@liflig/cdk 2.18.5 → 2.18.6

package/lib/webapp/monitor.d.ts

@@ -0,0 +1,187 @@
+import * as cdk from "aws-cdk-lib";
+import * as cloudwatch from "aws-cdk-lib/aws-cloudwatch";
+import * as cognito from "aws-cdk-lib/aws-cognito";
+import * as iam from "aws-cdk-lib/aws-iam";
+import * as rum from "aws-cdk-lib/aws-rum";
+import * as constructs from "constructs";
+type CwRumTelemetries = ("http" | "performance" | "errors")[];
+type EventsAlarm = {
+    /**
+     * An action to use for CloudWatch alarm state changes instead of the default action
+     */
+    action?: cloudwatch.IAlarmAction;
+    /**
+     * The threshold defined as the number of CloudWatch RUM events that determines if the alarm should trigger or not.
+     * @default 1000
+     */
+    threshold?: number;
+    /**
+     * @default 1
+     */
+    evaluationPeriods?: number;
+    /**
+     * @default cdk.Duration.minutes(1)
+     */
+    period?: cdk.Duration;
+    /**
+     * @default false
+     */
+    enableOkAlarm?: boolean;
+};
+type ErrorsAlarm = {
+    /**
+     * An action to use for CloudWatch alarm state changes instead of the default action
+     */
+    action?: cloudwatch.IAlarmAction;
+    /**
+     * The threshold defined as the number of JavaScript errors recorded by CloudWatch RUM that determines if the alarm should trigger or not.
+     * @default 0
+     */
+    threshold?: number;
+    /**
+     * @default 1
+     */
+    evaluationPeriods?: number;
+    /**
+     * @default cdk.Duration.minutes(1)
+     */
+    period?: cdk.Duration;
+    /**
+     * @default false
+     */
+    enableOkAlarms: boolean;
+};
+interface WebappMonitorProps {
+    /**
+     * The name of the CloudWatch RUM App Monitor.
+     *
+     * NOTE: This name needs to be unique within a given AWS region.
+     */
+    appMonitorName: string;
+    /**
+     * The domain the web application to monitor is served on.
+     *
+     * Only web applications served on this domain can publish data to CloudWatch RUM.
+     */
+    webappDomainName: string;
+    /**
+     * Which telemetries to allow CloudWatch RUM to collect.
+     *
+     * Currently these telemetries are supported:
+     * - "http" report the http fetch calles made by browser to CW RUM
+     * - "errors" report the js errors which occur, passed via rumConfig.recordError
+     * - "performance" report the app performance
+     *
+     * @default: ["errors", "http", "performance"]
+     */
+    telemetries?: CwRumTelemetries;
+    /**
+     * The default CloudWatch alarm action to use.
+     *
+     * By default, an alarm is created for a high number of events being sent to CloudWatch RUM. This alarm action is used for the default alarm,
+     * and for other alarms if no other action is explicitly set when configuring or enabling alarms through this construct.
+     *
+     */
+    defaultAlarmAction: cloudwatch.IAlarmAction;
+    /**
+     * Allow CloudWatch RUM to record custom events.
+     *
+     * These events need to be defined in and sent from your web application.
+     *
+     * @default false
+     */
+    enableXRay?: boolean;
+    /**
+     * Allow CloudWatch RUM to use cookies.
+     *
+     * CloudWatch RUM does not require cookies in order to record errors, but some features require cookies to be enabled.
+     * @default false
+     */
+    enableCustomEvents?: boolean;
+    /**
+     * Allow CloudWatch RUM to use cookies.
+     *
+     * CloudWatch RUM does not require cookies in order to record errors, but some features require cookies to be enabled.
+     *
+     * See: https://aws.amazon.com/blogs/mt/how-and-when-to-enable-session-cookies-with-amazon-cloudwatch-rum/
+     *
+     * NOTE: You'll likely need to introduce a cookie consent popup in your web application
+     * before enabling cookies in your client-side configuration.
+     *
+     * @default true
+     */
+    allowCookies?: boolean;
+    /**
+     * The rate of client-side CloudWatch RUM sessions to sample.
+     *
+     * Values are between 0 and 1, where 1 is 100% of sessions.
+     *
+     * NOTE: You'll likely want to set this to a number below 1 in production environments with
+     * a lot of traffic.
+     *
+     * @default 1
+     */
+    sessionSampleRate?: number;
+    /**
+     *
+     * Whether to store a copy of CloudWatch RUM events in CloudWatch Logs.
+     *
+     * Enabling this can improve the ergonomics of finding relevant CloudWatch RUM events compared to
+     * using the CloudWatch RUM console as it makes it possible to search using CloudWatch Logs Insights etc.
+     *
+     * @default false
+     */
+    exportLogs?: boolean;
+    /**
+     * Override top-level properties for the rum.CfnAppMonitor construct
+     *
+     * @default - no overrides are used.
+     */
+    overrideAppMonitorProps?: Partial<rum.CfnAppMonitorProps>;
+    /**
+     * Override App Monitor configuration properties for the rum.CfnAppMonitor construct
+     *
+     * @default - no overrides are used.
+     */
+    overrideAppMonitorConfiguration?: Partial<rum.CfnAppMonitor.AppMonitorConfigurationProperty>;
+}
+/**
+ *  A construct for creating a CloudWatch Real User Monitoring (RUM) App Monitor.
+ *
+ * An app monitor allows you to centrally collect and view client-side data (JavaScript and HTTP errors, performance metrics, etc.)
+ * recorded from a web application.
+ *
+ * NOTE: You'll need to add a JavaScript snippet to your web application and configure CloudWatch RUM using
+ * AWS's client-side SDK after deploying the construct to enable your web application to start collecting data.
+ * The App Monitor controls which CloudWatch RUM functionality the web application can use, and in order to
+ * leverage given functionality you'll need to configure it both in the App Monitor as well as in the
+ * configuration of the client-side SDK used by your web application.
+ *
+ */
+export declare class WebappMonitor extends constructs.Construct {
+    readonly identityPool: cognito.CfnIdentityPool;
+    readonly guestRole: iam.IRole;
+    readonly appMonitor: rum.CfnAppMonitor;
+    private readonly _webappDomainName;
+    private readonly _defaultAlarmAction;
+    private _eventsAlarm;
+    private _eventsAlarmId;
+    constructor(scope: constructs.Construct, id: string, props: WebappMonitorProps);
+    /**
+     *
+     * Configure an alarm used to notify on an unexpectedly high number of CloudWatch RUM events being recorded.
+     *
+     * This alarm is required when using this construct.
+     *
+     * @default - an alarm is created with sane defaults.
+     *
+     */
+    configureEventsAlarm(props?: EventsAlarm): void;
+    private _createEventsAlarm;
+    /**
+     * Add an alarm that alerts on JavaScript errors
+     * sent to CloudWatch RUM.
+     */
+    addErrorsAlarm(props?: ErrorsAlarm): void;
+}
+export {};

package/lib/webapp/monitor.js

@@ -0,0 +1,156 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.WebappMonitor = void 0;
+const cdk = require("aws-cdk-lib");
+const cloudwatch = require("aws-cdk-lib/aws-cloudwatch");
+const cognito = require("aws-cdk-lib/aws-cognito");
+const iam = require("aws-cdk-lib/aws-iam");
+const rum = require("aws-cdk-lib/aws-rum");
+const constructs = require("constructs");
+/**
+ *  A construct for creating a CloudWatch Real User Monitoring (RUM) App Monitor.
+ *
+ * An app monitor allows you to centrally collect and view client-side data (JavaScript and HTTP errors, performance metrics, etc.)
+ * recorded from a web application.
+ *
+ * NOTE: You'll need to add a JavaScript snippet to your web application and configure CloudWatch RUM using
+ * AWS's client-side SDK after deploying the construct to enable your web application to start collecting data.
+ * The App Monitor controls which CloudWatch RUM functionality the web application can use, and in order to
+ * leverage given functionality you'll need to configure it both in the App Monitor as well as in the
+ * configuration of the client-side SDK used by your web application.
+ *
+ */
+class WebappMonitor extends constructs.Construct {
+    constructor(scope, id, props) {
+        var _a, _b, _c, _d, _e;
+        super(scope, id);
+        this._eventsAlarmId = "EventsAlarm";
+        if (props.sessionSampleRate &&
+            (props.sessionSampleRate < 0 || props.sessionSampleRate > 1)) {
+            throw new Error("sessionSampleRate needs to be a number between 0 and 1");
+        }
+        this._webappDomainName = props.webappDomainName;
+        const appMonitorName = props.appMonitorName;
+        this.identityPool = new cognito.CfnIdentityPool(this, "RumIdentityPool", {
+            allowUnauthenticatedIdentities: true,
+        });
+        this.guestRole = new iam.Role(this, "RumRole", {
+            assumedBy: new iam.WebIdentityPrincipal("cognito-identity.amazonaws.com", {
+                StringEquals: {
+                    "cognito-identity.amazonaws.com:aud": this.identityPool.ref,
+                },
+                "ForAnyValue:StringEquals": {
+                    "cognito-identity.amazonaws.com:amr": "unauthenticated",
+                },
+            }),
+            inlinePolicies: {
+                "allow-rum": new iam.PolicyDocument({
+                    statements: [
+                        new iam.PolicyStatement({
+                            actions: ["rum:PutRumEvents"],
+                            resources: [
+                                cdk.Stack.of(this).formatArn({
+                                    service: "rum",
+                                    resource: "appmonitor",
+                                    resourceName: appMonitorName,
+                                }),
+                            ],
+                        }),
+                    ],
+                }),
+            },
+        });
+        // attach role to identity pool
+        new cognito.CfnIdentityPoolRoleAttachment(this, "RoleAttachment", {
+            identityPoolId: this.identityPool.ref,
+            roles: {
+                unauthenticated: this.guestRole.roleArn,
+            },
+        });
+        this.appMonitor = new rum.CfnAppMonitor(this, "AppMonitor", {
+            name: appMonitorName,
+            domain: props.webappDomainName,
+            cwLogEnabled: (_a = props.exportLogs) !== null && _a !== void 0 ? _a : false,
+            appMonitorConfiguration: {
+                enableXRay: (_b = props.enableXRay) !== null && _b !== void 0 ? _b : false,
+                allowCookies: (_c = props.allowCookies) !== null && _c !== void 0 ? _c : true,
+                telemetries: (_d = props.telemetries) !== null && _d !== void 0 ? _d : ["errors", "http", "performance"],
+                sessionSampleRate: (_e = props.sessionSampleRate) !== null && _e !== void 0 ? _e : 1,
+                identityPoolId: this.identityPool.ref,
+                guestRoleArn: this.guestRole.roleArn,
+                ...props.overrideAppMonitorConfiguration,
+            },
+            customEvents: {
+                status: props.enableCustomEvents ? "ENABLED" : "DISABLED",
+            },
+            ...props.overrideAppMonitorProps,
+        });
+        this._defaultAlarmAction = props.defaultAlarmAction;
+        this._eventsAlarm = this._createEventsAlarm();
+    }
+    /**
+     *
+     * Configure an alarm used to notify on an unexpectedly high number of CloudWatch RUM events being recorded.
+     *
+     * This alarm is required when using this construct.
+     *
+     * @default - an alarm is created with sane defaults.
+     *
+     */
+    configureEventsAlarm(props) {
+        this.node.tryRemoveChild(this._eventsAlarmId);
+        this._eventsAlarm = this._createEventsAlarm(props);
+    }
+    _createEventsAlarm(props) {
+        var _a, _b, _c, _d, _e, _f;
+        const eventsAlarm = new cloudwatch.Metric({
+            metricName: "RumEventPayloadSize",
+            namespace: "AWS/RUM",
+            statistic: cloudwatch.Stats.SAMPLE_COUNT,
+            period: (_a = props === null || props === void 0 ? void 0 : props.period) !== null && _a !== void 0 ? _a : cdk.Duration.seconds(60),
+            dimensionsMap: {
+                application_name: this.appMonitor.name,
+            },
+        }).createAlarm(this, this._eventsAlarmId, {
+            alarmDescription: `A high number of events are being sent to CloudWatch RUM for app monitor '${this.appMonitor.name}'. This may lead to high costs, so you'll likely want to investigate this.`,
+            comparisonOperator: cloudwatch.ComparisonOperator.GREATER_THAN_THRESHOLD,
+            threshold: (_b = props === null || props === void 0 ? void 0 : props.threshold) !== null && _b !== void 0 ? _b : 1000,
+            evaluationPeriods: (_c = props === null || props === void 0 ? void 0 : props.evaluationPeriods) !== null && _c !== void 0 ? _c : 1,
+            treatMissingData: cloudwatch.TreatMissingData.NOT_BREACHING,
+        });
+        // These alarms are mandatory as costs should be mandator to monitor
+        eventsAlarm.addAlarmAction((_d = props === null || props === void 0 ? void 0 : props.action) !== null && _d !== void 0 ? _d : this._defaultAlarmAction);
+        if ((_e = props === null || props === void 0 ? void 0 : props.enableOkAlarm) !== null && _e !== void 0 ? _e : false) {
+            eventsAlarm.addOkAction((_f = props === null || props === void 0 ? void 0 : props.action) !== null && _f !== void 0 ? _f : this._defaultAlarmAction);
+        }
+        return eventsAlarm;
+    }
+    /**
+     * Add an alarm that alerts on JavaScript errors
+     * sent to CloudWatch RUM.
+     */
+    addErrorsAlarm(props) {
+        var _a, _b, _c, _d, _e, _f;
+        const errorsAlarm = new cloudwatch.Metric({
+            metricName: "JsErrorCount",
+            namespace: "AWS/RUM",
+            statistic: cloudwatch.Stats.SAMPLE_COUNT,
+            period: (_a = props === null || props === void 0 ? void 0 : props.period) !== null && _a !== void 0 ? _a : cdk.Duration.seconds(60),
+            dimensionsMap: {
+                application_name: this.appMonitor.name,
+            },
+        }).createAlarm(this, "RumJsErrorsAlarm", {
+            alarmDescription: `CloudWatch RUM has recorded JavaScript errors for app monitor '${this.appMonitor.name}' on domain '${this._webappDomainName}'`,
+            comparisonOperator: cloudwatch.ComparisonOperator.GREATER_THAN_THRESHOLD,
+            threshold: (_b = props === null || props === void 0 ? void 0 : props.threshold) !== null && _b !== void 0 ? _b : 0,
+            evaluationPeriods: (_c = props === null || props === void 0 ? void 0 : props.evaluationPeriods) !== null && _c !== void 0 ? _c : 1,
+            treatMissingData: cloudwatch.TreatMissingData.NOT_BREACHING,
+        });
+        errorsAlarm.addAlarmAction((_d = props === null || props === void 0 ? void 0 : props.action) !== null && _d !== void 0 ? _d : this._defaultAlarmAction);
+        if ((_e = props === null || props === void 0 ? void 0 : props.enableOkAlarms) !== null && _e !== void 0 ? _e : false) {
+            errorsAlarm.addOkAction((_f = props === null || props === void 0 ? void 0 : props.action) !== null && _f !== void 0 ? _f : this._defaultAlarmAction);
+        }
+    }
+}
+exports.WebappMonitor = WebappMonitor;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibW9uaXRvci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy93ZWJhcHAvbW9uaXRvci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSxtQ0FBa0M7QUFDbEMseURBQXdEO0FBQ3hELG1EQUFrRDtBQUNsRCwyQ0FBMEM7QUFDMUMsMkNBQTBDO0FBQzFDLHlDQUF3QztBQW1KeEM7Ozs7Ozs7Ozs7OztHQVlHO0FBQ0gsTUFBYSxhQUFjLFNBQVEsVUFBVSxDQUFDLFNBQVM7SUFXckQsWUFDRSxLQUEyQixFQUMzQixFQUFVLEVBQ1YsS0FBeUI7O1FBRXpCLEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFDLENBQUE7UUFQVixtQkFBYyxHQUFHLGFBQWEsQ0FBQTtRQVNwQyxJQUNFLEtBQUssQ0FBQyxpQkFBaUI7WUFDdkIsQ0FBQyxLQUFLLENBQUMsaUJBQWlCLEdBQUcsQ0FBQyxJQUFJLEtBQUssQ0FBQyxpQkFBaUIsR0FBRyxDQUFDLENBQUMsRUFDNUQsQ0FBQztZQUNELE1BQU0sSUFBSSxLQUFLLENBQUMsd0RBQXdELENBQUMsQ0FBQTtRQUMzRSxDQUFDO1FBRUQsSUFBSSxDQUFDLGlCQUFpQixHQUFHLEtBQUssQ0FBQyxnQkFBZ0IsQ0FBQTtRQUUvQyxNQUFNLGNBQWMsR0FBRyxLQUFLLENBQUMsY0FBYyxDQUFBO1FBRTNDLElBQUksQ0FBQyxZQUFZLEdBQUcsSUFBSSxPQUFPLENBQUMsZUFBZSxDQUFDLElBQUksRUFBRSxpQkFBaUIsRUFBRTtZQUN2RSw4QkFBOEIsRUFBRSxJQUFJO1NBQ3JDLENBQUMsQ0FBQTtRQUVGLElBQUksQ0FBQyxTQUFTLEdBQUcsSUFBSSxHQUFHLENBQUMsSUFBSSxDQUFDLElBQUksRUFBRSxTQUFTLEVBQUU7WUFDN0MsU0FBUyxFQUFFLElBQUksR0FBRyxDQUFDLG9CQUFvQixDQUNyQyxnQ0FBZ0MsRUFDaEM7Z0JBQ0UsWUFBWSxFQUFFO29CQUNaLG9DQUFvQyxFQUFFLElBQUksQ0FBQyxZQUFZLENBQUMsR0FBRztpQkFDNUQ7Z0JBQ0QsMEJBQTBCLEVBQUU7b0JBQzFCLG9DQUFvQyxFQUFFLGlCQUFpQjtpQkFDeEQ7YUFDRixDQUNGO1lBQ0QsY0FBYyxFQUFFO2dCQUNkLFdBQVcsRUFBRSxJQUFJLEdBQUcsQ0FBQyxjQUFjLENBQUM7b0JBQ2xDLFVBQVUsRUFBRTt3QkFDVixJQUFJLEdBQUcsQ0FBQyxlQUFlLENBQUM7NEJBQ3RCLE9BQU8sRUFBRSxDQUFDLGtCQUFrQixDQUFDOzRCQUM3QixTQUFTLEVBQUU7Z0NBQ1QsR0FBRyxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUMsSUFBSSxDQUFDLENBQUMsU0FBUyxDQUFDO29DQUMzQixPQUFPLEVBQUUsS0FBSztvQ0FDZCxRQUFRLEVBQUUsWUFBWTtvQ0FDdEIsWUFBWSxFQUFFLGNBQWM7aUNBQzdCLENBQUM7NkJBQ0g7eUJBQ0YsQ0FBQztxQkFDSDtpQkFDRixDQUFDO2FBQ0g7U0FDRixDQUFDLENBQUE7UUFFRiwrQkFBK0I7UUFDL0IsSUFBSSxPQUFPLENBQUMsNkJBQTZCLENBQUMsSUFBSSxFQUFFLGdCQUFnQixFQUFFO1lBQ2hFLGNBQWMsRUFBRSxJQUFJLENBQUMsWUFBWSxDQUFDLEdBQUc7WUFDckMsS0FBSyxFQUFFO2dCQUNMLGVBQWUsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLE9BQU87YUFDeEM7U0FDRixDQUFDLENBQUE7UUFFRixJQUFJLENBQUMsVUFBVSxHQUFHLElBQUksR0FBRyxDQUFDLGFBQWEsQ0FBQyxJQUFJLEVBQUUsWUFBWSxFQUFFO1lBQzFELElBQUksRUFBRSxjQUFjO1lBQ3BCLE1BQU0sRUFBRSxLQUFLLENBQUMsZ0JBQWdCO1lBQzlCLFlBQVksRUFBRSxNQUFBLEtBQUssQ0FBQyxVQUFVLG1DQUFJLEtBQUs7WUFDdkMsdUJBQXVCLEVBQUU7Z0JBQ3ZCLFVBQVUsRUFBRSxNQUFBLEtBQUssQ0FBQyxVQUFVLG1DQUFJLEtBQUs7Z0JBQ3JDLFlBQVksRUFBRSxNQUFBLEtBQUssQ0FBQyxZQUFZLG1DQUFJLElBQUk7Z0JBQ3hDLFdBQVcsRUFBRSxNQUFBLEtBQUssQ0FBQyxXQUFXLG1DQUFJLENBQUMsUUFBUSxFQUFFLE1BQU0sRUFBRSxhQUFhLENBQUM7Z0JBQ25FLGlCQUFpQixFQUFFLE1BQUEsS0FBSyxDQUFDLGlCQUFpQixtQ0FBSSxDQUFDO2dCQUMvQyxjQUFjLEVBQUUsSUFBSSxDQUFDLFlBQVksQ0FBQyxHQUFHO2dCQUNyQyxZQUFZLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FBQyxPQUFPO2dCQUNwQyxHQUFHLEtBQUssQ0FBQywrQkFBK0I7YUFDekM7WUFDRCxZQUFZLEVBQUU7Z0JBQ1osTUFBTSxFQUFFLEtBQUssQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDLENBQUMsU0FBUyxDQUFDLENBQUMsQ0FBQyxVQUFVO2FBQzFEO1lBQ0QsR0FBRyxLQUFLLENBQUMsdUJBQXVCO1NBQ2pDLENBQUMsQ0FBQTtRQUVGLElBQUksQ0FBQyxtQkFBbUIsR0FBRyxLQUFLLENBQUMsa0JBQWtCLENBQUE7UUFDbkQsSUFBSSxDQUFDLFlBQVksR0FBRyxJQUFJLENBQUMsa0JBQWtCLEVBQUUsQ0FBQTtJQUMvQyxDQUFDO0lBRUQ7Ozs7Ozs7O09BUUc7SUFDSCxvQkFBb0IsQ0FBQyxLQUFtQjtRQUN0QyxJQUFJLENBQUMsSUFBSSxDQUFDLGNBQWMsQ0FBQyxJQUFJLENBQUMsY0FBYyxDQUFDLENBQUE7UUFDN0MsSUFBSSxDQUFDLFlBQVksR0FBRyxJQUFJLENBQUMsa0JBQWtCLENBQUMsS0FBSyxDQUFDLENBQUE7SUFDcEQsQ0FBQztJQUVPLGtCQUFrQixDQUFDLEtBQW1COztRQUM1QyxNQUFNLFdBQVcsR0FBRyxJQUFJLFVBQVUsQ0FBQyxNQUFNLENBQUM7WUFDeEMsVUFBVSxFQUFFLHFCQUFxQjtZQUNqQyxTQUFTLEVBQUUsU0FBUztZQUNwQixTQUFTLEVBQUUsVUFBVSxDQUFDLEtBQUssQ0FBQyxZQUFZO1lBQ3hDLE1BQU0sRUFBRSxNQUFBLEtBQUssYUFBTCxLQUFLLHVCQUFMLEtBQUssQ0FBRSxNQUFNLG1DQUFJLEdBQUcsQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztZQUNqRCxhQUFhLEVBQUU7Z0JBQ2IsZ0JBQWdCLEVBQUUsSUFBSSxDQUFDLFVBQVUsQ0FBQyxJQUFJO2FBQ3ZDO1NBQ0YsQ0FBQyxDQUFDLFdBQVcsQ0FBQyxJQUFJLEVBQUUsSUFBSSxDQUFDLGNBQWMsRUFBRTtZQUN4QyxnQkFBZ0IsRUFBRSw2RUFBNkUsSUFBSSxDQUFDLFVBQVUsQ0FBQyxJQUFJLDRFQUE0RTtZQUMvTCxrQkFBa0IsRUFBRSxVQUFVLENBQUMsa0JBQWtCLENBQUMsc0JBQXNCO1lBQ3hFLFNBQVMsRUFBRSxNQUFBLEtBQUssYUFBTCxLQUFLLHVCQUFMLEtBQUssQ0FBRSxTQUFTLG1DQUFJLElBQUk7WUFDbkMsaUJBQWlCLEVBQUUsTUFBQSxLQUFLLGFBQUwsS0FBSyx1QkFBTCxLQUFLLENBQUUsaUJBQWlCLG1DQUFJLENBQUM7WUFDaEQsZ0JBQWdCLEVBQUUsVUFBVSxDQUFDLGdCQUFnQixDQUFDLGFBQWE7U0FDNUQsQ0FBQyxDQUFBO1FBRUYsb0VBQW9FO1FBQ3BFLFdBQVcsQ0FBQyxjQUFjLENBQUMsTUFBQSxLQUFLLGFBQUwsS0FBSyx1QkFBTCxLQUFLLENBQUUsTUFBTSxtQ0FBSSxJQUFJLENBQUMsbUJBQW1CLENBQUMsQ0FBQTtRQUNyRSxJQUFJLE1BQUEsS0FBSyxhQUFMLEtBQUssdUJBQUwsS0FBSyxDQUFFLGFBQWEsbUNBQUksS0FBSyxFQUFFLENBQUM7WUFDbEMsV0FBVyxDQUFDLFdBQVcsQ0FBQyxNQUFBLEtBQUssYUFBTCxLQUFLLHVCQUFMLEtBQUssQ0FBRSxNQUFNLG1DQUFJLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxDQUFBO1FBQ3BFLENBQUM7UUFFRCxPQUFPLFdBQVcsQ0FBQTtJQUNwQixDQUFDO0lBRUQ7OztPQUdHO0lBQ0gsY0FBYyxDQUFDLEtBQW1COztRQUNoQyxNQUFNLFdBQVcsR0FBRyxJQUFJLFVBQVUsQ0FBQyxNQUFNLENBQUM7WUFDeEMsVUFBVSxFQUFFLGNBQWM7WUFDMUIsU0FBUyxFQUFFLFNBQVM7WUFDcEIsU0FBUyxFQUFFLFVBQVUsQ0FBQyxLQUFLLENBQUMsWUFBWTtZQUN4QyxNQUFNLEVBQUUsTUFBQSxLQUFLLGFBQUwsS0FBSyx1QkFBTCxLQUFLLENBQUUsTUFBTSxtQ0FBSSxHQUFHLENBQUMsUUFBUSxDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7WUFDakQsYUFBYSxFQUFFO2dCQUNiLGdCQUFnQixFQUFFLElBQUksQ0FBQyxVQUFVLENBQUMsSUFBSTthQUN2QztTQUNGLENBQUMsQ0FBQyxXQUFXLENBQUMsSUFBSSxFQUFFLGtCQUFrQixFQUFFO1lBQ3ZDLGdCQUFnQixFQUFFLGtFQUFrRSxJQUFJLENBQUMsVUFBVSxDQUFDLElBQUksZ0JBQWdCLElBQUksQ0FBQyxpQkFBaUIsR0FBRztZQUNqSixrQkFBa0IsRUFBRSxVQUFVLENBQUMsa0JBQWtCLENBQUMsc0JBQXNCO1lBQ3hFLFNBQVMsRUFBRSxNQUFBLEtBQUssYUFBTCxLQUFLLHVCQUFMLEtBQUssQ0FBRSxTQUFTLG1DQUFJLENBQUM7WUFDaEMsaUJBQWlCLEVBQUUsTUFBQSxLQUFLLGFBQUwsS0FBSyx1QkFBTCxLQUFLLENBQUUsaUJBQWlCLG1DQUFJLENBQUM7WUFDaEQsZ0JBQWdCLEVBQUUsVUFBVSxDQUFDLGdCQUFnQixDQUFDLGFBQWE7U0FDNUQsQ0FBQyxDQUFBO1FBRUYsV0FBVyxDQUFDLGNBQWMsQ0FBQyxNQUFBLEtBQUssYUFBTCxLQUFLLHVCQUFMLEtBQUssQ0FBRSxNQUFNLG1DQUFJLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxDQUFBO1FBRXJFLElBQUksTUFBQSxLQUFLLGFBQUwsS0FBSyx1QkFBTCxLQUFLLENBQUUsY0FBYyxtQ0FBSSxLQUFLLEVBQUUsQ0FBQztZQUNuQyxXQUFXLENBQUMsV0FBVyxDQUFDLE1BQUEsS0FBSyxhQUFMLEtBQUssdUJBQUwsS0FBSyxDQUFFLE1BQU0sbUNBQUksSUFBSSxDQUFDLG1CQUFtQixDQUFDLENBQUE7UUFDcEUsQ0FBQztJQUNILENBQUM7Q0FDRjtBQWpLRCxzQ0FpS0MiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgKiBhcyBjZGsgZnJvbSBcImF3cy1jZGstbGliXCJcbmltcG9ydCAqIGFzIGNsb3Vkd2F0Y2ggZnJvbSBcImF3cy1jZGstbGliL2F3cy1jbG91ZHdhdGNoXCJcbmltcG9ydCAqIGFzIGNvZ25pdG8gZnJvbSBcImF3cy1jZGstbGliL2F3cy1jb2duaXRvXCJcbmltcG9ydCAqIGFzIGlhbSBmcm9tIFwiYXdzLWNkay1saWIvYXdzLWlhbVwiXG5pbXBvcnQgKiBhcyBydW0gZnJvbSBcImF3cy1jZGstbGliL2F3cy1ydW1cIlxuaW1wb3J0ICogYXMgY29uc3RydWN0cyBmcm9tIFwiY29uc3RydWN0c1wiXG5cbnR5cGUgQ3dSdW1UZWxlbWV0cmllcyA9IChcImh0dHBcIiB8IFwicGVyZm9ybWFuY2VcIiB8IFwiZXJyb3JzXCIpW11cblxudHlwZSBFdmVudHNBbGFybSA9IHtcbiAgLyoqXG4gICAqIEFuIGFjdGlvbiB0byB1c2UgZm9yIENsb3VkV2F0Y2ggYWxhcm0gc3RhdGUgY2hhbmdlcyBpbnN0ZWFkIG9mIHRoZSBkZWZhdWx0IGFjdGlvblxuICAgKi9cbiAgYWN0aW9uPzogY2xvdWR3YXRjaC5JQWxhcm1BY3Rpb25cbiAgLyoqXG4gICAqIFRoZSB0aHJlc2hvbGQgZGVmaW5lZCBhcyB0aGUgbnVtYmVyIG9mIENsb3VkV2F0Y2ggUlVNIGV2ZW50cyB0aGF0IGRldGVybWluZXMgaWYgdGhlIGFsYXJtIHNob3VsZCB0cmlnZ2VyIG9yIG5vdC5cbiAgICogQGRlZmF1bHQgMTAwMFxuICAgKi9cbiAgdGhyZXNob2xkPzogbnVtYmVyXG4gIC8qKlxuICAgKiBAZGVmYXVsdCAxXG4gICAqL1xuICBldmFsdWF0aW9uUGVyaW9kcz86IG51bWJlclxuICAvKipcbiAgICogQGRlZmF1bHQgY2RrLkR1cmF0aW9uLm1pbnV0ZXMoMSlcbiAgICovXG4gIHBlcmlvZD86IGNkay5EdXJhdGlvblxuICAvKipcbiAgICogQGRlZmF1bHQgZmFsc2VcbiAgICovXG4gIGVuYWJsZU9rQWxhcm0/OiBib29sZWFuXG59XG5cbnR5cGUgRXJyb3JzQWxhcm0gPSB7XG4gIC8qKlxuICAgKiBBbiBhY3Rpb24gdG8gdXNlIGZvciBDbG91ZFdhdGNoIGFsYXJtIHN0YXRlIGNoYW5nZXMgaW5zdGVhZCBvZiB0aGUgZGVmYXVsdCBhY3Rpb25cbiAgICovXG4gIGFjdGlvbj86IGNsb3Vkd2F0Y2guSUFsYXJtQWN0aW9uXG4gIC8qKlxuICAgKiBUaGUgdGhyZXNob2xkIGRlZmluZWQgYXMgdGhlIG51bWJlciBvZiBKYXZhU2NyaXB0IGVycm9ycyByZWNvcmRlZCBieSBDbG91ZFdhdGNoIFJVTSB0aGF0IGRldGVybWluZXMgaWYgdGhlIGFsYXJtIHNob3VsZCB0cmlnZ2VyIG9yIG5vdC5cbiAgICogQGRlZmF1bHQgMFxuICAgKi9cbiAgdGhyZXNob2xkPzogbnVtYmVyXG4gIC8qKlxuICAgKiBAZGVmYXVsdCAxXG4gICAqL1xuICBldmFsdWF0aW9uUGVyaW9kcz86IG51bWJlclxuICAvKipcbiAgICogQGRlZmF1bHQgY2RrLkR1cmF0aW9uLm1pbnV0ZXMoMSlcbiAgICovXG4gIHBlcmlvZD86IGNkay5EdXJhdGlvblxuICAvKipcbiAgICogQGRlZmF1bHQgZmFsc2VcbiAgICovXG4gIGVuYWJsZU9rQWxhcm1zOiBib29sZWFuXG59XG5cbmludGVyZmFjZSBXZWJhcHBNb25pdG9yUHJvcHMge1xuICAvKipcbiAgICogVGhlIG5hbWUgb2YgdGhlIENsb3VkV2F0Y2ggUlVNIEFwcCBNb25pdG9yLlxuICAgKlxuICAgKiBOT1RFOiBUaGlzIG5hbWUgbmVlZHMgdG8gYmUgdW5pcXVlIHdpdGhpbiBhIGdpdmVuIEFXUyByZWdpb24uXG4gICAqL1xuICBhcHBNb25pdG9yTmFtZTogc3RyaW5nXG4gIC8qKlxuICAgKiBUaGUgZG9tYWluIHRoZSB3ZWIgYXBwbGljYXRpb24gdG8gbW9uaXRvciBpcyBzZXJ2ZWQgb24uXG4gICAqXG4gICAqIE9ubHkgd2ViIGFwcGxpY2F0aW9ucyBzZXJ2ZWQgb24gdGhpcyBkb21haW4gY2FuIHB1Ymxpc2ggZGF0YSB0byBDbG91ZFdhdGNoIFJVTS5cbiAgICovXG4gIHdlYmFwcERvbWFpbk5hbWU6IHN0cmluZ1xuICAvKipcbiAgICogV2hpY2ggdGVsZW1ldHJpZXMgdG8gYWxsb3cgQ2xvdWRXYXRjaCBSVU0gdG8gY29sbGVjdC5cbiAgICpcbiAgICogQ3VycmVudGx5IHRoZXNlIHRlbGVtZXRyaWVzIGFyZSBzdXBwb3J0ZWQ6XG4gICAqIC0gXCJodHRwXCIgcmVwb3J0IHRoZSBodHRwIGZldGNoIGNhbGxlcyBtYWRlIGJ5IGJyb3dzZXIgdG8gQ1cgUlVNXG4gICAqIC0gXCJlcnJvcnNcIiByZXBvcnQgdGhlIGpzIGVycm9ycyB3aGljaCBvY2N1ciwgcGFzc2VkIHZpYSBydW1Db25maWcucmVjb3JkRXJyb3JcbiAgICogLSBcInBlcmZvcm1hbmNlXCIgcmVwb3J0IHRoZSBhcHAgcGVyZm9ybWFuY2VcbiAgICpcbiAgICogQGRlZmF1bHQ6IFtcImVycm9yc1wiLCBcImh0dHBcIiwgXCJwZXJmb3JtYW5jZVwiXVxuICAgKi9cbiAgdGVsZW1ldHJpZXM/OiBDd1J1bVRlbGVtZXRyaWVzXG4gIC8qKlxuICAgKiBUaGUgZGVmYXVsdCBDbG91ZFdhdGNoIGFsYXJtIGFjdGlvbiB0byB1c2UuXG4gICAqXG4gICAqIEJ5IGRlZmF1bHQsIGFuIGFsYXJtIGlzIGNyZWF0ZWQgZm9yIGEgaGlnaCBudW1iZXIgb2YgZXZlbnRzIGJlaW5nIHNlbnQgdG8gQ2xvdWRXYXRjaCBSVU0uIFRoaXMgYWxhcm0gYWN0aW9uIGlzIHVzZWQgZm9yIHRoZSBkZWZhdWx0IGFsYXJtLFxuICAgKiBhbmQgZm9yIG90aGVyIGFsYXJtcyBpZiBubyBvdGhlciBhY3Rpb24gaXMgZXhwbGljaXRseSBzZXQgd2hlbiBjb25maWd1cmluZyBvciBlbmFibGluZyBhbGFybXMgdGhyb3VnaCB0aGlzIGNvbnN0cnVjdC5cbiAgICpcbiAgICovXG4gIGRlZmF1bHRBbGFybUFjdGlvbjogY2xvdWR3YXRjaC5JQWxhcm1BY3Rpb25cbiAgLyoqXG4gICAqIEFsbG93IENsb3VkV2F0Y2ggUlVNIHRvIHJlY29yZCBjdXN0b20gZXZlbnRzLlxuICAgKlxuICAgKiBUaGVzZSBldmVudHMgbmVlZCB0byBiZSBkZWZpbmVkIGluIGFuZCBzZW50IGZyb20geW91ciB3ZWIgYXBwbGljYXRpb24uXG4gICAqXG4gICAqIEBkZWZhdWx0IGZhbHNlXG4gICAqL1xuICBlbmFibGVYUmF5PzogYm9vbGVhblxuICAvKipcbiAgICogQWxsb3cgQ2xvdWRXYXRjaCBSVU0gdG8gdXNlIGNvb2tpZXMuXG4gICAqXG4gICAqIENsb3VkV2F0Y2ggUlVNIGRvZXMgbm90IHJlcXVpcmUgY29va2llcyBpbiBvcmRlciB0byByZWNvcmQgZXJyb3JzLCBidXQgc29tZSBmZWF0dXJlcyByZXF1aXJlIGNvb2tpZXMgdG8gYmUgZW5hYmxlZC5cbiAgICogQGRlZmF1bHQgZmFsc2VcbiAgICovXG4gIGVuYWJsZUN1c3RvbUV2ZW50cz86IGJvb2xlYW5cbiAgLyoqXG4gICAqIEFsbG93IENsb3VkV2F0Y2ggUlVNIHRvIHVzZSBjb29raWVzLlxuICAgKlxuICAgKiBDbG91ZFdhdGNoIFJVTSBkb2VzIG5vdCByZXF1aXJlIGNvb2tpZXMgaW4gb3JkZXIgdG8gcmVjb3JkIGVycm9ycywgYnV0IHNvbWUgZmVhdHVyZXMgcmVxdWlyZSBjb29raWVzIHRvIGJlIGVuYWJsZWQuXG4gICAqXG4gICAqIFNlZTogaHR0cHM6Ly9hd3MuYW1hem9uLmNvbS9ibG9ncy9tdC9ob3ctYW5kLXdoZW4tdG8tZW5hYmxlLXNlc3Npb24tY29va2llcy13aXRoLWFtYXpvbi1jbG91ZHdhdGNoLXJ1bS9cbiAgICpcbiAgICogTk9URTogWW91J2xsIGxpa2VseSBuZWVkIHRvIGludHJvZHVjZSBhIGNvb2tpZSBjb25zZW50IHBvcHVwIGluIHlvdXIgd2ViIGFwcGxpY2F0aW9uXG4gICAqIGJlZm9yZSBlbmFibGluZyBjb29raWVzIGluIHlvdXIgY2xpZW50LXNpZGUgY29uZmlndXJhdGlvbi5cbiAgICpcbiAgICogQGRlZmF1bHQgdHJ1ZVxuICAgKi9cbiAgYWxsb3dDb29raWVzPzogYm9vbGVhblxuICAvKipcbiAgICogVGhlIHJhdGUgb2YgY2xpZW50LXNpZGUgQ2xvdWRXYXRjaCBSVU0gc2Vzc2lvbnMgdG8gc2FtcGxlLlxuICAgKlxuICAgKiBWYWx1ZXMgYXJlIGJldHdlZW4gMCBhbmQgMSwgd2hlcmUgMSBpcyAxMDAlIG9mIHNlc3Npb25zLlxuICAgKlxuICAgKiBOT1RFOiBZb3UnbGwgbGlrZWx5IHdhbnQgdG8gc2V0IHRoaXMgdG8gYSBudW1iZXIgYmVsb3cgMSBpbiBwcm9kdWN0aW9uIGVudmlyb25tZW50cyB3aXRoXG4gICAqIGEgbG90IG9mIHRyYWZmaWMuXG4gICAqXG4gICAqIEBkZWZhdWx0IDFcbiAgICovXG4gIHNlc3Npb25TYW1wbGVSYXRlPzogbnVtYmVyXG4gIC8qKlxuICAgKlxuICAgKiBXaGV0aGVyIHRvIHN0b3JlIGEgY29weSBvZiBDbG91ZFdhdGNoIFJVTSBldmVudHMgaW4gQ2xvdWRXYXRjaCBMb2dzLlxuICAgKlxuICAgKiBFbmFibGluZyB0aGlzIGNhbiBpbXByb3ZlIHRoZSBlcmdvbm9taWNzIG9mIGZpbmRpbmcgcmVsZXZhbnQgQ2xvdWRXYXRjaCBSVU0gZXZlbnRzIGNvbXBhcmVkIHRvXG4gICAqIHVzaW5nIHRoZSBDbG91ZFdhdGNoIFJVTSBjb25zb2xlIGFzIGl0IG1ha2VzIGl0IHBvc3NpYmxlIHRvIHNlYXJjaCB1c2luZyBDbG91ZFdhdGNoIExvZ3MgSW5zaWdodHMgZXRjLlxuICAgKlxuICAgKiBAZGVmYXVsdCBmYWxzZVxuICAgKi9cbiAgZXhwb3J0TG9ncz86IGJvb2xlYW5cbiAgLyoqXG4gICAqIE92ZXJyaWRlIHRvcC1sZXZlbCBwcm9wZXJ0aWVzIGZvciB0aGUgcnVtLkNmbkFwcE1vbml0b3IgY29uc3RydWN0XG4gICAqXG4gICAqIEBkZWZhdWx0IC0gbm8gb3ZlcnJpZGVzIGFyZSB1c2VkLlxuICAgKi9cbiAgb3ZlcnJpZGVBcHBNb25pdG9yUHJvcHM/OiBQYXJ0aWFsPHJ1bS5DZm5BcHBNb25pdG9yUHJvcHM+XG4gIC8qKlxuICAgKiBPdmVycmlkZSBBcHAgTW9uaXRvciBjb25maWd1cmF0aW9uIHByb3BlcnRpZXMgZm9yIHRoZSBydW0uQ2ZuQXBwTW9uaXRvciBjb25zdHJ1Y3RcbiAgICpcbiAgICogQGRlZmF1bHQgLSBubyBvdmVycmlkZXMgYXJlIHVzZWQuXG4gICAqL1xuICBvdmVycmlkZUFwcE1vbml0b3JDb25maWd1cmF0aW9uPzogUGFydGlhbDxydW0uQ2ZuQXBwTW9uaXRvci5BcHBNb25pdG9yQ29uZmlndXJhdGlvblByb3BlcnR5PlxufVxuXG4vKipcbiAqICBBIGNvbnN0cnVjdCBmb3IgY3JlYXRpbmcgYSBDbG91ZFdhdGNoIFJlYWwgVXNlciBNb25pdG9yaW5nIChSVU0pIEFwcCBNb25pdG9yLlxuICpcbiAqIEFuIGFwcCBtb25pdG9yIGFsbG93cyB5b3UgdG8gY2VudHJhbGx5IGNvbGxlY3QgYW5kIHZpZXcgY2xpZW50LXNpZGUgZGF0YSAoSmF2YVNjcmlwdCBhbmQgSFRUUCBlcnJvcnMsIHBlcmZvcm1hbmNlIG1ldHJpY3MsIGV0Yy4pXG4gKiByZWNvcmRlZCBmcm9tIGEgd2ViIGFwcGxpY2F0aW9uLlxuICpcbiAqIE5PVEU6IFlvdSdsbCBuZWVkIHRvIGFkZCBhIEphdmFTY3JpcHQgc25pcHBldCB0byB5b3VyIHdlYiBhcHBsaWNhdGlvbiBhbmQgY29uZmlndXJlIENsb3VkV2F0Y2ggUlVNIHVzaW5nXG4gKiBBV1MncyBjbGllbnQtc2lkZSBTREsgYWZ0ZXIgZGVwbG95aW5nIHRoZSBjb25zdHJ1Y3QgdG8gZW5hYmxlIHlvdXIgd2ViIGFwcGxpY2F0aW9uIHRvIHN0YXJ0IGNvbGxlY3RpbmcgZGF0YS5cbiAqIFRoZSBBcHAgTW9uaXRvciBjb250cm9scyB3aGljaCBDbG91ZFdhdGNoIFJVTSBmdW5jdGlvbmFsaXR5IHRoZSB3ZWIgYXBwbGljYXRpb24gY2FuIHVzZSwgYW5kIGluIG9yZGVyIHRvXG4gKiBsZXZlcmFnZSBnaXZlbiBmdW5jdGlvbmFsaXR5IHlvdSdsbCBuZWVkIHRvIGNvbmZpZ3VyZSBpdCBib3RoIGluIHRoZSBBcHAgTW9uaXRvciBhcyB3ZWxsIGFzIGluIHRoZVxuICogY29uZmlndXJhdGlvbiBvZiB0aGUgY2xpZW50LXNpZGUgU0RLIHVzZWQgYnkgeW91ciB3ZWIgYXBwbGljYXRpb24uXG4gKlxuICovXG5leHBvcnQgY2xhc3MgV2ViYXBwTW9uaXRvciBleHRlbmRzIGNvbnN0cnVjdHMuQ29uc3RydWN0IHtcbiAgcmVhZG9ubHkgaWRlbnRpdHlQb29sOiBjb2duaXRvLkNmbklkZW50aXR5UG9vbFxuICByZWFkb25seSBndWVzdFJvbGU6IGlhbS5JUm9sZVxuICByZWFkb25seSBhcHBNb25pdG9yOiBydW0uQ2ZuQXBwTW9uaXRvclxuICBwcml2YXRlIHJlYWRvbmx5IF93ZWJhcHBEb21haW5OYW1lOiBzdHJpbmdcblxuICBwcml2YXRlIHJlYWRvbmx5IF9kZWZhdWx0QWxhcm1BY3Rpb246IGNsb3Vkd2F0Y2guSUFsYXJtQWN0aW9uXG5cbiAgcHJpdmF0ZSBfZXZlbnRzQWxhcm06IGNsb3Vkd2F0Y2guSUFsYXJtXG4gIHByaXZhdGUgX2V2ZW50c0FsYXJtSWQgPSBcIkV2ZW50c0FsYXJtXCJcblxuICBjb25zdHJ1Y3RvcihcbiAgICBzY29wZTogY29uc3RydWN0cy5Db25zdHJ1Y3QsXG4gICAgaWQ6IHN0cmluZyxcbiAgICBwcm9wczogV2ViYXBwTW9uaXRvclByb3BzLFxuICApIHtcbiAgICBzdXBlcihzY29wZSwgaWQpXG5cbiAgICBpZiAoXG4gICAgICBwcm9wcy5zZXNzaW9uU2FtcGxlUmF0ZSAmJlxuICAgICAgKHByb3BzLnNlc3Npb25TYW1wbGVSYXRlIDwgMCB8fCBwcm9wcy5zZXNzaW9uU2FtcGxlUmF0ZSA+IDEpXG4gICAgKSB7XG4gICAgICB0aHJvdyBuZXcgRXJyb3IoXCJzZXNzaW9uU2FtcGxlUmF0ZSBuZWVkcyB0byBiZSBhIG51bWJlciBiZXR3ZWVuIDAgYW5kIDFcIilcbiAgICB9XG5cbiAgICB0aGlzLl93ZWJhcHBEb21haW5OYW1lID0gcHJvcHMud2ViYXBwRG9tYWluTmFtZVxuXG4gICAgY29uc3QgYXBwTW9uaXRvck5hbWUgPSBwcm9wcy5hcHBNb25pdG9yTmFtZVxuXG4gICAgdGhpcy5pZGVudGl0eVBvb2wgPSBuZXcgY29nbml0by5DZm5JZGVudGl0eVBvb2wodGhpcywgXCJSdW1JZGVudGl0eVBvb2xcIiwge1xuICAgICAgYWxsb3dVbmF1dGhlbnRpY2F0ZWRJZGVudGl0aWVzOiB0cnVlLFxuICAgIH0pXG5cbiAgICB0aGlzLmd1ZXN0Um9sZSA9IG5ldyBpYW0uUm9sZSh0aGlzLCBcIlJ1bVJvbGVcIiwge1xuICAgICAgYXNzdW1lZEJ5OiBuZXcgaWFtLldlYklkZW50aXR5UHJpbmNpcGFsKFxuICAgICAgICBcImNvZ25pdG8taWRlbnRpdHkuYW1hem9uYXdzLmNvbVwiLFxuICAgICAgICB7XG4gICAgICAgICAgU3RyaW5nRXF1YWxzOiB7XG4gICAgICAgICAgICBcImNvZ25pdG8taWRlbnRpdHkuYW1hem9uYXdzLmNvbTphdWRcIjogdGhpcy5pZGVudGl0eVBvb2wucmVmLFxuICAgICAgICAgIH0sXG4gICAgICAgICAgXCJGb3JBbnlWYWx1ZTpTdHJpbmdFcXVhbHNcIjoge1xuICAgICAgICAgICAgXCJjb2duaXRvLWlkZW50aXR5LmFtYXpvbmF3cy5jb206YW1yXCI6IFwidW5hdXRoZW50aWNhdGVkXCIsXG4gICAgICAgICAgfSxcbiAgICAgICAgfSxcbiAgICAgICksXG4gICAgICBpbmxpbmVQb2xpY2llczoge1xuICAgICAgICBcImFsbG93LXJ1bVwiOiBuZXcgaWFtLlBvbGljeURvY3VtZW50KHtcbiAgICAgICAgICBzdGF0ZW1lbnRzOiBbXG4gICAgICAgICAgICBuZXcgaWFtLlBvbGljeVN0YXRlbWVudCh7XG4gICAgICAgICAgICAgIGFjdGlvbnM6IFtcInJ1bTpQdXRSdW1FdmVudHNcIl0sXG4gICAgICAgICAgICAgIHJlc291cmNlczogW1xuICAgICAgICAgICAgICAgIGNkay5TdGFjay5vZih0aGlzKS5mb3JtYXRBcm4oe1xuICAgICAgICAgICAgICAgICAgc2VydmljZTogXCJydW1cIixcbiAgICAgICAgICAgICAgICAgIHJlc291cmNlOiBcImFwcG1vbml0b3JcIixcbiAgICAgICAgICAgICAgICAgIHJlc291cmNlTmFtZTogYXBwTW9uaXRvck5hbWUsXG4gICAgICAgICAgICAgICAgfSksXG4gICAgICAgICAgICAgIF0sXG4gICAgICAgICAgICB9KSxcbiAgICAgICAgICBdLFxuICAgICAgICB9KSxcbiAgICAgIH0sXG4gICAgfSlcblxuICAgIC8vIGF0dGFjaCByb2xlIHRvIGlkZW50aXR5IHBvb2xcbiAgICBuZXcgY29nbml0by5DZm5JZGVudGl0eVBvb2xSb2xlQXR0YWNobWVudCh0aGlzLCBcIlJvbGVBdHRhY2htZW50XCIsIHtcbiAgICAgIGlkZW50aXR5UG9vbElkOiB0aGlzLmlkZW50aXR5UG9vbC5yZWYsXG4gICAgICByb2xlczoge1xuICAgICAgICB1bmF1dGhlbnRpY2F0ZWQ6IHRoaXMuZ3Vlc3RSb2xlLnJvbGVBcm4sXG4gICAgICB9LFxuICAgIH0pXG5cbiAgICB0aGlzLmFwcE1vbml0b3IgPSBuZXcgcnVtLkNmbkFwcE1vbml0b3IodGhpcywgXCJBcHBNb25pdG9yXCIsIHtcbiAgICAgIG5hbWU6IGFwcE1vbml0b3JOYW1lLFxuICAgICAgZG9tYWluOiBwcm9wcy53ZWJhcHBEb21haW5OYW1lLFxuICAgICAgY3dMb2dFbmFibGVkOiBwcm9wcy5leHBvcnRMb2dzID8/IGZhbHNlLFxuICAgICAgYXBwTW9uaXRvckNvbmZpZ3VyYXRpb246IHtcbiAgICAgICAgZW5hYmxlWFJheTogcHJvcHMuZW5hYmxlWFJheSA/PyBmYWxzZSxcbiAgICAgICAgYWxsb3dDb29raWVzOiBwcm9wcy5hbGxvd0Nvb2tpZXMgPz8gdHJ1ZSxcbiAgICAgICAgdGVsZW1ldHJpZXM6IHByb3BzLnRlbGVtZXRyaWVzID8/IFtcImVycm9yc1wiLCBcImh0dHBcIiwgXCJwZXJmb3JtYW5jZVwiXSxcbiAgICAgICAgc2Vzc2lvblNhbXBsZVJhdGU6IHByb3BzLnNlc3Npb25TYW1wbGVSYXRlID8/IDEsXG4gICAgICAgIGlkZW50aXR5UG9vbElkOiB0aGlzLmlkZW50aXR5UG9vbC5yZWYsXG4gICAgICAgIGd1ZXN0Um9sZUFybjogdGhpcy5ndWVzdFJvbGUucm9sZUFybixcbiAgICAgICAgLi4ucHJvcHMub3ZlcnJpZGVBcHBNb25pdG9yQ29uZmlndXJhdGlvbixcbiAgICAgIH0sXG4gICAgICBjdXN0b21FdmVudHM6IHtcbiAgICAgICAgc3RhdHVzOiBwcm9wcy5lbmFibGVDdXN0b21FdmVudHMgPyBcIkVOQUJMRURcIiA6IFwiRElTQUJMRURcIixcbiAgICAgIH0sXG4gICAgICAuLi5wcm9wcy5vdmVycmlkZUFwcE1vbml0b3JQcm9wcyxcbiAgICB9KVxuXG4gICAgdGhpcy5fZGVmYXVsdEFsYXJtQWN0aW9uID0gcHJvcHMuZGVmYXVsdEFsYXJtQWN0aW9uXG4gICAgdGhpcy5fZXZlbnRzQWxhcm0gPSB0aGlzLl9jcmVhdGVFdmVudHNBbGFybSgpXG4gIH1cblxuICAvKipcbiAgICpcbiAgICogQ29uZmlndXJlIGFuIGFsYXJtIHVzZWQgdG8gbm90aWZ5IG9uIGFuIHVuZXhwZWN0ZWRseSBoaWdoIG51bWJlciBvZiBDbG91ZFdhdGNoIFJVTSBldmVudHMgYmVpbmcgcmVjb3JkZWQuXG4gICAqXG4gICAqIFRoaXMgYWxhcm0gaXMgcmVxdWlyZWQgd2hlbiB1c2luZyB0aGlzIGNvbnN0cnVjdC5cbiAgICpcbiAgICogQGRlZmF1bHQgLSBhbiBhbGFybSBpcyBjcmVhdGVkIHdpdGggc2FuZSBkZWZhdWx0cy5cbiAgICpcbiAgICovXG4gIGNvbmZpZ3VyZUV2ZW50c0FsYXJtKHByb3BzPzogRXZlbnRzQWxhcm0pIHtcbiAgICB0aGlzLm5vZGUudHJ5UmVtb3ZlQ2hpbGQodGhpcy5fZXZlbnRzQWxhcm1JZClcbiAgICB0aGlzLl9ldmVudHNBbGFybSA9IHRoaXMuX2NyZWF0ZUV2ZW50c0FsYXJtKHByb3BzKVxuICB9XG5cbiAgcHJpdmF0ZSBfY3JlYXRlRXZlbnRzQWxhcm0ocHJvcHM/OiBFdmVudHNBbGFybSk6IGNsb3Vkd2F0Y2guSUFsYXJtIHtcbiAgICBjb25zdCBldmVudHNBbGFybSA9IG5ldyBjbG91ZHdhdGNoLk1ldHJpYyh7XG4gICAgICBtZXRyaWNOYW1lOiBcIlJ1bUV2ZW50UGF5bG9hZFNpemVcIixcbiAgICAgIG5hbWVzcGFjZTogXCJBV1MvUlVNXCIsXG4gICAgICBzdGF0aXN0aWM6IGNsb3Vkd2F0Y2guU3RhdHMuU0FNUExFX0NPVU5ULFxuICAgICAgcGVyaW9kOiBwcm9wcz8ucGVyaW9kID8/IGNkay5EdXJhdGlvbi5zZWNvbmRzKDYwKSxcbiAgICAgIGRpbWVuc2lvbnNNYXA6IHtcbiAgICAgICAgYXBwbGljYXRpb25fbmFtZTogdGhpcy5hcHBNb25pdG9yLm5hbWUsXG4gICAgICB9LFxuICAgIH0pLmNyZWF0ZUFsYXJtKHRoaXMsIHRoaXMuX2V2ZW50c0FsYXJtSWQsIHtcbiAgICAgIGFsYXJtRGVzY3JpcHRpb246IGBBIGhpZ2ggbnVtYmVyIG9mIGV2ZW50cyBhcmUgYmVpbmcgc2VudCB0byBDbG91ZFdhdGNoIFJVTSBmb3IgYXBwIG1vbml0b3IgJyR7dGhpcy5hcHBNb25pdG9yLm5hbWV9Jy4gVGhpcyBtYXkgbGVhZCB0byBoaWdoIGNvc3RzLCBzbyB5b3UnbGwgbGlrZWx5IHdhbnQgdG8gaW52ZXN0aWdhdGUgdGhpcy5gLFxuICAgICAgY29tcGFyaXNvbk9wZXJhdG9yOiBjbG91ZHdhdGNoLkNvbXBhcmlzb25PcGVyYXRvci5HUkVBVEVSX1RIQU5fVEhSRVNIT0xELFxuICAgICAgdGhyZXNob2xkOiBwcm9wcz8udGhyZXNob2xkID8/IDEwMDAsXG4gICAgICBldmFsdWF0aW9uUGVyaW9kczogcHJvcHM/LmV2YWx1YXRpb25QZXJpb2RzID8/IDEsXG4gICAgICB0cmVhdE1pc3NpbmdEYXRhOiBjbG91ZHdhdGNoLlRyZWF0TWlzc2luZ0RhdGEuTk9UX0JSRUFDSElORyxcbiAgICB9KVxuXG4gICAgLy8gVGhlc2UgYWxhcm1zIGFyZSBtYW5kYXRvcnkgYXMgY29zdHMgc2hvdWxkIGJlIG1hbmRhdG9yIHRvIG1vbml0b3JcbiAgICBldmVudHNBbGFybS5hZGRBbGFybUFjdGlvbihwcm9wcz8uYWN0aW9uID8/IHRoaXMuX2RlZmF1bHRBbGFybUFjdGlvbilcbiAgICBpZiAocHJvcHM/LmVuYWJsZU9rQWxhcm0gPz8gZmFsc2UpIHtcbiAgICAgIGV2ZW50c0FsYXJtLmFkZE9rQWN0aW9uKHByb3BzPy5hY3Rpb24gPz8gdGhpcy5fZGVmYXVsdEFsYXJtQWN0aW9uKVxuICAgIH1cblxuICAgIHJldHVybiBldmVudHNBbGFybVxuICB9XG5cbiAgLyoqXG4gICAqIEFkZCBhbiBhbGFybSB0aGF0IGFsZXJ0cyBvbiBKYXZhU2NyaXB0IGVycm9yc1xuICAgKiBzZW50IHRvIENsb3VkV2F0Y2ggUlVNLlxuICAgKi9cbiAgYWRkRXJyb3JzQWxhcm0ocHJvcHM/OiBFcnJvcnNBbGFybSkge1xuICAgIGNvbnN0IGVycm9yc0FsYXJtID0gbmV3IGNsb3Vkd2F0Y2guTWV0cmljKHtcbiAgICAgIG1ldHJpY05hbWU6IFwiSnNFcnJvckNvdW50XCIsXG4gICAgICBuYW1lc3BhY2U6IFwiQVdTL1JVTVwiLFxuICAgICAgc3RhdGlzdGljOiBjbG91ZHdhdGNoLlN0YXRzLlNBTVBMRV9DT1VOVCxcbiAgICAgIHBlcmlvZDogcHJvcHM/LnBlcmlvZCA/PyBjZGsuRHVyYXRpb24uc2Vjb25kcyg2MCksXG4gICAgICBkaW1lbnNpb25zTWFwOiB7XG4gICAgICAgIGFwcGxpY2F0aW9uX25hbWU6IHRoaXMuYXBwTW9uaXRvci5uYW1lLFxuICAgICAgfSxcbiAgICB9KS5jcmVhdGVBbGFybSh0aGlzLCBcIlJ1bUpzRXJyb3JzQWxhcm1cIiwge1xuICAgICAgYWxhcm1EZXNjcmlwdGlvbjogYENsb3VkV2F0Y2ggUlVNIGhhcyByZWNvcmRlZCBKYXZhU2NyaXB0IGVycm9ycyBmb3IgYXBwIG1vbml0b3IgJyR7dGhpcy5hcHBNb25pdG9yLm5hbWV9JyBvbiBkb21haW4gJyR7dGhpcy5fd2ViYXBwRG9tYWluTmFtZX0nYCxcbiAgICAgIGNvbXBhcmlzb25PcGVyYXRvcjogY2xvdWR3YXRjaC5Db21wYXJpc29uT3BlcmF0b3IuR1JFQVRFUl9USEFOX1RIUkVTSE9MRCxcbiAgICAgIHRocmVzaG9sZDogcHJvcHM/LnRocmVzaG9sZCA/PyAwLFxuICAgICAgZXZhbHVhdGlvblBlcmlvZHM6IHByb3BzPy5ldmFsdWF0aW9uUGVyaW9kcyA/PyAxLFxuICAgICAgdHJlYXRNaXNzaW5nRGF0YTogY2xvdWR3YXRjaC5UcmVhdE1pc3NpbmdEYXRhLk5PVF9CUkVBQ0hJTkcsXG4gICAgfSlcblxuICAgIGVycm9yc0FsYXJtLmFkZEFsYXJtQWN0aW9uKHByb3BzPy5hY3Rpb24gPz8gdGhpcy5fZGVmYXVsdEFsYXJtQWN0aW9uKVxuXG4gICAgaWYgKHByb3BzPy5lbmFibGVPa0FsYXJtcyA/PyBmYWxzZSkge1xuICAgICAgZXJyb3JzQWxhcm0uYWRkT2tBY3Rpb24ocHJvcHM/LmFjdGlvbiA/PyB0aGlzLl9kZWZhdWx0QWxhcm1BY3Rpb24pXG4gICAgfVxuICB9XG59XG4iXX0=

package/lib/webapp/security-headers.d.ts

@@ -0,0 +1,38 @@
+import * as constructs from "constructs";
+import * as cloudfront from "aws-cdk-lib/aws-cloudfront";
+export type WebappSecurityHeadersProps = Partial<cloudfront.ResponseSecurityHeadersBehavior & {
+    contentSecurityPolicy?: cloudfront.ResponseSecurityHeadersBehavior["contentSecurityPolicy"] & {
+        /**
+         * Whether to only monitor the effects of the content security policy without actually blocking anything.
+         * @default false
+         */
+        reportOnly?: boolean;
+    };
+}>;
+export interface ContentSecurityPolicyHeader {
+    baseUri?: string;
+    childSrc?: string;
+    defaultSrc?: string;
+    fontSrc?: string;
+    frameSrc?: string;
+    formAction?: string;
+    frameAncestors?: string;
+    imgSrc?: string;
+    manifestSrc?: string;
+    mediaSrc?: string;
+    objectSrc?: string;
+    scriptSrc?: string;
+    styleSrc?: string;
+    connectSrc?: string;
+}
+/**
+ * Helper function that generates a string containing a Content Security Policy that can be
+ * used in a security header.
+ *
+ * NOTE: The string can be further extended using string concatenation for directives that aren't currently supported by the function.
+ */
+export declare function generateContentSecurityPolicyHeader(headerOptions?: ContentSecurityPolicyHeader): string;
+export declare class WebappSecurityHeaders extends constructs.Construct {
+    readonly responseHeadersPolicy: cloudfront.ResponseHeadersPolicy;
+    constructor(scope: constructs.Construct, id: string, props: WebappSecurityHeadersProps);
+}

package/lib/webapp/security-headers.js

@@ -0,0 +1,129 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.WebappSecurityHeaders = exports.generateContentSecurityPolicyHeader = void 0;
+const cdk = require("aws-cdk-lib");
+const constructs = require("constructs");
+const cloudfront = require("aws-cdk-lib/aws-cloudfront");
+function validateCspParam(param) {
+    if (param.indexOf('"') !== -1) {
+        throw Error('CSP override contains invalid character "');
+    }
+    if (param.indexOf(";") !== -1) {
+        throw Error("CSP override contains invalid character ;");
+    }
+    if (param.indexOf("\\") !== -1) {
+        throw Error("CSP override contains invalid character \\");
+    }
+    return param;
+}
+/* Replace all whitespace in a string with a single space */
+function trim(value) {
+    return value.replace(/\s+/g, " ").trim();
+}
+/**
+ * Helper function that generates a string containing a Content Security Policy that can be
+ * used in a security header.
+ *
+ * NOTE: The string can be further extended using string concatenation for directives that aren't currently supported by the function.
+ */
+function generateContentSecurityPolicyHeader(headerOptions) {
+    const defaultValues = {
+        baseUri: "'self'",
+        childSrc: "'self'",
+        connectSrc: "'self' https:",
+        defaultSrc: "'none'",
+        fontSrc: "'self'",
+        formAction: "'none'",
+        frameAncestors: "'none'",
+        frameSrc: "'self'",
+        imgSrc: "'self' data:",
+        manifestSrc: "'self'",
+        mediaSrc: "'self'",
+        objectSrc: "'none'",
+        scriptSrc: "'self'",
+        styleSrc: "'self'",
+    };
+    const options = {
+        ...defaultValues,
+        ...headerOptions,
+    };
+    Object.values(options).forEach((v) => typeof v === "string" && validateCspParam(v));
+    let headerValue = "";
+    headerValue += `base-uri ${trim(options.baseUri)};`;
+    headerValue += `child-src ${trim(options.childSrc)};`;
+    headerValue += `connect-src ${trim(options.connectSrc)};`;
+    headerValue += `default-src ${trim(options.defaultSrc)};`;
+    headerValue += `font-src ${trim(options.fontSrc)};`;
+    headerValue += `frame-src ${trim(options.frameSrc)};`;
+    headerValue += `form-action ${trim(options.formAction)};`;
+    headerValue += `frame-ancestors ${trim(options.frameAncestors)};`;
+    headerValue += `img-src ${trim(options.imgSrc)};`;
+    headerValue += `manifest-src ${trim(options.manifestSrc)};`;
+    headerValue += `media-src ${trim(options.mediaSrc)};`;
+    headerValue += `object-src ${trim(options.objectSrc)};`;
+    headerValue += `script-src ${trim(options.scriptSrc)};`;
+    headerValue += `style-src ${trim(options.styleSrc)}`;
+    return trim(headerValue);
+}
+exports.generateContentSecurityPolicyHeader = generateContentSecurityPolicyHeader;
+class WebappSecurityHeaders extends constructs.Construct {
+    constructor(scope, id, props) {
+        super(scope, id);
+        const { contentSecurityPolicy: contentSecurityPolicyOverride, ...overrides } = props;
+        const contentSecurityPolicyCustomHeader = contentSecurityPolicyOverride || {
+            reportOnly: false,
+            contentSecurityPolicy: generateContentSecurityPolicyHeader(),
+            override: true,
+        };
+        const defaultValues = {
+            contentTypeOptions: {
+                override: true,
+            },
+            referrerPolicy: {
+                override: true,
+                referrerPolicy: cloudfront.HeadersReferrerPolicy.SAME_ORIGIN,
+            },
+            frameOptions: {
+                frameOption: cloudfront.HeadersFrameOption.DENY,
+                override: true,
+            },
+            strictTransportSecurity: {
+                override: true,
+                accessControlMaxAge: cdk.Duration.days(182.5),
+                includeSubdomains: false,
+                preload: false,
+            },
+            xssProtection: {
+                override: true,
+                protection: true,
+                modeBlock: true,
+            },
+        };
+        this.responseHeadersPolicy = new cloudfront.ResponseHeadersPolicy(this, "ResponseHeadersPolicy", {
+            securityHeadersBehavior: {
+                ...defaultValues,
+                ...overrides,
+                ...(!contentSecurityPolicyCustomHeader.reportOnly && {
+                    contentSecurityPolicy: {
+                        contentSecurityPolicy: contentSecurityPolicyCustomHeader.contentSecurityPolicy,
+                        override: contentSecurityPolicyCustomHeader.override,
+                    },
+                }),
+            },
+            ...(contentSecurityPolicyCustomHeader.reportOnly && {
+                customHeadersBehavior: {
+                    // Report only is not supported by securityHeadersBehavior in AWS and must be defined as custom header
+                    customHeaders: [
+                        {
+                            header: "Content-Security-Policy-Report-Only",
+                            value: contentSecurityPolicyCustomHeader.contentSecurityPolicy,
+                            override: contentSecurityPolicyCustomHeader.override,
+                        },
+                    ],
+                },
+            }),
+        });
+    }
+}
+exports.WebappSecurityHeaders = WebappSecurityHeaders;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2VjdXJpdHktaGVhZGVycy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy93ZWJhcHAvc2VjdXJpdHktaGVhZGVycy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSxtQ0FBa0M7QUFDbEMseUNBQXdDO0FBQ3hDLHlEQUF3RDtBQStCeEQsU0FBUyxnQkFBZ0IsQ0FBQyxLQUFhO0lBQ3JDLElBQUksS0FBSyxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxDQUFDO1FBQzlCLE1BQU0sS0FBSyxDQUFDLDJDQUEyQyxDQUFDLENBQUE7SUFDMUQsQ0FBQztJQUVELElBQUksS0FBSyxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxDQUFDO1FBQzlCLE1BQU0sS0FBSyxDQUFDLDJDQUEyQyxDQUFDLENBQUE7SUFDMUQsQ0FBQztJQUVELElBQUksS0FBSyxDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxDQUFDO1FBQy9CLE1BQU0sS0FBSyxDQUFDLDRDQUE0QyxDQUFDLENBQUE7SUFDM0QsQ0FBQztJQUVELE9BQU8sS0FBSyxDQUFBO0FBQ2QsQ0FBQztBQUVELDREQUE0RDtBQUM1RCxTQUFTLElBQUksQ0FBQyxLQUFhO0lBQ3pCLE9BQU8sS0FBSyxDQUFDLE9BQU8sQ0FBQyxNQUFNLEVBQUUsR0FBRyxDQUFDLENBQUMsSUFBSSxFQUFFLENBQUE7QUFDMUMsQ0FBQztBQUVEOzs7OztHQUtHO0FBQ0gsU0FBZ0IsbUNBQW1DLENBQ2pELGFBQTJDO0lBRTNDLE1BQU0sYUFBYSxHQUFHO1FBQ3BCLE9BQU8sRUFBRSxRQUFRO1FBQ2pCLFFBQVEsRUFBRSxRQUFRO1FBQ2xCLFVBQVUsRUFBRSxlQUFlO1FBQzNCLFVBQVUsRUFBRSxRQUFRO1FBQ3BCLE9BQU8sRUFBRSxRQUFRO1FBQ2pCLFVBQVUsRUFBRSxRQUFRO1FBQ3BCLGNBQWMsRUFBRSxRQUFRO1FBQ3hCLFFBQVEsRUFBRSxRQUFRO1FBQ2xCLE1BQU0sRUFBRSxjQUFjO1FBQ3RCLFdBQVcsRUFBRSxRQUFRO1FBQ3JCLFFBQVEsRUFBRSxRQUFRO1FBQ2xCLFNBQVMsRUFBRSxRQUFRO1FBQ25CLFNBQVMsRUFBRSxRQUFRO1FBQ25CLFFBQVEsRUFBRSxRQUFRO0tBQ25CLENBQUE7SUFFRCxNQUFNLE9BQU8sR0FBRztRQUNkLEdBQUcsYUFBYTtRQUNoQixHQUFHLGFBQWE7S0FDakIsQ0FBQTtJQUVELE1BQU0sQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDLENBQUMsT0FBTyxDQUM1QixDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsT0FBTyxDQUFDLEtBQUssUUFBUSxJQUFJLGdCQUFnQixDQUFDLENBQUMsQ0FBQyxDQUNwRCxDQUFBO0lBRUQsSUFBSSxXQUFXLEdBQUcsRUFBRSxDQUFBO0lBQ3BCLFdBQVcsSUFBSSxZQUFZLElBQUksQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQTtJQUNuRCxXQUFXLElBQUksYUFBYSxJQUFJLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxHQUFHLENBQUE7SUFDckQsV0FBVyxJQUFJLGVBQWUsSUFBSSxDQUFDLE9BQU8sQ0FBQyxVQUFVLENBQUMsR0FBRyxDQUFBO0lBQ3pELFdBQVcsSUFBSSxlQUFlLElBQUksQ0FBQyxPQUFPLENBQUMsVUFBVSxDQUFDLEdBQUcsQ0FBQTtJQUN6RCxXQUFXLElBQUksWUFBWSxJQUFJLENBQUMsT0FBTyxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUE7SUFDbkQsV0FBVyxJQUFJLGFBQWEsSUFBSSxDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFBO0lBQ3JELFdBQVcsSUFBSSxlQUFlLElBQUksQ0FBQyxPQUFPLENBQUMsVUFBVSxDQUFDLEdBQUcsQ0FBQTtJQUN6RCxXQUFXLElBQUksbUJBQW1CLElBQUksQ0FBQyxPQUFPLENBQUMsY0FBYyxDQUFDLEdBQUcsQ0FBQTtJQUNqRSxXQUFXLElBQUksV0FBVyxJQUFJLENBQUMsT0FBTyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUE7SUFDakQsV0FBVyxJQUFJLGdCQUFnQixJQUFJLENBQUMsT0FBTyxDQUFDLFdBQVcsQ0FBQyxHQUFHLENBQUE7SUFDM0QsV0FBVyxJQUFJLGFBQWEsSUFBSSxDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFBO0lBQ3JELFdBQVcsSUFBSSxjQUFjLElBQUksQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLEdBQUcsQ0FBQTtJQUN2RCxXQUFXLElBQUksY0FBYyxJQUFJLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxHQUFHLENBQUE7SUFDdkQsV0FBVyxJQUFJLGFBQWEsSUFBSSxDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFBO0lBRXBELE9BQU8sSUFBSSxDQUFDLFdBQVcsQ0FBQyxDQUFBO0FBQzFCLENBQUM7QUE5Q0Qsa0ZBOENDO0FBQ0QsTUFBYSxxQkFBc0IsU0FBUSxVQUFVLENBQUMsU0FBUztJQUc3RCxZQUNFLEtBQTJCLEVBQzNCLEVBQVUsRUFDVixLQUFpQztRQUVqQyxLQUFLLENBQUMsS0FBSyxFQUFFLEVBQUUsQ0FBQyxDQUFBO1FBRWhCLE1BQU0sRUFDSixxQkFBcUIsRUFBRSw2QkFBNkIsRUFDcEQsR0FBRyxTQUFTLEVBQ2IsR0FBRyxLQUFLLENBQUE7UUFFVCxNQUFNLGlDQUFpQyxHQUFHLDZCQUE2QixJQUFJO1lBQ3pFLFVBQVUsRUFBRSxLQUFLO1lBQ2pCLHFCQUFxQixFQUFFLG1DQUFtQyxFQUFFO1lBQzVELFFBQVEsRUFBRSxJQUFJO1NBQ2YsQ0FBQTtRQUVELE1BQU0sYUFBYSxHQUdmO1lBQ0Ysa0JBQWtCLEVBQUU7Z0JBQ2xCLFFBQVEsRUFBRSxJQUFJO2FBQ2Y7WUFDRCxjQUFjLEVBQUU7Z0JBQ2QsUUFBUSxFQUFFLElBQUk7Z0JBQ2QsY0FBYyxFQUFFLFVBQVUsQ0FBQyxxQkFBcUIsQ0FBQyxXQUFXO2FBQzdEO1lBQ0QsWUFBWSxFQUFFO2dCQUNaLFdBQVcsRUFBRSxVQUFVLENBQUMsa0JBQWtCLENBQUMsSUFBSTtnQkFDL0MsUUFBUSxFQUFFLElBQUk7YUFDZjtZQUNELHVCQUF1QixFQUFFO2dCQUN2QixRQUFRLEVBQUUsSUFBSTtnQkFDZCxtQkFBbUIsRUFBRSxHQUFHLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUM7Z0JBQzdDLGlCQUFpQixFQUFFLEtBQUs7Z0JBQ3hCLE9BQU8sRUFBRSxLQUFLO2FBQ2Y7WUFDRCxhQUFhLEVBQUU7Z0JBQ2IsUUFBUSxFQUFFLElBQUk7Z0JBQ2QsVUFBVSxFQUFFLElBQUk7Z0JBQ2hCLFNBQVMsRUFBRSxJQUFJO2FBQ2hCO1NBQ0YsQ0FBQTtRQUVELElBQUksQ0FBQyxxQkFBcUIsR0FBRyxJQUFJLFVBQVUsQ0FBQyxxQkFBcUIsQ0FDL0QsSUFBSSxFQUNKLHVCQUF1QixFQUN2QjtZQUNFLHVCQUF1QixFQUFFO2dCQUN2QixHQUFHLGFBQWE7Z0JBQ2hCLEdBQUcsU0FBUztnQkFDWixHQUFHLENBQUMsQ0FBQyxpQ0FBaUMsQ0FBQyxVQUFVLElBQUk7b0JBQ25ELHFCQUFxQixFQUFFO3dCQUNyQixxQkFBcUIsRUFDbkIsaUNBQWlDLENBQUMscUJBQXFCO3dCQUN6RCxRQUFRLEVBQUUsaUNBQWlDLENBQUMsUUFBUTtxQkFDckQ7aUJBQ0YsQ0FBQzthQUNIO1lBQ0QsR0FBRyxDQUFDLGlDQUFpQyxDQUFDLFVBQVUsSUFBSTtnQkFDbEQscUJBQXFCLEVBQUU7b0JBQ3JCLHNHQUFzRztvQkFDdEcsYUFBYSxFQUFFO3dCQUNiOzRCQUNFLE1BQU0sRUFBRSxxQ0FBcUM7NEJBQzdDLEtBQUssRUFBRSxpQ0FBaUMsQ0FBQyxxQkFBcUI7NEJBQzlELFFBQVEsRUFBRSxpQ0FBaUMsQ0FBQyxRQUFRO3lCQUNyRDtxQkFDRjtpQkFDRjthQUNGLENBQUM7U0FDSCxDQUNGLENBQUE7SUFDSCxDQUFDO0NBQ0Y7QUEvRUQsc0RBK0VDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0ICogYXMgY2RrIGZyb20gXCJhd3MtY2RrLWxpYlwiXG5pbXBvcnQgKiBhcyBjb25zdHJ1Y3RzIGZyb20gXCJjb25zdHJ1Y3RzXCJcbmltcG9ydCAqIGFzIGNsb3VkZnJvbnQgZnJvbSBcImF3cy1jZGstbGliL2F3cy1jbG91ZGZyb250XCJcblxuZXhwb3J0IHR5cGUgV2ViYXBwU2VjdXJpdHlIZWFkZXJzUHJvcHMgPSBQYXJ0aWFsPFxuICBjbG91ZGZyb250LlJlc3BvbnNlU2VjdXJpdHlIZWFkZXJzQmVoYXZpb3IgJiB7XG4gICAgY29udGVudFNlY3VyaXR5UG9saWN5PzogY2xvdWRmcm9udC5SZXNwb25zZVNlY3VyaXR5SGVhZGVyc0JlaGF2aW9yW1wiY29udGVudFNlY3VyaXR5UG9saWN5XCJdICYge1xuICAgICAgLyoqXG4gICAgICAgKiBXaGV0aGVyIHRvIG9ubHkgbW9uaXRvciB0aGUgZWZmZWN0cyBvZiB0aGUgY29udGVudCBzZWN1cml0eSBwb2xpY3kgd2l0aG91dCBhY3R1YWxseSBibG9ja2luZyBhbnl0aGluZy5cbiAgICAgICAqIEBkZWZhdWx0IGZhbHNlXG4gICAgICAgKi9cbiAgICAgIHJlcG9ydE9ubHk/OiBib29sZWFuXG4gICAgfVxuICB9XG4+XG5cbmV4cG9ydCBpbnRlcmZhY2UgQ29udGVudFNlY3VyaXR5UG9saWN5SGVhZGVyIHtcbiAgYmFzZVVyaT86IHN0cmluZ1xuICBjaGlsZFNyYz86IHN0cmluZ1xuICBkZWZhdWx0U3JjPzogc3RyaW5nXG4gIGZvbnRTcmM/OiBzdHJpbmdcbiAgZnJhbWVTcmM/OiBzdHJpbmdcbiAgZm9ybUFjdGlvbj86IHN0cmluZ1xuICBmcmFtZUFuY2VzdG9ycz86IHN0cmluZ1xuICBpbWdTcmM/OiBzdHJpbmdcbiAgbWFuaWZlc3RTcmM/OiBzdHJpbmdcbiAgbWVkaWFTcmM/OiBzdHJpbmdcbiAgb2JqZWN0U3JjPzogc3RyaW5nXG4gIHNjcmlwdFNyYz86IHN0cmluZ1xuICBzdHlsZVNyYz86IHN0cmluZ1xuICBjb25uZWN0U3JjPzogc3RyaW5nXG59XG5cbmZ1bmN0aW9uIHZhbGlkYXRlQ3NwUGFyYW0ocGFyYW06IHN0cmluZyk6IHN0cmluZyB7XG4gIGlmIChwYXJhbS5pbmRleE9mKCdcIicpICE9PSAtMSkge1xuICAgIHRocm93IEVycm9yKCdDU1Agb3ZlcnJpZGUgY29udGFpbnMgaW52YWxpZCBjaGFyYWN0ZXIgXCInKVxuICB9XG5cbiAgaWYgKHBhcmFtLmluZGV4T2YoXCI7XCIpICE9PSAtMSkge1xuICAgIHRocm93IEVycm9yKFwiQ1NQIG92ZXJyaWRlIGNvbnRhaW5zIGludmFsaWQgY2hhcmFjdGVyIDtcIilcbiAgfVxuXG4gIGlmIChwYXJhbS5pbmRleE9mKFwiXFxcXFwiKSAhPT0gLTEpIHtcbiAgICB0aHJvdyBFcnJvcihcIkNTUCBvdmVycmlkZSBjb250YWlucyBpbnZhbGlkIGNoYXJhY3RlciBcXFxcXCIpXG4gIH1cblxuICByZXR1cm4gcGFyYW1cbn1cblxuLyogUmVwbGFjZSBhbGwgd2hpdGVzcGFjZSBpbiBhIHN0cmluZyB3aXRoIGEgc2luZ2xlIHNwYWNlICovXG5mdW5jdGlvbiB0cmltKHZhbHVlOiBzdHJpbmcpOiBzdHJpbmcge1xuICByZXR1cm4gdmFsdWUucmVwbGFjZSgvXFxzKy9nLCBcIiBcIikudHJpbSgpXG59XG5cbi8qKlxuICogSGVscGVyIGZ1bmN0aW9uIHRoYXQgZ2VuZXJhdGVzIGEgc3RyaW5nIGNvbnRhaW5pbmcgYSBDb250ZW50IFNlY3VyaXR5IFBvbGljeSB0aGF0IGNhbiBiZVxuICogdXNlZCBpbiBhIHNlY3VyaXR5IGhlYWRlci5cbiAqXG4gKiBOT1RFOiBUaGUgc3RyaW5nIGNhbiBiZSBmdXJ0aGVyIGV4dGVuZGVkIHVzaW5nIHN0cmluZyBjb25jYXRlbmF0aW9uIGZvciBkaXJlY3RpdmVzIHRoYXQgYXJlbid0IGN1cnJlbnRseSBzdXBwb3J0ZWQgYnkgdGhlIGZ1bmN0aW9uLlxuICovXG5leHBvcnQgZnVuY3Rpb24gZ2VuZXJhdGVDb250ZW50U2VjdXJpdHlQb2xpY3lIZWFkZXIoXG4gIGhlYWRlck9wdGlvbnM/OiBDb250ZW50U2VjdXJpdHlQb2xpY3lIZWFkZXIsXG4pIHtcbiAgY29uc3QgZGVmYXVsdFZhbHVlcyA9IHtcbiAgICBiYXNlVXJpOiBcIidzZWxmJ1wiLFxuICAgIGNoaWxkU3JjOiBcIidzZWxmJ1wiLFxuICAgIGNvbm5lY3RTcmM6IFwiJ3NlbGYnIGh0dHBzOlwiLFxuICAgIGRlZmF1bHRTcmM6IFwiJ25vbmUnXCIsXG4gICAgZm9udFNyYzogXCInc2VsZidcIixcbiAgICBmb3JtQWN0aW9uOiBcIidub25lJ1wiLFxuICAgIGZyYW1lQW5jZXN0b3JzOiBcIidub25lJ1wiLFxuICAgIGZyYW1lU3JjOiBcIidzZWxmJ1wiLFxuICAgIGltZ1NyYzogXCInc2VsZicgZGF0YTpcIixcbiAgICBtYW5pZmVzdFNyYzogXCInc2VsZidcIixcbiAgICBtZWRpYVNyYzogXCInc2VsZidcIixcbiAgICBvYmplY3RTcmM6IFwiJ25vbmUnXCIsXG4gICAgc2NyaXB0U3JjOiBcIidzZWxmJ1wiLFxuICAgIHN0eWxlU3JjOiBcIidzZWxmJ1wiLFxuICB9XG5cbiAgY29uc3Qgb3B0aW9ucyA9IHtcbiAgICAuLi5kZWZhdWx0VmFsdWVzLFxuICAgIC4uLmhlYWRlck9wdGlvbnMsXG4gIH1cblxuICBPYmplY3QudmFsdWVzKG9wdGlvbnMpLmZvckVhY2goXG4gICAgKHYpID0+IHR5cGVvZiB2ID09PSBcInN0cmluZ1wiICYmIHZhbGlkYXRlQ3NwUGFyYW0odiksXG4gIClcblxuICBsZXQgaGVhZGVyVmFsdWUgPSBcIlwiXG4gIGhlYWRlclZhbHVlICs9IGBiYXNlLXVyaSAke3RyaW0ob3B0aW9ucy5iYXNlVXJpKX07YFxuICBoZWFkZXJWYWx1ZSArPSBgY2hpbGQtc3JjICR7dHJpbShvcHRpb25zLmNoaWxkU3JjKX07YFxuICBoZWFkZXJWYWx1ZSArPSBgY29ubmVjdC1zcmMgJHt0cmltKG9wdGlvbnMuY29ubmVjdFNyYyl9O2BcbiAgaGVhZGVyVmFsdWUgKz0gYGRlZmF1bHQtc3JjICR7dHJpbShvcHRpb25zLmRlZmF1bHRTcmMpfTtgXG4gIGhlYWRlclZhbHVlICs9IGBmb250LXNyYyAke3RyaW0ob3B0aW9ucy5mb250U3JjKX07YFxuICBoZWFkZXJWYWx1ZSArPSBgZnJhbWUtc3JjICR7dHJpbShvcHRpb25zLmZyYW1lU3JjKX07YFxuICBoZWFkZXJWYWx1ZSArPSBgZm9ybS1hY3Rpb24gJHt0cmltKG9wdGlvbnMuZm9ybUFjdGlvbil9O2BcbiAgaGVhZGVyVmFsdWUgKz0gYGZyYW1lLWFuY2VzdG9ycyAke3RyaW0ob3B0aW9ucy5mcmFtZUFuY2VzdG9ycyl9O2BcbiAgaGVhZGVyVmFsdWUgKz0gYGltZy1zcmMgJHt0cmltKG9wdGlvbnMuaW1nU3JjKX07YFxuICBoZWFkZXJWYWx1ZSArPSBgbWFuaWZlc3Qtc3JjICR7dHJpbShvcHRpb25zLm1hbmlmZXN0U3JjKX07YFxuICBoZWFkZXJWYWx1ZSArPSBgbWVkaWEtc3JjICR7dHJpbShvcHRpb25zLm1lZGlhU3JjKX07YFxuICBoZWFkZXJWYWx1ZSArPSBgb2JqZWN0LXNyYyAke3RyaW0ob3B0aW9ucy5vYmplY3RTcmMpfTtgXG4gIGhlYWRlclZhbHVlICs9IGBzY3JpcHQtc3JjICR7dHJpbShvcHRpb25zLnNjcmlwdFNyYyl9O2BcbiAgaGVhZGVyVmFsdWUgKz0gYHN0eWxlLXNyYyAke3RyaW0ob3B0aW9ucy5zdHlsZVNyYyl9YFxuXG4gIHJldHVybiB0cmltKGhlYWRlclZhbHVlKVxufVxuZXhwb3J0IGNsYXNzIFdlYmFwcFNlY3VyaXR5SGVhZGVycyBleHRlbmRzIGNvbnN0cnVjdHMuQ29uc3RydWN0IHtcbiAgcHVibGljIHJlYWRvbmx5IHJlc3BvbnNlSGVhZGVyc1BvbGljeTogY2xvdWRmcm9udC5SZXNwb25zZUhlYWRlcnNQb2xpY3lcblxuICBjb25zdHJ1Y3RvcihcbiAgICBzY29wZTogY29uc3RydWN0cy5Db25zdHJ1Y3QsXG4gICAgaWQ6IHN0cmluZyxcbiAgICBwcm9wczogV2ViYXBwU2VjdXJpdHlIZWFkZXJzUHJvcHMsXG4gICkge1xuICAgIHN1cGVyKHNjb3BlLCBpZClcblxuICAgIGNvbnN0IHtcbiAgICAgIGNvbnRlbnRTZWN1cml0eVBvbGljeTogY29udGVudFNlY3VyaXR5UG9saWN5T3ZlcnJpZGUsXG4gICAgICAuLi5vdmVycmlkZXNcbiAgICB9ID0gcHJvcHNcblxuICAgIGNvbnN0IGNvbnRlbnRTZWN1cml0eVBvbGljeUN1c3RvbUhlYWRlciA9IGNvbnRlbnRTZWN1cml0eVBvbGljeU92ZXJyaWRlIHx8IHtcbiAgICAgIHJlcG9ydE9ubHk6IGZhbHNlLFxuICAgICAgY29udGVudFNlY3VyaXR5UG9saWN5OiBnZW5lcmF0ZUNvbnRlbnRTZWN1cml0eVBvbGljeUhlYWRlcigpLFxuICAgICAgb3ZlcnJpZGU6IHRydWUsXG4gICAgfVxuXG4gICAgY29uc3QgZGVmYXVsdFZhbHVlczogT21pdDxcbiAgICAgIGNsb3VkZnJvbnQuUmVzcG9uc2VTZWN1cml0eUhlYWRlcnNCZWhhdmlvcixcbiAgICAgIFwiY29udGVudFNlY3VyaXR5UG9saWN5XCJcbiAgICA+ID0ge1xuICAgICAgY29udGVudFR5cGVPcHRpb25zOiB7XG4gICAgICAgIG92ZXJyaWRlOiB0cnVlLFxuICAgICAgfSxcbiAgICAgIHJlZmVycmVyUG9saWN5OiB7XG4gICAgICAgIG92ZXJyaWRlOiB0cnVlLFxuICAgICAgICByZWZlcnJlclBvbGljeTogY2xvdWRmcm9udC5IZWFkZXJzUmVmZXJyZXJQb2xpY3kuU0FNRV9PUklHSU4sXG4gICAgICB9LFxuICAgICAgZnJhbWVPcHRpb25zOiB7XG4gICAgICAgIGZyYW1lT3B0aW9uOiBjbG91ZGZyb250LkhlYWRlcnNGcmFtZU9wdGlvbi5ERU5ZLFxuICAgICAgICBvdmVycmlkZTogdHJ1ZSxcbiAgICAgIH0sXG4gICAgICBzdHJpY3RUcmFuc3BvcnRTZWN1cml0eToge1xuICAgICAgICBvdmVycmlkZTogdHJ1ZSxcbiAgICAgICAgYWNjZXNzQ29udHJvbE1heEFnZTogY2RrLkR1cmF0aW9uLmRheXMoMTgyLjUpLFxuICAgICAgICBpbmNsdWRlU3ViZG9tYWluczogZmFsc2UsXG4gICAgICAgIHByZWxvYWQ6IGZhbHNlLFxuICAgICAgfSxcbiAgICAgIHhzc1Byb3RlY3Rpb246IHtcbiAgICAgICAgb3ZlcnJpZGU6IHRydWUsXG4gICAgICAgIHByb3RlY3Rpb246IHRydWUsXG4gICAgICAgIG1vZGVCbG9jazogdHJ1ZSxcbiAgICAgIH0sXG4gICAgfVxuXG4gICAgdGhpcy5yZXNwb25zZUhlYWRlcnNQb2xpY3kgPSBuZXcgY2xvdWRmcm9udC5SZXNwb25zZUhlYWRlcnNQb2xpY3koXG4gICAgICB0aGlzLFxuICAgICAgXCJSZXNwb25zZUhlYWRlcnNQb2xpY3lcIixcbiAgICAgIHtcbiAgICAgICAgc2VjdXJpdHlIZWFkZXJzQmVoYXZpb3I6IHtcbiAgICAgICAgICAuLi5kZWZhdWx0VmFsdWVzLFxuICAgICAgICAgIC4uLm92ZXJyaWRlcyxcbiAgICAgICAgICAuLi4oIWNvbnRlbnRTZWN1cml0eVBvbGljeUN1c3RvbUhlYWRlci5yZXBvcnRPbmx5ICYmIHtcbiAgICAgICAgICAgIGNvbnRlbnRTZWN1cml0eVBvbGljeToge1xuICAgICAgICAgICAgICBjb250ZW50U2VjdXJpdHlQb2xpY3k6XG4gICAgICAgICAgICAgICAgY29udGVudFNlY3VyaXR5UG9saWN5Q3VzdG9tSGVhZGVyLmNvbnRlbnRTZWN1cml0eVBvbGljeSxcbiAgICAgICAgICAgICAgb3ZlcnJpZGU6IGNvbnRlbnRTZWN1cml0eVBvbGljeUN1c3RvbUhlYWRlci5vdmVycmlkZSxcbiAgICAgICAgICAgIH0sXG4gICAgICAgICAgfSksXG4gICAgICAgIH0sXG4gICAgICAgIC4uLihjb250ZW50U2VjdXJpdHlQb2xpY3lDdXN0b21IZWFkZXIucmVwb3J0T25seSAmJiB7XG4gICAgICAgICAgY3VzdG9tSGVhZGVyc0JlaGF2aW9yOiB7XG4gICAgICAgICAgICAvLyBSZXBvcnQgb25seSBpcyBub3Qgc3VwcG9ydGVkIGJ5IHNlY3VyaXR5SGVhZGVyc0JlaGF2aW9yIGluIEFXUyBhbmQgbXVzdCBiZSBkZWZpbmVkIGFzIGN1c3RvbSBoZWFkZXJcbiAgICAgICAgICAgIGN1c3RvbUhlYWRlcnM6IFtcbiAgICAgICAgICAgICAge1xuICAgICAgICAgICAgICAgIGhlYWRlcjogXCJDb250ZW50LVNlY3VyaXR5LVBvbGljeS1SZXBvcnQtT25seVwiLFxuICAgICAgICAgICAgICAgIHZhbHVlOiBjb250ZW50U2VjdXJpdHlQb2xpY3lDdXN0b21IZWFkZXIuY29udGVudFNlY3VyaXR5UG9saWN5LFxuICAgICAgICAgICAgICAgIG92ZXJyaWRlOiBjb250ZW50U2VjdXJpdHlQb2xpY3lDdXN0b21IZWFkZXIub3ZlcnJpZGUsXG4gICAgICAgICAgICAgIH0sXG4gICAgICAgICAgICBdLFxuICAgICAgICAgIH0sXG4gICAgICAgIH0pLFxuICAgICAgfSxcbiAgICApXG4gIH1cbn1cbiJdfQ==