAAA;AAC3B,IAAA,iBAAA,CAAA,eAAA,CAAA,GAAA,eAA+B;AAC/B,IAAA,iBAAA,CAAA,SAAA,CAAA,GAAA,SAAmB;AACnB,IAAA,iBAAA,CAAA,WAAA,CAAA,GAAA,WAAuB;AACzB,CAAC,EAJWA,yBAAiB,KAAjBA,yBAAiB,GAI5B,EAAA,CAAA,CAAA;AAED;;;;AAIG;AACG,MAAO,eAAgB,SAAQjB,oBAAS,CAAA;AAO5C,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA2B,EAAA;AACnE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;QAPD,IAAc,CAAA,cAAA,GAG3B,EAAqD;AAMvD,QAAA,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC,WAAW;;QAGpC,IAAI,CAAC,gCAAgC,EAAE;QACvC,IAAI,CAAC,0BAA0B,EAAE;QACjC,IAAI,CAAC,4BAA4B,EAAE;;AAGnC,QAAA,IAAI,CAAC,8BAA8B,CAAC,KAAK,CAAC;;AAG5C;;;AAGG;IACK,gCAAgC,GAAA;QACtC,MAAM,aAAa,GAAG,IAAIkB,cAAG,CAAC,gBAAgB,CAC5C,IAAI,EACJ,4BAA4B,EAC5B;YACE,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,IAAI,EAAED,yBAAiB,CAAC,aAAa;AACrC,YAAA,WAAW,EACT,8DAA8D;YAChE,eAAe,EAAEH,YAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE;YAChD,eAAe,EAAE,CAAC,6CAA6C,CAAC;AAChE,YAAA,YAAY,EAAE;AACZ,gBAAA,OAAO,EAAE,YAAY;AACrB,gBAAA,SAAS,EAAE;AACT,oBAAA;AACE,wBAAA,MAAM,EAAE,OAAO;AACf,wBAAA,MAAM,EAAE;4BACN,wBAAwB;4BACxB,0BAA0B;4BAC1B,wBAAwB;4BACxB,0BAA0B;4BAC1B,oBAAoB;4BACpB,sBAAsB;AACvB,yBAAA;AACD,wBAAA,QAAQ,EAAE,GAAG;AACd,qBAAA;AACF,iBAAA;AACF,aAAA;AACF,SAAA,CACF;QAEDT,QAAI,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,OAAO,EAAEA,SAAG,CAAC,OAAO,CAAC,GAAG,CAAC;QAE5D,IAAI,CAAC,cAAc,CAACkB,yBAAiB,CAAC,aAAa,CAAC,GAAG,aAAa;;AAGtE;;;AAGG;IACK,0BAA0B,GAAA;QAChC,MAAM,aAAa,GAAG,IAAIC,cAAG,CAAC,gBAAgB,CAC5C,IAAI,EACJ,sBAAsB,EACtB;YACE,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,IAAI,EAAED,yBAAiB,CAAC,OAAO;AAC/B,YAAA,WAAW,EACT,mEAAmE;YACrE,eAAe,EAAEH,YAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE;YAChD,eAAe,EAAE,CAAC,wCAAwC,CAAC;AAC3D,YAAA,YAAY,EAAE;AACZ,gBAAA,OAAO,EAAE,YAAY;AACrB,gBAAA,SAAS,EAAE;AACT,oBAAA;AACE,wBAAA,MAAM,EAAE,OAAO;AACf,wBAAA,MAAM,EAAE;4BACN,wBAAwB;4BACxB,wBAAwB;4BACxB,oBAAoB;4BACpB,yBAAyB;4BACzB,0BAA0B;4BAC1B,cAAc;4BACd,cAAc;4BACd,eAAe;AAChB,yBAAA;AACD,wBAAA,QAAQ,EAAE,GAAG;AACd,qBAAA;AACF,iBAAA;AACF,aAAA;AACF,SAAA,CACF;QAEDT,QAAI,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,OAAO,EAAEA,SAAG,CAAC,OAAO,CAAC,GAAG,CAAC;QAE5D,IAAI,CAAC,cAAc,CAACkB,yBAAiB,CAAC,OAAO,CAAC,GAAG,aAAa;;AAGhE;;;AAGG;IACK,4BAA4B,GAAA;QAClC,MAAM,aAAa,GAAG,IAAIC,cAAG,CAAC,gBAAgB,CAC5C,IAAI,EACJ,wBAAwB,EACxB;YACE,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,IAAI,EAAED,yBAAiB,CAAC,SAAS;AACjC,YAAA,WAAW,EACT,6DAA6D;YAC/D,eAAe,EAAEH,YAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE;AAChD,YAAA,eAAe,EAAE;gBACf,0DAA0D;AAC3D,aAAA;AACD,YAAA,YAAY,EAAE;AACZ,gBAAA,OAAO,EAAE,YAAY;AACrB,gBAAA,SAAS,EAAE;AACT,oBAAA;AACE,wBAAA,MAAM,EAAE,OAAO;AACf,wBAAA,MAAM,EAAE;4BACN,cAAc;4BACd,QAAQ;4BACR,UAAU;4BACV,cAAc;4BACd,YAAY;4BACZ,MAAM;4BACN,OAAO;4BACP,OAAO;4BACP,UAAU;4BACV,OAAO;4BACP,OAAO;4BACP,aAAa;AACd,yBAAA;AACD,wBAAA,QAAQ,EAAE,GAAG;AACd,qBAAA;AACD,oBAAA;AACE,wBAAA,MAAM,EAAE,MAAM;AACd,wBAAA,MAAM,EAAE;4BACN,YAAY;4BACZ,YAAY;4BACZ,cAAc;4BACd,iBAAiB;4BACjB,WAAW;AACZ,yBAAA;AACD,wBAAA,QAAQ,EAAE,GAAG;AACd,qBAAA;AACF,iBAAA;AACF,aAAA;AACF,SAAA,CACF;QAEDT,QAAI,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,OAAO,EAAEA,SAAG,CAAC,OAAO,CAAC,GAAG,CAAC;QAE5D,IAAI,CAAC,cAAc,CAACkB,yBAAiB,CAAC,SAAS,CAAC,GAAG,aAAa;;AAGlE;;AAEG;AACI,IAAA,gBAAgB,CAAC,IAAuB,EAAA;AAC7C,QAAA,OAAO,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC;;AAGlC;;;AAGG;AACK,IAAA,8BAA8B,CAAC,KAA2B,EAAA;;AAEhE,QAAA,IAAI,CAAC,8BAA8B,CAAC,KAAK,CAAC;;AAG1C,QAAA,IAAI,CAAC,wBAAwB,CAAC,KAAK,CAAC;;AAGpC,QAAA,IAAI,CAAC,0BAA0B,CAAC,KAAK,CAAC;;AAGxC;;AAEG;AACK,IAAA,8BAA8B,CAAC,KAA2B,EAAA;AAChE,QAAA,MAAM,kBAAkB,GAAG,KAAK,CAAC,QAAQ,CAAC,cAAc;QACxD,MAAM,0BAA0B,GAC9B,IAAI,CAAC,cAAc,CAACA,yBAAiB,CAAC,aAAa,CAAC;;AAGtD,QAAA,MAAM,WAAW,GAAG;AAClB,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,WAAW;AAC/B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,UAAU;AAC9B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,UAAU;AAC9B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,UAAU;AAC9B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,OAAO;AAC3B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,QAAQ;AAC5B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,KAAK;SAC1B;;QAGD,WAAW,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,KAAK,KAAI;AACvC,YAAA,MAAM,UAAU,GAAG,IAAIC,cAAG,CAAC,aAAa,CACtC,IAAI,EACJ,CAAA,uBAAA,EAA0B,KAAK,CAAA,CAAE,EACjC;gBACE,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,gBAAgB,EAAE,0BAA0B,CAAC,oBAAoB;AACjE,gBAAA,WAAW,EAAE,kBAAkB;AAC/B,gBAAA,aAAa,EAAE,OAAO;AACtB,gBAAA,QAAQ,EAAE,SAAS;AACnB,gBAAA,UAAU,EAAE,aAAa;AAC1B,aAAA,CACF;YAEDb,QAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,OAAO,EAAEA,SAAG,CAAC,OAAO,CAAC,GAAG,CAAC;AACzD,YAAAM,QAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,gBAAgB,CAAC;AACpD,SAAC,CAAC;;AAGJ;;AAEG;AACK,IAAA,wBAAwB,CAAC,KAA2B,EAAA;AAC1D,QAAA,MAAM,YAAY,GAAG,KAAK,CAAC,QAAQ,CAAC,QAAQ;QAC5C,MAAM,oBAAoB,GAAG,IAAI,CAAC,cAAc,CAACY,yBAAiB,CAAC,OAAO,CAAC;;AAG3E,QAAA,MAAM,eAAe,GAAG;AACtB,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,WAAW;AAC/B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,UAAU;AAC9B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,OAAO;AAC3B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,KAAK;SAC1B;;QAGD,eAAe,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,KAAK,KAAI;AAC3C,YAAA,MAAM,UAAU,GAAG,IAAIC,cAAG,CAAC,aAAa,CACtC,IAAI,EACJ,CAAA,iBAAA,EAAoB,KAAK,CAAA,CAAE,EAC3B;gBACE,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,gBAAgB,EAAE,oBAAoB,CAAC,oBAAoB;AAC3D,gBAAA,WAAW,EAAE,YAAY;AACzB,gBAAA,aAAa,EAAE,OAAO;AACtB,gBAAA,QAAQ,EAAE,SAAS;AACnB,gBAAA,UAAU,EAAE,aAAa;AAC1B,aAAA,CACF;YAEDb,QAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,OAAO,EAAEA,SAAG,CAAC,OAAO,CAAC,GAAG,CAAC;AACzD,YAAAM,QAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,UAAU,CAAC;AAC9C,SAAC,CAAC;;AAGJ;;AAEG;AACK,IAAA,0BAA0B,CAAC,KAA2B,EAAA;AAC5D,QAAA,MAAM,cAAc,GAAG,KAAK,CAAC,QAAQ,CAAC,UAAU;QAChD,MAAM,sBAAsB,GAC1B,IAAI,CAAC,cAAc,CAACY,yBAAiB,CAAC,SAAS,CAAC;;AAGlD,QAAA,MAAM,iBAAiB,GAAG;AACxB,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,WAAW;AAC/B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,OAAO;AAC3B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,KAAK;SAC1B;;QAGD,iBAAiB,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,KAAK,KAAI;AAC7C,YAAA,MAAM,UAAU,GAAG,IAAIC,cAAG,CAAC,aAAa,CACtC,IAAI,EACJ,CAAA,mBAAA,EAAsB,KAAK,CAAA,CAAE,EAC7B;gBACE,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,gBAAgB,EAAE,sBAAsB,CAAC,oBAAoB;AAC7D,gBAAA,WAAW,EAAE,cAAc;AAC3B,gBAAA,aAAa,EAAE,OAAO;AACtB,gBAAA,QAAQ,EAAE,SAAS;AACnB,gBAAA,UAAU,EAAE,aAAa;AAC1B,aAAA,CACF;YAEDb,QAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,OAAO,EAAEA,SAAG,CAAC,OAAO,CAAC,GAAG,CAAC;AACzD,YAAAM,QAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,YAAY,CAAC;AAChD,SAAC,CAAC;;AAEL;;AC7VK,MAAO,2BAA4B,SAAQ,eAAe,CAAA;AAC9D,IAAA,WAAA,CACE,KAAgB,EAChB,EAAE,GAAG,iBAAiB,EACtB,KAA4B,EAAA;AAE5B,QAAA,MAAM,YAAY,GAAyB;AACzC,YAAA,MAAM,EAAE,mBAAmB;AAC3B,YAAA,OAAO,EAAEN,SAAG,CAAC,IAAI,CAAC,GAAG;AACrB,YAAA,SAAS,EAAEA,SAAG,CAAC,MAAM,CAAC,SAAS;AAC/B,YAAA,GAAG,KAAK;SACT;AAED,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,YAAY,CAAC;;AAEjC;;;;;;;;;;"}
1
+ {"version":3,"file":"index.cjs","sources":["../../../src/JaypieEnvSecret.ts","../../../src/JaypieHostedZone.ts","../../../src/JaypieMongoDbSecret.ts","../../../src/JaypieOpenAiSecret.ts","../../../src/JaypieQueuedLambda.ts","../../../src/JaypieSsoGroups.ts","../../../src/JaypieTraceSigningKeySecret.ts"],"sourcesContent":["import { Construct } from \"constructs\";\nimport {\n CfnOutput,\n Fn,\n SecretValue,\n Tags,\n RemovalPolicy,\n Stack,\n} from \"aws-cdk-lib\";\nimport * as secretsmanager from \"aws-cdk-lib/aws-secretsmanager\";\nimport { CDK } from \"@jaypie/cdk\";\nimport {\n ISecret,\n ISecretAttachmentTarget,\n RotationSchedule,\n RotationScheduleOptions,\n} from \"aws-cdk-lib/aws-secretsmanager\";\nimport { IKey } from \"aws-cdk-lib/aws-kms\";\nimport {\n Grant,\n IGrantable,\n PolicyStatement,\n AddToResourcePolicyResult,\n} from \"aws-cdk-lib/aws-iam\";\n\n// It is a consumer if the environment is ephemeral\nfunction checkEnvIsConsumer(env = process.env): boolean {\n return (\n env.PROJECT_ENV === CDK.ENV.PERSONAL ||\n !!env.CDK_ENV_PERSONAL ||\n /** @deprecated */ env.PROJECT_ENV === \"ephemeral\" ||\n /** @deprecated */ !!env.CDK_ENV_EPHEMERAL\n );\n}\n\nfunction checkEnvIsProvider(env = process.env): boolean {\n return env.PROJECT_ENV === CDK.ENV.SANDBOX;\n}\n\nfunction cleanName(name: string): string {\n return name.replace(/[^a-zA-Z0-9:-]/g, \"\");\n}\n\nfunction exportEnvName(name: string, env = process.env): string {\n let rawName;\n if (checkEnvIsProvider(env)) {\n rawName = `env-${env.PROJECT_ENV}-${env.PROJECT_KEY}-${name}`;\n // Clean the entire name to only allow alphanumeric, colons, and hyphens\n return cleanName(rawName);\n } else {\n if (checkEnvIsConsumer(env)) {\n rawName = `env-${CDK.ENV.SANDBOX}-${env.PROJECT_KEY}-${name}`;\n } else {\n rawName = `env-${env.PROJECT_ENV}-${env.PROJECT_KEY}-${name}`;\n }\n }\n return cleanName(rawName);\n}\n\nexport interface JaypieEnvSecretProps {\n consumer?: boolean;\n envKey?: string;\n export?: string;\n provider?: boolean;\n roleTag?: string;\n vendorTag?: string;\n value?: string;\n}\n\nexport class JaypieEnvSecret extends Construct implements ISecret {\n private readonly _envKey?: string;\n private readonly _secret: secretsmanager.ISecret;\n\n constructor(scope: Construct, id: string, props?: JaypieEnvSecretProps) {\n super(scope, id);\n\n const {\n consumer = checkEnvIsConsumer(),\n envKey,\n export: exportParam,\n provider = checkEnvIsProvider(),\n roleTag,\n vendorTag,\n value,\n } = props || {};\n\n this._envKey = envKey;\n\n let exportName;\n\n if (!exportParam) {\n exportName = exportEnvName(id);\n } else {\n exportName = cleanName(exportParam);\n }\n\n if (consumer) {\n const secretName = Fn.importValue(exportName);\n this._secret = secretsmanager.Secret.fromSecretNameV2(\n this,\n id,\n secretName,\n );\n\n // Add CfnOutput for consumer secrets\n new CfnOutput(this, `ConsumedName`, {\n value: this._secret.secretName,\n });\n } else {\n const secretValue =\n envKey && process.env[envKey] ? process.env[envKey] : value;\n\n const secretProps: secretsmanager.SecretProps = {\n secretStringValue: secretValue\n ? SecretValue.unsafePlainText(secretValue)\n : undefined,\n };\n\n this._secret = new secretsmanager.Secret(this, id, secretProps);\n\n if (roleTag) {\n Tags.of(this._secret).add(CDK.TAG.ROLE, roleTag);\n }\n\n if (vendorTag) {\n Tags.of(this._secret).add(CDK.TAG.VENDOR, vendorTag);\n }\n\n if (provider) {\n new CfnOutput(this, `ProvidedName`, {\n value: this._secret.secretName,\n exportName,\n });\n } else {\n new CfnOutput(this, `CreatedName`, {\n value: this._secret.secretName,\n });\n }\n }\n }\n\n // IResource implementation\n public get stack(): Stack {\n return Stack.of(this);\n }\n\n public get env(): { account: string; region: string } {\n return {\n account: Stack.of(this).account,\n region: Stack.of(this).region,\n };\n }\n\n public applyRemovalPolicy(policy: RemovalPolicy): void {\n this._secret.applyRemovalPolicy(policy);\n }\n\n // ISecret implementation\n public get secretArn(): string {\n return this._secret.secretArn;\n }\n\n public get secretName(): string {\n return this._secret.secretName;\n }\n\n public get secretFullArn(): string | undefined {\n return this._secret.secretFullArn;\n }\n\n public get encryptionKey(): IKey | undefined {\n return this._secret.encryptionKey;\n }\n\n public get secretValue(): SecretValue {\n return this._secret.secretValue;\n }\n\n public secretValueFromJson(key: string): SecretValue {\n return this._secret.secretValueFromJson(key);\n }\n\n public grantRead(grantee: IGrantable, versionStages?: string[]): Grant {\n return this._secret.grantRead(grantee, versionStages);\n }\n\n public grantWrite(grantee: IGrantable): Grant {\n return this._secret.grantWrite(grantee);\n }\n\n public addRotationSchedule(\n id: string,\n options: RotationScheduleOptions,\n ): RotationSchedule {\n return this._secret.addRotationSchedule(id, options);\n }\n\n public addToResourcePolicy(\n statement: PolicyStatement,\n ): AddToResourcePolicyResult {\n return this._secret.addToResourcePolicy(statement);\n }\n\n public denyAccountRootDelete(): void {\n this._secret.denyAccountRootDelete();\n }\n\n public attach(target: ISecretAttachmentTarget): ISecret {\n return this._secret.attach(target);\n }\n\n public get envKey(): string | undefined {\n return this._envKey;\n }\n}\n","import { CDK } from \"@jaypie/cdk\";\nimport * as cdk from \"aws-cdk-lib\";\nimport { ServicePrincipal } from \"aws-cdk-lib/aws-iam\";\nimport {\n LogGroup,\n FilterPattern,\n RetentionDays,\n ILogGroup,\n} from \"aws-cdk-lib/aws-logs\";\nimport { HostedZone, IHostedZone } from \"aws-cdk-lib/aws-route53\";\nimport { Construct } from \"constructs\";\nimport { LambdaDestination } from \"aws-cdk-lib/aws-logs-destinations\";\n\nconst SERVICE = {\n ROUTE53: \"route53.amazonaws.com\",\n} as const;\n\ninterface JaypieHostedZoneProps {\n /**\n * The domain name for the hosted zone\n */\n zoneName: string;\n /**\n * The service tag value\n * @default CDK.SERVICE.INFRASTRUCTURE\n */\n service?: string;\n /**\n * Optional project tag value\n */\n project?: string;\n /**\n * Optional log destination\n */\n destination?: LambdaDestination;\n}\n\nexport class JaypieHostedZone extends Construct {\n public readonly hostedZone: IHostedZone;\n public readonly logGroup: ILogGroup;\n\n /**\n * Create a new hosted zone with query logging\n */\n constructor(scope: Construct, id: string, props: JaypieHostedZoneProps) {\n super(scope, id);\n\n const { destination, zoneName, project } = props;\n const service = props.service || CDK.SERVICE.INFRASTRUCTURE;\n\n // Create the log group\n this.logGroup = new LogGroup(this, \"LogGroup\", {\n logGroupName: process.env.PROJECT_NONCE\n ? `/aws/route53/${zoneName}-${process.env.PROJECT_NONCE}`\n : `/aws/route53/${zoneName}`,\n retention: RetentionDays.ONE_WEEK,\n });\n\n // Add tags\n cdk.Tags.of(this.logGroup).add(CDK.TAG.SERVICE, service);\n cdk.Tags.of(this.logGroup).add(CDK.TAG.ROLE, CDK.ROLE.NETWORKING);\n if (project) {\n cdk.Tags.of(this.logGroup).add(CDK.TAG.PROJECT, project);\n }\n\n // Grant Route 53 permissions to write to the log group\n this.logGroup.grantWrite(new ServicePrincipal(SERVICE.ROUTE53));\n\n // Add destination if provided\n if (destination) {\n this.logGroup.addSubscriptionFilter(\"DatadogLambdaDestination\", {\n destination,\n filterPattern: FilterPattern.allEvents(),\n });\n }\n\n // Create the hosted zone\n this.hostedZone = new HostedZone(this, \"HostedZone\", {\n queryLogsLogGroupArn: this.logGroup.logGroupArn,\n zoneName,\n });\n\n // Add tags\n cdk.Tags.of(this.hostedZone).add(CDK.TAG.SERVICE, service);\n cdk.Tags.of(this.hostedZone).add(CDK.TAG.ROLE, CDK.ROLE.NETWORKING);\n if (project) {\n cdk.Tags.of(this.hostedZone).add(CDK.TAG.PROJECT, project);\n }\n }\n}\n","import { Construct } from \"constructs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport { JaypieEnvSecret, JaypieEnvSecretProps } from \"./JaypieEnvSecret\";\n\nexport class JaypieMongoDbSecret extends JaypieEnvSecret {\n constructor(\n scope: Construct,\n id = \"MongoConnectionString\",\n props?: JaypieEnvSecretProps,\n ) {\n const defaultProps: JaypieEnvSecretProps = {\n envKey: \"MONGODB_URI\",\n roleTag: CDK.ROLE.STORAGE,\n vendorTag: CDK.VENDOR.MONGODB,\n ...props,\n };\n\n super(scope, id, defaultProps);\n }\n}\n","import { Construct } from \"constructs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport { JaypieEnvSecret, JaypieEnvSecretProps } from \"./JaypieEnvSecret\";\n\nexport class JaypieOpenAiSecret extends JaypieEnvSecret {\n constructor(\n scope: Construct,\n id = \"OpenAiApiKey\",\n props?: JaypieEnvSecretProps,\n ) {\n const defaultProps: JaypieEnvSecretProps = {\n envKey: \"OPENAI_API_KEY\",\n roleTag: CDK.ROLE.PROCESSING,\n vendorTag: CDK.VENDOR.OPENAI,\n ...props,\n };\n\n super(scope, id, defaultProps);\n }\n}\n","import { Construct } from \"constructs\";\nimport { Duration, Tags, Stack, RemovalPolicy } from \"aws-cdk-lib\";\nimport * as lambda from \"aws-cdk-lib/aws-lambda\";\nimport * as sqs from \"aws-cdk-lib/aws-sqs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport * as lambdaEventSources from \"aws-cdk-lib/aws-lambda-event-sources\";\nimport * as iam from \"aws-cdk-lib/aws-iam\";\nimport * as cloudwatch from \"aws-cdk-lib/aws-cloudwatch\";\nimport * as kms from \"aws-cdk-lib/aws-kms\";\nimport * as secretsmanager from \"aws-cdk-lib/aws-secretsmanager\";\nimport { JaypieEnvSecret } from \"./JaypieEnvSecret.js\";\n\nexport interface JaypieQueuedLambdaProps {\n batchSize?: number;\n code: lambda.Code | string;\n environment?: { [key: string]: string };\n envSecrets?: { [key: string]: secretsmanager.ISecret };\n fifo?: boolean;\n handler: string;\n layers?: lambda.ILayerVersion[];\n logRetention?: number;\n memorySize?: number;\n paramsAndSecrets?: lambda.ParamsAndSecretsLayerVersion;\n reservedConcurrentExecutions?: number;\n roleTag?: string;\n runtime?: lambda.Runtime;\n secrets?: JaypieEnvSecret[];\n timeout?: Duration | number;\n vendorTag?: string;\n visibilityTimeout?: Duration | number;\n}\n\nexport class JaypieQueuedLambda\n extends Construct\n implements lambda.IFunction, sqs.IQueue\n{\n private readonly _queue: sqs.Queue;\n private readonly _lambda: lambda.Function;\n private readonly _code: lambda.Code;\n\n constructor(scope: Construct, id: string, props: JaypieQueuedLambdaProps) {\n super(scope, id);\n\n const {\n batchSize = 1,\n code,\n environment = {},\n envSecrets = {},\n fifo = true,\n handler = \"index.handler\",\n layers = [],\n logRetention = CDK.LAMBDA.LOG_RETENTION,\n memorySize = CDK.LAMBDA.MEMORY_SIZE,\n paramsAndSecrets,\n reservedConcurrentExecutions,\n roleTag,\n runtime = lambda.Runtime.NODEJS_20_X,\n secrets = [],\n timeout = Duration.seconds(CDK.DURATION.LAMBDA_WORKER),\n vendorTag,\n visibilityTimeout = Duration.seconds(CDK.DURATION.LAMBDA_WORKER),\n } = props;\n\n this._code = typeof code === \"string\" ? lambda.Code.fromAsset(code) : code;\n\n // Create SQS Queue\n this._queue = new sqs.Queue(this, \"Queue\", {\n fifo,\n visibilityTimeout:\n typeof visibilityTimeout === \"number\"\n ? Duration.seconds(visibilityTimeout)\n : visibilityTimeout,\n });\n if (roleTag) {\n Tags.of(this._queue).add(CDK.TAG.ROLE, roleTag);\n }\n if (vendorTag) {\n Tags.of(this._queue).add(CDK.TAG.VENDOR, vendorTag);\n }\n\n // Process secrets environment variables\n const secretsEnvironment = Object.entries(envSecrets).reduce(\n (acc, [key, secret]) => ({\n ...acc,\n [`SECRET_${key}`]: secret.secretName,\n }),\n {},\n );\n\n // Process JaypieEnvSecret array\n const jaypieSecretsEnvironment = secrets.reduce((acc, secret) => {\n if (secret.envKey) {\n return {\n ...acc,\n [`SECRET_${secret.envKey}`]: secret.secretName,\n };\n }\n return acc;\n }, {});\n\n // Create Lambda Function\n this._lambda = new lambda.Function(this, \"Function\", {\n code: this._code,\n environment: {\n CDK_ENV_QUEUE_URL: this._queue.queueUrl,\n ...environment,\n ...secretsEnvironment,\n ...jaypieSecretsEnvironment,\n },\n handler,\n layers,\n logRetention,\n memorySize,\n paramsAndSecrets,\n reservedConcurrentExecutions,\n runtime,\n timeout:\n typeof timeout === \"number\" ? Duration.seconds(timeout) : timeout,\n });\n\n // Grant secret read permissions\n Object.values(envSecrets).forEach((secret) => {\n secret.grantRead(this._lambda);\n });\n\n // Grant read permissions for JaypieEnvSecrets\n secrets.forEach((secret) => {\n secret.grantRead(this);\n secret.grantRead(this._lambda);\n });\n\n this._queue.grantConsumeMessages(this._lambda);\n this._queue.grantSendMessages(this._lambda);\n this._lambda.addEventSource(\n new lambdaEventSources.SqsEventSource(this._queue, {\n batchSize,\n }),\n );\n if (roleTag) {\n Tags.of(this._lambda).add(CDK.TAG.ROLE, roleTag);\n }\n if (vendorTag) {\n Tags.of(this._lambda).add(CDK.TAG.VENDOR, vendorTag);\n }\n }\n\n // Public accessors\n public get queue(): sqs.Queue {\n return this._queue;\n }\n\n public get lambda(): lambda.Function {\n return this._lambda;\n }\n\n public get code(): lambda.Code {\n return this._code;\n }\n\n // IFunction implementation\n public get functionArn(): string {\n return this._lambda.functionArn;\n }\n\n public get functionName(): string {\n return this._lambda.functionName;\n }\n\n public get grantPrincipal(): import(\"aws-cdk-lib/aws-iam\").IPrincipal {\n return this._lambda.grantPrincipal;\n }\n\n public get role(): import(\"aws-cdk-lib/aws-iam\").IRole | undefined {\n return this._lambda.role;\n }\n\n public get architecture(): lambda.Architecture {\n return this._lambda.architecture;\n }\n\n public get connections(): import(\"aws-cdk-lib/aws-ec2\").Connections {\n return this._lambda.connections;\n }\n\n public get isBoundToVpc(): boolean {\n return this._lambda.isBoundToVpc;\n }\n\n public get latestVersion(): lambda.IVersion {\n return this._lambda.latestVersion;\n }\n\n public get permissionsNode(): import(\"constructs\").Node {\n return this._lambda.permissionsNode;\n }\n\n public get resourceArnsForGrantInvoke(): string[] {\n return this._lambda.resourceArnsForGrantInvoke;\n }\n\n public addEventSource(source: lambda.IEventSource): void {\n this._lambda.addEventSource(source);\n }\n\n public addEventSourceMapping(\n id: string,\n options: lambda.EventSourceMappingOptions,\n ): lambda.EventSourceMapping {\n return this._lambda.addEventSourceMapping(id, options);\n }\n\n public addFunctionUrl(\n options?: lambda.FunctionUrlOptions,\n ): lambda.FunctionUrl {\n return this._lambda.addFunctionUrl(options);\n }\n\n public addPermission(id: string, permission: lambda.Permission): void {\n this._lambda.addPermission(id, permission);\n }\n\n public addToRolePolicy(\n statement: import(\"aws-cdk-lib/aws-iam\").PolicyStatement,\n ): void {\n this._lambda.addToRolePolicy(statement);\n }\n\n public configureAsyncInvoke(options: lambda.EventInvokeConfigOptions): void {\n this._lambda.configureAsyncInvoke(options);\n }\n\n public grantInvoke(\n grantee: import(\"aws-cdk-lib/aws-iam\").IGrantable,\n ): import(\"aws-cdk-lib/aws-iam\").Grant {\n return this._lambda.grantInvoke(grantee);\n }\n\n public grantInvokeCompositePrincipal(\n compositePrincipal: import(\"aws-cdk-lib/aws-iam\").CompositePrincipal,\n ): import(\"aws-cdk-lib/aws-iam\").Grant[] {\n return this._lambda.grantInvokeCompositePrincipal(compositePrincipal);\n }\n\n public grantInvokeUrl(\n grantee: import(\"aws-cdk-lib/aws-iam\").IGrantable,\n ): import(\"aws-cdk-lib/aws-iam\").Grant {\n return this._lambda.grantInvokeUrl(grantee);\n }\n\n public metric(\n metricName: string,\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metric(metricName, props);\n }\n\n public metricDuration(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricDuration(props);\n }\n\n public metricErrors(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricErrors(props);\n }\n\n public metricInvocations(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricInvocations(props);\n }\n\n public metricThrottles(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricThrottles(props);\n }\n\n // Additional IFunction implementation\n public grantInvokeLatestVersion(grantee: iam.IGrantable): iam.Grant {\n return this._lambda.grantInvokeLatestVersion(grantee);\n }\n\n public grantInvokeVersion(\n grantee: iam.IGrantable,\n version: lambda.Version,\n ): iam.Grant {\n return this._lambda.grantInvokeVersion(grantee, version);\n }\n\n public get env() {\n return {\n account: Stack.of(this).account,\n region: Stack.of(this).region,\n };\n }\n\n public get stack(): Stack {\n return this._lambda.stack;\n }\n\n public applyRemovalPolicy(policy: RemovalPolicy): void {\n this._lambda.applyRemovalPolicy(policy);\n this._queue.applyRemovalPolicy(policy);\n }\n\n // IQueue implementation\n public get fifo(): boolean {\n return this._queue.fifo;\n }\n\n public get queueArn(): string {\n return this._queue.queueArn;\n }\n\n public get queueName(): string {\n return this._queue.queueName;\n }\n\n public get queueUrl(): string {\n return this._queue.queueUrl;\n }\n\n public get encryptionMasterKey(): kms.IKey | undefined {\n return this._queue.encryptionMasterKey;\n }\n\n public addToResourcePolicy(\n statement: iam.PolicyStatement,\n ): iam.AddToResourcePolicyResult {\n return this._queue.addToResourcePolicy(statement);\n }\n\n public grant(grantee: iam.IGrantable, ...actions: string[]): iam.Grant {\n return this._queue.grant(grantee, ...actions);\n }\n\n public grantConsumeMessages(grantee: iam.IGrantable): iam.Grant {\n return this._queue.grantConsumeMessages(grantee);\n }\n\n public grantPurge(grantee: iam.IGrantable): iam.Grant {\n return this._queue.grantPurge(grantee);\n }\n\n public grantSendMessages(grantee: iam.IGrantable): iam.Grant {\n return this._queue.grantSendMessages(grantee);\n }\n\n // Queue metrics\n public metricApproximateAgeOfOldestMessage(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateAgeOfOldestMessage(props);\n }\n\n public metricApproximateNumberOfMessagesDelayed(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateNumberOfMessagesDelayed(props);\n }\n\n public metricApproximateNumberOfMessagesNotVisible(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateNumberOfMessagesNotVisible(props);\n }\n\n public metricApproximateNumberOfMessagesVisible(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateNumberOfMessagesVisible(props);\n }\n\n public metricNumberOfEmptyReceives(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfEmptyReceives(props);\n }\n\n public metricNumberOfMessagesDeleted(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfMessagesDeleted(props);\n }\n\n public metricNumberOfMessagesReceived(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfMessagesReceived(props);\n }\n\n public metricNumberOfMessagesSent(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfMessagesSent(props);\n }\n\n public metricSentMessageSize(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricSentMessageSize(props);\n }\n}\n","import { Construct } from \"constructs\";\nimport { Tags, Duration } from \"aws-cdk-lib\";\nimport * as sso from \"aws-cdk-lib/aws-sso\";\nimport { CDK } from \"@jaypie/cdk\";\n\n/**\n * Account categories for SSO group assignments\n */\nexport interface JaypieSsoAccountMap {\n development: string[];\n management: string[];\n operations: string[];\n production: string[];\n sandbox: string[];\n security: string[];\n stage: string[];\n}\n\n/**\n * Mapping of group types to Google Workspace group GUIDs\n */\nexport interface JaypieSsoGroupMap {\n administrators: string;\n analysts: string;\n developers: string;\n}\n\n/**\n * IAM Policy Statement structure for inline policies\n */\nexport interface PolicyStatement {\n Effect: \"Allow\" | \"Deny\";\n Action: string[] | string;\n Resource: string[] | string;\n Condition?: Record<string, unknown>;\n}\n\n/**\n * Properties for the JaypieSsoGroups construct\n */\nexport interface JaypieSsoGroupsProps {\n /**\n * ARN of the IAM Identity Center instance\n */\n instanceArn: string;\n\n /**\n * Mapping of account categories to AWS account IDs\n */\n accountMap: JaypieSsoAccountMap;\n\n /**\n * Mapping of group types to Google Workspace group GUIDs\n */\n groupMap: JaypieSsoGroupMap;\n\n /**\n * Additional inline policy statements to append to each group's permission set\n * Each group can have its own set of policy statements that will be merged\n * with the default policies.\n */\n inlinePolicyStatements?: {\n administrators?: PolicyStatement[];\n analysts?: PolicyStatement[];\n developers?: PolicyStatement[];\n };\n}\n\n/**\n * Permission set types with corresponding AWS managed policies\n */\nexport enum PermissionSetType {\n ADMINISTRATOR = \"Administrator\",\n ANALYST = \"Analyst\",\n DEVELOPER = \"Developer\",\n}\n\n/**\n * Construct to simplify AWS SSO group management.\n * This construct encapsulates the complexity of creating permission sets\n * and assigning them to groups across multiple AWS accounts.\n */\nexport class JaypieSsoGroups extends Construct {\n private readonly permissionSets: Record<\n PermissionSetType,\n sso.CfnPermissionSet\n > = {} as Record<PermissionSetType, sso.CfnPermissionSet>;\n private readonly instanceArn: string;\n private readonly props: JaypieSsoGroupsProps;\n\n constructor(scope: Construct, id: string, props: JaypieSsoGroupsProps) {\n super(scope, id);\n\n this.instanceArn = props.instanceArn;\n this.props = props;\n\n // Create the permission sets\n this.createAdministratorPermissionSet();\n this.createAnalystPermissionSet();\n this.createDeveloperPermissionSet();\n\n // Create the assignments\n this.createPermissionSetAssignments(props);\n }\n\n /**\n * Creates the Administrator permission set with AdministratorAccess policy\n * and billing access\n */\n private createAdministratorPermissionSet(): void {\n const defaultInlinePolicy = {\n Version: \"2012-10-17\",\n Statement: [\n {\n Effect: \"Allow\",\n Action: [\n \"aws-portal:ViewBilling\",\n \"aws-portal:ModifyBilling\",\n \"aws-portal:ViewAccount\",\n \"aws-portal:ModifyAccount\",\n \"budgets:ViewBudget\",\n \"budgets:ModifyBudget\",\n ],\n Resource: \"*\",\n },\n ],\n };\n\n // Merge with any additional policy statements provided for administrators\n const mergedPolicy = this.mergeInlinePolicies(\n defaultInlinePolicy,\n this.props?.inlinePolicyStatements?.administrators,\n );\n\n const permissionSet = new sso.CfnPermissionSet(\n this,\n \"AdministratorPermissionSet\",\n {\n instanceArn: this.instanceArn,\n name: PermissionSetType.ADMINISTRATOR,\n description:\n \"Full administrative access to all AWS services and resources\",\n sessionDuration: Duration.hours(8).toIsoString(),\n managedPolicies: [\"arn:aws:iam::aws:policy/AdministratorAccess\"],\n inlinePolicy: mergedPolicy,\n },\n );\n\n Tags.of(permissionSet).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n\n this.permissionSets[PermissionSetType.ADMINISTRATOR] = permissionSet;\n }\n\n /**\n * Creates the Analyst permission set with ReadOnlyAccess policy\n * and limited write access\n */\n private createAnalystPermissionSet(): void {\n const defaultInlinePolicy = {\n Version: \"2012-10-17\",\n Statement: [\n {\n Effect: \"Allow\",\n Action: [\n \"aws-portal:ViewBilling\",\n \"aws-portal:ViewAccount\",\n \"budgets:ViewBudget\",\n \"cloudwatch:PutDashboard\",\n \"cloudwatch:PutMetricData\",\n \"s3:PutObject\",\n \"s3:GetObject\",\n \"s3:ListBucket\",\n ],\n Resource: \"*\",\n },\n ],\n };\n\n // Merge with any additional policy statements provided for analysts\n const mergedPolicy = this.mergeInlinePolicies(\n defaultInlinePolicy,\n this.props?.inlinePolicyStatements?.analysts,\n );\n\n const permissionSet = new sso.CfnPermissionSet(\n this,\n \"AnalystPermissionSet\",\n {\n instanceArn: this.instanceArn,\n name: PermissionSetType.ANALYST,\n description:\n \"Read-only access with billing visibility and limited write access\",\n sessionDuration: Duration.hours(4).toIsoString(),\n managedPolicies: [\"arn:aws:iam::aws:policy/ReadOnlyAccess\"],\n inlinePolicy: mergedPolicy,\n },\n );\n\n Tags.of(permissionSet).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n\n this.permissionSets[PermissionSetType.ANALYST] = permissionSet;\n }\n\n /**\n * Creates the Developer permission set with SystemAdministrator policy\n * and expanded write access\n */\n private createDeveloperPermissionSet(): void {\n const defaultInlinePolicy = {\n Version: \"2012-10-17\",\n Statement: [\n {\n Effect: \"Allow\",\n Action: [\n \"cloudwatch:*\",\n \"logs:*\",\n \"lambda:*\",\n \"apigateway:*\",\n \"dynamodb:*\",\n \"s3:*\",\n \"sns:*\",\n \"sqs:*\",\n \"events:*\",\n \"ecr:*\",\n \"ecs:*\",\n \"codebuild:*\",\n ],\n Resource: \"*\",\n },\n {\n Effect: \"Deny\",\n Action: [\n \"iam:*User*\",\n \"iam:*Role*\",\n \"iam:*Policy*\",\n \"organizations:*\",\n \"account:*\",\n ],\n Resource: \"*\",\n },\n ],\n };\n\n // Merge with any additional policy statements provided for developers\n const mergedPolicy = this.mergeInlinePolicies(\n defaultInlinePolicy,\n this.props?.inlinePolicyStatements?.developers,\n );\n\n const permissionSet = new sso.CfnPermissionSet(\n this,\n \"DeveloperPermissionSet\",\n {\n instanceArn: this.instanceArn,\n name: PermissionSetType.DEVELOPER,\n description:\n \"System administrator access with expanded write permissions\",\n sessionDuration: Duration.hours(8).toIsoString(),\n managedPolicies: [\n \"arn:aws:iam::aws:policy/job-function/SystemAdministrator\",\n ],\n inlinePolicy: mergedPolicy,\n },\n );\n\n Tags.of(permissionSet).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n\n this.permissionSets[PermissionSetType.DEVELOPER] = permissionSet;\n }\n\n /**\n * Gets the permission set for the specified type\n */\n public getPermissionSet(type: PermissionSetType): sso.CfnPermissionSet {\n return this.permissionSets[type];\n }\n\n /**\n * Merges default inline policies with additional user-provided policy statements\n *\n * @param defaultPolicy - The default policy object with Version and Statement properties\n * @param additionalStatements - Optional additional policy statements to merge\n * @returns The merged policy object\n */\n private mergeInlinePolicies(\n defaultPolicy: Record<string, unknown>,\n additionalStatements?: PolicyStatement[],\n ): Record<string, unknown> {\n if (!additionalStatements || additionalStatements.length === 0) {\n return defaultPolicy;\n }\n\n // Create a deep copy of the default policy to avoid modifying the original\n const mergedPolicy = JSON.parse(JSON.stringify(defaultPolicy));\n\n // Add the additional statements to the existing statements\n mergedPolicy.Statement = [\n ...mergedPolicy.Statement,\n ...additionalStatements,\n ];\n\n return mergedPolicy;\n }\n\n /**\n * Creates assignments between permission sets, groups, and accounts\n * based on the provided configuration\n */\n private createPermissionSetAssignments(props: JaypieSsoGroupsProps): void {\n // Administrator assignments\n this.assignAdministratorPermissions(props);\n\n // Analyst assignments\n this.assignAnalystPermissions(props);\n\n // Developer assignments\n this.assignDeveloperPermissions(props);\n }\n\n /**\n * Assigns Administrator permissions to appropriate accounts\n */\n private assignAdministratorPermissions(props: JaypieSsoGroupsProps): void {\n const administratorGroup = props.groupMap.administrators;\n const administratorPermissionSet =\n this.permissionSets[PermissionSetType.ADMINISTRATOR];\n\n // Administrators get access to all accounts\n const allAccounts = [\n ...props.accountMap.development,\n ...props.accountMap.management,\n ...props.accountMap.operations,\n ...props.accountMap.production,\n ...props.accountMap.sandbox,\n ...props.accountMap.security,\n ...props.accountMap.stage,\n ];\n\n // Create assignments for each account\n allAccounts.forEach((accountId, index) => {\n const assignment = new sso.CfnAssignment(\n this,\n `AdministratorAssignment${index}`,\n {\n instanceArn: this.instanceArn,\n permissionSetArn: administratorPermissionSet.attrPermissionSetArn,\n principalId: administratorGroup,\n principalType: \"GROUP\",\n targetId: accountId,\n targetType: \"AWS_ACCOUNT\",\n },\n );\n\n Tags.of(assignment).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n Tags.of(assignment).add(\"Group\", \"administrators\");\n });\n }\n\n /**\n * Assigns Analyst permissions to appropriate accounts\n */\n private assignAnalystPermissions(props: JaypieSsoGroupsProps): void {\n const analystGroup = props.groupMap.analysts;\n const analystPermissionSet = this.permissionSets[PermissionSetType.ANALYST];\n\n // Analysts get access to development, management, sandbox, and stage accounts\n const analystAccounts = [\n ...props.accountMap.development,\n ...props.accountMap.management,\n ...props.accountMap.sandbox,\n ...props.accountMap.stage,\n ];\n\n // Create assignments for each account\n analystAccounts.forEach((accountId, index) => {\n const assignment = new sso.CfnAssignment(\n this,\n `AnalystAssignment${index}`,\n {\n instanceArn: this.instanceArn,\n permissionSetArn: analystPermissionSet.attrPermissionSetArn,\n principalId: analystGroup,\n principalType: \"GROUP\",\n targetId: accountId,\n targetType: \"AWS_ACCOUNT\",\n },\n );\n\n Tags.of(assignment).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n Tags.of(assignment).add(\"Group\", \"analysts\");\n });\n }\n\n /**\n * Assigns Developer permissions to appropriate accounts\n */\n private assignDeveloperPermissions(props: JaypieSsoGroupsProps): void {\n const developerGroup = props.groupMap.developers;\n const developerPermissionSet =\n this.permissionSets[PermissionSetType.DEVELOPER];\n\n // Developers get access to development, sandbox, and stage accounts\n const developerAccounts = [\n ...props.accountMap.development,\n ...props.accountMap.sandbox,\n ...props.accountMap.stage,\n ];\n\n // Create assignments for each account\n developerAccounts.forEach((accountId, index) => {\n const assignment = new sso.CfnAssignment(\n this,\n `DeveloperAssignment${index}`,\n {\n instanceArn: this.instanceArn,\n permissionSetArn: developerPermissionSet.attrPermissionSetArn,\n principalId: developerGroup,\n principalType: \"GROUP\",\n targetId: accountId,\n targetType: \"AWS_ACCOUNT\",\n },\n );\n\n Tags.of(assignment).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n Tags.of(assignment).add(\"Group\", \"developers\");\n });\n }\n}\n","import { Construct } from \"constructs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport { JaypieEnvSecret, JaypieEnvSecretProps } from \"./JaypieEnvSecret\";\n\nexport class JaypieTraceSigningKeySecret extends JaypieEnvSecret {\n constructor(\n scope: Construct,\n id = \"TraceSigningKey\",\n props?: JaypieEnvSecretProps,\n ) {\n const defaultProps: JaypieEnvSecretProps = {\n envKey: \"TRACE_SIGNING_KEY\",\n roleTag: CDK.ROLE.API,\n vendorTag: CDK.VENDOR.KNOWTRACE,\n ...props,\n };\n\n super(scope, id, defaultProps);\n }\n}\n"],"names":["CDK","Construct","Fn","secretsmanager","CfnOutput","SecretValue","Tags","Stack","LogGroup","RetentionDays","cdk","ServicePrincipal","FilterPattern","HostedZone","lambda","Duration","sqs","lambdaEventSources","PermissionSetType","sso"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAyBA;AACA,SAAS,kBAAkB,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,EAAA;IAC3C,QACE,GAAG,CAAC,WAAW,KAAKA,SAAG,CAAC,GAAG,CAAC,QAAQ;QACpC,CAAC,CAAC,GAAG,CAAC,gBAAgB;AACtB,2BAAmB,GAAG,CAAC,WAAW,KAAK,WAAW;AAClD,2BAAmB,CAAC,CAAC,GAAG,CAAC,iBAAiB;AAE9C;AAEA,SAAS,kBAAkB,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,EAAA;IAC3C,OAAO,GAAG,CAAC,WAAW,KAAKA,SAAG,CAAC,GAAG,CAAC,OAAO;AAC5C;AAEA,SAAS,SAAS,CAAC,IAAY,EAAA;IAC7B,OAAO,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,EAAE,CAAC;AAC5C;AAEA,SAAS,aAAa,CAAC,IAAY,EAAE,GAAG,GAAG,OAAO,CAAC,GAAG,EAAA;AACpD,IAAA,IAAI,OAAO;AACX,IAAA,IAAI,kBAAkB,CAAC,GAAG,CAAC,EAAE;AAC3B,QAAA,OAAO,GAAG,CAAA,IAAA,EAAO,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,IAAI,CAAA,CAAE;;AAE7D,QAAA,OAAO,SAAS,CAAC,OAAO,CAAC;;SACpB;AACL,QAAA,IAAI,kBAAkB,CAAC,GAAG,CAAC,EAAE;AAC3B,YAAA,OAAO,GAAG,CAAA,IAAA,EAAOA,SAAG,CAAC,GAAG,CAAC,OAAO,CAAI,CAAA,EAAA,GAAG,CAAC,WAAW,CAAI,CAAA,EAAA,IAAI,EAAE;;aACxD;AACL,YAAA,OAAO,GAAG,CAAA,IAAA,EAAO,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,IAAI,CAAA,CAAE;;;AAGjE,IAAA,OAAO,SAAS,CAAC,OAAO,CAAC;AAC3B;AAYM,MAAO,eAAgB,SAAQC,oBAAS,CAAA;AAI5C,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA4B,EAAA;AACpE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;QAEhB,MAAM,EACJ,QAAQ,GAAG,kBAAkB,EAAE,EAC/B,MAAM,EACN,MAAM,EAAE,WAAW,EACnB,QAAQ,GAAG,kBAAkB,EAAE,EAC/B,OAAO,EACP,SAAS,EACT,KAAK,GACN,GAAG,KAAK,IAAI,EAAE;AAEf,QAAA,IAAI,CAAC,OAAO,GAAG,MAAM;AAErB,QAAA,IAAI,UAAU;QAEd,IAAI,CAAC,WAAW,EAAE;AAChB,YAAA,UAAU,GAAG,aAAa,CAAC,EAAE,CAAC;;aACzB;AACL,YAAA,UAAU,GAAG,SAAS,CAAC,WAAW,CAAC;;QAGrC,IAAI,QAAQ,EAAE;YACZ,MAAM,UAAU,GAAGC,MAAE,CAAC,WAAW,CAAC,UAAU,CAAC;AAC7C,YAAA,IAAI,CAAC,OAAO,GAAGC,yBAAc,CAAC,MAAM,CAAC,gBAAgB,CACnD,IAAI,EACJ,EAAE,EACF,UAAU,CACX;;AAGD,YAAA,IAAIC,aAAS,CAAC,IAAI,EAAE,cAAc,EAAE;AAClC,gBAAA,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU;AAC/B,aAAA,CAAC;;aACG;YACL,MAAM,WAAW,GACf,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,KAAK;AAE7D,YAAA,MAAM,WAAW,GAA+B;AAC9C,gBAAA,iBAAiB,EAAE;AACjB,sBAAEC,eAAW,CAAC,eAAe,CAAC,WAAW;AACzC,sBAAE,SAAS;aACd;AAED,YAAA,IAAI,CAAC,OAAO,GAAG,IAAIF,yBAAc,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,EAAE,WAAW,CAAC;YAE/D,IAAI,OAAO,EAAE;AACX,gBAAAG,QAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC;;YAGlD,IAAI,SAAS,EAAE;AACb,gBAAAM,QAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC;;YAGtD,IAAI,QAAQ,EAAE;AACZ,gBAAA,IAAII,aAAS,CAAC,IAAI,EAAE,cAAc,EAAE;AAClC,oBAAA,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU;oBAC9B,UAAU;AACX,iBAAA,CAAC;;iBACG;AACL,gBAAA,IAAIA,aAAS,CAAC,IAAI,EAAE,aAAa,EAAE;AACjC,oBAAA,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU;AAC/B,iBAAA,CAAC;;;;;AAMR,IAAA,IAAW,KAAK,GAAA;AACd,QAAA,OAAOG,SAAK,CAAC,EAAE,CAAC,IAAI,CAAC;;AAGvB,IAAA,IAAW,GAAG,GAAA;QACZ,OAAO;YACL,OAAO,EAAEA,SAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,OAAO;YAC/B,MAAM,EAAEA,SAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM;SAC9B;;AAGI,IAAA,kBAAkB,CAAC,MAAqB,EAAA;AAC7C,QAAA,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,CAAC;;;AAIzC,IAAA,IAAW,SAAS,GAAA;AAClB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS;;AAG/B,IAAA,IAAW,UAAU,GAAA;AACnB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU;;AAGhC,IAAA,IAAW,aAAa,GAAA;AACtB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,aAAa;;AAGnC,IAAA,IAAW,aAAa,GAAA;AACtB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,aAAa;;AAGnC,IAAA,IAAW,WAAW,GAAA;AACpB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW;;AAG1B,IAAA,mBAAmB,CAAC,GAAW,EAAA;QACpC,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,GAAG,CAAC;;IAGvC,SAAS,CAAC,OAAmB,EAAE,aAAwB,EAAA;QAC5D,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,OAAO,EAAE,aAAa,CAAC;;AAGhD,IAAA,UAAU,CAAC,OAAmB,EAAA;QACnC,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC;;IAGlC,mBAAmB,CACxB,EAAU,EACV,OAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,EAAE,EAAE,OAAO,CAAC;;AAG/C,IAAA,mBAAmB,CACxB,SAA0B,EAAA;QAE1B,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,SAAS,CAAC;;IAG7C,qBAAqB,GAAA;AAC1B,QAAA,IAAI,CAAC,OAAO,CAAC,qBAAqB,EAAE;;AAG/B,IAAA,MAAM,CAAC,MAA+B,EAAA;QAC3C,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC;;AAGpC,IAAA,IAAW,MAAM,GAAA;QACf,OAAO,IAAI,CAAC,OAAO;;AAEtB;;ACzMD,MAAM,OAAO,GAAG;AACd,IAAA,OAAO,EAAE,uBAAuB;CACxB;AAsBJ,MAAO,gBAAiB,SAAQN,oBAAS,CAAA;AAI7C;;AAEG;AACH,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA4B,EAAA;AACpE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;QAEhB,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,OAAO,EAAE,GAAG,KAAK;QAChD,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,IAAID,SAAG,CAAC,OAAO,CAAC,cAAc;;QAG3D,IAAI,CAAC,QAAQ,GAAG,IAAIQ,gBAAQ,CAAC,IAAI,EAAE,UAAU,EAAE;AAC7C,YAAA,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC;kBACtB,gBAAgB,QAAQ,CAAA,CAAA,EAAI,OAAO,CAAC,GAAG,CAAC,aAAa,CAAE;kBACvD,CAAgB,aAAA,EAAA,QAAQ,CAAE,CAAA;YAC9B,SAAS,EAAEC,qBAAa,CAAC,QAAQ;AAClC,SAAA,CAAC;;QAGFC,cAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,CAACV,SAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;QACxDU,cAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,CAACV,SAAG,CAAC,GAAG,CAAC,IAAI,EAAEA,SAAG,CAAC,IAAI,CAAC,UAAU,CAAC;QACjE,IAAI,OAAO,EAAE;YACXU,cAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,CAACV,SAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;;;AAI1D,QAAA,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAIW,uBAAgB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;;QAG/D,IAAI,WAAW,EAAE;AACf,YAAA,IAAI,CAAC,QAAQ,CAAC,qBAAqB,CAAC,0BAA0B,EAAE;gBAC9D,WAAW;AACX,gBAAA,aAAa,EAAEC,qBAAa,CAAC,SAAS,EAAE;AACzC,aAAA,CAAC;;;QAIJ,IAAI,CAAC,UAAU,GAAG,IAAIC,qBAAU,CAAC,IAAI,EAAE,YAAY,EAAE;AACnD,YAAA,oBAAoB,EAAE,IAAI,CAAC,QAAQ,CAAC,WAAW;YAC/C,QAAQ;AACT,SAAA,CAAC;;QAGFH,cAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,GAAG,CAACV,SAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;QAC1DU,cAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,GAAG,CAACV,SAAG,CAAC,GAAG,CAAC,IAAI,EAAEA,SAAG,CAAC,IAAI,CAAC,UAAU,CAAC;QACnE,IAAI,OAAO,EAAE;YACXU,cAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,GAAG,CAACV,SAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;;;AAG/D;;ACrFK,MAAO,mBAAoB,SAAQ,eAAe,CAAA;AACtD,IAAA,WAAA,CACE,KAAgB,EAChB,EAAE,GAAG,uBAAuB,EAC5B,KAA4B,EAAA;AAE5B,QAAA,MAAM,YAAY,GAAyB;AACzC,YAAA,MAAM,EAAE,aAAa;AACrB,YAAA,OAAO,EAAEA,SAAG,CAAC,IAAI,CAAC,OAAO;AACzB,YAAA,SAAS,EAAEA,SAAG,CAAC,MAAM,CAAC,OAAO;AAC7B,YAAA,GAAG,KAAK;SACT;AAED,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,YAAY,CAAC;;AAEjC;;ACfK,MAAO,kBAAmB,SAAQ,eAAe,CAAA;AACrD,IAAA,WAAA,CACE,KAAgB,EAChB,EAAE,GAAG,cAAc,EACnB,KAA4B,EAAA;AAE5B,QAAA,MAAM,YAAY,GAAyB;AACzC,YAAA,MAAM,EAAE,gBAAgB;AACxB,YAAA,OAAO,EAAEA,SAAG,CAAC,IAAI,CAAC,UAAU;AAC5B,YAAA,SAAS,EAAEA,SAAG,CAAC,MAAM,CAAC,MAAM;AAC5B,YAAA,GAAG,KAAK;SACT;AAED,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,YAAY,CAAC;;AAEjC;;ACaK,MAAO,kBACX,SAAQC,oBAAS,CAAA;AAOjB,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA8B,EAAA;AACtE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;AAEhB,QAAA,MAAM,EACJ,SAAS,GAAG,CAAC,EACb,IAAI,EACJ,WAAW,GAAG,EAAE,EAChB,UAAU,GAAG,EAAE,EACf,IAAI,GAAG,IAAI,EACX,OAAO,GAAG,eAAe,EACzB,MAAM,GAAG,EAAE,EACX,YAAY,GAAGD,SAAG,CAAC,MAAM,CAAC,aAAa,EACvC,UAAU,GAAGA,SAAG,CAAC,MAAM,CAAC,WAAW,EACnC,gBAAgB,EAChB,4BAA4B,EAC5B,OAAO,EACP,OAAO,GAAGc,iBAAM,CAAC,OAAO,CAAC,WAAW,EACpC,OAAO,GAAG,EAAE,EACZ,OAAO,GAAGC,YAAQ,CAAC,OAAO,CAACf,SAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,EACtD,SAAS,EACT,iBAAiB,GAAGe,YAAQ,CAAC,OAAO,CAACf,SAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,GACjE,GAAG,KAAK;QAET,IAAI,CAAC,KAAK,GAAG,OAAO,IAAI,KAAK,QAAQ,GAAGc,iBAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,IAAI;;QAG1E,IAAI,CAAC,MAAM,GAAG,IAAIE,cAAG,CAAC,KAAK,CAAC,IAAI,EAAE,OAAO,EAAE;YACzC,IAAI;AACJ,YAAA,iBAAiB,EACf,OAAO,iBAAiB,KAAK;AAC3B,kBAAED,YAAQ,CAAC,OAAO,CAAC,iBAAiB;AACpC,kBAAE,iBAAiB;AACxB,SAAA,CAAC;QACF,IAAI,OAAO,EAAE;AACX,YAAAT,QAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC;;QAEjD,IAAI,SAAS,EAAE;AACb,YAAAM,QAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC;;;QAIrD,MAAM,kBAAkB,GAAG,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,MAAM,CAC1D,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM;AACvB,YAAA,GAAG,GAAG;AACN,YAAA,CAAC,UAAU,GAAG,CAAA,CAAE,GAAG,MAAM,CAAC,UAAU;SACrC,CAAC,EACF,EAAE,CACH;;QAGD,MAAM,wBAAwB,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,MAAM,KAAI;AAC9D,YAAA,IAAI,MAAM,CAAC,MAAM,EAAE;gBACjB,OAAO;AACL,oBAAA,GAAG,GAAG;oBACN,CAAC,CAAA,OAAA,EAAU,MAAM,CAAC,MAAM,EAAE,GAAG,MAAM,CAAC,UAAU;iBAC/C;;AAEH,YAAA,OAAO,GAAG;SACX,EAAE,EAAE,CAAC;;QAGN,IAAI,CAAC,OAAO,GAAG,IAAIc,iBAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,UAAU,EAAE;YACnD,IAAI,EAAE,IAAI,CAAC,KAAK;AAChB,YAAA,WAAW,EAAE;AACX,gBAAA,iBAAiB,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;AACvC,gBAAA,GAAG,WAAW;AACd,gBAAA,GAAG,kBAAkB;AACrB,gBAAA,GAAG,wBAAwB;AAC5B,aAAA;YACD,OAAO;YACP,MAAM;YACN,YAAY;YACZ,UAAU;YACV,gBAAgB;YAChB,4BAA4B;YAC5B,OAAO;AACP,YAAA,OAAO,EACL,OAAO,OAAO,KAAK,QAAQ,GAAGC,YAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO;AACpE,SAAA,CAAC;;QAGF,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,KAAI;AAC3C,YAAA,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC;AAChC,SAAC,CAAC;;AAGF,QAAA,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,KAAI;AACzB,YAAA,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC;AACtB,YAAA,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC;AAChC,SAAC,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC;QAC9C,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC;AAC3C,QAAA,IAAI,CAAC,OAAO,CAAC,cAAc,CACzB,IAAIE,6BAAkB,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,EAAE;YACjD,SAAS;AACV,SAAA,CAAC,CACH;QACD,IAAI,OAAO,EAAE;AACX,YAAAX,QAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC;;QAElD,IAAI,SAAS,EAAE;AACb,YAAAM,QAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC;;;;AAKxD,IAAA,IAAW,KAAK,GAAA;QACd,OAAO,IAAI,CAAC,MAAM;;AAGpB,IAAA,IAAW,MAAM,GAAA;QACf,OAAO,IAAI,CAAC,OAAO;;AAGrB,IAAA,IAAW,IAAI,GAAA;QACb,OAAO,IAAI,CAAC,KAAK;;;AAInB,IAAA,IAAW,WAAW,GAAA;AACpB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW;;AAGjC,IAAA,IAAW,YAAY,GAAA;AACrB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY;;AAGlC,IAAA,IAAW,cAAc,GAAA;AACvB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc;;AAGpC,IAAA,IAAW,IAAI,GAAA;AACb,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI;;AAG1B,IAAA,IAAW,YAAY,GAAA;AACrB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY;;AAGlC,IAAA,IAAW,WAAW,GAAA;AACpB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW;;AAGjC,IAAA,IAAW,YAAY,GAAA;AACrB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY;;AAGlC,IAAA,IAAW,aAAa,GAAA;AACtB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,aAAa;;AAGnC,IAAA,IAAW,eAAe,GAAA;AACxB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe;;AAGrC,IAAA,IAAW,0BAA0B,GAAA;AACnC,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,0BAA0B;;AAGzC,IAAA,cAAc,CAAC,MAA2B,EAAA;AAC/C,QAAA,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,MAAM,CAAC;;IAG9B,qBAAqB,CAC1B,EAAU,EACV,OAAyC,EAAA;QAEzC,OAAO,IAAI,CAAC,OAAO,CAAC,qBAAqB,CAAC,EAAE,EAAE,OAAO,CAAC;;AAGjD,IAAA,cAAc,CACnB,OAAmC,EAAA;QAEnC,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,OAAO,CAAC;;IAGtC,aAAa,CAAC,EAAU,EAAE,UAA6B,EAAA;QAC5D,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,EAAE,UAAU,CAAC;;AAGrC,IAAA,eAAe,CACpB,SAAwD,EAAA;AAExD,QAAA,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,SAAS,CAAC;;AAGlC,IAAA,oBAAoB,CAAC,OAAwC,EAAA;AAClE,QAAA,IAAI,CAAC,OAAO,CAAC,oBAAoB,CAAC,OAAO,CAAC;;AAGrC,IAAA,WAAW,CAChB,OAAiD,EAAA;QAEjD,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC;;AAGnC,IAAA,6BAA6B,CAClC,kBAAoE,EAAA;QAEpE,OAAO,IAAI,CAAC,OAAO,CAAC,6BAA6B,CAAC,kBAAkB,CAAC;;AAGhE,IAAA,cAAc,CACnB,OAAiD,EAAA;QAEjD,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,OAAO,CAAC;;IAGtC,MAAM,CACX,UAAkB,EAClB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,EAAE,KAAK,CAAC;;AAGxC,IAAA,cAAc,CACnB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,KAAK,CAAC;;AAGpC,IAAA,YAAY,CACjB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,KAAK,CAAC;;AAGlC,IAAA,iBAAiB,CACtB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC,KAAK,CAAC;;AAGvC,IAAA,eAAe,CACpB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC;;;AAIrC,IAAA,wBAAwB,CAAC,OAAuB,EAAA;QACrD,OAAO,IAAI,CAAC,OAAO,CAAC,wBAAwB,CAAC,OAAO,CAAC;;IAGhD,kBAAkB,CACvB,OAAuB,EACvB,OAAuB,EAAA;QAEvB,OAAO,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,OAAO,EAAE,OAAO,CAAC;;AAG1D,IAAA,IAAW,GAAG,GAAA;QACZ,OAAO;YACL,OAAO,EAAEO,SAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,OAAO;YAC/B,MAAM,EAAEA,SAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM;SAC9B;;AAGH,IAAA,IAAW,KAAK,GAAA;AACd,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK;;AAGpB,IAAA,kBAAkB,CAAC,MAAqB,EAAA;AAC7C,QAAA,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,CAAC;AACvC,QAAA,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC,MAAM,CAAC;;;AAIxC,IAAA,IAAW,IAAI,GAAA;AACb,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI;;AAGzB,IAAA,IAAW,QAAQ,GAAA;AACjB,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ;;AAG7B,IAAA,IAAW,SAAS,GAAA;AAClB,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS;;AAG9B,IAAA,IAAW,QAAQ,GAAA;AACjB,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ;;AAG7B,IAAA,IAAW,mBAAmB,GAAA;AAC5B,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,mBAAmB;;AAGjC,IAAA,mBAAmB,CACxB,SAA8B,EAAA;QAE9B,OAAO,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC,SAAS,CAAC;;AAG5C,IAAA,KAAK,CAAC,OAAuB,EAAE,GAAG,OAAiB,EAAA;QACxD,OAAO,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,GAAG,OAAO,CAAC;;AAGxC,IAAA,oBAAoB,CAAC,OAAuB,EAAA;QACjD,OAAO,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,OAAO,CAAC;;AAG3C,IAAA,UAAU,CAAC,OAAuB,EAAA;QACvC,OAAO,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC;;AAGjC,IAAA,iBAAiB,CAAC,OAAuB,EAAA;QAC9C,OAAO,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,OAAO,CAAC;;;AAIxC,IAAA,mCAAmC,CACxC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,mCAAmC,CAAC,KAAK,CAAC;;AAGxD,IAAA,wCAAwC,CAC7C,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,wCAAwC,CAAC,KAAK,CAAC;;AAG7D,IAAA,2CAA2C,CAChD,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,2CAA2C,CAAC,KAAK,CAAC;;AAGhE,IAAA,wCAAwC,CAC7C,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,wCAAwC,CAAC,KAAK,CAAC;;AAG7D,IAAA,2BAA2B,CAChC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,2BAA2B,CAAC,KAAK,CAAC;;AAGhD,IAAA,6BAA6B,CAClC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,6BAA6B,CAAC,KAAK,CAAC;;AAGlD,IAAA,8BAA8B,CACnC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,8BAA8B,CAAC,KAAK,CAAC;;AAGnD,IAAA,0BAA0B,CAC/B,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,0BAA0B,CAAC,KAAK,CAAC;;AAG/C,IAAA,qBAAqB,CAC1B,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC,KAAK,CAAC;;AAElD;;ACjVD;;AAEG;AACSW;AAAZ,CAAA,UAAY,iBAAiB,EAAA;AAC3B,IAAA,iBAAA,CAAA,eAAA,CAAA,GAAA,eAA+B;AAC/B,IAAA,iBAAA,CAAA,SAAA,CAAA,GAAA,SAAmB;AACnB,IAAA,iBAAA,CAAA,WAAA,CAAA,GAAA,WAAuB;AACzB,CAAC,EAJWA,yBAAiB,KAAjBA,yBAAiB,GAI5B,EAAA,CAAA,CAAA;AAED;;;;AAIG;AACG,MAAO,eAAgB,SAAQjB,oBAAS,CAAA;AAQ5C,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA2B,EAAA;AACnE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;QARD,IAAc,CAAA,cAAA,GAG3B,EAAqD;AAOvD,QAAA,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC,WAAW;AACpC,QAAA,IAAI,CAAC,KAAK,GAAG,KAAK;;QAGlB,IAAI,CAAC,gCAAgC,EAAE;QACvC,IAAI,CAAC,0BAA0B,EAAE;QACjC,IAAI,CAAC,4BAA4B,EAAE;;AAGnC,QAAA,IAAI,CAAC,8BAA8B,CAAC,KAAK,CAAC;;AAG5C;;;AAGG;IACK,gCAAgC,GAAA;AACtC,QAAA,MAAM,mBAAmB,GAAG;AAC1B,YAAA,OAAO,EAAE,YAAY;AACrB,YAAA,SAAS,EAAE;AACT,gBAAA;AACE,oBAAA,MAAM,EAAE,OAAO;AACf,oBAAA,MAAM,EAAE;wBACN,wBAAwB;wBACxB,0BAA0B;wBAC1B,wBAAwB;wBACxB,0BAA0B;wBAC1B,oBAAoB;wBACpB,sBAAsB;AACvB,qBAAA;AACD,oBAAA,QAAQ,EAAE,GAAG;AACd,iBAAA;AACF,aAAA;SACF;;AAGD,QAAA,MAAM,YAAY,GAAG,IAAI,CAAC,mBAAmB,CAC3C,mBAAmB,EACnB,IAAI,CAAC,KAAK,EAAE,sBAAsB,EAAE,cAAc,CACnD;QAED,MAAM,aAAa,GAAG,IAAIkB,cAAG,CAAC,gBAAgB,CAC5C,IAAI,EACJ,4BAA4B,EAC5B;YACE,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,IAAI,EAAED,yBAAiB,CAAC,aAAa;AACrC,YAAA,WAAW,EACT,8DAA8D;YAChE,eAAe,EAAEH,YAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE;YAChD,eAAe,EAAE,CAAC,6CAA6C,CAAC;AAChE,YAAA,YAAY,EAAE,YAAY;AAC3B,SAAA,CACF;QAEDT,QAAI,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,OAAO,EAAEA,SAAG,CAAC,OAAO,CAAC,GAAG,CAAC;QAE5D,IAAI,CAAC,cAAc,CAACkB,yBAAiB,CAAC,aAAa,CAAC,GAAG,aAAa;;AAGtE;;;AAGG;IACK,0BAA0B,GAAA;AAChC,QAAA,MAAM,mBAAmB,GAAG;AAC1B,YAAA,OAAO,EAAE,YAAY;AACrB,YAAA,SAAS,EAAE;AACT,gBAAA;AACE,oBAAA,MAAM,EAAE,OAAO;AACf,oBAAA,MAAM,EAAE;wBACN,wBAAwB;wBACxB,wBAAwB;wBACxB,oBAAoB;wBACpB,yBAAyB;wBACzB,0BAA0B;wBAC1B,cAAc;wBACd,cAAc;wBACd,eAAe;AAChB,qBAAA;AACD,oBAAA,QAAQ,EAAE,GAAG;AACd,iBAAA;AACF,aAAA;SACF;;AAGD,QAAA,MAAM,YAAY,GAAG,IAAI,CAAC,mBAAmB,CAC3C,mBAAmB,EACnB,IAAI,CAAC,KAAK,EAAE,sBAAsB,EAAE,QAAQ,CAC7C;QAED,MAAM,aAAa,GAAG,IAAIC,cAAG,CAAC,gBAAgB,CAC5C,IAAI,EACJ,sBAAsB,EACtB;YACE,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,IAAI,EAAED,yBAAiB,CAAC,OAAO;AAC/B,YAAA,WAAW,EACT,mEAAmE;YACrE,eAAe,EAAEH,YAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE;YAChD,eAAe,EAAE,CAAC,wCAAwC,CAAC;AAC3D,YAAA,YAAY,EAAE,YAAY;AAC3B,SAAA,CACF;QAEDT,QAAI,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,OAAO,EAAEA,SAAG,CAAC,OAAO,CAAC,GAAG,CAAC;QAE5D,IAAI,CAAC,cAAc,CAACkB,yBAAiB,CAAC,OAAO,CAAC,GAAG,aAAa;;AAGhE;;;AAGG;IACK,4BAA4B,GAAA;AAClC,QAAA,MAAM,mBAAmB,GAAG;AAC1B,YAAA,OAAO,EAAE,YAAY;AACrB,YAAA,SAAS,EAAE;AACT,gBAAA;AACE,oBAAA,MAAM,EAAE,OAAO;AACf,oBAAA,MAAM,EAAE;wBACN,cAAc;wBACd,QAAQ;wBACR,UAAU;wBACV,cAAc;wBACd,YAAY;wBACZ,MAAM;wBACN,OAAO;wBACP,OAAO;wBACP,UAAU;wBACV,OAAO;wBACP,OAAO;wBACP,aAAa;AACd,qBAAA;AACD,oBAAA,QAAQ,EAAE,GAAG;AACd,iBAAA;AACD,gBAAA;AACE,oBAAA,MAAM,EAAE,MAAM;AACd,oBAAA,MAAM,EAAE;wBACN,YAAY;wBACZ,YAAY;wBACZ,cAAc;wBACd,iBAAiB;wBACjB,WAAW;AACZ,qBAAA;AACD,oBAAA,QAAQ,EAAE,GAAG;AACd,iBAAA;AACF,aAAA;SACF;;AAGD,QAAA,MAAM,YAAY,GAAG,IAAI,CAAC,mBAAmB,CAC3C,mBAAmB,EACnB,IAAI,CAAC,KAAK,EAAE,sBAAsB,EAAE,UAAU,CAC/C;QAED,MAAM,aAAa,GAAG,IAAIC,cAAG,CAAC,gBAAgB,CAC5C,IAAI,EACJ,wBAAwB,EACxB;YACE,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,IAAI,EAAED,yBAAiB,CAAC,SAAS;AACjC,YAAA,WAAW,EACT,6DAA6D;YAC/D,eAAe,EAAEH,YAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE;AAChD,YAAA,eAAe,EAAE;gBACf,0DAA0D;AAC3D,aAAA;AACD,YAAA,YAAY,EAAE,YAAY;AAC3B,SAAA,CACF;QAEDT,QAAI,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,OAAO,EAAEA,SAAG,CAAC,OAAO,CAAC,GAAG,CAAC;QAE5D,IAAI,CAAC,cAAc,CAACkB,yBAAiB,CAAC,SAAS,CAAC,GAAG,aAAa;;AAGlE;;AAEG;AACI,IAAA,gBAAgB,CAAC,IAAuB,EAAA;AAC7C,QAAA,OAAO,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC;;AAGlC;;;;;;AAMG;IACK,mBAAmB,CACzB,aAAsC,EACtC,oBAAwC,EAAA;QAExC,IAAI,CAAC,oBAAoB,IAAI,oBAAoB,CAAC,MAAM,KAAK,CAAC,EAAE;AAC9D,YAAA,OAAO,aAAa;;;AAItB,QAAA,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;;QAG9D,YAAY,CAAC,SAAS,GAAG;YACvB,GAAG,YAAY,CAAC,SAAS;AACzB,YAAA,GAAG,oBAAoB;SACxB;AAED,QAAA,OAAO,YAAY;;AAGrB;;;AAGG;AACK,IAAA,8BAA8B,CAAC,KAA2B,EAAA;;AAEhE,QAAA,IAAI,CAAC,8BAA8B,CAAC,KAAK,CAAC;;AAG1C,QAAA,IAAI,CAAC,wBAAwB,CAAC,KAAK,CAAC;;AAGpC,QAAA,IAAI,CAAC,0BAA0B,CAAC,KAAK,CAAC;;AAGxC;;AAEG;AACK,IAAA,8BAA8B,CAAC,KAA2B,EAAA;AAChE,QAAA,MAAM,kBAAkB,GAAG,KAAK,CAAC,QAAQ,CAAC,cAAc;QACxD,MAAM,0BAA0B,GAC9B,IAAI,CAAC,cAAc,CAACA,yBAAiB,CAAC,aAAa,CAAC;;AAGtD,QAAA,MAAM,WAAW,GAAG;AAClB,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,WAAW;AAC/B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,UAAU;AAC9B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,UAAU;AAC9B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,UAAU;AAC9B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,OAAO;AAC3B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,QAAQ;AAC5B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,KAAK;SAC1B;;QAGD,WAAW,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,KAAK,KAAI;AACvC,YAAA,MAAM,UAAU,GAAG,IAAIC,cAAG,CAAC,aAAa,CACtC,IAAI,EACJ,CAAA,uBAAA,EAA0B,KAAK,CAAA,CAAE,EACjC;gBACE,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,gBAAgB,EAAE,0BAA0B,CAAC,oBAAoB;AACjE,gBAAA,WAAW,EAAE,kBAAkB;AAC/B,gBAAA,aAAa,EAAE,OAAO;AACtB,gBAAA,QAAQ,EAAE,SAAS;AACnB,gBAAA,UAAU,EAAE,aAAa;AAC1B,aAAA,CACF;YAEDb,QAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,OAAO,EAAEA,SAAG,CAAC,OAAO,CAAC,GAAG,CAAC;AACzD,YAAAM,QAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,gBAAgB,CAAC;AACpD,SAAC,CAAC;;AAGJ;;AAEG;AACK,IAAA,wBAAwB,CAAC,KAA2B,EAAA;AAC1D,QAAA,MAAM,YAAY,GAAG,KAAK,CAAC,QAAQ,CAAC,QAAQ;QAC5C,MAAM,oBAAoB,GAAG,IAAI,CAAC,cAAc,CAACY,yBAAiB,CAAC,OAAO,CAAC;;AAG3E,QAAA,MAAM,eAAe,GAAG;AACtB,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,WAAW;AAC/B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,UAAU;AAC9B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,OAAO;AAC3B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,KAAK;SAC1B;;QAGD,eAAe,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,KAAK,KAAI;AAC3C,YAAA,MAAM,UAAU,GAAG,IAAIC,cAAG,CAAC,aAAa,CACtC,IAAI,EACJ,CAAA,iBAAA,EAAoB,KAAK,CAAA,CAAE,EAC3B;gBACE,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,gBAAgB,EAAE,oBAAoB,CAAC,oBAAoB;AAC3D,gBAAA,WAAW,EAAE,YAAY;AACzB,gBAAA,aAAa,EAAE,OAAO;AACtB,gBAAA,QAAQ,EAAE,SAAS;AACnB,gBAAA,UAAU,EAAE,aAAa;AAC1B,aAAA,CACF;YAEDb,QAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,OAAO,EAAEA,SAAG,CAAC,OAAO,CAAC,GAAG,CAAC;AACzD,YAAAM,QAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,UAAU,CAAC;AAC9C,SAAC,CAAC;;AAGJ;;AAEG;AACK,IAAA,0BAA0B,CAAC,KAA2B,EAAA;AAC5D,QAAA,MAAM,cAAc,GAAG,KAAK,CAAC,QAAQ,CAAC,UAAU;QAChD,MAAM,sBAAsB,GAC1B,IAAI,CAAC,cAAc,CAACY,yBAAiB,CAAC,SAAS,CAAC;;AAGlD,QAAA,MAAM,iBAAiB,GAAG;AACxB,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,WAAW;AAC/B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,OAAO;AAC3B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,KAAK;SAC1B;;QAGD,iBAAiB,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,KAAK,KAAI;AAC7C,YAAA,MAAM,UAAU,GAAG,IAAIC,cAAG,CAAC,aAAa,CACtC,IAAI,EACJ,CAAA,mBAAA,EAAsB,KAAK,CAAA,CAAE,EAC7B;gBACE,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,gBAAgB,EAAE,sBAAsB,CAAC,oBAAoB;AAC7D,gBAAA,WAAW,EAAE,cAAc;AAC3B,gBAAA,aAAa,EAAE,OAAO;AACtB,gBAAA,QAAQ,EAAE,SAAS;AACnB,gBAAA,UAAU,EAAE,aAAa;AAC1B,aAAA,CACF;YAEDb,QAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,OAAO,EAAEA,SAAG,CAAC,OAAO,CAAC,GAAG,CAAC;AACzD,YAAAM,QAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,YAAY,CAAC;AAChD,SAAC,CAAC;;AAEL;;ACvaK,MAAO,2BAA4B,SAAQ,eAAe,CAAA;AAC9D,IAAA,WAAA,CACE,KAAgB,EAChB,EAAE,GAAG,iBAAiB,EACtB,KAA4B,EAAA;AAE5B,QAAA,MAAM,YAAY,GAAyB;AACzC,YAAA,MAAM,EAAE,mBAAmB;AAC3B,YAAA,OAAO,EAAEN,SAAG,CAAC,IAAI,CAAC,GAAG;AACrB,YAAA,SAAS,EAAEA,SAAG,CAAC,MAAM,CAAC,SAAS;AAC/B,YAAA,GAAG,KAAK;SACT;AAED,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,YAAY,CAAC;;AAEjC;;;;;;;;;;"}
package/dist/esm/JaypieSsoGroups.d.ts CHANGED
@@ -20,6 +20,15 @@ export interface JaypieSsoGroupMap {
20
20
  analysts: string;
21
21
  developers: string;
22
22
  }
23
+ /**
24
+ * IAM Policy Statement structure for inline policies
25
+ */
26
+ export interface PolicyStatement {
27
+ Effect: "Allow" | "Deny";
28
+ Action: string[] | string;
29
+ Resource: string[] | string;
30
+ Condition?: Record<string, unknown>;
31
+ }
23
32
  /**
24
33
  * Properties for the JaypieSsoGroups construct
25
34
  */
@@ -36,6 +45,16 @@ export interface JaypieSsoGroupsProps {
36
45
  * Mapping of group types to Google Workspace group GUIDs
37
46
  */
38
47
  groupMap: JaypieSsoGroupMap;
48
+ /**
49
+ * Additional inline policy statements to append to each group's permission set
50
+ * Each group can have its own set of policy statements that will be merged
51
+ * with the default policies.
52
+ */
53
+ inlinePolicyStatements?: {
54
+ administrators?: PolicyStatement[];
55
+ analysts?: PolicyStatement[];
56
+ developers?: PolicyStatement[];
57
+ };
39
58
  }
40
59
  /**
41
60
  * Permission set types with corresponding AWS managed policies
@@ -53,6 +72,7 @@ export declare enum PermissionSetType {
53
72
  export declare class JaypieSsoGroups extends Construct {
54
73
  private readonly permissionSets;
55
74
  private readonly instanceArn;
75
+ private readonly props;
56
76
  constructor(scope: Construct, id: string, props: JaypieSsoGroupsProps);
57
77
  /**
58
78
  * Creates the Administrator permission set with AdministratorAccess policy
@@ -73,6 +93,14 @@ export declare class JaypieSsoGroups extends Construct {
73
93
  * Gets the permission set for the specified type
74
94
  */
75
95
  getPermissionSet(type: PermissionSetType): sso.CfnPermissionSet;
96
+ /**
97
+ * Merges default inline policies with additional user-provided policy statements
98
+ *
99
+ * @param defaultPolicy - The default policy object with Version and Statement properties
100
+ * @param additionalStatements - Optional additional policy statements to merge
101
+ * @returns The merged policy object
102
+ */
103
+ private mergeInlinePolicies;
76
104
  /**
77
105
  * Creates assignments between permission sets, groups, and accounts
78
106
  * based on the provided configuration
package/dist/esm/index.js CHANGED
@@ -469,6 +469,7 @@ class JaypieSsoGroups extends Construct {
469
469
  super(scope, id);
470
470
  this.permissionSets = {};
471
471
  this.instanceArn = props.instanceArn;
472
+ this.props = props;
472
473
  // Create the permission sets
473
474
  this.createAdministratorPermissionSet();
474
475
  this.createAnalystPermissionSet();
@@ -481,29 +482,32 @@ class JaypieSsoGroups extends Construct {
481
482
  * and billing access
482
483
  */
483
484
  createAdministratorPermissionSet() {
485
+ const defaultInlinePolicy = {
486
+ Version: "2012-10-17",
487
+ Statement: [
488
+ {
489
+ Effect: "Allow",
490
+ Action: [
491
+ "aws-portal:ViewBilling",
492
+ "aws-portal:ModifyBilling",
493
+ "aws-portal:ViewAccount",
494
+ "aws-portal:ModifyAccount",
495
+ "budgets:ViewBudget",
496
+ "budgets:ModifyBudget",
497
+ ],
498
+ Resource: "*",
499
+ },
500
+ ],
501
+ };
502
+ // Merge with any additional policy statements provided for administrators
503
+ const mergedPolicy = this.mergeInlinePolicies(defaultInlinePolicy, this.props?.inlinePolicyStatements?.administrators);
484
504
  const permissionSet = new sso.CfnPermissionSet(this, "AdministratorPermissionSet", {
485
505
  instanceArn: this.instanceArn,
486
506
  name: PermissionSetType.ADMINISTRATOR,
487
507
  description: "Full administrative access to all AWS services and resources",
488
508
  sessionDuration: Duration.hours(8).toIsoString(),
489
509
  managedPolicies: ["arn:aws:iam::aws:policy/AdministratorAccess"],
490
- inlinePolicy: {
491
- Version: "2012-10-17",
492
- Statement: [
493
- {
494
- Effect: "Allow",
495
- Action: [
496
- "aws-portal:ViewBilling",
497
- "aws-portal:ModifyBilling",
498
- "aws-portal:ViewAccount",
499
- "aws-portal:ModifyAccount",
500
- "budgets:ViewBudget",
501
- "budgets:ModifyBudget",
502
- ],
503
- Resource: "*",
504
- },
505
- ],
506
- },
510
+ inlinePolicy: mergedPolicy,
507
511
  });
508
512
  Tags.of(permissionSet).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);
509
513
  this.permissionSets[PermissionSetType.ADMINISTRATOR] = permissionSet;
@@ -513,31 +517,34 @@ class JaypieSsoGroups extends Construct {
513
517
  * and limited write access
514
518
  */
515
519
  createAnalystPermissionSet() {
520
+ const defaultInlinePolicy = {
521
+ Version: "2012-10-17",
522
+ Statement: [
523
+ {
524
+ Effect: "Allow",
525
+ Action: [
526
+ "aws-portal:ViewBilling",
527
+ "aws-portal:ViewAccount",
528
+ "budgets:ViewBudget",
529
+ "cloudwatch:PutDashboard",
530
+ "cloudwatch:PutMetricData",
531
+ "s3:PutObject",
532
+ "s3:GetObject",
533
+ "s3:ListBucket",
534
+ ],
535
+ Resource: "*",
536
+ },
537
+ ],
538
+ };
539
+ // Merge with any additional policy statements provided for analysts
540
+ const mergedPolicy = this.mergeInlinePolicies(defaultInlinePolicy, this.props?.inlinePolicyStatements?.analysts);
516
541
  const permissionSet = new sso.CfnPermissionSet(this, "AnalystPermissionSet", {
517
542
  instanceArn: this.instanceArn,
518
543
  name: PermissionSetType.ANALYST,
519
544
  description: "Read-only access with billing visibility and limited write access",
520
545
  sessionDuration: Duration.hours(4).toIsoString(),
521
546
  managedPolicies: ["arn:aws:iam::aws:policy/ReadOnlyAccess"],
522
- inlinePolicy: {
523
- Version: "2012-10-17",
524
- Statement: [
525
- {
526
- Effect: "Allow",
527
- Action: [
528
- "aws-portal:ViewBilling",
529
- "aws-portal:ViewAccount",
530
- "budgets:ViewBudget",
531
- "cloudwatch:PutDashboard",
532
- "cloudwatch:PutMetricData",
533
- "s3:PutObject",
534
- "s3:GetObject",
535
- "s3:ListBucket",
536
- ],
537
- Resource: "*",
538
- },
539
- ],
540
- },
547
+ inlinePolicy: mergedPolicy,
541
548
  });
542
549
  Tags.of(permissionSet).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);
543
550
  this.permissionSets[PermissionSetType.ANALYST] = permissionSet;
@@ -547,6 +554,42 @@ class JaypieSsoGroups extends Construct {
547
554
  * and expanded write access
548
555
  */
549
556
  createDeveloperPermissionSet() {
557
+ const defaultInlinePolicy = {
558
+ Version: "2012-10-17",
559
+ Statement: [
560
+ {
561
+ Effect: "Allow",
562
+ Action: [
563
+ "cloudwatch:*",
564
+ "logs:*",
565
+ "lambda:*",
566
+ "apigateway:*",
567
+ "dynamodb:*",
568
+ "s3:*",
569
+ "sns:*",
570
+ "sqs:*",
571
+ "events:*",
572
+ "ecr:*",
573
+ "ecs:*",
574
+ "codebuild:*",
575
+ ],
576
+ Resource: "*",
577
+ },
578
+ {
579
+ Effect: "Deny",
580
+ Action: [
581
+ "iam:*User*",
582
+ "iam:*Role*",
583
+ "iam:*Policy*",
584
+ "organizations:*",
585
+ "account:*",
586
+ ],
587
+ Resource: "*",
588
+ },
589
+ ],
590
+ };
591
+ // Merge with any additional policy statements provided for developers
592
+ const mergedPolicy = this.mergeInlinePolicies(defaultInlinePolicy, this.props?.inlinePolicyStatements?.developers);
550
593
  const permissionSet = new sso.CfnPermissionSet(this, "DeveloperPermissionSet", {
551
594
  instanceArn: this.instanceArn,
552
595
  name: PermissionSetType.DEVELOPER,
@@ -555,40 +598,7 @@ class JaypieSsoGroups extends Construct {
555
598
  managedPolicies: [
556
599
  "arn:aws:iam::aws:policy/job-function/SystemAdministrator",
557
600
  ],
558
- inlinePolicy: {
559
- Version: "2012-10-17",
560
- Statement: [
561
- {
562
- Effect: "Allow",
563
- Action: [
564
- "cloudwatch:*",
565
- "logs:*",
566
- "lambda:*",
567
- "apigateway:*",
568
- "dynamodb:*",
569
- "s3:*",
570
- "sns:*",
571
- "sqs:*",
572
- "events:*",
573
- "ecr:*",
574
- "ecs:*",
575
- "codebuild:*",
576
- ],
577
- Resource: "*",
578
- },
579
- {
580
- Effect: "Deny",
581
- Action: [
582
- "iam:*User*",
583
- "iam:*Role*",
584
- "iam:*Policy*",
585
- "organizations:*",
586
- "account:*",
587
- ],
588
- Resource: "*",
589
- },
590
- ],
591
- },
601
+ inlinePolicy: mergedPolicy,
592
602
  });
593
603
  Tags.of(permissionSet).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);
594
604
  this.permissionSets[PermissionSetType.DEVELOPER] = permissionSet;
@@ -599,6 +609,26 @@ class JaypieSsoGroups extends Construct {
599
609
  getPermissionSet(type) {
600
610
  return this.permissionSets[type];
601
611
  }
612
+ /**
613
+ * Merges default inline policies with additional user-provided policy statements
614
+ *
615
+ * @param defaultPolicy - The default policy object with Version and Statement properties
616
+ * @param additionalStatements - Optional additional policy statements to merge
617
+ * @returns The merged policy object
618
+ */
619
+ mergeInlinePolicies(defaultPolicy, additionalStatements) {
620
+ if (!additionalStatements || additionalStatements.length === 0) {
621
+ return defaultPolicy;
622
+ }
623
+ // Create a deep copy of the default policy to avoid modifying the original
624
+ const mergedPolicy = JSON.parse(JSON.stringify(defaultPolicy));
625
+ // Add the additional statements to the existing statements
626
+ mergedPolicy.Statement = [
627
+ ...mergedPolicy.Statement,
628
+ ...additionalStatements,
629
+ ];
630
+ return mergedPolicy;
631
+ }
602
632
  /**
603
633
  * Creates assignments between permission sets, groups, and accounts
604
634
  * based on the provided configuration
package/dist/esm/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sources":["../../../src/JaypieEnvSecret.ts","../../../src/JaypieHostedZone.ts","../../../src/JaypieMongoDbSecret.ts","../../../src/JaypieOpenAiSecret.ts","../../../src/JaypieQueuedLambda.ts","../../../src/JaypieSsoGroups.ts","../../../src/JaypieTraceSigningKeySecret.ts"],"sourcesContent":["import { Construct } from \"constructs\";\nimport {\n CfnOutput,\n Fn,\n SecretValue,\n Tags,\n RemovalPolicy,\n Stack,\n} from \"aws-cdk-lib\";\nimport * as secretsmanager from \"aws-cdk-lib/aws-secretsmanager\";\nimport { CDK } from \"@jaypie/cdk\";\nimport {\n ISecret,\n ISecretAttachmentTarget,\n RotationSchedule,\n RotationScheduleOptions,\n} from \"aws-cdk-lib/aws-secretsmanager\";\nimport { IKey } from \"aws-cdk-lib/aws-kms\";\nimport {\n Grant,\n IGrantable,\n PolicyStatement,\n AddToResourcePolicyResult,\n} from \"aws-cdk-lib/aws-iam\";\n\n// It is a consumer if the environment is ephemeral\nfunction checkEnvIsConsumer(env = process.env): boolean {\n return (\n env.PROJECT_ENV === CDK.ENV.PERSONAL ||\n !!env.CDK_ENV_PERSONAL ||\n /** @deprecated */ env.PROJECT_ENV === \"ephemeral\" ||\n /** @deprecated */ !!env.CDK_ENV_EPHEMERAL\n );\n}\n\nfunction checkEnvIsProvider(env = process.env): boolean {\n return env.PROJECT_ENV === CDK.ENV.SANDBOX;\n}\n\nfunction cleanName(name: string): string {\n return name.replace(/[^a-zA-Z0-9:-]/g, \"\");\n}\n\nfunction exportEnvName(name: string, env = process.env): string {\n let rawName;\n if (checkEnvIsProvider(env)) {\n rawName = `env-${env.PROJECT_ENV}-${env.PROJECT_KEY}-${name}`;\n // Clean the entire name to only allow alphanumeric, colons, and hyphens\n return cleanName(rawName);\n } else {\n if (checkEnvIsConsumer(env)) {\n rawName = `env-${CDK.ENV.SANDBOX}-${env.PROJECT_KEY}-${name}`;\n } else {\n rawName = `env-${env.PROJECT_ENV}-${env.PROJECT_KEY}-${name}`;\n }\n }\n return cleanName(rawName);\n}\n\nexport interface JaypieEnvSecretProps {\n consumer?: boolean;\n envKey?: string;\n export?: string;\n provider?: boolean;\n roleTag?: string;\n vendorTag?: string;\n value?: string;\n}\n\nexport class JaypieEnvSecret extends Construct implements ISecret {\n private readonly _envKey?: string;\n private readonly _secret: secretsmanager.ISecret;\n\n constructor(scope: Construct, id: string, props?: JaypieEnvSecretProps) {\n super(scope, id);\n\n const {\n consumer = checkEnvIsConsumer(),\n envKey,\n export: exportParam,\n provider = checkEnvIsProvider(),\n roleTag,\n vendorTag,\n value,\n } = props || {};\n\n this._envKey = envKey;\n\n let exportName;\n\n if (!exportParam) {\n exportName = exportEnvName(id);\n } else {\n exportName = cleanName(exportParam);\n }\n\n if (consumer) {\n const secretName = Fn.importValue(exportName);\n this._secret = secretsmanager.Secret.fromSecretNameV2(\n this,\n id,\n secretName,\n );\n\n // Add CfnOutput for consumer secrets\n new CfnOutput(this, `ConsumedName`, {\n value: this._secret.secretName,\n });\n } else {\n const secretValue =\n envKey && process.env[envKey] ? process.env[envKey] : value;\n\n const secretProps: secretsmanager.SecretProps = {\n secretStringValue: secretValue\n ? SecretValue.unsafePlainText(secretValue)\n : undefined,\n };\n\n this._secret = new secretsmanager.Secret(this, id, secretProps);\n\n if (roleTag) {\n Tags.of(this._secret).add(CDK.TAG.ROLE, roleTag);\n }\n\n if (vendorTag) {\n Tags.of(this._secret).add(CDK.TAG.VENDOR, vendorTag);\n }\n\n if (provider) {\n new CfnOutput(this, `ProvidedName`, {\n value: this._secret.secretName,\n exportName,\n });\n } else {\n new CfnOutput(this, `CreatedName`, {\n value: this._secret.secretName,\n });\n }\n }\n }\n\n // IResource implementation\n public get stack(): Stack {\n return Stack.of(this);\n }\n\n public get env(): { account: string; region: string } {\n return {\n account: Stack.of(this).account,\n region: Stack.of(this).region,\n };\n }\n\n public applyRemovalPolicy(policy: RemovalPolicy): void {\n this._secret.applyRemovalPolicy(policy);\n }\n\n // ISecret implementation\n public get secretArn(): string {\n return this._secret.secretArn;\n }\n\n public get secretName(): string {\n return this._secret.secretName;\n }\n\n public get secretFullArn(): string | undefined {\n return this._secret.secretFullArn;\n }\n\n public get encryptionKey(): IKey | undefined {\n return this._secret.encryptionKey;\n }\n\n public get secretValue(): SecretValue {\n return this._secret.secretValue;\n }\n\n public secretValueFromJson(key: string): SecretValue {\n return this._secret.secretValueFromJson(key);\n }\n\n public grantRead(grantee: IGrantable, versionStages?: string[]): Grant {\n return this._secret.grantRead(grantee, versionStages);\n }\n\n public grantWrite(grantee: IGrantable): Grant {\n return this._secret.grantWrite(grantee);\n }\n\n public addRotationSchedule(\n id: string,\n options: RotationScheduleOptions,\n ): RotationSchedule {\n return this._secret.addRotationSchedule(id, options);\n }\n\n public addToResourcePolicy(\n statement: PolicyStatement,\n ): AddToResourcePolicyResult {\n return this._secret.addToResourcePolicy(statement);\n }\n\n public denyAccountRootDelete(): void {\n this._secret.denyAccountRootDelete();\n }\n\n public attach(target: ISecretAttachmentTarget): ISecret {\n return this._secret.attach(target);\n }\n\n public get envKey(): string | undefined {\n return this._envKey;\n }\n}\n","import { CDK } from \"@jaypie/cdk\";\nimport * as cdk from \"aws-cdk-lib\";\nimport { ServicePrincipal } from \"aws-cdk-lib/aws-iam\";\nimport {\n LogGroup,\n FilterPattern,\n RetentionDays,\n ILogGroup,\n} from \"aws-cdk-lib/aws-logs\";\nimport { HostedZone, IHostedZone } from \"aws-cdk-lib/aws-route53\";\nimport { Construct } from \"constructs\";\nimport { LambdaDestination } from \"aws-cdk-lib/aws-logs-destinations\";\n\nconst SERVICE = {\n ROUTE53: \"route53.amazonaws.com\",\n} as const;\n\ninterface JaypieHostedZoneProps {\n /**\n * The domain name for the hosted zone\n */\n zoneName: string;\n /**\n * The service tag value\n * @default CDK.SERVICE.INFRASTRUCTURE\n */\n service?: string;\n /**\n * Optional project tag value\n */\n project?: string;\n /**\n * Optional log destination\n */\n destination?: LambdaDestination;\n}\n\nexport class JaypieHostedZone extends Construct {\n public readonly hostedZone: IHostedZone;\n public readonly logGroup: ILogGroup;\n\n /**\n * Create a new hosted zone with query logging\n */\n constructor(scope: Construct, id: string, props: JaypieHostedZoneProps) {\n super(scope, id);\n\n const { destination, zoneName, project } = props;\n const service = props.service || CDK.SERVICE.INFRASTRUCTURE;\n\n // Create the log group\n this.logGroup = new LogGroup(this, \"LogGroup\", {\n logGroupName: process.env.PROJECT_NONCE\n ? `/aws/route53/${zoneName}-${process.env.PROJECT_NONCE}`\n : `/aws/route53/${zoneName}`,\n retention: RetentionDays.ONE_WEEK,\n });\n\n // Add tags\n cdk.Tags.of(this.logGroup).add(CDK.TAG.SERVICE, service);\n cdk.Tags.of(this.logGroup).add(CDK.TAG.ROLE, CDK.ROLE.NETWORKING);\n if (project) {\n cdk.Tags.of(this.logGroup).add(CDK.TAG.PROJECT, project);\n }\n\n // Grant Route 53 permissions to write to the log group\n this.logGroup.grantWrite(new ServicePrincipal(SERVICE.ROUTE53));\n\n // Add destination if provided\n if (destination) {\n this.logGroup.addSubscriptionFilter(\"DatadogLambdaDestination\", {\n destination,\n filterPattern: FilterPattern.allEvents(),\n });\n }\n\n // Create the hosted zone\n this.hostedZone = new HostedZone(this, \"HostedZone\", {\n queryLogsLogGroupArn: this.logGroup.logGroupArn,\n zoneName,\n });\n\n // Add tags\n cdk.Tags.of(this.hostedZone).add(CDK.TAG.SERVICE, service);\n cdk.Tags.of(this.hostedZone).add(CDK.TAG.ROLE, CDK.ROLE.NETWORKING);\n if (project) {\n cdk.Tags.of(this.hostedZone).add(CDK.TAG.PROJECT, project);\n }\n }\n}\n","import { Construct } from \"constructs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport { JaypieEnvSecret, JaypieEnvSecretProps } from \"./JaypieEnvSecret\";\n\nexport class JaypieMongoDbSecret extends JaypieEnvSecret {\n constructor(\n scope: Construct,\n id = \"MongoConnectionString\",\n props?: JaypieEnvSecretProps,\n ) {\n const defaultProps: JaypieEnvSecretProps = {\n envKey: \"MONGODB_URI\",\n roleTag: CDK.ROLE.STORAGE,\n vendorTag: CDK.VENDOR.MONGODB,\n ...props,\n };\n\n super(scope, id, defaultProps);\n }\n}\n","import { Construct } from \"constructs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport { JaypieEnvSecret, JaypieEnvSecretProps } from \"./JaypieEnvSecret\";\n\nexport class JaypieOpenAiSecret extends JaypieEnvSecret {\n constructor(\n scope: Construct,\n id = \"OpenAiApiKey\",\n props?: JaypieEnvSecretProps,\n ) {\n const defaultProps: JaypieEnvSecretProps = {\n envKey: \"OPENAI_API_KEY\",\n roleTag: CDK.ROLE.PROCESSING,\n vendorTag: CDK.VENDOR.OPENAI,\n ...props,\n };\n\n super(scope, id, defaultProps);\n }\n}\n","import { Construct } from \"constructs\";\nimport { Duration, Tags, Stack, RemovalPolicy } from \"aws-cdk-lib\";\nimport * as lambda from \"aws-cdk-lib/aws-lambda\";\nimport * as sqs from \"aws-cdk-lib/aws-sqs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport * as lambdaEventSources from \"aws-cdk-lib/aws-lambda-event-sources\";\nimport * as iam from \"aws-cdk-lib/aws-iam\";\nimport * as cloudwatch from \"aws-cdk-lib/aws-cloudwatch\";\nimport * as kms from \"aws-cdk-lib/aws-kms\";\nimport * as secretsmanager from \"aws-cdk-lib/aws-secretsmanager\";\nimport { JaypieEnvSecret } from \"./JaypieEnvSecret.js\";\n\nexport interface JaypieQueuedLambdaProps {\n batchSize?: number;\n code: lambda.Code | string;\n environment?: { [key: string]: string };\n envSecrets?: { [key: string]: secretsmanager.ISecret };\n fifo?: boolean;\n handler: string;\n layers?: lambda.ILayerVersion[];\n logRetention?: number;\n memorySize?: number;\n paramsAndSecrets?: lambda.ParamsAndSecretsLayerVersion;\n reservedConcurrentExecutions?: number;\n roleTag?: string;\n runtime?: lambda.Runtime;\n secrets?: JaypieEnvSecret[];\n timeout?: Duration | number;\n vendorTag?: string;\n visibilityTimeout?: Duration | number;\n}\n\nexport class JaypieQueuedLambda\n extends Construct\n implements lambda.IFunction, sqs.IQueue\n{\n private readonly _queue: sqs.Queue;\n private readonly _lambda: lambda.Function;\n private readonly _code: lambda.Code;\n\n constructor(scope: Construct, id: string, props: JaypieQueuedLambdaProps) {\n super(scope, id);\n\n const {\n batchSize = 1,\n code,\n environment = {},\n envSecrets = {},\n fifo = true,\n handler = \"index.handler\",\n layers = [],\n logRetention = CDK.LAMBDA.LOG_RETENTION,\n memorySize = CDK.LAMBDA.MEMORY_SIZE,\n paramsAndSecrets,\n reservedConcurrentExecutions,\n roleTag,\n runtime = lambda.Runtime.NODEJS_20_X,\n secrets = [],\n timeout = Duration.seconds(CDK.DURATION.LAMBDA_WORKER),\n vendorTag,\n visibilityTimeout = Duration.seconds(CDK.DURATION.LAMBDA_WORKER),\n } = props;\n\n this._code = typeof code === \"string\" ? lambda.Code.fromAsset(code) : code;\n\n // Create SQS Queue\n this._queue = new sqs.Queue(this, \"Queue\", {\n fifo,\n visibilityTimeout:\n typeof visibilityTimeout === \"number\"\n ? Duration.seconds(visibilityTimeout)\n : visibilityTimeout,\n });\n if (roleTag) {\n Tags.of(this._queue).add(CDK.TAG.ROLE, roleTag);\n }\n if (vendorTag) {\n Tags.of(this._queue).add(CDK.TAG.VENDOR, vendorTag);\n }\n\n // Process secrets environment variables\n const secretsEnvironment = Object.entries(envSecrets).reduce(\n (acc, [key, secret]) => ({\n ...acc,\n [`SECRET_${key}`]: secret.secretName,\n }),\n {},\n );\n\n // Process JaypieEnvSecret array\n const jaypieSecretsEnvironment = secrets.reduce((acc, secret) => {\n if (secret.envKey) {\n return {\n ...acc,\n [`SECRET_${secret.envKey}`]: secret.secretName,\n };\n }\n return acc;\n }, {});\n\n // Create Lambda Function\n this._lambda = new lambda.Function(this, \"Function\", {\n code: this._code,\n environment: {\n CDK_ENV_QUEUE_URL: this._queue.queueUrl,\n ...environment,\n ...secretsEnvironment,\n ...jaypieSecretsEnvironment,\n },\n handler,\n layers,\n logRetention,\n memorySize,\n paramsAndSecrets,\n reservedConcurrentExecutions,\n runtime,\n timeout:\n typeof timeout === \"number\" ? Duration.seconds(timeout) : timeout,\n });\n\n // Grant secret read permissions\n Object.values(envSecrets).forEach((secret) => {\n secret.grantRead(this._lambda);\n });\n\n // Grant read permissions for JaypieEnvSecrets\n secrets.forEach((secret) => {\n secret.grantRead(this);\n secret.grantRead(this._lambda);\n });\n\n this._queue.grantConsumeMessages(this._lambda);\n this._queue.grantSendMessages(this._lambda);\n this._lambda.addEventSource(\n new lambdaEventSources.SqsEventSource(this._queue, {\n batchSize,\n }),\n );\n if (roleTag) {\n Tags.of(this._lambda).add(CDK.TAG.ROLE, roleTag);\n }\n if (vendorTag) {\n Tags.of(this._lambda).add(CDK.TAG.VENDOR, vendorTag);\n }\n }\n\n // Public accessors\n public get queue(): sqs.Queue {\n return this._queue;\n }\n\n public get lambda(): lambda.Function {\n return this._lambda;\n }\n\n public get code(): lambda.Code {\n return this._code;\n }\n\n // IFunction implementation\n public get functionArn(): string {\n return this._lambda.functionArn;\n }\n\n public get functionName(): string {\n return this._lambda.functionName;\n }\n\n public get grantPrincipal(): import(\"aws-cdk-lib/aws-iam\").IPrincipal {\n return this._lambda.grantPrincipal;\n }\n\n public get role(): import(\"aws-cdk-lib/aws-iam\").IRole | undefined {\n return this._lambda.role;\n }\n\n public get architecture(): lambda.Architecture {\n return this._lambda.architecture;\n }\n\n public get connections(): import(\"aws-cdk-lib/aws-ec2\").Connections {\n return this._lambda.connections;\n }\n\n public get isBoundToVpc(): boolean {\n return this._lambda.isBoundToVpc;\n }\n\n public get latestVersion(): lambda.IVersion {\n return this._lambda.latestVersion;\n }\n\n public get permissionsNode(): import(\"constructs\").Node {\n return this._lambda.permissionsNode;\n }\n\n public get resourceArnsForGrantInvoke(): string[] {\n return this._lambda.resourceArnsForGrantInvoke;\n }\n\n public addEventSource(source: lambda.IEventSource): void {\n this._lambda.addEventSource(source);\n }\n\n public addEventSourceMapping(\n id: string,\n options: lambda.EventSourceMappingOptions,\n ): lambda.EventSourceMapping {\n return this._lambda.addEventSourceMapping(id, options);\n }\n\n public addFunctionUrl(\n options?: lambda.FunctionUrlOptions,\n ): lambda.FunctionUrl {\n return this._lambda.addFunctionUrl(options);\n }\n\n public addPermission(id: string, permission: lambda.Permission): void {\n this._lambda.addPermission(id, permission);\n }\n\n public addToRolePolicy(\n statement: import(\"aws-cdk-lib/aws-iam\").PolicyStatement,\n ): void {\n this._lambda.addToRolePolicy(statement);\n }\n\n public configureAsyncInvoke(options: lambda.EventInvokeConfigOptions): void {\n this._lambda.configureAsyncInvoke(options);\n }\n\n public grantInvoke(\n grantee: import(\"aws-cdk-lib/aws-iam\").IGrantable,\n ): import(\"aws-cdk-lib/aws-iam\").Grant {\n return this._lambda.grantInvoke(grantee);\n }\n\n public grantInvokeCompositePrincipal(\n compositePrincipal: import(\"aws-cdk-lib/aws-iam\").CompositePrincipal,\n ): import(\"aws-cdk-lib/aws-iam\").Grant[] {\n return this._lambda.grantInvokeCompositePrincipal(compositePrincipal);\n }\n\n public grantInvokeUrl(\n grantee: import(\"aws-cdk-lib/aws-iam\").IGrantable,\n ): import(\"aws-cdk-lib/aws-iam\").Grant {\n return this._lambda.grantInvokeUrl(grantee);\n }\n\n public metric(\n metricName: string,\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metric(metricName, props);\n }\n\n public metricDuration(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricDuration(props);\n }\n\n public metricErrors(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricErrors(props);\n }\n\n public metricInvocations(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricInvocations(props);\n }\n\n public metricThrottles(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricThrottles(props);\n }\n\n // Additional IFunction implementation\n public grantInvokeLatestVersion(grantee: iam.IGrantable): iam.Grant {\n return this._lambda.grantInvokeLatestVersion(grantee);\n }\n\n public grantInvokeVersion(\n grantee: iam.IGrantable,\n version: lambda.Version,\n ): iam.Grant {\n return this._lambda.grantInvokeVersion(grantee, version);\n }\n\n public get env() {\n return {\n account: Stack.of(this).account,\n region: Stack.of(this).region,\n };\n }\n\n public get stack(): Stack {\n return this._lambda.stack;\n }\n\n public applyRemovalPolicy(policy: RemovalPolicy): void {\n this._lambda.applyRemovalPolicy(policy);\n this._queue.applyRemovalPolicy(policy);\n }\n\n // IQueue implementation\n public get fifo(): boolean {\n return this._queue.fifo;\n }\n\n public get queueArn(): string {\n return this._queue.queueArn;\n }\n\n public get queueName(): string {\n return this._queue.queueName;\n }\n\n public get queueUrl(): string {\n return this._queue.queueUrl;\n }\n\n public get encryptionMasterKey(): kms.IKey | undefined {\n return this._queue.encryptionMasterKey;\n }\n\n public addToResourcePolicy(\n statement: iam.PolicyStatement,\n ): iam.AddToResourcePolicyResult {\n return this._queue.addToResourcePolicy(statement);\n }\n\n public grant(grantee: iam.IGrantable, ...actions: string[]): iam.Grant {\n return this._queue.grant(grantee, ...actions);\n }\n\n public grantConsumeMessages(grantee: iam.IGrantable): iam.Grant {\n return this._queue.grantConsumeMessages(grantee);\n }\n\n public grantPurge(grantee: iam.IGrantable): iam.Grant {\n return this._queue.grantPurge(grantee);\n }\n\n public grantSendMessages(grantee: iam.IGrantable): iam.Grant {\n return this._queue.grantSendMessages(grantee);\n }\n\n // Queue metrics\n public metricApproximateAgeOfOldestMessage(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateAgeOfOldestMessage(props);\n }\n\n public metricApproximateNumberOfMessagesDelayed(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateNumberOfMessagesDelayed(props);\n }\n\n public metricApproximateNumberOfMessagesNotVisible(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateNumberOfMessagesNotVisible(props);\n }\n\n public metricApproximateNumberOfMessagesVisible(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateNumberOfMessagesVisible(props);\n }\n\n public metricNumberOfEmptyReceives(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfEmptyReceives(props);\n }\n\n public metricNumberOfMessagesDeleted(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfMessagesDeleted(props);\n }\n\n public metricNumberOfMessagesReceived(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfMessagesReceived(props);\n }\n\n public metricNumberOfMessagesSent(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfMessagesSent(props);\n }\n\n public metricSentMessageSize(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricSentMessageSize(props);\n }\n}\n","import { Construct } from \"constructs\";\nimport { Tags, Duration } from \"aws-cdk-lib\";\nimport * as sso from \"aws-cdk-lib/aws-sso\";\nimport { CDK } from \"@jaypie/cdk\";\n\n/**\n * Account categories for SSO group assignments\n */\nexport interface JaypieSsoAccountMap {\n development: string[];\n management: string[];\n operations: string[];\n production: string[];\n sandbox: string[];\n security: string[];\n stage: string[];\n}\n\n/**\n * Mapping of group types to Google Workspace group GUIDs\n */\nexport interface JaypieSsoGroupMap {\n administrators: string;\n analysts: string;\n developers: string;\n}\n\n/**\n * Properties for the JaypieSsoGroups construct\n */\nexport interface JaypieSsoGroupsProps {\n /**\n * ARN of the IAM Identity Center instance\n */\n instanceArn: string;\n\n /**\n * Mapping of account categories to AWS account IDs\n */\n accountMap: JaypieSsoAccountMap;\n\n /**\n * Mapping of group types to Google Workspace group GUIDs\n */\n groupMap: JaypieSsoGroupMap;\n}\n\n/**\n * Permission set types with corresponding AWS managed policies\n */\nexport enum PermissionSetType {\n ADMINISTRATOR = \"Administrator\",\n ANALYST = \"Analyst\",\n DEVELOPER = \"Developer\",\n}\n\n/**\n * Construct to simplify AWS SSO group management.\n * This construct encapsulates the complexity of creating permission sets\n * and assigning them to groups across multiple AWS accounts.\n */\nexport class JaypieSsoGroups extends Construct {\n private readonly permissionSets: Record<\n PermissionSetType,\n sso.CfnPermissionSet\n > = {} as Record<PermissionSetType, sso.CfnPermissionSet>;\n private readonly instanceArn: string;\n\n constructor(scope: Construct, id: string, props: JaypieSsoGroupsProps) {\n super(scope, id);\n\n this.instanceArn = props.instanceArn;\n\n // Create the permission sets\n this.createAdministratorPermissionSet();\n this.createAnalystPermissionSet();\n this.createDeveloperPermissionSet();\n\n // Create the assignments\n this.createPermissionSetAssignments(props);\n }\n\n /**\n * Creates the Administrator permission set with AdministratorAccess policy\n * and billing access\n */\n private createAdministratorPermissionSet(): void {\n const permissionSet = new sso.CfnPermissionSet(\n this,\n \"AdministratorPermissionSet\",\n {\n instanceArn: this.instanceArn,\n name: PermissionSetType.ADMINISTRATOR,\n description:\n \"Full administrative access to all AWS services and resources\",\n sessionDuration: Duration.hours(8).toIsoString(),\n managedPolicies: [\"arn:aws:iam::aws:policy/AdministratorAccess\"],\n inlinePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Effect: \"Allow\",\n Action: [\n \"aws-portal:ViewBilling\",\n \"aws-portal:ModifyBilling\",\n \"aws-portal:ViewAccount\",\n \"aws-portal:ModifyAccount\",\n \"budgets:ViewBudget\",\n \"budgets:ModifyBudget\",\n ],\n Resource: \"*\",\n },\n ],\n },\n },\n );\n\n Tags.of(permissionSet).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n\n this.permissionSets[PermissionSetType.ADMINISTRATOR] = permissionSet;\n }\n\n /**\n * Creates the Analyst permission set with ReadOnlyAccess policy\n * and limited write access\n */\n private createAnalystPermissionSet(): void {\n const permissionSet = new sso.CfnPermissionSet(\n this,\n \"AnalystPermissionSet\",\n {\n instanceArn: this.instanceArn,\n name: PermissionSetType.ANALYST,\n description:\n \"Read-only access with billing visibility and limited write access\",\n sessionDuration: Duration.hours(4).toIsoString(),\n managedPolicies: [\"arn:aws:iam::aws:policy/ReadOnlyAccess\"],\n inlinePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Effect: \"Allow\",\n Action: [\n \"aws-portal:ViewBilling\",\n \"aws-portal:ViewAccount\",\n \"budgets:ViewBudget\",\n \"cloudwatch:PutDashboard\",\n \"cloudwatch:PutMetricData\",\n \"s3:PutObject\",\n \"s3:GetObject\",\n \"s3:ListBucket\",\n ],\n Resource: \"*\",\n },\n ],\n },\n },\n );\n\n Tags.of(permissionSet).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n\n this.permissionSets[PermissionSetType.ANALYST] = permissionSet;\n }\n\n /**\n * Creates the Developer permission set with SystemAdministrator policy\n * and expanded write access\n */\n private createDeveloperPermissionSet(): void {\n const permissionSet = new sso.CfnPermissionSet(\n this,\n \"DeveloperPermissionSet\",\n {\n instanceArn: this.instanceArn,\n name: PermissionSetType.DEVELOPER,\n description:\n \"System administrator access with expanded write permissions\",\n sessionDuration: Duration.hours(8).toIsoString(),\n managedPolicies: [\n \"arn:aws:iam::aws:policy/job-function/SystemAdministrator\",\n ],\n inlinePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Effect: \"Allow\",\n Action: [\n \"cloudwatch:*\",\n \"logs:*\",\n \"lambda:*\",\n \"apigateway:*\",\n \"dynamodb:*\",\n \"s3:*\",\n \"sns:*\",\n \"sqs:*\",\n \"events:*\",\n \"ecr:*\",\n \"ecs:*\",\n \"codebuild:*\",\n ],\n Resource: \"*\",\n },\n {\n Effect: \"Deny\",\n Action: [\n \"iam:*User*\",\n \"iam:*Role*\",\n \"iam:*Policy*\",\n \"organizations:*\",\n \"account:*\",\n ],\n Resource: \"*\",\n },\n ],\n },\n },\n );\n\n Tags.of(permissionSet).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n\n this.permissionSets[PermissionSetType.DEVELOPER] = permissionSet;\n }\n\n /**\n * Gets the permission set for the specified type\n */\n public getPermissionSet(type: PermissionSetType): sso.CfnPermissionSet {\n return this.permissionSets[type];\n }\n\n /**\n * Creates assignments between permission sets, groups, and accounts\n * based on the provided configuration\n */\n private createPermissionSetAssignments(props: JaypieSsoGroupsProps): void {\n // Administrator assignments\n this.assignAdministratorPermissions(props);\n\n // Analyst assignments\n this.assignAnalystPermissions(props);\n\n // Developer assignments\n this.assignDeveloperPermissions(props);\n }\n\n /**\n * Assigns Administrator permissions to appropriate accounts\n */\n private assignAdministratorPermissions(props: JaypieSsoGroupsProps): void {\n const administratorGroup = props.groupMap.administrators;\n const administratorPermissionSet =\n this.permissionSets[PermissionSetType.ADMINISTRATOR];\n\n // Administrators get access to all accounts\n const allAccounts = [\n ...props.accountMap.development,\n ...props.accountMap.management,\n ...props.accountMap.operations,\n ...props.accountMap.production,\n ...props.accountMap.sandbox,\n ...props.accountMap.security,\n ...props.accountMap.stage,\n ];\n\n // Create assignments for each account\n allAccounts.forEach((accountId, index) => {\n const assignment = new sso.CfnAssignment(\n this,\n `AdministratorAssignment${index}`,\n {\n instanceArn: this.instanceArn,\n permissionSetArn: administratorPermissionSet.attrPermissionSetArn,\n principalId: administratorGroup,\n principalType: \"GROUP\",\n targetId: accountId,\n targetType: \"AWS_ACCOUNT\",\n },\n );\n\n Tags.of(assignment).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n Tags.of(assignment).add(\"Group\", \"administrators\");\n });\n }\n\n /**\n * Assigns Analyst permissions to appropriate accounts\n */\n private assignAnalystPermissions(props: JaypieSsoGroupsProps): void {\n const analystGroup = props.groupMap.analysts;\n const analystPermissionSet = this.permissionSets[PermissionSetType.ANALYST];\n\n // Analysts get access to development, management, sandbox, and stage accounts\n const analystAccounts = [\n ...props.accountMap.development,\n ...props.accountMap.management,\n ...props.accountMap.sandbox,\n ...props.accountMap.stage,\n ];\n\n // Create assignments for each account\n analystAccounts.forEach((accountId, index) => {\n const assignment = new sso.CfnAssignment(\n this,\n `AnalystAssignment${index}`,\n {\n instanceArn: this.instanceArn,\n permissionSetArn: analystPermissionSet.attrPermissionSetArn,\n principalId: analystGroup,\n principalType: \"GROUP\",\n targetId: accountId,\n targetType: \"AWS_ACCOUNT\",\n },\n );\n\n Tags.of(assignment).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n Tags.of(assignment).add(\"Group\", \"analysts\");\n });\n }\n\n /**\n * Assigns Developer permissions to appropriate accounts\n */\n private assignDeveloperPermissions(props: JaypieSsoGroupsProps): void {\n const developerGroup = props.groupMap.developers;\n const developerPermissionSet =\n this.permissionSets[PermissionSetType.DEVELOPER];\n\n // Developers get access to development, sandbox, and stage accounts\n const developerAccounts = [\n ...props.accountMap.development,\n ...props.accountMap.sandbox,\n ...props.accountMap.stage,\n ];\n\n // Create assignments for each account\n developerAccounts.forEach((accountId, index) => {\n const assignment = new sso.CfnAssignment(\n this,\n `DeveloperAssignment${index}`,\n {\n instanceArn: this.instanceArn,\n permissionSetArn: developerPermissionSet.attrPermissionSetArn,\n principalId: developerGroup,\n principalType: \"GROUP\",\n targetId: accountId,\n targetType: \"AWS_ACCOUNT\",\n },\n );\n\n Tags.of(assignment).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n Tags.of(assignment).add(\"Group\", \"developers\");\n });\n }\n}\n","import { Construct } from \"constructs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport { JaypieEnvSecret, JaypieEnvSecretProps } from \"./JaypieEnvSecret\";\n\nexport class JaypieTraceSigningKeySecret extends JaypieEnvSecret {\n constructor(\n scope: Construct,\n id = \"TraceSigningKey\",\n props?: JaypieEnvSecretProps,\n ) {\n const defaultProps: JaypieEnvSecretProps = {\n envKey: \"TRACE_SIGNING_KEY\",\n roleTag: CDK.ROLE.API,\n vendorTag: CDK.VENDOR.KNOWTRACE,\n ...props,\n };\n\n super(scope, id, defaultProps);\n }\n}\n"],"names":[],"mappings":";;;;;;;;;;;;;AAyBA;AACA,SAAS,kBAAkB,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,EAAA;IAC3C,QACE,GAAG,CAAC,WAAW,KAAK,GAAG,CAAC,GAAG,CAAC,QAAQ;QACpC,CAAC,CAAC,GAAG,CAAC,gBAAgB;AACtB,2BAAmB,GAAG,CAAC,WAAW,KAAK,WAAW;AAClD,2BAAmB,CAAC,CAAC,GAAG,CAAC,iBAAiB;AAE9C;AAEA,SAAS,kBAAkB,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,EAAA;IAC3C,OAAO,GAAG,CAAC,WAAW,KAAK,GAAG,CAAC,GAAG,CAAC,OAAO;AAC5C;AAEA,SAAS,SAAS,CAAC,IAAY,EAAA;IAC7B,OAAO,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,EAAE,CAAC;AAC5C;AAEA,SAAS,aAAa,CAAC,IAAY,EAAE,GAAG,GAAG,OAAO,CAAC,GAAG,EAAA;AACpD,IAAA,IAAI,OAAO;AACX,IAAA,IAAI,kBAAkB,CAAC,GAAG,CAAC,EAAE;AAC3B,QAAA,OAAO,GAAG,CAAA,IAAA,EAAO,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,IAAI,CAAA,CAAE;;AAE7D,QAAA,OAAO,SAAS,CAAC,OAAO,CAAC;;SACpB;AACL,QAAA,IAAI,kBAAkB,CAAC,GAAG,CAAC,EAAE;AAC3B,YAAA,OAAO,GAAG,CAAA,IAAA,EAAO,GAAG,CAAC,GAAG,CAAC,OAAO,CAAI,CAAA,EAAA,GAAG,CAAC,WAAW,CAAI,CAAA,EAAA,IAAI,EAAE;;aACxD;AACL,YAAA,OAAO,GAAG,CAAA,IAAA,EAAO,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,IAAI,CAAA,CAAE;;;AAGjE,IAAA,OAAO,SAAS,CAAC,OAAO,CAAC;AAC3B;AAYM,MAAO,eAAgB,SAAQ,SAAS,CAAA;AAI5C,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA4B,EAAA;AACpE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;QAEhB,MAAM,EACJ,QAAQ,GAAG,kBAAkB,EAAE,EAC/B,MAAM,EACN,MAAM,EAAE,WAAW,EACnB,QAAQ,GAAG,kBAAkB,EAAE,EAC/B,OAAO,EACP,SAAS,EACT,KAAK,GACN,GAAG,KAAK,IAAI,EAAE;AAEf,QAAA,IAAI,CAAC,OAAO,GAAG,MAAM;AAErB,QAAA,IAAI,UAAU;QAEd,IAAI,CAAC,WAAW,EAAE;AAChB,YAAA,UAAU,GAAG,aAAa,CAAC,EAAE,CAAC;;aACzB;AACL,YAAA,UAAU,GAAG,SAAS,CAAC,WAAW,CAAC;;QAGrC,IAAI,QAAQ,EAAE;YACZ,MAAM,UAAU,GAAG,EAAE,CAAC,WAAW,CAAC,UAAU,CAAC;AAC7C,YAAA,IAAI,CAAC,OAAO,GAAG,cAAc,CAAC,MAAM,CAAC,gBAAgB,CACnD,IAAI,EACJ,EAAE,EACF,UAAU,CACX;;AAGD,YAAA,IAAI,SAAS,CAAC,IAAI,EAAE,cAAc,EAAE;AAClC,gBAAA,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU;AAC/B,aAAA,CAAC;;aACG;YACL,MAAM,WAAW,GACf,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,KAAK;AAE7D,YAAA,MAAM,WAAW,GAA+B;AAC9C,gBAAA,iBAAiB,EAAE;AACjB,sBAAE,WAAW,CAAC,eAAe,CAAC,WAAW;AACzC,sBAAE,SAAS;aACd;AAED,YAAA,IAAI,CAAC,OAAO,GAAG,IAAI,cAAc,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,EAAE,WAAW,CAAC;YAE/D,IAAI,OAAO,EAAE;AACX,gBAAA,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC;;YAGlD,IAAI,SAAS,EAAE;AACb,gBAAA,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC;;YAGtD,IAAI,QAAQ,EAAE;AACZ,gBAAA,IAAI,SAAS,CAAC,IAAI,EAAE,cAAc,EAAE;AAClC,oBAAA,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU;oBAC9B,UAAU;AACX,iBAAA,CAAC;;iBACG;AACL,gBAAA,IAAI,SAAS,CAAC,IAAI,EAAE,aAAa,EAAE;AACjC,oBAAA,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU;AAC/B,iBAAA,CAAC;;;;;AAMR,IAAA,IAAW,KAAK,GAAA;AACd,QAAA,OAAO,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC;;AAGvB,IAAA,IAAW,GAAG,GAAA;QACZ,OAAO;YACL,OAAO,EAAE,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,OAAO;YAC/B,MAAM,EAAE,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM;SAC9B;;AAGI,IAAA,kBAAkB,CAAC,MAAqB,EAAA;AAC7C,QAAA,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,CAAC;;;AAIzC,IAAA,IAAW,SAAS,GAAA;AAClB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS;;AAG/B,IAAA,IAAW,UAAU,GAAA;AACnB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU;;AAGhC,IAAA,IAAW,aAAa,GAAA;AACtB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,aAAa;;AAGnC,IAAA,IAAW,aAAa,GAAA;AACtB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,aAAa;;AAGnC,IAAA,IAAW,WAAW,GAAA;AACpB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW;;AAG1B,IAAA,mBAAmB,CAAC,GAAW,EAAA;QACpC,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,GAAG,CAAC;;IAGvC,SAAS,CAAC,OAAmB,EAAE,aAAwB,EAAA;QAC5D,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,OAAO,EAAE,aAAa,CAAC;;AAGhD,IAAA,UAAU,CAAC,OAAmB,EAAA;QACnC,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC;;IAGlC,mBAAmB,CACxB,EAAU,EACV,OAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,EAAE,EAAE,OAAO,CAAC;;AAG/C,IAAA,mBAAmB,CACxB,SAA0B,EAAA;QAE1B,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,SAAS,CAAC;;IAG7C,qBAAqB,GAAA;AAC1B,QAAA,IAAI,CAAC,OAAO,CAAC,qBAAqB,EAAE;;AAG/B,IAAA,MAAM,CAAC,MAA+B,EAAA;QAC3C,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC;;AAGpC,IAAA,IAAW,MAAM,GAAA;QACf,OAAO,IAAI,CAAC,OAAO;;AAEtB;;ACzMD,MAAM,OAAO,GAAG;AACd,IAAA,OAAO,EAAE,uBAAuB;CACxB;AAsBJ,MAAO,gBAAiB,SAAQ,SAAS,CAAA;AAI7C;;AAEG;AACH,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA4B,EAAA;AACpE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;QAEhB,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,OAAO,EAAE,GAAG,KAAK;QAChD,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,IAAI,GAAG,CAAC,OAAO,CAAC,cAAc;;QAG3D,IAAI,CAAC,QAAQ,GAAG,IAAI,QAAQ,CAAC,IAAI,EAAE,UAAU,EAAE;AAC7C,YAAA,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC;kBACtB,gBAAgB,QAAQ,CAAA,CAAA,EAAI,OAAO,CAAC,GAAG,CAAC,aAAa,CAAE;kBACvD,CAAgB,aAAA,EAAA,QAAQ,CAAE,CAAA;YAC9B,SAAS,EAAE,aAAa,CAAC,QAAQ;AAClC,SAAA,CAAC;;QAGF,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;QACxD,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC;QACjE,IAAI,OAAO,EAAE;YACX,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;;;AAI1D,QAAA,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,gBAAgB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;;QAG/D,IAAI,WAAW,EAAE;AACf,YAAA,IAAI,CAAC,QAAQ,CAAC,qBAAqB,CAAC,0BAA0B,EAAE;gBAC9D,WAAW;AACX,gBAAA,aAAa,EAAE,aAAa,CAAC,SAAS,EAAE;AACzC,aAAA,CAAC;;;QAIJ,IAAI,CAAC,UAAU,GAAG,IAAI,UAAU,CAAC,IAAI,EAAE,YAAY,EAAE;AACnD,YAAA,oBAAoB,EAAE,IAAI,CAAC,QAAQ,CAAC,WAAW;YAC/C,QAAQ;AACT,SAAA,CAAC;;QAGF,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;QAC1D,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC;QACnE,IAAI,OAAO,EAAE;YACX,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;;;AAG/D;;ACrFK,MAAO,mBAAoB,SAAQ,eAAe,CAAA;AACtD,IAAA,WAAA,CACE,KAAgB,EAChB,EAAE,GAAG,uBAAuB,EAC5B,KAA4B,EAAA;AAE5B,QAAA,MAAM,YAAY,GAAyB;AACzC,YAAA,MAAM,EAAE,aAAa;AACrB,YAAA,OAAO,EAAE,GAAG,CAAC,IAAI,CAAC,OAAO;AACzB,YAAA,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,OAAO;AAC7B,YAAA,GAAG,KAAK;SACT;AAED,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,YAAY,CAAC;;AAEjC;;ACfK,MAAO,kBAAmB,SAAQ,eAAe,CAAA;AACrD,IAAA,WAAA,CACE,KAAgB,EAChB,EAAE,GAAG,cAAc,EACnB,KAA4B,EAAA;AAE5B,QAAA,MAAM,YAAY,GAAyB;AACzC,YAAA,MAAM,EAAE,gBAAgB;AACxB,YAAA,OAAO,EAAE,GAAG,CAAC,IAAI,CAAC,UAAU;AAC5B,YAAA,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,MAAM;AAC5B,YAAA,GAAG,KAAK;SACT;AAED,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,YAAY,CAAC;;AAEjC;;ACaK,MAAO,kBACX,SAAQ,SAAS,CAAA;AAOjB,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA8B,EAAA;AACtE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;AAEhB,QAAA,MAAM,EACJ,SAAS,GAAG,CAAC,EACb,IAAI,EACJ,WAAW,GAAG,EAAE,EAChB,UAAU,GAAG,EAAE,EACf,IAAI,GAAG,IAAI,EACX,OAAO,GAAG,eAAe,EACzB,MAAM,GAAG,EAAE,EACX,YAAY,GAAG,GAAG,CAAC,MAAM,CAAC,aAAa,EACvC,UAAU,GAAG,GAAG,CAAC,MAAM,CAAC,WAAW,EACnC,gBAAgB,EAChB,4BAA4B,EAC5B,OAAO,EACP,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,WAAW,EACpC,OAAO,GAAG,EAAE,EACZ,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,EACtD,SAAS,EACT,iBAAiB,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,GACjE,GAAG,KAAK;QAET,IAAI,CAAC,KAAK,GAAG,OAAO,IAAI,KAAK,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,IAAI;;QAG1E,IAAI,CAAC,MAAM,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,OAAO,EAAE;YACzC,IAAI;AACJ,YAAA,iBAAiB,EACf,OAAO,iBAAiB,KAAK;AAC3B,kBAAE,QAAQ,CAAC,OAAO,CAAC,iBAAiB;AACpC,kBAAE,iBAAiB;AACxB,SAAA,CAAC;QACF,IAAI,OAAO,EAAE;AACX,YAAA,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC;;QAEjD,IAAI,SAAS,EAAE;AACb,YAAA,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC;;;QAIrD,MAAM,kBAAkB,GAAG,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,MAAM,CAC1D,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM;AACvB,YAAA,GAAG,GAAG;AACN,YAAA,CAAC,UAAU,GAAG,CAAA,CAAE,GAAG,MAAM,CAAC,UAAU;SACrC,CAAC,EACF,EAAE,CACH;;QAGD,MAAM,wBAAwB,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,MAAM,KAAI;AAC9D,YAAA,IAAI,MAAM,CAAC,MAAM,EAAE;gBACjB,OAAO;AACL,oBAAA,GAAG,GAAG;oBACN,CAAC,CAAA,OAAA,EAAU,MAAM,CAAC,MAAM,EAAE,GAAG,MAAM,CAAC,UAAU;iBAC/C;;AAEH,YAAA,OAAO,GAAG;SACX,EAAE,EAAE,CAAC;;QAGN,IAAI,CAAC,OAAO,GAAG,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,UAAU,EAAE;YACnD,IAAI,EAAE,IAAI,CAAC,KAAK;AAChB,YAAA,WAAW,EAAE;AACX,gBAAA,iBAAiB,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;AACvC,gBAAA,GAAG,WAAW;AACd,gBAAA,GAAG,kBAAkB;AACrB,gBAAA,GAAG,wBAAwB;AAC5B,aAAA;YACD,OAAO;YACP,MAAM;YACN,YAAY;YACZ,UAAU;YACV,gBAAgB;YAChB,4BAA4B;YAC5B,OAAO;AACP,YAAA,OAAO,EACL,OAAO,OAAO,KAAK,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO;AACpE,SAAA,CAAC;;QAGF,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,KAAI;AAC3C,YAAA,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC;AAChC,SAAC,CAAC;;AAGF,QAAA,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,KAAI;AACzB,YAAA,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC;AACtB,YAAA,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC;AAChC,SAAC,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC;QAC9C,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC;AAC3C,QAAA,IAAI,CAAC,OAAO,CAAC,cAAc,CACzB,IAAI,kBAAkB,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,EAAE;YACjD,SAAS;AACV,SAAA,CAAC,CACH;QACD,IAAI,OAAO,EAAE;AACX,YAAA,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC;;QAElD,IAAI,SAAS,EAAE;AACb,YAAA,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC;;;;AAKxD,IAAA,IAAW,KAAK,GAAA;QACd,OAAO,IAAI,CAAC,MAAM;;AAGpB,IAAA,IAAW,MAAM,GAAA;QACf,OAAO,IAAI,CAAC,OAAO;;AAGrB,IAAA,IAAW,IAAI,GAAA;QACb,OAAO,IAAI,CAAC,KAAK;;;AAInB,IAAA,IAAW,WAAW,GAAA;AACpB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW;;AAGjC,IAAA,IAAW,YAAY,GAAA;AACrB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY;;AAGlC,IAAA,IAAW,cAAc,GAAA;AACvB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc;;AAGpC,IAAA,IAAW,IAAI,GAAA;AACb,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI;;AAG1B,IAAA,IAAW,YAAY,GAAA;AACrB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY;;AAGlC,IAAA,IAAW,WAAW,GAAA;AACpB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW;;AAGjC,IAAA,IAAW,YAAY,GAAA;AACrB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY;;AAGlC,IAAA,IAAW,aAAa,GAAA;AACtB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,aAAa;;AAGnC,IAAA,IAAW,eAAe,GAAA;AACxB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe;;AAGrC,IAAA,IAAW,0BAA0B,GAAA;AACnC,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,0BAA0B;;AAGzC,IAAA,cAAc,CAAC,MAA2B,EAAA;AAC/C,QAAA,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,MAAM,CAAC;;IAG9B,qBAAqB,CAC1B,EAAU,EACV,OAAyC,EAAA;QAEzC,OAAO,IAAI,CAAC,OAAO,CAAC,qBAAqB,CAAC,EAAE,EAAE,OAAO,CAAC;;AAGjD,IAAA,cAAc,CACnB,OAAmC,EAAA;QAEnC,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,OAAO,CAAC;;IAGtC,aAAa,CAAC,EAAU,EAAE,UAA6B,EAAA;QAC5D,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,EAAE,UAAU,CAAC;;AAGrC,IAAA,eAAe,CACpB,SAAwD,EAAA;AAExD,QAAA,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,SAAS,CAAC;;AAGlC,IAAA,oBAAoB,CAAC,OAAwC,EAAA;AAClE,QAAA,IAAI,CAAC,OAAO,CAAC,oBAAoB,CAAC,OAAO,CAAC;;AAGrC,IAAA,WAAW,CAChB,OAAiD,EAAA;QAEjD,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC;;AAGnC,IAAA,6BAA6B,CAClC,kBAAoE,EAAA;QAEpE,OAAO,IAAI,CAAC,OAAO,CAAC,6BAA6B,CAAC,kBAAkB,CAAC;;AAGhE,IAAA,cAAc,CACnB,OAAiD,EAAA;QAEjD,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,OAAO,CAAC;;IAGtC,MAAM,CACX,UAAkB,EAClB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,EAAE,KAAK,CAAC;;AAGxC,IAAA,cAAc,CACnB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,KAAK,CAAC;;AAGpC,IAAA,YAAY,CACjB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,KAAK,CAAC;;AAGlC,IAAA,iBAAiB,CACtB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC,KAAK,CAAC;;AAGvC,IAAA,eAAe,CACpB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC;;;AAIrC,IAAA,wBAAwB,CAAC,OAAuB,EAAA;QACrD,OAAO,IAAI,CAAC,OAAO,CAAC,wBAAwB,CAAC,OAAO,CAAC;;IAGhD,kBAAkB,CACvB,OAAuB,EACvB,OAAuB,EAAA;QAEvB,OAAO,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,OAAO,EAAE,OAAO,CAAC;;AAG1D,IAAA,IAAW,GAAG,GAAA;QACZ,OAAO;YACL,OAAO,EAAE,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,OAAO;YAC/B,MAAM,EAAE,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM;SAC9B;;AAGH,IAAA,IAAW,KAAK,GAAA;AACd,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK;;AAGpB,IAAA,kBAAkB,CAAC,MAAqB,EAAA;AAC7C,QAAA,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,CAAC;AACvC,QAAA,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC,MAAM,CAAC;;;AAIxC,IAAA,IAAW,IAAI,GAAA;AACb,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI;;AAGzB,IAAA,IAAW,QAAQ,GAAA;AACjB,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ;;AAG7B,IAAA,IAAW,SAAS,GAAA;AAClB,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS;;AAG9B,IAAA,IAAW,QAAQ,GAAA;AACjB,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ;;AAG7B,IAAA,IAAW,mBAAmB,GAAA;AAC5B,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,mBAAmB;;AAGjC,IAAA,mBAAmB,CACxB,SAA8B,EAAA;QAE9B,OAAO,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC,SAAS,CAAC;;AAG5C,IAAA,KAAK,CAAC,OAAuB,EAAE,GAAG,OAAiB,EAAA;QACxD,OAAO,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,GAAG,OAAO,CAAC;;AAGxC,IAAA,oBAAoB,CAAC,OAAuB,EAAA;QACjD,OAAO,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,OAAO,CAAC;;AAG3C,IAAA,UAAU,CAAC,OAAuB,EAAA;QACvC,OAAO,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC;;AAGjC,IAAA,iBAAiB,CAAC,OAAuB,EAAA;QAC9C,OAAO,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,OAAO,CAAC;;;AAIxC,IAAA,mCAAmC,CACxC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,mCAAmC,CAAC,KAAK,CAAC;;AAGxD,IAAA,wCAAwC,CAC7C,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,wCAAwC,CAAC,KAAK,CAAC;;AAG7D,IAAA,2CAA2C,CAChD,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,2CAA2C,CAAC,KAAK,CAAC;;AAGhE,IAAA,wCAAwC,CAC7C,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,wCAAwC,CAAC,KAAK,CAAC;;AAG7D,IAAA,2BAA2B,CAChC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,2BAA2B,CAAC,KAAK,CAAC;;AAGhD,IAAA,6BAA6B,CAClC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,6BAA6B,CAAC,KAAK,CAAC;;AAGlD,IAAA,8BAA8B,CACnC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,8BAA8B,CAAC,KAAK,CAAC;;AAGnD,IAAA,0BAA0B,CAC/B,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,0BAA0B,CAAC,KAAK,CAAC;;AAG/C,IAAA,qBAAqB,CAC1B,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC,KAAK,CAAC;;AAElD;;ACtWD;;AAEG;IACS;AAAZ,CAAA,UAAY,iBAAiB,EAAA;AAC3B,IAAA,iBAAA,CAAA,eAAA,CAAA,GAAA,eAA+B;AAC/B,IAAA,iBAAA,CAAA,SAAA,CAAA,GAAA,SAAmB;AACnB,IAAA,iBAAA,CAAA,WAAA,CAAA,GAAA,WAAuB;AACzB,CAAC,EAJW,iBAAiB,KAAjB,iBAAiB,GAI5B,EAAA,CAAA,CAAA;AAED;;;;AAIG;AACG,MAAO,eAAgB,SAAQ,SAAS,CAAA;AAO5C,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA2B,EAAA;AACnE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;QAPD,IAAc,CAAA,cAAA,GAG3B,EAAqD;AAMvD,QAAA,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC,WAAW;;QAGpC,IAAI,CAAC,gCAAgC,EAAE;QACvC,IAAI,CAAC,0BAA0B,EAAE;QACjC,IAAI,CAAC,4BAA4B,EAAE;;AAGnC,QAAA,IAAI,CAAC,8BAA8B,CAAC,KAAK,CAAC;;AAG5C;;;AAGG;IACK,gCAAgC,GAAA;QACtC,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,gBAAgB,CAC5C,IAAI,EACJ,4BAA4B,EAC5B;YACE,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,IAAI,EAAE,iBAAiB,CAAC,aAAa;AACrC,YAAA,WAAW,EACT,8DAA8D;YAChE,eAAe,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE;YAChD,eAAe,EAAE,CAAC,6CAA6C,CAAC;AAChE,YAAA,YAAY,EAAE;AACZ,gBAAA,OAAO,EAAE,YAAY;AACrB,gBAAA,SAAS,EAAE;AACT,oBAAA;AACE,wBAAA,MAAM,EAAE,OAAO;AACf,wBAAA,MAAM,EAAE;4BACN,wBAAwB;4BACxB,0BAA0B;4BAC1B,wBAAwB;4BACxB,0BAA0B;4BAC1B,oBAAoB;4BACpB,sBAAsB;AACvB,yBAAA;AACD,wBAAA,QAAQ,EAAE,GAAG;AACd,qBAAA;AACF,iBAAA;AACF,aAAA;AACF,SAAA,CACF;QAED,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;QAE5D,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,aAAa,CAAC,GAAG,aAAa;;AAGtE;;;AAGG;IACK,0BAA0B,GAAA;QAChC,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,gBAAgB,CAC5C,IAAI,EACJ,sBAAsB,EACtB;YACE,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,IAAI,EAAE,iBAAiB,CAAC,OAAO;AAC/B,YAAA,WAAW,EACT,mEAAmE;YACrE,eAAe,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE;YAChD,eAAe,EAAE,CAAC,wCAAwC,CAAC;AAC3D,YAAA,YAAY,EAAE;AACZ,gBAAA,OAAO,EAAE,YAAY;AACrB,gBAAA,SAAS,EAAE;AACT,oBAAA;AACE,wBAAA,MAAM,EAAE,OAAO;AACf,wBAAA,MAAM,EAAE;4BACN,wBAAwB;4BACxB,wBAAwB;4BACxB,oBAAoB;4BACpB,yBAAyB;4BACzB,0BAA0B;4BAC1B,cAAc;4BACd,cAAc;4BACd,eAAe;AAChB,yBAAA;AACD,wBAAA,QAAQ,EAAE,GAAG;AACd,qBAAA;AACF,iBAAA;AACF,aAAA;AACF,SAAA,CACF;QAED,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;QAE5D,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,OAAO,CAAC,GAAG,aAAa;;AAGhE;;;AAGG;IACK,4BAA4B,GAAA;QAClC,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,gBAAgB,CAC5C,IAAI,EACJ,wBAAwB,EACxB;YACE,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,IAAI,EAAE,iBAAiB,CAAC,SAAS;AACjC,YAAA,WAAW,EACT,6DAA6D;YAC/D,eAAe,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE;AAChD,YAAA,eAAe,EAAE;gBACf,0DAA0D;AAC3D,aAAA;AACD,YAAA,YAAY,EAAE;AACZ,gBAAA,OAAO,EAAE,YAAY;AACrB,gBAAA,SAAS,EAAE;AACT,oBAAA;AACE,wBAAA,MAAM,EAAE,OAAO;AACf,wBAAA,MAAM,EAAE;4BACN,cAAc;4BACd,QAAQ;4BACR,UAAU;4BACV,cAAc;4BACd,YAAY;4BACZ,MAAM;4BACN,OAAO;4BACP,OAAO;4BACP,UAAU;4BACV,OAAO;4BACP,OAAO;4BACP,aAAa;AACd,yBAAA;AACD,wBAAA,QAAQ,EAAE,GAAG;AACd,qBAAA;AACD,oBAAA;AACE,wBAAA,MAAM,EAAE,MAAM;AACd,wBAAA,MAAM,EAAE;4BACN,YAAY;4BACZ,YAAY;4BACZ,cAAc;4BACd,iBAAiB;4BACjB,WAAW;AACZ,yBAAA;AACD,wBAAA,QAAQ,EAAE,GAAG;AACd,qBAAA;AACF,iBAAA;AACF,aAAA;AACF,SAAA,CACF;QAED,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;QAE5D,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,SAAS,CAAC,GAAG,aAAa;;AAGlE;;AAEG;AACI,IAAA,gBAAgB,CAAC,IAAuB,EAAA;AAC7C,QAAA,OAAO,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC;;AAGlC;;;AAGG;AACK,IAAA,8BAA8B,CAAC,KAA2B,EAAA;;AAEhE,QAAA,IAAI,CAAC,8BAA8B,CAAC,KAAK,CAAC;;AAG1C,QAAA,IAAI,CAAC,wBAAwB,CAAC,KAAK,CAAC;;AAGpC,QAAA,IAAI,CAAC,0BAA0B,CAAC,KAAK,CAAC;;AAGxC;;AAEG;AACK,IAAA,8BAA8B,CAAC,KAA2B,EAAA;AAChE,QAAA,MAAM,kBAAkB,GAAG,KAAK,CAAC,QAAQ,CAAC,cAAc;QACxD,MAAM,0BAA0B,GAC9B,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,aAAa,CAAC;;AAGtD,QAAA,MAAM,WAAW,GAAG;AAClB,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,WAAW;AAC/B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,UAAU;AAC9B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,UAAU;AAC9B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,UAAU;AAC9B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,OAAO;AAC3B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,QAAQ;AAC5B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,KAAK;SAC1B;;QAGD,WAAW,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,KAAK,KAAI;AACvC,YAAA,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,aAAa,CACtC,IAAI,EACJ,CAAA,uBAAA,EAA0B,KAAK,CAAA,CAAE,EACjC;gBACE,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,gBAAgB,EAAE,0BAA0B,CAAC,oBAAoB;AACjE,gBAAA,WAAW,EAAE,kBAAkB;AAC/B,gBAAA,aAAa,EAAE,OAAO;AACtB,gBAAA,QAAQ,EAAE,SAAS;AACnB,gBAAA,UAAU,EAAE,aAAa;AAC1B,aAAA,CACF;YAED,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;AACzD,YAAA,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,gBAAgB,CAAC;AACpD,SAAC,CAAC;;AAGJ;;AAEG;AACK,IAAA,wBAAwB,CAAC,KAA2B,EAAA;AAC1D,QAAA,MAAM,YAAY,GAAG,KAAK,CAAC,QAAQ,CAAC,QAAQ;QAC5C,MAAM,oBAAoB,GAAG,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,OAAO,CAAC;;AAG3E,QAAA,MAAM,eAAe,GAAG;AACtB,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,WAAW;AAC/B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,UAAU;AAC9B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,OAAO;AAC3B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,KAAK;SAC1B;;QAGD,eAAe,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,KAAK,KAAI;AAC3C,YAAA,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,aAAa,CACtC,IAAI,EACJ,CAAA,iBAAA,EAAoB,KAAK,CAAA,CAAE,EAC3B;gBACE,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,gBAAgB,EAAE,oBAAoB,CAAC,oBAAoB;AAC3D,gBAAA,WAAW,EAAE,YAAY;AACzB,gBAAA,aAAa,EAAE,OAAO;AACtB,gBAAA,QAAQ,EAAE,SAAS;AACnB,gBAAA,UAAU,EAAE,aAAa;AAC1B,aAAA,CACF;YAED,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;AACzD,YAAA,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,UAAU,CAAC;AAC9C,SAAC,CAAC;;AAGJ;;AAEG;AACK,IAAA,0BAA0B,CAAC,KAA2B,EAAA;AAC5D,QAAA,MAAM,cAAc,GAAG,KAAK,CAAC,QAAQ,CAAC,UAAU;QAChD,MAAM,sBAAsB,GAC1B,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,SAAS,CAAC;;AAGlD,QAAA,MAAM,iBAAiB,GAAG;AACxB,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,WAAW;AAC/B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,OAAO;AAC3B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,KAAK;SAC1B;;QAGD,iBAAiB,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,KAAK,KAAI;AAC7C,YAAA,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,aAAa,CACtC,IAAI,EACJ,CAAA,mBAAA,EAAsB,KAAK,CAAA,CAAE,EAC7B;gBACE,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,gBAAgB,EAAE,sBAAsB,CAAC,oBAAoB;AAC7D,gBAAA,WAAW,EAAE,cAAc;AAC3B,gBAAA,aAAa,EAAE,OAAO;AACtB,gBAAA,QAAQ,EAAE,SAAS;AACnB,gBAAA,UAAU,EAAE,aAAa;AAC1B,aAAA,CACF;YAED,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;AACzD,YAAA,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,YAAY,CAAC;AAChD,SAAC,CAAC;;AAEL;;AC7VK,MAAO,2BAA4B,SAAQ,eAAe,CAAA;AAC9D,IAAA,WAAA,CACE,KAAgB,EAChB,EAAE,GAAG,iBAAiB,EACtB,KAA4B,EAAA;AAE5B,QAAA,MAAM,YAAY,GAAyB;AACzC,YAAA,MAAM,EAAE,mBAAmB;AAC3B,YAAA,OAAO,EAAE,GAAG,CAAC,IAAI,CAAC,GAAG;AACrB,YAAA,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS;AAC/B,YAAA,GAAG,KAAK;SACT;AAED,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,YAAY,CAAC;;AAEjC;;;;"}
1
+ {"version":3,"file":"index.js","sources":["../../../src/JaypieEnvSecret.ts","../../../src/JaypieHostedZone.ts","../../../src/JaypieMongoDbSecret.ts","../../../src/JaypieOpenAiSecret.ts","../../../src/JaypieQueuedLambda.ts","../../../src/JaypieSsoGroups.ts","../../../src/JaypieTraceSigningKeySecret.ts"],"sourcesContent":["import { Construct } from \"constructs\";\nimport {\n CfnOutput,\n Fn,\n SecretValue,\n Tags,\n RemovalPolicy,\n Stack,\n} from \"aws-cdk-lib\";\nimport * as secretsmanager from \"aws-cdk-lib/aws-secretsmanager\";\nimport { CDK } from \"@jaypie/cdk\";\nimport {\n ISecret,\n ISecretAttachmentTarget,\n RotationSchedule,\n RotationScheduleOptions,\n} from \"aws-cdk-lib/aws-secretsmanager\";\nimport { IKey } from \"aws-cdk-lib/aws-kms\";\nimport {\n Grant,\n IGrantable,\n PolicyStatement,\n AddToResourcePolicyResult,\n} from \"aws-cdk-lib/aws-iam\";\n\n// It is a consumer if the environment is ephemeral\nfunction checkEnvIsConsumer(env = process.env): boolean {\n return (\n env.PROJECT_ENV === CDK.ENV.PERSONAL ||\n !!env.CDK_ENV_PERSONAL ||\n /** @deprecated */ env.PROJECT_ENV === \"ephemeral\" ||\n /** @deprecated */ !!env.CDK_ENV_EPHEMERAL\n );\n}\n\nfunction checkEnvIsProvider(env = process.env): boolean {\n return env.PROJECT_ENV === CDK.ENV.SANDBOX;\n}\n\nfunction cleanName(name: string): string {\n return name.replace(/[^a-zA-Z0-9:-]/g, \"\");\n}\n\nfunction exportEnvName(name: string, env = process.env): string {\n let rawName;\n if (checkEnvIsProvider(env)) {\n rawName = `env-${env.PROJECT_ENV}-${env.PROJECT_KEY}-${name}`;\n // Clean the entire name to only allow alphanumeric, colons, and hyphens\n return cleanName(rawName);\n } else {\n if (checkEnvIsConsumer(env)) {\n rawName = `env-${CDK.ENV.SANDBOX}-${env.PROJECT_KEY}-${name}`;\n } else {\n rawName = `env-${env.PROJECT_ENV}-${env.PROJECT_KEY}-${name}`;\n }\n }\n return cleanName(rawName);\n}\n\nexport interface JaypieEnvSecretProps {\n consumer?: boolean;\n envKey?: string;\n export?: string;\n provider?: boolean;\n roleTag?: string;\n vendorTag?: string;\n value?: string;\n}\n\nexport class JaypieEnvSecret extends Construct implements ISecret {\n private readonly _envKey?: string;\n private readonly _secret: secretsmanager.ISecret;\n\n constructor(scope: Construct, id: string, props?: JaypieEnvSecretProps) {\n super(scope, id);\n\n const {\n consumer = checkEnvIsConsumer(),\n envKey,\n export: exportParam,\n provider = checkEnvIsProvider(),\n roleTag,\n vendorTag,\n value,\n } = props || {};\n\n this._envKey = envKey;\n\n let exportName;\n\n if (!exportParam) {\n exportName = exportEnvName(id);\n } else {\n exportName = cleanName(exportParam);\n }\n\n if (consumer) {\n const secretName = Fn.importValue(exportName);\n this._secret = secretsmanager.Secret.fromSecretNameV2(\n this,\n id,\n secretName,\n );\n\n // Add CfnOutput for consumer secrets\n new CfnOutput(this, `ConsumedName`, {\n value: this._secret.secretName,\n });\n } else {\n const secretValue =\n envKey && process.env[envKey] ? process.env[envKey] : value;\n\n const secretProps: secretsmanager.SecretProps = {\n secretStringValue: secretValue\n ? SecretValue.unsafePlainText(secretValue)\n : undefined,\n };\n\n this._secret = new secretsmanager.Secret(this, id, secretProps);\n\n if (roleTag) {\n Tags.of(this._secret).add(CDK.TAG.ROLE, roleTag);\n }\n\n if (vendorTag) {\n Tags.of(this._secret).add(CDK.TAG.VENDOR, vendorTag);\n }\n\n if (provider) {\n new CfnOutput(this, `ProvidedName`, {\n value: this._secret.secretName,\n exportName,\n });\n } else {\n new CfnOutput(this, `CreatedName`, {\n value: this._secret.secretName,\n });\n }\n }\n }\n\n // IResource implementation\n public get stack(): Stack {\n return Stack.of(this);\n }\n\n public get env(): { account: string; region: string } {\n return {\n account: Stack.of(this).account,\n region: Stack.of(this).region,\n };\n }\n\n public applyRemovalPolicy(policy: RemovalPolicy): void {\n this._secret.applyRemovalPolicy(policy);\n }\n\n // ISecret implementation\n public get secretArn(): string {\n return this._secret.secretArn;\n }\n\n public get secretName(): string {\n return this._secret.secretName;\n }\n\n public get secretFullArn(): string | undefined {\n return this._secret.secretFullArn;\n }\n\n public get encryptionKey(): IKey | undefined {\n return this._secret.encryptionKey;\n }\n\n public get secretValue(): SecretValue {\n return this._secret.secretValue;\n }\n\n public secretValueFromJson(key: string): SecretValue {\n return this._secret.secretValueFromJson(key);\n }\n\n public grantRead(grantee: IGrantable, versionStages?: string[]): Grant {\n return this._secret.grantRead(grantee, versionStages);\n }\n\n public grantWrite(grantee: IGrantable): Grant {\n return this._secret.grantWrite(grantee);\n }\n\n public addRotationSchedule(\n id: string,\n options: RotationScheduleOptions,\n ): RotationSchedule {\n return this._secret.addRotationSchedule(id, options);\n }\n\n public addToResourcePolicy(\n statement: PolicyStatement,\n ): AddToResourcePolicyResult {\n return this._secret.addToResourcePolicy(statement);\n }\n\n public denyAccountRootDelete(): void {\n this._secret.denyAccountRootDelete();\n }\n\n public attach(target: ISecretAttachmentTarget): ISecret {\n return this._secret.attach(target);\n }\n\n public get envKey(): string | undefined {\n return this._envKey;\n }\n}\n","import { CDK } from \"@jaypie/cdk\";\nimport * as cdk from \"aws-cdk-lib\";\nimport { ServicePrincipal } from \"aws-cdk-lib/aws-iam\";\nimport {\n LogGroup,\n FilterPattern,\n RetentionDays,\n ILogGroup,\n} from \"aws-cdk-lib/aws-logs\";\nimport { HostedZone, IHostedZone } from \"aws-cdk-lib/aws-route53\";\nimport { Construct } from \"constructs\";\nimport { LambdaDestination } from \"aws-cdk-lib/aws-logs-destinations\";\n\nconst SERVICE = {\n ROUTE53: \"route53.amazonaws.com\",\n} as const;\n\ninterface JaypieHostedZoneProps {\n /**\n * The domain name for the hosted zone\n */\n zoneName: string;\n /**\n * The service tag value\n * @default CDK.SERVICE.INFRASTRUCTURE\n */\n service?: string;\n /**\n * Optional project tag value\n */\n project?: string;\n /**\n * Optional log destination\n */\n destination?: LambdaDestination;\n}\n\nexport class JaypieHostedZone extends Construct {\n public readonly hostedZone: IHostedZone;\n public readonly logGroup: ILogGroup;\n\n /**\n * Create a new hosted zone with query logging\n */\n constructor(scope: Construct, id: string, props: JaypieHostedZoneProps) {\n super(scope, id);\n\n const { destination, zoneName, project } = props;\n const service = props.service || CDK.SERVICE.INFRASTRUCTURE;\n\n // Create the log group\n this.logGroup = new LogGroup(this, \"LogGroup\", {\n logGroupName: process.env.PROJECT_NONCE\n ? `/aws/route53/${zoneName}-${process.env.PROJECT_NONCE}`\n : `/aws/route53/${zoneName}`,\n retention: RetentionDays.ONE_WEEK,\n });\n\n // Add tags\n cdk.Tags.of(this.logGroup).add(CDK.TAG.SERVICE, service);\n cdk.Tags.of(this.logGroup).add(CDK.TAG.ROLE, CDK.ROLE.NETWORKING);\n if (project) {\n cdk.Tags.of(this.logGroup).add(CDK.TAG.PROJECT, project);\n }\n\n // Grant Route 53 permissions to write to the log group\n this.logGroup.grantWrite(new ServicePrincipal(SERVICE.ROUTE53));\n\n // Add destination if provided\n if (destination) {\n this.logGroup.addSubscriptionFilter(\"DatadogLambdaDestination\", {\n destination,\n filterPattern: FilterPattern.allEvents(),\n });\n }\n\n // Create the hosted zone\n this.hostedZone = new HostedZone(this, \"HostedZone\", {\n queryLogsLogGroupArn: this.logGroup.logGroupArn,\n zoneName,\n });\n\n // Add tags\n cdk.Tags.of(this.hostedZone).add(CDK.TAG.SERVICE, service);\n cdk.Tags.of(this.hostedZone).add(CDK.TAG.ROLE, CDK.ROLE.NETWORKING);\n if (project) {\n cdk.Tags.of(this.hostedZone).add(CDK.TAG.PROJECT, project);\n }\n }\n}\n","import { Construct } from \"constructs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport { JaypieEnvSecret, JaypieEnvSecretProps } from \"./JaypieEnvSecret\";\n\nexport class JaypieMongoDbSecret extends JaypieEnvSecret {\n constructor(\n scope: Construct,\n id = \"MongoConnectionString\",\n props?: JaypieEnvSecretProps,\n ) {\n const defaultProps: JaypieEnvSecretProps = {\n envKey: \"MONGODB_URI\",\n roleTag: CDK.ROLE.STORAGE,\n vendorTag: CDK.VENDOR.MONGODB,\n ...props,\n };\n\n super(scope, id, defaultProps);\n }\n}\n","import { Construct } from \"constructs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport { JaypieEnvSecret, JaypieEnvSecretProps } from \"./JaypieEnvSecret\";\n\nexport class JaypieOpenAiSecret extends JaypieEnvSecret {\n constructor(\n scope: Construct,\n id = \"OpenAiApiKey\",\n props?: JaypieEnvSecretProps,\n ) {\n const defaultProps: JaypieEnvSecretProps = {\n envKey: \"OPENAI_API_KEY\",\n roleTag: CDK.ROLE.PROCESSING,\n vendorTag: CDK.VENDOR.OPENAI,\n ...props,\n };\n\n super(scope, id, defaultProps);\n }\n}\n","import { Construct } from \"constructs\";\nimport { Duration, Tags, Stack, RemovalPolicy } from \"aws-cdk-lib\";\nimport * as lambda from \"aws-cdk-lib/aws-lambda\";\nimport * as sqs from \"aws-cdk-lib/aws-sqs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport * as lambdaEventSources from \"aws-cdk-lib/aws-lambda-event-sources\";\nimport * as iam from \"aws-cdk-lib/aws-iam\";\nimport * as cloudwatch from \"aws-cdk-lib/aws-cloudwatch\";\nimport * as kms from \"aws-cdk-lib/aws-kms\";\nimport * as secretsmanager from \"aws-cdk-lib/aws-secretsmanager\";\nimport { JaypieEnvSecret } from \"./JaypieEnvSecret.js\";\n\nexport interface JaypieQueuedLambdaProps {\n batchSize?: number;\n code: lambda.Code | string;\n environment?: { [key: string]: string };\n envSecrets?: { [key: string]: secretsmanager.ISecret };\n fifo?: boolean;\n handler: string;\n layers?: lambda.ILayerVersion[];\n logRetention?: number;\n memorySize?: number;\n paramsAndSecrets?: lambda.ParamsAndSecretsLayerVersion;\n reservedConcurrentExecutions?: number;\n roleTag?: string;\n runtime?: lambda.Runtime;\n secrets?: JaypieEnvSecret[];\n timeout?: Duration | number;\n vendorTag?: string;\n visibilityTimeout?: Duration | number;\n}\n\nexport class JaypieQueuedLambda\n extends Construct\n implements lambda.IFunction, sqs.IQueue\n{\n private readonly _queue: sqs.Queue;\n private readonly _lambda: lambda.Function;\n private readonly _code: lambda.Code;\n\n constructor(scope: Construct, id: string, props: JaypieQueuedLambdaProps) {\n super(scope, id);\n\n const {\n batchSize = 1,\n code,\n environment = {},\n envSecrets = {},\n fifo = true,\n handler = \"index.handler\",\n layers = [],\n logRetention = CDK.LAMBDA.LOG_RETENTION,\n memorySize = CDK.LAMBDA.MEMORY_SIZE,\n paramsAndSecrets,\n reservedConcurrentExecutions,\n roleTag,\n runtime = lambda.Runtime.NODEJS_20_X,\n secrets = [],\n timeout = Duration.seconds(CDK.DURATION.LAMBDA_WORKER),\n vendorTag,\n visibilityTimeout = Duration.seconds(CDK.DURATION.LAMBDA_WORKER),\n } = props;\n\n this._code = typeof code === \"string\" ? lambda.Code.fromAsset(code) : code;\n\n // Create SQS Queue\n this._queue = new sqs.Queue(this, \"Queue\", {\n fifo,\n visibilityTimeout:\n typeof visibilityTimeout === \"number\"\n ? Duration.seconds(visibilityTimeout)\n : visibilityTimeout,\n });\n if (roleTag) {\n Tags.of(this._queue).add(CDK.TAG.ROLE, roleTag);\n }\n if (vendorTag) {\n Tags.of(this._queue).add(CDK.TAG.VENDOR, vendorTag);\n }\n\n // Process secrets environment variables\n const secretsEnvironment = Object.entries(envSecrets).reduce(\n (acc, [key, secret]) => ({\n ...acc,\n [`SECRET_${key}`]: secret.secretName,\n }),\n {},\n );\n\n // Process JaypieEnvSecret array\n const jaypieSecretsEnvironment = secrets.reduce((acc, secret) => {\n if (secret.envKey) {\n return {\n ...acc,\n [`SECRET_${secret.envKey}`]: secret.secretName,\n };\n }\n return acc;\n }, {});\n\n // Create Lambda Function\n this._lambda = new lambda.Function(this, \"Function\", {\n code: this._code,\n environment: {\n CDK_ENV_QUEUE_URL: this._queue.queueUrl,\n ...environment,\n ...secretsEnvironment,\n ...jaypieSecretsEnvironment,\n },\n handler,\n layers,\n logRetention,\n memorySize,\n paramsAndSecrets,\n reservedConcurrentExecutions,\n runtime,\n timeout:\n typeof timeout === \"number\" ? Duration.seconds(timeout) : timeout,\n });\n\n // Grant secret read permissions\n Object.values(envSecrets).forEach((secret) => {\n secret.grantRead(this._lambda);\n });\n\n // Grant read permissions for JaypieEnvSecrets\n secrets.forEach((secret) => {\n secret.grantRead(this);\n secret.grantRead(this._lambda);\n });\n\n this._queue.grantConsumeMessages(this._lambda);\n this._queue.grantSendMessages(this._lambda);\n this._lambda.addEventSource(\n new lambdaEventSources.SqsEventSource(this._queue, {\n batchSize,\n }),\n );\n if (roleTag) {\n Tags.of(this._lambda).add(CDK.TAG.ROLE, roleTag);\n }\n if (vendorTag) {\n Tags.of(this._lambda).add(CDK.TAG.VENDOR, vendorTag);\n }\n }\n\n // Public accessors\n public get queue(): sqs.Queue {\n return this._queue;\n }\n\n public get lambda(): lambda.Function {\n return this._lambda;\n }\n\n public get code(): lambda.Code {\n return this._code;\n }\n\n // IFunction implementation\n public get functionArn(): string {\n return this._lambda.functionArn;\n }\n\n public get functionName(): string {\n return this._lambda.functionName;\n }\n\n public get grantPrincipal(): import(\"aws-cdk-lib/aws-iam\").IPrincipal {\n return this._lambda.grantPrincipal;\n }\n\n public get role(): import(\"aws-cdk-lib/aws-iam\").IRole | undefined {\n return this._lambda.role;\n }\n\n public get architecture(): lambda.Architecture {\n return this._lambda.architecture;\n }\n\n public get connections(): import(\"aws-cdk-lib/aws-ec2\").Connections {\n return this._lambda.connections;\n }\n\n public get isBoundToVpc(): boolean {\n return this._lambda.isBoundToVpc;\n }\n\n public get latestVersion(): lambda.IVersion {\n return this._lambda.latestVersion;\n }\n\n public get permissionsNode(): import(\"constructs\").Node {\n return this._lambda.permissionsNode;\n }\n\n public get resourceArnsForGrantInvoke(): string[] {\n return this._lambda.resourceArnsForGrantInvoke;\n }\n\n public addEventSource(source: lambda.IEventSource): void {\n this._lambda.addEventSource(source);\n }\n\n public addEventSourceMapping(\n id: string,\n options: lambda.EventSourceMappingOptions,\n ): lambda.EventSourceMapping {\n return this._lambda.addEventSourceMapping(id, options);\n }\n\n public addFunctionUrl(\n options?: lambda.FunctionUrlOptions,\n ): lambda.FunctionUrl {\n return this._lambda.addFunctionUrl(options);\n }\n\n public addPermission(id: string, permission: lambda.Permission): void {\n this._lambda.addPermission(id, permission);\n }\n\n public addToRolePolicy(\n statement: import(\"aws-cdk-lib/aws-iam\").PolicyStatement,\n ): void {\n this._lambda.addToRolePolicy(statement);\n }\n\n public configureAsyncInvoke(options: lambda.EventInvokeConfigOptions): void {\n this._lambda.configureAsyncInvoke(options);\n }\n\n public grantInvoke(\n grantee: import(\"aws-cdk-lib/aws-iam\").IGrantable,\n ): import(\"aws-cdk-lib/aws-iam\").Grant {\n return this._lambda.grantInvoke(grantee);\n }\n\n public grantInvokeCompositePrincipal(\n compositePrincipal: import(\"aws-cdk-lib/aws-iam\").CompositePrincipal,\n ): import(\"aws-cdk-lib/aws-iam\").Grant[] {\n return this._lambda.grantInvokeCompositePrincipal(compositePrincipal);\n }\n\n public grantInvokeUrl(\n grantee: import(\"aws-cdk-lib/aws-iam\").IGrantable,\n ): import(\"aws-cdk-lib/aws-iam\").Grant {\n return this._lambda.grantInvokeUrl(grantee);\n }\n\n public metric(\n metricName: string,\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metric(metricName, props);\n }\n\n public metricDuration(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricDuration(props);\n }\n\n public metricErrors(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricErrors(props);\n }\n\n public metricInvocations(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricInvocations(props);\n }\n\n public metricThrottles(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricThrottles(props);\n }\n\n // Additional IFunction implementation\n public grantInvokeLatestVersion(grantee: iam.IGrantable): iam.Grant {\n return this._lambda.grantInvokeLatestVersion(grantee);\n }\n\n public grantInvokeVersion(\n grantee: iam.IGrantable,\n version: lambda.Version,\n ): iam.Grant {\n return this._lambda.grantInvokeVersion(grantee, version);\n }\n\n public get env() {\n return {\n account: Stack.of(this).account,\n region: Stack.of(this).region,\n };\n }\n\n public get stack(): Stack {\n return this._lambda.stack;\n }\n\n public applyRemovalPolicy(policy: RemovalPolicy): void {\n this._lambda.applyRemovalPolicy(policy);\n this._queue.applyRemovalPolicy(policy);\n }\n\n // IQueue implementation\n public get fifo(): boolean {\n return this._queue.fifo;\n }\n\n public get queueArn(): string {\n return this._queue.queueArn;\n }\n\n public get queueName(): string {\n return this._queue.queueName;\n }\n\n public get queueUrl(): string {\n return this._queue.queueUrl;\n }\n\n public get encryptionMasterKey(): kms.IKey | undefined {\n return this._queue.encryptionMasterKey;\n }\n\n public addToResourcePolicy(\n statement: iam.PolicyStatement,\n ): iam.AddToResourcePolicyResult {\n return this._queue.addToResourcePolicy(statement);\n }\n\n public grant(grantee: iam.IGrantable, ...actions: string[]): iam.Grant {\n return this._queue.grant(grantee, ...actions);\n }\n\n public grantConsumeMessages(grantee: iam.IGrantable): iam.Grant {\n return this._queue.grantConsumeMessages(grantee);\n }\n\n public grantPurge(grantee: iam.IGrantable): iam.Grant {\n return this._queue.grantPurge(grantee);\n }\n\n public grantSendMessages(grantee: iam.IGrantable): iam.Grant {\n return this._queue.grantSendMessages(grantee);\n }\n\n // Queue metrics\n public metricApproximateAgeOfOldestMessage(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateAgeOfOldestMessage(props);\n }\n\n public metricApproximateNumberOfMessagesDelayed(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateNumberOfMessagesDelayed(props);\n }\n\n public metricApproximateNumberOfMessagesNotVisible(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateNumberOfMessagesNotVisible(props);\n }\n\n public metricApproximateNumberOfMessagesVisible(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateNumberOfMessagesVisible(props);\n }\n\n public metricNumberOfEmptyReceives(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfEmptyReceives(props);\n }\n\n public metricNumberOfMessagesDeleted(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfMessagesDeleted(props);\n }\n\n public metricNumberOfMessagesReceived(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfMessagesReceived(props);\n }\n\n public metricNumberOfMessagesSent(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfMessagesSent(props);\n }\n\n public metricSentMessageSize(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricSentMessageSize(props);\n }\n}\n","import { Construct } from \"constructs\";\nimport { Tags, Duration } from \"aws-cdk-lib\";\nimport * as sso from \"aws-cdk-lib/aws-sso\";\nimport { CDK } from \"@jaypie/cdk\";\n\n/**\n * Account categories for SSO group assignments\n */\nexport interface JaypieSsoAccountMap {\n development: string[];\n management: string[];\n operations: string[];\n production: string[];\n sandbox: string[];\n security: string[];\n stage: string[];\n}\n\n/**\n * Mapping of group types to Google Workspace group GUIDs\n */\nexport interface JaypieSsoGroupMap {\n administrators: string;\n analysts: string;\n developers: string;\n}\n\n/**\n * IAM Policy Statement structure for inline policies\n */\nexport interface PolicyStatement {\n Effect: \"Allow\" | \"Deny\";\n Action: string[] | string;\n Resource: string[] | string;\n Condition?: Record<string, unknown>;\n}\n\n/**\n * Properties for the JaypieSsoGroups construct\n */\nexport interface JaypieSsoGroupsProps {\n /**\n * ARN of the IAM Identity Center instance\n */\n instanceArn: string;\n\n /**\n * Mapping of account categories to AWS account IDs\n */\n accountMap: JaypieSsoAccountMap;\n\n /**\n * Mapping of group types to Google Workspace group GUIDs\n */\n groupMap: JaypieSsoGroupMap;\n\n /**\n * Additional inline policy statements to append to each group's permission set\n * Each group can have its own set of policy statements that will be merged\n * with the default policies.\n */\n inlinePolicyStatements?: {\n administrators?: PolicyStatement[];\n analysts?: PolicyStatement[];\n developers?: PolicyStatement[];\n };\n}\n\n/**\n * Permission set types with corresponding AWS managed policies\n */\nexport enum PermissionSetType {\n ADMINISTRATOR = \"Administrator\",\n ANALYST = \"Analyst\",\n DEVELOPER = \"Developer\",\n}\n\n/**\n * Construct to simplify AWS SSO group management.\n * This construct encapsulates the complexity of creating permission sets\n * and assigning them to groups across multiple AWS accounts.\n */\nexport class JaypieSsoGroups extends Construct {\n private readonly permissionSets: Record<\n PermissionSetType,\n sso.CfnPermissionSet\n > = {} as Record<PermissionSetType, sso.CfnPermissionSet>;\n private readonly instanceArn: string;\n private readonly props: JaypieSsoGroupsProps;\n\n constructor(scope: Construct, id: string, props: JaypieSsoGroupsProps) {\n super(scope, id);\n\n this.instanceArn = props.instanceArn;\n this.props = props;\n\n // Create the permission sets\n this.createAdministratorPermissionSet();\n this.createAnalystPermissionSet();\n this.createDeveloperPermissionSet();\n\n // Create the assignments\n this.createPermissionSetAssignments(props);\n }\n\n /**\n * Creates the Administrator permission set with AdministratorAccess policy\n * and billing access\n */\n private createAdministratorPermissionSet(): void {\n const defaultInlinePolicy = {\n Version: \"2012-10-17\",\n Statement: [\n {\n Effect: \"Allow\",\n Action: [\n \"aws-portal:ViewBilling\",\n \"aws-portal:ModifyBilling\",\n \"aws-portal:ViewAccount\",\n \"aws-portal:ModifyAccount\",\n \"budgets:ViewBudget\",\n \"budgets:ModifyBudget\",\n ],\n Resource: \"*\",\n },\n ],\n };\n\n // Merge with any additional policy statements provided for administrators\n const mergedPolicy = this.mergeInlinePolicies(\n defaultInlinePolicy,\n this.props?.inlinePolicyStatements?.administrators,\n );\n\n const permissionSet = new sso.CfnPermissionSet(\n this,\n \"AdministratorPermissionSet\",\n {\n instanceArn: this.instanceArn,\n name: PermissionSetType.ADMINISTRATOR,\n description:\n \"Full administrative access to all AWS services and resources\",\n sessionDuration: Duration.hours(8).toIsoString(),\n managedPolicies: [\"arn:aws:iam::aws:policy/AdministratorAccess\"],\n inlinePolicy: mergedPolicy,\n },\n );\n\n Tags.of(permissionSet).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n\n this.permissionSets[PermissionSetType.ADMINISTRATOR] = permissionSet;\n }\n\n /**\n * Creates the Analyst permission set with ReadOnlyAccess policy\n * and limited write access\n */\n private createAnalystPermissionSet(): void {\n const defaultInlinePolicy = {\n Version: \"2012-10-17\",\n Statement: [\n {\n Effect: \"Allow\",\n Action: [\n \"aws-portal:ViewBilling\",\n \"aws-portal:ViewAccount\",\n \"budgets:ViewBudget\",\n \"cloudwatch:PutDashboard\",\n \"cloudwatch:PutMetricData\",\n \"s3:PutObject\",\n \"s3:GetObject\",\n \"s3:ListBucket\",\n ],\n Resource: \"*\",\n },\n ],\n };\n\n // Merge with any additional policy statements provided for analysts\n const mergedPolicy = this.mergeInlinePolicies(\n defaultInlinePolicy,\n this.props?.inlinePolicyStatements?.analysts,\n );\n\n const permissionSet = new sso.CfnPermissionSet(\n this,\n \"AnalystPermissionSet\",\n {\n instanceArn: this.instanceArn,\n name: PermissionSetType.ANALYST,\n description:\n \"Read-only access with billing visibility and limited write access\",\n sessionDuration: Duration.hours(4).toIsoString(),\n managedPolicies: [\"arn:aws:iam::aws:policy/ReadOnlyAccess\"],\n inlinePolicy: mergedPolicy,\n },\n );\n\n Tags.of(permissionSet).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n\n this.permissionSets[PermissionSetType.ANALYST] = permissionSet;\n }\n\n /**\n * Creates the Developer permission set with SystemAdministrator policy\n * and expanded write access\n */\n private createDeveloperPermissionSet(): void {\n const defaultInlinePolicy = {\n Version: \"2012-10-17\",\n Statement: [\n {\n Effect: \"Allow\",\n Action: [\n \"cloudwatch:*\",\n \"logs:*\",\n \"lambda:*\",\n \"apigateway:*\",\n \"dynamodb:*\",\n \"s3:*\",\n \"sns:*\",\n \"sqs:*\",\n \"events:*\",\n \"ecr:*\",\n \"ecs:*\",\n \"codebuild:*\",\n ],\n Resource: \"*\",\n },\n {\n Effect: \"Deny\",\n Action: [\n \"iam:*User*\",\n \"iam:*Role*\",\n \"iam:*Policy*\",\n \"organizations:*\",\n \"account:*\",\n ],\n Resource: \"*\",\n },\n ],\n };\n\n // Merge with any additional policy statements provided for developers\n const mergedPolicy = this.mergeInlinePolicies(\n defaultInlinePolicy,\n this.props?.inlinePolicyStatements?.developers,\n );\n\n const permissionSet = new sso.CfnPermissionSet(\n this,\n \"DeveloperPermissionSet\",\n {\n instanceArn: this.instanceArn,\n name: PermissionSetType.DEVELOPER,\n description:\n \"System administrator access with expanded write permissions\",\n sessionDuration: Duration.hours(8).toIsoString(),\n managedPolicies: [\n \"arn:aws:iam::aws:policy/job-function/SystemAdministrator\",\n ],\n inlinePolicy: mergedPolicy,\n },\n );\n\n Tags.of(permissionSet).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n\n this.permissionSets[PermissionSetType.DEVELOPER] = permissionSet;\n }\n\n /**\n * Gets the permission set for the specified type\n */\n public getPermissionSet(type: PermissionSetType): sso.CfnPermissionSet {\n return this.permissionSets[type];\n }\n\n /**\n * Merges default inline policies with additional user-provided policy statements\n *\n * @param defaultPolicy - The default policy object with Version and Statement properties\n * @param additionalStatements - Optional additional policy statements to merge\n * @returns The merged policy object\n */\n private mergeInlinePolicies(\n defaultPolicy: Record<string, unknown>,\n additionalStatements?: PolicyStatement[],\n ): Record<string, unknown> {\n if (!additionalStatements || additionalStatements.length === 0) {\n return defaultPolicy;\n }\n\n // Create a deep copy of the default policy to avoid modifying the original\n const mergedPolicy = JSON.parse(JSON.stringify(defaultPolicy));\n\n // Add the additional statements to the existing statements\n mergedPolicy.Statement = [\n ...mergedPolicy.Statement,\n ...additionalStatements,\n ];\n\n return mergedPolicy;\n }\n\n /**\n * Creates assignments between permission sets, groups, and accounts\n * based on the provided configuration\n */\n private createPermissionSetAssignments(props: JaypieSsoGroupsProps): void {\n // Administrator assignments\n this.assignAdministratorPermissions(props);\n\n // Analyst assignments\n this.assignAnalystPermissions(props);\n\n // Developer assignments\n this.assignDeveloperPermissions(props);\n }\n\n /**\n * Assigns Administrator permissions to appropriate accounts\n */\n private assignAdministratorPermissions(props: JaypieSsoGroupsProps): void {\n const administratorGroup = props.groupMap.administrators;\n const administratorPermissionSet =\n this.permissionSets[PermissionSetType.ADMINISTRATOR];\n\n // Administrators get access to all accounts\n const allAccounts = [\n ...props.accountMap.development,\n ...props.accountMap.management,\n ...props.accountMap.operations,\n ...props.accountMap.production,\n ...props.accountMap.sandbox,\n ...props.accountMap.security,\n ...props.accountMap.stage,\n ];\n\n // Create assignments for each account\n allAccounts.forEach((accountId, index) => {\n const assignment = new sso.CfnAssignment(\n this,\n `AdministratorAssignment${index}`,\n {\n instanceArn: this.instanceArn,\n permissionSetArn: administratorPermissionSet.attrPermissionSetArn,\n principalId: administratorGroup,\n principalType: \"GROUP\",\n targetId: accountId,\n targetType: \"AWS_ACCOUNT\",\n },\n );\n\n Tags.of(assignment).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n Tags.of(assignment).add(\"Group\", \"administrators\");\n });\n }\n\n /**\n * Assigns Analyst permissions to appropriate accounts\n */\n private assignAnalystPermissions(props: JaypieSsoGroupsProps): void {\n const analystGroup = props.groupMap.analysts;\n const analystPermissionSet = this.permissionSets[PermissionSetType.ANALYST];\n\n // Analysts get access to development, management, sandbox, and stage accounts\n const analystAccounts = [\n ...props.accountMap.development,\n ...props.accountMap.management,\n ...props.accountMap.sandbox,\n ...props.accountMap.stage,\n ];\n\n // Create assignments for each account\n analystAccounts.forEach((accountId, index) => {\n const assignment = new sso.CfnAssignment(\n this,\n `AnalystAssignment${index}`,\n {\n instanceArn: this.instanceArn,\n permissionSetArn: analystPermissionSet.attrPermissionSetArn,\n principalId: analystGroup,\n principalType: \"GROUP\",\n targetId: accountId,\n targetType: \"AWS_ACCOUNT\",\n },\n );\n\n Tags.of(assignment).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n Tags.of(assignment).add(\"Group\", \"analysts\");\n });\n }\n\n /**\n * Assigns Developer permissions to appropriate accounts\n */\n private assignDeveloperPermissions(props: JaypieSsoGroupsProps): void {\n const developerGroup = props.groupMap.developers;\n const developerPermissionSet =\n this.permissionSets[PermissionSetType.DEVELOPER];\n\n // Developers get access to development, sandbox, and stage accounts\n const developerAccounts = [\n ...props.accountMap.development,\n ...props.accountMap.sandbox,\n ...props.accountMap.stage,\n ];\n\n // Create assignments for each account\n developerAccounts.forEach((accountId, index) => {\n const assignment = new sso.CfnAssignment(\n this,\n `DeveloperAssignment${index}`,\n {\n instanceArn: this.instanceArn,\n permissionSetArn: developerPermissionSet.attrPermissionSetArn,\n principalId: developerGroup,\n principalType: \"GROUP\",\n targetId: accountId,\n targetType: \"AWS_ACCOUNT\",\n },\n );\n\n Tags.of(assignment).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n Tags.of(assignment).add(\"Group\", \"developers\");\n });\n }\n}\n","import { Construct } from \"constructs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport { JaypieEnvSecret, JaypieEnvSecretProps } from \"./JaypieEnvSecret\";\n\nexport class JaypieTraceSigningKeySecret extends JaypieEnvSecret {\n constructor(\n scope: Construct,\n id = \"TraceSigningKey\",\n props?: JaypieEnvSecretProps,\n ) {\n const defaultProps: JaypieEnvSecretProps = {\n envKey: \"TRACE_SIGNING_KEY\",\n roleTag: CDK.ROLE.API,\n vendorTag: CDK.VENDOR.KNOWTRACE,\n ...props,\n };\n\n super(scope, id, defaultProps);\n }\n}\n"],"names":[],"mappings":";;;;;;;;;;;;;AAyBA;AACA,SAAS,kBAAkB,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,EAAA;IAC3C,QACE,GAAG,CAAC,WAAW,KAAK,GAAG,CAAC,GAAG,CAAC,QAAQ;QACpC,CAAC,CAAC,GAAG,CAAC,gBAAgB;AACtB,2BAAmB,GAAG,CAAC,WAAW,KAAK,WAAW;AAClD,2BAAmB,CAAC,CAAC,GAAG,CAAC,iBAAiB;AAE9C;AAEA,SAAS,kBAAkB,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,EAAA;IAC3C,OAAO,GAAG,CAAC,WAAW,KAAK,GAAG,CAAC,GAAG,CAAC,OAAO;AAC5C;AAEA,SAAS,SAAS,CAAC,IAAY,EAAA;IAC7B,OAAO,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,EAAE,CAAC;AAC5C;AAEA,SAAS,aAAa,CAAC,IAAY,EAAE,GAAG,GAAG,OAAO,CAAC,GAAG,EAAA;AACpD,IAAA,IAAI,OAAO;AACX,IAAA,IAAI,kBAAkB,CAAC,GAAG,CAAC,EAAE;AAC3B,QAAA,OAAO,GAAG,CAAA,IAAA,EAAO,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,IAAI,CAAA,CAAE;;AAE7D,QAAA,OAAO,SAAS,CAAC,OAAO,CAAC;;SACpB;AACL,QAAA,IAAI,kBAAkB,CAAC,GAAG,CAAC,EAAE;AAC3B,YAAA,OAAO,GAAG,CAAA,IAAA,EAAO,GAAG,CAAC,GAAG,CAAC,OAAO,CAAI,CAAA,EAAA,GAAG,CAAC,WAAW,CAAI,CAAA,EAAA,IAAI,EAAE;;aACxD;AACL,YAAA,OAAO,GAAG,CAAA,IAAA,EAAO,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,IAAI,CAAA,CAAE;;;AAGjE,IAAA,OAAO,SAAS,CAAC,OAAO,CAAC;AAC3B;AAYM,MAAO,eAAgB,SAAQ,SAAS,CAAA;AAI5C,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA4B,EAAA;AACpE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;QAEhB,MAAM,EACJ,QAAQ,GAAG,kBAAkB,EAAE,EAC/B,MAAM,EACN,MAAM,EAAE,WAAW,EACnB,QAAQ,GAAG,kBAAkB,EAAE,EAC/B,OAAO,EACP,SAAS,EACT,KAAK,GACN,GAAG,KAAK,IAAI,EAAE;AAEf,QAAA,IAAI,CAAC,OAAO,GAAG,MAAM;AAErB,QAAA,IAAI,UAAU;QAEd,IAAI,CAAC,WAAW,EAAE;AAChB,YAAA,UAAU,GAAG,aAAa,CAAC,EAAE,CAAC;;aACzB;AACL,YAAA,UAAU,GAAG,SAAS,CAAC,WAAW,CAAC;;QAGrC,IAAI,QAAQ,EAAE;YACZ,MAAM,UAAU,GAAG,EAAE,CAAC,WAAW,CAAC,UAAU,CAAC;AAC7C,YAAA,IAAI,CAAC,OAAO,GAAG,cAAc,CAAC,MAAM,CAAC,gBAAgB,CACnD,IAAI,EACJ,EAAE,EACF,UAAU,CACX;;AAGD,YAAA,IAAI,SAAS,CAAC,IAAI,EAAE,cAAc,EAAE;AAClC,gBAAA,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU;AAC/B,aAAA,CAAC;;aACG;YACL,MAAM,WAAW,GACf,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,KAAK;AAE7D,YAAA,MAAM,WAAW,GAA+B;AAC9C,gBAAA,iBAAiB,EAAE;AACjB,sBAAE,WAAW,CAAC,eAAe,CAAC,WAAW;AACzC,sBAAE,SAAS;aACd;AAED,YAAA,IAAI,CAAC,OAAO,GAAG,IAAI,cAAc,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,EAAE,WAAW,CAAC;YAE/D,IAAI,OAAO,EAAE;AACX,gBAAA,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC;;YAGlD,IAAI,SAAS,EAAE;AACb,gBAAA,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC;;YAGtD,IAAI,QAAQ,EAAE;AACZ,gBAAA,IAAI,SAAS,CAAC,IAAI,EAAE,cAAc,EAAE;AAClC,oBAAA,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU;oBAC9B,UAAU;AACX,iBAAA,CAAC;;iBACG;AACL,gBAAA,IAAI,SAAS,CAAC,IAAI,EAAE,aAAa,EAAE;AACjC,oBAAA,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU;AAC/B,iBAAA,CAAC;;;;;AAMR,IAAA,IAAW,KAAK,GAAA;AACd,QAAA,OAAO,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC;;AAGvB,IAAA,IAAW,GAAG,GAAA;QACZ,OAAO;YACL,OAAO,EAAE,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,OAAO;YAC/B,MAAM,EAAE,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM;SAC9B;;AAGI,IAAA,kBAAkB,CAAC,MAAqB,EAAA;AAC7C,QAAA,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,CAAC;;;AAIzC,IAAA,IAAW,SAAS,GAAA;AAClB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS;;AAG/B,IAAA,IAAW,UAAU,GAAA;AACnB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU;;AAGhC,IAAA,IAAW,aAAa,GAAA;AACtB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,aAAa;;AAGnC,IAAA,IAAW,aAAa,GAAA;AACtB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,aAAa;;AAGnC,IAAA,IAAW,WAAW,GAAA;AACpB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW;;AAG1B,IAAA,mBAAmB,CAAC,GAAW,EAAA;QACpC,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,GAAG,CAAC;;IAGvC,SAAS,CAAC,OAAmB,EAAE,aAAwB,EAAA;QAC5D,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,OAAO,EAAE,aAAa,CAAC;;AAGhD,IAAA,UAAU,CAAC,OAAmB,EAAA;QACnC,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC;;IAGlC,mBAAmB,CACxB,EAAU,EACV,OAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,EAAE,EAAE,OAAO,CAAC;;AAG/C,IAAA,mBAAmB,CACxB,SAA0B,EAAA;QAE1B,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,SAAS,CAAC;;IAG7C,qBAAqB,GAAA;AAC1B,QAAA,IAAI,CAAC,OAAO,CAAC,qBAAqB,EAAE;;AAG/B,IAAA,MAAM,CAAC,MAA+B,EAAA;QAC3C,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC;;AAGpC,IAAA,IAAW,MAAM,GAAA;QACf,OAAO,IAAI,CAAC,OAAO;;AAEtB;;ACzMD,MAAM,OAAO,GAAG;AACd,IAAA,OAAO,EAAE,uBAAuB;CACxB;AAsBJ,MAAO,gBAAiB,SAAQ,SAAS,CAAA;AAI7C;;AAEG;AACH,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA4B,EAAA;AACpE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;QAEhB,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,OAAO,EAAE,GAAG,KAAK;QAChD,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,IAAI,GAAG,CAAC,OAAO,CAAC,cAAc;;QAG3D,IAAI,CAAC,QAAQ,GAAG,IAAI,QAAQ,CAAC,IAAI,EAAE,UAAU,EAAE;AAC7C,YAAA,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC;kBACtB,gBAAgB,QAAQ,CAAA,CAAA,EAAI,OAAO,CAAC,GAAG,CAAC,aAAa,CAAE;kBACvD,CAAgB,aAAA,EAAA,QAAQ,CAAE,CAAA;YAC9B,SAAS,EAAE,aAAa,CAAC,QAAQ;AAClC,SAAA,CAAC;;QAGF,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;QACxD,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC;QACjE,IAAI,OAAO,EAAE;YACX,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;;;AAI1D,QAAA,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,gBAAgB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;;QAG/D,IAAI,WAAW,EAAE;AACf,YAAA,IAAI,CAAC,QAAQ,CAAC,qBAAqB,CAAC,0BAA0B,EAAE;gBAC9D,WAAW;AACX,gBAAA,aAAa,EAAE,aAAa,CAAC,SAAS,EAAE;AACzC,aAAA,CAAC;;;QAIJ,IAAI,CAAC,UAAU,GAAG,IAAI,UAAU,CAAC,IAAI,EAAE,YAAY,EAAE;AACnD,YAAA,oBAAoB,EAAE,IAAI,CAAC,QAAQ,CAAC,WAAW;YAC/C,QAAQ;AACT,SAAA,CAAC;;QAGF,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;QAC1D,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC;QACnE,IAAI,OAAO,EAAE;YACX,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;;;AAG/D;;ACrFK,MAAO,mBAAoB,SAAQ,eAAe,CAAA;AACtD,IAAA,WAAA,CACE,KAAgB,EAChB,EAAE,GAAG,uBAAuB,EAC5B,KAA4B,EAAA;AAE5B,QAAA,MAAM,YAAY,GAAyB;AACzC,YAAA,MAAM,EAAE,aAAa;AACrB,YAAA,OAAO,EAAE,GAAG,CAAC,IAAI,CAAC,OAAO;AACzB,YAAA,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,OAAO;AAC7B,YAAA,GAAG,KAAK;SACT;AAED,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,YAAY,CAAC;;AAEjC;;ACfK,MAAO,kBAAmB,SAAQ,eAAe,CAAA;AACrD,IAAA,WAAA,CACE,KAAgB,EAChB,EAAE,GAAG,cAAc,EACnB,KAA4B,EAAA;AAE5B,QAAA,MAAM,YAAY,GAAyB;AACzC,YAAA,MAAM,EAAE,gBAAgB;AACxB,YAAA,OAAO,EAAE,GAAG,CAAC,IAAI,CAAC,UAAU;AAC5B,YAAA,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,MAAM;AAC5B,YAAA,GAAG,KAAK;SACT;AAED,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,YAAY,CAAC;;AAEjC;;ACaK,MAAO,kBACX,SAAQ,SAAS,CAAA;AAOjB,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA8B,EAAA;AACtE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;AAEhB,QAAA,MAAM,EACJ,SAAS,GAAG,CAAC,EACb,IAAI,EACJ,WAAW,GAAG,EAAE,EAChB,UAAU,GAAG,EAAE,EACf,IAAI,GAAG,IAAI,EACX,OAAO,GAAG,eAAe,EACzB,MAAM,GAAG,EAAE,EACX,YAAY,GAAG,GAAG,CAAC,MAAM,CAAC,aAAa,EACvC,UAAU,GAAG,GAAG,CAAC,MAAM,CAAC,WAAW,EACnC,gBAAgB,EAChB,4BAA4B,EAC5B,OAAO,EACP,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,WAAW,EACpC,OAAO,GAAG,EAAE,EACZ,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,EACtD,SAAS,EACT,iBAAiB,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,GACjE,GAAG,KAAK;QAET,IAAI,CAAC,KAAK,GAAG,OAAO,IAAI,KAAK,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,IAAI;;QAG1E,IAAI,CAAC,MAAM,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,OAAO,EAAE;YACzC,IAAI;AACJ,YAAA,iBAAiB,EACf,OAAO,iBAAiB,KAAK;AAC3B,kBAAE,QAAQ,CAAC,OAAO,CAAC,iBAAiB;AACpC,kBAAE,iBAAiB;AACxB,SAAA,CAAC;QACF,IAAI,OAAO,EAAE;AACX,YAAA,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC;;QAEjD,IAAI,SAAS,EAAE;AACb,YAAA,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC;;;QAIrD,MAAM,kBAAkB,GAAG,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,MAAM,CAC1D,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM;AACvB,YAAA,GAAG,GAAG;AACN,YAAA,CAAC,UAAU,GAAG,CAAA,CAAE,GAAG,MAAM,CAAC,UAAU;SACrC,CAAC,EACF,EAAE,CACH;;QAGD,MAAM,wBAAwB,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,MAAM,KAAI;AAC9D,YAAA,IAAI,MAAM,CAAC,MAAM,EAAE;gBACjB,OAAO;AACL,oBAAA,GAAG,GAAG;oBACN,CAAC,CAAA,OAAA,EAAU,MAAM,CAAC,MAAM,EAAE,GAAG,MAAM,CAAC,UAAU;iBAC/C;;AAEH,YAAA,OAAO,GAAG;SACX,EAAE,EAAE,CAAC;;QAGN,IAAI,CAAC,OAAO,GAAG,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,UAAU,EAAE;YACnD,IAAI,EAAE,IAAI,CAAC,KAAK;AAChB,YAAA,WAAW,EAAE;AACX,gBAAA,iBAAiB,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;AACvC,gBAAA,GAAG,WAAW;AACd,gBAAA,GAAG,kBAAkB;AACrB,gBAAA,GAAG,wBAAwB;AAC5B,aAAA;YACD,OAAO;YACP,MAAM;YACN,YAAY;YACZ,UAAU;YACV,gBAAgB;YAChB,4BAA4B;YAC5B,OAAO;AACP,YAAA,OAAO,EACL,OAAO,OAAO,KAAK,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO;AACpE,SAAA,CAAC;;QAGF,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,KAAI;AAC3C,YAAA,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC;AAChC,SAAC,CAAC;;AAGF,QAAA,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,KAAI;AACzB,YAAA,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC;AACtB,YAAA,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC;AAChC,SAAC,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC;QAC9C,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC;AAC3C,QAAA,IAAI,CAAC,OAAO,CAAC,cAAc,CACzB,IAAI,kBAAkB,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,EAAE;YACjD,SAAS;AACV,SAAA,CAAC,CACH;QACD,IAAI,OAAO,EAAE;AACX,YAAA,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC;;QAElD,IAAI,SAAS,EAAE;AACb,YAAA,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC;;;;AAKxD,IAAA,IAAW,KAAK,GAAA;QACd,OAAO,IAAI,CAAC,MAAM;;AAGpB,IAAA,IAAW,MAAM,GAAA;QACf,OAAO,IAAI,CAAC,OAAO;;AAGrB,IAAA,IAAW,IAAI,GAAA;QACb,OAAO,IAAI,CAAC,KAAK;;;AAInB,IAAA,IAAW,WAAW,GAAA;AACpB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW;;AAGjC,IAAA,IAAW,YAAY,GAAA;AACrB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY;;AAGlC,IAAA,IAAW,cAAc,GAAA;AACvB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc;;AAGpC,IAAA,IAAW,IAAI,GAAA;AACb,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI;;AAG1B,IAAA,IAAW,YAAY,GAAA;AACrB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY;;AAGlC,IAAA,IAAW,WAAW,GAAA;AACpB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW;;AAGjC,IAAA,IAAW,YAAY,GAAA;AACrB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY;;AAGlC,IAAA,IAAW,aAAa,GAAA;AACtB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,aAAa;;AAGnC,IAAA,IAAW,eAAe,GAAA;AACxB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe;;AAGrC,IAAA,IAAW,0BAA0B,GAAA;AACnC,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,0BAA0B;;AAGzC,IAAA,cAAc,CAAC,MAA2B,EAAA;AAC/C,QAAA,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,MAAM,CAAC;;IAG9B,qBAAqB,CAC1B,EAAU,EACV,OAAyC,EAAA;QAEzC,OAAO,IAAI,CAAC,OAAO,CAAC,qBAAqB,CAAC,EAAE,EAAE,OAAO,CAAC;;AAGjD,IAAA,cAAc,CACnB,OAAmC,EAAA;QAEnC,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,OAAO,CAAC;;IAGtC,aAAa,CAAC,EAAU,EAAE,UAA6B,EAAA;QAC5D,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,EAAE,UAAU,CAAC;;AAGrC,IAAA,eAAe,CACpB,SAAwD,EAAA;AAExD,QAAA,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,SAAS,CAAC;;AAGlC,IAAA,oBAAoB,CAAC,OAAwC,EAAA;AAClE,QAAA,IAAI,CAAC,OAAO,CAAC,oBAAoB,CAAC,OAAO,CAAC;;AAGrC,IAAA,WAAW,CAChB,OAAiD,EAAA;QAEjD,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC;;AAGnC,IAAA,6BAA6B,CAClC,kBAAoE,EAAA;QAEpE,OAAO,IAAI,CAAC,OAAO,CAAC,6BAA6B,CAAC,kBAAkB,CAAC;;AAGhE,IAAA,cAAc,CACnB,OAAiD,EAAA;QAEjD,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,OAAO,CAAC;;IAGtC,MAAM,CACX,UAAkB,EAClB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,EAAE,KAAK,CAAC;;AAGxC,IAAA,cAAc,CACnB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,KAAK,CAAC;;AAGpC,IAAA,YAAY,CACjB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,KAAK,CAAC;;AAGlC,IAAA,iBAAiB,CACtB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC,KAAK,CAAC;;AAGvC,IAAA,eAAe,CACpB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC;;;AAIrC,IAAA,wBAAwB,CAAC,OAAuB,EAAA;QACrD,OAAO,IAAI,CAAC,OAAO,CAAC,wBAAwB,CAAC,OAAO,CAAC;;IAGhD,kBAAkB,CACvB,OAAuB,EACvB,OAAuB,EAAA;QAEvB,OAAO,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,OAAO,EAAE,OAAO,CAAC;;AAG1D,IAAA,IAAW,GAAG,GAAA;QACZ,OAAO;YACL,OAAO,EAAE,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,OAAO;YAC/B,MAAM,EAAE,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM;SAC9B;;AAGH,IAAA,IAAW,KAAK,GAAA;AACd,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK;;AAGpB,IAAA,kBAAkB,CAAC,MAAqB,EAAA;AAC7C,QAAA,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,CAAC;AACvC,QAAA,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC,MAAM,CAAC;;;AAIxC,IAAA,IAAW,IAAI,GAAA;AACb,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI;;AAGzB,IAAA,IAAW,QAAQ,GAAA;AACjB,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ;;AAG7B,IAAA,IAAW,SAAS,GAAA;AAClB,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS;;AAG9B,IAAA,IAAW,QAAQ,GAAA;AACjB,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ;;AAG7B,IAAA,IAAW,mBAAmB,GAAA;AAC5B,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,mBAAmB;;AAGjC,IAAA,mBAAmB,CACxB,SAA8B,EAAA;QAE9B,OAAO,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC,SAAS,CAAC;;AAG5C,IAAA,KAAK,CAAC,OAAuB,EAAE,GAAG,OAAiB,EAAA;QACxD,OAAO,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,GAAG,OAAO,CAAC;;AAGxC,IAAA,oBAAoB,CAAC,OAAuB,EAAA;QACjD,OAAO,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,OAAO,CAAC;;AAG3C,IAAA,UAAU,CAAC,OAAuB,EAAA;QACvC,OAAO,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC;;AAGjC,IAAA,iBAAiB,CAAC,OAAuB,EAAA;QAC9C,OAAO,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,OAAO,CAAC;;;AAIxC,IAAA,mCAAmC,CACxC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,mCAAmC,CAAC,KAAK,CAAC;;AAGxD,IAAA,wCAAwC,CAC7C,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,wCAAwC,CAAC,KAAK,CAAC;;AAG7D,IAAA,2CAA2C,CAChD,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,2CAA2C,CAAC,KAAK,CAAC;;AAGhE,IAAA,wCAAwC,CAC7C,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,wCAAwC,CAAC,KAAK,CAAC;;AAG7D,IAAA,2BAA2B,CAChC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,2BAA2B,CAAC,KAAK,CAAC;;AAGhD,IAAA,6BAA6B,CAClC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,6BAA6B,CAAC,KAAK,CAAC;;AAGlD,IAAA,8BAA8B,CACnC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,8BAA8B,CAAC,KAAK,CAAC;;AAGnD,IAAA,0BAA0B,CAC/B,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,0BAA0B,CAAC,KAAK,CAAC;;AAG/C,IAAA,qBAAqB,CAC1B,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC,KAAK,CAAC;;AAElD;;ACjVD;;AAEG;IACS;AAAZ,CAAA,UAAY,iBAAiB,EAAA;AAC3B,IAAA,iBAAA,CAAA,eAAA,CAAA,GAAA,eAA+B;AAC/B,IAAA,iBAAA,CAAA,SAAA,CAAA,GAAA,SAAmB;AACnB,IAAA,iBAAA,CAAA,WAAA,CAAA,GAAA,WAAuB;AACzB,CAAC,EAJW,iBAAiB,KAAjB,iBAAiB,GAI5B,EAAA,CAAA,CAAA;AAED;;;;AAIG;AACG,MAAO,eAAgB,SAAQ,SAAS,CAAA;AAQ5C,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA2B,EAAA;AACnE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;QARD,IAAc,CAAA,cAAA,GAG3B,EAAqD;AAOvD,QAAA,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC,WAAW;AACpC,QAAA,IAAI,CAAC,KAAK,GAAG,KAAK;;QAGlB,IAAI,CAAC,gCAAgC,EAAE;QACvC,IAAI,CAAC,0BAA0B,EAAE;QACjC,IAAI,CAAC,4BAA4B,EAAE;;AAGnC,QAAA,IAAI,CAAC,8BAA8B,CAAC,KAAK,CAAC;;AAG5C;;;AAGG;IACK,gCAAgC,GAAA;AACtC,QAAA,MAAM,mBAAmB,GAAG;AAC1B,YAAA,OAAO,EAAE,YAAY;AACrB,YAAA,SAAS,EAAE;AACT,gBAAA;AACE,oBAAA,MAAM,EAAE,OAAO;AACf,oBAAA,MAAM,EAAE;wBACN,wBAAwB;wBACxB,0BAA0B;wBAC1B,wBAAwB;wBACxB,0BAA0B;wBAC1B,oBAAoB;wBACpB,sBAAsB;AACvB,qBAAA;AACD,oBAAA,QAAQ,EAAE,GAAG;AACd,iBAAA;AACF,aAAA;SACF;;AAGD,QAAA,MAAM,YAAY,GAAG,IAAI,CAAC,mBAAmB,CAC3C,mBAAmB,EACnB,IAAI,CAAC,KAAK,EAAE,sBAAsB,EAAE,cAAc,CACnD;QAED,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,gBAAgB,CAC5C,IAAI,EACJ,4BAA4B,EAC5B;YACE,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,IAAI,EAAE,iBAAiB,CAAC,aAAa;AACrC,YAAA,WAAW,EACT,8DAA8D;YAChE,eAAe,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE;YAChD,eAAe,EAAE,CAAC,6CAA6C,CAAC;AAChE,YAAA,YAAY,EAAE,YAAY;AAC3B,SAAA,CACF;QAED,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;QAE5D,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,aAAa,CAAC,GAAG,aAAa;;AAGtE;;;AAGG;IACK,0BAA0B,GAAA;AAChC,QAAA,MAAM,mBAAmB,GAAG;AAC1B,YAAA,OAAO,EAAE,YAAY;AACrB,YAAA,SAAS,EAAE;AACT,gBAAA;AACE,oBAAA,MAAM,EAAE,OAAO;AACf,oBAAA,MAAM,EAAE;wBACN,wBAAwB;wBACxB,wBAAwB;wBACxB,oBAAoB;wBACpB,yBAAyB;wBACzB,0BAA0B;wBAC1B,cAAc;wBACd,cAAc;wBACd,eAAe;AAChB,qBAAA;AACD,oBAAA,QAAQ,EAAE,GAAG;AACd,iBAAA;AACF,aAAA;SACF;;AAGD,QAAA,MAAM,YAAY,GAAG,IAAI,CAAC,mBAAmB,CAC3C,mBAAmB,EACnB,IAAI,CAAC,KAAK,EAAE,sBAAsB,EAAE,QAAQ,CAC7C;QAED,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,gBAAgB,CAC5C,IAAI,EACJ,sBAAsB,EACtB;YACE,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,IAAI,EAAE,iBAAiB,CAAC,OAAO;AAC/B,YAAA,WAAW,EACT,mEAAmE;YACrE,eAAe,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE;YAChD,eAAe,EAAE,CAAC,wCAAwC,CAAC;AAC3D,YAAA,YAAY,EAAE,YAAY;AAC3B,SAAA,CACF;QAED,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;QAE5D,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,OAAO,CAAC,GAAG,aAAa;;AAGhE;;;AAGG;IACK,4BAA4B,GAAA;AAClC,QAAA,MAAM,mBAAmB,GAAG;AAC1B,YAAA,OAAO,EAAE,YAAY;AACrB,YAAA,SAAS,EAAE;AACT,gBAAA;AACE,oBAAA,MAAM,EAAE,OAAO;AACf,oBAAA,MAAM,EAAE;wBACN,cAAc;wBACd,QAAQ;wBACR,UAAU;wBACV,cAAc;wBACd,YAAY;wBACZ,MAAM;wBACN,OAAO;wBACP,OAAO;wBACP,UAAU;wBACV,OAAO;wBACP,OAAO;wBACP,aAAa;AACd,qBAAA;AACD,oBAAA,QAAQ,EAAE,GAAG;AACd,iBAAA;AACD,gBAAA;AACE,oBAAA,MAAM,EAAE,MAAM;AACd,oBAAA,MAAM,EAAE;wBACN,YAAY;wBACZ,YAAY;wBACZ,cAAc;wBACd,iBAAiB;wBACjB,WAAW;AACZ,qBAAA;AACD,oBAAA,QAAQ,EAAE,GAAG;AACd,iBAAA;AACF,aAAA;SACF;;AAGD,QAAA,MAAM,YAAY,GAAG,IAAI,CAAC,mBAAmB,CAC3C,mBAAmB,EACnB,IAAI,CAAC,KAAK,EAAE,sBAAsB,EAAE,UAAU,CAC/C;QAED,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,gBAAgB,CAC5C,IAAI,EACJ,wBAAwB,EACxB;YACE,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,IAAI,EAAE,iBAAiB,CAAC,SAAS;AACjC,YAAA,WAAW,EACT,6DAA6D;YAC/D,eAAe,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE;AAChD,YAAA,eAAe,EAAE;gBACf,0DAA0D;AAC3D,aAAA;AACD,YAAA,YAAY,EAAE,YAAY;AAC3B,SAAA,CACF;QAED,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;QAE5D,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,SAAS,CAAC,GAAG,aAAa;;AAGlE;;AAEG;AACI,IAAA,gBAAgB,CAAC,IAAuB,EAAA;AAC7C,QAAA,OAAO,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC;;AAGlC;;;;;;AAMG;IACK,mBAAmB,CACzB,aAAsC,EACtC,oBAAwC,EAAA;QAExC,IAAI,CAAC,oBAAoB,IAAI,oBAAoB,CAAC,MAAM,KAAK,CAAC,EAAE;AAC9D,YAAA,OAAO,aAAa;;;AAItB,QAAA,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;;QAG9D,YAAY,CAAC,SAAS,GAAG;YACvB,GAAG,YAAY,CAAC,SAAS;AACzB,YAAA,GAAG,oBAAoB;SACxB;AAED,QAAA,OAAO,YAAY;;AAGrB;;;AAGG;AACK,IAAA,8BAA8B,CAAC,KAA2B,EAAA;;AAEhE,QAAA,IAAI,CAAC,8BAA8B,CAAC,KAAK,CAAC;;AAG1C,QAAA,IAAI,CAAC,wBAAwB,CAAC,KAAK,CAAC;;AAGpC,QAAA,IAAI,CAAC,0BAA0B,CAAC,KAAK,CAAC;;AAGxC;;AAEG;AACK,IAAA,8BAA8B,CAAC,KAA2B,EAAA;AAChE,QAAA,MAAM,kBAAkB,GAAG,KAAK,CAAC,QAAQ,CAAC,cAAc;QACxD,MAAM,0BAA0B,GAC9B,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,aAAa,CAAC;;AAGtD,QAAA,MAAM,WAAW,GAAG;AAClB,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,WAAW;AAC/B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,UAAU;AAC9B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,UAAU;AAC9B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,UAAU;AAC9B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,OAAO;AAC3B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,QAAQ;AAC5B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,KAAK;SAC1B;;QAGD,WAAW,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,KAAK,KAAI;AACvC,YAAA,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,aAAa,CACtC,IAAI,EACJ,CAAA,uBAAA,EAA0B,KAAK,CAAA,CAAE,EACjC;gBACE,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,gBAAgB,EAAE,0BAA0B,CAAC,oBAAoB;AACjE,gBAAA,WAAW,EAAE,kBAAkB;AAC/B,gBAAA,aAAa,EAAE,OAAO;AACtB,gBAAA,QAAQ,EAAE,SAAS;AACnB,gBAAA,UAAU,EAAE,aAAa;AAC1B,aAAA,CACF;YAED,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;AACzD,YAAA,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,gBAAgB,CAAC;AACpD,SAAC,CAAC;;AAGJ;;AAEG;AACK,IAAA,wBAAwB,CAAC,KAA2B,EAAA;AAC1D,QAAA,MAAM,YAAY,GAAG,KAAK,CAAC,QAAQ,CAAC,QAAQ;QAC5C,MAAM,oBAAoB,GAAG,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,OAAO,CAAC;;AAG3E,QAAA,MAAM,eAAe,GAAG;AACtB,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,WAAW;AAC/B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,UAAU;AAC9B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,OAAO;AAC3B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,KAAK;SAC1B;;QAGD,eAAe,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,KAAK,KAAI;AAC3C,YAAA,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,aAAa,CACtC,IAAI,EACJ,CAAA,iBAAA,EAAoB,KAAK,CAAA,CAAE,EAC3B;gBACE,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,gBAAgB,EAAE,oBAAoB,CAAC,oBAAoB;AAC3D,gBAAA,WAAW,EAAE,YAAY;AACzB,gBAAA,aAAa,EAAE,OAAO;AACtB,gBAAA,QAAQ,EAAE,SAAS;AACnB,gBAAA,UAAU,EAAE,aAAa;AAC1B,aAAA,CACF;YAED,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;AACzD,YAAA,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,UAAU,CAAC;AAC9C,SAAC,CAAC;;AAGJ;;AAEG;AACK,IAAA,0BAA0B,CAAC,KAA2B,EAAA;AAC5D,QAAA,MAAM,cAAc,GAAG,KAAK,CAAC,QAAQ,CAAC,UAAU;QAChD,MAAM,sBAAsB,GAC1B,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,SAAS,CAAC;;AAGlD,QAAA,MAAM,iBAAiB,GAAG;AACxB,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,WAAW;AAC/B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,OAAO;AAC3B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,KAAK;SAC1B;;QAGD,iBAAiB,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,KAAK,KAAI;AAC7C,YAAA,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,aAAa,CACtC,IAAI,EACJ,CAAA,mBAAA,EAAsB,KAAK,CAAA,CAAE,EAC7B;gBACE,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,gBAAgB,EAAE,sBAAsB,CAAC,oBAAoB;AAC7D,gBAAA,WAAW,EAAE,cAAc;AAC3B,gBAAA,aAAa,EAAE,OAAO;AACtB,gBAAA,QAAQ,EAAE,SAAS;AACnB,gBAAA,UAAU,EAAE,aAAa;AAC1B,aAAA,CACF;YAED,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;AACzD,YAAA,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,YAAY,CAAC;AAChD,SAAC,CAAC;;AAEL;;ACvaK,MAAO,2BAA4B,SAAQ,eAAe,CAAA;AAC9D,IAAA,WAAA,CACE,KAAgB,EAChB,EAAE,GAAG,iBAAiB,EACtB,KAA4B,EAAA;AAE5B,QAAA,MAAM,YAAY,GAAyB;AACzC,YAAA,MAAM,EAAE,mBAAmB;AAC3B,YAAA,OAAO,EAAE,GAAG,CAAC,IAAI,CAAC,GAAG;AACrB,YAAA,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS;AAC/B,YAAA,GAAG,KAAK;SACT;AAED,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,YAAY,CAAC;;AAEjC;;;;"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@jaypie/constructs",
3
- "version": "1.1.19",
3
+ "version": "1.1.20",
4
4
  "description": "CDK constructs for Jaypie applications",
5
5
  "license": "MIT",
6
6
  "author": "Finlayson Studio",
@@ -46,5 +46,5 @@
46
46
  "publishConfig": {
47
47
  "access": "public"
48
48
  },
49
- "gitHead": "c9a990f384f3f54486d6ef97c5c588c2b4a6ed02"
49
+ "gitHead": "5e93fa23716d74f2d9361f17c0fc837b706768fa"
50
50
  }