@jjrawlins/cdk-diff-pr-github-action 0.0.71 → 1.0.0

package/README.md

@@ -1,17 +1,22 @@
 # cdk-diff-pr-github-action
 
-A small Projen-based helper library that wires GitHub workflows for:
+A library that provides GitHub workflows and IAM templates for:
 - Creating CloudFormation Change Sets for your CDK stacks on pull requests and commenting a formatted diff back on the PR.
 - Detecting CloudFormation drift on a schedule or manual trigger and producing a consolidated summary (optionally creating an issue).
+- Deploying IAM roles across AWS Organizations using StackSets.
 
 It also provides ready‑to‑deploy IAM templates with the minimal permissions required for each workflow.
 
-This package exposes four constructs:
+**Works with or without Projen** — The StackSet generator can be used standalone in any Node.js project.
+
+This package exposes five constructs:
 
 - `CdkDiffStackWorkflow` — Generates one GitHub Actions workflow per stack to create a change set and render the diff back to the PR and Step Summary.
 - `CdkDiffIamTemplate` — Emits a CloudFormation template file with minimal permissions for the Change Set workflow.
 - `CdkDriftDetectionWorkflow` — Generates a GitHub Actions workflow to detect CloudFormation drift per stack, upload machine‑readable results, and aggregate a summary.
 - `CdkDriftIamTemplate` — Emits a CloudFormation template file with minimal permissions for the Drift Detection workflow.
+- `CdkDiffIamTemplateStackSet` — Creates a CloudFormation StackSet template for org-wide deployment of GitHub OIDC and IAM roles (Projen integration).
+- `CdkDiffIamTemplateStackSetGenerator` — Pure generator class for StackSet templates (no Projen dependency).
 
 ## Quick start
 
@@ -102,7 +107,9 @@ If neither top‑level OIDC defaults nor all per‑stack values are supplied, th
 
 ## Usage: CdkDiffIamTemplate
 
-Emit an example IAM template you can deploy in your account for the Change Set workflow:
+Emit an example IAM template you can deploy in your account for the Change Set workflow.
+
+### With Projen
 
 ```ts
 import { awscdk } from 'projen';
@@ -124,7 +131,33 @@ new CdkDiffIamTemplate({
 project.synth();
 ```
 
-This writes `cdk-diff-workflow-iam-template.yaml` at the project root (or your chosen `outputPath`). The template defines:
+A Projen task is also added:
+
+```bash
+npx projen deploy-cdkdiff-iam-template -- --parameter-overrides GitHubOIDCRoleArn=... # plus any extra AWS CLI args
+```
+
+### Without Projen (Standalone Generator)
+
+```ts
+import { CdkDiffIamTemplateGenerator } from '@jjrawlins/cdk-diff-pr-github-action';
+import * as fs from 'fs';
+
+const template = CdkDiffIamTemplateGenerator.generateTemplate({
+  roleName: 'cdk-diff-role',
+  oidcRoleArn: 'arn:aws:iam::123456789012:role/github-oidc-role',
+  oidcRegion: 'us-east-1',
+});
+
+fs.writeFileSync('cdk-diff-iam-template.yaml', template);
+
+// Get the deploy command
+const deployCmd = CdkDiffIamTemplateGenerator.generateDeployCommand('cdk-diff-iam-template.yaml');
+console.log('Deploy with:', deployCmd);
+```
+
+### What the template defines
+
 - Parameter `GitHubOIDCRoleArn` with a default from `oidcRoleArn` — the ARN of your existing GitHub OIDC role allowed to assume the change set role.
 - IAM role `CdkChangesetRole` with minimal permissions for:
   - CloudFormation Change Set operations
@@ -132,12 +165,6 @@ This writes `cdk-diff-workflow-iam-template.yaml` at the project root (or your c
   - `iam:PassRole` to `cloudformation.amazonaws.com`
 - Outputs exporting the role name and ARN.
 
-A Projen task is also added:
-
-```bash
-npx projen deploy-cdkdiff-iam-template -- --parameter-overrides GitHubOIDCRoleArn=... # plus any extra AWS CLI args
-```
-
 Use the created role ARN as `changesetRoleToAssumeArn` in `CdkDiffStackWorkflow`.
 
 ---
@@ -276,7 +303,9 @@ Details:
 
 ## Usage: CdkDriftIamTemplate
 
-Emit an example IAM template you can deploy in your account for the Drift Detection workflow:
+Emit an example IAM template you can deploy in your account for the Drift Detection workflow.
+
+### With Projen
 
 ```ts
 import { awscdk } from 'projen';
@@ -298,17 +327,168 @@ new CdkDriftIamTemplate({
 project.synth();
 ```
 
-This writes `cdk-drift-workflow-iam-template.yaml` at the project root (or your chosen `outputPath`). The template defines:
+A Projen task is also added:
+
+```bash
+npx projen deploy-cdkdrift-iam-template -- --parameter-overrides GitHubOIDCRoleArn=... # plus any extra AWS CLI args
+```
+
+### Without Projen (Standalone Generator)
+
+```ts
+import { CdkDriftIamTemplateGenerator } from '@jjrawlins/cdk-diff-pr-github-action';
+import * as fs from 'fs';
+
+const template = CdkDriftIamTemplateGenerator.generateTemplate({
+  roleName: 'cdk-drift-role',
+  oidcRoleArn: 'arn:aws:iam::123456789012:role/github-oidc-role',
+  oidcRegion: 'us-east-1',
+});
+
+fs.writeFileSync('cdk-drift-iam-template.yaml', template);
+
+// Get the deploy command
+const deployCmd = CdkDriftIamTemplateGenerator.generateDeployCommand('cdk-drift-iam-template.yaml');
+console.log('Deploy with:', deployCmd);
+```
+
+### What the template defines
+
 - Parameter `GitHubOIDCRoleArn` with a default from `oidcRoleArn` — the ARN of your existing GitHub OIDC role allowed to assume this drift role.
 - IAM role `CdkDriftRole` with minimal permissions for CloudFormation drift detection operations.
 - Outputs exporting the role name and ARN.
 
-A Projen task is also added:
+---
+
+## Usage: CdkDiffIamTemplateStackSet (Org-Wide Deployment)
+
+`CdkDiffIamTemplateStackSet` creates a CloudFormation StackSet template for deploying GitHub OIDC provider, OIDC role, and CDK diff/drift IAM roles across an entire AWS Organization. This is the recommended approach for organizations that want to enable CDK diff/drift workflows across multiple accounts.
+
+### Architecture
+
+Each account in your organization gets:
+- **GitHub OIDC Provider** — Authenticates GitHub Actions workflows
+- **GitHubOIDCRole** — Trusts the OIDC provider with repo/branch restrictions
+- **CdkChangesetRole** — For PR change set previews (trusts GitHubOIDCRole)
+- **CdkDriftRole** — For drift detection (trusts GitHubOIDCRole)
+
+This is a self-contained deployment with **no role chaining required**.
+
+### With Projen
 
+```ts
+import { awscdk } from 'projen';
+import { CdkDiffIamTemplateStackSet } from '@jjrawlins/cdk-diff-pr-github-action';
+
+const project = new awscdk.AwsCdkConstructLibrary({ /* ... */ });
+
+new CdkDiffIamTemplateStackSet({
+  project,
+  githubOidc: {
+    owner: 'my-org',                          // GitHub org or username
+    repositories: ['infra-repo', 'app-repo'], // Repos allowed to assume roles
+    branches: ['main', 'release/*'],          // Branch patterns (default: ['*'])
+  },
+  targetOrganizationalUnitIds: ['ou-xxxx-xxxxxxxx'], // Target OUs
+  regions: ['us-east-1', 'eu-west-1'],               // Target regions
+  // Optional settings:
+  // oidcRoleName: 'GitHubOIDCRole',       // default
+  // changesetRoleName: 'CdkChangesetRole', // default
+  // driftRoleName: 'CdkDriftRole',         // default
+  // roleSelection: StackSetRoleSelection.BOTH, // BOTH, CHANGESET_ONLY, or DRIFT_ONLY
+  // delegatedAdmin: true,                  // Use --call-as DELEGATED_ADMIN (default: true)
+});
+
+project.synth();
+```
+
+This creates:
+- `cdk-diff-workflow-stackset-template.yaml` — CloudFormation template
+- Projen tasks for StackSet management
+
+**Projen tasks:**
 ```bash
-npx projen deploy-cdkdrift-iam-template -- --parameter-overrides GitHubOIDCRoleArn=... # plus any extra AWS CLI args
+npx projen stackset-create          # Create the StackSet
+npx projen stackset-update          # Update the StackSet template
+npx projen stackset-deploy-instances # Deploy to target OUs/regions
+npx projen stackset-delete-instances # Remove stack instances
+npx projen stackset-delete          # Delete the StackSet
+npx projen stackset-describe        # Show StackSet status
+npx projen stackset-list-instances  # List all instances
+```
+
+### Without Projen (Standalone Generator)
+
+For non-Projen projects, use `CdkDiffIamTemplateStackSetGenerator` directly:
+
+```ts
+import {
+  CdkDiffIamTemplateStackSetGenerator
+} from '@jjrawlins/cdk-diff-pr-github-action';
+import * as fs from 'fs';
+
+// Generate the CloudFormation template
+const template = CdkDiffIamTemplateStackSetGenerator.generateTemplate({
+  githubOidc: {
+    owner: 'my-org',
+    repositories: ['infra-repo'],
+    branches: ['main'],
+  },
+});
+
+// Write to file
+fs.writeFileSync('stackset-template.yaml', template);
+
+// Get AWS CLI commands for StackSet operations
+const commands = CdkDiffIamTemplateStackSetGenerator.generateCommands({
+  stackSetName: 'cdk-diff-workflow-iam-stackset',
+  templatePath: 'stackset-template.yaml',
+  targetOrganizationalUnitIds: ['ou-xxxx-xxxxxxxx'],
+  regions: ['us-east-1'],
+});
+
+console.log('Create StackSet:', commands['stackset-create']);
+console.log('Deploy instances:', commands['stackset-deploy-instances']);
+```
+
+### GitHub Actions Workflow (Simplified)
+
+With per-account OIDC, your workflow is simplified — no role chaining needed:
+
+```yaml
+jobs:
+  diff:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: arn:aws:iam::${{ env.ACCOUNT_ID }}:role/GitHubOIDCRole
+          aws-region: us-east-1
+
+      - name: Assume Changeset Role
+        run: |
+          CREDS=$(aws sts assume-role \
+            --role-arn arn:aws:iam::${{ env.ACCOUNT_ID }}:role/CdkChangesetRole \
+            --role-session-name changeset-session)
+          # Export credentials...
 ```
 
+### GitHubOidcConfig options
+
+| Property | Description |
+|----------|-------------|
+| `owner` | GitHub organization or username (required) |
+| `repositories` | Array of repo names, or `['*']` for all repos (required) |
+| `branches` | Array of branch patterns (default: `['*']`) |
+| `additionalClaims` | Extra OIDC claims like `['pull_request', 'environment:production']` |
+
+---
+
 ## Testing
 
 This repository includes Jest tests that snapshot the synthesized outputs from Projen and assert that:

package/lib/CdkDiffIamTemplate.d.ts

@@ -1,10 +1,43 @@
-export interface CdkDiffIamTemplateProps {
-    readonly project: any;
+/**
+ * Props for generating CDK Diff IAM templates (no Projen dependency)
+ */
+export interface CdkDiffIamTemplateGeneratorProps {
+    /** Name for the IAM role */
     readonly roleName: string;
-    readonly outputPath?: string;
+    /** ARN of the existing GitHub OIDC role that can assume this changeset role */
     readonly oidcRoleArn: string;
+    /** Region for the OIDC trust condition */
     readonly oidcRegion: string;
 }
+/**
+ * Pure generator class for CDK Diff IAM templates.
+ * No Projen dependency - can be used in any project.
+ */
+export declare class CdkDiffIamTemplateGenerator {
+    /**
+     * Generate the CloudFormation IAM template as a YAML string.
+     */
+    static generateTemplate(props: CdkDiffIamTemplateGeneratorProps): string;
+    /**
+     * Generate the AWS CLI deploy command for the IAM template.
+     */
+    static generateDeployCommand(templatePath?: string): string;
+}
+/**
+ * Props for the Projen-integrated CDK Diff IAM template construct
+ */
+export interface CdkDiffIamTemplateProps extends CdkDiffIamTemplateGeneratorProps {
+    /** Projen project instance */
+    readonly project: any;
+    /** Output path for the template file (default: 'cdk-diff-workflow-iam-template.yaml') */
+    readonly outputPath?: string;
+}
+/**
+ * Projen construct that emits a CloudFormation template with minimal IAM permissions
+ * for the CDK Diff Stack Workflow.
+ *
+ * For non-Projen projects, use `CdkDiffIamTemplateGenerator` directly.
+ */
 export declare class CdkDiffIamTemplate {
     constructor(props: CdkDiffIamTemplateProps);
 }

package/lib/CdkDiffIamTemplate.js

@@ -1,101 +1,130 @@
 "use strict";
-var _a;
+var _a, _b;
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.CdkDiffIamTemplate = void 0;
+exports.CdkDiffIamTemplate = exports.CdkDiffIamTemplateGenerator = void 0;
 const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
 const projen_1 = require("projen");
+/**
+ * Pure generator class for CDK Diff IAM templates.
+ * No Projen dependency - can be used in any project.
+ */
+class CdkDiffIamTemplateGenerator {
+    /**
+     * Generate the CloudFormation IAM template as a YAML string.
+     */
+    static generateTemplate(props) {
+        const lines = [
+            "AWSTemplateFormatVersion: '2010-09-09'",
+            "Description: 'IAM role for CDK Diff Stack Workflow construct'",
+            '',
+            'Parameters:',
+            '  GitHubOIDCRoleArn:',
+            '    Type: String',
+            "    Description: 'ARN of the existing GitHub OIDC role that can assume this changeset role'",
+            `    Default: '${props.oidcRoleArn}'`,
+            '',
+            'Resources:',
+            '  # CloudFormation ChangeSet Role - minimal permissions for changeset operations',
+            '  CdkChangesetRole:',
+            '    Type: AWS::IAM::Role',
+            '    Properties:',
+            "      RoleName: '" + props.roleName + "'",
+            '      AssumeRolePolicyDocument:',
+            "        Version: '2012-10-17'",
+            '        Statement:',
+            '          - Effect: Allow',
+            '            Principal:',
+            '              AWS: !Ref GitHubOIDCRoleArn',
+            '            Action: sts:AssumeRole',
+            '            Condition:',
+            '              StringEquals:',
+            "                aws:RequestedRegion: '" + props.oidcRegion + "'",
+            '      Policies:',
+            '        - PolicyName: CloudFormationChangeSetAccess',
+            '          PolicyDocument:',
+            "            Version: '2012-10-17'",
+            '            Statement:',
+            '              # CloudFormation changeset operations',
+            '              - Effect: Allow',
+            '                Action:',
+            '                  - cloudformation:CreateChangeSet',
+            '                  - cloudformation:DescribeChangeSet',
+            '                  - cloudformation:DeleteChangeSet',
+            '                  - cloudformation:ListChangeSets',
+            '                  - cloudformation:DescribeStacks',
+            "                Resource: '*'",
+            '              # CDK bootstrap bucket access (for changeset creation)',
+            '              - Effect: Allow',
+            '                Action:',
+            '                  - s3:GetObject',
+            '                  - s3:PutObject',
+            '                  - s3:DeleteObject',
+            '                  - s3:ListBucket',
+            '                Resource:',
+            "                  - !Sub 'arn:aws:s3:::cdk-${AWS::AccountId}-${AWS::Region}-*'",
+            "                  - !Sub 'arn:aws:s3:::cdk-${AWS::AccountId}-${AWS::Region}-*/*'",
+            '              # CDK bootstrap parameter access',
+            '              - Effect: Allow',
+            '                Action:',
+            '                  - ssm:GetParameter',
+            '                  - ssm:GetParameters',
+            '                  - ssm:GetParametersByPath',
+            "                Resource: !Sub 'arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/cdk-bootstrap/*'",
+            '              # IAM PassRole for CDK operations',
+            '              - Effect: Allow',
+            '                Action:',
+            '                  - iam:PassRole',
+            "                Resource: '*'",
+            '                Condition:',
+            '                  StringEquals:',
+            "                    'iam:PassedToService': 'cloudformation.amazonaws.com'",
+            '',
+            'Outputs:',
+            '  CdkChangesetRoleArn:',
+            "    Description: 'ARN of the CDK changeset role'",
+            '    Value: !GetAtt CdkChangesetRole.Arn',
+            '    Export:',
+            "      Name: !Sub '${AWS::StackName}-CdkChangesetRoleArn'",
+            '',
+            '  CdkChangesetRoleName:',
+            "    Description: 'Name of the CDK changeset role'",
+            '    Value: !Ref CdkChangesetRole',
+            '    Export:',
+            "      Name: !Sub '${AWS::StackName}-CdkChangesetRoleName'",
+        ];
+        return lines.join('\n');
+    }
+    /**
+     * Generate the AWS CLI deploy command for the IAM template.
+     */
+    static generateDeployCommand(templatePath = 'cdk-diff-workflow-iam-template.yaml') {
+        return `aws cloudformation deploy --template-file ${templatePath} --stack-name cdk-diff-workflow-iam-role --capabilities CAPABILITY_NAMED_IAM`;
+    }
+}
+exports.CdkDiffIamTemplateGenerator = CdkDiffIamTemplateGenerator;
+_a = JSII_RTTI_SYMBOL_1;
+CdkDiffIamTemplateGenerator[_a] = { fqn: "@jjrawlins/cdk-diff-pr-github-action.CdkDiffIamTemplateGenerator", version: "1.0.0" };
+/**
+ * Projen construct that emits a CloudFormation template with minimal IAM permissions
+ * for the CDK Diff Stack Workflow.
+ *
+ * For non-Projen projects, use `CdkDiffIamTemplateGenerator` directly.
+ */
 class CdkDiffIamTemplate {
     constructor(props) {
         const outputPath = props.outputPath ?? 'cdk-diff-workflow-iam-template.yaml';
+        // Generate template using the generator
+        const template = CdkDiffIamTemplateGenerator.generateTemplate(props);
+        new projen_1.TextFile(props.project, outputPath, { lines: template.split('\n') });
+        // Add deploy task
         props.project.addTask('deploy-cdkdiff-iam-template', {
             description: 'Deploy the CDK Diff IAM template via CloudFormation (accepts extra AWS CLI args, e.g., --parameter-overrides Key=Value...)',
             receiveArgs: true,
-            exec: `aws cloudformation deploy --template-file ${outputPath} --stack-name cdk-diff-workflow-iam-role --capabilities CAPABILITY_NAMED_IAM`,
-        });
-        new projen_1.TextFile(props.project, outputPath, {
-            lines: [
-                "AWSTemplateFormatVersion: '2010-09-09'",
-                "Description: 'IAM role for CDK Diff Stack Workflow construct'",
-                '',
-                'Parameters:',
-                '  GitHubOIDCRoleArn:',
-                '    Type: String',
-                "    Description: 'ARN of the existing GitHub OIDC role that can assume this changeset role'",
-                `    Default: '${props.oidcRoleArn}'`,
-                '',
-                'Resources:',
-                '  # CloudFormation ChangeSet Role - minimal permissions for changeset operations',
-                '  CdkChangesetRole:',
-                '    Type: AWS::IAM::Role',
-                '    Properties:',
-                "      RoleName: '" + props.roleName + "'",
-                '      AssumeRolePolicyDocument:',
-                "        Version: '2012-10-17'",
-                '        Statement:',
-                '          - Effect: Allow',
-                '            Principal:',
-                '              AWS: !Ref GitHubOIDCRoleArn',
-                '            Action: sts:AssumeRole',
-                '            Condition:',
-                '              StringEquals:',
-                "                aws:RequestedRegion: '" + props.oidcRegion + "'",
-                '      Policies:',
-                '        - PolicyName: CloudFormationChangeSetAccess',
-                '          PolicyDocument:',
-                "            Version: '2012-10-17'",
-                '            Statement:',
-                '              # CloudFormation changeset operations',
-                '              - Effect: Allow',
-                '                Action:',
-                '                  - cloudformation:CreateChangeSet',
-                '                  - cloudformation:DescribeChangeSet',
-                '                  - cloudformation:DeleteChangeSet',
-                '                  - cloudformation:ListChangeSets',
-                '                  - cloudformation:DescribeStacks',
-                "                Resource: '*'",
-                '              # CDK bootstrap bucket access (for changeset creation)',
-                '              - Effect: Allow',
-                '                Action:',
-                '                  - s3:GetObject',
-                '                  - s3:PutObject',
-                '                  - s3:DeleteObject',
-                '                  - s3:ListBucket',
-                '                Resource:',
-                "                  - !Sub 'arn:aws:s3:::cdk-${AWS::AccountId}-${AWS::Region}-*'",
-                "                  - !Sub 'arn:aws:s3:::cdk-${AWS::AccountId}-${AWS::Region}-*/*'",
-                '              # CDK bootstrap parameter access',
-                '              - Effect: Allow',
-                '                Action:',
-                '                  - ssm:GetParameter',
-                '                  - ssm:GetParameters',
-                '                  - ssm:GetParametersByPath',
-                "                Resource: !Sub 'arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/cdk-bootstrap/*'",
-                '              # IAM PassRole for CDK operations',
-                '              - Effect: Allow',
-                '                Action:',
-                '                  - iam:PassRole',
-                "                Resource: '*'",
-                '                Condition:',
-                '                  StringEquals:',
-                "                    'iam:PassedToService': 'cloudformation.amazonaws.com'",
-                '',
-                'Outputs:',
-                '  CdkChangesetRoleArn:',
-                "    Description: 'ARN of the CDK changeset role'",
-                '    Value: !GetAtt CdkChangesetRole.Arn',
-                '    Export:',
-                "      Name: !Sub '${AWS::StackName}-CdkChangesetRoleArn'",
-                '',
-                '  CdkChangesetRoleName:',
-                "    Description: 'Name of the CDK changeset role'",
-                '    Value: !Ref CdkChangesetRole',
-                '    Export:',
-                "      Name: !Sub '${AWS::StackName}-CdkChangesetRoleName'",
-            ],
+            exec: CdkDiffIamTemplateGenerator.generateDeployCommand(outputPath),
         });
     }
 }
 exports.CdkDiffIamTemplate = CdkDiffIamTemplate;
-_a = JSII_RTTI_SYMBOL_1;
-CdkDiffIamTemplate[_a] = { fqn: "@jjrawlins/cdk-diff-pr-github-action.CdkDiffIamTemplate", version: "0.0.71" };
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQ2RrRGlmZklhbVRlbXBsYXRlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL0Nka0RpZmZJYW1UZW1wbGF0ZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7OztBQUFBLG1DQUFrQztBQVVsQyxNQUFhLGtCQUFrQjtJQUM3QixZQUFZLEtBQThCO1FBQ3hDLE1BQU0sVUFBVSxHQUFHLEtBQUssQ0FBQyxVQUFVLElBQUkscUNBQXFDLENBQUM7UUFDN0UsS0FBSyxDQUFDLE9BQU8sQ0FBQyxPQUFPLENBQUMsNkJBQTZCLEVBQUU7WUFDbkQsV0FBVyxFQUFFLDRIQUE0SDtZQUN6SSxXQUFXLEVBQUUsSUFBSTtZQUNqQixJQUFJLEVBQUUsNkNBQTZDLFVBQVUsOEVBQThFO1NBQzVJLENBQUMsQ0FBQztRQUVILElBQUksaUJBQVEsQ0FBQyxLQUFLLENBQUMsT0FBTyxFQUFFLFVBQVUsRUFBRTtZQUN0QyxLQUFLLEVBQUU7Z0JBQ0wsd0NBQXdDO2dCQUN4QywrREFBK0Q7Z0JBQy9ELEVBQUU7Z0JBQ0YsYUFBYTtnQkFDYixzQkFBc0I7Z0JBQ3RCLGtCQUFrQjtnQkFDbEIsNkZBQTZGO2dCQUM3RixpQkFBaUIsS0FBSyxDQUFDLFdBQVcsR0FBRztnQkFDckMsRUFBRTtnQkFDRixZQUFZO2dCQUNaLGtGQUFrRjtnQkFDbEYscUJBQXFCO2dCQUNyQiwwQkFBMEI7Z0JBQzFCLGlCQUFpQjtnQkFDakIsbUJBQW1CLEdBQUcsS0FBSyxDQUFDLFFBQVEsR0FBRyxHQUFHO2dCQUMxQyxpQ0FBaUM7Z0JBQ2pDLCtCQUErQjtnQkFDL0Isb0JBQW9CO2dCQUNwQiwyQkFBMkI7Z0JBQzNCLHdCQUF3QjtnQkFDeEIsMkNBQTJDO2dCQUMzQyxvQ0FBb0M7Z0JBQ3BDLHdCQUF3QjtnQkFDeEIsNkJBQTZCO2dCQUM3Qix3Q0FBd0MsR0FBRyxLQUFLLENBQUMsVUFBVSxHQUFHLEdBQUc7Z0JBQ2pFLGlCQUFpQjtnQkFDakIscURBQXFEO2dCQUNyRCwyQkFBMkI7Z0JBQzNCLG1DQUFtQztnQkFDbkMsd0JBQXdCO2dCQUN4QixxREFBcUQ7Z0JBQ3JELCtCQUErQjtnQkFDL0IseUJBQXlCO2dCQUN6QixvREFBb0Q7Z0JBQ3BELHNEQUFzRDtnQkFDdEQsb0RBQW9EO2dCQUNwRCxtREFBbUQ7Z0JBQ25ELG1EQUFtRDtnQkFDbkQsK0JBQStCO2dCQUMvQixzRUFBc0U7Z0JBQ3RFLCtCQUErQjtnQkFDL0IseUJBQXlCO2dCQUN6QixrQ0FBa0M7Z0JBQ2xDLGtDQUFrQztnQkFDbEMscUNBQXFDO2dCQUNyQyxtQ0FBbUM7Z0JBQ25DLDJCQUEyQjtnQkFDM0IsZ0ZBQWdGO2dCQUNoRixrRkFBa0Y7Z0JBQ2xGLGdEQUFnRDtnQkFDaEQsK0JBQStCO2dCQUMvQix5QkFBeUI7Z0JBQ3pCLHNDQUFzQztnQkFDdEMsdUNBQXVDO2dCQUN2Qyw2Q0FBNkM7Z0JBQzdDLHlHQUF5RztnQkFDekcsaURBQWlEO2dCQUNqRCwrQkFBK0I7Z0JBQy9CLHlCQUF5QjtnQkFDekIsa0NBQWtDO2dCQUNsQywrQkFBK0I7Z0JBQy9CLDRCQUE0QjtnQkFDNUIsaUNBQWlDO2dCQUNqQywyRUFBMkU7Z0JBQzNFLEVBQUU7Z0JBQ0YsVUFBVTtnQkFDVix3QkFBd0I7Z0JBQ3hCLGtEQUFrRDtnQkFDbEQseUNBQXlDO2dCQUN6QyxhQUFhO2dCQUNiLDBEQUEwRDtnQkFDMUQsRUFBRTtnQkFDRix5QkFBeUI7Z0JBQ3pCLG1EQUFtRDtnQkFDbkQsa0NBQWtDO2dCQUNsQyxhQUFhO2dCQUNiLDJEQUEyRDthQUM1RDtTQUNGLENBQUMsQ0FBQztJQUNMLENBQUM7O0FBMUZILGdEQTJGQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IFRleHRGaWxlIH0gZnJvbSAncHJvamVuJztcblxuZXhwb3J0IGludGVyZmFjZSBDZGtEaWZmSWFtVGVtcGxhdGVQcm9wcyB7XG4gIHJlYWRvbmx5IHByb2plY3Q6IGFueTtcbiAgcmVhZG9ubHkgcm9sZU5hbWU6IHN0cmluZztcbiAgcmVhZG9ubHkgb3V0cHV0UGF0aD86IHN0cmluZztcbiAgcmVhZG9ubHkgb2lkY1JvbGVBcm46IHN0cmluZztcbiAgcmVhZG9ubHkgb2lkY1JlZ2lvbjogc3RyaW5nO1xufVxuXG5leHBvcnQgY2xhc3MgQ2RrRGlmZklhbVRlbXBsYXRlIHtcbiAgY29uc3RydWN0b3IocHJvcHM6IENka0RpZmZJYW1UZW1wbGF0ZVByb3BzKSB7XG4gICAgY29uc3Qgb3V0cHV0UGF0aCA9IHByb3BzLm91dHB1dFBhdGggPz8gJ2Nkay1kaWZmLXdvcmtmbG93LWlhbS10ZW1wbGF0ZS55YW1sJztcbiAgICBwcm9wcy5wcm9qZWN0LmFkZFRhc2soJ2RlcGxveS1jZGtkaWZmLWlhbS10ZW1wbGF0ZScsIHtcbiAgICAgIGRlc2NyaXB0aW9uOiAnRGVwbG95IHRoZSBDREsgRGlmZiBJQU0gdGVtcGxhdGUgdmlhIENsb3VkRm9ybWF0aW9uIChhY2NlcHRzIGV4dHJhIEFXUyBDTEkgYXJncywgZS5nLiwgLS1wYXJhbWV0ZXItb3ZlcnJpZGVzIEtleT1WYWx1ZS4uLiknLFxuICAgICAgcmVjZWl2ZUFyZ3M6IHRydWUsXG4gICAgICBleGVjOiBgYXdzIGNsb3VkZm9ybWF0aW9uIGRlcGxveSAtLXRlbXBsYXRlLWZpbGUgJHtvdXRwdXRQYXRofSAtLXN0YWNrLW5hbWUgY2RrLWRpZmYtd29ya2Zsb3ctaWFtLXJvbGUgLS1jYXBhYmlsaXRpZXMgQ0FQQUJJTElUWV9OQU1FRF9JQU1gLFxuICAgIH0pO1xuXG4gICAgbmV3IFRleHRGaWxlKHByb3BzLnByb2plY3QsIG91dHB1dFBhdGgsIHtcbiAgICAgIGxpbmVzOiBbXG4gICAgICAgIFwiQVdTVGVtcGxhdGVGb3JtYXRWZXJzaW9uOiAnMjAxMC0wOS0wOSdcIixcbiAgICAgICAgXCJEZXNjcmlwdGlvbjogJ0lBTSByb2xlIGZvciBDREsgRGlmZiBTdGFjayBXb3JrZmxvdyBjb25zdHJ1Y3QnXCIsXG4gICAgICAgICcnLFxuICAgICAgICAnUGFyYW1ldGVyczonLFxuICAgICAgICAnICBHaXRIdWJPSURDUm9sZUFybjonLFxuICAgICAgICAnICAgIFR5cGU6IFN0cmluZycsXG4gICAgICAgIFwiICAgIERlc2NyaXB0aW9uOiAnQVJOIG9mIHRoZSBleGlzdGluZyBHaXRIdWIgT0lEQyByb2xlIHRoYXQgY2FuIGFzc3VtZSB0aGlzIGNoYW5nZXNldCByb2xlJ1wiLFxuICAgICAgICBgICAgIERlZmF1bHQ6ICcke3Byb3BzLm9pZGNSb2xlQXJufSdgLFxuICAgICAgICAnJyxcbiAgICAgICAgJ1Jlc291cmNlczonLFxuICAgICAgICAnICAjIENsb3VkRm9ybWF0aW9uIENoYW5nZVNldCBSb2xlIC0gbWluaW1hbCBwZXJtaXNzaW9ucyBmb3IgY2hhbmdlc2V0IG9wZXJhdGlvbnMnLFxuICAgICAgICAnICBDZGtDaGFuZ2VzZXRSb2xlOicsXG4gICAgICAgICcgICAgVHlwZTogQVdTOjpJQU06OlJvbGUnLFxuICAgICAgICAnICAgIFByb3BlcnRpZXM6JyxcbiAgICAgICAgXCIgICAgICBSb2xlTmFtZTogJ1wiICsgcHJvcHMucm9sZU5hbWUgKyBcIidcIixcbiAgICAgICAgJyAgICAgIEFzc3VtZVJvbGVQb2xpY3lEb2N1bWVudDonLFxuICAgICAgICBcIiAgICAgICAgVmVyc2lvbjogJzIwMTItMTAtMTcnXCIsXG4gICAgICAgICcgICAgICAgIFN0YXRlbWVudDonLFxuICAgICAgICAnICAgICAgICAgIC0gRWZmZWN0OiBBbGxvdycsXG4gICAgICAgICcgICAgICAgICAgICBQcmluY2lwYWw6JyxcbiAgICAgICAgJyAgICAgICAgICAgICAgQVdTOiAhUmVmIEdpdEh1Yk9JRENSb2xlQXJuJyxcbiAgICAgICAgJyAgICAgICAgICAgIEFjdGlvbjogc3RzOkFzc3VtZVJvbGUnLFxuICAgICAgICAnICAgICAgICAgICAgQ29uZGl0aW9uOicsXG4gICAgICAgICcgICAgICAgICAgICAgIFN0cmluZ0VxdWFsczonLFxuICAgICAgICBcIiAgICAgICAgICAgICAgICBhd3M6UmVxdWVzdGVkUmVnaW9uOiAnXCIgKyBwcm9wcy5vaWRjUmVnaW9uICsgXCInXCIsXG4gICAgICAgICcgICAgICBQb2xpY2llczonLFxuICAgICAgICAnICAgICAgICAtIFBvbGljeU5hbWU6IENsb3VkRm9ybWF0aW9uQ2hhbmdlU2V0QWNjZXNzJyxcbiAgICAgICAgJyAgICAgICAgICBQb2xpY3lEb2N1bWVudDonLFxuICAgICAgICBcIiAgICAgICAgICAgIFZlcnNpb246ICcyMDEyLTEwLTE3J1wiLFxuICAgICAgICAnICAgICAgICAgICAgU3RhdGVtZW50OicsXG4gICAgICAgICcgICAgICAgICAgICAgICMgQ2xvdWRGb3JtYXRpb24gY2hhbmdlc2V0IG9wZXJhdGlvbnMnLFxuICAgICAgICAnICAgICAgICAgICAgICAtIEVmZmVjdDogQWxsb3cnLFxuICAgICAgICAnICAgICAgICAgICAgICAgIEFjdGlvbjonLFxuICAgICAgICAnICAgICAgICAgICAgICAgICAgLSBjbG91ZGZvcm1hdGlvbjpDcmVhdGVDaGFuZ2VTZXQnLFxuICAgICAgICAnICAgICAgICAgICAgICAgICAgLSBjbG91ZGZvcm1hdGlvbjpEZXNjcmliZUNoYW5nZVNldCcsXG4gICAgICAgICcgICAgICAgICAgICAgICAgICAtIGNsb3VkZm9ybWF0aW9uOkRlbGV0ZUNoYW5nZVNldCcsXG4gICAgICAgICcgICAgICAgICAgICAgICAgICAtIGNsb3VkZm9ybWF0aW9uOkxpc3RDaGFuZ2VTZXRzJyxcbiAgICAgICAgJyAgICAgICAgICAgICAgICAgIC0gY2xvdWRmb3JtYXRpb246RGVzY3JpYmVTdGFja3MnLFxuICAgICAgICBcIiAgICAgICAgICAgICAgICBSZXNvdXJjZTogJyonXCIsXG4gICAgICAgICcgICAgICAgICAgICAgICMgQ0RLIGJvb3RzdHJhcCBidWNrZXQgYWNjZXNzIChmb3IgY2hhbmdlc2V0IGNyZWF0aW9uKScsXG4gICAgICAgICcgICAgICAgICAgICAgIC0gRWZmZWN0OiBBbGxvdycsXG4gICAgICAgICcgICAgICAgICAgICAgICAgQWN0aW9uOicsXG4gICAgICAgICcgICAgICAgICAgICAgICAgICAtIHMzOkdldE9iamVjdCcsXG4gICAgICAgICcgICAgICAgICAgICAgICAgICAtIHMzOlB1dE9iamVjdCcsXG4gICAgICAgICcgICAgICAgICAgICAgICAgICAtIHMzOkRlbGV0ZU9iamVjdCcsXG4gICAgICAgICcgICAgICAgICAgICAgICAgICAtIHMzOkxpc3RCdWNrZXQnLFxuICAgICAgICAnICAgICAgICAgICAgICAgIFJlc291cmNlOicsXG4gICAgICAgIFwiICAgICAgICAgICAgICAgICAgLSAhU3ViICdhcm46YXdzOnMzOjo6Y2RrLSR7QVdTOjpBY2NvdW50SWR9LSR7QVdTOjpSZWdpb259LSonXCIsXG4gICAgICAgIFwiICAgICAgICAgICAgICAgICAgLSAhU3ViICdhcm46YXdzOnMzOjo6Y2RrLSR7QVdTOjpBY2NvdW50SWR9LSR7QVdTOjpSZWdpb259LSovKidcIixcbiAgICAgICAgJyAgICAgICAgICAgICAgIyBDREsgYm9vdHN0cmFwIHBhcmFtZXRlciBhY2Nlc3MnLFxuICAgICAgICAnICAgICAgICAgICAgICAtIEVmZmVjdDogQWxsb3cnLFxuICAgICAgICAnICAgICAgICAgICAgICAgIEFjdGlvbjonLFxuICAgICAgICAnICAgICAgICAgICAgICAgICAgLSBzc206R2V0UGFyYW1ldGVyJyxcbiAgICAgICAgJyAgICAgICAgICAgICAgICAgIC0gc3NtOkdldFBhcmFtZXRlcnMnLFxuICAgICAgICAnICAgICAgICAgICAgICAgICAgLSBzc206R2V0UGFyYW1ldGVyc0J5UGF0aCcsXG4gICAgICAgIFwiICAgICAgICAgICAgICAgIFJlc291cmNlOiAhU3ViICdhcm46YXdzOnNzbToke0FXUzo6UmVnaW9ufToke0FXUzo6QWNjb3VudElkfTpwYXJhbWV0ZXIvY2RrLWJvb3RzdHJhcC8qJ1wiLFxuICAgICAgICAnICAgICAgICAgICAgICAjIElBTSBQYXNzUm9sZSBmb3IgQ0RLIG9wZXJhdGlvbnMnLFxuICAgICAgICAnICAgICAgICAgICAgICAtIEVmZmVjdDogQWxsb3cnLFxuICAgICAgICAnICAgICAgICAgICAgICAgIEFjdGlvbjonLFxuICAgICAgICAnICAgICAgICAgICAgICAgICAgLSBpYW06UGFzc1JvbGUnLFxuICAgICAgICBcIiAgICAgICAgICAgICAgICBSZXNvdXJjZTogJyonXCIsXG4gICAgICAgICcgICAgICAgICAgICAgICAgQ29uZGl0aW9uOicsXG4gICAgICAgICcgICAgICAgICAgICAgICAgICBTdHJpbmdFcXVhbHM6JyxcbiAgICAgICAgXCIgICAgICAgICAgICAgICAgICAgICdpYW06UGFzc2VkVG9TZXJ2aWNlJzogJ2Nsb3VkZm9ybWF0aW9uLmFtYXpvbmF3cy5jb20nXCIsXG4gICAgICAgICcnLFxuICAgICAgICAnT3V0cHV0czonLFxuICAgICAgICAnICBDZGtDaGFuZ2VzZXRSb2xlQXJuOicsXG4gICAgICAgIFwiICAgIERlc2NyaXB0aW9uOiAnQVJOIG9mIHRoZSBDREsgY2hhbmdlc2V0IHJvbGUnXCIsXG4gICAgICAgICcgICAgVmFsdWU6ICFHZXRBdHQgQ2RrQ2hhbmdlc2V0Um9sZS5Bcm4nLFxuICAgICAgICAnICAgIEV4cG9ydDonLFxuICAgICAgICBcIiAgICAgIE5hbWU6ICFTdWIgJyR7QVdTOjpTdGFja05hbWV9LUNka0NoYW5nZXNldFJvbGVBcm4nXCIsXG4gICAgICAgICcnLFxuICAgICAgICAnICBDZGtDaGFuZ2VzZXRSb2xlTmFtZTonLFxuICAgICAgICBcIiAgICBEZXNjcmlwdGlvbjogJ05hbWUgb2YgdGhlIENESyBjaGFuZ2VzZXQgcm9sZSdcIixcbiAgICAgICAgJyAgICBWYWx1ZTogIVJlZiBDZGtDaGFuZ2VzZXRSb2xlJyxcbiAgICAgICAgJyAgICBFeHBvcnQ6JyxcbiAgICAgICAgXCIgICAgICBOYW1lOiAhU3ViICcke0FXUzo6U3RhY2tOYW1lfS1DZGtDaGFuZ2VzZXRSb2xlTmFtZSdcIixcbiAgICAgIF0sXG4gICAgfSk7XG4gIH1cbn1cbiJdfQ==
+_b = JSII_RTTI_SYMBOL_1;
+CdkDiffIamTemplate[_b] = { fqn: "@jjrawlins/cdk-diff-pr-github-action.CdkDiffIamTemplate", version: "1.0.0" };
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQ2RrRGlmZklhbVRlbXBsYXRlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL0Nka0RpZmZJYW1UZW1wbGF0ZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7OztBQUFBLG1DQUFrQztBQWNsQzs7O0dBR0c7QUFDSCxNQUFhLDJCQUEyQjtJQUN0Qzs7T0FFRztJQUNILE1BQU0sQ0FBQyxnQkFBZ0IsQ0FBQyxLQUF1QztRQUM3RCxNQUFNLEtBQUssR0FBRztZQUNaLHdDQUF3QztZQUN4QywrREFBK0Q7WUFDL0QsRUFBRTtZQUNGLGFBQWE7WUFDYixzQkFBc0I7WUFDdEIsa0JBQWtCO1lBQ2xCLDZGQUE2RjtZQUM3RixpQkFBaUIsS0FBSyxDQUFDLFdBQVcsR0FBRztZQUNyQyxFQUFFO1lBQ0YsWUFBWTtZQUNaLGtGQUFrRjtZQUNsRixxQkFBcUI7WUFDckIsMEJBQTBCO1lBQzFCLGlCQUFpQjtZQUNqQixtQkFBbUIsR0FBRyxLQUFLLENBQUMsUUFBUSxHQUFHLEdBQUc7WUFDMUMsaUNBQWlDO1lBQ2pDLCtCQUErQjtZQUMvQixvQkFBb0I7WUFDcEIsMkJBQTJCO1lBQzNCLHdCQUF3QjtZQUN4QiwyQ0FBMkM7WUFDM0Msb0NBQW9DO1lBQ3BDLHdCQUF3QjtZQUN4Qiw2QkFBNkI7WUFDN0Isd0NBQXdDLEdBQUcsS0FBSyxDQUFDLFVBQVUsR0FBRyxHQUFHO1lBQ2pFLGlCQUFpQjtZQUNqQixxREFBcUQ7WUFDckQsMkJBQTJCO1lBQzNCLG1DQUFtQztZQUNuQyx3QkFBd0I7WUFDeEIscURBQXFEO1lBQ3JELCtCQUErQjtZQUMvQix5QkFBeUI7WUFDekIsb0RBQW9EO1lBQ3BELHNEQUFzRDtZQUN0RCxvREFBb0Q7WUFDcEQsbURBQW1EO1lBQ25ELG1EQUFtRDtZQUNuRCwrQkFBK0I7WUFDL0Isc0VBQXNFO1lBQ3RFLCtCQUErQjtZQUMvQix5QkFBeUI7WUFDekIsa0NBQWtDO1lBQ2xDLGtDQUFrQztZQUNsQyxxQ0FBcUM7WUFDckMsbUNBQW1DO1lBQ25DLDJCQUEyQjtZQUMzQixnRkFBZ0Y7WUFDaEYsa0ZBQWtGO1lBQ2xGLGdEQUFnRDtZQUNoRCwrQkFBK0I7WUFDL0IseUJBQXlCO1lBQ3pCLHNDQUFzQztZQUN0Qyx1Q0FBdUM7WUFDdkMsNkNBQTZDO1lBQzdDLHlHQUF5RztZQUN6RyxpREFBaUQ7WUFDakQsK0JBQStCO1lBQy9CLHlCQUF5QjtZQUN6QixrQ0FBa0M7WUFDbEMsK0JBQStCO1lBQy9CLDRCQUE0QjtZQUM1QixpQ0FBaUM7WUFDakMsMkVBQTJFO1lBQzNFLEVBQUU7WUFDRixVQUFVO1lBQ1Ysd0JBQXdCO1lBQ3hCLGtEQUFrRDtZQUNsRCx5Q0FBeUM7WUFDekMsYUFBYTtZQUNiLDBEQUEwRDtZQUMxRCxFQUFFO1lBQ0YseUJBQXlCO1lBQ3pCLG1EQUFtRDtZQUNuRCxrQ0FBa0M7WUFDbEMsYUFBYTtZQUNiLDJEQUEyRDtTQUM1RCxDQUFDO1FBRUYsT0FBTyxLQUFLLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDO0lBQzFCLENBQUM7SUFFRDs7T0FFRztJQUNILE1BQU0sQ0FBQyxxQkFBcUIsQ0FBQyxlQUF1QixxQ0FBcUM7UUFDdkYsT0FBTyw2Q0FBNkMsWUFBWSw4RUFBOEUsQ0FBQztJQUNqSixDQUFDOztBQTdGSCxrRUE4RkM7OztBQVlEOzs7OztHQUtHO0FBQ0gsTUFBYSxrQkFBa0I7SUFDN0IsWUFBWSxLQUE4QjtRQUN4QyxNQUFNLFVBQVUsR0FBRyxLQUFLLENBQUMsVUFBVSxJQUFJLHFDQUFxQyxDQUFDO1FBRTdFLHdDQUF3QztRQUN4QyxNQUFNLFFBQVEsR0FBRywyQkFBMkIsQ0FBQyxnQkFBZ0IsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUNyRSxJQUFJLGlCQUFRLENBQUMsS0FBSyxDQUFDLE9BQU8sRUFBRSxVQUFVLEVBQUUsRUFBRSxLQUFLLEVBQUUsUUFBUSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLENBQUM7UUFFekUsa0JBQWtCO1FBQ2xCLEtBQUssQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLDZCQUE2QixFQUFFO1lBQ25ELFdBQVcsRUFDVCw0SEFBNEg7WUFDOUgsV0FBVyxFQUFFLElBQUk7WUFDakIsSUFBSSxFQUFFLDJCQUEyQixDQUFDLHFCQUFxQixDQUFDLFVBQVUsQ0FBQztTQUNwRSxDQUFDLENBQUM7SUFDTCxDQUFDOztBQWZILGdEQWdCQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IFRleHRGaWxlIH0gZnJvbSAncHJvamVuJztcblxuLyoqXG4gKiBQcm9wcyBmb3IgZ2VuZXJhdGluZyBDREsgRGlmZiBJQU0gdGVtcGxhdGVzIChubyBQcm9qZW4gZGVwZW5kZW5jeSlcbiAqL1xuZXhwb3J0IGludGVyZmFjZSBDZGtEaWZmSWFtVGVtcGxhdGVHZW5lcmF0b3JQcm9wcyB7XG4gIC8qKiBOYW1lIGZvciB0aGUgSUFNIHJvbGUgKi9cbiAgcmVhZG9ubHkgcm9sZU5hbWU6IHN0cmluZztcbiAgLyoqIEFSTiBvZiB0aGUgZXhpc3RpbmcgR2l0SHViIE9JREMgcm9sZSB0aGF0IGNhbiBhc3N1bWUgdGhpcyBjaGFuZ2VzZXQgcm9sZSAqL1xuICByZWFkb25seSBvaWRjUm9sZUFybjogc3RyaW5nO1xuICAvKiogUmVnaW9uIGZvciB0aGUgT0lEQyB0cnVzdCBjb25kaXRpb24gKi9cbiAgcmVhZG9ubHkgb2lkY1JlZ2lvbjogc3RyaW5nO1xufVxuXG4vKipcbiAqIFB1cmUgZ2VuZXJhdG9yIGNsYXNzIGZvciBDREsgRGlmZiBJQU0gdGVtcGxhdGVzLlxuICogTm8gUHJvamVuIGRlcGVuZGVuY3kgLSBjYW4gYmUgdXNlZCBpbiBhbnkgcHJvamVjdC5cbiAqL1xuZXhwb3J0IGNsYXNzIENka0RpZmZJYW1UZW1wbGF0ZUdlbmVyYXRvciB7XG4gIC8qKlxuICAgKiBHZW5lcmF0ZSB0aGUgQ2xvdWRGb3JtYXRpb24gSUFNIHRlbXBsYXRlIGFzIGEgWUFNTCBzdHJpbmcuXG4gICAqL1xuICBzdGF0aWMgZ2VuZXJhdGVUZW1wbGF0ZShwcm9wczogQ2RrRGlmZklhbVRlbXBsYXRlR2VuZXJhdG9yUHJvcHMpOiBzdHJpbmcge1xuICAgIGNvbnN0IGxpbmVzID0gW1xuICAgICAgXCJBV1NUZW1wbGF0ZUZvcm1hdFZlcnNpb246ICcyMDEwLTA5LTA5J1wiLFxuICAgICAgXCJEZXNjcmlwdGlvbjogJ0lBTSByb2xlIGZvciBDREsgRGlmZiBTdGFjayBXb3JrZmxvdyBjb25zdHJ1Y3QnXCIsXG4gICAgICAnJyxcbiAgICAgICdQYXJhbWV0ZXJzOicsXG4gICAgICAnICBHaXRIdWJPSURDUm9sZUFybjonLFxuICAgICAgJyAgICBUeXBlOiBTdHJpbmcnLFxuICAgICAgXCIgICAgRGVzY3JpcHRpb246ICdBUk4gb2YgdGhlIGV4aXN0aW5nIEdpdEh1YiBPSURDIHJvbGUgdGhhdCBjYW4gYXNzdW1lIHRoaXMgY2hhbmdlc2V0IHJvbGUnXCIsXG4gICAgICBgICAgIERlZmF1bHQ6ICcke3Byb3BzLm9pZGNSb2xlQXJufSdgLFxuICAgICAgJycsXG4gICAgICAnUmVzb3VyY2VzOicsXG4gICAgICAnICAjIENsb3VkRm9ybWF0aW9uIENoYW5nZVNldCBSb2xlIC0gbWluaW1hbCBwZXJtaXNzaW9ucyBmb3IgY2hhbmdlc2V0IG9wZXJhdGlvbnMnLFxuICAgICAgJyAgQ2RrQ2hhbmdlc2V0Um9sZTonLFxuICAgICAgJyAgICBUeXBlOiBBV1M6OklBTTo6Um9sZScsXG4gICAgICAnICAgIFByb3BlcnRpZXM6JyxcbiAgICAgIFwiICAgICAgUm9sZU5hbWU6ICdcIiArIHByb3BzLnJvbGVOYW1lICsgXCInXCIsXG4gICAgICAnICAgICAgQXNzdW1lUm9sZVBvbGljeURvY3VtZW50OicsXG4gICAgICBcIiAgICAgICAgVmVyc2lvbjogJzIwMTItMTAtMTcnXCIsXG4gICAgICAnICAgICAgICBTdGF0ZW1lbnQ6JyxcbiAgICAgICcgICAgICAgICAgLSBFZmZlY3Q6IEFsbG93JyxcbiAgICAgICcgICAgICAgICAgICBQcmluY2lwYWw6JyxcbiAgICAgICcgICAgICAgICAgICAgIEFXUzogIVJlZiBHaXRIdWJPSURDUm9sZUFybicsXG4gICAgICAnICAgICAgICAgICAgQWN0aW9uOiBzdHM6QXNzdW1lUm9sZScsXG4gICAgICAnICAgICAgICAgICAgQ29uZGl0aW9uOicsXG4gICAgICAnICAgICAgICAgICAgICBTdHJpbmdFcXVhbHM6JyxcbiAgICAgIFwiICAgICAgICAgICAgICAgIGF3czpSZXF1ZXN0ZWRSZWdpb246ICdcIiArIHByb3BzLm9pZGNSZWdpb24gKyBcIidcIixcbiAgICAgICcgICAgICBQb2xpY2llczonLFxuICAgICAgJyAgICAgICAgLSBQb2xpY3lOYW1lOiBDbG91ZEZvcm1hdGlvbkNoYW5nZVNldEFjY2VzcycsXG4gICAgICAnICAgICAgICAgIFBvbGljeURvY3VtZW50OicsXG4gICAgICBcIiAgICAgICAgICAgIFZlcnNpb246ICcyMDEyLTEwLTE3J1wiLFxuICAgICAgJyAgICAgICAgICAgIFN0YXRlbWVudDonLFxuICAgICAgJyAgICAgICAgICAgICAgIyBDbG91ZEZvcm1hdGlvbiBjaGFuZ2VzZXQgb3BlcmF0aW9ucycsXG4gICAgICAnICAgICAgICAgICAgICAtIEVmZmVjdDogQWxsb3cnLFxuICAgICAgJyAgICAgICAgICAgICAgICBBY3Rpb246JyxcbiAgICAgICcgICAgICAgICAgICAgICAgICAtIGNsb3VkZm9ybWF0aW9uOkNyZWF0ZUNoYW5nZVNldCcsXG4gICAgICAnICAgICAgICAgICAgICAgICAgLSBjbG91ZGZvcm1hdGlvbjpEZXNjcmliZUNoYW5nZVNldCcsXG4gICAgICAnICAgICAgICAgICAgICAgICAgLSBjbG91ZGZvcm1hdGlvbjpEZWxldGVDaGFuZ2VTZXQnLFxuICAgICAgJyAgICAgICAgICAgICAgICAgIC0gY2xvdWRmb3JtYXRpb246TGlzdENoYW5nZVNldHMnLFxuICAgICAgJyAgICAgICAgICAgICAgICAgIC0gY2xvdWRmb3JtYXRpb246RGVzY3JpYmVTdGFja3MnLFxuICAgICAgXCIgICAgICAgICAgICAgICAgUmVzb3VyY2U6ICcqJ1wiLFxuICAgICAgJyAgICAgICAgICAgICAgIyBDREsgYm9vdHN0cmFwIGJ1Y2tldCBhY2Nlc3MgKGZvciBjaGFuZ2VzZXQgY3JlYXRpb24pJyxcbiAgICAgICcgICAgICAgICAgICAgIC0gRWZmZWN0OiBBbGxvdycsXG4gICAgICAnICAgICAgICAgICAgICAgIEFjdGlvbjonLFxuICAgICAgJyAgICAgICAgICAgICAgICAgIC0gczM6R2V0T2JqZWN0JyxcbiAgICAgICcgICAgICAgICAgICAgICAgICAtIHMzOlB1dE9iamVjdCcsXG4gICAgICAnICAgICAgICAgICAgICAgICAgLSBzMzpEZWxldGVPYmplY3QnLFxuICAgICAgJyAgICAgICAgICAgICAgICAgIC0gczM6TGlzdEJ1Y2tldCcsXG4gICAgICAnICAgICAgICAgICAgICAgIFJlc291cmNlOicsXG4gICAgICBcIiAgICAgICAgICAgICAgICAgIC0gIVN1YiAnYXJuOmF3czpzMzo6OmNkay0ke0FXUzo6QWNjb3VudElkfS0ke0FXUzo6UmVnaW9ufS0qJ1wiLFxuICAgICAgXCIgICAgICAgICAgICAgICAgICAtICFTdWIgJ2Fybjphd3M6czM6OjpjZGstJHtBV1M6OkFjY291bnRJZH0tJHtBV1M6OlJlZ2lvbn0tKi8qJ1wiLFxuICAgICAgJyAgICAgICAgICAgICAgIyBDREsgYm9vdHN0cmFwIHBhcmFtZXRlciBhY2Nlc3MnLFxuICAgICAgJyAgICAgICAgICAgICAgLSBFZmZlY3Q6IEFsbG93JyxcbiAgICAgICcgICAgICAgICAgICAgICAgQWN0aW9uOicsXG4gICAgICAnICAgICAgICAgICAgICAgICAgLSBzc206R2V0UGFyYW1ldGVyJyxcbiAgICAgICcgICAgICAgICAgICAgICAgICAtIHNzbTpHZXRQYXJhbWV0ZXJzJyxcbiAgICAgICcgICAgICAgICAgICAgICAgICAtIHNzbTpHZXRQYXJhbWV0ZXJzQnlQYXRoJyxcbiAgICAgIFwiICAgICAgICAgICAgICAgIFJlc291cmNlOiAhU3ViICdhcm46YXdzOnNzbToke0FXUzo6UmVnaW9ufToke0FXUzo6QWNjb3VudElkfTpwYXJhbWV0ZXIvY2RrLWJvb3RzdHJhcC8qJ1wiLFxuICAgICAgJyAgICAgICAgICAgICAgIyBJQU0gUGFzc1JvbGUgZm9yIENESyBvcGVyYXRpb25zJyxcbiAgICAgICcgICAgICAgICAgICAgIC0gRWZmZWN0OiBBbGxvdycsXG4gICAgICAnICAgICAgICAgICAgICAgIEFjdGlvbjonLFxuICAgICAgJyAgICAgICAgICAgICAgICAgIC0gaWFtOlBhc3NSb2xlJyxcbiAgICAgIFwiICAgICAgICAgICAgICAgIFJlc291cmNlOiAnKidcIixcbiAgICAgICcgICAgICAgICAgICAgICAgQ29uZGl0aW9uOicsXG4gICAgICAnICAgICAgICAgICAgICAgICAgU3RyaW5nRXF1YWxzOicsXG4gICAgICBcIiAgICAgICAgICAgICAgICAgICAgJ2lhbTpQYXNzZWRUb1NlcnZpY2UnOiAnY2xvdWRmb3JtYXRpb24uYW1hem9uYXdzLmNvbSdcIixcbiAgICAgICcnLFxuICAgICAgJ091dHB1dHM6JyxcbiAgICAgICcgIENka0NoYW5nZXNldFJvbGVBcm46JyxcbiAgICAgIFwiICAgIERlc2NyaXB0aW9uOiAnQVJOIG9mIHRoZSBDREsgY2hhbmdlc2V0IHJvbGUnXCIsXG4gICAgICAnICAgIFZhbHVlOiAhR2V0QXR0IENka0NoYW5nZXNldFJvbGUuQXJuJyxcbiAgICAgICcgICAgRXhwb3J0OicsXG4gICAgICBcIiAgICAgIE5hbWU6ICFTdWIgJyR7QVdTOjpTdGFja05hbWV9LUNka0NoYW5nZXNldFJvbGVBcm4nXCIsXG4gICAgICAnJyxcbiAgICAgICcgIENka0NoYW5nZXNldFJvbGVOYW1lOicsXG4gICAgICBcIiAgICBEZXNjcmlwdGlvbjogJ05hbWUgb2YgdGhlIENESyBjaGFuZ2VzZXQgcm9sZSdcIixcbiAgICAgICcgICAgVmFsdWU6ICFSZWYgQ2RrQ2hhbmdlc2V0Um9sZScsXG4gICAgICAnICAgIEV4cG9ydDonLFxuICAgICAgXCIgICAgICBOYW1lOiAhU3ViICcke0FXUzo6U3RhY2tOYW1lfS1DZGtDaGFuZ2VzZXRSb2xlTmFtZSdcIixcbiAgICBdO1xuXG4gICAgcmV0dXJuIGxpbmVzLmpvaW4oJ1xcbicpO1xuICB9XG5cbiAgLyoqXG4gICAqIEdlbmVyYXRlIHRoZSBBV1MgQ0xJIGRlcGxveSBjb21tYW5kIGZvciB0aGUgSUFNIHRlbXBsYXRlLlxuICAgKi9cbiAgc3RhdGljIGdlbmVyYXRlRGVwbG95Q29tbWFuZCh0ZW1wbGF0ZVBhdGg6IHN0cmluZyA9ICdjZGstZGlmZi13b3JrZmxvdy1pYW0tdGVtcGxhdGUueWFtbCcpOiBzdHJpbmcge1xuICAgIHJldHVybiBgYXdzIGNsb3VkZm9ybWF0aW9uIGRlcGxveSAtLXRlbXBsYXRlLWZpbGUgJHt0ZW1wbGF0ZVBhdGh9IC0tc3RhY2stbmFtZSBjZGstZGlmZi13b3JrZmxvdy1pYW0tcm9sZSAtLWNhcGFiaWxpdGllcyBDQVBBQklMSVRZX05BTUVEX0lBTWA7XG4gIH1cbn1cblxuLyoqXG4gKiBQcm9wcyBmb3IgdGhlIFByb2plbi1pbnRlZ3JhdGVkIENESyBEaWZmIElBTSB0ZW1wbGF0ZSBjb25zdHJ1Y3RcbiAqL1xuZXhwb3J0IGludGVyZmFjZSBDZGtEaWZmSWFtVGVtcGxhdGVQcm9wcyBleHRlbmRzIENka0RpZmZJYW1UZW1wbGF0ZUdlbmVyYXRvclByb3BzIHtcbiAgLyoqIFByb2plbiBwcm9qZWN0IGluc3RhbmNlICovXG4gIHJlYWRvbmx5IHByb2plY3Q6IGFueTtcbiAgLyoqIE91dHB1dCBwYXRoIGZvciB0aGUgdGVtcGxhdGUgZmlsZSAoZGVmYXVsdDogJ2Nkay1kaWZmLXdvcmtmbG93LWlhbS10ZW1wbGF0ZS55YW1sJykgKi9cbiAgcmVhZG9ubHkgb3V0cHV0UGF0aD86IHN0cmluZztcbn1cblxuLyoqXG4gKiBQcm9qZW4gY29uc3RydWN0IHRoYXQgZW1pdHMgYSBDbG91ZEZvcm1hdGlvbiB0ZW1wbGF0ZSB3aXRoIG1pbmltYWwgSUFNIHBlcm1pc3Npb25zXG4gKiBmb3IgdGhlIENESyBEaWZmIFN0YWNrIFdvcmtmbG93LlxuICpcbiAqIEZvciBub24tUHJvamVuIHByb2plY3RzLCB1c2UgYENka0RpZmZJYW1UZW1wbGF0ZUdlbmVyYXRvcmAgZGlyZWN0bHkuXG4gKi9cbmV4cG9ydCBjbGFzcyBDZGtEaWZmSWFtVGVtcGxhdGUge1xuICBjb25zdHJ1Y3Rvcihwcm9wczogQ2RrRGlmZklhbVRlbXBsYXRlUHJvcHMpIHtcbiAgICBjb25zdCBvdXRwdXRQYXRoID0gcHJvcHMub3V0cHV0UGF0aCA/PyAnY2RrLWRpZmYtd29ya2Zsb3ctaWFtLXRlbXBsYXRlLnlhbWwnO1xuXG4gICAgLy8gR2VuZXJhdGUgdGVtcGxhdGUgdXNpbmcgdGhlIGdlbmVyYXRvclxuICAgIGNvbnN0IHRlbXBsYXRlID0gQ2RrRGlmZklhbVRlbXBsYXRlR2VuZXJhdG9yLmdlbmVyYXRlVGVtcGxhdGUocHJvcHMpO1xuICAgIG5ldyBUZXh0RmlsZShwcm9wcy5wcm9qZWN0LCBvdXRwdXRQYXRoLCB7IGxpbmVzOiB0ZW1wbGF0ZS5zcGxpdCgnXFxuJykgfSk7XG5cbiAgICAvLyBBZGQgZGVwbG95IHRhc2tcbiAgICBwcm9wcy5wcm9qZWN0LmFkZFRhc2soJ2RlcGxveS1jZGtkaWZmLWlhbS10ZW1wbGF0ZScsIHtcbiAgICAgIGRlc2NyaXB0aW9uOlxuICAgICAgICAnRGVwbG95IHRoZSBDREsgRGlmZiBJQU0gdGVtcGxhdGUgdmlhIENsb3VkRm9ybWF0aW9uIChhY2NlcHRzIGV4dHJhIEFXUyBDTEkgYXJncywgZS5nLiwgLS1wYXJhbWV0ZXItb3ZlcnJpZGVzIEtleT1WYWx1ZS4uLiknLFxuICAgICAgcmVjZWl2ZUFyZ3M6IHRydWUsXG4gICAgICBleGVjOiBDZGtEaWZmSWFtVGVtcGxhdGVHZW5lcmF0b3IuZ2VuZXJhdGVEZXBsb3lDb21tYW5kKG91dHB1dFBhdGgpLFxuICAgIH0pO1xuICB9XG59XG4iXX0=