@jaypie/constructs 1.1.19 → 1.1.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/cjs/JaypieSsoGroups.d.ts +28 -0
  2. package/dist/cjs/index.cjs +98 -70
  3. package/dist/cjs/index.cjs.map +1 -1
  4. package/dist/esm/JaypieSsoGroups.d.ts +28 -0
  5. package/dist/esm/index.js +98 -70
  6. package/dist/esm/index.js.map +1 -1
  7. package/package.json +2 -2
package/dist/cjs/JaypieSsoGroups.d.ts CHANGED
@@ -20,6 +20,15 @@ export interface JaypieSsoGroupMap {
20
20
  analysts: string;
21
21
  developers: string;
22
22
  }
23
+ /**
24
+ * IAM Policy Statement structure for inline policies
25
+ */
26
+ export interface PolicyStatement {
27
+ Effect: "Allow" | "Deny";
28
+ Action: string[] | string;
29
+ Resource: string[] | string;
30
+ Condition?: Record<string, unknown>;
31
+ }
23
32
  /**
24
33
  * Properties for the JaypieSsoGroups construct
25
34
  */
@@ -36,6 +45,16 @@ export interface JaypieSsoGroupsProps {
36
45
  * Mapping of group types to Google Workspace group GUIDs
37
46
  */
38
47
  groupMap: JaypieSsoGroupMap;
48
+ /**
49
+ * Additional inline policy statements to append to each group's permission set
50
+ * Each group can have its own set of policy statements that will be merged
51
+ * with the default policies.
52
+ */
53
+ inlinePolicyStatements?: {
54
+ administrators?: PolicyStatement[];
55
+ analysts?: PolicyStatement[];
56
+ developers?: PolicyStatement[];
57
+ };
39
58
  }
40
59
  /**
41
60
  * Permission set types with corresponding AWS managed policies
@@ -53,6 +72,7 @@ export declare enum PermissionSetType {
53
72
  export declare class JaypieSsoGroups extends Construct {
54
73
  private readonly permissionSets;
55
74
  private readonly instanceArn;
75
+ private readonly props;
56
76
  constructor(scope: Construct, id: string, props: JaypieSsoGroupsProps);
57
77
  /**
58
78
  * Creates the Administrator permission set with AdministratorAccess policy
@@ -73,6 +93,14 @@ export declare class JaypieSsoGroups extends Construct {
73
93
  * Gets the permission set for the specified type
74
94
  */
75
95
  getPermissionSet(type: PermissionSetType): sso.CfnPermissionSet;
96
+ /**
97
+ * Merges default inline policies with additional user-provided policy statements
98
+ *
99
+ * @param defaultPolicy - The default policy object with Version and Statement properties
100
+ * @param additionalStatements - Optional additional policy statements to merge
101
+ * @returns The merged policy object
102
+ */
103
+ private mergeInlinePolicies;
76
104
  /**
77
105
  * Creates assignments between permission sets, groups, and accounts
78
106
  * based on the provided configuration
package/dist/cjs/index.cjs CHANGED
@@ -494,6 +494,7 @@ class JaypieSsoGroups extends constructs.Construct {
494
494
  super(scope, id);
495
495
  this.permissionSets = {};
496
496
  this.instanceArn = props.instanceArn;
497
+ this.props = props;
497
498
  // Create the permission sets
498
499
  this.createAdministratorPermissionSet();
499
500
  this.createAnalystPermissionSet();
@@ -506,29 +507,30 @@ class JaypieSsoGroups extends constructs.Construct {
506
507
  * and billing access
507
508
  */
508
509
  createAdministratorPermissionSet() {
510
+ const defaultInlinePolicy = {
511
+ Version: "2012-10-17",
512
+ Statement: [
513
+ {
514
+ Effect: "Allow",
515
+ Action: [
516
+ "aws-portal:*",
517
+ "budgets:*",
518
+ "ce:*",
519
+ "cost-optimization-hub:*",
520
+ ],
521
+ Resource: "*",
522
+ },
523
+ ],
524
+ };
525
+ // Merge with any additional policy statements provided for administrators
526
+ const mergedPolicy = this.mergeInlinePolicies(defaultInlinePolicy, this.props?.inlinePolicyStatements?.administrators);
509
527
  const permissionSet = new sso__namespace.CfnPermissionSet(this, "AdministratorPermissionSet", {
510
528
  instanceArn: this.instanceArn,
511
529
  name: exports.PermissionSetType.ADMINISTRATOR,
512
530
  description: "Full administrative access to all AWS services and resources",
513
531
  sessionDuration: cdk.Duration.hours(8).toIsoString(),
514
532
  managedPolicies: ["arn:aws:iam::aws:policy/AdministratorAccess"],
515
- inlinePolicy: {
516
- Version: "2012-10-17",
517
- Statement: [
518
- {
519
- Effect: "Allow",
520
- Action: [
521
- "aws-portal:ViewBilling",
522
- "aws-portal:ModifyBilling",
523
- "aws-portal:ViewAccount",
524
- "aws-portal:ModifyAccount",
525
- "budgets:ViewBudget",
526
- "budgets:ModifyBudget",
527
- ],
528
- Resource: "*",
529
- },
530
- ],
531
- },
533
+ inlinePolicy: mergedPolicy,
532
534
  });
533
535
  cdk.Tags.of(permissionSet).add(cdk$1.CDK.TAG.SERVICE, cdk$1.CDK.SERVICE.SSO);
534
536
  this.permissionSets[exports.PermissionSetType.ADMINISTRATOR] = permissionSet;
@@ -538,31 +540,34 @@ class JaypieSsoGroups extends constructs.Construct {
538
540
  * and limited write access
539
541
  */
540
542
  createAnalystPermissionSet() {
543
+ const defaultInlinePolicy = {
544
+ Version: "2012-10-17",
545
+ Statement: [
546
+ {
547
+ Effect: "Allow",
548
+ Action: [
549
+ "aws-portal:ViewBilling",
550
+ "aws-portal:ViewAccount",
551
+ "budgets:ViewBudget",
552
+ "cloudwatch:PutDashboard",
553
+ "cloudwatch:PutMetricData",
554
+ "s3:PutObject",
555
+ "s3:GetObject",
556
+ "s3:ListBucket",
557
+ ],
558
+ Resource: "*",
559
+ },
560
+ ],
561
+ };
562
+ // Merge with any additional policy statements provided for analysts
563
+ const mergedPolicy = this.mergeInlinePolicies(defaultInlinePolicy, this.props?.inlinePolicyStatements?.analysts);
541
564
  const permissionSet = new sso__namespace.CfnPermissionSet(this, "AnalystPermissionSet", {
542
565
  instanceArn: this.instanceArn,
543
566
  name: exports.PermissionSetType.ANALYST,
544
567
  description: "Read-only access with billing visibility and limited write access",
545
568
  sessionDuration: cdk.Duration.hours(4).toIsoString(),
546
569
  managedPolicies: ["arn:aws:iam::aws:policy/ReadOnlyAccess"],
547
- inlinePolicy: {
548
- Version: "2012-10-17",
549
- Statement: [
550
- {
551
- Effect: "Allow",
552
- Action: [
553
- "aws-portal:ViewBilling",
554
- "aws-portal:ViewAccount",
555
- "budgets:ViewBudget",
556
- "cloudwatch:PutDashboard",
557
- "cloudwatch:PutMetricData",
558
- "s3:PutObject",
559
- "s3:GetObject",
560
- "s3:ListBucket",
561
- ],
562
- Resource: "*",
563
- },
564
- ],
565
- },
570
+ inlinePolicy: mergedPolicy,
566
571
  });
567
572
  cdk.Tags.of(permissionSet).add(cdk$1.CDK.TAG.SERVICE, cdk$1.CDK.SERVICE.SSO);
568
573
  this.permissionSets[exports.PermissionSetType.ANALYST] = permissionSet;
@@ -572,6 +577,42 @@ class JaypieSsoGroups extends constructs.Construct {
572
577
  * and expanded write access
573
578
  */
574
579
  createDeveloperPermissionSet() {
580
+ const defaultInlinePolicy = {
581
+ Version: "2012-10-17",
582
+ Statement: [
583
+ {
584
+ Effect: "Allow",
585
+ Action: [
586
+ "cloudwatch:*",
587
+ "logs:*",
588
+ "lambda:*",
589
+ "apigateway:*",
590
+ "dynamodb:*",
591
+ "s3:*",
592
+ "sns:*",
593
+ "sqs:*",
594
+ "events:*",
595
+ "ecr:*",
596
+ "ecs:*",
597
+ "codebuild:*",
598
+ ],
599
+ Resource: "*",
600
+ },
601
+ {
602
+ Effect: "Deny",
603
+ Action: [
604
+ "iam:*User*",
605
+ "iam:*Role*",
606
+ "iam:*Policy*",
607
+ "organizations:*",
608
+ "account:*",
609
+ ],
610
+ Resource: "*",
611
+ },
612
+ ],
613
+ };
614
+ // Merge with any additional policy statements provided for developers
615
+ const mergedPolicy = this.mergeInlinePolicies(defaultInlinePolicy, this.props?.inlinePolicyStatements?.developers);
575
616
  const permissionSet = new sso__namespace.CfnPermissionSet(this, "DeveloperPermissionSet", {
576
617
  instanceArn: this.instanceArn,
577
618
  name: exports.PermissionSetType.DEVELOPER,
@@ -580,40 +621,7 @@ class JaypieSsoGroups extends constructs.Construct {
580
621
  managedPolicies: [
581
622
  "arn:aws:iam::aws:policy/job-function/SystemAdministrator",
582
623
  ],
583
- inlinePolicy: {
584
- Version: "2012-10-17",
585
- Statement: [
586
- {
587
- Effect: "Allow",
588
- Action: [
589
- "cloudwatch:*",
590
- "logs:*",
591
- "lambda:*",
592
- "apigateway:*",
593
- "dynamodb:*",
594
- "s3:*",
595
- "sns:*",
596
- "sqs:*",
597
- "events:*",
598
- "ecr:*",
599
- "ecs:*",
600
- "codebuild:*",
601
- ],
602
- Resource: "*",
603
- },
604
- {
605
- Effect: "Deny",
606
- Action: [
607
- "iam:*User*",
608
- "iam:*Role*",
609
- "iam:*Policy*",
610
- "organizations:*",
611
- "account:*",
612
- ],
613
- Resource: "*",
614
- },
615
- ],
616
- },
624
+ inlinePolicy: mergedPolicy,
617
625
  });
618
626
  cdk.Tags.of(permissionSet).add(cdk$1.CDK.TAG.SERVICE, cdk$1.CDK.SERVICE.SSO);
619
627
  this.permissionSets[exports.PermissionSetType.DEVELOPER] = permissionSet;
@@ -624,6 +632,26 @@ class JaypieSsoGroups extends constructs.Construct {
624
632
  getPermissionSet(type) {
625
633
  return this.permissionSets[type];
626
634
  }
635
+ /**
636
+ * Merges default inline policies with additional user-provided policy statements
637
+ *
638
+ * @param defaultPolicy - The default policy object with Version and Statement properties
639
+ * @param additionalStatements - Optional additional policy statements to merge
640
+ * @returns The merged policy object
641
+ */
642
+ mergeInlinePolicies(defaultPolicy, additionalStatements) {
643
+ if (!additionalStatements || additionalStatements.length === 0) {
644
+ return defaultPolicy;
645
+ }
646
+ // Create a deep copy of the default policy to avoid modifying the original
647
+ const mergedPolicy = JSON.parse(JSON.stringify(defaultPolicy));
648
+ // Add the additional statements to the existing statements
649
+ mergedPolicy.Statement = [
650
+ ...mergedPolicy.Statement,
651
+ ...additionalStatements,
652
+ ];
653
+ return mergedPolicy;
654
+ }
627
655
  /**
628
656
  * Creates assignments between permission sets, groups, and accounts
629
657
  * based on the provided configuration
package/dist/cjs/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.cjs","sources":["../../../src/JaypieEnvSecret.ts","../../../src/JaypieHostedZone.ts","../../../src/JaypieMongoDbSecret.ts","../../../src/JaypieOpenAiSecret.ts","../../../src/JaypieQueuedLambda.ts","../../../src/JaypieSsoGroups.ts","../../../src/JaypieTraceSigningKeySecret.ts"],"sourcesContent":["import { Construct } from \"constructs\";\nimport {\n CfnOutput,\n Fn,\n SecretValue,\n Tags,\n RemovalPolicy,\n Stack,\n} from \"aws-cdk-lib\";\nimport * as secretsmanager from \"aws-cdk-lib/aws-secretsmanager\";\nimport { CDK } from \"@jaypie/cdk\";\nimport {\n ISecret,\n ISecretAttachmentTarget,\n RotationSchedule,\n RotationScheduleOptions,\n} from \"aws-cdk-lib/aws-secretsmanager\";\nimport { IKey } from \"aws-cdk-lib/aws-kms\";\nimport {\n Grant,\n IGrantable,\n PolicyStatement,\n AddToResourcePolicyResult,\n} from \"aws-cdk-lib/aws-iam\";\n\n// It is a consumer if the environment is ephemeral\nfunction checkEnvIsConsumer(env = process.env): boolean {\n return (\n env.PROJECT_ENV === CDK.ENV.PERSONAL ||\n !!env.CDK_ENV_PERSONAL ||\n /** @deprecated */ env.PROJECT_ENV === \"ephemeral\" ||\n /** @deprecated */ !!env.CDK_ENV_EPHEMERAL\n );\n}\n\nfunction checkEnvIsProvider(env = process.env): boolean {\n return env.PROJECT_ENV === CDK.ENV.SANDBOX;\n}\n\nfunction cleanName(name: string): string {\n return name.replace(/[^a-zA-Z0-9:-]/g, \"\");\n}\n\nfunction exportEnvName(name: string, env = process.env): string {\n let rawName;\n if (checkEnvIsProvider(env)) {\n rawName = `env-${env.PROJECT_ENV}-${env.PROJECT_KEY}-${name}`;\n // Clean the entire name to only allow alphanumeric, colons, and hyphens\n return cleanName(rawName);\n } else {\n if (checkEnvIsConsumer(env)) {\n rawName = `env-${CDK.ENV.SANDBOX}-${env.PROJECT_KEY}-${name}`;\n } else {\n rawName = `env-${env.PROJECT_ENV}-${env.PROJECT_KEY}-${name}`;\n }\n }\n return cleanName(rawName);\n}\n\nexport interface JaypieEnvSecretProps {\n consumer?: boolean;\n envKey?: string;\n export?: string;\n provider?: boolean;\n roleTag?: string;\n vendorTag?: string;\n value?: string;\n}\n\nexport class JaypieEnvSecret extends Construct implements ISecret {\n private readonly _envKey?: string;\n private readonly _secret: secretsmanager.ISecret;\n\n constructor(scope: Construct, id: string, props?: JaypieEnvSecretProps) {\n super(scope, id);\n\n const {\n consumer = checkEnvIsConsumer(),\n envKey,\n export: exportParam,\n provider = checkEnvIsProvider(),\n roleTag,\n vendorTag,\n value,\n } = props || {};\n\n this._envKey = envKey;\n\n let exportName;\n\n if (!exportParam) {\n exportName = exportEnvName(id);\n } else {\n exportName = cleanName(exportParam);\n }\n\n if (consumer) {\n const secretName = Fn.importValue(exportName);\n this._secret = secretsmanager.Secret.fromSecretNameV2(\n this,\n id,\n secretName,\n );\n\n // Add CfnOutput for consumer secrets\n new CfnOutput(this, `ConsumedName`, {\n value: this._secret.secretName,\n });\n } else {\n const secretValue =\n envKey && process.env[envKey] ? process.env[envKey] : value;\n\n const secretProps: secretsmanager.SecretProps = {\n secretStringValue: secretValue\n ? SecretValue.unsafePlainText(secretValue)\n : undefined,\n };\n\n this._secret = new secretsmanager.Secret(this, id, secretProps);\n\n if (roleTag) {\n Tags.of(this._secret).add(CDK.TAG.ROLE, roleTag);\n }\n\n if (vendorTag) {\n Tags.of(this._secret).add(CDK.TAG.VENDOR, vendorTag);\n }\n\n if (provider) {\n new CfnOutput(this, `ProvidedName`, {\n value: this._secret.secretName,\n exportName,\n });\n } else {\n new CfnOutput(this, `CreatedName`, {\n value: this._secret.secretName,\n });\n }\n }\n }\n\n // IResource implementation\n public get stack(): Stack {\n return Stack.of(this);\n }\n\n public get env(): { account: string; region: string } {\n return {\n account: Stack.of(this).account,\n region: Stack.of(this).region,\n };\n }\n\n public applyRemovalPolicy(policy: RemovalPolicy): void {\n this._secret.applyRemovalPolicy(policy);\n }\n\n // ISecret implementation\n public get secretArn(): string {\n return this._secret.secretArn;\n }\n\n public get secretName(): string {\n return this._secret.secretName;\n }\n\n public get secretFullArn(): string | undefined {\n return this._secret.secretFullArn;\n }\n\n public get encryptionKey(): IKey | undefined {\n return this._secret.encryptionKey;\n }\n\n public get secretValue(): SecretValue {\n return this._secret.secretValue;\n }\n\n public secretValueFromJson(key: string): SecretValue {\n return this._secret.secretValueFromJson(key);\n }\n\n public grantRead(grantee: IGrantable, versionStages?: string[]): Grant {\n return this._secret.grantRead(grantee, versionStages);\n }\n\n public grantWrite(grantee: IGrantable): Grant {\n return this._secret.grantWrite(grantee);\n }\n\n public addRotationSchedule(\n id: string,\n options: RotationScheduleOptions,\n ): RotationSchedule {\n return this._secret.addRotationSchedule(id, options);\n }\n\n public addToResourcePolicy(\n statement: PolicyStatement,\n ): AddToResourcePolicyResult {\n return this._secret.addToResourcePolicy(statement);\n }\n\n public denyAccountRootDelete(): void {\n this._secret.denyAccountRootDelete();\n }\n\n public attach(target: ISecretAttachmentTarget): ISecret {\n return this._secret.attach(target);\n }\n\n public get envKey(): string | undefined {\n return this._envKey;\n }\n}\n","import { CDK } from \"@jaypie/cdk\";\nimport * as cdk from \"aws-cdk-lib\";\nimport { ServicePrincipal } from \"aws-cdk-lib/aws-iam\";\nimport {\n LogGroup,\n FilterPattern,\n RetentionDays,\n ILogGroup,\n} from \"aws-cdk-lib/aws-logs\";\nimport { HostedZone, IHostedZone } from \"aws-cdk-lib/aws-route53\";\nimport { Construct } from \"constructs\";\nimport { LambdaDestination } from \"aws-cdk-lib/aws-logs-destinations\";\n\nconst SERVICE = {\n ROUTE53: \"route53.amazonaws.com\",\n} as const;\n\ninterface JaypieHostedZoneProps {\n /**\n * The domain name for the hosted zone\n */\n zoneName: string;\n /**\n * The service tag value\n * @default CDK.SERVICE.INFRASTRUCTURE\n */\n service?: string;\n /**\n * Optional project tag value\n */\n project?: string;\n /**\n * Optional log destination\n */\n destination?: LambdaDestination;\n}\n\nexport class JaypieHostedZone extends Construct {\n public readonly hostedZone: IHostedZone;\n public readonly logGroup: ILogGroup;\n\n /**\n * Create a new hosted zone with query logging\n */\n constructor(scope: Construct, id: string, props: JaypieHostedZoneProps) {\n super(scope, id);\n\n const { destination, zoneName, project } = props;\n const service = props.service || CDK.SERVICE.INFRASTRUCTURE;\n\n // Create the log group\n this.logGroup = new LogGroup(this, \"LogGroup\", {\n logGroupName: process.env.PROJECT_NONCE\n ? `/aws/route53/${zoneName}-${process.env.PROJECT_NONCE}`\n : `/aws/route53/${zoneName}`,\n retention: RetentionDays.ONE_WEEK,\n });\n\n // Add tags\n cdk.Tags.of(this.logGroup).add(CDK.TAG.SERVICE, service);\n cdk.Tags.of(this.logGroup).add(CDK.TAG.ROLE, CDK.ROLE.NETWORKING);\n if (project) {\n cdk.Tags.of(this.logGroup).add(CDK.TAG.PROJECT, project);\n }\n\n // Grant Route 53 permissions to write to the log group\n this.logGroup.grantWrite(new ServicePrincipal(SERVICE.ROUTE53));\n\n // Add destination if provided\n if (destination) {\n this.logGroup.addSubscriptionFilter(\"DatadogLambdaDestination\", {\n destination,\n filterPattern: FilterPattern.allEvents(),\n });\n }\n\n // Create the hosted zone\n this.hostedZone = new HostedZone(this, \"HostedZone\", {\n queryLogsLogGroupArn: this.logGroup.logGroupArn,\n zoneName,\n });\n\n // Add tags\n cdk.Tags.of(this.hostedZone).add(CDK.TAG.SERVICE, service);\n cdk.Tags.of(this.hostedZone).add(CDK.TAG.ROLE, CDK.ROLE.NETWORKING);\n if (project) {\n cdk.Tags.of(this.hostedZone).add(CDK.TAG.PROJECT, project);\n }\n }\n}\n","import { Construct } from \"constructs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport { JaypieEnvSecret, JaypieEnvSecretProps } from \"./JaypieEnvSecret\";\n\nexport class JaypieMongoDbSecret extends JaypieEnvSecret {\n constructor(\n scope: Construct,\n id = \"MongoConnectionString\",\n props?: JaypieEnvSecretProps,\n ) {\n const defaultProps: JaypieEnvSecretProps = {\n envKey: \"MONGODB_URI\",\n roleTag: CDK.ROLE.STORAGE,\n vendorTag: CDK.VENDOR.MONGODB,\n ...props,\n };\n\n super(scope, id, defaultProps);\n }\n}\n","import { Construct } from \"constructs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport { JaypieEnvSecret, JaypieEnvSecretProps } from \"./JaypieEnvSecret\";\n\nexport class JaypieOpenAiSecret extends JaypieEnvSecret {\n constructor(\n scope: Construct,\n id = \"OpenAiApiKey\",\n props?: JaypieEnvSecretProps,\n ) {\n const defaultProps: JaypieEnvSecretProps = {\n envKey: \"OPENAI_API_KEY\",\n roleTag: CDK.ROLE.PROCESSING,\n vendorTag: CDK.VENDOR.OPENAI,\n ...props,\n };\n\n super(scope, id, defaultProps);\n }\n}\n","import { Construct } from \"constructs\";\nimport { Duration, Tags, Stack, RemovalPolicy } from \"aws-cdk-lib\";\nimport * as lambda from \"aws-cdk-lib/aws-lambda\";\nimport * as sqs from \"aws-cdk-lib/aws-sqs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport * as lambdaEventSources from \"aws-cdk-lib/aws-lambda-event-sources\";\nimport * as iam from \"aws-cdk-lib/aws-iam\";\nimport * as cloudwatch from \"aws-cdk-lib/aws-cloudwatch\";\nimport * as kms from \"aws-cdk-lib/aws-kms\";\nimport * as secretsmanager from \"aws-cdk-lib/aws-secretsmanager\";\nimport { JaypieEnvSecret } from \"./JaypieEnvSecret.js\";\n\nexport interface JaypieQueuedLambdaProps {\n batchSize?: number;\n code: lambda.Code | string;\n environment?: { [key: string]: string };\n envSecrets?: { [key: string]: secretsmanager.ISecret };\n fifo?: boolean;\n handler: string;\n layers?: lambda.ILayerVersion[];\n logRetention?: number;\n memorySize?: number;\n paramsAndSecrets?: lambda.ParamsAndSecretsLayerVersion;\n reservedConcurrentExecutions?: number;\n roleTag?: string;\n runtime?: lambda.Runtime;\n secrets?: JaypieEnvSecret[];\n timeout?: Duration | number;\n vendorTag?: string;\n visibilityTimeout?: Duration | number;\n}\n\nexport class JaypieQueuedLambda\n extends Construct\n implements lambda.IFunction, sqs.IQueue\n{\n private readonly _queue: sqs.Queue;\n private readonly _lambda: lambda.Function;\n private readonly _code: lambda.Code;\n\n constructor(scope: Construct, id: string, props: JaypieQueuedLambdaProps) {\n super(scope, id);\n\n const {\n batchSize = 1,\n code,\n environment = {},\n envSecrets = {},\n fifo = true,\n handler = \"index.handler\",\n layers = [],\n logRetention = CDK.LAMBDA.LOG_RETENTION,\n memorySize = CDK.LAMBDA.MEMORY_SIZE,\n paramsAndSecrets,\n reservedConcurrentExecutions,\n roleTag,\n runtime = lambda.Runtime.NODEJS_20_X,\n secrets = [],\n timeout = Duration.seconds(CDK.DURATION.LAMBDA_WORKER),\n vendorTag,\n visibilityTimeout = Duration.seconds(CDK.DURATION.LAMBDA_WORKER),\n } = props;\n\n this._code = typeof code === \"string\" ? lambda.Code.fromAsset(code) : code;\n\n // Create SQS Queue\n this._queue = new sqs.Queue(this, \"Queue\", {\n fifo,\n visibilityTimeout:\n typeof visibilityTimeout === \"number\"\n ? Duration.seconds(visibilityTimeout)\n : visibilityTimeout,\n });\n if (roleTag) {\n Tags.of(this._queue).add(CDK.TAG.ROLE, roleTag);\n }\n if (vendorTag) {\n Tags.of(this._queue).add(CDK.TAG.VENDOR, vendorTag);\n }\n\n // Process secrets environment variables\n const secretsEnvironment = Object.entries(envSecrets).reduce(\n (acc, [key, secret]) => ({\n ...acc,\n [`SECRET_${key}`]: secret.secretName,\n }),\n {},\n );\n\n // Process JaypieEnvSecret array\n const jaypieSecretsEnvironment = secrets.reduce((acc, secret) => {\n if (secret.envKey) {\n return {\n ...acc,\n [`SECRET_${secret.envKey}`]: secret.secretName,\n };\n }\n return acc;\n }, {});\n\n // Create Lambda Function\n this._lambda = new lambda.Function(this, \"Function\", {\n code: this._code,\n environment: {\n CDK_ENV_QUEUE_URL: this._queue.queueUrl,\n ...environment,\n ...secretsEnvironment,\n ...jaypieSecretsEnvironment,\n },\n handler,\n layers,\n logRetention,\n memorySize,\n paramsAndSecrets,\n reservedConcurrentExecutions,\n runtime,\n timeout:\n typeof timeout === \"number\" ? Duration.seconds(timeout) : timeout,\n });\n\n // Grant secret read permissions\n Object.values(envSecrets).forEach((secret) => {\n secret.grantRead(this._lambda);\n });\n\n // Grant read permissions for JaypieEnvSecrets\n secrets.forEach((secret) => {\n secret.grantRead(this);\n secret.grantRead(this._lambda);\n });\n\n this._queue.grantConsumeMessages(this._lambda);\n this._queue.grantSendMessages(this._lambda);\n this._lambda.addEventSource(\n new lambdaEventSources.SqsEventSource(this._queue, {\n batchSize,\n }),\n );\n if (roleTag) {\n Tags.of(this._lambda).add(CDK.TAG.ROLE, roleTag);\n }\n if (vendorTag) {\n Tags.of(this._lambda).add(CDK.TAG.VENDOR, vendorTag);\n }\n }\n\n // Public accessors\n public get queue(): sqs.Queue {\n return this._queue;\n }\n\n public get lambda(): lambda.Function {\n return this._lambda;\n }\n\n public get code(): lambda.Code {\n return this._code;\n }\n\n // IFunction implementation\n public get functionArn(): string {\n return this._lambda.functionArn;\n }\n\n public get functionName(): string {\n return this._lambda.functionName;\n }\n\n public get grantPrincipal(): import(\"aws-cdk-lib/aws-iam\").IPrincipal {\n return this._lambda.grantPrincipal;\n }\n\n public get role(): import(\"aws-cdk-lib/aws-iam\").IRole | undefined {\n return this._lambda.role;\n }\n\n public get architecture(): lambda.Architecture {\n return this._lambda.architecture;\n }\n\n public get connections(): import(\"aws-cdk-lib/aws-ec2\").Connections {\n return this._lambda.connections;\n }\n\n public get isBoundToVpc(): boolean {\n return this._lambda.isBoundToVpc;\n }\n\n public get latestVersion(): lambda.IVersion {\n return this._lambda.latestVersion;\n }\n\n public get permissionsNode(): import(\"constructs\").Node {\n return this._lambda.permissionsNode;\n }\n\n public get resourceArnsForGrantInvoke(): string[] {\n return this._lambda.resourceArnsForGrantInvoke;\n }\n\n public addEventSource(source: lambda.IEventSource): void {\n this._lambda.addEventSource(source);\n }\n\n public addEventSourceMapping(\n id: string,\n options: lambda.EventSourceMappingOptions,\n ): lambda.EventSourceMapping {\n return this._lambda.addEventSourceMapping(id, options);\n }\n\n public addFunctionUrl(\n options?: lambda.FunctionUrlOptions,\n ): lambda.FunctionUrl {\n return this._lambda.addFunctionUrl(options);\n }\n\n public addPermission(id: string, permission: lambda.Permission): void {\n this._lambda.addPermission(id, permission);\n }\n\n public addToRolePolicy(\n statement: import(\"aws-cdk-lib/aws-iam\").PolicyStatement,\n ): void {\n this._lambda.addToRolePolicy(statement);\n }\n\n public configureAsyncInvoke(options: lambda.EventInvokeConfigOptions): void {\n this._lambda.configureAsyncInvoke(options);\n }\n\n public grantInvoke(\n grantee: import(\"aws-cdk-lib/aws-iam\").IGrantable,\n ): import(\"aws-cdk-lib/aws-iam\").Grant {\n return this._lambda.grantInvoke(grantee);\n }\n\n public grantInvokeCompositePrincipal(\n compositePrincipal: import(\"aws-cdk-lib/aws-iam\").CompositePrincipal,\n ): import(\"aws-cdk-lib/aws-iam\").Grant[] {\n return this._lambda.grantInvokeCompositePrincipal(compositePrincipal);\n }\n\n public grantInvokeUrl(\n grantee: import(\"aws-cdk-lib/aws-iam\").IGrantable,\n ): import(\"aws-cdk-lib/aws-iam\").Grant {\n return this._lambda.grantInvokeUrl(grantee);\n }\n\n public metric(\n metricName: string,\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metric(metricName, props);\n }\n\n public metricDuration(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricDuration(props);\n }\n\n public metricErrors(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricErrors(props);\n }\n\n public metricInvocations(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricInvocations(props);\n }\n\n public metricThrottles(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricThrottles(props);\n }\n\n // Additional IFunction implementation\n public grantInvokeLatestVersion(grantee: iam.IGrantable): iam.Grant {\n return this._lambda.grantInvokeLatestVersion(grantee);\n }\n\n public grantInvokeVersion(\n grantee: iam.IGrantable,\n version: lambda.Version,\n ): iam.Grant {\n return this._lambda.grantInvokeVersion(grantee, version);\n }\n\n public get env() {\n return {\n account: Stack.of(this).account,\n region: Stack.of(this).region,\n };\n }\n\n public get stack(): Stack {\n return this._lambda.stack;\n }\n\n public applyRemovalPolicy(policy: RemovalPolicy): void {\n this._lambda.applyRemovalPolicy(policy);\n this._queue.applyRemovalPolicy(policy);\n }\n\n // IQueue implementation\n public get fifo(): boolean {\n return this._queue.fifo;\n }\n\n public get queueArn(): string {\n return this._queue.queueArn;\n }\n\n public get queueName(): string {\n return this._queue.queueName;\n }\n\n public get queueUrl(): string {\n return this._queue.queueUrl;\n }\n\n public get encryptionMasterKey(): kms.IKey | undefined {\n return this._queue.encryptionMasterKey;\n }\n\n public addToResourcePolicy(\n statement: iam.PolicyStatement,\n ): iam.AddToResourcePolicyResult {\n return this._queue.addToResourcePolicy(statement);\n }\n\n public grant(grantee: iam.IGrantable, ...actions: string[]): iam.Grant {\n return this._queue.grant(grantee, ...actions);\n }\n\n public grantConsumeMessages(grantee: iam.IGrantable): iam.Grant {\n return this._queue.grantConsumeMessages(grantee);\n }\n\n public grantPurge(grantee: iam.IGrantable): iam.Grant {\n return this._queue.grantPurge(grantee);\n }\n\n public grantSendMessages(grantee: iam.IGrantable): iam.Grant {\n return this._queue.grantSendMessages(grantee);\n }\n\n // Queue metrics\n public metricApproximateAgeOfOldestMessage(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateAgeOfOldestMessage(props);\n }\n\n public metricApproximateNumberOfMessagesDelayed(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateNumberOfMessagesDelayed(props);\n }\n\n public metricApproximateNumberOfMessagesNotVisible(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateNumberOfMessagesNotVisible(props);\n }\n\n public metricApproximateNumberOfMessagesVisible(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateNumberOfMessagesVisible(props);\n }\n\n public metricNumberOfEmptyReceives(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfEmptyReceives(props);\n }\n\n public metricNumberOfMessagesDeleted(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfMessagesDeleted(props);\n }\n\n public metricNumberOfMessagesReceived(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfMessagesReceived(props);\n }\n\n public metricNumberOfMessagesSent(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfMessagesSent(props);\n }\n\n public metricSentMessageSize(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricSentMessageSize(props);\n }\n}\n","import { Construct } from \"constructs\";\nimport { Tags, Duration } from \"aws-cdk-lib\";\nimport * as sso from \"aws-cdk-lib/aws-sso\";\nimport { CDK } from \"@jaypie/cdk\";\n\n/**\n * Account categories for SSO group assignments\n */\nexport interface JaypieSsoAccountMap {\n development: string[];\n management: string[];\n operations: string[];\n production: string[];\n sandbox: string[];\n security: string[];\n stage: string[];\n}\n\n/**\n * Mapping of group types to Google Workspace group GUIDs\n */\nexport interface JaypieSsoGroupMap {\n administrators: string;\n analysts: string;\n developers: string;\n}\n\n/**\n * Properties for the JaypieSsoGroups construct\n */\nexport interface JaypieSsoGroupsProps {\n /**\n * ARN of the IAM Identity Center instance\n */\n instanceArn: string;\n\n /**\n * Mapping of account categories to AWS account IDs\n */\n accountMap: JaypieSsoAccountMap;\n\n /**\n * Mapping of group types to Google Workspace group GUIDs\n */\n groupMap: JaypieSsoGroupMap;\n}\n\n/**\n * Permission set types with corresponding AWS managed policies\n */\nexport enum PermissionSetType {\n ADMINISTRATOR = \"Administrator\",\n ANALYST = \"Analyst\",\n DEVELOPER = \"Developer\",\n}\n\n/**\n * Construct to simplify AWS SSO group management.\n * This construct encapsulates the complexity of creating permission sets\n * and assigning them to groups across multiple AWS accounts.\n */\nexport class JaypieSsoGroups extends Construct {\n private readonly permissionSets: Record<\n PermissionSetType,\n sso.CfnPermissionSet\n > = {} as Record<PermissionSetType, sso.CfnPermissionSet>;\n private readonly instanceArn: string;\n\n constructor(scope: Construct, id: string, props: JaypieSsoGroupsProps) {\n super(scope, id);\n\n this.instanceArn = props.instanceArn;\n\n // Create the permission sets\n this.createAdministratorPermissionSet();\n this.createAnalystPermissionSet();\n this.createDeveloperPermissionSet();\n\n // Create the assignments\n this.createPermissionSetAssignments(props);\n }\n\n /**\n * Creates the Administrator permission set with AdministratorAccess policy\n * and billing access\n */\n private createAdministratorPermissionSet(): void {\n const permissionSet = new sso.CfnPermissionSet(\n this,\n \"AdministratorPermissionSet\",\n {\n instanceArn: this.instanceArn,\n name: PermissionSetType.ADMINISTRATOR,\n description:\n \"Full administrative access to all AWS services and resources\",\n sessionDuration: Duration.hours(8).toIsoString(),\n managedPolicies: [\"arn:aws:iam::aws:policy/AdministratorAccess\"],\n inlinePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Effect: \"Allow\",\n Action: [\n \"aws-portal:ViewBilling\",\n \"aws-portal:ModifyBilling\",\n \"aws-portal:ViewAccount\",\n \"aws-portal:ModifyAccount\",\n \"budgets:ViewBudget\",\n \"budgets:ModifyBudget\",\n ],\n Resource: \"*\",\n },\n ],\n },\n },\n );\n\n Tags.of(permissionSet).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n\n this.permissionSets[PermissionSetType.ADMINISTRATOR] = permissionSet;\n }\n\n /**\n * Creates the Analyst permission set with ReadOnlyAccess policy\n * and limited write access\n */\n private createAnalystPermissionSet(): void {\n const permissionSet = new sso.CfnPermissionSet(\n this,\n \"AnalystPermissionSet\",\n {\n instanceArn: this.instanceArn,\n name: PermissionSetType.ANALYST,\n description:\n \"Read-only access with billing visibility and limited write access\",\n sessionDuration: Duration.hours(4).toIsoString(),\n managedPolicies: [\"arn:aws:iam::aws:policy/ReadOnlyAccess\"],\n inlinePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Effect: \"Allow\",\n Action: [\n \"aws-portal:ViewBilling\",\n \"aws-portal:ViewAccount\",\n \"budgets:ViewBudget\",\n \"cloudwatch:PutDashboard\",\n \"cloudwatch:PutMetricData\",\n \"s3:PutObject\",\n \"s3:GetObject\",\n \"s3:ListBucket\",\n ],\n Resource: \"*\",\n },\n ],\n },\n },\n );\n\n Tags.of(permissionSet).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n\n this.permissionSets[PermissionSetType.ANALYST] = permissionSet;\n }\n\n /**\n * Creates the Developer permission set with SystemAdministrator policy\n * and expanded write access\n */\n private createDeveloperPermissionSet(): void {\n const permissionSet = new sso.CfnPermissionSet(\n this,\n \"DeveloperPermissionSet\",\n {\n instanceArn: this.instanceArn,\n name: PermissionSetType.DEVELOPER,\n description:\n \"System administrator access with expanded write permissions\",\n sessionDuration: Duration.hours(8).toIsoString(),\n managedPolicies: [\n \"arn:aws:iam::aws:policy/job-function/SystemAdministrator\",\n ],\n inlinePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Effect: \"Allow\",\n Action: [\n \"cloudwatch:*\",\n \"logs:*\",\n \"lambda:*\",\n \"apigateway:*\",\n \"dynamodb:*\",\n \"s3:*\",\n \"sns:*\",\n \"sqs:*\",\n \"events:*\",\n \"ecr:*\",\n \"ecs:*\",\n \"codebuild:*\",\n ],\n Resource: \"*\",\n },\n {\n Effect: \"Deny\",\n Action: [\n \"iam:*User*\",\n \"iam:*Role*\",\n \"iam:*Policy*\",\n \"organizations:*\",\n \"account:*\",\n ],\n Resource: \"*\",\n },\n ],\n },\n },\n );\n\n Tags.of(permissionSet).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n\n this.permissionSets[PermissionSetType.DEVELOPER] = permissionSet;\n }\n\n /**\n * Gets the permission set for the specified type\n */\n public getPermissionSet(type: PermissionSetType): sso.CfnPermissionSet {\n return this.permissionSets[type];\n }\n\n /**\n * Creates assignments between permission sets, groups, and accounts\n * based on the provided configuration\n */\n private createPermissionSetAssignments(props: JaypieSsoGroupsProps): void {\n // Administrator assignments\n this.assignAdministratorPermissions(props);\n\n // Analyst assignments\n this.assignAnalystPermissions(props);\n\n // Developer assignments\n this.assignDeveloperPermissions(props);\n }\n\n /**\n * Assigns Administrator permissions to appropriate accounts\n */\n private assignAdministratorPermissions(props: JaypieSsoGroupsProps): void {\n const administratorGroup = props.groupMap.administrators;\n const administratorPermissionSet =\n this.permissionSets[PermissionSetType.ADMINISTRATOR];\n\n // Administrators get access to all accounts\n const allAccounts = [\n ...props.accountMap.development,\n ...props.accountMap.management,\n ...props.accountMap.operations,\n ...props.accountMap.production,\n ...props.accountMap.sandbox,\n ...props.accountMap.security,\n ...props.accountMap.stage,\n ];\n\n // Create assignments for each account\n allAccounts.forEach((accountId, index) => {\n const assignment = new sso.CfnAssignment(\n this,\n `AdministratorAssignment${index}`,\n {\n instanceArn: this.instanceArn,\n permissionSetArn: administratorPermissionSet.attrPermissionSetArn,\n principalId: administratorGroup,\n principalType: \"GROUP\",\n targetId: accountId,\n targetType: \"AWS_ACCOUNT\",\n },\n );\n\n Tags.of(assignment).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n Tags.of(assignment).add(\"Group\", \"administrators\");\n });\n }\n\n /**\n * Assigns Analyst permissions to appropriate accounts\n */\n private assignAnalystPermissions(props: JaypieSsoGroupsProps): void {\n const analystGroup = props.groupMap.analysts;\n const analystPermissionSet = this.permissionSets[PermissionSetType.ANALYST];\n\n // Analysts get access to development, management, sandbox, and stage accounts\n const analystAccounts = [\n ...props.accountMap.development,\n ...props.accountMap.management,\n ...props.accountMap.sandbox,\n ...props.accountMap.stage,\n ];\n\n // Create assignments for each account\n analystAccounts.forEach((accountId, index) => {\n const assignment = new sso.CfnAssignment(\n this,\n `AnalystAssignment${index}`,\n {\n instanceArn: this.instanceArn,\n permissionSetArn: analystPermissionSet.attrPermissionSetArn,\n principalId: analystGroup,\n principalType: \"GROUP\",\n targetId: accountId,\n targetType: \"AWS_ACCOUNT\",\n },\n );\n\n Tags.of(assignment).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n Tags.of(assignment).add(\"Group\", \"analysts\");\n });\n }\n\n /**\n * Assigns Developer permissions to appropriate accounts\n */\n private assignDeveloperPermissions(props: JaypieSsoGroupsProps): void {\n const developerGroup = props.groupMap.developers;\n const developerPermissionSet =\n this.permissionSets[PermissionSetType.DEVELOPER];\n\n // Developers get access to development, sandbox, and stage accounts\n const developerAccounts = [\n ...props.accountMap.development,\n ...props.accountMap.sandbox,\n ...props.accountMap.stage,\n ];\n\n // Create assignments for each account\n developerAccounts.forEach((accountId, index) => {\n const assignment = new sso.CfnAssignment(\n this,\n `DeveloperAssignment${index}`,\n {\n instanceArn: this.instanceArn,\n permissionSetArn: developerPermissionSet.attrPermissionSetArn,\n principalId: developerGroup,\n principalType: \"GROUP\",\n targetId: accountId,\n targetType: \"AWS_ACCOUNT\",\n },\n );\n\n Tags.of(assignment).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n Tags.of(assignment).add(\"Group\", \"developers\");\n });\n }\n}\n","import { Construct } from \"constructs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport { JaypieEnvSecret, JaypieEnvSecretProps } from \"./JaypieEnvSecret\";\n\nexport class JaypieTraceSigningKeySecret extends JaypieEnvSecret {\n constructor(\n scope: Construct,\n id = \"TraceSigningKey\",\n props?: JaypieEnvSecretProps,\n ) {\n const defaultProps: JaypieEnvSecretProps = {\n envKey: \"TRACE_SIGNING_KEY\",\n roleTag: CDK.ROLE.API,\n vendorTag: CDK.VENDOR.KNOWTRACE,\n ...props,\n };\n\n super(scope, id, defaultProps);\n }\n}\n"],"names":["CDK","Construct","Fn","secretsmanager","CfnOutput","SecretValue","Tags","Stack","LogGroup","RetentionDays","cdk","ServicePrincipal","FilterPattern","HostedZone","lambda","Duration","sqs","lambdaEventSources","PermissionSetType","sso"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAyBA;AACA,SAAS,kBAAkB,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,EAAA;IAC3C,QACE,GAAG,CAAC,WAAW,KAAKA,SAAG,CAAC,GAAG,CAAC,QAAQ;QACpC,CAAC,CAAC,GAAG,CAAC,gBAAgB;AACtB,2BAAmB,GAAG,CAAC,WAAW,KAAK,WAAW;AAClD,2BAAmB,CAAC,CAAC,GAAG,CAAC,iBAAiB;AAE9C;AAEA,SAAS,kBAAkB,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,EAAA;IAC3C,OAAO,GAAG,CAAC,WAAW,KAAKA,SAAG,CAAC,GAAG,CAAC,OAAO;AAC5C;AAEA,SAAS,SAAS,CAAC,IAAY,EAAA;IAC7B,OAAO,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,EAAE,CAAC;AAC5C;AAEA,SAAS,aAAa,CAAC,IAAY,EAAE,GAAG,GAAG,OAAO,CAAC,GAAG,EAAA;AACpD,IAAA,IAAI,OAAO;AACX,IAAA,IAAI,kBAAkB,CAAC,GAAG,CAAC,EAAE;AAC3B,QAAA,OAAO,GAAG,CAAA,IAAA,EAAO,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,IAAI,CAAA,CAAE;;AAE7D,QAAA,OAAO,SAAS,CAAC,OAAO,CAAC;;SACpB;AACL,QAAA,IAAI,kBAAkB,CAAC,GAAG,CAAC,EAAE;AAC3B,YAAA,OAAO,GAAG,CAAA,IAAA,EAAOA,SAAG,CAAC,GAAG,CAAC,OAAO,CAAI,CAAA,EAAA,GAAG,CAAC,WAAW,CAAI,CAAA,EAAA,IAAI,EAAE;;aACxD;AACL,YAAA,OAAO,GAAG,CAAA,IAAA,EAAO,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,IAAI,CAAA,CAAE;;;AAGjE,IAAA,OAAO,SAAS,CAAC,OAAO,CAAC;AAC3B;AAYM,MAAO,eAAgB,SAAQC,oBAAS,CAAA;AAI5C,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA4B,EAAA;AACpE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;QAEhB,MAAM,EACJ,QAAQ,GAAG,kBAAkB,EAAE,EAC/B,MAAM,EACN,MAAM,EAAE,WAAW,EACnB,QAAQ,GAAG,kBAAkB,EAAE,EAC/B,OAAO,EACP,SAAS,EACT,KAAK,GACN,GAAG,KAAK,IAAI,EAAE;AAEf,QAAA,IAAI,CAAC,OAAO,GAAG,MAAM;AAErB,QAAA,IAAI,UAAU;QAEd,IAAI,CAAC,WAAW,EAAE;AAChB,YAAA,UAAU,GAAG,aAAa,CAAC,EAAE,CAAC;;aACzB;AACL,YAAA,UAAU,GAAG,SAAS,CAAC,WAAW,CAAC;;QAGrC,IAAI,QAAQ,EAAE;YACZ,MAAM,UAAU,GAAGC,MAAE,CAAC,WAAW,CAAC,UAAU,CAAC;AAC7C,YAAA,IAAI,CAAC,OAAO,GAAGC,yBAAc,CAAC,MAAM,CAAC,gBAAgB,CACnD,IAAI,EACJ,EAAE,EACF,UAAU,CACX;;AAGD,YAAA,IAAIC,aAAS,CAAC,IAAI,EAAE,cAAc,EAAE;AAClC,gBAAA,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU;AAC/B,aAAA,CAAC;;aACG;YACL,MAAM,WAAW,GACf,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,KAAK;AAE7D,YAAA,MAAM,WAAW,GAA+B;AAC9C,gBAAA,iBAAiB,EAAE;AACjB,sBAAEC,eAAW,CAAC,eAAe,CAAC,WAAW;AACzC,sBAAE,SAAS;aACd;AAED,YAAA,IAAI,CAAC,OAAO,GAAG,IAAIF,yBAAc,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,EAAE,WAAW,CAAC;YAE/D,IAAI,OAAO,EAAE;AACX,gBAAAG,QAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC;;YAGlD,IAAI,SAAS,EAAE;AACb,gBAAAM,QAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC;;YAGtD,IAAI,QAAQ,EAAE;AACZ,gBAAA,IAAII,aAAS,CAAC,IAAI,EAAE,cAAc,EAAE;AAClC,oBAAA,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU;oBAC9B,UAAU;AACX,iBAAA,CAAC;;iBACG;AACL,gBAAA,IAAIA,aAAS,CAAC,IAAI,EAAE,aAAa,EAAE;AACjC,oBAAA,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU;AAC/B,iBAAA,CAAC;;;;;AAMR,IAAA,IAAW,KAAK,GAAA;AACd,QAAA,OAAOG,SAAK,CAAC,EAAE,CAAC,IAAI,CAAC;;AAGvB,IAAA,IAAW,GAAG,GAAA;QACZ,OAAO;YACL,OAAO,EAAEA,SAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,OAAO;YAC/B,MAAM,EAAEA,SAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM;SAC9B;;AAGI,IAAA,kBAAkB,CAAC,MAAqB,EAAA;AAC7C,QAAA,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,CAAC;;;AAIzC,IAAA,IAAW,SAAS,GAAA;AAClB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS;;AAG/B,IAAA,IAAW,UAAU,GAAA;AACnB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU;;AAGhC,IAAA,IAAW,aAAa,GAAA;AACtB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,aAAa;;AAGnC,IAAA,IAAW,aAAa,GAAA;AACtB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,aAAa;;AAGnC,IAAA,IAAW,WAAW,GAAA;AACpB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW;;AAG1B,IAAA,mBAAmB,CAAC,GAAW,EAAA;QACpC,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,GAAG,CAAC;;IAGvC,SAAS,CAAC,OAAmB,EAAE,aAAwB,EAAA;QAC5D,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,OAAO,EAAE,aAAa,CAAC;;AAGhD,IAAA,UAAU,CAAC,OAAmB,EAAA;QACnC,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC;;IAGlC,mBAAmB,CACxB,EAAU,EACV,OAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,EAAE,EAAE,OAAO,CAAC;;AAG/C,IAAA,mBAAmB,CACxB,SAA0B,EAAA;QAE1B,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,SAAS,CAAC;;IAG7C,qBAAqB,GAAA;AAC1B,QAAA,IAAI,CAAC,OAAO,CAAC,qBAAqB,EAAE;;AAG/B,IAAA,MAAM,CAAC,MAA+B,EAAA;QAC3C,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC;;AAGpC,IAAA,IAAW,MAAM,GAAA;QACf,OAAO,IAAI,CAAC,OAAO;;AAEtB;;ACzMD,MAAM,OAAO,GAAG;AACd,IAAA,OAAO,EAAE,uBAAuB;CACxB;AAsBJ,MAAO,gBAAiB,SAAQN,oBAAS,CAAA;AAI7C;;AAEG;AACH,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA4B,EAAA;AACpE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;QAEhB,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,OAAO,EAAE,GAAG,KAAK;QAChD,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,IAAID,SAAG,CAAC,OAAO,CAAC,cAAc;;QAG3D,IAAI,CAAC,QAAQ,GAAG,IAAIQ,gBAAQ,CAAC,IAAI,EAAE,UAAU,EAAE;AAC7C,YAAA,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC;kBACtB,gBAAgB,QAAQ,CAAA,CAAA,EAAI,OAAO,CAAC,GAAG,CAAC,aAAa,CAAE;kBACvD,CAAgB,aAAA,EAAA,QAAQ,CAAE,CAAA;YAC9B,SAAS,EAAEC,qBAAa,CAAC,QAAQ;AAClC,SAAA,CAAC;;QAGFC,cAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,CAACV,SAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;QACxDU,cAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,CAACV,SAAG,CAAC,GAAG,CAAC,IAAI,EAAEA,SAAG,CAAC,IAAI,CAAC,UAAU,CAAC;QACjE,IAAI,OAAO,EAAE;YACXU,cAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,CAACV,SAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;;;AAI1D,QAAA,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAIW,uBAAgB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;;QAG/D,IAAI,WAAW,EAAE;AACf,YAAA,IAAI,CAAC,QAAQ,CAAC,qBAAqB,CAAC,0BAA0B,EAAE;gBAC9D,WAAW;AACX,gBAAA,aAAa,EAAEC,qBAAa,CAAC,SAAS,EAAE;AACzC,aAAA,CAAC;;;QAIJ,IAAI,CAAC,UAAU,GAAG,IAAIC,qBAAU,CAAC,IAAI,EAAE,YAAY,EAAE;AACnD,YAAA,oBAAoB,EAAE,IAAI,CAAC,QAAQ,CAAC,WAAW;YAC/C,QAAQ;AACT,SAAA,CAAC;;QAGFH,cAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,GAAG,CAACV,SAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;QAC1DU,cAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,GAAG,CAACV,SAAG,CAAC,GAAG,CAAC,IAAI,EAAEA,SAAG,CAAC,IAAI,CAAC,UAAU,CAAC;QACnE,IAAI,OAAO,EAAE;YACXU,cAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,GAAG,CAACV,SAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;;;AAG/D;;ACrFK,MAAO,mBAAoB,SAAQ,eAAe,CAAA;AACtD,IAAA,WAAA,CACE,KAAgB,EAChB,EAAE,GAAG,uBAAuB,EAC5B,KAA4B,EAAA;AAE5B,QAAA,MAAM,YAAY,GAAyB;AACzC,YAAA,MAAM,EAAE,aAAa;AACrB,YAAA,OAAO,EAAEA,SAAG,CAAC,IAAI,CAAC,OAAO;AACzB,YAAA,SAAS,EAAEA,SAAG,CAAC,MAAM,CAAC,OAAO;AAC7B,YAAA,GAAG,KAAK;SACT;AAED,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,YAAY,CAAC;;AAEjC;;ACfK,MAAO,kBAAmB,SAAQ,eAAe,CAAA;AACrD,IAAA,WAAA,CACE,KAAgB,EAChB,EAAE,GAAG,cAAc,EACnB,KAA4B,EAAA;AAE5B,QAAA,MAAM,YAAY,GAAyB;AACzC,YAAA,MAAM,EAAE,gBAAgB;AACxB,YAAA,OAAO,EAAEA,SAAG,CAAC,IAAI,CAAC,UAAU;AAC5B,YAAA,SAAS,EAAEA,SAAG,CAAC,MAAM,CAAC,MAAM;AAC5B,YAAA,GAAG,KAAK;SACT;AAED,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,YAAY,CAAC;;AAEjC;;ACaK,MAAO,kBACX,SAAQC,oBAAS,CAAA;AAOjB,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA8B,EAAA;AACtE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;AAEhB,QAAA,MAAM,EACJ,SAAS,GAAG,CAAC,EACb,IAAI,EACJ,WAAW,GAAG,EAAE,EAChB,UAAU,GAAG,EAAE,EACf,IAAI,GAAG,IAAI,EACX,OAAO,GAAG,eAAe,EACzB,MAAM,GAAG,EAAE,EACX,YAAY,GAAGD,SAAG,CAAC,MAAM,CAAC,aAAa,EACvC,UAAU,GAAGA,SAAG,CAAC,MAAM,CAAC,WAAW,EACnC,gBAAgB,EAChB,4BAA4B,EAC5B,OAAO,EACP,OAAO,GAAGc,iBAAM,CAAC,OAAO,CAAC,WAAW,EACpC,OAAO,GAAG,EAAE,EACZ,OAAO,GAAGC,YAAQ,CAAC,OAAO,CAACf,SAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,EACtD,SAAS,EACT,iBAAiB,GAAGe,YAAQ,CAAC,OAAO,CAACf,SAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,GACjE,GAAG,KAAK;QAET,IAAI,CAAC,KAAK,GAAG,OAAO,IAAI,KAAK,QAAQ,GAAGc,iBAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,IAAI;;QAG1E,IAAI,CAAC,MAAM,GAAG,IAAIE,cAAG,CAAC,KAAK,CAAC,IAAI,EAAE,OAAO,EAAE;YACzC,IAAI;AACJ,YAAA,iBAAiB,EACf,OAAO,iBAAiB,KAAK;AAC3B,kBAAED,YAAQ,CAAC,OAAO,CAAC,iBAAiB;AACpC,kBAAE,iBAAiB;AACxB,SAAA,CAAC;QACF,IAAI,OAAO,EAAE;AACX,YAAAT,QAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC;;QAEjD,IAAI,SAAS,EAAE;AACb,YAAAM,QAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC;;;QAIrD,MAAM,kBAAkB,GAAG,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,MAAM,CAC1D,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM;AACvB,YAAA,GAAG,GAAG;AACN,YAAA,CAAC,UAAU,GAAG,CAAA,CAAE,GAAG,MAAM,CAAC,UAAU;SACrC,CAAC,EACF,EAAE,CACH;;QAGD,MAAM,wBAAwB,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,MAAM,KAAI;AAC9D,YAAA,IAAI,MAAM,CAAC,MAAM,EAAE;gBACjB,OAAO;AACL,oBAAA,GAAG,GAAG;oBACN,CAAC,CAAA,OAAA,EAAU,MAAM,CAAC,MAAM,EAAE,GAAG,MAAM,CAAC,UAAU;iBAC/C;;AAEH,YAAA,OAAO,GAAG;SACX,EAAE,EAAE,CAAC;;QAGN,IAAI,CAAC,OAAO,GAAG,IAAIc,iBAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,UAAU,EAAE;YACnD,IAAI,EAAE,IAAI,CAAC,KAAK;AAChB,YAAA,WAAW,EAAE;AACX,gBAAA,iBAAiB,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;AACvC,gBAAA,GAAG,WAAW;AACd,gBAAA,GAAG,kBAAkB;AACrB,gBAAA,GAAG,wBAAwB;AAC5B,aAAA;YACD,OAAO;YACP,MAAM;YACN,YAAY;YACZ,UAAU;YACV,gBAAgB;YAChB,4BAA4B;YAC5B,OAAO;AACP,YAAA,OAAO,EACL,OAAO,OAAO,KAAK,QAAQ,GAAGC,YAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO;AACpE,SAAA,CAAC;;QAGF,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,KAAI;AAC3C,YAAA,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC;AAChC,SAAC,CAAC;;AAGF,QAAA,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,KAAI;AACzB,YAAA,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC;AACtB,YAAA,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC;AAChC,SAAC,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC;QAC9C,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC;AAC3C,QAAA,IAAI,CAAC,OAAO,CAAC,cAAc,CACzB,IAAIE,6BAAkB,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,EAAE;YACjD,SAAS;AACV,SAAA,CAAC,CACH;QACD,IAAI,OAAO,EAAE;AACX,YAAAX,QAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC;;QAElD,IAAI,SAAS,EAAE;AACb,YAAAM,QAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC;;;;AAKxD,IAAA,IAAW,KAAK,GAAA;QACd,OAAO,IAAI,CAAC,MAAM;;AAGpB,IAAA,IAAW,MAAM,GAAA;QACf,OAAO,IAAI,CAAC,OAAO;;AAGrB,IAAA,IAAW,IAAI,GAAA;QACb,OAAO,IAAI,CAAC,KAAK;;;AAInB,IAAA,IAAW,WAAW,GAAA;AACpB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW;;AAGjC,IAAA,IAAW,YAAY,GAAA;AACrB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY;;AAGlC,IAAA,IAAW,cAAc,GAAA;AACvB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc;;AAGpC,IAAA,IAAW,IAAI,GAAA;AACb,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI;;AAG1B,IAAA,IAAW,YAAY,GAAA;AACrB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY;;AAGlC,IAAA,IAAW,WAAW,GAAA;AACpB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW;;AAGjC,IAAA,IAAW,YAAY,GAAA;AACrB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY;;AAGlC,IAAA,IAAW,aAAa,GAAA;AACtB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,aAAa;;AAGnC,IAAA,IAAW,eAAe,GAAA;AACxB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe;;AAGrC,IAAA,IAAW,0BAA0B,GAAA;AACnC,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,0BAA0B;;AAGzC,IAAA,cAAc,CAAC,MAA2B,EAAA;AAC/C,QAAA,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,MAAM,CAAC;;IAG9B,qBAAqB,CAC1B,EAAU,EACV,OAAyC,EAAA;QAEzC,OAAO,IAAI,CAAC,OAAO,CAAC,qBAAqB,CAAC,EAAE,EAAE,OAAO,CAAC;;AAGjD,IAAA,cAAc,CACnB,OAAmC,EAAA;QAEnC,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,OAAO,CAAC;;IAGtC,aAAa,CAAC,EAAU,EAAE,UAA6B,EAAA;QAC5D,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,EAAE,UAAU,CAAC;;AAGrC,IAAA,eAAe,CACpB,SAAwD,EAAA;AAExD,QAAA,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,SAAS,CAAC;;AAGlC,IAAA,oBAAoB,CAAC,OAAwC,EAAA;AAClE,QAAA,IAAI,CAAC,OAAO,CAAC,oBAAoB,CAAC,OAAO,CAAC;;AAGrC,IAAA,WAAW,CAChB,OAAiD,EAAA;QAEjD,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC;;AAGnC,IAAA,6BAA6B,CAClC,kBAAoE,EAAA;QAEpE,OAAO,IAAI,CAAC,OAAO,CAAC,6BAA6B,CAAC,kBAAkB,CAAC;;AAGhE,IAAA,cAAc,CACnB,OAAiD,EAAA;QAEjD,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,OAAO,CAAC;;IAGtC,MAAM,CACX,UAAkB,EAClB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,EAAE,KAAK,CAAC;;AAGxC,IAAA,cAAc,CACnB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,KAAK,CAAC;;AAGpC,IAAA,YAAY,CACjB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,KAAK,CAAC;;AAGlC,IAAA,iBAAiB,CACtB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC,KAAK,CAAC;;AAGvC,IAAA,eAAe,CACpB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC;;;AAIrC,IAAA,wBAAwB,CAAC,OAAuB,EAAA;QACrD,OAAO,IAAI,CAAC,OAAO,CAAC,wBAAwB,CAAC,OAAO,CAAC;;IAGhD,kBAAkB,CACvB,OAAuB,EACvB,OAAuB,EAAA;QAEvB,OAAO,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,OAAO,EAAE,OAAO,CAAC;;AAG1D,IAAA,IAAW,GAAG,GAAA;QACZ,OAAO;YACL,OAAO,EAAEO,SAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,OAAO;YAC/B,MAAM,EAAEA,SAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM;SAC9B;;AAGH,IAAA,IAAW,KAAK,GAAA;AACd,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK;;AAGpB,IAAA,kBAAkB,CAAC,MAAqB,EAAA;AAC7C,QAAA,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,CAAC;AACvC,QAAA,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC,MAAM,CAAC;;;AAIxC,IAAA,IAAW,IAAI,GAAA;AACb,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI;;AAGzB,IAAA,IAAW,QAAQ,GAAA;AACjB,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ;;AAG7B,IAAA,IAAW,SAAS,GAAA;AAClB,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS;;AAG9B,IAAA,IAAW,QAAQ,GAAA;AACjB,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ;;AAG7B,IAAA,IAAW,mBAAmB,GAAA;AAC5B,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,mBAAmB;;AAGjC,IAAA,mBAAmB,CACxB,SAA8B,EAAA;QAE9B,OAAO,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC,SAAS,CAAC;;AAG5C,IAAA,KAAK,CAAC,OAAuB,EAAE,GAAG,OAAiB,EAAA;QACxD,OAAO,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,GAAG,OAAO,CAAC;;AAGxC,IAAA,oBAAoB,CAAC,OAAuB,EAAA;QACjD,OAAO,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,OAAO,CAAC;;AAG3C,IAAA,UAAU,CAAC,OAAuB,EAAA;QACvC,OAAO,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC;;AAGjC,IAAA,iBAAiB,CAAC,OAAuB,EAAA;QAC9C,OAAO,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,OAAO,CAAC;;;AAIxC,IAAA,mCAAmC,CACxC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,mCAAmC,CAAC,KAAK,CAAC;;AAGxD,IAAA,wCAAwC,CAC7C,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,wCAAwC,CAAC,KAAK,CAAC;;AAG7D,IAAA,2CAA2C,CAChD,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,2CAA2C,CAAC,KAAK,CAAC;;AAGhE,IAAA,wCAAwC,CAC7C,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,wCAAwC,CAAC,KAAK,CAAC;;AAG7D,IAAA,2BAA2B,CAChC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,2BAA2B,CAAC,KAAK,CAAC;;AAGhD,IAAA,6BAA6B,CAClC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,6BAA6B,CAAC,KAAK,CAAC;;AAGlD,IAAA,8BAA8B,CACnC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,8BAA8B,CAAC,KAAK,CAAC;;AAGnD,IAAA,0BAA0B,CAC/B,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,0BAA0B,CAAC,KAAK,CAAC;;AAG/C,IAAA,qBAAqB,CAC1B,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC,KAAK,CAAC;;AAElD;;ACtWD;;AAEG;AACSW;AAAZ,CAAA,UAAY,iBAAiB,EAAA;AAC3B,IAAA,iBAAA,CAAA,eAAA,CAAA,GAAA,eAA+B;AAC/B,IAAA,iBAAA,CAAA,SAAA,CAAA,GAAA,SAAmB;AACnB,IAAA,iBAAA,CAAA,WAAA,CAAA,GAAA,WAAuB;AACzB,CAAC,EAJWA,yBAAiB,KAAjBA,yBAAiB,GAI5B,EAAA,CAAA,CAAA;AAED;;;;AAIG;AACG,MAAO,eAAgB,SAAQjB,oBAAS,CAAA;AAO5C,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA2B,EAAA;AACnE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;QAPD,IAAc,CAAA,cAAA,GAG3B,EAAqD;AAMvD,QAAA,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC,WAAW;;QAGpC,IAAI,CAAC,gCAAgC,EAAE;QACvC,IAAI,CAAC,0BAA0B,EAAE;QACjC,IAAI,CAAC,4BAA4B,EAAE;;AAGnC,QAAA,IAAI,CAAC,8BAA8B,CAAC,KAAK,CAAC;;AAG5C;;;AAGG;IACK,gCAAgC,GAAA;QACtC,MAAM,aAAa,GAAG,IAAIkB,cAAG,CAAC,gBAAgB,CAC5C,IAAI,EACJ,4BAA4B,EAC5B;YACE,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,IAAI,EAAED,yBAAiB,CAAC,aAAa;AACrC,YAAA,WAAW,EACT,8DAA8D;YAChE,eAAe,EAAEH,YAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE;YAChD,eAAe,EAAE,CAAC,6CAA6C,CAAC;AAChE,YAAA,YAAY,EAAE;AACZ,gBAAA,OAAO,EAAE,YAAY;AACrB,gBAAA,SAAS,EAAE;AACT,oBAAA;AACE,wBAAA,MAAM,EAAE,OAAO;AACf,wBAAA,MAAM,EAAE;4BACN,wBAAwB;4BACxB,0BAA0B;4BAC1B,wBAAwB;4BACxB,0BAA0B;4BAC1B,oBAAoB;4BACpB,sBAAsB;AACvB,yBAAA;AACD,wBAAA,QAAQ,EAAE,GAAG;AACd,qBAAA;AACF,iBAAA;AACF,aAAA;AACF,SAAA,CACF;QAEDT,QAAI,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,OAAO,EAAEA,SAAG,CAAC,OAAO,CAAC,GAAG,CAAC;QAE5D,IAAI,CAAC,cAAc,CAACkB,yBAAiB,CAAC,aAAa,CAAC,GAAG,aAAa;;AAGtE;;;AAGG;IACK,0BAA0B,GAAA;QAChC,MAAM,aAAa,GAAG,IAAIC,cAAG,CAAC,gBAAgB,CAC5C,IAAI,EACJ,sBAAsB,EACtB;YACE,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,IAAI,EAAED,yBAAiB,CAAC,OAAO;AAC/B,YAAA,WAAW,EACT,mEAAmE;YACrE,eAAe,EAAEH,YAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE;YAChD,eAAe,EAAE,CAAC,wCAAwC,CAAC;AAC3D,YAAA,YAAY,EAAE;AACZ,gBAAA,OAAO,EAAE,YAAY;AACrB,gBAAA,SAAS,EAAE;AACT,oBAAA;AACE,wBAAA,MAAM,EAAE,OAAO;AACf,wBAAA,MAAM,EAAE;4BACN,wBAAwB;4BACxB,wBAAwB;4BACxB,oBAAoB;4BACpB,yBAAyB;4BACzB,0BAA0B;4BAC1B,cAAc;4BACd,cAAc;4BACd,eAAe;AAChB,yBAAA;AACD,wBAAA,QAAQ,EAAE,GAAG;AACd,qBAAA;AACF,iBAAA;AACF,aAAA;AACF,SAAA,CACF;QAEDT,QAAI,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,OAAO,EAAEA,SAAG,CAAC,OAAO,CAAC,GAAG,CAAC;QAE5D,IAAI,CAAC,cAAc,CAACkB,yBAAiB,CAAC,OAAO,CAAC,GAAG,aAAa;;AAGhE;;;AAGG;IACK,4BAA4B,GAAA;QAClC,MAAM,aAAa,GAAG,IAAIC,cAAG,CAAC,gBAAgB,CAC5C,IAAI,EACJ,wBAAwB,EACxB;YACE,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,IAAI,EAAED,yBAAiB,CAAC,SAAS;AACjC,YAAA,WAAW,EACT,6DAA6D;YAC/D,eAAe,EAAEH,YAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE;AAChD,YAAA,eAAe,EAAE;gBACf,0DAA0D;AAC3D,aAAA;AACD,YAAA,YAAY,EAAE;AACZ,gBAAA,OAAO,EAAE,YAAY;AACrB,gBAAA,SAAS,EAAE;AACT,oBAAA;AACE,wBAAA,MAAM,EAAE,OAAO;AACf,wBAAA,MAAM,EAAE;4BACN,cAAc;4BACd,QAAQ;4BACR,UAAU;4BACV,cAAc;4BACd,YAAY;4BACZ,MAAM;4BACN,OAAO;4BACP,OAAO;4BACP,UAAU;4BACV,OAAO;4BACP,OAAO;4BACP,aAAa;AACd,yBAAA;AACD,wBAAA,QAAQ,EAAE,GAAG;AACd,qBAAA;AACD,oBAAA;AACE,wBAAA,MAAM,EAAE,MAAM;AACd,wBAAA,MAAM,EAAE;4BACN,YAAY;4BACZ,YAAY;4BACZ,cAAc;4BACd,iBAAiB;4BACjB,WAAW;AACZ,yBAAA;AACD,wBAAA,QAAQ,EAAE,GAAG;AACd,qBAAA;AACF,iBAAA;AACF,aAAA;AACF,SAAA,CACF;QAEDT,QAAI,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,OAAO,EAAEA,SAAG,CAAC,OAAO,CAAC,GAAG,CAAC;QAE5D,IAAI,CAAC,cAAc,CAACkB,yBAAiB,CAAC,SAAS,CAAC,GAAG,aAAa;;AAGlE;;AAEG;AACI,IAAA,gBAAgB,CAAC,IAAuB,EAAA;AAC7C,QAAA,OAAO,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC;;AAGlC;;;AAGG;AACK,IAAA,8BAA8B,CAAC,KAA2B,EAAA;;AAEhE,QAAA,IAAI,CAAC,8BAA8B,CAAC,KAAK,CAAC;;AAG1C,QAAA,IAAI,CAAC,wBAAwB,CAAC,KAAK,CAAC;;AAGpC,QAAA,IAAI,CAAC,0BAA0B,CAAC,KAAK,CAAC;;AAGxC;;AAEG;AACK,IAAA,8BAA8B,CAAC,KAA2B,EAAA;AAChE,QAAA,MAAM,kBAAkB,GAAG,KAAK,CAAC,QAAQ,CAAC,cAAc;QACxD,MAAM,0BAA0B,GAC9B,IAAI,CAAC,cAAc,CAACA,yBAAiB,CAAC,aAAa,CAAC;;AAGtD,QAAA,MAAM,WAAW,GAAG;AAClB,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,WAAW;AAC/B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,UAAU;AAC9B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,UAAU;AAC9B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,UAAU;AAC9B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,OAAO;AAC3B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,QAAQ;AAC5B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,KAAK;SAC1B;;QAGD,WAAW,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,KAAK,KAAI;AACvC,YAAA,MAAM,UAAU,GAAG,IAAIC,cAAG,CAAC,aAAa,CACtC,IAAI,EACJ,CAAA,uBAAA,EAA0B,KAAK,CAAA,CAAE,EACjC;gBACE,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,gBAAgB,EAAE,0BAA0B,CAAC,oBAAoB;AACjE,gBAAA,WAAW,EAAE,kBAAkB;AAC/B,gBAAA,aAAa,EAAE,OAAO;AACtB,gBAAA,QAAQ,EAAE,SAAS;AACnB,gBAAA,UAAU,EAAE,aAAa;AAC1B,aAAA,CACF;YAEDb,QAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,OAAO,EAAEA,SAAG,CAAC,OAAO,CAAC,GAAG,CAAC;AACzD,YAAAM,QAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,gBAAgB,CAAC;AACpD,SAAC,CAAC;;AAGJ;;AAEG;AACK,IAAA,wBAAwB,CAAC,KAA2B,EAAA;AAC1D,QAAA,MAAM,YAAY,GAAG,KAAK,CAAC,QAAQ,CAAC,QAAQ;QAC5C,MAAM,oBAAoB,GAAG,IAAI,CAAC,cAAc,CAACY,yBAAiB,CAAC,OAAO,CAAC;;AAG3E,QAAA,MAAM,eAAe,GAAG;AACtB,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,WAAW;AAC/B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,UAAU;AAC9B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,OAAO;AAC3B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,KAAK;SAC1B;;QAGD,eAAe,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,KAAK,KAAI;AAC3C,YAAA,MAAM,UAAU,GAAG,IAAIC,cAAG,CAAC,aAAa,CACtC,IAAI,EACJ,CAAA,iBAAA,EAAoB,KAAK,CAAA,CAAE,EAC3B;gBACE,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,gBAAgB,EAAE,oBAAoB,CAAC,oBAAoB;AAC3D,gBAAA,WAAW,EAAE,YAAY;AACzB,gBAAA,aAAa,EAAE,OAAO;AACtB,gBAAA,QAAQ,EAAE,SAAS;AACnB,gBAAA,UAAU,EAAE,aAAa;AAC1B,aAAA,CACF;YAEDb,QAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,OAAO,EAAEA,SAAG,CAAC,OAAO,CAAC,GAAG,CAAC;AACzD,YAAAM,QAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,UAAU,CAAC;AAC9C,SAAC,CAAC;;AAGJ;;AAEG;AACK,IAAA,0BAA0B,CAAC,KAA2B,EAAA;AAC5D,QAAA,MAAM,cAAc,GAAG,KAAK,CAAC,QAAQ,CAAC,UAAU;QAChD,MAAM,sBAAsB,GAC1B,IAAI,CAAC,cAAc,CAACY,yBAAiB,CAAC,SAAS,CAAC;;AAGlD,QAAA,MAAM,iBAAiB,GAAG;AACxB,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,WAAW;AAC/B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,OAAO;AAC3B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,KAAK;SAC1B;;QAGD,iBAAiB,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,KAAK,KAAI;AAC7C,YAAA,MAAM,UAAU,GAAG,IAAIC,cAAG,CAAC,aAAa,CACtC,IAAI,EACJ,CAAA,mBAAA,EAAsB,KAAK,CAAA,CAAE,EAC7B;gBACE,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,gBAAgB,EAAE,sBAAsB,CAAC,oBAAoB;AAC7D,gBAAA,WAAW,EAAE,cAAc;AAC3B,gBAAA,aAAa,EAAE,OAAO;AACtB,gBAAA,QAAQ,EAAE,SAAS;AACnB,gBAAA,UAAU,EAAE,aAAa;AAC1B,aAAA,CACF;YAEDb,QAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,OAAO,EAAEA,SAAG,CAAC,OAAO,CAAC,GAAG,CAAC;AACzD,YAAAM,QAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,YAAY,CAAC;AAChD,SAAC,CAAC;;AAEL;;AC7VK,MAAO,2BAA4B,SAAQ,eAAe,CAAA;AAC9D,IAAA,WAAA,CACE,KAAgB,EAChB,EAAE,GAAG,iBAAiB,EACtB,KAA4B,EAAA;AAE5B,QAAA,MAAM,YAAY,GAAyB;AACzC,YAAA,MAAM,EAAE,mBAAmB;AAC3B,YAAA,OAAO,EAAEN,SAAG,CAAC,IAAI,CAAC,GAAG;AACrB,YAAA,SAAS,EAAEA,SAAG,CAAC,MAAM,CAAC,SAAS;AAC/B,YAAA,GAAG,KAAK;SACT;AAED,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,YAAY,CAAC;;AAEjC;;;;;;;;;;"}
1
+ {"version":3,"file":"index.cjs","sources":["../../../src/JaypieEnvSecret.ts","../../../src/JaypieHostedZone.ts","../../../src/JaypieMongoDbSecret.ts","../../../src/JaypieOpenAiSecret.ts","../../../src/JaypieQueuedLambda.ts","../../../src/JaypieSsoGroups.ts","../../../src/JaypieTraceSigningKeySecret.ts"],"sourcesContent":["import { Construct } from \"constructs\";\nimport {\n CfnOutput,\n Fn,\n SecretValue,\n Tags,\n RemovalPolicy,\n Stack,\n} from \"aws-cdk-lib\";\nimport * as secretsmanager from \"aws-cdk-lib/aws-secretsmanager\";\nimport { CDK } from \"@jaypie/cdk\";\nimport {\n ISecret,\n ISecretAttachmentTarget,\n RotationSchedule,\n RotationScheduleOptions,\n} from \"aws-cdk-lib/aws-secretsmanager\";\nimport { IKey } from \"aws-cdk-lib/aws-kms\";\nimport {\n Grant,\n IGrantable,\n PolicyStatement,\n AddToResourcePolicyResult,\n} from \"aws-cdk-lib/aws-iam\";\n\n// It is a consumer if the environment is ephemeral\nfunction checkEnvIsConsumer(env = process.env): boolean {\n return (\n env.PROJECT_ENV === CDK.ENV.PERSONAL ||\n !!env.CDK_ENV_PERSONAL ||\n /** @deprecated */ env.PROJECT_ENV === \"ephemeral\" ||\n /** @deprecated */ !!env.CDK_ENV_EPHEMERAL\n );\n}\n\nfunction checkEnvIsProvider(env = process.env): boolean {\n return env.PROJECT_ENV === CDK.ENV.SANDBOX;\n}\n\nfunction cleanName(name: string): string {\n return name.replace(/[^a-zA-Z0-9:-]/g, \"\");\n}\n\nfunction exportEnvName(name: string, env = process.env): string {\n let rawName;\n if (checkEnvIsProvider(env)) {\n rawName = `env-${env.PROJECT_ENV}-${env.PROJECT_KEY}-${name}`;\n // Clean the entire name to only allow alphanumeric, colons, and hyphens\n return cleanName(rawName);\n } else {\n if (checkEnvIsConsumer(env)) {\n rawName = `env-${CDK.ENV.SANDBOX}-${env.PROJECT_KEY}-${name}`;\n } else {\n rawName = `env-${env.PROJECT_ENV}-${env.PROJECT_KEY}-${name}`;\n }\n }\n return cleanName(rawName);\n}\n\nexport interface JaypieEnvSecretProps {\n consumer?: boolean;\n envKey?: string;\n export?: string;\n provider?: boolean;\n roleTag?: string;\n vendorTag?: string;\n value?: string;\n}\n\nexport class JaypieEnvSecret extends Construct implements ISecret {\n private readonly _envKey?: string;\n private readonly _secret: secretsmanager.ISecret;\n\n constructor(scope: Construct, id: string, props?: JaypieEnvSecretProps) {\n super(scope, id);\n\n const {\n consumer = checkEnvIsConsumer(),\n envKey,\n export: exportParam,\n provider = checkEnvIsProvider(),\n roleTag,\n vendorTag,\n value,\n } = props || {};\n\n this._envKey = envKey;\n\n let exportName;\n\n if (!exportParam) {\n exportName = exportEnvName(id);\n } else {\n exportName = cleanName(exportParam);\n }\n\n if (consumer) {\n const secretName = Fn.importValue(exportName);\n this._secret = secretsmanager.Secret.fromSecretNameV2(\n this,\n id,\n secretName,\n );\n\n // Add CfnOutput for consumer secrets\n new CfnOutput(this, `ConsumedName`, {\n value: this._secret.secretName,\n });\n } else {\n const secretValue =\n envKey && process.env[envKey] ? process.env[envKey] : value;\n\n const secretProps: secretsmanager.SecretProps = {\n secretStringValue: secretValue\n ? SecretValue.unsafePlainText(secretValue)\n : undefined,\n };\n\n this._secret = new secretsmanager.Secret(this, id, secretProps);\n\n if (roleTag) {\n Tags.of(this._secret).add(CDK.TAG.ROLE, roleTag);\n }\n\n if (vendorTag) {\n Tags.of(this._secret).add(CDK.TAG.VENDOR, vendorTag);\n }\n\n if (provider) {\n new CfnOutput(this, `ProvidedName`, {\n value: this._secret.secretName,\n exportName,\n });\n } else {\n new CfnOutput(this, `CreatedName`, {\n value: this._secret.secretName,\n });\n }\n }\n }\n\n // IResource implementation\n public get stack(): Stack {\n return Stack.of(this);\n }\n\n public get env(): { account: string; region: string } {\n return {\n account: Stack.of(this).account,\n region: Stack.of(this).region,\n };\n }\n\n public applyRemovalPolicy(policy: RemovalPolicy): void {\n this._secret.applyRemovalPolicy(policy);\n }\n\n // ISecret implementation\n public get secretArn(): string {\n return this._secret.secretArn;\n }\n\n public get secretName(): string {\n return this._secret.secretName;\n }\n\n public get secretFullArn(): string | undefined {\n return this._secret.secretFullArn;\n }\n\n public get encryptionKey(): IKey | undefined {\n return this._secret.encryptionKey;\n }\n\n public get secretValue(): SecretValue {\n return this._secret.secretValue;\n }\n\n public secretValueFromJson(key: string): SecretValue {\n return this._secret.secretValueFromJson(key);\n }\n\n public grantRead(grantee: IGrantable, versionStages?: string[]): Grant {\n return this._secret.grantRead(grantee, versionStages);\n }\n\n public grantWrite(grantee: IGrantable): Grant {\n return this._secret.grantWrite(grantee);\n }\n\n public addRotationSchedule(\n id: string,\n options: RotationScheduleOptions,\n ): RotationSchedule {\n return this._secret.addRotationSchedule(id, options);\n }\n\n public addToResourcePolicy(\n statement: PolicyStatement,\n ): AddToResourcePolicyResult {\n return this._secret.addToResourcePolicy(statement);\n }\n\n public denyAccountRootDelete(): void {\n this._secret.denyAccountRootDelete();\n }\n\n public attach(target: ISecretAttachmentTarget): ISecret {\n return this._secret.attach(target);\n }\n\n public get envKey(): string | undefined {\n return this._envKey;\n }\n}\n","import { CDK } from \"@jaypie/cdk\";\nimport * as cdk from \"aws-cdk-lib\";\nimport { ServicePrincipal } from \"aws-cdk-lib/aws-iam\";\nimport {\n LogGroup,\n FilterPattern,\n RetentionDays,\n ILogGroup,\n} from \"aws-cdk-lib/aws-logs\";\nimport { HostedZone, IHostedZone } from \"aws-cdk-lib/aws-route53\";\nimport { Construct } from \"constructs\";\nimport { LambdaDestination } from \"aws-cdk-lib/aws-logs-destinations\";\n\nconst SERVICE = {\n ROUTE53: \"route53.amazonaws.com\",\n} as const;\n\ninterface JaypieHostedZoneProps {\n /**\n * The domain name for the hosted zone\n */\n zoneName: string;\n /**\n * The service tag value\n * @default CDK.SERVICE.INFRASTRUCTURE\n */\n service?: string;\n /**\n * Optional project tag value\n */\n project?: string;\n /**\n * Optional log destination\n */\n destination?: LambdaDestination;\n}\n\nexport class JaypieHostedZone extends Construct {\n public readonly hostedZone: IHostedZone;\n public readonly logGroup: ILogGroup;\n\n /**\n * Create a new hosted zone with query logging\n */\n constructor(scope: Construct, id: string, props: JaypieHostedZoneProps) {\n super(scope, id);\n\n const { destination, zoneName, project } = props;\n const service = props.service || CDK.SERVICE.INFRASTRUCTURE;\n\n // Create the log group\n this.logGroup = new LogGroup(this, \"LogGroup\", {\n logGroupName: process.env.PROJECT_NONCE\n ? `/aws/route53/${zoneName}-${process.env.PROJECT_NONCE}`\n : `/aws/route53/${zoneName}`,\n retention: RetentionDays.ONE_WEEK,\n });\n\n // Add tags\n cdk.Tags.of(this.logGroup).add(CDK.TAG.SERVICE, service);\n cdk.Tags.of(this.logGroup).add(CDK.TAG.ROLE, CDK.ROLE.NETWORKING);\n if (project) {\n cdk.Tags.of(this.logGroup).add(CDK.TAG.PROJECT, project);\n }\n\n // Grant Route 53 permissions to write to the log group\n this.logGroup.grantWrite(new ServicePrincipal(SERVICE.ROUTE53));\n\n // Add destination if provided\n if (destination) {\n this.logGroup.addSubscriptionFilter(\"DatadogLambdaDestination\", {\n destination,\n filterPattern: FilterPattern.allEvents(),\n });\n }\n\n // Create the hosted zone\n this.hostedZone = new HostedZone(this, \"HostedZone\", {\n queryLogsLogGroupArn: this.logGroup.logGroupArn,\n zoneName,\n });\n\n // Add tags\n cdk.Tags.of(this.hostedZone).add(CDK.TAG.SERVICE, service);\n cdk.Tags.of(this.hostedZone).add(CDK.TAG.ROLE, CDK.ROLE.NETWORKING);\n if (project) {\n cdk.Tags.of(this.hostedZone).add(CDK.TAG.PROJECT, project);\n }\n }\n}\n","import { Construct } from \"constructs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport { JaypieEnvSecret, JaypieEnvSecretProps } from \"./JaypieEnvSecret\";\n\nexport class JaypieMongoDbSecret extends JaypieEnvSecret {\n constructor(\n scope: Construct,\n id = \"MongoConnectionString\",\n props?: JaypieEnvSecretProps,\n ) {\n const defaultProps: JaypieEnvSecretProps = {\n envKey: \"MONGODB_URI\",\n roleTag: CDK.ROLE.STORAGE,\n vendorTag: CDK.VENDOR.MONGODB,\n ...props,\n };\n\n super(scope, id, defaultProps);\n }\n}\n","import { Construct } from \"constructs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport { JaypieEnvSecret, JaypieEnvSecretProps } from \"./JaypieEnvSecret\";\n\nexport class JaypieOpenAiSecret extends JaypieEnvSecret {\n constructor(\n scope: Construct,\n id = \"OpenAiApiKey\",\n props?: JaypieEnvSecretProps,\n ) {\n const defaultProps: JaypieEnvSecretProps = {\n envKey: \"OPENAI_API_KEY\",\n roleTag: CDK.ROLE.PROCESSING,\n vendorTag: CDK.VENDOR.OPENAI,\n ...props,\n };\n\n super(scope, id, defaultProps);\n }\n}\n","import { Construct } from \"constructs\";\nimport { Duration, Tags, Stack, RemovalPolicy } from \"aws-cdk-lib\";\nimport * as lambda from \"aws-cdk-lib/aws-lambda\";\nimport * as sqs from \"aws-cdk-lib/aws-sqs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport * as lambdaEventSources from \"aws-cdk-lib/aws-lambda-event-sources\";\nimport * as iam from \"aws-cdk-lib/aws-iam\";\nimport * as cloudwatch from \"aws-cdk-lib/aws-cloudwatch\";\nimport * as kms from \"aws-cdk-lib/aws-kms\";\nimport * as secretsmanager from \"aws-cdk-lib/aws-secretsmanager\";\nimport { JaypieEnvSecret } from \"./JaypieEnvSecret.js\";\n\nexport interface JaypieQueuedLambdaProps {\n batchSize?: number;\n code: lambda.Code | string;\n environment?: { [key: string]: string };\n envSecrets?: { [key: string]: secretsmanager.ISecret };\n fifo?: boolean;\n handler: string;\n layers?: lambda.ILayerVersion[];\n logRetention?: number;\n memorySize?: number;\n paramsAndSecrets?: lambda.ParamsAndSecretsLayerVersion;\n reservedConcurrentExecutions?: number;\n roleTag?: string;\n runtime?: lambda.Runtime;\n secrets?: JaypieEnvSecret[];\n timeout?: Duration | number;\n vendorTag?: string;\n visibilityTimeout?: Duration | number;\n}\n\nexport class JaypieQueuedLambda\n extends Construct\n implements lambda.IFunction, sqs.IQueue\n{\n private readonly _queue: sqs.Queue;\n private readonly _lambda: lambda.Function;\n private readonly _code: lambda.Code;\n\n constructor(scope: Construct, id: string, props: JaypieQueuedLambdaProps) {\n super(scope, id);\n\n const {\n batchSize = 1,\n code,\n environment = {},\n envSecrets = {},\n fifo = true,\n handler = \"index.handler\",\n layers = [],\n logRetention = CDK.LAMBDA.LOG_RETENTION,\n memorySize = CDK.LAMBDA.MEMORY_SIZE,\n paramsAndSecrets,\n reservedConcurrentExecutions,\n roleTag,\n runtime = lambda.Runtime.NODEJS_20_X,\n secrets = [],\n timeout = Duration.seconds(CDK.DURATION.LAMBDA_WORKER),\n vendorTag,\n visibilityTimeout = Duration.seconds(CDK.DURATION.LAMBDA_WORKER),\n } = props;\n\n this._code = typeof code === \"string\" ? lambda.Code.fromAsset(code) : code;\n\n // Create SQS Queue\n this._queue = new sqs.Queue(this, \"Queue\", {\n fifo,\n visibilityTimeout:\n typeof visibilityTimeout === \"number\"\n ? Duration.seconds(visibilityTimeout)\n : visibilityTimeout,\n });\n if (roleTag) {\n Tags.of(this._queue).add(CDK.TAG.ROLE, roleTag);\n }\n if (vendorTag) {\n Tags.of(this._queue).add(CDK.TAG.VENDOR, vendorTag);\n }\n\n // Process secrets environment variables\n const secretsEnvironment = Object.entries(envSecrets).reduce(\n (acc, [key, secret]) => ({\n ...acc,\n [`SECRET_${key}`]: secret.secretName,\n }),\n {},\n );\n\n // Process JaypieEnvSecret array\n const jaypieSecretsEnvironment = secrets.reduce((acc, secret) => {\n if (secret.envKey) {\n return {\n ...acc,\n [`SECRET_${secret.envKey}`]: secret.secretName,\n };\n }\n return acc;\n }, {});\n\n // Create Lambda Function\n this._lambda = new lambda.Function(this, \"Function\", {\n code: this._code,\n environment: {\n CDK_ENV_QUEUE_URL: this._queue.queueUrl,\n ...environment,\n ...secretsEnvironment,\n ...jaypieSecretsEnvironment,\n },\n handler,\n layers,\n logRetention,\n memorySize,\n paramsAndSecrets,\n reservedConcurrentExecutions,\n runtime,\n timeout:\n typeof timeout === \"number\" ? Duration.seconds(timeout) : timeout,\n });\n\n // Grant secret read permissions\n Object.values(envSecrets).forEach((secret) => {\n secret.grantRead(this._lambda);\n });\n\n // Grant read permissions for JaypieEnvSecrets\n secrets.forEach((secret) => {\n secret.grantRead(this);\n secret.grantRead(this._lambda);\n });\n\n this._queue.grantConsumeMessages(this._lambda);\n this._queue.grantSendMessages(this._lambda);\n this._lambda.addEventSource(\n new lambdaEventSources.SqsEventSource(this._queue, {\n batchSize,\n }),\n );\n if (roleTag) {\n Tags.of(this._lambda).add(CDK.TAG.ROLE, roleTag);\n }\n if (vendorTag) {\n Tags.of(this._lambda).add(CDK.TAG.VENDOR, vendorTag);\n }\n }\n\n // Public accessors\n public get queue(): sqs.Queue {\n return this._queue;\n }\n\n public get lambda(): lambda.Function {\n return this._lambda;\n }\n\n public get code(): lambda.Code {\n return this._code;\n }\n\n // IFunction implementation\n public get functionArn(): string {\n return this._lambda.functionArn;\n }\n\n public get functionName(): string {\n return this._lambda.functionName;\n }\n\n public get grantPrincipal(): import(\"aws-cdk-lib/aws-iam\").IPrincipal {\n return this._lambda.grantPrincipal;\n }\n\n public get role(): import(\"aws-cdk-lib/aws-iam\").IRole | undefined {\n return this._lambda.role;\n }\n\n public get architecture(): lambda.Architecture {\n return this._lambda.architecture;\n }\n\n public get connections(): import(\"aws-cdk-lib/aws-ec2\").Connections {\n return this._lambda.connections;\n }\n\n public get isBoundToVpc(): boolean {\n return this._lambda.isBoundToVpc;\n }\n\n public get latestVersion(): lambda.IVersion {\n return this._lambda.latestVersion;\n }\n\n public get permissionsNode(): import(\"constructs\").Node {\n return this._lambda.permissionsNode;\n }\n\n public get resourceArnsForGrantInvoke(): string[] {\n return this._lambda.resourceArnsForGrantInvoke;\n }\n\n public addEventSource(source: lambda.IEventSource): void {\n this._lambda.addEventSource(source);\n }\n\n public addEventSourceMapping(\n id: string,\n options: lambda.EventSourceMappingOptions,\n ): lambda.EventSourceMapping {\n return this._lambda.addEventSourceMapping(id, options);\n }\n\n public addFunctionUrl(\n options?: lambda.FunctionUrlOptions,\n ): lambda.FunctionUrl {\n return this._lambda.addFunctionUrl(options);\n }\n\n public addPermission(id: string, permission: lambda.Permission): void {\n this._lambda.addPermission(id, permission);\n }\n\n public addToRolePolicy(\n statement: import(\"aws-cdk-lib/aws-iam\").PolicyStatement,\n ): void {\n this._lambda.addToRolePolicy(statement);\n }\n\n public configureAsyncInvoke(options: lambda.EventInvokeConfigOptions): void {\n this._lambda.configureAsyncInvoke(options);\n }\n\n public grantInvoke(\n grantee: import(\"aws-cdk-lib/aws-iam\").IGrantable,\n ): import(\"aws-cdk-lib/aws-iam\").Grant {\n return this._lambda.grantInvoke(grantee);\n }\n\n public grantInvokeCompositePrincipal(\n compositePrincipal: import(\"aws-cdk-lib/aws-iam\").CompositePrincipal,\n ): import(\"aws-cdk-lib/aws-iam\").Grant[] {\n return this._lambda.grantInvokeCompositePrincipal(compositePrincipal);\n }\n\n public grantInvokeUrl(\n grantee: import(\"aws-cdk-lib/aws-iam\").IGrantable,\n ): import(\"aws-cdk-lib/aws-iam\").Grant {\n return this._lambda.grantInvokeUrl(grantee);\n }\n\n public metric(\n metricName: string,\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metric(metricName, props);\n }\n\n public metricDuration(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricDuration(props);\n }\n\n public metricErrors(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricErrors(props);\n }\n\n public metricInvocations(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricInvocations(props);\n }\n\n public metricThrottles(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricThrottles(props);\n }\n\n // Additional IFunction implementation\n public grantInvokeLatestVersion(grantee: iam.IGrantable): iam.Grant {\n return this._lambda.grantInvokeLatestVersion(grantee);\n }\n\n public grantInvokeVersion(\n grantee: iam.IGrantable,\n version: lambda.Version,\n ): iam.Grant {\n return this._lambda.grantInvokeVersion(grantee, version);\n }\n\n public get env() {\n return {\n account: Stack.of(this).account,\n region: Stack.of(this).region,\n };\n }\n\n public get stack(): Stack {\n return this._lambda.stack;\n }\n\n public applyRemovalPolicy(policy: RemovalPolicy): void {\n this._lambda.applyRemovalPolicy(policy);\n this._queue.applyRemovalPolicy(policy);\n }\n\n // IQueue implementation\n public get fifo(): boolean {\n return this._queue.fifo;\n }\n\n public get queueArn(): string {\n return this._queue.queueArn;\n }\n\n public get queueName(): string {\n return this._queue.queueName;\n }\n\n public get queueUrl(): string {\n return this._queue.queueUrl;\n }\n\n public get encryptionMasterKey(): kms.IKey | undefined {\n return this._queue.encryptionMasterKey;\n }\n\n public addToResourcePolicy(\n statement: iam.PolicyStatement,\n ): iam.AddToResourcePolicyResult {\n return this._queue.addToResourcePolicy(statement);\n }\n\n public grant(grantee: iam.IGrantable, ...actions: string[]): iam.Grant {\n return this._queue.grant(grantee, ...actions);\n }\n\n public grantConsumeMessages(grantee: iam.IGrantable): iam.Grant {\n return this._queue.grantConsumeMessages(grantee);\n }\n\n public grantPurge(grantee: iam.IGrantable): iam.Grant {\n return this._queue.grantPurge(grantee);\n }\n\n public grantSendMessages(grantee: iam.IGrantable): iam.Grant {\n return this._queue.grantSendMessages(grantee);\n }\n\n // Queue metrics\n public metricApproximateAgeOfOldestMessage(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateAgeOfOldestMessage(props);\n }\n\n public metricApproximateNumberOfMessagesDelayed(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateNumberOfMessagesDelayed(props);\n }\n\n public metricApproximateNumberOfMessagesNotVisible(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateNumberOfMessagesNotVisible(props);\n }\n\n public metricApproximateNumberOfMessagesVisible(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateNumberOfMessagesVisible(props);\n }\n\n public metricNumberOfEmptyReceives(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfEmptyReceives(props);\n }\n\n public metricNumberOfMessagesDeleted(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfMessagesDeleted(props);\n }\n\n public metricNumberOfMessagesReceived(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfMessagesReceived(props);\n }\n\n public metricNumberOfMessagesSent(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfMessagesSent(props);\n }\n\n public metricSentMessageSize(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricSentMessageSize(props);\n }\n}\n","import { Construct } from \"constructs\";\nimport { Tags, Duration } from \"aws-cdk-lib\";\nimport * as sso from \"aws-cdk-lib/aws-sso\";\nimport { CDK } from \"@jaypie/cdk\";\n\n/**\n * Account categories for SSO group assignments\n */\nexport interface JaypieSsoAccountMap {\n development: string[];\n management: string[];\n operations: string[];\n production: string[];\n sandbox: string[];\n security: string[];\n stage: string[];\n}\n\n/**\n * Mapping of group types to Google Workspace group GUIDs\n */\nexport interface JaypieSsoGroupMap {\n administrators: string;\n analysts: string;\n developers: string;\n}\n\n/**\n * IAM Policy Statement structure for inline policies\n */\nexport interface PolicyStatement {\n Effect: \"Allow\" | \"Deny\";\n Action: string[] | string;\n Resource: string[] | string;\n Condition?: Record<string, unknown>;\n}\n\n/**\n * Properties for the JaypieSsoGroups construct\n */\nexport interface JaypieSsoGroupsProps {\n /**\n * ARN of the IAM Identity Center instance\n */\n instanceArn: string;\n\n /**\n * Mapping of account categories to AWS account IDs\n */\n accountMap: JaypieSsoAccountMap;\n\n /**\n * Mapping of group types to Google Workspace group GUIDs\n */\n groupMap: JaypieSsoGroupMap;\n\n /**\n * Additional inline policy statements to append to each group's permission set\n * Each group can have its own set of policy statements that will be merged\n * with the default policies.\n */\n inlinePolicyStatements?: {\n administrators?: PolicyStatement[];\n analysts?: PolicyStatement[];\n developers?: PolicyStatement[];\n };\n}\n\n/**\n * Permission set types with corresponding AWS managed policies\n */\nexport enum PermissionSetType {\n ADMINISTRATOR = \"Administrator\",\n ANALYST = \"Analyst\",\n DEVELOPER = \"Developer\",\n}\n\n/**\n * Construct to simplify AWS SSO group management.\n * This construct encapsulates the complexity of creating permission sets\n * and assigning them to groups across multiple AWS accounts.\n */\nexport class JaypieSsoGroups extends Construct {\n private readonly permissionSets: Record<\n PermissionSetType,\n sso.CfnPermissionSet\n > = {} as Record<PermissionSetType, sso.CfnPermissionSet>;\n private readonly instanceArn: string;\n private readonly props: JaypieSsoGroupsProps;\n\n constructor(scope: Construct, id: string, props: JaypieSsoGroupsProps) {\n super(scope, id);\n\n this.instanceArn = props.instanceArn;\n this.props = props;\n\n // Create the permission sets\n this.createAdministratorPermissionSet();\n this.createAnalystPermissionSet();\n this.createDeveloperPermissionSet();\n\n // Create the assignments\n this.createPermissionSetAssignments(props);\n }\n\n /**\n * Creates the Administrator permission set with AdministratorAccess policy\n * and billing access\n */\n private createAdministratorPermissionSet(): void {\n const defaultInlinePolicy = {\n Version: \"2012-10-17\",\n Statement: [\n {\n Effect: \"Allow\",\n Action: [\n \"aws-portal:*\",\n \"budgets:*\",\n \"ce:*\",\n \"cost-optimization-hub:*\",\n ],\n Resource: \"*\",\n },\n ],\n };\n\n // Merge with any additional policy statements provided for administrators\n const mergedPolicy = this.mergeInlinePolicies(\n defaultInlinePolicy,\n this.props?.inlinePolicyStatements?.administrators,\n );\n\n const permissionSet = new sso.CfnPermissionSet(\n this,\n \"AdministratorPermissionSet\",\n {\n instanceArn: this.instanceArn,\n name: PermissionSetType.ADMINISTRATOR,\n description:\n \"Full administrative access to all AWS services and resources\",\n sessionDuration: Duration.hours(8).toIsoString(),\n managedPolicies: [\"arn:aws:iam::aws:policy/AdministratorAccess\"],\n inlinePolicy: mergedPolicy,\n },\n );\n\n Tags.of(permissionSet).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n\n this.permissionSets[PermissionSetType.ADMINISTRATOR] = permissionSet;\n }\n\n /**\n * Creates the Analyst permission set with ReadOnlyAccess policy\n * and limited write access\n */\n private createAnalystPermissionSet(): void {\n const defaultInlinePolicy = {\n Version: \"2012-10-17\",\n Statement: [\n {\n Effect: \"Allow\",\n Action: [\n \"aws-portal:ViewBilling\",\n \"aws-portal:ViewAccount\",\n \"budgets:ViewBudget\",\n \"cloudwatch:PutDashboard\",\n \"cloudwatch:PutMetricData\",\n \"s3:PutObject\",\n \"s3:GetObject\",\n \"s3:ListBucket\",\n ],\n Resource: \"*\",\n },\n ],\n };\n\n // Merge with any additional policy statements provided for analysts\n const mergedPolicy = this.mergeInlinePolicies(\n defaultInlinePolicy,\n this.props?.inlinePolicyStatements?.analysts,\n );\n\n const permissionSet = new sso.CfnPermissionSet(\n this,\n \"AnalystPermissionSet\",\n {\n instanceArn: this.instanceArn,\n name: PermissionSetType.ANALYST,\n description:\n \"Read-only access with billing visibility and limited write access\",\n sessionDuration: Duration.hours(4).toIsoString(),\n managedPolicies: [\"arn:aws:iam::aws:policy/ReadOnlyAccess\"],\n inlinePolicy: mergedPolicy,\n },\n );\n\n Tags.of(permissionSet).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n\n this.permissionSets[PermissionSetType.ANALYST] = permissionSet;\n }\n\n /**\n * Creates the Developer permission set with SystemAdministrator policy\n * and expanded write access\n */\n private createDeveloperPermissionSet(): void {\n const defaultInlinePolicy = {\n Version: \"2012-10-17\",\n Statement: [\n {\n Effect: \"Allow\",\n Action: [\n \"cloudwatch:*\",\n \"logs:*\",\n \"lambda:*\",\n \"apigateway:*\",\n \"dynamodb:*\",\n \"s3:*\",\n \"sns:*\",\n \"sqs:*\",\n \"events:*\",\n \"ecr:*\",\n \"ecs:*\",\n \"codebuild:*\",\n ],\n Resource: \"*\",\n },\n {\n Effect: \"Deny\",\n Action: [\n \"iam:*User*\",\n \"iam:*Role*\",\n \"iam:*Policy*\",\n \"organizations:*\",\n \"account:*\",\n ],\n Resource: \"*\",\n },\n ],\n };\n\n // Merge with any additional policy statements provided for developers\n const mergedPolicy = this.mergeInlinePolicies(\n defaultInlinePolicy,\n this.props?.inlinePolicyStatements?.developers,\n );\n\n const permissionSet = new sso.CfnPermissionSet(\n this,\n \"DeveloperPermissionSet\",\n {\n instanceArn: this.instanceArn,\n name: PermissionSetType.DEVELOPER,\n description:\n \"System administrator access with expanded write permissions\",\n sessionDuration: Duration.hours(8).toIsoString(),\n managedPolicies: [\n \"arn:aws:iam::aws:policy/job-function/SystemAdministrator\",\n ],\n inlinePolicy: mergedPolicy,\n },\n );\n\n Tags.of(permissionSet).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n\n this.permissionSets[PermissionSetType.DEVELOPER] = permissionSet;\n }\n\n /**\n * Gets the permission set for the specified type\n */\n public getPermissionSet(type: PermissionSetType): sso.CfnPermissionSet {\n return this.permissionSets[type];\n }\n\n /**\n * Merges default inline policies with additional user-provided policy statements\n *\n * @param defaultPolicy - The default policy object with Version and Statement properties\n * @param additionalStatements - Optional additional policy statements to merge\n * @returns The merged policy object\n */\n private mergeInlinePolicies(\n defaultPolicy: Record<string, unknown>,\n additionalStatements?: PolicyStatement[],\n ): Record<string, unknown> {\n if (!additionalStatements || additionalStatements.length === 0) {\n return defaultPolicy;\n }\n\n // Create a deep copy of the default policy to avoid modifying the original\n const mergedPolicy = JSON.parse(JSON.stringify(defaultPolicy));\n\n // Add the additional statements to the existing statements\n mergedPolicy.Statement = [\n ...mergedPolicy.Statement,\n ...additionalStatements,\n ];\n\n return mergedPolicy;\n }\n\n /**\n * Creates assignments between permission sets, groups, and accounts\n * based on the provided configuration\n */\n private createPermissionSetAssignments(props: JaypieSsoGroupsProps): void {\n // Administrator assignments\n this.assignAdministratorPermissions(props);\n\n // Analyst assignments\n this.assignAnalystPermissions(props);\n\n // Developer assignments\n this.assignDeveloperPermissions(props);\n }\n\n /**\n * Assigns Administrator permissions to appropriate accounts\n */\n private assignAdministratorPermissions(props: JaypieSsoGroupsProps): void {\n const administratorGroup = props.groupMap.administrators;\n const administratorPermissionSet =\n this.permissionSets[PermissionSetType.ADMINISTRATOR];\n\n // Administrators get access to all accounts\n const allAccounts = [\n ...props.accountMap.development,\n ...props.accountMap.management,\n ...props.accountMap.operations,\n ...props.accountMap.production,\n ...props.accountMap.sandbox,\n ...props.accountMap.security,\n ...props.accountMap.stage,\n ];\n\n // Create assignments for each account\n allAccounts.forEach((accountId, index) => {\n const assignment = new sso.CfnAssignment(\n this,\n `AdministratorAssignment${index}`,\n {\n instanceArn: this.instanceArn,\n permissionSetArn: administratorPermissionSet.attrPermissionSetArn,\n principalId: administratorGroup,\n principalType: \"GROUP\",\n targetId: accountId,\n targetType: \"AWS_ACCOUNT\",\n },\n );\n\n Tags.of(assignment).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n Tags.of(assignment).add(\"Group\", \"administrators\");\n });\n }\n\n /**\n * Assigns Analyst permissions to appropriate accounts\n */\n private assignAnalystPermissions(props: JaypieSsoGroupsProps): void {\n const analystGroup = props.groupMap.analysts;\n const analystPermissionSet = this.permissionSets[PermissionSetType.ANALYST];\n\n // Analysts get access to development, management, sandbox, and stage accounts\n const analystAccounts = [\n ...props.accountMap.development,\n ...props.accountMap.management,\n ...props.accountMap.sandbox,\n ...props.accountMap.stage,\n ];\n\n // Create assignments for each account\n analystAccounts.forEach((accountId, index) => {\n const assignment = new sso.CfnAssignment(\n this,\n `AnalystAssignment${index}`,\n {\n instanceArn: this.instanceArn,\n permissionSetArn: analystPermissionSet.attrPermissionSetArn,\n principalId: analystGroup,\n principalType: \"GROUP\",\n targetId: accountId,\n targetType: \"AWS_ACCOUNT\",\n },\n );\n\n Tags.of(assignment).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n Tags.of(assignment).add(\"Group\", \"analysts\");\n });\n }\n\n /**\n * Assigns Developer permissions to appropriate accounts\n */\n private assignDeveloperPermissions(props: JaypieSsoGroupsProps): void {\n const developerGroup = props.groupMap.developers;\n const developerPermissionSet =\n this.permissionSets[PermissionSetType.DEVELOPER];\n\n // Developers get access to development, sandbox, and stage accounts\n const developerAccounts = [\n ...props.accountMap.development,\n ...props.accountMap.sandbox,\n ...props.accountMap.stage,\n ];\n\n // Create assignments for each account\n developerAccounts.forEach((accountId, index) => {\n const assignment = new sso.CfnAssignment(\n this,\n `DeveloperAssignment${index}`,\n {\n instanceArn: this.instanceArn,\n permissionSetArn: developerPermissionSet.attrPermissionSetArn,\n principalId: developerGroup,\n principalType: \"GROUP\",\n targetId: accountId,\n targetType: \"AWS_ACCOUNT\",\n },\n );\n\n Tags.of(assignment).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n Tags.of(assignment).add(\"Group\", \"developers\");\n });\n }\n}\n","import { Construct } from \"constructs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport { JaypieEnvSecret, JaypieEnvSecretProps } from \"./JaypieEnvSecret\";\n\nexport class JaypieTraceSigningKeySecret extends JaypieEnvSecret {\n constructor(\n scope: Construct,\n id = \"TraceSigningKey\",\n props?: JaypieEnvSecretProps,\n ) {\n const defaultProps: JaypieEnvSecretProps = {\n envKey: \"TRACE_SIGNING_KEY\",\n roleTag: CDK.ROLE.API,\n vendorTag: CDK.VENDOR.KNOWTRACE,\n ...props,\n };\n\n super(scope, id, defaultProps);\n }\n}\n"],"names":["CDK","Construct","Fn","secretsmanager","CfnOutput","SecretValue","Tags","Stack","LogGroup","RetentionDays","cdk","ServicePrincipal","FilterPattern","HostedZone","lambda","Duration","sqs","lambdaEventSources","PermissionSetType","sso"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAyBA;AACA,SAAS,kBAAkB,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,EAAA;IAC3C,QACE,GAAG,CAAC,WAAW,KAAKA,SAAG,CAAC,GAAG,CAAC,QAAQ;QACpC,CAAC,CAAC,GAAG,CAAC,gBAAgB;AACtB,2BAAmB,GAAG,CAAC,WAAW,KAAK,WAAW;AAClD,2BAAmB,CAAC,CAAC,GAAG,CAAC,iBAAiB;AAE9C;AAEA,SAAS,kBAAkB,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,EAAA;IAC3C,OAAO,GAAG,CAAC,WAAW,KAAKA,SAAG,CAAC,GAAG,CAAC,OAAO;AAC5C;AAEA,SAAS,SAAS,CAAC,IAAY,EAAA;IAC7B,OAAO,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,EAAE,CAAC;AAC5C;AAEA,SAAS,aAAa,CAAC,IAAY,EAAE,GAAG,GAAG,OAAO,CAAC,GAAG,EAAA;AACpD,IAAA,IAAI,OAAO;AACX,IAAA,IAAI,kBAAkB,CAAC,GAAG,CAAC,EAAE;AAC3B,QAAA,OAAO,GAAG,CAAA,IAAA,EAAO,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,IAAI,CAAA,CAAE;;AAE7D,QAAA,OAAO,SAAS,CAAC,OAAO,CAAC;;SACpB;AACL,QAAA,IAAI,kBAAkB,CAAC,GAAG,CAAC,EAAE;AAC3B,YAAA,OAAO,GAAG,CAAA,IAAA,EAAOA,SAAG,CAAC,GAAG,CAAC,OAAO,CAAI,CAAA,EAAA,GAAG,CAAC,WAAW,CAAI,CAAA,EAAA,IAAI,EAAE;;aACxD;AACL,YAAA,OAAO,GAAG,CAAA,IAAA,EAAO,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,IAAI,CAAA,CAAE;;;AAGjE,IAAA,OAAO,SAAS,CAAC,OAAO,CAAC;AAC3B;AAYM,MAAO,eAAgB,SAAQC,oBAAS,CAAA;AAI5C,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA4B,EAAA;AACpE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;QAEhB,MAAM,EACJ,QAAQ,GAAG,kBAAkB,EAAE,EAC/B,MAAM,EACN,MAAM,EAAE,WAAW,EACnB,QAAQ,GAAG,kBAAkB,EAAE,EAC/B,OAAO,EACP,SAAS,EACT,KAAK,GACN,GAAG,KAAK,IAAI,EAAE;AAEf,QAAA,IAAI,CAAC,OAAO,GAAG,MAAM;AAErB,QAAA,IAAI,UAAU;QAEd,IAAI,CAAC,WAAW,EAAE;AAChB,YAAA,UAAU,GAAG,aAAa,CAAC,EAAE,CAAC;;aACzB;AACL,YAAA,UAAU,GAAG,SAAS,CAAC,WAAW,CAAC;;QAGrC,IAAI,QAAQ,EAAE;YACZ,MAAM,UAAU,GAAGC,MAAE,CAAC,WAAW,CAAC,UAAU,CAAC;AAC7C,YAAA,IAAI,CAAC,OAAO,GAAGC,yBAAc,CAAC,MAAM,CAAC,gBAAgB,CACnD,IAAI,EACJ,EAAE,EACF,UAAU,CACX;;AAGD,YAAA,IAAIC,aAAS,CAAC,IAAI,EAAE,cAAc,EAAE;AAClC,gBAAA,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU;AAC/B,aAAA,CAAC;;aACG;YACL,MAAM,WAAW,GACf,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,KAAK;AAE7D,YAAA,MAAM,WAAW,GAA+B;AAC9C,gBAAA,iBAAiB,EAAE;AACjB,sBAAEC,eAAW,CAAC,eAAe,CAAC,WAAW;AACzC,sBAAE,SAAS;aACd;AAED,YAAA,IAAI,CAAC,OAAO,GAAG,IAAIF,yBAAc,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,EAAE,WAAW,CAAC;YAE/D,IAAI,OAAO,EAAE;AACX,gBAAAG,QAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC;;YAGlD,IAAI,SAAS,EAAE;AACb,gBAAAM,QAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC;;YAGtD,IAAI,QAAQ,EAAE;AACZ,gBAAA,IAAII,aAAS,CAAC,IAAI,EAAE,cAAc,EAAE;AAClC,oBAAA,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU;oBAC9B,UAAU;AACX,iBAAA,CAAC;;iBACG;AACL,gBAAA,IAAIA,aAAS,CAAC,IAAI,EAAE,aAAa,EAAE;AACjC,oBAAA,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU;AAC/B,iBAAA,CAAC;;;;;AAMR,IAAA,IAAW,KAAK,GAAA;AACd,QAAA,OAAOG,SAAK,CAAC,EAAE,CAAC,IAAI,CAAC;;AAGvB,IAAA,IAAW,GAAG,GAAA;QACZ,OAAO;YACL,OAAO,EAAEA,SAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,OAAO;YAC/B,MAAM,EAAEA,SAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM;SAC9B;;AAGI,IAAA,kBAAkB,CAAC,MAAqB,EAAA;AAC7C,QAAA,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,CAAC;;;AAIzC,IAAA,IAAW,SAAS,GAAA;AAClB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS;;AAG/B,IAAA,IAAW,UAAU,GAAA;AACnB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU;;AAGhC,IAAA,IAAW,aAAa,GAAA;AACtB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,aAAa;;AAGnC,IAAA,IAAW,aAAa,GAAA;AACtB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,aAAa;;AAGnC,IAAA,IAAW,WAAW,GAAA;AACpB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW;;AAG1B,IAAA,mBAAmB,CAAC,GAAW,EAAA;QACpC,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,GAAG,CAAC;;IAGvC,SAAS,CAAC,OAAmB,EAAE,aAAwB,EAAA;QAC5D,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,OAAO,EAAE,aAAa,CAAC;;AAGhD,IAAA,UAAU,CAAC,OAAmB,EAAA;QACnC,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC;;IAGlC,mBAAmB,CACxB,EAAU,EACV,OAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,EAAE,EAAE,OAAO,CAAC;;AAG/C,IAAA,mBAAmB,CACxB,SAA0B,EAAA;QAE1B,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,SAAS,CAAC;;IAG7C,qBAAqB,GAAA;AAC1B,QAAA,IAAI,CAAC,OAAO,CAAC,qBAAqB,EAAE;;AAG/B,IAAA,MAAM,CAAC,MAA+B,EAAA;QAC3C,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC;;AAGpC,IAAA,IAAW,MAAM,GAAA;QACf,OAAO,IAAI,CAAC,OAAO;;AAEtB;;ACzMD,MAAM,OAAO,GAAG;AACd,IAAA,OAAO,EAAE,uBAAuB;CACxB;AAsBJ,MAAO,gBAAiB,SAAQN,oBAAS,CAAA;AAI7C;;AAEG;AACH,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA4B,EAAA;AACpE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;QAEhB,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,OAAO,EAAE,GAAG,KAAK;QAChD,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,IAAID,SAAG,CAAC,OAAO,CAAC,cAAc;;QAG3D,IAAI,CAAC,QAAQ,GAAG,IAAIQ,gBAAQ,CAAC,IAAI,EAAE,UAAU,EAAE;AAC7C,YAAA,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC;kBACtB,gBAAgB,QAAQ,CAAA,CAAA,EAAI,OAAO,CAAC,GAAG,CAAC,aAAa,CAAE;kBACvD,CAAgB,aAAA,EAAA,QAAQ,CAAE,CAAA;YAC9B,SAAS,EAAEC,qBAAa,CAAC,QAAQ;AAClC,SAAA,CAAC;;QAGFC,cAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,CAACV,SAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;QACxDU,cAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,CAACV,SAAG,CAAC,GAAG,CAAC,IAAI,EAAEA,SAAG,CAAC,IAAI,CAAC,UAAU,CAAC;QACjE,IAAI,OAAO,EAAE;YACXU,cAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,CAACV,SAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;;;AAI1D,QAAA,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAIW,uBAAgB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;;QAG/D,IAAI,WAAW,EAAE;AACf,YAAA,IAAI,CAAC,QAAQ,CAAC,qBAAqB,CAAC,0BAA0B,EAAE;gBAC9D,WAAW;AACX,gBAAA,aAAa,EAAEC,qBAAa,CAAC,SAAS,EAAE;AACzC,aAAA,CAAC;;;QAIJ,IAAI,CAAC,UAAU,GAAG,IAAIC,qBAAU,CAAC,IAAI,EAAE,YAAY,EAAE;AACnD,YAAA,oBAAoB,EAAE,IAAI,CAAC,QAAQ,CAAC,WAAW;YAC/C,QAAQ;AACT,SAAA,CAAC;;QAGFH,cAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,GAAG,CAACV,SAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;QAC1DU,cAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,GAAG,CAACV,SAAG,CAAC,GAAG,CAAC,IAAI,EAAEA,SAAG,CAAC,IAAI,CAAC,UAAU,CAAC;QACnE,IAAI,OAAO,EAAE;YACXU,cAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,GAAG,CAACV,SAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;;;AAG/D;;ACrFK,MAAO,mBAAoB,SAAQ,eAAe,CAAA;AACtD,IAAA,WAAA,CACE,KAAgB,EAChB,EAAE,GAAG,uBAAuB,EAC5B,KAA4B,EAAA;AAE5B,QAAA,MAAM,YAAY,GAAyB;AACzC,YAAA,MAAM,EAAE,aAAa;AACrB,YAAA,OAAO,EAAEA,SAAG,CAAC,IAAI,CAAC,OAAO;AACzB,YAAA,SAAS,EAAEA,SAAG,CAAC,MAAM,CAAC,OAAO;AAC7B,YAAA,GAAG,KAAK;SACT;AAED,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,YAAY,CAAC;;AAEjC;;ACfK,MAAO,kBAAmB,SAAQ,eAAe,CAAA;AACrD,IAAA,WAAA,CACE,KAAgB,EAChB,EAAE,GAAG,cAAc,EACnB,KAA4B,EAAA;AAE5B,QAAA,MAAM,YAAY,GAAyB;AACzC,YAAA,MAAM,EAAE,gBAAgB;AACxB,YAAA,OAAO,EAAEA,SAAG,CAAC,IAAI,CAAC,UAAU;AAC5B,YAAA,SAAS,EAAEA,SAAG,CAAC,MAAM,CAAC,MAAM;AAC5B,YAAA,GAAG,KAAK;SACT;AAED,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,YAAY,CAAC;;AAEjC;;ACaK,MAAO,kBACX,SAAQC,oBAAS,CAAA;AAOjB,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA8B,EAAA;AACtE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;AAEhB,QAAA,MAAM,EACJ,SAAS,GAAG,CAAC,EACb,IAAI,EACJ,WAAW,GAAG,EAAE,EAChB,UAAU,GAAG,EAAE,EACf,IAAI,GAAG,IAAI,EACX,OAAO,GAAG,eAAe,EACzB,MAAM,GAAG,EAAE,EACX,YAAY,GAAGD,SAAG,CAAC,MAAM,CAAC,aAAa,EACvC,UAAU,GAAGA,SAAG,CAAC,MAAM,CAAC,WAAW,EACnC,gBAAgB,EAChB,4BAA4B,EAC5B,OAAO,EACP,OAAO,GAAGc,iBAAM,CAAC,OAAO,CAAC,WAAW,EACpC,OAAO,GAAG,EAAE,EACZ,OAAO,GAAGC,YAAQ,CAAC,OAAO,CAACf,SAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,EACtD,SAAS,EACT,iBAAiB,GAAGe,YAAQ,CAAC,OAAO,CAACf,SAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,GACjE,GAAG,KAAK;QAET,IAAI,CAAC,KAAK,GAAG,OAAO,IAAI,KAAK,QAAQ,GAAGc,iBAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,IAAI;;QAG1E,IAAI,CAAC,MAAM,GAAG,IAAIE,cAAG,CAAC,KAAK,CAAC,IAAI,EAAE,OAAO,EAAE;YACzC,IAAI;AACJ,YAAA,iBAAiB,EACf,OAAO,iBAAiB,KAAK;AAC3B,kBAAED,YAAQ,CAAC,OAAO,CAAC,iBAAiB;AACpC,kBAAE,iBAAiB;AACxB,SAAA,CAAC;QACF,IAAI,OAAO,EAAE;AACX,YAAAT,QAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC;;QAEjD,IAAI,SAAS,EAAE;AACb,YAAAM,QAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC;;;QAIrD,MAAM,kBAAkB,GAAG,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,MAAM,CAC1D,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM;AACvB,YAAA,GAAG,GAAG;AACN,YAAA,CAAC,UAAU,GAAG,CAAA,CAAE,GAAG,MAAM,CAAC,UAAU;SACrC,CAAC,EACF,EAAE,CACH;;QAGD,MAAM,wBAAwB,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,MAAM,KAAI;AAC9D,YAAA,IAAI,MAAM,CAAC,MAAM,EAAE;gBACjB,OAAO;AACL,oBAAA,GAAG,GAAG;oBACN,CAAC,CAAA,OAAA,EAAU,MAAM,CAAC,MAAM,EAAE,GAAG,MAAM,CAAC,UAAU;iBAC/C;;AAEH,YAAA,OAAO,GAAG;SACX,EAAE,EAAE,CAAC;;QAGN,IAAI,CAAC,OAAO,GAAG,IAAIc,iBAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,UAAU,EAAE;YACnD,IAAI,EAAE,IAAI,CAAC,KAAK;AAChB,YAAA,WAAW,EAAE;AACX,gBAAA,iBAAiB,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;AACvC,gBAAA,GAAG,WAAW;AACd,gBAAA,GAAG,kBAAkB;AACrB,gBAAA,GAAG,wBAAwB;AAC5B,aAAA;YACD,OAAO;YACP,MAAM;YACN,YAAY;YACZ,UAAU;YACV,gBAAgB;YAChB,4BAA4B;YAC5B,OAAO;AACP,YAAA,OAAO,EACL,OAAO,OAAO,KAAK,QAAQ,GAAGC,YAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO;AACpE,SAAA,CAAC;;QAGF,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,KAAI;AAC3C,YAAA,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC;AAChC,SAAC,CAAC;;AAGF,QAAA,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,KAAI;AACzB,YAAA,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC;AACtB,YAAA,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC;AAChC,SAAC,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC;QAC9C,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC;AAC3C,QAAA,IAAI,CAAC,OAAO,CAAC,cAAc,CACzB,IAAIE,6BAAkB,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,EAAE;YACjD,SAAS;AACV,SAAA,CAAC,CACH;QACD,IAAI,OAAO,EAAE;AACX,YAAAX,QAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC;;QAElD,IAAI,SAAS,EAAE;AACb,YAAAM,QAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC;;;;AAKxD,IAAA,IAAW,KAAK,GAAA;QACd,OAAO,IAAI,CAAC,MAAM;;AAGpB,IAAA,IAAW,MAAM,GAAA;QACf,OAAO,IAAI,CAAC,OAAO;;AAGrB,IAAA,IAAW,IAAI,GAAA;QACb,OAAO,IAAI,CAAC,KAAK;;;AAInB,IAAA,IAAW,WAAW,GAAA;AACpB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW;;AAGjC,IAAA,IAAW,YAAY,GAAA;AACrB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY;;AAGlC,IAAA,IAAW,cAAc,GAAA;AACvB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc;;AAGpC,IAAA,IAAW,IAAI,GAAA;AACb,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI;;AAG1B,IAAA,IAAW,YAAY,GAAA;AACrB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY;;AAGlC,IAAA,IAAW,WAAW,GAAA;AACpB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW;;AAGjC,IAAA,IAAW,YAAY,GAAA;AACrB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY;;AAGlC,IAAA,IAAW,aAAa,GAAA;AACtB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,aAAa;;AAGnC,IAAA,IAAW,eAAe,GAAA;AACxB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe;;AAGrC,IAAA,IAAW,0BAA0B,GAAA;AACnC,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,0BAA0B;;AAGzC,IAAA,cAAc,CAAC,MAA2B,EAAA;AAC/C,QAAA,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,MAAM,CAAC;;IAG9B,qBAAqB,CAC1B,EAAU,EACV,OAAyC,EAAA;QAEzC,OAAO,IAAI,CAAC,OAAO,CAAC,qBAAqB,CAAC,EAAE,EAAE,OAAO,CAAC;;AAGjD,IAAA,cAAc,CACnB,OAAmC,EAAA;QAEnC,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,OAAO,CAAC;;IAGtC,aAAa,CAAC,EAAU,EAAE,UAA6B,EAAA;QAC5D,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,EAAE,UAAU,CAAC;;AAGrC,IAAA,eAAe,CACpB,SAAwD,EAAA;AAExD,QAAA,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,SAAS,CAAC;;AAGlC,IAAA,oBAAoB,CAAC,OAAwC,EAAA;AAClE,QAAA,IAAI,CAAC,OAAO,CAAC,oBAAoB,CAAC,OAAO,CAAC;;AAGrC,IAAA,WAAW,CAChB,OAAiD,EAAA;QAEjD,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC;;AAGnC,IAAA,6BAA6B,CAClC,kBAAoE,EAAA;QAEpE,OAAO,IAAI,CAAC,OAAO,CAAC,6BAA6B,CAAC,kBAAkB,CAAC;;AAGhE,IAAA,cAAc,CACnB,OAAiD,EAAA;QAEjD,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,OAAO,CAAC;;IAGtC,MAAM,CACX,UAAkB,EAClB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,EAAE,KAAK,CAAC;;AAGxC,IAAA,cAAc,CACnB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,KAAK,CAAC;;AAGpC,IAAA,YAAY,CACjB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,KAAK,CAAC;;AAGlC,IAAA,iBAAiB,CACtB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC,KAAK,CAAC;;AAGvC,IAAA,eAAe,CACpB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC;;;AAIrC,IAAA,wBAAwB,CAAC,OAAuB,EAAA;QACrD,OAAO,IAAI,CAAC,OAAO,CAAC,wBAAwB,CAAC,OAAO,CAAC;;IAGhD,kBAAkB,CACvB,OAAuB,EACvB,OAAuB,EAAA;QAEvB,OAAO,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,OAAO,EAAE,OAAO,CAAC;;AAG1D,IAAA,IAAW,GAAG,GAAA;QACZ,OAAO;YACL,OAAO,EAAEO,SAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,OAAO;YAC/B,MAAM,EAAEA,SAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM;SAC9B;;AAGH,IAAA,IAAW,KAAK,GAAA;AACd,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK;;AAGpB,IAAA,kBAAkB,CAAC,MAAqB,EAAA;AAC7C,QAAA,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,CAAC;AACvC,QAAA,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC,MAAM,CAAC;;;AAIxC,IAAA,IAAW,IAAI,GAAA;AACb,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI;;AAGzB,IAAA,IAAW,QAAQ,GAAA;AACjB,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ;;AAG7B,IAAA,IAAW,SAAS,GAAA;AAClB,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS;;AAG9B,IAAA,IAAW,QAAQ,GAAA;AACjB,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ;;AAG7B,IAAA,IAAW,mBAAmB,GAAA;AAC5B,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,mBAAmB;;AAGjC,IAAA,mBAAmB,CACxB,SAA8B,EAAA;QAE9B,OAAO,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC,SAAS,CAAC;;AAG5C,IAAA,KAAK,CAAC,OAAuB,EAAE,GAAG,OAAiB,EAAA;QACxD,OAAO,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,GAAG,OAAO,CAAC;;AAGxC,IAAA,oBAAoB,CAAC,OAAuB,EAAA;QACjD,OAAO,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,OAAO,CAAC;;AAG3C,IAAA,UAAU,CAAC,OAAuB,EAAA;QACvC,OAAO,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC;;AAGjC,IAAA,iBAAiB,CAAC,OAAuB,EAAA;QAC9C,OAAO,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,OAAO,CAAC;;;AAIxC,IAAA,mCAAmC,CACxC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,mCAAmC,CAAC,KAAK,CAAC;;AAGxD,IAAA,wCAAwC,CAC7C,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,wCAAwC,CAAC,KAAK,CAAC;;AAG7D,IAAA,2CAA2C,CAChD,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,2CAA2C,CAAC,KAAK,CAAC;;AAGhE,IAAA,wCAAwC,CAC7C,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,wCAAwC,CAAC,KAAK,CAAC;;AAG7D,IAAA,2BAA2B,CAChC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,2BAA2B,CAAC,KAAK,CAAC;;AAGhD,IAAA,6BAA6B,CAClC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,6BAA6B,CAAC,KAAK,CAAC;;AAGlD,IAAA,8BAA8B,CACnC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,8BAA8B,CAAC,KAAK,CAAC;;AAGnD,IAAA,0BAA0B,CAC/B,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,0BAA0B,CAAC,KAAK,CAAC;;AAG/C,IAAA,qBAAqB,CAC1B,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC,KAAK,CAAC;;AAElD;;ACjVD;;AAEG;AACSW;AAAZ,CAAA,UAAY,iBAAiB,EAAA;AAC3B,IAAA,iBAAA,CAAA,eAAA,CAAA,GAAA,eAA+B;AAC/B,IAAA,iBAAA,CAAA,SAAA,CAAA,GAAA,SAAmB;AACnB,IAAA,iBAAA,CAAA,WAAA,CAAA,GAAA,WAAuB;AACzB,CAAC,EAJWA,yBAAiB,KAAjBA,yBAAiB,GAI5B,EAAA,CAAA,CAAA;AAED;;;;AAIG;AACG,MAAO,eAAgB,SAAQjB,oBAAS,CAAA;AAQ5C,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA2B,EAAA;AACnE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;QARD,IAAc,CAAA,cAAA,GAG3B,EAAqD;AAOvD,QAAA,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC,WAAW;AACpC,QAAA,IAAI,CAAC,KAAK,GAAG,KAAK;;QAGlB,IAAI,CAAC,gCAAgC,EAAE;QACvC,IAAI,CAAC,0BAA0B,EAAE;QACjC,IAAI,CAAC,4BAA4B,EAAE;;AAGnC,QAAA,IAAI,CAAC,8BAA8B,CAAC,KAAK,CAAC;;AAG5C;;;AAGG;IACK,gCAAgC,GAAA;AACtC,QAAA,MAAM,mBAAmB,GAAG;AAC1B,YAAA,OAAO,EAAE,YAAY;AACrB,YAAA,SAAS,EAAE;AACT,gBAAA;AACE,oBAAA,MAAM,EAAE,OAAO;AACf,oBAAA,MAAM,EAAE;wBACN,cAAc;wBACd,WAAW;wBACX,MAAM;wBACN,yBAAyB;AAC1B,qBAAA;AACD,oBAAA,QAAQ,EAAE,GAAG;AACd,iBAAA;AACF,aAAA;SACF;;AAGD,QAAA,MAAM,YAAY,GAAG,IAAI,CAAC,mBAAmB,CAC3C,mBAAmB,EACnB,IAAI,CAAC,KAAK,EAAE,sBAAsB,EAAE,cAAc,CACnD;QAED,MAAM,aAAa,GAAG,IAAIkB,cAAG,CAAC,gBAAgB,CAC5C,IAAI,EACJ,4BAA4B,EAC5B;YACE,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,IAAI,EAAED,yBAAiB,CAAC,aAAa;AACrC,YAAA,WAAW,EACT,8DAA8D;YAChE,eAAe,EAAEH,YAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE;YAChD,eAAe,EAAE,CAAC,6CAA6C,CAAC;AAChE,YAAA,YAAY,EAAE,YAAY;AAC3B,SAAA,CACF;QAEDT,QAAI,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,OAAO,EAAEA,SAAG,CAAC,OAAO,CAAC,GAAG,CAAC;QAE5D,IAAI,CAAC,cAAc,CAACkB,yBAAiB,CAAC,aAAa,CAAC,GAAG,aAAa;;AAGtE;;;AAGG;IACK,0BAA0B,GAAA;AAChC,QAAA,MAAM,mBAAmB,GAAG;AAC1B,YAAA,OAAO,EAAE,YAAY;AACrB,YAAA,SAAS,EAAE;AACT,gBAAA;AACE,oBAAA,MAAM,EAAE,OAAO;AACf,oBAAA,MAAM,EAAE;wBACN,wBAAwB;wBACxB,wBAAwB;wBACxB,oBAAoB;wBACpB,yBAAyB;wBACzB,0BAA0B;wBAC1B,cAAc;wBACd,cAAc;wBACd,eAAe;AAChB,qBAAA;AACD,oBAAA,QAAQ,EAAE,GAAG;AACd,iBAAA;AACF,aAAA;SACF;;AAGD,QAAA,MAAM,YAAY,GAAG,IAAI,CAAC,mBAAmB,CAC3C,mBAAmB,EACnB,IAAI,CAAC,KAAK,EAAE,sBAAsB,EAAE,QAAQ,CAC7C;QAED,MAAM,aAAa,GAAG,IAAIC,cAAG,CAAC,gBAAgB,CAC5C,IAAI,EACJ,sBAAsB,EACtB;YACE,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,IAAI,EAAED,yBAAiB,CAAC,OAAO;AAC/B,YAAA,WAAW,EACT,mEAAmE;YACrE,eAAe,EAAEH,YAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE;YAChD,eAAe,EAAE,CAAC,wCAAwC,CAAC;AAC3D,YAAA,YAAY,EAAE,YAAY;AAC3B,SAAA,CACF;QAEDT,QAAI,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,OAAO,EAAEA,SAAG,CAAC,OAAO,CAAC,GAAG,CAAC;QAE5D,IAAI,CAAC,cAAc,CAACkB,yBAAiB,CAAC,OAAO,CAAC,GAAG,aAAa;;AAGhE;;;AAGG;IACK,4BAA4B,GAAA;AAClC,QAAA,MAAM,mBAAmB,GAAG;AAC1B,YAAA,OAAO,EAAE,YAAY;AACrB,YAAA,SAAS,EAAE;AACT,gBAAA;AACE,oBAAA,MAAM,EAAE,OAAO;AACf,oBAAA,MAAM,EAAE;wBACN,cAAc;wBACd,QAAQ;wBACR,UAAU;wBACV,cAAc;wBACd,YAAY;wBACZ,MAAM;wBACN,OAAO;wBACP,OAAO;wBACP,UAAU;wBACV,OAAO;wBACP,OAAO;wBACP,aAAa;AACd,qBAAA;AACD,oBAAA,QAAQ,EAAE,GAAG;AACd,iBAAA;AACD,gBAAA;AACE,oBAAA,MAAM,EAAE,MAAM;AACd,oBAAA,MAAM,EAAE;wBACN,YAAY;wBACZ,YAAY;wBACZ,cAAc;wBACd,iBAAiB;wBACjB,WAAW;AACZ,qBAAA;AACD,oBAAA,QAAQ,EAAE,GAAG;AACd,iBAAA;AACF,aAAA;SACF;;AAGD,QAAA,MAAM,YAAY,GAAG,IAAI,CAAC,mBAAmB,CAC3C,mBAAmB,EACnB,IAAI,CAAC,KAAK,EAAE,sBAAsB,EAAE,UAAU,CAC/C;QAED,MAAM,aAAa,GAAG,IAAIC,cAAG,CAAC,gBAAgB,CAC5C,IAAI,EACJ,wBAAwB,EACxB;YACE,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,IAAI,EAAED,yBAAiB,CAAC,SAAS;AACjC,YAAA,WAAW,EACT,6DAA6D;YAC/D,eAAe,EAAEH,YAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE;AAChD,YAAA,eAAe,EAAE;gBACf,0DAA0D;AAC3D,aAAA;AACD,YAAA,YAAY,EAAE,YAAY;AAC3B,SAAA,CACF;QAEDT,QAAI,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,OAAO,EAAEA,SAAG,CAAC,OAAO,CAAC,GAAG,CAAC;QAE5D,IAAI,CAAC,cAAc,CAACkB,yBAAiB,CAAC,SAAS,CAAC,GAAG,aAAa;;AAGlE;;AAEG;AACI,IAAA,gBAAgB,CAAC,IAAuB,EAAA;AAC7C,QAAA,OAAO,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC;;AAGlC;;;;;;AAMG;IACK,mBAAmB,CACzB,aAAsC,EACtC,oBAAwC,EAAA;QAExC,IAAI,CAAC,oBAAoB,IAAI,oBAAoB,CAAC,MAAM,KAAK,CAAC,EAAE;AAC9D,YAAA,OAAO,aAAa;;;AAItB,QAAA,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;;QAG9D,YAAY,CAAC,SAAS,GAAG;YACvB,GAAG,YAAY,CAAC,SAAS;AACzB,YAAA,GAAG,oBAAoB;SACxB;AAED,QAAA,OAAO,YAAY;;AAGrB;;;AAGG;AACK,IAAA,8BAA8B,CAAC,KAA2B,EAAA;;AAEhE,QAAA,IAAI,CAAC,8BAA8B,CAAC,KAAK,CAAC;;AAG1C,QAAA,IAAI,CAAC,wBAAwB,CAAC,KAAK,CAAC;;AAGpC,QAAA,IAAI,CAAC,0BAA0B,CAAC,KAAK,CAAC;;AAGxC;;AAEG;AACK,IAAA,8BAA8B,CAAC,KAA2B,EAAA;AAChE,QAAA,MAAM,kBAAkB,GAAG,KAAK,CAAC,QAAQ,CAAC,cAAc;QACxD,MAAM,0BAA0B,GAC9B,IAAI,CAAC,cAAc,CAACA,yBAAiB,CAAC,aAAa,CAAC;;AAGtD,QAAA,MAAM,WAAW,GAAG;AAClB,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,WAAW;AAC/B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,UAAU;AAC9B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,UAAU;AAC9B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,UAAU;AAC9B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,OAAO;AAC3B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,QAAQ;AAC5B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,KAAK;SAC1B;;QAGD,WAAW,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,KAAK,KAAI;AACvC,YAAA,MAAM,UAAU,GAAG,IAAIC,cAAG,CAAC,aAAa,CACtC,IAAI,EACJ,CAAA,uBAAA,EAA0B,KAAK,CAAA,CAAE,EACjC;gBACE,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,gBAAgB,EAAE,0BAA0B,CAAC,oBAAoB;AACjE,gBAAA,WAAW,EAAE,kBAAkB;AAC/B,gBAAA,aAAa,EAAE,OAAO;AACtB,gBAAA,QAAQ,EAAE,SAAS;AACnB,gBAAA,UAAU,EAAE,aAAa;AAC1B,aAAA,CACF;YAEDb,QAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,OAAO,EAAEA,SAAG,CAAC,OAAO,CAAC,GAAG,CAAC;AACzD,YAAAM,QAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,gBAAgB,CAAC;AACpD,SAAC,CAAC;;AAGJ;;AAEG;AACK,IAAA,wBAAwB,CAAC,KAA2B,EAAA;AAC1D,QAAA,MAAM,YAAY,GAAG,KAAK,CAAC,QAAQ,CAAC,QAAQ;QAC5C,MAAM,oBAAoB,GAAG,IAAI,CAAC,cAAc,CAACY,yBAAiB,CAAC,OAAO,CAAC;;AAG3E,QAAA,MAAM,eAAe,GAAG;AACtB,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,WAAW;AAC/B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,UAAU;AAC9B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,OAAO;AAC3B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,KAAK;SAC1B;;QAGD,eAAe,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,KAAK,KAAI;AAC3C,YAAA,MAAM,UAAU,GAAG,IAAIC,cAAG,CAAC,aAAa,CACtC,IAAI,EACJ,CAAA,iBAAA,EAAoB,KAAK,CAAA,CAAE,EAC3B;gBACE,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,gBAAgB,EAAE,oBAAoB,CAAC,oBAAoB;AAC3D,gBAAA,WAAW,EAAE,YAAY;AACzB,gBAAA,aAAa,EAAE,OAAO;AACtB,gBAAA,QAAQ,EAAE,SAAS;AACnB,gBAAA,UAAU,EAAE,aAAa;AAC1B,aAAA,CACF;YAEDb,QAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,OAAO,EAAEA,SAAG,CAAC,OAAO,CAAC,GAAG,CAAC;AACzD,YAAAM,QAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,UAAU,CAAC;AAC9C,SAAC,CAAC;;AAGJ;;AAEG;AACK,IAAA,0BAA0B,CAAC,KAA2B,EAAA;AAC5D,QAAA,MAAM,cAAc,GAAG,KAAK,CAAC,QAAQ,CAAC,UAAU;QAChD,MAAM,sBAAsB,GAC1B,IAAI,CAAC,cAAc,CAACY,yBAAiB,CAAC,SAAS,CAAC;;AAGlD,QAAA,MAAM,iBAAiB,GAAG;AACxB,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,WAAW;AAC/B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,OAAO;AAC3B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,KAAK;SAC1B;;QAGD,iBAAiB,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,KAAK,KAAI;AAC7C,YAAA,MAAM,UAAU,GAAG,IAAIC,cAAG,CAAC,aAAa,CACtC,IAAI,EACJ,CAAA,mBAAA,EAAsB,KAAK,CAAA,CAAE,EAC7B;gBACE,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,gBAAgB,EAAE,sBAAsB,CAAC,oBAAoB;AAC7D,gBAAA,WAAW,EAAE,cAAc;AAC3B,gBAAA,aAAa,EAAE,OAAO;AACtB,gBAAA,QAAQ,EAAE,SAAS;AACnB,gBAAA,UAAU,EAAE,aAAa;AAC1B,aAAA,CACF;YAEDb,QAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAACN,SAAG,CAAC,GAAG,CAAC,OAAO,EAAEA,SAAG,CAAC,OAAO,CAAC,GAAG,CAAC;AACzD,YAAAM,QAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,YAAY,CAAC;AAChD,SAAC,CAAC;;AAEL;;ACraK,MAAO,2BAA4B,SAAQ,eAAe,CAAA;AAC9D,IAAA,WAAA,CACE,KAAgB,EAChB,EAAE,GAAG,iBAAiB,EACtB,KAA4B,EAAA;AAE5B,QAAA,MAAM,YAAY,GAAyB;AACzC,YAAA,MAAM,EAAE,mBAAmB;AAC3B,YAAA,OAAO,EAAEN,SAAG,CAAC,IAAI,CAAC,GAAG;AACrB,YAAA,SAAS,EAAEA,SAAG,CAAC,MAAM,CAAC,SAAS;AAC/B,YAAA,GAAG,KAAK;SACT;AAED,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,YAAY,CAAC;;AAEjC;;;;;;;;;;"}
package/dist/esm/JaypieSsoGroups.d.ts CHANGED
@@ -20,6 +20,15 @@ export interface JaypieSsoGroupMap {
20
20
  analysts: string;
21
21
  developers: string;
22
22
  }
23
+ /**
24
+ * IAM Policy Statement structure for inline policies
25
+ */
26
+ export interface PolicyStatement {
27
+ Effect: "Allow" | "Deny";
28
+ Action: string[] | string;
29
+ Resource: string[] | string;
30
+ Condition?: Record<string, unknown>;
31
+ }
23
32
  /**
24
33
  * Properties for the JaypieSsoGroups construct
25
34
  */
@@ -36,6 +45,16 @@ export interface JaypieSsoGroupsProps {
36
45
  * Mapping of group types to Google Workspace group GUIDs
37
46
  */
38
47
  groupMap: JaypieSsoGroupMap;
48
+ /**
49
+ * Additional inline policy statements to append to each group's permission set
50
+ * Each group can have its own set of policy statements that will be merged
51
+ * with the default policies.
52
+ */
53
+ inlinePolicyStatements?: {
54
+ administrators?: PolicyStatement[];
55
+ analysts?: PolicyStatement[];
56
+ developers?: PolicyStatement[];
57
+ };
39
58
  }
40
59
  /**
41
60
  * Permission set types with corresponding AWS managed policies
@@ -53,6 +72,7 @@ export declare enum PermissionSetType {
53
72
  export declare class JaypieSsoGroups extends Construct {
54
73
  private readonly permissionSets;
55
74
  private readonly instanceArn;
75
+ private readonly props;
56
76
  constructor(scope: Construct, id: string, props: JaypieSsoGroupsProps);
57
77
  /**
58
78
  * Creates the Administrator permission set with AdministratorAccess policy
@@ -73,6 +93,14 @@ export declare class JaypieSsoGroups extends Construct {
73
93
  * Gets the permission set for the specified type
74
94
  */
75
95
  getPermissionSet(type: PermissionSetType): sso.CfnPermissionSet;
96
+ /**
97
+ * Merges default inline policies with additional user-provided policy statements
98
+ *
99
+ * @param defaultPolicy - The default policy object with Version and Statement properties
100
+ * @param additionalStatements - Optional additional policy statements to merge
101
+ * @returns The merged policy object
102
+ */
103
+ private mergeInlinePolicies;
76
104
  /**
77
105
  * Creates assignments between permission sets, groups, and accounts
78
106
  * based on the provided configuration
package/dist/esm/index.js CHANGED
@@ -469,6 +469,7 @@ class JaypieSsoGroups extends Construct {
469
469
  super(scope, id);
470
470
  this.permissionSets = {};
471
471
  this.instanceArn = props.instanceArn;
472
+ this.props = props;
472
473
  // Create the permission sets
473
474
  this.createAdministratorPermissionSet();
474
475
  this.createAnalystPermissionSet();
@@ -481,29 +482,30 @@ class JaypieSsoGroups extends Construct {
481
482
  * and billing access
482
483
  */
483
484
  createAdministratorPermissionSet() {
485
+ const defaultInlinePolicy = {
486
+ Version: "2012-10-17",
487
+ Statement: [
488
+ {
489
+ Effect: "Allow",
490
+ Action: [
491
+ "aws-portal:*",
492
+ "budgets:*",
493
+ "ce:*",
494
+ "cost-optimization-hub:*",
495
+ ],
496
+ Resource: "*",
497
+ },
498
+ ],
499
+ };
500
+ // Merge with any additional policy statements provided for administrators
501
+ const mergedPolicy = this.mergeInlinePolicies(defaultInlinePolicy, this.props?.inlinePolicyStatements?.administrators);
484
502
  const permissionSet = new sso.CfnPermissionSet(this, "AdministratorPermissionSet", {
485
503
  instanceArn: this.instanceArn,
486
504
  name: PermissionSetType.ADMINISTRATOR,
487
505
  description: "Full administrative access to all AWS services and resources",
488
506
  sessionDuration: Duration.hours(8).toIsoString(),
489
507
  managedPolicies: ["arn:aws:iam::aws:policy/AdministratorAccess"],
490
- inlinePolicy: {
491
- Version: "2012-10-17",
492
- Statement: [
493
- {
494
- Effect: "Allow",
495
- Action: [
496
- "aws-portal:ViewBilling",
497
- "aws-portal:ModifyBilling",
498
- "aws-portal:ViewAccount",
499
- "aws-portal:ModifyAccount",
500
- "budgets:ViewBudget",
501
- "budgets:ModifyBudget",
502
- ],
503
- Resource: "*",
504
- },
505
- ],
506
- },
508
+ inlinePolicy: mergedPolicy,
507
509
  });
508
510
  Tags.of(permissionSet).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);
509
511
  this.permissionSets[PermissionSetType.ADMINISTRATOR] = permissionSet;
@@ -513,31 +515,34 @@ class JaypieSsoGroups extends Construct {
513
515
  * and limited write access
514
516
  */
515
517
  createAnalystPermissionSet() {
518
+ const defaultInlinePolicy = {
519
+ Version: "2012-10-17",
520
+ Statement: [
521
+ {
522
+ Effect: "Allow",
523
+ Action: [
524
+ "aws-portal:ViewBilling",
525
+ "aws-portal:ViewAccount",
526
+ "budgets:ViewBudget",
527
+ "cloudwatch:PutDashboard",
528
+ "cloudwatch:PutMetricData",
529
+ "s3:PutObject",
530
+ "s3:GetObject",
531
+ "s3:ListBucket",
532
+ ],
533
+ Resource: "*",
534
+ },
535
+ ],
536
+ };
537
+ // Merge with any additional policy statements provided for analysts
538
+ const mergedPolicy = this.mergeInlinePolicies(defaultInlinePolicy, this.props?.inlinePolicyStatements?.analysts);
516
539
  const permissionSet = new sso.CfnPermissionSet(this, "AnalystPermissionSet", {
517
540
  instanceArn: this.instanceArn,
518
541
  name: PermissionSetType.ANALYST,
519
542
  description: "Read-only access with billing visibility and limited write access",
520
543
  sessionDuration: Duration.hours(4).toIsoString(),
521
544
  managedPolicies: ["arn:aws:iam::aws:policy/ReadOnlyAccess"],
522
- inlinePolicy: {
523
- Version: "2012-10-17",
524
- Statement: [
525
- {
526
- Effect: "Allow",
527
- Action: [
528
- "aws-portal:ViewBilling",
529
- "aws-portal:ViewAccount",
530
- "budgets:ViewBudget",
531
- "cloudwatch:PutDashboard",
532
- "cloudwatch:PutMetricData",
533
- "s3:PutObject",
534
- "s3:GetObject",
535
- "s3:ListBucket",
536
- ],
537
- Resource: "*",
538
- },
539
- ],
540
- },
545
+ inlinePolicy: mergedPolicy,
541
546
  });
542
547
  Tags.of(permissionSet).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);
543
548
  this.permissionSets[PermissionSetType.ANALYST] = permissionSet;
@@ -547,6 +552,42 @@ class JaypieSsoGroups extends Construct {
547
552
  * and expanded write access
548
553
  */
549
554
  createDeveloperPermissionSet() {
555
+ const defaultInlinePolicy = {
556
+ Version: "2012-10-17",
557
+ Statement: [
558
+ {
559
+ Effect: "Allow",
560
+ Action: [
561
+ "cloudwatch:*",
562
+ "logs:*",
563
+ "lambda:*",
564
+ "apigateway:*",
565
+ "dynamodb:*",
566
+ "s3:*",
567
+ "sns:*",
568
+ "sqs:*",
569
+ "events:*",
570
+ "ecr:*",
571
+ "ecs:*",
572
+ "codebuild:*",
573
+ ],
574
+ Resource: "*",
575
+ },
576
+ {
577
+ Effect: "Deny",
578
+ Action: [
579
+ "iam:*User*",
580
+ "iam:*Role*",
581
+ "iam:*Policy*",
582
+ "organizations:*",
583
+ "account:*",
584
+ ],
585
+ Resource: "*",
586
+ },
587
+ ],
588
+ };
589
+ // Merge with any additional policy statements provided for developers
590
+ const mergedPolicy = this.mergeInlinePolicies(defaultInlinePolicy, this.props?.inlinePolicyStatements?.developers);
550
591
  const permissionSet = new sso.CfnPermissionSet(this, "DeveloperPermissionSet", {
551
592
  instanceArn: this.instanceArn,
552
593
  name: PermissionSetType.DEVELOPER,
@@ -555,40 +596,7 @@ class JaypieSsoGroups extends Construct {
555
596
  managedPolicies: [
556
597
  "arn:aws:iam::aws:policy/job-function/SystemAdministrator",
557
598
  ],
558
- inlinePolicy: {
559
- Version: "2012-10-17",
560
- Statement: [
561
- {
562
- Effect: "Allow",
563
- Action: [
564
- "cloudwatch:*",
565
- "logs:*",
566
- "lambda:*",
567
- "apigateway:*",
568
- "dynamodb:*",
569
- "s3:*",
570
- "sns:*",
571
- "sqs:*",
572
- "events:*",
573
- "ecr:*",
574
- "ecs:*",
575
- "codebuild:*",
576
- ],
577
- Resource: "*",
578
- },
579
- {
580
- Effect: "Deny",
581
- Action: [
582
- "iam:*User*",
583
- "iam:*Role*",
584
- "iam:*Policy*",
585
- "organizations:*",
586
- "account:*",
587
- ],
588
- Resource: "*",
589
- },
590
- ],
591
- },
599
+ inlinePolicy: mergedPolicy,
592
600
  });
593
601
  Tags.of(permissionSet).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);
594
602
  this.permissionSets[PermissionSetType.DEVELOPER] = permissionSet;
@@ -599,6 +607,26 @@ class JaypieSsoGroups extends Construct {
599
607
  getPermissionSet(type) {
600
608
  return this.permissionSets[type];
601
609
  }
610
+ /**
611
+ * Merges default inline policies with additional user-provided policy statements
612
+ *
613
+ * @param defaultPolicy - The default policy object with Version and Statement properties
614
+ * @param additionalStatements - Optional additional policy statements to merge
615
+ * @returns The merged policy object
616
+ */
617
+ mergeInlinePolicies(defaultPolicy, additionalStatements) {
618
+ if (!additionalStatements || additionalStatements.length === 0) {
619
+ return defaultPolicy;
620
+ }
621
+ // Create a deep copy of the default policy to avoid modifying the original
622
+ const mergedPolicy = JSON.parse(JSON.stringify(defaultPolicy));
623
+ // Add the additional statements to the existing statements
624
+ mergedPolicy.Statement = [
625
+ ...mergedPolicy.Statement,
626
+ ...additionalStatements,
627
+ ];
628
+ return mergedPolicy;
629
+ }
602
630
  /**
603
631
  * Creates assignments between permission sets, groups, and accounts
604
632
  * based on the provided configuration
package/dist/esm/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sources":["../../../src/JaypieEnvSecret.ts","../../../src/JaypieHostedZone.ts","../../../src/JaypieMongoDbSecret.ts","../../../src/JaypieOpenAiSecret.ts","../../../src/JaypieQueuedLambda.ts","../../../src/JaypieSsoGroups.ts","../../../src/JaypieTraceSigningKeySecret.ts"],"sourcesContent":["import { Construct } from \"constructs\";\nimport {\n CfnOutput,\n Fn,\n SecretValue,\n Tags,\n RemovalPolicy,\n Stack,\n} from \"aws-cdk-lib\";\nimport * as secretsmanager from \"aws-cdk-lib/aws-secretsmanager\";\nimport { CDK } from \"@jaypie/cdk\";\nimport {\n ISecret,\n ISecretAttachmentTarget,\n RotationSchedule,\n RotationScheduleOptions,\n} from \"aws-cdk-lib/aws-secretsmanager\";\nimport { IKey } from \"aws-cdk-lib/aws-kms\";\nimport {\n Grant,\n IGrantable,\n PolicyStatement,\n AddToResourcePolicyResult,\n} from \"aws-cdk-lib/aws-iam\";\n\n// It is a consumer if the environment is ephemeral\nfunction checkEnvIsConsumer(env = process.env): boolean {\n return (\n env.PROJECT_ENV === CDK.ENV.PERSONAL ||\n !!env.CDK_ENV_PERSONAL ||\n /** @deprecated */ env.PROJECT_ENV === \"ephemeral\" ||\n /** @deprecated */ !!env.CDK_ENV_EPHEMERAL\n );\n}\n\nfunction checkEnvIsProvider(env = process.env): boolean {\n return env.PROJECT_ENV === CDK.ENV.SANDBOX;\n}\n\nfunction cleanName(name: string): string {\n return name.replace(/[^a-zA-Z0-9:-]/g, \"\");\n}\n\nfunction exportEnvName(name: string, env = process.env): string {\n let rawName;\n if (checkEnvIsProvider(env)) {\n rawName = `env-${env.PROJECT_ENV}-${env.PROJECT_KEY}-${name}`;\n // Clean the entire name to only allow alphanumeric, colons, and hyphens\n return cleanName(rawName);\n } else {\n if (checkEnvIsConsumer(env)) {\n rawName = `env-${CDK.ENV.SANDBOX}-${env.PROJECT_KEY}-${name}`;\n } else {\n rawName = `env-${env.PROJECT_ENV}-${env.PROJECT_KEY}-${name}`;\n }\n }\n return cleanName(rawName);\n}\n\nexport interface JaypieEnvSecretProps {\n consumer?: boolean;\n envKey?: string;\n export?: string;\n provider?: boolean;\n roleTag?: string;\n vendorTag?: string;\n value?: string;\n}\n\nexport class JaypieEnvSecret extends Construct implements ISecret {\n private readonly _envKey?: string;\n private readonly _secret: secretsmanager.ISecret;\n\n constructor(scope: Construct, id: string, props?: JaypieEnvSecretProps) {\n super(scope, id);\n\n const {\n consumer = checkEnvIsConsumer(),\n envKey,\n export: exportParam,\n provider = checkEnvIsProvider(),\n roleTag,\n vendorTag,\n value,\n } = props || {};\n\n this._envKey = envKey;\n\n let exportName;\n\n if (!exportParam) {\n exportName = exportEnvName(id);\n } else {\n exportName = cleanName(exportParam);\n }\n\n if (consumer) {\n const secretName = Fn.importValue(exportName);\n this._secret = secretsmanager.Secret.fromSecretNameV2(\n this,\n id,\n secretName,\n );\n\n // Add CfnOutput for consumer secrets\n new CfnOutput(this, `ConsumedName`, {\n value: this._secret.secretName,\n });\n } else {\n const secretValue =\n envKey && process.env[envKey] ? process.env[envKey] : value;\n\n const secretProps: secretsmanager.SecretProps = {\n secretStringValue: secretValue\n ? SecretValue.unsafePlainText(secretValue)\n : undefined,\n };\n\n this._secret = new secretsmanager.Secret(this, id, secretProps);\n\n if (roleTag) {\n Tags.of(this._secret).add(CDK.TAG.ROLE, roleTag);\n }\n\n if (vendorTag) {\n Tags.of(this._secret).add(CDK.TAG.VENDOR, vendorTag);\n }\n\n if (provider) {\n new CfnOutput(this, `ProvidedName`, {\n value: this._secret.secretName,\n exportName,\n });\n } else {\n new CfnOutput(this, `CreatedName`, {\n value: this._secret.secretName,\n });\n }\n }\n }\n\n // IResource implementation\n public get stack(): Stack {\n return Stack.of(this);\n }\n\n public get env(): { account: string; region: string } {\n return {\n account: Stack.of(this).account,\n region: Stack.of(this).region,\n };\n }\n\n public applyRemovalPolicy(policy: RemovalPolicy): void {\n this._secret.applyRemovalPolicy(policy);\n }\n\n // ISecret implementation\n public get secretArn(): string {\n return this._secret.secretArn;\n }\n\n public get secretName(): string {\n return this._secret.secretName;\n }\n\n public get secretFullArn(): string | undefined {\n return this._secret.secretFullArn;\n }\n\n public get encryptionKey(): IKey | undefined {\n return this._secret.encryptionKey;\n }\n\n public get secretValue(): SecretValue {\n return this._secret.secretValue;\n }\n\n public secretValueFromJson(key: string): SecretValue {\n return this._secret.secretValueFromJson(key);\n }\n\n public grantRead(grantee: IGrantable, versionStages?: string[]): Grant {\n return this._secret.grantRead(grantee, versionStages);\n }\n\n public grantWrite(grantee: IGrantable): Grant {\n return this._secret.grantWrite(grantee);\n }\n\n public addRotationSchedule(\n id: string,\n options: RotationScheduleOptions,\n ): RotationSchedule {\n return this._secret.addRotationSchedule(id, options);\n }\n\n public addToResourcePolicy(\n statement: PolicyStatement,\n ): AddToResourcePolicyResult {\n return this._secret.addToResourcePolicy(statement);\n }\n\n public denyAccountRootDelete(): void {\n this._secret.denyAccountRootDelete();\n }\n\n public attach(target: ISecretAttachmentTarget): ISecret {\n return this._secret.attach(target);\n }\n\n public get envKey(): string | undefined {\n return this._envKey;\n }\n}\n","import { CDK } from \"@jaypie/cdk\";\nimport * as cdk from \"aws-cdk-lib\";\nimport { ServicePrincipal } from \"aws-cdk-lib/aws-iam\";\nimport {\n LogGroup,\n FilterPattern,\n RetentionDays,\n ILogGroup,\n} from \"aws-cdk-lib/aws-logs\";\nimport { HostedZone, IHostedZone } from \"aws-cdk-lib/aws-route53\";\nimport { Construct } from \"constructs\";\nimport { LambdaDestination } from \"aws-cdk-lib/aws-logs-destinations\";\n\nconst SERVICE = {\n ROUTE53: \"route53.amazonaws.com\",\n} as const;\n\ninterface JaypieHostedZoneProps {\n /**\n * The domain name for the hosted zone\n */\n zoneName: string;\n /**\n * The service tag value\n * @default CDK.SERVICE.INFRASTRUCTURE\n */\n service?: string;\n /**\n * Optional project tag value\n */\n project?: string;\n /**\n * Optional log destination\n */\n destination?: LambdaDestination;\n}\n\nexport class JaypieHostedZone extends Construct {\n public readonly hostedZone: IHostedZone;\n public readonly logGroup: ILogGroup;\n\n /**\n * Create a new hosted zone with query logging\n */\n constructor(scope: Construct, id: string, props: JaypieHostedZoneProps) {\n super(scope, id);\n\n const { destination, zoneName, project } = props;\n const service = props.service || CDK.SERVICE.INFRASTRUCTURE;\n\n // Create the log group\n this.logGroup = new LogGroup(this, \"LogGroup\", {\n logGroupName: process.env.PROJECT_NONCE\n ? `/aws/route53/${zoneName}-${process.env.PROJECT_NONCE}`\n : `/aws/route53/${zoneName}`,\n retention: RetentionDays.ONE_WEEK,\n });\n\n // Add tags\n cdk.Tags.of(this.logGroup).add(CDK.TAG.SERVICE, service);\n cdk.Tags.of(this.logGroup).add(CDK.TAG.ROLE, CDK.ROLE.NETWORKING);\n if (project) {\n cdk.Tags.of(this.logGroup).add(CDK.TAG.PROJECT, project);\n }\n\n // Grant Route 53 permissions to write to the log group\n this.logGroup.grantWrite(new ServicePrincipal(SERVICE.ROUTE53));\n\n // Add destination if provided\n if (destination) {\n this.logGroup.addSubscriptionFilter(\"DatadogLambdaDestination\", {\n destination,\n filterPattern: FilterPattern.allEvents(),\n });\n }\n\n // Create the hosted zone\n this.hostedZone = new HostedZone(this, \"HostedZone\", {\n queryLogsLogGroupArn: this.logGroup.logGroupArn,\n zoneName,\n });\n\n // Add tags\n cdk.Tags.of(this.hostedZone).add(CDK.TAG.SERVICE, service);\n cdk.Tags.of(this.hostedZone).add(CDK.TAG.ROLE, CDK.ROLE.NETWORKING);\n if (project) {\n cdk.Tags.of(this.hostedZone).add(CDK.TAG.PROJECT, project);\n }\n }\n}\n","import { Construct } from \"constructs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport { JaypieEnvSecret, JaypieEnvSecretProps } from \"./JaypieEnvSecret\";\n\nexport class JaypieMongoDbSecret extends JaypieEnvSecret {\n constructor(\n scope: Construct,\n id = \"MongoConnectionString\",\n props?: JaypieEnvSecretProps,\n ) {\n const defaultProps: JaypieEnvSecretProps = {\n envKey: \"MONGODB_URI\",\n roleTag: CDK.ROLE.STORAGE,\n vendorTag: CDK.VENDOR.MONGODB,\n ...props,\n };\n\n super(scope, id, defaultProps);\n }\n}\n","import { Construct } from \"constructs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport { JaypieEnvSecret, JaypieEnvSecretProps } from \"./JaypieEnvSecret\";\n\nexport class JaypieOpenAiSecret extends JaypieEnvSecret {\n constructor(\n scope: Construct,\n id = \"OpenAiApiKey\",\n props?: JaypieEnvSecretProps,\n ) {\n const defaultProps: JaypieEnvSecretProps = {\n envKey: \"OPENAI_API_KEY\",\n roleTag: CDK.ROLE.PROCESSING,\n vendorTag: CDK.VENDOR.OPENAI,\n ...props,\n };\n\n super(scope, id, defaultProps);\n }\n}\n","import { Construct } from \"constructs\";\nimport { Duration, Tags, Stack, RemovalPolicy } from \"aws-cdk-lib\";\nimport * as lambda from \"aws-cdk-lib/aws-lambda\";\nimport * as sqs from \"aws-cdk-lib/aws-sqs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport * as lambdaEventSources from \"aws-cdk-lib/aws-lambda-event-sources\";\nimport * as iam from \"aws-cdk-lib/aws-iam\";\nimport * as cloudwatch from \"aws-cdk-lib/aws-cloudwatch\";\nimport * as kms from \"aws-cdk-lib/aws-kms\";\nimport * as secretsmanager from \"aws-cdk-lib/aws-secretsmanager\";\nimport { JaypieEnvSecret } from \"./JaypieEnvSecret.js\";\n\nexport interface JaypieQueuedLambdaProps {\n batchSize?: number;\n code: lambda.Code | string;\n environment?: { [key: string]: string };\n envSecrets?: { [key: string]: secretsmanager.ISecret };\n fifo?: boolean;\n handler: string;\n layers?: lambda.ILayerVersion[];\n logRetention?: number;\n memorySize?: number;\n paramsAndSecrets?: lambda.ParamsAndSecretsLayerVersion;\n reservedConcurrentExecutions?: number;\n roleTag?: string;\n runtime?: lambda.Runtime;\n secrets?: JaypieEnvSecret[];\n timeout?: Duration | number;\n vendorTag?: string;\n visibilityTimeout?: Duration | number;\n}\n\nexport class JaypieQueuedLambda\n extends Construct\n implements lambda.IFunction, sqs.IQueue\n{\n private readonly _queue: sqs.Queue;\n private readonly _lambda: lambda.Function;\n private readonly _code: lambda.Code;\n\n constructor(scope: Construct, id: string, props: JaypieQueuedLambdaProps) {\n super(scope, id);\n\n const {\n batchSize = 1,\n code,\n environment = {},\n envSecrets = {},\n fifo = true,\n handler = \"index.handler\",\n layers = [],\n logRetention = CDK.LAMBDA.LOG_RETENTION,\n memorySize = CDK.LAMBDA.MEMORY_SIZE,\n paramsAndSecrets,\n reservedConcurrentExecutions,\n roleTag,\n runtime = lambda.Runtime.NODEJS_20_X,\n secrets = [],\n timeout = Duration.seconds(CDK.DURATION.LAMBDA_WORKER),\n vendorTag,\n visibilityTimeout = Duration.seconds(CDK.DURATION.LAMBDA_WORKER),\n } = props;\n\n this._code = typeof code === \"string\" ? lambda.Code.fromAsset(code) : code;\n\n // Create SQS Queue\n this._queue = new sqs.Queue(this, \"Queue\", {\n fifo,\n visibilityTimeout:\n typeof visibilityTimeout === \"number\"\n ? Duration.seconds(visibilityTimeout)\n : visibilityTimeout,\n });\n if (roleTag) {\n Tags.of(this._queue).add(CDK.TAG.ROLE, roleTag);\n }\n if (vendorTag) {\n Tags.of(this._queue).add(CDK.TAG.VENDOR, vendorTag);\n }\n\n // Process secrets environment variables\n const secretsEnvironment = Object.entries(envSecrets).reduce(\n (acc, [key, secret]) => ({\n ...acc,\n [`SECRET_${key}`]: secret.secretName,\n }),\n {},\n );\n\n // Process JaypieEnvSecret array\n const jaypieSecretsEnvironment = secrets.reduce((acc, secret) => {\n if (secret.envKey) {\n return {\n ...acc,\n [`SECRET_${secret.envKey}`]: secret.secretName,\n };\n }\n return acc;\n }, {});\n\n // Create Lambda Function\n this._lambda = new lambda.Function(this, \"Function\", {\n code: this._code,\n environment: {\n CDK_ENV_QUEUE_URL: this._queue.queueUrl,\n ...environment,\n ...secretsEnvironment,\n ...jaypieSecretsEnvironment,\n },\n handler,\n layers,\n logRetention,\n memorySize,\n paramsAndSecrets,\n reservedConcurrentExecutions,\n runtime,\n timeout:\n typeof timeout === \"number\" ? Duration.seconds(timeout) : timeout,\n });\n\n // Grant secret read permissions\n Object.values(envSecrets).forEach((secret) => {\n secret.grantRead(this._lambda);\n });\n\n // Grant read permissions for JaypieEnvSecrets\n secrets.forEach((secret) => {\n secret.grantRead(this);\n secret.grantRead(this._lambda);\n });\n\n this._queue.grantConsumeMessages(this._lambda);\n this._queue.grantSendMessages(this._lambda);\n this._lambda.addEventSource(\n new lambdaEventSources.SqsEventSource(this._queue, {\n batchSize,\n }),\n );\n if (roleTag) {\n Tags.of(this._lambda).add(CDK.TAG.ROLE, roleTag);\n }\n if (vendorTag) {\n Tags.of(this._lambda).add(CDK.TAG.VENDOR, vendorTag);\n }\n }\n\n // Public accessors\n public get queue(): sqs.Queue {\n return this._queue;\n }\n\n public get lambda(): lambda.Function {\n return this._lambda;\n }\n\n public get code(): lambda.Code {\n return this._code;\n }\n\n // IFunction implementation\n public get functionArn(): string {\n return this._lambda.functionArn;\n }\n\n public get functionName(): string {\n return this._lambda.functionName;\n }\n\n public get grantPrincipal(): import(\"aws-cdk-lib/aws-iam\").IPrincipal {\n return this._lambda.grantPrincipal;\n }\n\n public get role(): import(\"aws-cdk-lib/aws-iam\").IRole | undefined {\n return this._lambda.role;\n }\n\n public get architecture(): lambda.Architecture {\n return this._lambda.architecture;\n }\n\n public get connections(): import(\"aws-cdk-lib/aws-ec2\").Connections {\n return this._lambda.connections;\n }\n\n public get isBoundToVpc(): boolean {\n return this._lambda.isBoundToVpc;\n }\n\n public get latestVersion(): lambda.IVersion {\n return this._lambda.latestVersion;\n }\n\n public get permissionsNode(): import(\"constructs\").Node {\n return this._lambda.permissionsNode;\n }\n\n public get resourceArnsForGrantInvoke(): string[] {\n return this._lambda.resourceArnsForGrantInvoke;\n }\n\n public addEventSource(source: lambda.IEventSource): void {\n this._lambda.addEventSource(source);\n }\n\n public addEventSourceMapping(\n id: string,\n options: lambda.EventSourceMappingOptions,\n ): lambda.EventSourceMapping {\n return this._lambda.addEventSourceMapping(id, options);\n }\n\n public addFunctionUrl(\n options?: lambda.FunctionUrlOptions,\n ): lambda.FunctionUrl {\n return this._lambda.addFunctionUrl(options);\n }\n\n public addPermission(id: string, permission: lambda.Permission): void {\n this._lambda.addPermission(id, permission);\n }\n\n public addToRolePolicy(\n statement: import(\"aws-cdk-lib/aws-iam\").PolicyStatement,\n ): void {\n this._lambda.addToRolePolicy(statement);\n }\n\n public configureAsyncInvoke(options: lambda.EventInvokeConfigOptions): void {\n this._lambda.configureAsyncInvoke(options);\n }\n\n public grantInvoke(\n grantee: import(\"aws-cdk-lib/aws-iam\").IGrantable,\n ): import(\"aws-cdk-lib/aws-iam\").Grant {\n return this._lambda.grantInvoke(grantee);\n }\n\n public grantInvokeCompositePrincipal(\n compositePrincipal: import(\"aws-cdk-lib/aws-iam\").CompositePrincipal,\n ): import(\"aws-cdk-lib/aws-iam\").Grant[] {\n return this._lambda.grantInvokeCompositePrincipal(compositePrincipal);\n }\n\n public grantInvokeUrl(\n grantee: import(\"aws-cdk-lib/aws-iam\").IGrantable,\n ): import(\"aws-cdk-lib/aws-iam\").Grant {\n return this._lambda.grantInvokeUrl(grantee);\n }\n\n public metric(\n metricName: string,\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metric(metricName, props);\n }\n\n public metricDuration(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricDuration(props);\n }\n\n public metricErrors(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricErrors(props);\n }\n\n public metricInvocations(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricInvocations(props);\n }\n\n public metricThrottles(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricThrottles(props);\n }\n\n // Additional IFunction implementation\n public grantInvokeLatestVersion(grantee: iam.IGrantable): iam.Grant {\n return this._lambda.grantInvokeLatestVersion(grantee);\n }\n\n public grantInvokeVersion(\n grantee: iam.IGrantable,\n version: lambda.Version,\n ): iam.Grant {\n return this._lambda.grantInvokeVersion(grantee, version);\n }\n\n public get env() {\n return {\n account: Stack.of(this).account,\n region: Stack.of(this).region,\n };\n }\n\n public get stack(): Stack {\n return this._lambda.stack;\n }\n\n public applyRemovalPolicy(policy: RemovalPolicy): void {\n this._lambda.applyRemovalPolicy(policy);\n this._queue.applyRemovalPolicy(policy);\n }\n\n // IQueue implementation\n public get fifo(): boolean {\n return this._queue.fifo;\n }\n\n public get queueArn(): string {\n return this._queue.queueArn;\n }\n\n public get queueName(): string {\n return this._queue.queueName;\n }\n\n public get queueUrl(): string {\n return this._queue.queueUrl;\n }\n\n public get encryptionMasterKey(): kms.IKey | undefined {\n return this._queue.encryptionMasterKey;\n }\n\n public addToResourcePolicy(\n statement: iam.PolicyStatement,\n ): iam.AddToResourcePolicyResult {\n return this._queue.addToResourcePolicy(statement);\n }\n\n public grant(grantee: iam.IGrantable, ...actions: string[]): iam.Grant {\n return this._queue.grant(grantee, ...actions);\n }\n\n public grantConsumeMessages(grantee: iam.IGrantable): iam.Grant {\n return this._queue.grantConsumeMessages(grantee);\n }\n\n public grantPurge(grantee: iam.IGrantable): iam.Grant {\n return this._queue.grantPurge(grantee);\n }\n\n public grantSendMessages(grantee: iam.IGrantable): iam.Grant {\n return this._queue.grantSendMessages(grantee);\n }\n\n // Queue metrics\n public metricApproximateAgeOfOldestMessage(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateAgeOfOldestMessage(props);\n }\n\n public metricApproximateNumberOfMessagesDelayed(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateNumberOfMessagesDelayed(props);\n }\n\n public metricApproximateNumberOfMessagesNotVisible(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateNumberOfMessagesNotVisible(props);\n }\n\n public metricApproximateNumberOfMessagesVisible(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateNumberOfMessagesVisible(props);\n }\n\n public metricNumberOfEmptyReceives(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfEmptyReceives(props);\n }\n\n public metricNumberOfMessagesDeleted(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfMessagesDeleted(props);\n }\n\n public metricNumberOfMessagesReceived(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfMessagesReceived(props);\n }\n\n public metricNumberOfMessagesSent(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfMessagesSent(props);\n }\n\n public metricSentMessageSize(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricSentMessageSize(props);\n }\n}\n","import { Construct } from \"constructs\";\nimport { Tags, Duration } from \"aws-cdk-lib\";\nimport * as sso from \"aws-cdk-lib/aws-sso\";\nimport { CDK } from \"@jaypie/cdk\";\n\n/**\n * Account categories for SSO group assignments\n */\nexport interface JaypieSsoAccountMap {\n development: string[];\n management: string[];\n operations: string[];\n production: string[];\n sandbox: string[];\n security: string[];\n stage: string[];\n}\n\n/**\n * Mapping of group types to Google Workspace group GUIDs\n */\nexport interface JaypieSsoGroupMap {\n administrators: string;\n analysts: string;\n developers: string;\n}\n\n/**\n * Properties for the JaypieSsoGroups construct\n */\nexport interface JaypieSsoGroupsProps {\n /**\n * ARN of the IAM Identity Center instance\n */\n instanceArn: string;\n\n /**\n * Mapping of account categories to AWS account IDs\n */\n accountMap: JaypieSsoAccountMap;\n\n /**\n * Mapping of group types to Google Workspace group GUIDs\n */\n groupMap: JaypieSsoGroupMap;\n}\n\n/**\n * Permission set types with corresponding AWS managed policies\n */\nexport enum PermissionSetType {\n ADMINISTRATOR = \"Administrator\",\n ANALYST = \"Analyst\",\n DEVELOPER = \"Developer\",\n}\n\n/**\n * Construct to simplify AWS SSO group management.\n * This construct encapsulates the complexity of creating permission sets\n * and assigning them to groups across multiple AWS accounts.\n */\nexport class JaypieSsoGroups extends Construct {\n private readonly permissionSets: Record<\n PermissionSetType,\n sso.CfnPermissionSet\n > = {} as Record<PermissionSetType, sso.CfnPermissionSet>;\n private readonly instanceArn: string;\n\n constructor(scope: Construct, id: string, props: JaypieSsoGroupsProps) {\n super(scope, id);\n\n this.instanceArn = props.instanceArn;\n\n // Create the permission sets\n this.createAdministratorPermissionSet();\n this.createAnalystPermissionSet();\n this.createDeveloperPermissionSet();\n\n // Create the assignments\n this.createPermissionSetAssignments(props);\n }\n\n /**\n * Creates the Administrator permission set with AdministratorAccess policy\n * and billing access\n */\n private createAdministratorPermissionSet(): void {\n const permissionSet = new sso.CfnPermissionSet(\n this,\n \"AdministratorPermissionSet\",\n {\n instanceArn: this.instanceArn,\n name: PermissionSetType.ADMINISTRATOR,\n description:\n \"Full administrative access to all AWS services and resources\",\n sessionDuration: Duration.hours(8).toIsoString(),\n managedPolicies: [\"arn:aws:iam::aws:policy/AdministratorAccess\"],\n inlinePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Effect: \"Allow\",\n Action: [\n \"aws-portal:ViewBilling\",\n \"aws-portal:ModifyBilling\",\n \"aws-portal:ViewAccount\",\n \"aws-portal:ModifyAccount\",\n \"budgets:ViewBudget\",\n \"budgets:ModifyBudget\",\n ],\n Resource: \"*\",\n },\n ],\n },\n },\n );\n\n Tags.of(permissionSet).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n\n this.permissionSets[PermissionSetType.ADMINISTRATOR] = permissionSet;\n }\n\n /**\n * Creates the Analyst permission set with ReadOnlyAccess policy\n * and limited write access\n */\n private createAnalystPermissionSet(): void {\n const permissionSet = new sso.CfnPermissionSet(\n this,\n \"AnalystPermissionSet\",\n {\n instanceArn: this.instanceArn,\n name: PermissionSetType.ANALYST,\n description:\n \"Read-only access with billing visibility and limited write access\",\n sessionDuration: Duration.hours(4).toIsoString(),\n managedPolicies: [\"arn:aws:iam::aws:policy/ReadOnlyAccess\"],\n inlinePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Effect: \"Allow\",\n Action: [\n \"aws-portal:ViewBilling\",\n \"aws-portal:ViewAccount\",\n \"budgets:ViewBudget\",\n \"cloudwatch:PutDashboard\",\n \"cloudwatch:PutMetricData\",\n \"s3:PutObject\",\n \"s3:GetObject\",\n \"s3:ListBucket\",\n ],\n Resource: \"*\",\n },\n ],\n },\n },\n );\n\n Tags.of(permissionSet).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n\n this.permissionSets[PermissionSetType.ANALYST] = permissionSet;\n }\n\n /**\n * Creates the Developer permission set with SystemAdministrator policy\n * and expanded write access\n */\n private createDeveloperPermissionSet(): void {\n const permissionSet = new sso.CfnPermissionSet(\n this,\n \"DeveloperPermissionSet\",\n {\n instanceArn: this.instanceArn,\n name: PermissionSetType.DEVELOPER,\n description:\n \"System administrator access with expanded write permissions\",\n sessionDuration: Duration.hours(8).toIsoString(),\n managedPolicies: [\n \"arn:aws:iam::aws:policy/job-function/SystemAdministrator\",\n ],\n inlinePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Effect: \"Allow\",\n Action: [\n \"cloudwatch:*\",\n \"logs:*\",\n \"lambda:*\",\n \"apigateway:*\",\n \"dynamodb:*\",\n \"s3:*\",\n \"sns:*\",\n \"sqs:*\",\n \"events:*\",\n \"ecr:*\",\n \"ecs:*\",\n \"codebuild:*\",\n ],\n Resource: \"*\",\n },\n {\n Effect: \"Deny\",\n Action: [\n \"iam:*User*\",\n \"iam:*Role*\",\n \"iam:*Policy*\",\n \"organizations:*\",\n \"account:*\",\n ],\n Resource: \"*\",\n },\n ],\n },\n },\n );\n\n Tags.of(permissionSet).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n\n this.permissionSets[PermissionSetType.DEVELOPER] = permissionSet;\n }\n\n /**\n * Gets the permission set for the specified type\n */\n public getPermissionSet(type: PermissionSetType): sso.CfnPermissionSet {\n return this.permissionSets[type];\n }\n\n /**\n * Creates assignments between permission sets, groups, and accounts\n * based on the provided configuration\n */\n private createPermissionSetAssignments(props: JaypieSsoGroupsProps): void {\n // Administrator assignments\n this.assignAdministratorPermissions(props);\n\n // Analyst assignments\n this.assignAnalystPermissions(props);\n\n // Developer assignments\n this.assignDeveloperPermissions(props);\n }\n\n /**\n * Assigns Administrator permissions to appropriate accounts\n */\n private assignAdministratorPermissions(props: JaypieSsoGroupsProps): void {\n const administratorGroup = props.groupMap.administrators;\n const administratorPermissionSet =\n this.permissionSets[PermissionSetType.ADMINISTRATOR];\n\n // Administrators get access to all accounts\n const allAccounts = [\n ...props.accountMap.development,\n ...props.accountMap.management,\n ...props.accountMap.operations,\n ...props.accountMap.production,\n ...props.accountMap.sandbox,\n ...props.accountMap.security,\n ...props.accountMap.stage,\n ];\n\n // Create assignments for each account\n allAccounts.forEach((accountId, index) => {\n const assignment = new sso.CfnAssignment(\n this,\n `AdministratorAssignment${index}`,\n {\n instanceArn: this.instanceArn,\n permissionSetArn: administratorPermissionSet.attrPermissionSetArn,\n principalId: administratorGroup,\n principalType: \"GROUP\",\n targetId: accountId,\n targetType: \"AWS_ACCOUNT\",\n },\n );\n\n Tags.of(assignment).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n Tags.of(assignment).add(\"Group\", \"administrators\");\n });\n }\n\n /**\n * Assigns Analyst permissions to appropriate accounts\n */\n private assignAnalystPermissions(props: JaypieSsoGroupsProps): void {\n const analystGroup = props.groupMap.analysts;\n const analystPermissionSet = this.permissionSets[PermissionSetType.ANALYST];\n\n // Analysts get access to development, management, sandbox, and stage accounts\n const analystAccounts = [\n ...props.accountMap.development,\n ...props.accountMap.management,\n ...props.accountMap.sandbox,\n ...props.accountMap.stage,\n ];\n\n // Create assignments for each account\n analystAccounts.forEach((accountId, index) => {\n const assignment = new sso.CfnAssignment(\n this,\n `AnalystAssignment${index}`,\n {\n instanceArn: this.instanceArn,\n permissionSetArn: analystPermissionSet.attrPermissionSetArn,\n principalId: analystGroup,\n principalType: \"GROUP\",\n targetId: accountId,\n targetType: \"AWS_ACCOUNT\",\n },\n );\n\n Tags.of(assignment).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n Tags.of(assignment).add(\"Group\", \"analysts\");\n });\n }\n\n /**\n * Assigns Developer permissions to appropriate accounts\n */\n private assignDeveloperPermissions(props: JaypieSsoGroupsProps): void {\n const developerGroup = props.groupMap.developers;\n const developerPermissionSet =\n this.permissionSets[PermissionSetType.DEVELOPER];\n\n // Developers get access to development, sandbox, and stage accounts\n const developerAccounts = [\n ...props.accountMap.development,\n ...props.accountMap.sandbox,\n ...props.accountMap.stage,\n ];\n\n // Create assignments for each account\n developerAccounts.forEach((accountId, index) => {\n const assignment = new sso.CfnAssignment(\n this,\n `DeveloperAssignment${index}`,\n {\n instanceArn: this.instanceArn,\n permissionSetArn: developerPermissionSet.attrPermissionSetArn,\n principalId: developerGroup,\n principalType: \"GROUP\",\n targetId: accountId,\n targetType: \"AWS_ACCOUNT\",\n },\n );\n\n Tags.of(assignment).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n Tags.of(assignment).add(\"Group\", \"developers\");\n });\n }\n}\n","import { Construct } from \"constructs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport { JaypieEnvSecret, JaypieEnvSecretProps } from \"./JaypieEnvSecret\";\n\nexport class JaypieTraceSigningKeySecret extends JaypieEnvSecret {\n constructor(\n scope: Construct,\n id = \"TraceSigningKey\",\n props?: JaypieEnvSecretProps,\n ) {\n const defaultProps: JaypieEnvSecretProps = {\n envKey: \"TRACE_SIGNING_KEY\",\n roleTag: CDK.ROLE.API,\n vendorTag: CDK.VENDOR.KNOWTRACE,\n ...props,\n };\n\n super(scope, id, defaultProps);\n }\n}\n"],"names":[],"mappings":";;;;;;;;;;;;;AAyBA;AACA,SAAS,kBAAkB,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,EAAA;IAC3C,QACE,GAAG,CAAC,WAAW,KAAK,GAAG,CAAC,GAAG,CAAC,QAAQ;QACpC,CAAC,CAAC,GAAG,CAAC,gBAAgB;AACtB,2BAAmB,GAAG,CAAC,WAAW,KAAK,WAAW;AAClD,2BAAmB,CAAC,CAAC,GAAG,CAAC,iBAAiB;AAE9C;AAEA,SAAS,kBAAkB,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,EAAA;IAC3C,OAAO,GAAG,CAAC,WAAW,KAAK,GAAG,CAAC,GAAG,CAAC,OAAO;AAC5C;AAEA,SAAS,SAAS,CAAC,IAAY,EAAA;IAC7B,OAAO,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,EAAE,CAAC;AAC5C;AAEA,SAAS,aAAa,CAAC,IAAY,EAAE,GAAG,GAAG,OAAO,CAAC,GAAG,EAAA;AACpD,IAAA,IAAI,OAAO;AACX,IAAA,IAAI,kBAAkB,CAAC,GAAG,CAAC,EAAE;AAC3B,QAAA,OAAO,GAAG,CAAA,IAAA,EAAO,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,IAAI,CAAA,CAAE;;AAE7D,QAAA,OAAO,SAAS,CAAC,OAAO,CAAC;;SACpB;AACL,QAAA,IAAI,kBAAkB,CAAC,GAAG,CAAC,EAAE;AAC3B,YAAA,OAAO,GAAG,CAAA,IAAA,EAAO,GAAG,CAAC,GAAG,CAAC,OAAO,CAAI,CAAA,EAAA,GAAG,CAAC,WAAW,CAAI,CAAA,EAAA,IAAI,EAAE;;aACxD;AACL,YAAA,OAAO,GAAG,CAAA,IAAA,EAAO,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,IAAI,CAAA,CAAE;;;AAGjE,IAAA,OAAO,SAAS,CAAC,OAAO,CAAC;AAC3B;AAYM,MAAO,eAAgB,SAAQ,SAAS,CAAA;AAI5C,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA4B,EAAA;AACpE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;QAEhB,MAAM,EACJ,QAAQ,GAAG,kBAAkB,EAAE,EAC/B,MAAM,EACN,MAAM,EAAE,WAAW,EACnB,QAAQ,GAAG,kBAAkB,EAAE,EAC/B,OAAO,EACP,SAAS,EACT,KAAK,GACN,GAAG,KAAK,IAAI,EAAE;AAEf,QAAA,IAAI,CAAC,OAAO,GAAG,MAAM;AAErB,QAAA,IAAI,UAAU;QAEd,IAAI,CAAC,WAAW,EAAE;AAChB,YAAA,UAAU,GAAG,aAAa,CAAC,EAAE,CAAC;;aACzB;AACL,YAAA,UAAU,GAAG,SAAS,CAAC,WAAW,CAAC;;QAGrC,IAAI,QAAQ,EAAE;YACZ,MAAM,UAAU,GAAG,EAAE,CAAC,WAAW,CAAC,UAAU,CAAC;AAC7C,YAAA,IAAI,CAAC,OAAO,GAAG,cAAc,CAAC,MAAM,CAAC,gBAAgB,CACnD,IAAI,EACJ,EAAE,EACF,UAAU,CACX;;AAGD,YAAA,IAAI,SAAS,CAAC,IAAI,EAAE,cAAc,EAAE;AAClC,gBAAA,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU;AAC/B,aAAA,CAAC;;aACG;YACL,MAAM,WAAW,GACf,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,KAAK;AAE7D,YAAA,MAAM,WAAW,GAA+B;AAC9C,gBAAA,iBAAiB,EAAE;AACjB,sBAAE,WAAW,CAAC,eAAe,CAAC,WAAW;AACzC,sBAAE,SAAS;aACd;AAED,YAAA,IAAI,CAAC,OAAO,GAAG,IAAI,cAAc,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,EAAE,WAAW,CAAC;YAE/D,IAAI,OAAO,EAAE;AACX,gBAAA,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC;;YAGlD,IAAI,SAAS,EAAE;AACb,gBAAA,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC;;YAGtD,IAAI,QAAQ,EAAE;AACZ,gBAAA,IAAI,SAAS,CAAC,IAAI,EAAE,cAAc,EAAE;AAClC,oBAAA,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU;oBAC9B,UAAU;AACX,iBAAA,CAAC;;iBACG;AACL,gBAAA,IAAI,SAAS,CAAC,IAAI,EAAE,aAAa,EAAE;AACjC,oBAAA,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU;AAC/B,iBAAA,CAAC;;;;;AAMR,IAAA,IAAW,KAAK,GAAA;AACd,QAAA,OAAO,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC;;AAGvB,IAAA,IAAW,GAAG,GAAA;QACZ,OAAO;YACL,OAAO,EAAE,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,OAAO;YAC/B,MAAM,EAAE,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM;SAC9B;;AAGI,IAAA,kBAAkB,CAAC,MAAqB,EAAA;AAC7C,QAAA,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,CAAC;;;AAIzC,IAAA,IAAW,SAAS,GAAA;AAClB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS;;AAG/B,IAAA,IAAW,UAAU,GAAA;AACnB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU;;AAGhC,IAAA,IAAW,aAAa,GAAA;AACtB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,aAAa;;AAGnC,IAAA,IAAW,aAAa,GAAA;AACtB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,aAAa;;AAGnC,IAAA,IAAW,WAAW,GAAA;AACpB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW;;AAG1B,IAAA,mBAAmB,CAAC,GAAW,EAAA;QACpC,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,GAAG,CAAC;;IAGvC,SAAS,CAAC,OAAmB,EAAE,aAAwB,EAAA;QAC5D,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,OAAO,EAAE,aAAa,CAAC;;AAGhD,IAAA,UAAU,CAAC,OAAmB,EAAA;QACnC,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC;;IAGlC,mBAAmB,CACxB,EAAU,EACV,OAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,EAAE,EAAE,OAAO,CAAC;;AAG/C,IAAA,mBAAmB,CACxB,SAA0B,EAAA;QAE1B,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,SAAS,CAAC;;IAG7C,qBAAqB,GAAA;AAC1B,QAAA,IAAI,CAAC,OAAO,CAAC,qBAAqB,EAAE;;AAG/B,IAAA,MAAM,CAAC,MAA+B,EAAA;QAC3C,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC;;AAGpC,IAAA,IAAW,MAAM,GAAA;QACf,OAAO,IAAI,CAAC,OAAO;;AAEtB;;ACzMD,MAAM,OAAO,GAAG;AACd,IAAA,OAAO,EAAE,uBAAuB;CACxB;AAsBJ,MAAO,gBAAiB,SAAQ,SAAS,CAAA;AAI7C;;AAEG;AACH,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA4B,EAAA;AACpE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;QAEhB,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,OAAO,EAAE,GAAG,KAAK;QAChD,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,IAAI,GAAG,CAAC,OAAO,CAAC,cAAc;;QAG3D,IAAI,CAAC,QAAQ,GAAG,IAAI,QAAQ,CAAC,IAAI,EAAE,UAAU,EAAE;AAC7C,YAAA,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC;kBACtB,gBAAgB,QAAQ,CAAA,CAAA,EAAI,OAAO,CAAC,GAAG,CAAC,aAAa,CAAE;kBACvD,CAAgB,aAAA,EAAA,QAAQ,CAAE,CAAA;YAC9B,SAAS,EAAE,aAAa,CAAC,QAAQ;AAClC,SAAA,CAAC;;QAGF,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;QACxD,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC;QACjE,IAAI,OAAO,EAAE;YACX,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;;;AAI1D,QAAA,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,gBAAgB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;;QAG/D,IAAI,WAAW,EAAE;AACf,YAAA,IAAI,CAAC,QAAQ,CAAC,qBAAqB,CAAC,0BAA0B,EAAE;gBAC9D,WAAW;AACX,gBAAA,aAAa,EAAE,aAAa,CAAC,SAAS,EAAE;AACzC,aAAA,CAAC;;;QAIJ,IAAI,CAAC,UAAU,GAAG,IAAI,UAAU,CAAC,IAAI,EAAE,YAAY,EAAE;AACnD,YAAA,oBAAoB,EAAE,IAAI,CAAC,QAAQ,CAAC,WAAW;YAC/C,QAAQ;AACT,SAAA,CAAC;;QAGF,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;QAC1D,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC;QACnE,IAAI,OAAO,EAAE;YACX,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;;;AAG/D;;ACrFK,MAAO,mBAAoB,SAAQ,eAAe,CAAA;AACtD,IAAA,WAAA,CACE,KAAgB,EAChB,EAAE,GAAG,uBAAuB,EAC5B,KAA4B,EAAA;AAE5B,QAAA,MAAM,YAAY,GAAyB;AACzC,YAAA,MAAM,EAAE,aAAa;AACrB,YAAA,OAAO,EAAE,GAAG,CAAC,IAAI,CAAC,OAAO;AACzB,YAAA,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,OAAO;AAC7B,YAAA,GAAG,KAAK;SACT;AAED,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,YAAY,CAAC;;AAEjC;;ACfK,MAAO,kBAAmB,SAAQ,eAAe,CAAA;AACrD,IAAA,WAAA,CACE,KAAgB,EAChB,EAAE,GAAG,cAAc,EACnB,KAA4B,EAAA;AAE5B,QAAA,MAAM,YAAY,GAAyB;AACzC,YAAA,MAAM,EAAE,gBAAgB;AACxB,YAAA,OAAO,EAAE,GAAG,CAAC,IAAI,CAAC,UAAU;AAC5B,YAAA,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,MAAM;AAC5B,YAAA,GAAG,KAAK;SACT;AAED,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,YAAY,CAAC;;AAEjC;;ACaK,MAAO,kBACX,SAAQ,SAAS,CAAA;AAOjB,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA8B,EAAA;AACtE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;AAEhB,QAAA,MAAM,EACJ,SAAS,GAAG,CAAC,EACb,IAAI,EACJ,WAAW,GAAG,EAAE,EAChB,UAAU,GAAG,EAAE,EACf,IAAI,GAAG,IAAI,EACX,OAAO,GAAG,eAAe,EACzB,MAAM,GAAG,EAAE,EACX,YAAY,GAAG,GAAG,CAAC,MAAM,CAAC,aAAa,EACvC,UAAU,GAAG,GAAG,CAAC,MAAM,CAAC,WAAW,EACnC,gBAAgB,EAChB,4BAA4B,EAC5B,OAAO,EACP,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,WAAW,EACpC,OAAO,GAAG,EAAE,EACZ,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,EACtD,SAAS,EACT,iBAAiB,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,GACjE,GAAG,KAAK;QAET,IAAI,CAAC,KAAK,GAAG,OAAO,IAAI,KAAK,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,IAAI;;QAG1E,IAAI,CAAC,MAAM,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,OAAO,EAAE;YACzC,IAAI;AACJ,YAAA,iBAAiB,EACf,OAAO,iBAAiB,KAAK;AAC3B,kBAAE,QAAQ,CAAC,OAAO,CAAC,iBAAiB;AACpC,kBAAE,iBAAiB;AACxB,SAAA,CAAC;QACF,IAAI,OAAO,EAAE;AACX,YAAA,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC;;QAEjD,IAAI,SAAS,EAAE;AACb,YAAA,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC;;;QAIrD,MAAM,kBAAkB,GAAG,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,MAAM,CAC1D,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM;AACvB,YAAA,GAAG,GAAG;AACN,YAAA,CAAC,UAAU,GAAG,CAAA,CAAE,GAAG,MAAM,CAAC,UAAU;SACrC,CAAC,EACF,EAAE,CACH;;QAGD,MAAM,wBAAwB,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,MAAM,KAAI;AAC9D,YAAA,IAAI,MAAM,CAAC,MAAM,EAAE;gBACjB,OAAO;AACL,oBAAA,GAAG,GAAG;oBACN,CAAC,CAAA,OAAA,EAAU,MAAM,CAAC,MAAM,EAAE,GAAG,MAAM,CAAC,UAAU;iBAC/C;;AAEH,YAAA,OAAO,GAAG;SACX,EAAE,EAAE,CAAC;;QAGN,IAAI,CAAC,OAAO,GAAG,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,UAAU,EAAE;YACnD,IAAI,EAAE,IAAI,CAAC,KAAK;AAChB,YAAA,WAAW,EAAE;AACX,gBAAA,iBAAiB,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;AACvC,gBAAA,GAAG,WAAW;AACd,gBAAA,GAAG,kBAAkB;AACrB,gBAAA,GAAG,wBAAwB;AAC5B,aAAA;YACD,OAAO;YACP,MAAM;YACN,YAAY;YACZ,UAAU;YACV,gBAAgB;YAChB,4BAA4B;YAC5B,OAAO;AACP,YAAA,OAAO,EACL,OAAO,OAAO,KAAK,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO;AACpE,SAAA,CAAC;;QAGF,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,KAAI;AAC3C,YAAA,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC;AAChC,SAAC,CAAC;;AAGF,QAAA,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,KAAI;AACzB,YAAA,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC;AACtB,YAAA,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC;AAChC,SAAC,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC;QAC9C,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC;AAC3C,QAAA,IAAI,CAAC,OAAO,CAAC,cAAc,CACzB,IAAI,kBAAkB,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,EAAE;YACjD,SAAS;AACV,SAAA,CAAC,CACH;QACD,IAAI,OAAO,EAAE;AACX,YAAA,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC;;QAElD,IAAI,SAAS,EAAE;AACb,YAAA,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC;;;;AAKxD,IAAA,IAAW,KAAK,GAAA;QACd,OAAO,IAAI,CAAC,MAAM;;AAGpB,IAAA,IAAW,MAAM,GAAA;QACf,OAAO,IAAI,CAAC,OAAO;;AAGrB,IAAA,IAAW,IAAI,GAAA;QACb,OAAO,IAAI,CAAC,KAAK;;;AAInB,IAAA,IAAW,WAAW,GAAA;AACpB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW;;AAGjC,IAAA,IAAW,YAAY,GAAA;AACrB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY;;AAGlC,IAAA,IAAW,cAAc,GAAA;AACvB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc;;AAGpC,IAAA,IAAW,IAAI,GAAA;AACb,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI;;AAG1B,IAAA,IAAW,YAAY,GAAA;AACrB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY;;AAGlC,IAAA,IAAW,WAAW,GAAA;AACpB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW;;AAGjC,IAAA,IAAW,YAAY,GAAA;AACrB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY;;AAGlC,IAAA,IAAW,aAAa,GAAA;AACtB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,aAAa;;AAGnC,IAAA,IAAW,eAAe,GAAA;AACxB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe;;AAGrC,IAAA,IAAW,0BAA0B,GAAA;AACnC,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,0BAA0B;;AAGzC,IAAA,cAAc,CAAC,MAA2B,EAAA;AAC/C,QAAA,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,MAAM,CAAC;;IAG9B,qBAAqB,CAC1B,EAAU,EACV,OAAyC,EAAA;QAEzC,OAAO,IAAI,CAAC,OAAO,CAAC,qBAAqB,CAAC,EAAE,EAAE,OAAO,CAAC;;AAGjD,IAAA,cAAc,CACnB,OAAmC,EAAA;QAEnC,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,OAAO,CAAC;;IAGtC,aAAa,CAAC,EAAU,EAAE,UAA6B,EAAA;QAC5D,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,EAAE,UAAU,CAAC;;AAGrC,IAAA,eAAe,CACpB,SAAwD,EAAA;AAExD,QAAA,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,SAAS,CAAC;;AAGlC,IAAA,oBAAoB,CAAC,OAAwC,EAAA;AAClE,QAAA,IAAI,CAAC,OAAO,CAAC,oBAAoB,CAAC,OAAO,CAAC;;AAGrC,IAAA,WAAW,CAChB,OAAiD,EAAA;QAEjD,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC;;AAGnC,IAAA,6BAA6B,CAClC,kBAAoE,EAAA;QAEpE,OAAO,IAAI,CAAC,OAAO,CAAC,6BAA6B,CAAC,kBAAkB,CAAC;;AAGhE,IAAA,cAAc,CACnB,OAAiD,EAAA;QAEjD,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,OAAO,CAAC;;IAGtC,MAAM,CACX,UAAkB,EAClB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,EAAE,KAAK,CAAC;;AAGxC,IAAA,cAAc,CACnB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,KAAK,CAAC;;AAGpC,IAAA,YAAY,CACjB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,KAAK,CAAC;;AAGlC,IAAA,iBAAiB,CACtB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC,KAAK,CAAC;;AAGvC,IAAA,eAAe,CACpB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC;;;AAIrC,IAAA,wBAAwB,CAAC,OAAuB,EAAA;QACrD,OAAO,IAAI,CAAC,OAAO,CAAC,wBAAwB,CAAC,OAAO,CAAC;;IAGhD,kBAAkB,CACvB,OAAuB,EACvB,OAAuB,EAAA;QAEvB,OAAO,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,OAAO,EAAE,OAAO,CAAC;;AAG1D,IAAA,IAAW,GAAG,GAAA;QACZ,OAAO;YACL,OAAO,EAAE,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,OAAO;YAC/B,MAAM,EAAE,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM;SAC9B;;AAGH,IAAA,IAAW,KAAK,GAAA;AACd,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK;;AAGpB,IAAA,kBAAkB,CAAC,MAAqB,EAAA;AAC7C,QAAA,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,CAAC;AACvC,QAAA,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC,MAAM,CAAC;;;AAIxC,IAAA,IAAW,IAAI,GAAA;AACb,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI;;AAGzB,IAAA,IAAW,QAAQ,GAAA;AACjB,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ;;AAG7B,IAAA,IAAW,SAAS,GAAA;AAClB,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS;;AAG9B,IAAA,IAAW,QAAQ,GAAA;AACjB,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ;;AAG7B,IAAA,IAAW,mBAAmB,GAAA;AAC5B,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,mBAAmB;;AAGjC,IAAA,mBAAmB,CACxB,SAA8B,EAAA;QAE9B,OAAO,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC,SAAS,CAAC;;AAG5C,IAAA,KAAK,CAAC,OAAuB,EAAE,GAAG,OAAiB,EAAA;QACxD,OAAO,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,GAAG,OAAO,CAAC;;AAGxC,IAAA,oBAAoB,CAAC,OAAuB,EAAA;QACjD,OAAO,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,OAAO,CAAC;;AAG3C,IAAA,UAAU,CAAC,OAAuB,EAAA;QACvC,OAAO,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC;;AAGjC,IAAA,iBAAiB,CAAC,OAAuB,EAAA;QAC9C,OAAO,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,OAAO,CAAC;;;AAIxC,IAAA,mCAAmC,CACxC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,mCAAmC,CAAC,KAAK,CAAC;;AAGxD,IAAA,wCAAwC,CAC7C,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,wCAAwC,CAAC,KAAK,CAAC;;AAG7D,IAAA,2CAA2C,CAChD,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,2CAA2C,CAAC,KAAK,CAAC;;AAGhE,IAAA,wCAAwC,CAC7C,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,wCAAwC,CAAC,KAAK,CAAC;;AAG7D,IAAA,2BAA2B,CAChC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,2BAA2B,CAAC,KAAK,CAAC;;AAGhD,IAAA,6BAA6B,CAClC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,6BAA6B,CAAC,KAAK,CAAC;;AAGlD,IAAA,8BAA8B,CACnC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,8BAA8B,CAAC,KAAK,CAAC;;AAGnD,IAAA,0BAA0B,CAC/B,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,0BAA0B,CAAC,KAAK,CAAC;;AAG/C,IAAA,qBAAqB,CAC1B,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC,KAAK,CAAC;;AAElD;;ACtWD;;AAEG;IACS;AAAZ,CAAA,UAAY,iBAAiB,EAAA;AAC3B,IAAA,iBAAA,CAAA,eAAA,CAAA,GAAA,eAA+B;AAC/B,IAAA,iBAAA,CAAA,SAAA,CAAA,GAAA,SAAmB;AACnB,IAAA,iBAAA,CAAA,WAAA,CAAA,GAAA,WAAuB;AACzB,CAAC,EAJW,iBAAiB,KAAjB,iBAAiB,GAI5B,EAAA,CAAA,CAAA;AAED;;;;AAIG;AACG,MAAO,eAAgB,SAAQ,SAAS,CAAA;AAO5C,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA2B,EAAA;AACnE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;QAPD,IAAc,CAAA,cAAA,GAG3B,EAAqD;AAMvD,QAAA,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC,WAAW;;QAGpC,IAAI,CAAC,gCAAgC,EAAE;QACvC,IAAI,CAAC,0BAA0B,EAAE;QACjC,IAAI,CAAC,4BAA4B,EAAE;;AAGnC,QAAA,IAAI,CAAC,8BAA8B,CAAC,KAAK,CAAC;;AAG5C;;;AAGG;IACK,gCAAgC,GAAA;QACtC,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,gBAAgB,CAC5C,IAAI,EACJ,4BAA4B,EAC5B;YACE,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,IAAI,EAAE,iBAAiB,CAAC,aAAa;AACrC,YAAA,WAAW,EACT,8DAA8D;YAChE,eAAe,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE;YAChD,eAAe,EAAE,CAAC,6CAA6C,CAAC;AAChE,YAAA,YAAY,EAAE;AACZ,gBAAA,OAAO,EAAE,YAAY;AACrB,gBAAA,SAAS,EAAE;AACT,oBAAA;AACE,wBAAA,MAAM,EAAE,OAAO;AACf,wBAAA,MAAM,EAAE;4BACN,wBAAwB;4BACxB,0BAA0B;4BAC1B,wBAAwB;4BACxB,0BAA0B;4BAC1B,oBAAoB;4BACpB,sBAAsB;AACvB,yBAAA;AACD,wBAAA,QAAQ,EAAE,GAAG;AACd,qBAAA;AACF,iBAAA;AACF,aAAA;AACF,SAAA,CACF;QAED,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;QAE5D,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,aAAa,CAAC,GAAG,aAAa;;AAGtE;;;AAGG;IACK,0BAA0B,GAAA;QAChC,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,gBAAgB,CAC5C,IAAI,EACJ,sBAAsB,EACtB;YACE,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,IAAI,EAAE,iBAAiB,CAAC,OAAO;AAC/B,YAAA,WAAW,EACT,mEAAmE;YACrE,eAAe,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE;YAChD,eAAe,EAAE,CAAC,wCAAwC,CAAC;AAC3D,YAAA,YAAY,EAAE;AACZ,gBAAA,OAAO,EAAE,YAAY;AACrB,gBAAA,SAAS,EAAE;AACT,oBAAA;AACE,wBAAA,MAAM,EAAE,OAAO;AACf,wBAAA,MAAM,EAAE;4BACN,wBAAwB;4BACxB,wBAAwB;4BACxB,oBAAoB;4BACpB,yBAAyB;4BACzB,0BAA0B;4BAC1B,cAAc;4BACd,cAAc;4BACd,eAAe;AAChB,yBAAA;AACD,wBAAA,QAAQ,EAAE,GAAG;AACd,qBAAA;AACF,iBAAA;AACF,aAAA;AACF,SAAA,CACF;QAED,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;QAE5D,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,OAAO,CAAC,GAAG,aAAa;;AAGhE;;;AAGG;IACK,4BAA4B,GAAA;QAClC,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,gBAAgB,CAC5C,IAAI,EACJ,wBAAwB,EACxB;YACE,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,IAAI,EAAE,iBAAiB,CAAC,SAAS;AACjC,YAAA,WAAW,EACT,6DAA6D;YAC/D,eAAe,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE;AAChD,YAAA,eAAe,EAAE;gBACf,0DAA0D;AAC3D,aAAA;AACD,YAAA,YAAY,EAAE;AACZ,gBAAA,OAAO,EAAE,YAAY;AACrB,gBAAA,SAAS,EAAE;AACT,oBAAA;AACE,wBAAA,MAAM,EAAE,OAAO;AACf,wBAAA,MAAM,EAAE;4BACN,cAAc;4BACd,QAAQ;4BACR,UAAU;4BACV,cAAc;4BACd,YAAY;4BACZ,MAAM;4BACN,OAAO;4BACP,OAAO;4BACP,UAAU;4BACV,OAAO;4BACP,OAAO;4BACP,aAAa;AACd,yBAAA;AACD,wBAAA,QAAQ,EAAE,GAAG;AACd,qBAAA;AACD,oBAAA;AACE,wBAAA,MAAM,EAAE,MAAM;AACd,wBAAA,MAAM,EAAE;4BACN,YAAY;4BACZ,YAAY;4BACZ,cAAc;4BACd,iBAAiB;4BACjB,WAAW;AACZ,yBAAA;AACD,wBAAA,QAAQ,EAAE,GAAG;AACd,qBAAA;AACF,iBAAA;AACF,aAAA;AACF,SAAA,CACF;QAED,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;QAE5D,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,SAAS,CAAC,GAAG,aAAa;;AAGlE;;AAEG;AACI,IAAA,gBAAgB,CAAC,IAAuB,EAAA;AAC7C,QAAA,OAAO,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC;;AAGlC;;;AAGG;AACK,IAAA,8BAA8B,CAAC,KAA2B,EAAA;;AAEhE,QAAA,IAAI,CAAC,8BAA8B,CAAC,KAAK,CAAC;;AAG1C,QAAA,IAAI,CAAC,wBAAwB,CAAC,KAAK,CAAC;;AAGpC,QAAA,IAAI,CAAC,0BAA0B,CAAC,KAAK,CAAC;;AAGxC;;AAEG;AACK,IAAA,8BAA8B,CAAC,KAA2B,EAAA;AAChE,QAAA,MAAM,kBAAkB,GAAG,KAAK,CAAC,QAAQ,CAAC,cAAc;QACxD,MAAM,0BAA0B,GAC9B,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,aAAa,CAAC;;AAGtD,QAAA,MAAM,WAAW,GAAG;AAClB,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,WAAW;AAC/B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,UAAU;AAC9B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,UAAU;AAC9B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,UAAU;AAC9B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,OAAO;AAC3B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,QAAQ;AAC5B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,KAAK;SAC1B;;QAGD,WAAW,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,KAAK,KAAI;AACvC,YAAA,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,aAAa,CACtC,IAAI,EACJ,CAAA,uBAAA,EAA0B,KAAK,CAAA,CAAE,EACjC;gBACE,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,gBAAgB,EAAE,0BAA0B,CAAC,oBAAoB;AACjE,gBAAA,WAAW,EAAE,kBAAkB;AAC/B,gBAAA,aAAa,EAAE,OAAO;AACtB,gBAAA,QAAQ,EAAE,SAAS;AACnB,gBAAA,UAAU,EAAE,aAAa;AAC1B,aAAA,CACF;YAED,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;AACzD,YAAA,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,gBAAgB,CAAC;AACpD,SAAC,CAAC;;AAGJ;;AAEG;AACK,IAAA,wBAAwB,CAAC,KAA2B,EAAA;AAC1D,QAAA,MAAM,YAAY,GAAG,KAAK,CAAC,QAAQ,CAAC,QAAQ;QAC5C,MAAM,oBAAoB,GAAG,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,OAAO,CAAC;;AAG3E,QAAA,MAAM,eAAe,GAAG;AACtB,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,WAAW;AAC/B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,UAAU;AAC9B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,OAAO;AAC3B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,KAAK;SAC1B;;QAGD,eAAe,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,KAAK,KAAI;AAC3C,YAAA,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,aAAa,CACtC,IAAI,EACJ,CAAA,iBAAA,EAAoB,KAAK,CAAA,CAAE,EAC3B;gBACE,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,gBAAgB,EAAE,oBAAoB,CAAC,oBAAoB;AAC3D,gBAAA,WAAW,EAAE,YAAY;AACzB,gBAAA,aAAa,EAAE,OAAO;AACtB,gBAAA,QAAQ,EAAE,SAAS;AACnB,gBAAA,UAAU,EAAE,aAAa;AAC1B,aAAA,CACF;YAED,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;AACzD,YAAA,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,UAAU,CAAC;AAC9C,SAAC,CAAC;;AAGJ;;AAEG;AACK,IAAA,0BAA0B,CAAC,KAA2B,EAAA;AAC5D,QAAA,MAAM,cAAc,GAAG,KAAK,CAAC,QAAQ,CAAC,UAAU;QAChD,MAAM,sBAAsB,GAC1B,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,SAAS,CAAC;;AAGlD,QAAA,MAAM,iBAAiB,GAAG;AACxB,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,WAAW;AAC/B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,OAAO;AAC3B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,KAAK;SAC1B;;QAGD,iBAAiB,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,KAAK,KAAI;AAC7C,YAAA,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,aAAa,CACtC,IAAI,EACJ,CAAA,mBAAA,EAAsB,KAAK,CAAA,CAAE,EAC7B;gBACE,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,gBAAgB,EAAE,sBAAsB,CAAC,oBAAoB;AAC7D,gBAAA,WAAW,EAAE,cAAc;AAC3B,gBAAA,aAAa,EAAE,OAAO;AACtB,gBAAA,QAAQ,EAAE,SAAS;AACnB,gBAAA,UAAU,EAAE,aAAa;AAC1B,aAAA,CACF;YAED,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;AACzD,YAAA,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,YAAY,CAAC;AAChD,SAAC,CAAC;;AAEL;;AC7VK,MAAO,2BAA4B,SAAQ,eAAe,CAAA;AAC9D,IAAA,WAAA,CACE,KAAgB,EAChB,EAAE,GAAG,iBAAiB,EACtB,KAA4B,EAAA;AAE5B,QAAA,MAAM,YAAY,GAAyB;AACzC,YAAA,MAAM,EAAE,mBAAmB;AAC3B,YAAA,OAAO,EAAE,GAAG,CAAC,IAAI,CAAC,GAAG;AACrB,YAAA,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS;AAC/B,YAAA,GAAG,KAAK;SACT;AAED,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,YAAY,CAAC;;AAEjC;;;;"}
1
+ {"version":3,"file":"index.js","sources":["../../../src/JaypieEnvSecret.ts","../../../src/JaypieHostedZone.ts","../../../src/JaypieMongoDbSecret.ts","../../../src/JaypieOpenAiSecret.ts","../../../src/JaypieQueuedLambda.ts","../../../src/JaypieSsoGroups.ts","../../../src/JaypieTraceSigningKeySecret.ts"],"sourcesContent":["import { Construct } from \"constructs\";\nimport {\n CfnOutput,\n Fn,\n SecretValue,\n Tags,\n RemovalPolicy,\n Stack,\n} from \"aws-cdk-lib\";\nimport * as secretsmanager from \"aws-cdk-lib/aws-secretsmanager\";\nimport { CDK } from \"@jaypie/cdk\";\nimport {\n ISecret,\n ISecretAttachmentTarget,\n RotationSchedule,\n RotationScheduleOptions,\n} from \"aws-cdk-lib/aws-secretsmanager\";\nimport { IKey } from \"aws-cdk-lib/aws-kms\";\nimport {\n Grant,\n IGrantable,\n PolicyStatement,\n AddToResourcePolicyResult,\n} from \"aws-cdk-lib/aws-iam\";\n\n// It is a consumer if the environment is ephemeral\nfunction checkEnvIsConsumer(env = process.env): boolean {\n return (\n env.PROJECT_ENV === CDK.ENV.PERSONAL ||\n !!env.CDK_ENV_PERSONAL ||\n /** @deprecated */ env.PROJECT_ENV === \"ephemeral\" ||\n /** @deprecated */ !!env.CDK_ENV_EPHEMERAL\n );\n}\n\nfunction checkEnvIsProvider(env = process.env): boolean {\n return env.PROJECT_ENV === CDK.ENV.SANDBOX;\n}\n\nfunction cleanName(name: string): string {\n return name.replace(/[^a-zA-Z0-9:-]/g, \"\");\n}\n\nfunction exportEnvName(name: string, env = process.env): string {\n let rawName;\n if (checkEnvIsProvider(env)) {\n rawName = `env-${env.PROJECT_ENV}-${env.PROJECT_KEY}-${name}`;\n // Clean the entire name to only allow alphanumeric, colons, and hyphens\n return cleanName(rawName);\n } else {\n if (checkEnvIsConsumer(env)) {\n rawName = `env-${CDK.ENV.SANDBOX}-${env.PROJECT_KEY}-${name}`;\n } else {\n rawName = `env-${env.PROJECT_ENV}-${env.PROJECT_KEY}-${name}`;\n }\n }\n return cleanName(rawName);\n}\n\nexport interface JaypieEnvSecretProps {\n consumer?: boolean;\n envKey?: string;\n export?: string;\n provider?: boolean;\n roleTag?: string;\n vendorTag?: string;\n value?: string;\n}\n\nexport class JaypieEnvSecret extends Construct implements ISecret {\n private readonly _envKey?: string;\n private readonly _secret: secretsmanager.ISecret;\n\n constructor(scope: Construct, id: string, props?: JaypieEnvSecretProps) {\n super(scope, id);\n\n const {\n consumer = checkEnvIsConsumer(),\n envKey,\n export: exportParam,\n provider = checkEnvIsProvider(),\n roleTag,\n vendorTag,\n value,\n } = props || {};\n\n this._envKey = envKey;\n\n let exportName;\n\n if (!exportParam) {\n exportName = exportEnvName(id);\n } else {\n exportName = cleanName(exportParam);\n }\n\n if (consumer) {\n const secretName = Fn.importValue(exportName);\n this._secret = secretsmanager.Secret.fromSecretNameV2(\n this,\n id,\n secretName,\n );\n\n // Add CfnOutput for consumer secrets\n new CfnOutput(this, `ConsumedName`, {\n value: this._secret.secretName,\n });\n } else {\n const secretValue =\n envKey && process.env[envKey] ? process.env[envKey] : value;\n\n const secretProps: secretsmanager.SecretProps = {\n secretStringValue: secretValue\n ? SecretValue.unsafePlainText(secretValue)\n : undefined,\n };\n\n this._secret = new secretsmanager.Secret(this, id, secretProps);\n\n if (roleTag) {\n Tags.of(this._secret).add(CDK.TAG.ROLE, roleTag);\n }\n\n if (vendorTag) {\n Tags.of(this._secret).add(CDK.TAG.VENDOR, vendorTag);\n }\n\n if (provider) {\n new CfnOutput(this, `ProvidedName`, {\n value: this._secret.secretName,\n exportName,\n });\n } else {\n new CfnOutput(this, `CreatedName`, {\n value: this._secret.secretName,\n });\n }\n }\n }\n\n // IResource implementation\n public get stack(): Stack {\n return Stack.of(this);\n }\n\n public get env(): { account: string; region: string } {\n return {\n account: Stack.of(this).account,\n region: Stack.of(this).region,\n };\n }\n\n public applyRemovalPolicy(policy: RemovalPolicy): void {\n this._secret.applyRemovalPolicy(policy);\n }\n\n // ISecret implementation\n public get secretArn(): string {\n return this._secret.secretArn;\n }\n\n public get secretName(): string {\n return this._secret.secretName;\n }\n\n public get secretFullArn(): string | undefined {\n return this._secret.secretFullArn;\n }\n\n public get encryptionKey(): IKey | undefined {\n return this._secret.encryptionKey;\n }\n\n public get secretValue(): SecretValue {\n return this._secret.secretValue;\n }\n\n public secretValueFromJson(key: string): SecretValue {\n return this._secret.secretValueFromJson(key);\n }\n\n public grantRead(grantee: IGrantable, versionStages?: string[]): Grant {\n return this._secret.grantRead(grantee, versionStages);\n }\n\n public grantWrite(grantee: IGrantable): Grant {\n return this._secret.grantWrite(grantee);\n }\n\n public addRotationSchedule(\n id: string,\n options: RotationScheduleOptions,\n ): RotationSchedule {\n return this._secret.addRotationSchedule(id, options);\n }\n\n public addToResourcePolicy(\n statement: PolicyStatement,\n ): AddToResourcePolicyResult {\n return this._secret.addToResourcePolicy(statement);\n }\n\n public denyAccountRootDelete(): void {\n this._secret.denyAccountRootDelete();\n }\n\n public attach(target: ISecretAttachmentTarget): ISecret {\n return this._secret.attach(target);\n }\n\n public get envKey(): string | undefined {\n return this._envKey;\n }\n}\n","import { CDK } from \"@jaypie/cdk\";\nimport * as cdk from \"aws-cdk-lib\";\nimport { ServicePrincipal } from \"aws-cdk-lib/aws-iam\";\nimport {\n LogGroup,\n FilterPattern,\n RetentionDays,\n ILogGroup,\n} from \"aws-cdk-lib/aws-logs\";\nimport { HostedZone, IHostedZone } from \"aws-cdk-lib/aws-route53\";\nimport { Construct } from \"constructs\";\nimport { LambdaDestination } from \"aws-cdk-lib/aws-logs-destinations\";\n\nconst SERVICE = {\n ROUTE53: \"route53.amazonaws.com\",\n} as const;\n\ninterface JaypieHostedZoneProps {\n /**\n * The domain name for the hosted zone\n */\n zoneName: string;\n /**\n * The service tag value\n * @default CDK.SERVICE.INFRASTRUCTURE\n */\n service?: string;\n /**\n * Optional project tag value\n */\n project?: string;\n /**\n * Optional log destination\n */\n destination?: LambdaDestination;\n}\n\nexport class JaypieHostedZone extends Construct {\n public readonly hostedZone: IHostedZone;\n public readonly logGroup: ILogGroup;\n\n /**\n * Create a new hosted zone with query logging\n */\n constructor(scope: Construct, id: string, props: JaypieHostedZoneProps) {\n super(scope, id);\n\n const { destination, zoneName, project } = props;\n const service = props.service || CDK.SERVICE.INFRASTRUCTURE;\n\n // Create the log group\n this.logGroup = new LogGroup(this, \"LogGroup\", {\n logGroupName: process.env.PROJECT_NONCE\n ? `/aws/route53/${zoneName}-${process.env.PROJECT_NONCE}`\n : `/aws/route53/${zoneName}`,\n retention: RetentionDays.ONE_WEEK,\n });\n\n // Add tags\n cdk.Tags.of(this.logGroup).add(CDK.TAG.SERVICE, service);\n cdk.Tags.of(this.logGroup).add(CDK.TAG.ROLE, CDK.ROLE.NETWORKING);\n if (project) {\n cdk.Tags.of(this.logGroup).add(CDK.TAG.PROJECT, project);\n }\n\n // Grant Route 53 permissions to write to the log group\n this.logGroup.grantWrite(new ServicePrincipal(SERVICE.ROUTE53));\n\n // Add destination if provided\n if (destination) {\n this.logGroup.addSubscriptionFilter(\"DatadogLambdaDestination\", {\n destination,\n filterPattern: FilterPattern.allEvents(),\n });\n }\n\n // Create the hosted zone\n this.hostedZone = new HostedZone(this, \"HostedZone\", {\n queryLogsLogGroupArn: this.logGroup.logGroupArn,\n zoneName,\n });\n\n // Add tags\n cdk.Tags.of(this.hostedZone).add(CDK.TAG.SERVICE, service);\n cdk.Tags.of(this.hostedZone).add(CDK.TAG.ROLE, CDK.ROLE.NETWORKING);\n if (project) {\n cdk.Tags.of(this.hostedZone).add(CDK.TAG.PROJECT, project);\n }\n }\n}\n","import { Construct } from \"constructs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport { JaypieEnvSecret, JaypieEnvSecretProps } from \"./JaypieEnvSecret\";\n\nexport class JaypieMongoDbSecret extends JaypieEnvSecret {\n constructor(\n scope: Construct,\n id = \"MongoConnectionString\",\n props?: JaypieEnvSecretProps,\n ) {\n const defaultProps: JaypieEnvSecretProps = {\n envKey: \"MONGODB_URI\",\n roleTag: CDK.ROLE.STORAGE,\n vendorTag: CDK.VENDOR.MONGODB,\n ...props,\n };\n\n super(scope, id, defaultProps);\n }\n}\n","import { Construct } from \"constructs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport { JaypieEnvSecret, JaypieEnvSecretProps } from \"./JaypieEnvSecret\";\n\nexport class JaypieOpenAiSecret extends JaypieEnvSecret {\n constructor(\n scope: Construct,\n id = \"OpenAiApiKey\",\n props?: JaypieEnvSecretProps,\n ) {\n const defaultProps: JaypieEnvSecretProps = {\n envKey: \"OPENAI_API_KEY\",\n roleTag: CDK.ROLE.PROCESSING,\n vendorTag: CDK.VENDOR.OPENAI,\n ...props,\n };\n\n super(scope, id, defaultProps);\n }\n}\n","import { Construct } from \"constructs\";\nimport { Duration, Tags, Stack, RemovalPolicy } from \"aws-cdk-lib\";\nimport * as lambda from \"aws-cdk-lib/aws-lambda\";\nimport * as sqs from \"aws-cdk-lib/aws-sqs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport * as lambdaEventSources from \"aws-cdk-lib/aws-lambda-event-sources\";\nimport * as iam from \"aws-cdk-lib/aws-iam\";\nimport * as cloudwatch from \"aws-cdk-lib/aws-cloudwatch\";\nimport * as kms from \"aws-cdk-lib/aws-kms\";\nimport * as secretsmanager from \"aws-cdk-lib/aws-secretsmanager\";\nimport { JaypieEnvSecret } from \"./JaypieEnvSecret.js\";\n\nexport interface JaypieQueuedLambdaProps {\n batchSize?: number;\n code: lambda.Code | string;\n environment?: { [key: string]: string };\n envSecrets?: { [key: string]: secretsmanager.ISecret };\n fifo?: boolean;\n handler: string;\n layers?: lambda.ILayerVersion[];\n logRetention?: number;\n memorySize?: number;\n paramsAndSecrets?: lambda.ParamsAndSecretsLayerVersion;\n reservedConcurrentExecutions?: number;\n roleTag?: string;\n runtime?: lambda.Runtime;\n secrets?: JaypieEnvSecret[];\n timeout?: Duration | number;\n vendorTag?: string;\n visibilityTimeout?: Duration | number;\n}\n\nexport class JaypieQueuedLambda\n extends Construct\n implements lambda.IFunction, sqs.IQueue\n{\n private readonly _queue: sqs.Queue;\n private readonly _lambda: lambda.Function;\n private readonly _code: lambda.Code;\n\n constructor(scope: Construct, id: string, props: JaypieQueuedLambdaProps) {\n super(scope, id);\n\n const {\n batchSize = 1,\n code,\n environment = {},\n envSecrets = {},\n fifo = true,\n handler = \"index.handler\",\n layers = [],\n logRetention = CDK.LAMBDA.LOG_RETENTION,\n memorySize = CDK.LAMBDA.MEMORY_SIZE,\n paramsAndSecrets,\n reservedConcurrentExecutions,\n roleTag,\n runtime = lambda.Runtime.NODEJS_20_X,\n secrets = [],\n timeout = Duration.seconds(CDK.DURATION.LAMBDA_WORKER),\n vendorTag,\n visibilityTimeout = Duration.seconds(CDK.DURATION.LAMBDA_WORKER),\n } = props;\n\n this._code = typeof code === \"string\" ? lambda.Code.fromAsset(code) : code;\n\n // Create SQS Queue\n this._queue = new sqs.Queue(this, \"Queue\", {\n fifo,\n visibilityTimeout:\n typeof visibilityTimeout === \"number\"\n ? Duration.seconds(visibilityTimeout)\n : visibilityTimeout,\n });\n if (roleTag) {\n Tags.of(this._queue).add(CDK.TAG.ROLE, roleTag);\n }\n if (vendorTag) {\n Tags.of(this._queue).add(CDK.TAG.VENDOR, vendorTag);\n }\n\n // Process secrets environment variables\n const secretsEnvironment = Object.entries(envSecrets).reduce(\n (acc, [key, secret]) => ({\n ...acc,\n [`SECRET_${key}`]: secret.secretName,\n }),\n {},\n );\n\n // Process JaypieEnvSecret array\n const jaypieSecretsEnvironment = secrets.reduce((acc, secret) => {\n if (secret.envKey) {\n return {\n ...acc,\n [`SECRET_${secret.envKey}`]: secret.secretName,\n };\n }\n return acc;\n }, {});\n\n // Create Lambda Function\n this._lambda = new lambda.Function(this, \"Function\", {\n code: this._code,\n environment: {\n CDK_ENV_QUEUE_URL: this._queue.queueUrl,\n ...environment,\n ...secretsEnvironment,\n ...jaypieSecretsEnvironment,\n },\n handler,\n layers,\n logRetention,\n memorySize,\n paramsAndSecrets,\n reservedConcurrentExecutions,\n runtime,\n timeout:\n typeof timeout === \"number\" ? Duration.seconds(timeout) : timeout,\n });\n\n // Grant secret read permissions\n Object.values(envSecrets).forEach((secret) => {\n secret.grantRead(this._lambda);\n });\n\n // Grant read permissions for JaypieEnvSecrets\n secrets.forEach((secret) => {\n secret.grantRead(this);\n secret.grantRead(this._lambda);\n });\n\n this._queue.grantConsumeMessages(this._lambda);\n this._queue.grantSendMessages(this._lambda);\n this._lambda.addEventSource(\n new lambdaEventSources.SqsEventSource(this._queue, {\n batchSize,\n }),\n );\n if (roleTag) {\n Tags.of(this._lambda).add(CDK.TAG.ROLE, roleTag);\n }\n if (vendorTag) {\n Tags.of(this._lambda).add(CDK.TAG.VENDOR, vendorTag);\n }\n }\n\n // Public accessors\n public get queue(): sqs.Queue {\n return this._queue;\n }\n\n public get lambda(): lambda.Function {\n return this._lambda;\n }\n\n public get code(): lambda.Code {\n return this._code;\n }\n\n // IFunction implementation\n public get functionArn(): string {\n return this._lambda.functionArn;\n }\n\n public get functionName(): string {\n return this._lambda.functionName;\n }\n\n public get grantPrincipal(): import(\"aws-cdk-lib/aws-iam\").IPrincipal {\n return this._lambda.grantPrincipal;\n }\n\n public get role(): import(\"aws-cdk-lib/aws-iam\").IRole | undefined {\n return this._lambda.role;\n }\n\n public get architecture(): lambda.Architecture {\n return this._lambda.architecture;\n }\n\n public get connections(): import(\"aws-cdk-lib/aws-ec2\").Connections {\n return this._lambda.connections;\n }\n\n public get isBoundToVpc(): boolean {\n return this._lambda.isBoundToVpc;\n }\n\n public get latestVersion(): lambda.IVersion {\n return this._lambda.latestVersion;\n }\n\n public get permissionsNode(): import(\"constructs\").Node {\n return this._lambda.permissionsNode;\n }\n\n public get resourceArnsForGrantInvoke(): string[] {\n return this._lambda.resourceArnsForGrantInvoke;\n }\n\n public addEventSource(source: lambda.IEventSource): void {\n this._lambda.addEventSource(source);\n }\n\n public addEventSourceMapping(\n id: string,\n options: lambda.EventSourceMappingOptions,\n ): lambda.EventSourceMapping {\n return this._lambda.addEventSourceMapping(id, options);\n }\n\n public addFunctionUrl(\n options?: lambda.FunctionUrlOptions,\n ): lambda.FunctionUrl {\n return this._lambda.addFunctionUrl(options);\n }\n\n public addPermission(id: string, permission: lambda.Permission): void {\n this._lambda.addPermission(id, permission);\n }\n\n public addToRolePolicy(\n statement: import(\"aws-cdk-lib/aws-iam\").PolicyStatement,\n ): void {\n this._lambda.addToRolePolicy(statement);\n }\n\n public configureAsyncInvoke(options: lambda.EventInvokeConfigOptions): void {\n this._lambda.configureAsyncInvoke(options);\n }\n\n public grantInvoke(\n grantee: import(\"aws-cdk-lib/aws-iam\").IGrantable,\n ): import(\"aws-cdk-lib/aws-iam\").Grant {\n return this._lambda.grantInvoke(grantee);\n }\n\n public grantInvokeCompositePrincipal(\n compositePrincipal: import(\"aws-cdk-lib/aws-iam\").CompositePrincipal,\n ): import(\"aws-cdk-lib/aws-iam\").Grant[] {\n return this._lambda.grantInvokeCompositePrincipal(compositePrincipal);\n }\n\n public grantInvokeUrl(\n grantee: import(\"aws-cdk-lib/aws-iam\").IGrantable,\n ): import(\"aws-cdk-lib/aws-iam\").Grant {\n return this._lambda.grantInvokeUrl(grantee);\n }\n\n public metric(\n metricName: string,\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metric(metricName, props);\n }\n\n public metricDuration(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricDuration(props);\n }\n\n public metricErrors(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricErrors(props);\n }\n\n public metricInvocations(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricInvocations(props);\n }\n\n public metricThrottles(\n props?: import(\"aws-cdk-lib/aws-cloudwatch\").MetricOptions,\n ): import(\"aws-cdk-lib/aws-cloudwatch\").Metric {\n return this._lambda.metricThrottles(props);\n }\n\n // Additional IFunction implementation\n public grantInvokeLatestVersion(grantee: iam.IGrantable): iam.Grant {\n return this._lambda.grantInvokeLatestVersion(grantee);\n }\n\n public grantInvokeVersion(\n grantee: iam.IGrantable,\n version: lambda.Version,\n ): iam.Grant {\n return this._lambda.grantInvokeVersion(grantee, version);\n }\n\n public get env() {\n return {\n account: Stack.of(this).account,\n region: Stack.of(this).region,\n };\n }\n\n public get stack(): Stack {\n return this._lambda.stack;\n }\n\n public applyRemovalPolicy(policy: RemovalPolicy): void {\n this._lambda.applyRemovalPolicy(policy);\n this._queue.applyRemovalPolicy(policy);\n }\n\n // IQueue implementation\n public get fifo(): boolean {\n return this._queue.fifo;\n }\n\n public get queueArn(): string {\n return this._queue.queueArn;\n }\n\n public get queueName(): string {\n return this._queue.queueName;\n }\n\n public get queueUrl(): string {\n return this._queue.queueUrl;\n }\n\n public get encryptionMasterKey(): kms.IKey | undefined {\n return this._queue.encryptionMasterKey;\n }\n\n public addToResourcePolicy(\n statement: iam.PolicyStatement,\n ): iam.AddToResourcePolicyResult {\n return this._queue.addToResourcePolicy(statement);\n }\n\n public grant(grantee: iam.IGrantable, ...actions: string[]): iam.Grant {\n return this._queue.grant(grantee, ...actions);\n }\n\n public grantConsumeMessages(grantee: iam.IGrantable): iam.Grant {\n return this._queue.grantConsumeMessages(grantee);\n }\n\n public grantPurge(grantee: iam.IGrantable): iam.Grant {\n return this._queue.grantPurge(grantee);\n }\n\n public grantSendMessages(grantee: iam.IGrantable): iam.Grant {\n return this._queue.grantSendMessages(grantee);\n }\n\n // Queue metrics\n public metricApproximateAgeOfOldestMessage(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateAgeOfOldestMessage(props);\n }\n\n public metricApproximateNumberOfMessagesDelayed(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateNumberOfMessagesDelayed(props);\n }\n\n public metricApproximateNumberOfMessagesNotVisible(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateNumberOfMessagesNotVisible(props);\n }\n\n public metricApproximateNumberOfMessagesVisible(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricApproximateNumberOfMessagesVisible(props);\n }\n\n public metricNumberOfEmptyReceives(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfEmptyReceives(props);\n }\n\n public metricNumberOfMessagesDeleted(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfMessagesDeleted(props);\n }\n\n public metricNumberOfMessagesReceived(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfMessagesReceived(props);\n }\n\n public metricNumberOfMessagesSent(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricNumberOfMessagesSent(props);\n }\n\n public metricSentMessageSize(\n props?: cloudwatch.MetricOptions,\n ): cloudwatch.Metric {\n return this._queue.metricSentMessageSize(props);\n }\n}\n","import { Construct } from \"constructs\";\nimport { Tags, Duration } from \"aws-cdk-lib\";\nimport * as sso from \"aws-cdk-lib/aws-sso\";\nimport { CDK } from \"@jaypie/cdk\";\n\n/**\n * Account categories for SSO group assignments\n */\nexport interface JaypieSsoAccountMap {\n development: string[];\n management: string[];\n operations: string[];\n production: string[];\n sandbox: string[];\n security: string[];\n stage: string[];\n}\n\n/**\n * Mapping of group types to Google Workspace group GUIDs\n */\nexport interface JaypieSsoGroupMap {\n administrators: string;\n analysts: string;\n developers: string;\n}\n\n/**\n * IAM Policy Statement structure for inline policies\n */\nexport interface PolicyStatement {\n Effect: \"Allow\" | \"Deny\";\n Action: string[] | string;\n Resource: string[] | string;\n Condition?: Record<string, unknown>;\n}\n\n/**\n * Properties for the JaypieSsoGroups construct\n */\nexport interface JaypieSsoGroupsProps {\n /**\n * ARN of the IAM Identity Center instance\n */\n instanceArn: string;\n\n /**\n * Mapping of account categories to AWS account IDs\n */\n accountMap: JaypieSsoAccountMap;\n\n /**\n * Mapping of group types to Google Workspace group GUIDs\n */\n groupMap: JaypieSsoGroupMap;\n\n /**\n * Additional inline policy statements to append to each group's permission set\n * Each group can have its own set of policy statements that will be merged\n * with the default policies.\n */\n inlinePolicyStatements?: {\n administrators?: PolicyStatement[];\n analysts?: PolicyStatement[];\n developers?: PolicyStatement[];\n };\n}\n\n/**\n * Permission set types with corresponding AWS managed policies\n */\nexport enum PermissionSetType {\n ADMINISTRATOR = \"Administrator\",\n ANALYST = \"Analyst\",\n DEVELOPER = \"Developer\",\n}\n\n/**\n * Construct to simplify AWS SSO group management.\n * This construct encapsulates the complexity of creating permission sets\n * and assigning them to groups across multiple AWS accounts.\n */\nexport class JaypieSsoGroups extends Construct {\n private readonly permissionSets: Record<\n PermissionSetType,\n sso.CfnPermissionSet\n > = {} as Record<PermissionSetType, sso.CfnPermissionSet>;\n private readonly instanceArn: string;\n private readonly props: JaypieSsoGroupsProps;\n\n constructor(scope: Construct, id: string, props: JaypieSsoGroupsProps) {\n super(scope, id);\n\n this.instanceArn = props.instanceArn;\n this.props = props;\n\n // Create the permission sets\n this.createAdministratorPermissionSet();\n this.createAnalystPermissionSet();\n this.createDeveloperPermissionSet();\n\n // Create the assignments\n this.createPermissionSetAssignments(props);\n }\n\n /**\n * Creates the Administrator permission set with AdministratorAccess policy\n * and billing access\n */\n private createAdministratorPermissionSet(): void {\n const defaultInlinePolicy = {\n Version: \"2012-10-17\",\n Statement: [\n {\n Effect: \"Allow\",\n Action: [\n \"aws-portal:*\",\n \"budgets:*\",\n \"ce:*\",\n \"cost-optimization-hub:*\",\n ],\n Resource: \"*\",\n },\n ],\n };\n\n // Merge with any additional policy statements provided for administrators\n const mergedPolicy = this.mergeInlinePolicies(\n defaultInlinePolicy,\n this.props?.inlinePolicyStatements?.administrators,\n );\n\n const permissionSet = new sso.CfnPermissionSet(\n this,\n \"AdministratorPermissionSet\",\n {\n instanceArn: this.instanceArn,\n name: PermissionSetType.ADMINISTRATOR,\n description:\n \"Full administrative access to all AWS services and resources\",\n sessionDuration: Duration.hours(8).toIsoString(),\n managedPolicies: [\"arn:aws:iam::aws:policy/AdministratorAccess\"],\n inlinePolicy: mergedPolicy,\n },\n );\n\n Tags.of(permissionSet).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n\n this.permissionSets[PermissionSetType.ADMINISTRATOR] = permissionSet;\n }\n\n /**\n * Creates the Analyst permission set with ReadOnlyAccess policy\n * and limited write access\n */\n private createAnalystPermissionSet(): void {\n const defaultInlinePolicy = {\n Version: \"2012-10-17\",\n Statement: [\n {\n Effect: \"Allow\",\n Action: [\n \"aws-portal:ViewBilling\",\n \"aws-portal:ViewAccount\",\n \"budgets:ViewBudget\",\n \"cloudwatch:PutDashboard\",\n \"cloudwatch:PutMetricData\",\n \"s3:PutObject\",\n \"s3:GetObject\",\n \"s3:ListBucket\",\n ],\n Resource: \"*\",\n },\n ],\n };\n\n // Merge with any additional policy statements provided for analysts\n const mergedPolicy = this.mergeInlinePolicies(\n defaultInlinePolicy,\n this.props?.inlinePolicyStatements?.analysts,\n );\n\n const permissionSet = new sso.CfnPermissionSet(\n this,\n \"AnalystPermissionSet\",\n {\n instanceArn: this.instanceArn,\n name: PermissionSetType.ANALYST,\n description:\n \"Read-only access with billing visibility and limited write access\",\n sessionDuration: Duration.hours(4).toIsoString(),\n managedPolicies: [\"arn:aws:iam::aws:policy/ReadOnlyAccess\"],\n inlinePolicy: mergedPolicy,\n },\n );\n\n Tags.of(permissionSet).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n\n this.permissionSets[PermissionSetType.ANALYST] = permissionSet;\n }\n\n /**\n * Creates the Developer permission set with SystemAdministrator policy\n * and expanded write access\n */\n private createDeveloperPermissionSet(): void {\n const defaultInlinePolicy = {\n Version: \"2012-10-17\",\n Statement: [\n {\n Effect: \"Allow\",\n Action: [\n \"cloudwatch:*\",\n \"logs:*\",\n \"lambda:*\",\n \"apigateway:*\",\n \"dynamodb:*\",\n \"s3:*\",\n \"sns:*\",\n \"sqs:*\",\n \"events:*\",\n \"ecr:*\",\n \"ecs:*\",\n \"codebuild:*\",\n ],\n Resource: \"*\",\n },\n {\n Effect: \"Deny\",\n Action: [\n \"iam:*User*\",\n \"iam:*Role*\",\n \"iam:*Policy*\",\n \"organizations:*\",\n \"account:*\",\n ],\n Resource: \"*\",\n },\n ],\n };\n\n // Merge with any additional policy statements provided for developers\n const mergedPolicy = this.mergeInlinePolicies(\n defaultInlinePolicy,\n this.props?.inlinePolicyStatements?.developers,\n );\n\n const permissionSet = new sso.CfnPermissionSet(\n this,\n \"DeveloperPermissionSet\",\n {\n instanceArn: this.instanceArn,\n name: PermissionSetType.DEVELOPER,\n description:\n \"System administrator access with expanded write permissions\",\n sessionDuration: Duration.hours(8).toIsoString(),\n managedPolicies: [\n \"arn:aws:iam::aws:policy/job-function/SystemAdministrator\",\n ],\n inlinePolicy: mergedPolicy,\n },\n );\n\n Tags.of(permissionSet).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n\n this.permissionSets[PermissionSetType.DEVELOPER] = permissionSet;\n }\n\n /**\n * Gets the permission set for the specified type\n */\n public getPermissionSet(type: PermissionSetType): sso.CfnPermissionSet {\n return this.permissionSets[type];\n }\n\n /**\n * Merges default inline policies with additional user-provided policy statements\n *\n * @param defaultPolicy - The default policy object with Version and Statement properties\n * @param additionalStatements - Optional additional policy statements to merge\n * @returns The merged policy object\n */\n private mergeInlinePolicies(\n defaultPolicy: Record<string, unknown>,\n additionalStatements?: PolicyStatement[],\n ): Record<string, unknown> {\n if (!additionalStatements || additionalStatements.length === 0) {\n return defaultPolicy;\n }\n\n // Create a deep copy of the default policy to avoid modifying the original\n const mergedPolicy = JSON.parse(JSON.stringify(defaultPolicy));\n\n // Add the additional statements to the existing statements\n mergedPolicy.Statement = [\n ...mergedPolicy.Statement,\n ...additionalStatements,\n ];\n\n return mergedPolicy;\n }\n\n /**\n * Creates assignments between permission sets, groups, and accounts\n * based on the provided configuration\n */\n private createPermissionSetAssignments(props: JaypieSsoGroupsProps): void {\n // Administrator assignments\n this.assignAdministratorPermissions(props);\n\n // Analyst assignments\n this.assignAnalystPermissions(props);\n\n // Developer assignments\n this.assignDeveloperPermissions(props);\n }\n\n /**\n * Assigns Administrator permissions to appropriate accounts\n */\n private assignAdministratorPermissions(props: JaypieSsoGroupsProps): void {\n const administratorGroup = props.groupMap.administrators;\n const administratorPermissionSet =\n this.permissionSets[PermissionSetType.ADMINISTRATOR];\n\n // Administrators get access to all accounts\n const allAccounts = [\n ...props.accountMap.development,\n ...props.accountMap.management,\n ...props.accountMap.operations,\n ...props.accountMap.production,\n ...props.accountMap.sandbox,\n ...props.accountMap.security,\n ...props.accountMap.stage,\n ];\n\n // Create assignments for each account\n allAccounts.forEach((accountId, index) => {\n const assignment = new sso.CfnAssignment(\n this,\n `AdministratorAssignment${index}`,\n {\n instanceArn: this.instanceArn,\n permissionSetArn: administratorPermissionSet.attrPermissionSetArn,\n principalId: administratorGroup,\n principalType: \"GROUP\",\n targetId: accountId,\n targetType: \"AWS_ACCOUNT\",\n },\n );\n\n Tags.of(assignment).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n Tags.of(assignment).add(\"Group\", \"administrators\");\n });\n }\n\n /**\n * Assigns Analyst permissions to appropriate accounts\n */\n private assignAnalystPermissions(props: JaypieSsoGroupsProps): void {\n const analystGroup = props.groupMap.analysts;\n const analystPermissionSet = this.permissionSets[PermissionSetType.ANALYST];\n\n // Analysts get access to development, management, sandbox, and stage accounts\n const analystAccounts = [\n ...props.accountMap.development,\n ...props.accountMap.management,\n ...props.accountMap.sandbox,\n ...props.accountMap.stage,\n ];\n\n // Create assignments for each account\n analystAccounts.forEach((accountId, index) => {\n const assignment = new sso.CfnAssignment(\n this,\n `AnalystAssignment${index}`,\n {\n instanceArn: this.instanceArn,\n permissionSetArn: analystPermissionSet.attrPermissionSetArn,\n principalId: analystGroup,\n principalType: \"GROUP\",\n targetId: accountId,\n targetType: \"AWS_ACCOUNT\",\n },\n );\n\n Tags.of(assignment).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n Tags.of(assignment).add(\"Group\", \"analysts\");\n });\n }\n\n /**\n * Assigns Developer permissions to appropriate accounts\n */\n private assignDeveloperPermissions(props: JaypieSsoGroupsProps): void {\n const developerGroup = props.groupMap.developers;\n const developerPermissionSet =\n this.permissionSets[PermissionSetType.DEVELOPER];\n\n // Developers get access to development, sandbox, and stage accounts\n const developerAccounts = [\n ...props.accountMap.development,\n ...props.accountMap.sandbox,\n ...props.accountMap.stage,\n ];\n\n // Create assignments for each account\n developerAccounts.forEach((accountId, index) => {\n const assignment = new sso.CfnAssignment(\n this,\n `DeveloperAssignment${index}`,\n {\n instanceArn: this.instanceArn,\n permissionSetArn: developerPermissionSet.attrPermissionSetArn,\n principalId: developerGroup,\n principalType: \"GROUP\",\n targetId: accountId,\n targetType: \"AWS_ACCOUNT\",\n },\n );\n\n Tags.of(assignment).add(CDK.TAG.SERVICE, CDK.SERVICE.SSO);\n Tags.of(assignment).add(\"Group\", \"developers\");\n });\n }\n}\n","import { Construct } from \"constructs\";\nimport { CDK } from \"@jaypie/cdk\";\nimport { JaypieEnvSecret, JaypieEnvSecretProps } from \"./JaypieEnvSecret\";\n\nexport class JaypieTraceSigningKeySecret extends JaypieEnvSecret {\n constructor(\n scope: Construct,\n id = \"TraceSigningKey\",\n props?: JaypieEnvSecretProps,\n ) {\n const defaultProps: JaypieEnvSecretProps = {\n envKey: \"TRACE_SIGNING_KEY\",\n roleTag: CDK.ROLE.API,\n vendorTag: CDK.VENDOR.KNOWTRACE,\n ...props,\n };\n\n super(scope, id, defaultProps);\n }\n}\n"],"names":[],"mappings":";;;;;;;;;;;;;AAyBA;AACA,SAAS,kBAAkB,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,EAAA;IAC3C,QACE,GAAG,CAAC,WAAW,KAAK,GAAG,CAAC,GAAG,CAAC,QAAQ;QACpC,CAAC,CAAC,GAAG,CAAC,gBAAgB;AACtB,2BAAmB,GAAG,CAAC,WAAW,KAAK,WAAW;AAClD,2BAAmB,CAAC,CAAC,GAAG,CAAC,iBAAiB;AAE9C;AAEA,SAAS,kBAAkB,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,EAAA;IAC3C,OAAO,GAAG,CAAC,WAAW,KAAK,GAAG,CAAC,GAAG,CAAC,OAAO;AAC5C;AAEA,SAAS,SAAS,CAAC,IAAY,EAAA;IAC7B,OAAO,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,EAAE,CAAC;AAC5C;AAEA,SAAS,aAAa,CAAC,IAAY,EAAE,GAAG,GAAG,OAAO,CAAC,GAAG,EAAA;AACpD,IAAA,IAAI,OAAO;AACX,IAAA,IAAI,kBAAkB,CAAC,GAAG,CAAC,EAAE;AAC3B,QAAA,OAAO,GAAG,CAAA,IAAA,EAAO,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,IAAI,CAAA,CAAE;;AAE7D,QAAA,OAAO,SAAS,CAAC,OAAO,CAAC;;SACpB;AACL,QAAA,IAAI,kBAAkB,CAAC,GAAG,CAAC,EAAE;AAC3B,YAAA,OAAO,GAAG,CAAA,IAAA,EAAO,GAAG,CAAC,GAAG,CAAC,OAAO,CAAI,CAAA,EAAA,GAAG,CAAC,WAAW,CAAI,CAAA,EAAA,IAAI,EAAE;;aACxD;AACL,YAAA,OAAO,GAAG,CAAA,IAAA,EAAO,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,GAAG,CAAC,WAAW,CAAA,CAAA,EAAI,IAAI,CAAA,CAAE;;;AAGjE,IAAA,OAAO,SAAS,CAAC,OAAO,CAAC;AAC3B;AAYM,MAAO,eAAgB,SAAQ,SAAS,CAAA;AAI5C,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA4B,EAAA;AACpE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;QAEhB,MAAM,EACJ,QAAQ,GAAG,kBAAkB,EAAE,EAC/B,MAAM,EACN,MAAM,EAAE,WAAW,EACnB,QAAQ,GAAG,kBAAkB,EAAE,EAC/B,OAAO,EACP,SAAS,EACT,KAAK,GACN,GAAG,KAAK,IAAI,EAAE;AAEf,QAAA,IAAI,CAAC,OAAO,GAAG,MAAM;AAErB,QAAA,IAAI,UAAU;QAEd,IAAI,CAAC,WAAW,EAAE;AAChB,YAAA,UAAU,GAAG,aAAa,CAAC,EAAE,CAAC;;aACzB;AACL,YAAA,UAAU,GAAG,SAAS,CAAC,WAAW,CAAC;;QAGrC,IAAI,QAAQ,EAAE;YACZ,MAAM,UAAU,GAAG,EAAE,CAAC,WAAW,CAAC,UAAU,CAAC;AAC7C,YAAA,IAAI,CAAC,OAAO,GAAG,cAAc,CAAC,MAAM,CAAC,gBAAgB,CACnD,IAAI,EACJ,EAAE,EACF,UAAU,CACX;;AAGD,YAAA,IAAI,SAAS,CAAC,IAAI,EAAE,cAAc,EAAE;AAClC,gBAAA,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU;AAC/B,aAAA,CAAC;;aACG;YACL,MAAM,WAAW,GACf,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,KAAK;AAE7D,YAAA,MAAM,WAAW,GAA+B;AAC9C,gBAAA,iBAAiB,EAAE;AACjB,sBAAE,WAAW,CAAC,eAAe,CAAC,WAAW;AACzC,sBAAE,SAAS;aACd;AAED,YAAA,IAAI,CAAC,OAAO,GAAG,IAAI,cAAc,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,EAAE,WAAW,CAAC;YAE/D,IAAI,OAAO,EAAE;AACX,gBAAA,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC;;YAGlD,IAAI,SAAS,EAAE;AACb,gBAAA,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC;;YAGtD,IAAI,QAAQ,EAAE;AACZ,gBAAA,IAAI,SAAS,CAAC,IAAI,EAAE,cAAc,EAAE;AAClC,oBAAA,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU;oBAC9B,UAAU;AACX,iBAAA,CAAC;;iBACG;AACL,gBAAA,IAAI,SAAS,CAAC,IAAI,EAAE,aAAa,EAAE;AACjC,oBAAA,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU;AAC/B,iBAAA,CAAC;;;;;AAMR,IAAA,IAAW,KAAK,GAAA;AACd,QAAA,OAAO,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC;;AAGvB,IAAA,IAAW,GAAG,GAAA;QACZ,OAAO;YACL,OAAO,EAAE,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,OAAO;YAC/B,MAAM,EAAE,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM;SAC9B;;AAGI,IAAA,kBAAkB,CAAC,MAAqB,EAAA;AAC7C,QAAA,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,CAAC;;;AAIzC,IAAA,IAAW,SAAS,GAAA;AAClB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS;;AAG/B,IAAA,IAAW,UAAU,GAAA;AACnB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU;;AAGhC,IAAA,IAAW,aAAa,GAAA;AACtB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,aAAa;;AAGnC,IAAA,IAAW,aAAa,GAAA;AACtB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,aAAa;;AAGnC,IAAA,IAAW,WAAW,GAAA;AACpB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW;;AAG1B,IAAA,mBAAmB,CAAC,GAAW,EAAA;QACpC,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,GAAG,CAAC;;IAGvC,SAAS,CAAC,OAAmB,EAAE,aAAwB,EAAA;QAC5D,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,OAAO,EAAE,aAAa,CAAC;;AAGhD,IAAA,UAAU,CAAC,OAAmB,EAAA;QACnC,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC;;IAGlC,mBAAmB,CACxB,EAAU,EACV,OAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,EAAE,EAAE,OAAO,CAAC;;AAG/C,IAAA,mBAAmB,CACxB,SAA0B,EAAA;QAE1B,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,SAAS,CAAC;;IAG7C,qBAAqB,GAAA;AAC1B,QAAA,IAAI,CAAC,OAAO,CAAC,qBAAqB,EAAE;;AAG/B,IAAA,MAAM,CAAC,MAA+B,EAAA;QAC3C,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC;;AAGpC,IAAA,IAAW,MAAM,GAAA;QACf,OAAO,IAAI,CAAC,OAAO;;AAEtB;;ACzMD,MAAM,OAAO,GAAG;AACd,IAAA,OAAO,EAAE,uBAAuB;CACxB;AAsBJ,MAAO,gBAAiB,SAAQ,SAAS,CAAA;AAI7C;;AAEG;AACH,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA4B,EAAA;AACpE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;QAEhB,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,OAAO,EAAE,GAAG,KAAK;QAChD,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,IAAI,GAAG,CAAC,OAAO,CAAC,cAAc;;QAG3D,IAAI,CAAC,QAAQ,GAAG,IAAI,QAAQ,CAAC,IAAI,EAAE,UAAU,EAAE;AAC7C,YAAA,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC;kBACtB,gBAAgB,QAAQ,CAAA,CAAA,EAAI,OAAO,CAAC,GAAG,CAAC,aAAa,CAAE;kBACvD,CAAgB,aAAA,EAAA,QAAQ,CAAE,CAAA;YAC9B,SAAS,EAAE,aAAa,CAAC,QAAQ;AAClC,SAAA,CAAC;;QAGF,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;QACxD,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC;QACjE,IAAI,OAAO,EAAE;YACX,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;;;AAI1D,QAAA,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,gBAAgB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;;QAG/D,IAAI,WAAW,EAAE;AACf,YAAA,IAAI,CAAC,QAAQ,CAAC,qBAAqB,CAAC,0BAA0B,EAAE;gBAC9D,WAAW;AACX,gBAAA,aAAa,EAAE,aAAa,CAAC,SAAS,EAAE;AACzC,aAAA,CAAC;;;QAIJ,IAAI,CAAC,UAAU,GAAG,IAAI,UAAU,CAAC,IAAI,EAAE,YAAY,EAAE;AACnD,YAAA,oBAAoB,EAAE,IAAI,CAAC,QAAQ,CAAC,WAAW;YAC/C,QAAQ;AACT,SAAA,CAAC;;QAGF,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;QAC1D,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC;QACnE,IAAI,OAAO,EAAE;YACX,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;;;AAG/D;;ACrFK,MAAO,mBAAoB,SAAQ,eAAe,CAAA;AACtD,IAAA,WAAA,CACE,KAAgB,EAChB,EAAE,GAAG,uBAAuB,EAC5B,KAA4B,EAAA;AAE5B,QAAA,MAAM,YAAY,GAAyB;AACzC,YAAA,MAAM,EAAE,aAAa;AACrB,YAAA,OAAO,EAAE,GAAG,CAAC,IAAI,CAAC,OAAO;AACzB,YAAA,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,OAAO;AAC7B,YAAA,GAAG,KAAK;SACT;AAED,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,YAAY,CAAC;;AAEjC;;ACfK,MAAO,kBAAmB,SAAQ,eAAe,CAAA;AACrD,IAAA,WAAA,CACE,KAAgB,EAChB,EAAE,GAAG,cAAc,EACnB,KAA4B,EAAA;AAE5B,QAAA,MAAM,YAAY,GAAyB;AACzC,YAAA,MAAM,EAAE,gBAAgB;AACxB,YAAA,OAAO,EAAE,GAAG,CAAC,IAAI,CAAC,UAAU;AAC5B,YAAA,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,MAAM;AAC5B,YAAA,GAAG,KAAK;SACT;AAED,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,YAAY,CAAC;;AAEjC;;ACaK,MAAO,kBACX,SAAQ,SAAS,CAAA;AAOjB,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA8B,EAAA;AACtE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;AAEhB,QAAA,MAAM,EACJ,SAAS,GAAG,CAAC,EACb,IAAI,EACJ,WAAW,GAAG,EAAE,EAChB,UAAU,GAAG,EAAE,EACf,IAAI,GAAG,IAAI,EACX,OAAO,GAAG,eAAe,EACzB,MAAM,GAAG,EAAE,EACX,YAAY,GAAG,GAAG,CAAC,MAAM,CAAC,aAAa,EACvC,UAAU,GAAG,GAAG,CAAC,MAAM,CAAC,WAAW,EACnC,gBAAgB,EAChB,4BAA4B,EAC5B,OAAO,EACP,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,WAAW,EACpC,OAAO,GAAG,EAAE,EACZ,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,EACtD,SAAS,EACT,iBAAiB,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,GACjE,GAAG,KAAK;QAET,IAAI,CAAC,KAAK,GAAG,OAAO,IAAI,KAAK,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,IAAI;;QAG1E,IAAI,CAAC,MAAM,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,OAAO,EAAE;YACzC,IAAI;AACJ,YAAA,iBAAiB,EACf,OAAO,iBAAiB,KAAK;AAC3B,kBAAE,QAAQ,CAAC,OAAO,CAAC,iBAAiB;AACpC,kBAAE,iBAAiB;AACxB,SAAA,CAAC;QACF,IAAI,OAAO,EAAE;AACX,YAAA,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC;;QAEjD,IAAI,SAAS,EAAE;AACb,YAAA,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC;;;QAIrD,MAAM,kBAAkB,GAAG,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,MAAM,CAC1D,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM;AACvB,YAAA,GAAG,GAAG;AACN,YAAA,CAAC,UAAU,GAAG,CAAA,CAAE,GAAG,MAAM,CAAC,UAAU;SACrC,CAAC,EACF,EAAE,CACH;;QAGD,MAAM,wBAAwB,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,MAAM,KAAI;AAC9D,YAAA,IAAI,MAAM,CAAC,MAAM,EAAE;gBACjB,OAAO;AACL,oBAAA,GAAG,GAAG;oBACN,CAAC,CAAA,OAAA,EAAU,MAAM,CAAC,MAAM,EAAE,GAAG,MAAM,CAAC,UAAU;iBAC/C;;AAEH,YAAA,OAAO,GAAG;SACX,EAAE,EAAE,CAAC;;QAGN,IAAI,CAAC,OAAO,GAAG,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,UAAU,EAAE;YACnD,IAAI,EAAE,IAAI,CAAC,KAAK;AAChB,YAAA,WAAW,EAAE;AACX,gBAAA,iBAAiB,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;AACvC,gBAAA,GAAG,WAAW;AACd,gBAAA,GAAG,kBAAkB;AACrB,gBAAA,GAAG,wBAAwB;AAC5B,aAAA;YACD,OAAO;YACP,MAAM;YACN,YAAY;YACZ,UAAU;YACV,gBAAgB;YAChB,4BAA4B;YAC5B,OAAO;AACP,YAAA,OAAO,EACL,OAAO,OAAO,KAAK,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO;AACpE,SAAA,CAAC;;QAGF,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,KAAI;AAC3C,YAAA,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC;AAChC,SAAC,CAAC;;AAGF,QAAA,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,KAAI;AACzB,YAAA,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC;AACtB,YAAA,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC;AAChC,SAAC,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC;QAC9C,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC;AAC3C,QAAA,IAAI,CAAC,OAAO,CAAC,cAAc,CACzB,IAAI,kBAAkB,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,EAAE;YACjD,SAAS;AACV,SAAA,CAAC,CACH;QACD,IAAI,OAAO,EAAE;AACX,YAAA,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC;;QAElD,IAAI,SAAS,EAAE;AACb,YAAA,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC;;;;AAKxD,IAAA,IAAW,KAAK,GAAA;QACd,OAAO,IAAI,CAAC,MAAM;;AAGpB,IAAA,IAAW,MAAM,GAAA;QACf,OAAO,IAAI,CAAC,OAAO;;AAGrB,IAAA,IAAW,IAAI,GAAA;QACb,OAAO,IAAI,CAAC,KAAK;;;AAInB,IAAA,IAAW,WAAW,GAAA;AACpB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW;;AAGjC,IAAA,IAAW,YAAY,GAAA;AACrB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY;;AAGlC,IAAA,IAAW,cAAc,GAAA;AACvB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc;;AAGpC,IAAA,IAAW,IAAI,GAAA;AACb,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI;;AAG1B,IAAA,IAAW,YAAY,GAAA;AACrB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY;;AAGlC,IAAA,IAAW,WAAW,GAAA;AACpB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW;;AAGjC,IAAA,IAAW,YAAY,GAAA;AACrB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY;;AAGlC,IAAA,IAAW,aAAa,GAAA;AACtB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,aAAa;;AAGnC,IAAA,IAAW,eAAe,GAAA;AACxB,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe;;AAGrC,IAAA,IAAW,0BAA0B,GAAA;AACnC,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,0BAA0B;;AAGzC,IAAA,cAAc,CAAC,MAA2B,EAAA;AAC/C,QAAA,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,MAAM,CAAC;;IAG9B,qBAAqB,CAC1B,EAAU,EACV,OAAyC,EAAA;QAEzC,OAAO,IAAI,CAAC,OAAO,CAAC,qBAAqB,CAAC,EAAE,EAAE,OAAO,CAAC;;AAGjD,IAAA,cAAc,CACnB,OAAmC,EAAA;QAEnC,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,OAAO,CAAC;;IAGtC,aAAa,CAAC,EAAU,EAAE,UAA6B,EAAA;QAC5D,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,EAAE,UAAU,CAAC;;AAGrC,IAAA,eAAe,CACpB,SAAwD,EAAA;AAExD,QAAA,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,SAAS,CAAC;;AAGlC,IAAA,oBAAoB,CAAC,OAAwC,EAAA;AAClE,QAAA,IAAI,CAAC,OAAO,CAAC,oBAAoB,CAAC,OAAO,CAAC;;AAGrC,IAAA,WAAW,CAChB,OAAiD,EAAA;QAEjD,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC;;AAGnC,IAAA,6BAA6B,CAClC,kBAAoE,EAAA;QAEpE,OAAO,IAAI,CAAC,OAAO,CAAC,6BAA6B,CAAC,kBAAkB,CAAC;;AAGhE,IAAA,cAAc,CACnB,OAAiD,EAAA;QAEjD,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,OAAO,CAAC;;IAGtC,MAAM,CACX,UAAkB,EAClB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,EAAE,KAAK,CAAC;;AAGxC,IAAA,cAAc,CACnB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,KAAK,CAAC;;AAGpC,IAAA,YAAY,CACjB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,KAAK,CAAC;;AAGlC,IAAA,iBAAiB,CACtB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC,KAAK,CAAC;;AAGvC,IAAA,eAAe,CACpB,KAA0D,EAAA;QAE1D,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC;;;AAIrC,IAAA,wBAAwB,CAAC,OAAuB,EAAA;QACrD,OAAO,IAAI,CAAC,OAAO,CAAC,wBAAwB,CAAC,OAAO,CAAC;;IAGhD,kBAAkB,CACvB,OAAuB,EACvB,OAAuB,EAAA;QAEvB,OAAO,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,OAAO,EAAE,OAAO,CAAC;;AAG1D,IAAA,IAAW,GAAG,GAAA;QACZ,OAAO;YACL,OAAO,EAAE,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,OAAO;YAC/B,MAAM,EAAE,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM;SAC9B;;AAGH,IAAA,IAAW,KAAK,GAAA;AACd,QAAA,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK;;AAGpB,IAAA,kBAAkB,CAAC,MAAqB,EAAA;AAC7C,QAAA,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,CAAC;AACvC,QAAA,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC,MAAM,CAAC;;;AAIxC,IAAA,IAAW,IAAI,GAAA;AACb,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI;;AAGzB,IAAA,IAAW,QAAQ,GAAA;AACjB,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ;;AAG7B,IAAA,IAAW,SAAS,GAAA;AAClB,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS;;AAG9B,IAAA,IAAW,QAAQ,GAAA;AACjB,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ;;AAG7B,IAAA,IAAW,mBAAmB,GAAA;AAC5B,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,mBAAmB;;AAGjC,IAAA,mBAAmB,CACxB,SAA8B,EAAA;QAE9B,OAAO,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC,SAAS,CAAC;;AAG5C,IAAA,KAAK,CAAC,OAAuB,EAAE,GAAG,OAAiB,EAAA;QACxD,OAAO,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,GAAG,OAAO,CAAC;;AAGxC,IAAA,oBAAoB,CAAC,OAAuB,EAAA;QACjD,OAAO,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,OAAO,CAAC;;AAG3C,IAAA,UAAU,CAAC,OAAuB,EAAA;QACvC,OAAO,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC;;AAGjC,IAAA,iBAAiB,CAAC,OAAuB,EAAA;QAC9C,OAAO,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,OAAO,CAAC;;;AAIxC,IAAA,mCAAmC,CACxC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,mCAAmC,CAAC,KAAK,CAAC;;AAGxD,IAAA,wCAAwC,CAC7C,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,wCAAwC,CAAC,KAAK,CAAC;;AAG7D,IAAA,2CAA2C,CAChD,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,2CAA2C,CAAC,KAAK,CAAC;;AAGhE,IAAA,wCAAwC,CAC7C,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,wCAAwC,CAAC,KAAK,CAAC;;AAG7D,IAAA,2BAA2B,CAChC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,2BAA2B,CAAC,KAAK,CAAC;;AAGhD,IAAA,6BAA6B,CAClC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,6BAA6B,CAAC,KAAK,CAAC;;AAGlD,IAAA,8BAA8B,CACnC,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,8BAA8B,CAAC,KAAK,CAAC;;AAGnD,IAAA,0BAA0B,CAC/B,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,0BAA0B,CAAC,KAAK,CAAC;;AAG/C,IAAA,qBAAqB,CAC1B,KAAgC,EAAA;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC,KAAK,CAAC;;AAElD;;ACjVD;;AAEG;IACS;AAAZ,CAAA,UAAY,iBAAiB,EAAA;AAC3B,IAAA,iBAAA,CAAA,eAAA,CAAA,GAAA,eAA+B;AAC/B,IAAA,iBAAA,CAAA,SAAA,CAAA,GAAA,SAAmB;AACnB,IAAA,iBAAA,CAAA,WAAA,CAAA,GAAA,WAAuB;AACzB,CAAC,EAJW,iBAAiB,KAAjB,iBAAiB,GAI5B,EAAA,CAAA,CAAA;AAED;;;;AAIG;AACG,MAAO,eAAgB,SAAQ,SAAS,CAAA;AAQ5C,IAAA,WAAA,CAAY,KAAgB,EAAE,EAAU,EAAE,KAA2B,EAAA;AACnE,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;QARD,IAAc,CAAA,cAAA,GAG3B,EAAqD;AAOvD,QAAA,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC,WAAW;AACpC,QAAA,IAAI,CAAC,KAAK,GAAG,KAAK;;QAGlB,IAAI,CAAC,gCAAgC,EAAE;QACvC,IAAI,CAAC,0BAA0B,EAAE;QACjC,IAAI,CAAC,4BAA4B,EAAE;;AAGnC,QAAA,IAAI,CAAC,8BAA8B,CAAC,KAAK,CAAC;;AAG5C;;;AAGG;IACK,gCAAgC,GAAA;AACtC,QAAA,MAAM,mBAAmB,GAAG;AAC1B,YAAA,OAAO,EAAE,YAAY;AACrB,YAAA,SAAS,EAAE;AACT,gBAAA;AACE,oBAAA,MAAM,EAAE,OAAO;AACf,oBAAA,MAAM,EAAE;wBACN,cAAc;wBACd,WAAW;wBACX,MAAM;wBACN,yBAAyB;AAC1B,qBAAA;AACD,oBAAA,QAAQ,EAAE,GAAG;AACd,iBAAA;AACF,aAAA;SACF;;AAGD,QAAA,MAAM,YAAY,GAAG,IAAI,CAAC,mBAAmB,CAC3C,mBAAmB,EACnB,IAAI,CAAC,KAAK,EAAE,sBAAsB,EAAE,cAAc,CACnD;QAED,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,gBAAgB,CAC5C,IAAI,EACJ,4BAA4B,EAC5B;YACE,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,IAAI,EAAE,iBAAiB,CAAC,aAAa;AACrC,YAAA,WAAW,EACT,8DAA8D;YAChE,eAAe,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE;YAChD,eAAe,EAAE,CAAC,6CAA6C,CAAC;AAChE,YAAA,YAAY,EAAE,YAAY;AAC3B,SAAA,CACF;QAED,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;QAE5D,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,aAAa,CAAC,GAAG,aAAa;;AAGtE;;;AAGG;IACK,0BAA0B,GAAA;AAChC,QAAA,MAAM,mBAAmB,GAAG;AAC1B,YAAA,OAAO,EAAE,YAAY;AACrB,YAAA,SAAS,EAAE;AACT,gBAAA;AACE,oBAAA,MAAM,EAAE,OAAO;AACf,oBAAA,MAAM,EAAE;wBACN,wBAAwB;wBACxB,wBAAwB;wBACxB,oBAAoB;wBACpB,yBAAyB;wBACzB,0BAA0B;wBAC1B,cAAc;wBACd,cAAc;wBACd,eAAe;AAChB,qBAAA;AACD,oBAAA,QAAQ,EAAE,GAAG;AACd,iBAAA;AACF,aAAA;SACF;;AAGD,QAAA,MAAM,YAAY,GAAG,IAAI,CAAC,mBAAmB,CAC3C,mBAAmB,EACnB,IAAI,CAAC,KAAK,EAAE,sBAAsB,EAAE,QAAQ,CAC7C;QAED,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,gBAAgB,CAC5C,IAAI,EACJ,sBAAsB,EACtB;YACE,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,IAAI,EAAE,iBAAiB,CAAC,OAAO;AAC/B,YAAA,WAAW,EACT,mEAAmE;YACrE,eAAe,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE;YAChD,eAAe,EAAE,CAAC,wCAAwC,CAAC;AAC3D,YAAA,YAAY,EAAE,YAAY;AAC3B,SAAA,CACF;QAED,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;QAE5D,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,OAAO,CAAC,GAAG,aAAa;;AAGhE;;;AAGG;IACK,4BAA4B,GAAA;AAClC,QAAA,MAAM,mBAAmB,GAAG;AAC1B,YAAA,OAAO,EAAE,YAAY;AACrB,YAAA,SAAS,EAAE;AACT,gBAAA;AACE,oBAAA,MAAM,EAAE,OAAO;AACf,oBAAA,MAAM,EAAE;wBACN,cAAc;wBACd,QAAQ;wBACR,UAAU;wBACV,cAAc;wBACd,YAAY;wBACZ,MAAM;wBACN,OAAO;wBACP,OAAO;wBACP,UAAU;wBACV,OAAO;wBACP,OAAO;wBACP,aAAa;AACd,qBAAA;AACD,oBAAA,QAAQ,EAAE,GAAG;AACd,iBAAA;AACD,gBAAA;AACE,oBAAA,MAAM,EAAE,MAAM;AACd,oBAAA,MAAM,EAAE;wBACN,YAAY;wBACZ,YAAY;wBACZ,cAAc;wBACd,iBAAiB;wBACjB,WAAW;AACZ,qBAAA;AACD,oBAAA,QAAQ,EAAE,GAAG;AACd,iBAAA;AACF,aAAA;SACF;;AAGD,QAAA,MAAM,YAAY,GAAG,IAAI,CAAC,mBAAmB,CAC3C,mBAAmB,EACnB,IAAI,CAAC,KAAK,EAAE,sBAAsB,EAAE,UAAU,CAC/C;QAED,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,gBAAgB,CAC5C,IAAI,EACJ,wBAAwB,EACxB;YACE,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,IAAI,EAAE,iBAAiB,CAAC,SAAS;AACjC,YAAA,WAAW,EACT,6DAA6D;YAC/D,eAAe,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE;AAChD,YAAA,eAAe,EAAE;gBACf,0DAA0D;AAC3D,aAAA;AACD,YAAA,YAAY,EAAE,YAAY;AAC3B,SAAA,CACF;QAED,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;QAE5D,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,SAAS,CAAC,GAAG,aAAa;;AAGlE;;AAEG;AACI,IAAA,gBAAgB,CAAC,IAAuB,EAAA;AAC7C,QAAA,OAAO,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC;;AAGlC;;;;;;AAMG;IACK,mBAAmB,CACzB,aAAsC,EACtC,oBAAwC,EAAA;QAExC,IAAI,CAAC,oBAAoB,IAAI,oBAAoB,CAAC,MAAM,KAAK,CAAC,EAAE;AAC9D,YAAA,OAAO,aAAa;;;AAItB,QAAA,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;;QAG9D,YAAY,CAAC,SAAS,GAAG;YACvB,GAAG,YAAY,CAAC,SAAS;AACzB,YAAA,GAAG,oBAAoB;SACxB;AAED,QAAA,OAAO,YAAY;;AAGrB;;;AAGG;AACK,IAAA,8BAA8B,CAAC,KAA2B,EAAA;;AAEhE,QAAA,IAAI,CAAC,8BAA8B,CAAC,KAAK,CAAC;;AAG1C,QAAA,IAAI,CAAC,wBAAwB,CAAC,KAAK,CAAC;;AAGpC,QAAA,IAAI,CAAC,0BAA0B,CAAC,KAAK,CAAC;;AAGxC;;AAEG;AACK,IAAA,8BAA8B,CAAC,KAA2B,EAAA;AAChE,QAAA,MAAM,kBAAkB,GAAG,KAAK,CAAC,QAAQ,CAAC,cAAc;QACxD,MAAM,0BAA0B,GAC9B,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,aAAa,CAAC;;AAGtD,QAAA,MAAM,WAAW,GAAG;AAClB,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,WAAW;AAC/B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,UAAU;AAC9B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,UAAU;AAC9B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,UAAU;AAC9B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,OAAO;AAC3B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,QAAQ;AAC5B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,KAAK;SAC1B;;QAGD,WAAW,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,KAAK,KAAI;AACvC,YAAA,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,aAAa,CACtC,IAAI,EACJ,CAAA,uBAAA,EAA0B,KAAK,CAAA,CAAE,EACjC;gBACE,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,gBAAgB,EAAE,0BAA0B,CAAC,oBAAoB;AACjE,gBAAA,WAAW,EAAE,kBAAkB;AAC/B,gBAAA,aAAa,EAAE,OAAO;AACtB,gBAAA,QAAQ,EAAE,SAAS;AACnB,gBAAA,UAAU,EAAE,aAAa;AAC1B,aAAA,CACF;YAED,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;AACzD,YAAA,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,gBAAgB,CAAC;AACpD,SAAC,CAAC;;AAGJ;;AAEG;AACK,IAAA,wBAAwB,CAAC,KAA2B,EAAA;AAC1D,QAAA,MAAM,YAAY,GAAG,KAAK,CAAC,QAAQ,CAAC,QAAQ;QAC5C,MAAM,oBAAoB,GAAG,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,OAAO,CAAC;;AAG3E,QAAA,MAAM,eAAe,GAAG;AACtB,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,WAAW;AAC/B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,UAAU;AAC9B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,OAAO;AAC3B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,KAAK;SAC1B;;QAGD,eAAe,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,KAAK,KAAI;AAC3C,YAAA,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,aAAa,CACtC,IAAI,EACJ,CAAA,iBAAA,EAAoB,KAAK,CAAA,CAAE,EAC3B;gBACE,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,gBAAgB,EAAE,oBAAoB,CAAC,oBAAoB;AAC3D,gBAAA,WAAW,EAAE,YAAY;AACzB,gBAAA,aAAa,EAAE,OAAO;AACtB,gBAAA,QAAQ,EAAE,SAAS;AACnB,gBAAA,UAAU,EAAE,aAAa;AAC1B,aAAA,CACF;YAED,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;AACzD,YAAA,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,UAAU,CAAC;AAC9C,SAAC,CAAC;;AAGJ;;AAEG;AACK,IAAA,0BAA0B,CAAC,KAA2B,EAAA;AAC5D,QAAA,MAAM,cAAc,GAAG,KAAK,CAAC,QAAQ,CAAC,UAAU;QAChD,MAAM,sBAAsB,GAC1B,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,SAAS,CAAC;;AAGlD,QAAA,MAAM,iBAAiB,GAAG;AACxB,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,WAAW;AAC/B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,OAAO;AAC3B,YAAA,GAAG,KAAK,CAAC,UAAU,CAAC,KAAK;SAC1B;;QAGD,iBAAiB,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,KAAK,KAAI;AAC7C,YAAA,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,aAAa,CACtC,IAAI,EACJ,CAAA,mBAAA,EAAsB,KAAK,CAAA,CAAE,EAC7B;gBACE,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,gBAAgB,EAAE,sBAAsB,CAAC,oBAAoB;AAC7D,gBAAA,WAAW,EAAE,cAAc;AAC3B,gBAAA,aAAa,EAAE,OAAO;AACtB,gBAAA,QAAQ,EAAE,SAAS;AACnB,gBAAA,UAAU,EAAE,aAAa;AAC1B,aAAA,CACF;YAED,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;AACzD,YAAA,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,YAAY,CAAC;AAChD,SAAC,CAAC;;AAEL;;ACraK,MAAO,2BAA4B,SAAQ,eAAe,CAAA;AAC9D,IAAA,WAAA,CACE,KAAgB,EAChB,EAAE,GAAG,iBAAiB,EACtB,KAA4B,EAAA;AAE5B,QAAA,MAAM,YAAY,GAAyB;AACzC,YAAA,MAAM,EAAE,mBAAmB;AAC3B,YAAA,OAAO,EAAE,GAAG,CAAC,IAAI,CAAC,GAAG;AACrB,YAAA,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS;AAC/B,YAAA,GAAG,KAAK;SACT;AAED,QAAA,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,YAAY,CAAC;;AAEjC;;;;"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@jaypie/constructs",
3
- "version": "1.1.19",
3
+ "version": "1.1.21",
4
4
  "description": "CDK constructs for Jaypie applications",
5
5
  "license": "MIT",
6
6
  "author": "Finlayson Studio",
@@ -46,5 +46,5 @@
46
46
  "publishConfig": {
47
47
  "access": "public"
48
48
  },
49
- "gitHead": "c9a990f384f3f54486d6ef97c5c588c2b4a6ed02"
49
+ "gitHead": "28fe9c4bc2882aa4f54f8ed4b2bddbe53486508a"
50
50
  }