@liflig/cdk 2.18.5 → 2.18.7

package/lib/snapshots.js

@@ -0,0 +1,214 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createCloudAssemblySnapshot = void 0;
+/* eslint-disable @typescript-eslint/no-unsafe-assignment */
+/* eslint-disable @typescript-eslint/no-unsafe-member-access */
+/* eslint-disable @typescript-eslint/no-unsafe-return */
+const cpy = require("cpy");
+const del = require("del");
+const fs = require("fs");
+const glob = require("glob");
+const path = require("path");
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+function removeVersion(data) {
+    const cp = {
+        ...data,
+    };
+    delete cp.version;
+    return cp;
+}
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+function removeTrace(data) {
+    if (data instanceof Array) {
+        return data.map(removeTrace);
+    }
+    if (data === Object(data)) {
+        return Object.fromEntries(Object.entries(data)
+            .filter(([key]) => key !== "trace")
+            .map(([key, value]) => [key, removeTrace(value)]));
+    }
+    return data;
+}
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+function removeRuntimeLibraries(data) {
+    const cp = {
+        ...data,
+    };
+    if (data.runtime) {
+        cp.runtime = {
+            ...data.runtime,
+        };
+        delete cp.runtime.libraries;
+    }
+    return cp;
+}
+const currentVersionRegex = /^(.+CurrentVersion[0-9A-F]{8})[0-9a-f]{32}$/;
+/**
+ * Match a resource created by `lambda.Function.currentVersion`, which
+ * will include the asset hash as part of the reousrce name and return
+ * a snapshot-friendly version of it if found.
+ */
+function rewriteCurrentVersionIfFound(value) {
+    const match = currentVersionRegex.exec(value);
+    return match ? `${match[1]}xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx` : null;
+}
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+function removeAssetDetailsFromTemplate(data) {
+    if (data instanceof Array) {
+        return data.map(removeAssetDetailsFromTemplate);
+    }
+    if (data === Object(data)) {
+        return Object.fromEntries(Object.entries(data)
+            .map(([key, value]) => {
+            const newCurrentVersion = rewriteCurrentVersionIfFound(key);
+            if (newCurrentVersion) {
+                return [newCurrentVersion, removeAssetDetailsFromTemplate(value)];
+            }
+            else if (key.includes("AssetParameter")) {
+                return null;
+            }
+            else if (key === "Ref" &&
+                typeof value === "string" &&
+                value.includes("AssetParameters")) {
+                return [key, "snapshot-value"];
+            }
+            else if (key === "aws:asset:path" &&
+                typeof value === "string" &&
+                /asset\.[0-9a-f]{64}/.test(value)) {
+                return [key, "asset.snapshot-value"];
+            }
+            else {
+                return [key, removeAssetDetailsFromTemplate(value)];
+            }
+        })
+            .filter((it) => it != null));
+    }
+    if (typeof data === "string") {
+        const newCurrentVersion = rewriteCurrentVersionIfFound(data);
+        if (newCurrentVersion) {
+            return newCurrentVersion;
+        }
+        // Handle typical content hashes.
+        return data.replace(/[0-9a-f]{64}/g, "snapshot-value");
+    }
+    return data;
+}
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+function removeAssetDetailsFromManifest(data) {
+    if (data instanceof Array) {
+        return data.map(removeAssetDetailsFromManifest);
+    }
+    if (data === Object(data)) {
+        // aws:cdk:asset in metadata
+        if (data["type"] === "aws:cdk:asset" && "data" in data) {
+            return {
+                ...data,
+                data: "snapshot-value",
+            };
+        }
+        return Object.fromEntries(Object.entries(data)
+            .map(([key, value]) => {
+            if (key.includes("AssetParameters")) {
+                return null;
+            }
+            else {
+                return [key, removeAssetDetailsFromManifest(value)];
+            }
+        })
+            .filter((it) => it != null));
+    }
+    if (typeof data === "string") {
+        const newCurrentVersion = rewriteCurrentVersionIfFound(data);
+        if (newCurrentVersion) {
+            return newCurrentVersion;
+        }
+        // Handle typical content hashes.
+        return data.replace(/[0-9a-f]{64}/g, "snapshot-value");
+    }
+    return data;
+}
+/**
+ * Remove the CDKMetadata resources that is part of the synthesized
+ * template since CDK 1.63.0.
+ */
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+function removeCdkMetadataResourceFromTemplate(data) {
+    const cp = {
+        ...data,
+        Resources: {
+            ...data.Resources,
+        },
+    };
+    delete cp.Resources.CDKMetadata;
+    return cp;
+}
+function prepareManifestForSnapshot(content) {
+    const input = JSON.parse(content);
+    const output = [
+        removeVersion,
+        // Remove the runtime version information so it don't conflict with CI
+        // or other users generating the snapshots.
+        removeRuntimeLibraries,
+        // Remove the trace from manifest for now.
+        removeTrace,
+        // Avoid details (hashes) from assets.
+        removeAssetDetailsFromManifest,
+    ].reduce((acc, fn) => fn(acc), input);
+    return JSON.stringify(output, undefined, "  ");
+}
+/**
+ * Transform the Cloud Assembly manifest file so that it can be persisted
+ * as a snapshot without causing invalidations for every synthesize.
+ */
+async function prepareManifestFileForSnapshot(file) {
+    const result = prepareManifestForSnapshot(await fs.promises.readFile(file, "utf8"));
+    await fs.promises.writeFile(file, result);
+}
+function prepareTemplateForSnapshot(content) {
+    const input = JSON.parse(content);
+    const output = [
+        removeCdkMetadataResourceFromTemplate,
+        // Avoid details (hashes) from assets.
+        removeAssetDetailsFromTemplate,
+    ].reduce((acc, fn) => fn(acc), input);
+    return JSON.stringify(output, undefined, "  ");
+}
+/**
+ * Transform a Cloud Assembly template file so that it can be persisted
+ * as a snapshot without causing invalidations for minor changes.
+ */
+async function prepareTemplateFileForSnapshot(file) {
+    const result = prepareTemplateForSnapshot(await fs.promises.readFile(file, "utf8"));
+    await fs.promises.writeFile(file, result);
+}
+/**
+ * Convert a Cloud Assembly to a snapshot.
+ */
+async function createCloudAssemblySnapshot(src, dst) {
+    const base = path.join(process.cwd(), dst);
+    await cpy(".", base, {
+        parents: true,
+        cwd: path.join(process.cwd(), src),
+    });
+    // Don't keep track of manifest version.
+    await del(path.join(dst, "**/cdk.out"));
+    // The tree file doesn't give us much value as part of the snapshot.
+    await del(path.join(dst, "tree.json"));
+    // Remove asset contents for now.
+    await del(path.join(dst, "**/asset.*"));
+    // Remove asset configs so we don't have to update
+    // snapshots for asset changes.
+    await del(path.join(dst, "**/*.assets.json"));
+    // Remove graphviz files generated when using CDK Pipelines
+    await del(path.join(dst, "**/*.dot"));
+    // Transform the manifest to be more snapshot friendly.
+    for (const file of glob.sync("**/manifest.json", { cwd: base })) {
+        await prepareManifestFileForSnapshot(path.join(base, file));
+    }
+    // Transform all templates.
+    for (const file of glob.sync("**/*.template.json", { cwd: base })) {
+        await prepareTemplateFileForSnapshot(path.join(base, file));
+    }
+}
+exports.createCloudAssemblySnapshot = createCloudAssemblySnapshot;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic25hcHNob3RzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL3NuYXBzaG90cy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSw0REFBNEQ7QUFDNUQsK0RBQStEO0FBQy9ELHdEQUF3RDtBQUN4RCwyQkFBMEI7QUFDMUIsMkJBQTBCO0FBQzFCLHlCQUF3QjtBQUN4Qiw2QkFBNEI7QUFDNUIsNkJBQTRCO0FBRTVCLDhEQUE4RDtBQUM5RCxTQUFTLGFBQWEsQ0FBQyxJQUFTO0lBQzlCLE1BQU0sRUFBRSxHQUFHO1FBQ1QsR0FBRyxJQUFJO0tBQ1IsQ0FBQTtJQUVELE9BQU8sRUFBRSxDQUFDLE9BQU8sQ0FBQTtJQUNqQixPQUFPLEVBQUUsQ0FBQTtBQUNYLENBQUM7QUFFRCw4REFBOEQ7QUFDOUQsU0FBUyxXQUFXLENBQUMsSUFBUztJQUM1QixJQUFJLElBQUksWUFBWSxLQUFLLEVBQUUsQ0FBQztRQUMxQixPQUFPLElBQUksQ0FBQyxHQUFHLENBQUMsV0FBVyxDQUFDLENBQUE7SUFDOUIsQ0FBQztJQUVELElBQUksSUFBSSxLQUFLLE1BQU0sQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDO1FBQzFCLE9BQU8sTUFBTSxDQUFDLFdBQVcsQ0FDdkIsTUFBTSxDQUFDLE9BQU8sQ0FBQyxJQUErQixDQUFDO2FBQzVDLE1BQU0sQ0FBQyxDQUFDLENBQUMsR0FBRyxDQUFDLEVBQUUsRUFBRSxDQUFDLEdBQUcsS0FBSyxPQUFPLENBQUM7YUFDbEMsR0FBRyxDQUFDLENBQUMsQ0FBQyxHQUFHLEVBQUUsS0FBSyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsR0FBRyxFQUFFLFdBQVcsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQ3BELENBQUE7SUFDSCxDQUFDO0lBRUQsT0FBTyxJQUFJLENBQUE7QUFDYixDQUFDO0FBRUQsOERBQThEO0FBQzlELFNBQVMsc0JBQXNCLENBQUMsSUFBUztJQUN2QyxNQUFNLEVBQUUsR0FBRztRQUNULEdBQUcsSUFBSTtLQUNSLENBQUE7SUFFRCxJQUFJLElBQUksQ0FBQyxPQUFPLEVBQUUsQ0FBQztRQUNqQixFQUFFLENBQUMsT0FBTyxHQUFHO1lBQ1gsR0FBRyxJQUFJLENBQUMsT0FBTztTQUNoQixDQUFBO1FBRUQsT0FBTyxFQUFFLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQTtJQUM3QixDQUFDO0lBRUQsT0FBTyxFQUFFLENBQUE7QUFDWCxDQUFDO0FBRUQsTUFBTSxtQkFBbUIsR0FBRyw2Q0FBNkMsQ0FBQTtBQUV6RTs7OztHQUlHO0FBQ0gsU0FBUyw0QkFBNEIsQ0FBQyxLQUFhO0lBQ2pELE1BQU0sS0FBSyxHQUFHLG1CQUFtQixDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQTtJQUM3QyxPQUFPLEtBQUssQ0FBQyxDQUFDLENBQUMsR0FBRyxLQUFLLENBQUMsQ0FBQyxDQUFDLGtDQUFrQyxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUE7QUFDckUsQ0FBQztBQUVELDhEQUE4RDtBQUM5RCxTQUFTLDhCQUE4QixDQUFDLElBQVM7SUFDL0MsSUFBSSxJQUFJLFlBQVksS0FBSyxFQUFFLENBQUM7UUFDMUIsT0FBTyxJQUFJLENBQUMsR0FBRyxDQUFDLDhCQUE4QixDQUFDLENBQUE7SUFDakQsQ0FBQztJQUVELElBQUksSUFBSSxLQUFLLE1BQU0sQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDO1FBQzFCLE9BQU8sTUFBTSxDQUFDLFdBQVcsQ0FDdkIsTUFBTSxDQUFDLE9BQU8sQ0FBQyxJQUErQixDQUFDO2FBQzVDLEdBQUcsQ0FBQyxDQUFDLENBQUMsR0FBRyxFQUFFLEtBQUssQ0FBQyxFQUFFLEVBQUU7WUFDcEIsTUFBTSxpQkFBaUIsR0FBRyw0QkFBNEIsQ0FBQyxHQUFHLENBQUMsQ0FBQTtZQUMzRCxJQUFJLGlCQUFpQixFQUFFLENBQUM7Z0JBQ3RCLE9BQU8sQ0FBQyxpQkFBaUIsRUFBRSw4QkFBOEIsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFBO1lBQ25FLENBQUM7aUJBQU0sSUFBSSxHQUFHLENBQUMsUUFBUSxDQUFDLGdCQUFnQixDQUFDLEVBQUUsQ0FBQztnQkFDMUMsT0FBTyxJQUFJLENBQUE7WUFDYixDQUFDO2lCQUFNLElBQ0wsR0FBRyxLQUFLLEtBQUs7Z0JBQ2IsT0FBTyxLQUFLLEtBQUssUUFBUTtnQkFDekIsS0FBSyxDQUFDLFFBQVEsQ0FBQyxpQkFBaUIsQ0FBQyxFQUNqQyxDQUFDO2dCQUNELE9BQU8sQ0FBQyxHQUFHLEVBQUUsZ0JBQWdCLENBQUMsQ0FBQTtZQUNoQyxDQUFDO2lCQUFNLElBQ0wsR0FBRyxLQUFLLGdCQUFnQjtnQkFDeEIsT0FBTyxLQUFLLEtBQUssUUFBUTtnQkFDekIscUJBQXFCLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxFQUNqQyxDQUFDO2dCQUNELE9BQU8sQ0FBQyxHQUFHLEVBQUUsc0JBQXNCLENBQUMsQ0FBQTtZQUN0QyxDQUFDO2lCQUFNLENBQUM7Z0JBQ04sT0FBTyxDQUFDLEdBQUcsRUFBRSw4QkFBOEIsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFBO1lBQ3JELENBQUM7UUFDSCxDQUFDLENBQUM7YUFDRCxNQUFNLENBQUMsQ0FBQyxFQUFFLEVBQVksRUFBRSxDQUFDLEVBQUUsSUFBSSxJQUFJLENBQUMsQ0FDeEMsQ0FBQTtJQUNILENBQUM7SUFFRCxJQUFJLE9BQU8sSUFBSSxLQUFLLFFBQVEsRUFBRSxDQUFDO1FBQzdCLE1BQU0saUJBQWlCLEdBQUcsNEJBQTRCLENBQUMsSUFBSSxDQUFDLENBQUE7UUFDNUQsSUFBSSxpQkFBaUIsRUFBRSxDQUFDO1lBQ3RCLE9BQU8saUJBQWlCLENBQUE7UUFDMUIsQ0FBQztRQUVELGlDQUFpQztRQUNqQyxPQUFPLElBQUksQ0FBQyxPQUFPLENBQUMsZUFBZSxFQUFFLGdCQUFnQixDQUFDLENBQUE7SUFDeEQsQ0FBQztJQUVELE9BQU8sSUFBSSxDQUFBO0FBQ2IsQ0FBQztBQUVELDhEQUE4RDtBQUM5RCxTQUFTLDhCQUE4QixDQUFDLElBQVM7SUFDL0MsSUFBSSxJQUFJLFlBQVksS0FBSyxFQUFFLENBQUM7UUFDMUIsT0FBTyxJQUFJLENBQUMsR0FBRyxDQUFDLDhCQUE4QixDQUFDLENBQUE7SUFDakQsQ0FBQztJQUVELElBQUksSUFBSSxLQUFLLE1BQU0sQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDO1FBQzFCLDRCQUE0QjtRQUM1QixJQUFJLElBQUksQ0FBQyxNQUFNLENBQUMsS0FBSyxlQUFlLElBQUksTUFBTSxJQUFJLElBQUksRUFBRSxDQUFDO1lBQ3ZELE9BQU87Z0JBQ0wsR0FBRyxJQUFJO2dCQUNQLElBQUksRUFBRSxnQkFBZ0I7YUFDdkIsQ0FBQTtRQUNILENBQUM7UUFFRCxPQUFPLE1BQU0sQ0FBQyxXQUFXLENBQ3ZCLE1BQU0sQ0FBQyxPQUFPLENBQUMsSUFBK0IsQ0FBQzthQUM1QyxHQUFHLENBQUMsQ0FBQyxDQUFDLEdBQUcsRUFBRSxLQUFLLENBQUMsRUFBRSxFQUFFO1lBQ3BCLElBQUksR0FBRyxDQUFDLFFBQVEsQ0FBQyxpQkFBaUIsQ0FBQyxFQUFFLENBQUM7Z0JBQ3BDLE9BQU8sSUFBSSxDQUFBO1lBQ2IsQ0FBQztpQkFBTSxDQUFDO2dCQUNOLE9BQU8sQ0FBQyxHQUFHLEVBQUUsOEJBQThCLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQTtZQUNyRCxDQUFDO1FBQ0gsQ0FBQyxDQUFDO2FBQ0QsTUFBTSxDQUFDLENBQUMsRUFBRSxFQUFZLEVBQUUsQ0FBQyxFQUFFLElBQUksSUFBSSxDQUFDLENBQ3hDLENBQUE7SUFDSCxDQUFDO0lBRUQsSUFBSSxPQUFPLElBQUksS0FBSyxRQUFRLEVBQUUsQ0FBQztRQUM3QixNQUFNLGlCQUFpQixHQUFHLDRCQUE0QixDQUFDLElBQUksQ0FBQyxDQUFBO1FBQzVELElBQUksaUJBQWlCLEVBQUUsQ0FBQztZQUN0QixPQUFPLGlCQUFpQixDQUFBO1FBQzFCLENBQUM7UUFFRCxpQ0FBaUM7UUFDakMsT0FBTyxJQUFJLENBQUMsT0FBTyxDQUFDLGVBQWUsRUFBRSxnQkFBZ0IsQ0FBQyxDQUFBO0lBQ3hELENBQUM7SUFFRCxPQUFPLElBQUksQ0FBQTtBQUNiLENBQUM7QUFFRDs7O0dBR0c7QUFDSCw4REFBOEQ7QUFDOUQsU0FBUyxxQ0FBcUMsQ0FBQyxJQUFTO0lBQ3RELE1BQU0sRUFBRSxHQUFHO1FBQ1QsR0FBRyxJQUFJO1FBQ1AsU0FBUyxFQUFFO1lBQ1QsR0FBRyxJQUFJLENBQUMsU0FBUztTQUNsQjtLQUNGLENBQUE7SUFFRCxPQUFPLEVBQUUsQ0FBQyxTQUFTLENBQUMsV0FBVyxDQUFBO0lBQy9CLE9BQU8sRUFBRSxDQUFBO0FBQ1gsQ0FBQztBQUVELFNBQVMsMEJBQTBCLENBQUMsT0FBZTtJQUNqRCxNQUFNLEtBQUssR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFBO0lBQ2pDLE1BQU0sTUFBTSxHQUFHO1FBQ2IsYUFBYTtRQUNiLHNFQUFzRTtRQUN0RSwyQ0FBMkM7UUFDM0Msc0JBQXNCO1FBQ3RCLDBDQUEwQztRQUMxQyxXQUFXO1FBQ1gsc0NBQXNDO1FBQ3RDLDhCQUE4QjtLQUMvQixDQUFDLE1BQU0sQ0FBQyxDQUFDLEdBQUcsRUFBRSxFQUFFLEVBQUUsRUFBRSxDQUFDLEVBQUUsQ0FBQyxHQUFHLENBQUMsRUFBRSxLQUFLLENBQUMsQ0FBQTtJQUVyQyxPQUFPLElBQUksQ0FBQyxTQUFTLENBQUMsTUFBTSxFQUFFLFNBQVMsRUFBRSxJQUFJLENBQUMsQ0FBQTtBQUNoRCxDQUFDO0FBRUQ7OztHQUdHO0FBQ0gsS0FBSyxVQUFVLDhCQUE4QixDQUFDLElBQVk7SUFDeEQsTUFBTSxNQUFNLEdBQUcsMEJBQTBCLENBQ3ZDLE1BQU0sRUFBRSxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUMsSUFBSSxFQUFFLE1BQU0sQ0FBQyxDQUN6QyxDQUFBO0lBRUQsTUFBTSxFQUFFLENBQUMsUUFBUSxDQUFDLFNBQVMsQ0FBQyxJQUFJLEVBQUUsTUFBTSxDQUFDLENBQUE7QUFDM0MsQ0FBQztBQUVELFNBQVMsMEJBQTBCLENBQUMsT0FBZTtJQUNqRCxNQUFNLEtBQUssR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFBO0lBQ2pDLE1BQU0sTUFBTSxHQUFHO1FBQ2IscUNBQXFDO1FBQ3JDLHNDQUFzQztRQUN0Qyw4QkFBOEI7S0FDL0IsQ0FBQyxNQUFNLENBQUMsQ0FBQyxHQUFHLEVBQUUsRUFBRSxFQUFFLEVBQUUsQ0FBQyxFQUFFLENBQUMsR0FBRyxDQUFDLEVBQUUsS0FBSyxDQUFDLENBQUE7SUFFckMsT0FBTyxJQUFJLENBQUMsU0FBUyxDQUFDLE1BQU0sRUFBRSxTQUFTLEVBQUUsSUFBSSxDQUFDLENBQUE7QUFDaEQsQ0FBQztBQUVEOzs7R0FHRztBQUNILEtBQUssVUFBVSw4QkFBOEIsQ0FBQyxJQUFZO0lBQ3hELE1BQU0sTUFBTSxHQUFHLDBCQUEwQixDQUN2QyxNQUFNLEVBQUUsQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLElBQUksRUFBRSxNQUFNLENBQUMsQ0FDekMsQ0FBQTtJQUVELE1BQU0sRUFBRSxDQUFDLFFBQVEsQ0FBQyxTQUFTLENBQUMsSUFBSSxFQUFFLE1BQU0sQ0FBQyxDQUFBO0FBQzNDLENBQUM7QUFFRDs7R0FFRztBQUNJLEtBQUssVUFBVSwyQkFBMkIsQ0FDL0MsR0FBVyxFQUNYLEdBQVc7SUFFWCxNQUFNLElBQUksR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxHQUFHLEVBQUUsRUFBRSxHQUFHLENBQUMsQ0FBQTtJQUUxQyxNQUFNLEdBQUcsQ0FBQyxHQUFHLEVBQUUsSUFBSSxFQUFFO1FBQ25CLE9BQU8sRUFBRSxJQUFJO1FBQ2IsR0FBRyxFQUFFLElBQUksQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLEdBQUcsRUFBRSxFQUFFLEdBQUcsQ0FBQztLQUNuQyxDQUFDLENBQUE7SUFFRix3Q0FBd0M7SUFDeEMsTUFBTSxHQUFHLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxHQUFHLEVBQUUsWUFBWSxDQUFDLENBQUMsQ0FBQTtJQUV2QyxvRUFBb0U7SUFDcEUsTUFBTSxHQUFHLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxHQUFHLEVBQUUsV0FBVyxDQUFDLENBQUMsQ0FBQTtJQUV0QyxpQ0FBaUM7SUFDakMsTUFBTSxHQUFHLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxHQUFHLEVBQUUsWUFBWSxDQUFDLENBQUMsQ0FBQTtJQUV2QyxrREFBa0Q7SUFDbEQsK0JBQStCO0lBQy9CLE1BQU0sR0FBRyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsR0FBRyxFQUFFLGtCQUFrQixDQUFDLENBQUMsQ0FBQTtJQUU3QywyREFBMkQ7SUFDM0QsTUFBTSxHQUFHLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxHQUFHLEVBQUUsVUFBVSxDQUFDLENBQUMsQ0FBQTtJQUVyQyx1REFBdUQ7SUFDdkQsS0FBSyxNQUFNLElBQUksSUFBSSxJQUFJLENBQUMsSUFBSSxDQUFDLGtCQUFrQixFQUFFLEVBQUUsR0FBRyxFQUFFLElBQUksRUFBRSxDQUFDLEVBQUUsQ0FBQztRQUNoRSxNQUFNLDhCQUE4QixDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxFQUFFLElBQUksQ0FBQyxDQUFDLENBQUE7SUFDN0QsQ0FBQztJQUVELDJCQUEyQjtJQUMzQixLQUFLLE1BQU0sSUFBSSxJQUFJLElBQUksQ0FBQyxJQUFJLENBQUMsb0JBQW9CLEVBQUUsRUFBRSxHQUFHLEVBQUUsSUFBSSxFQUFFLENBQUMsRUFBRSxDQUFDO1FBQ2xFLE1BQU0sOEJBQThCLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxJQUFJLEVBQUUsSUFBSSxDQUFDLENBQUMsQ0FBQTtJQUM3RCxDQUFDO0FBQ0gsQ0FBQztBQXBDRCxrRUFvQ0MiLCJzb3VyY2VzQ29udGVudCI6WyIvKiBlc2xpbnQtZGlzYWJsZSBAdHlwZXNjcmlwdC1lc2xpbnQvbm8tdW5zYWZlLWFzc2lnbm1lbnQgKi9cbi8qIGVzbGludC1kaXNhYmxlIEB0eXBlc2NyaXB0LWVzbGludC9uby11bnNhZmUtbWVtYmVyLWFjY2VzcyAqL1xuLyogZXNsaW50LWRpc2FibGUgQHR5cGVzY3JpcHQtZXNsaW50L25vLXVuc2FmZS1yZXR1cm4gKi9cbmltcG9ydCAqIGFzIGNweSBmcm9tIFwiY3B5XCJcbmltcG9ydCAqIGFzIGRlbCBmcm9tIFwiZGVsXCJcbmltcG9ydCAqIGFzIGZzIGZyb20gXCJmc1wiXG5pbXBvcnQgKiBhcyBnbG9iIGZyb20gXCJnbG9iXCJcbmltcG9ydCAqIGFzIHBhdGggZnJvbSBcInBhdGhcIlxuXG4vLyBlc2xpbnQtZGlzYWJsZS1uZXh0LWxpbmUgQHR5cGVzY3JpcHQtZXNsaW50L25vLWV4cGxpY2l0LWFueVxuZnVuY3Rpb24gcmVtb3ZlVmVyc2lvbihkYXRhOiBhbnkpOiBhbnkge1xuICBjb25zdCBjcCA9IHtcbiAgICAuLi5kYXRhLFxuICB9XG5cbiAgZGVsZXRlIGNwLnZlcnNpb25cbiAgcmV0dXJuIGNwXG59XG5cbi8vIGVzbGludC1kaXNhYmxlLW5leHQtbGluZSBAdHlwZXNjcmlwdC1lc2xpbnQvbm8tZXhwbGljaXQtYW55XG5mdW5jdGlvbiByZW1vdmVUcmFjZShkYXRhOiBhbnkpOiBhbnkge1xuICBpZiAoZGF0YSBpbnN0YW5jZW9mIEFycmF5KSB7XG4gICAgcmV0dXJuIGRhdGEubWFwKHJlbW92ZVRyYWNlKVxuICB9XG5cbiAgaWYgKGRhdGEgPT09IE9iamVjdChkYXRhKSkge1xuICAgIHJldHVybiBPYmplY3QuZnJvbUVudHJpZXMoXG4gICAgICBPYmplY3QuZW50cmllcyhkYXRhIGFzIFJlY29yZDxzdHJpbmcsIHVua25vd24+KVxuICAgICAgICAuZmlsdGVyKChba2V5XSkgPT4ga2V5ICE9PSBcInRyYWNlXCIpXG4gICAgICAgIC5tYXAoKFtrZXksIHZhbHVlXSkgPT4gW2tleSwgcmVtb3ZlVHJhY2UodmFsdWUpXSksXG4gICAgKVxuICB9XG5cbiAgcmV0dXJuIGRhdGFcbn1cblxuLy8gZXNsaW50LWRpc2FibGUtbmV4dC1saW5lIEB0eXBlc2NyaXB0LWVzbGludC9uby1leHBsaWNpdC1hbnlcbmZ1bmN0aW9uIHJlbW92ZVJ1bnRpbWVMaWJyYXJpZXMoZGF0YTogYW55KTogYW55IHtcbiAgY29uc3QgY3AgPSB7XG4gICAgLi4uZGF0YSxcbiAgfVxuXG4gIGlmIChkYXRhLnJ1bnRpbWUpIHtcbiAgICBjcC5ydW50aW1lID0ge1xuICAgICAgLi4uZGF0YS5ydW50aW1lLFxuICAgIH1cblxuICAgIGRlbGV0ZSBjcC5ydW50aW1lLmxpYnJhcmllc1xuICB9XG5cbiAgcmV0dXJuIGNwXG59XG5cbmNvbnN0IGN1cnJlbnRWZXJzaW9uUmVnZXggPSAvXiguK0N1cnJlbnRWZXJzaW9uWzAtOUEtRl17OH0pWzAtOWEtZl17MzJ9JC9cblxuLyoqXG4gKiBNYXRjaCBhIHJlc291cmNlIGNyZWF0ZWQgYnkgYGxhbWJkYS5GdW5jdGlvbi5jdXJyZW50VmVyc2lvbmAsIHdoaWNoXG4gKiB3aWxsIGluY2x1ZGUgdGhlIGFzc2V0IGhhc2ggYXMgcGFydCBvZiB0aGUgcmVvdXNyY2UgbmFtZSBhbmQgcmV0dXJuXG4gKiBhIHNuYXBzaG90LWZyaWVuZGx5IHZlcnNpb24gb2YgaXQgaWYgZm91bmQuXG4gKi9cbmZ1bmN0aW9uIHJld3JpdGVDdXJyZW50VmVyc2lvbklmRm91bmQodmFsdWU6IHN0cmluZyk6IHN0cmluZyB8IG51bGwge1xuICBjb25zdCBtYXRjaCA9IGN1cnJlbnRWZXJzaW9uUmVnZXguZXhlYyh2YWx1ZSlcbiAgcmV0dXJuIG1hdGNoID8gYCR7bWF0Y2hbMV19eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHhgIDogbnVsbFxufVxuXG4vLyBlc2xpbnQtZGlzYWJsZS1uZXh0LWxpbmUgQHR5cGVzY3JpcHQtZXNsaW50L25vLWV4cGxpY2l0LWFueVxuZnVuY3Rpb24gcmVtb3ZlQXNzZXREZXRhaWxzRnJvbVRlbXBsYXRlKGRhdGE6IGFueSk6IGFueSB7XG4gIGlmIChkYXRhIGluc3RhbmNlb2YgQXJyYXkpIHtcbiAgICByZXR1cm4gZGF0YS5tYXAocmVtb3ZlQXNzZXREZXRhaWxzRnJvbVRlbXBsYXRlKVxuICB9XG5cbiAgaWYgKGRhdGEgPT09IE9iamVjdChkYXRhKSkge1xuICAgIHJldHVybiBPYmplY3QuZnJvbUVudHJpZXMoXG4gICAgICBPYmplY3QuZW50cmllcyhkYXRhIGFzIFJlY29yZDxzdHJpbmcsIHVua25vd24+KVxuICAgICAgICAubWFwKChba2V5LCB2YWx1ZV0pID0+IHtcbiAgICAgICAgICBjb25zdCBuZXdDdXJyZW50VmVyc2lvbiA9IHJld3JpdGVDdXJyZW50VmVyc2lvbklmRm91bmQoa2V5KVxuICAgICAgICAgIGlmIChuZXdDdXJyZW50VmVyc2lvbikge1xuICAgICAgICAgICAgcmV0dXJuIFtuZXdDdXJyZW50VmVyc2lvbiwgcmVtb3ZlQXNzZXREZXRhaWxzRnJvbVRlbXBsYXRlKHZhbHVlKV1cbiAgICAgICAgICB9IGVsc2UgaWYgKGtleS5pbmNsdWRlcyhcIkFzc2V0UGFyYW1ldGVyXCIpKSB7XG4gICAgICAgICAgICByZXR1cm4gbnVsbFxuICAgICAgICAgIH0gZWxzZSBpZiAoXG4gICAgICAgICAgICBrZXkgPT09IFwiUmVmXCIgJiZcbiAgICAgICAgICAgIHR5cGVvZiB2YWx1ZSA9PT0gXCJzdHJpbmdcIiAmJlxuICAgICAgICAgICAgdmFsdWUuaW5jbHVkZXMoXCJBc3NldFBhcmFtZXRlcnNcIilcbiAgICAgICAgICApIHtcbiAgICAgICAgICAgIHJldHVybiBba2V5LCBcInNuYXBzaG90LXZhbHVlXCJdXG4gICAgICAgICAgfSBlbHNlIGlmIChcbiAgICAgICAgICAgIGtleSA9PT0gXCJhd3M6YXNzZXQ6cGF0aFwiICYmXG4gICAgICAgICAgICB0eXBlb2YgdmFsdWUgPT09IFwic3RyaW5nXCIgJiZcbiAgICAgICAgICAgIC9hc3NldFxcLlswLTlhLWZdezY0fS8udGVzdCh2YWx1ZSlcbiAgICAgICAgICApIHtcbiAgICAgICAgICAgIHJldHVybiBba2V5LCBcImFzc2V0LnNuYXBzaG90LXZhbHVlXCJdXG4gICAgICAgICAgfSBlbHNlIHtcbiAgICAgICAgICAgIHJldHVybiBba2V5LCByZW1vdmVBc3NldERldGFpbHNGcm9tVGVtcGxhdGUodmFsdWUpXVxuICAgICAgICAgIH1cbiAgICAgICAgfSlcbiAgICAgICAgLmZpbHRlcigoaXQpOiBpdCBpcyBbXSA9PiBpdCAhPSBudWxsKSxcbiAgICApXG4gIH1cblxuICBpZiAodHlwZW9mIGRhdGEgPT09IFwic3RyaW5nXCIpIHtcbiAgICBjb25zdCBuZXdDdXJyZW50VmVyc2lvbiA9IHJld3JpdGVDdXJyZW50VmVyc2lvbklmRm91bmQoZGF0YSlcbiAgICBpZiAobmV3Q3VycmVudFZlcnNpb24pIHtcbiAgICAgIHJldHVybiBuZXdDdXJyZW50VmVyc2lvblxuICAgIH1cblxuICAgIC8vIEhhbmRsZSB0eXBpY2FsIGNvbnRlbnQgaGFzaGVzLlxuICAgIHJldHVybiBkYXRhLnJlcGxhY2UoL1swLTlhLWZdezY0fS9nLCBcInNuYXBzaG90LXZhbHVlXCIpXG4gIH1cblxuICByZXR1cm4gZGF0YVxufVxuXG4vLyBlc2xpbnQtZGlzYWJsZS1uZXh0LWxpbmUgQHR5cGVzY3JpcHQtZXNsaW50L25vLWV4cGxpY2l0LWFueVxuZnVuY3Rpb24gcmVtb3ZlQXNzZXREZXRhaWxzRnJvbU1hbmlmZXN0KGRhdGE6IGFueSk6IGFueSB7XG4gIGlmIChkYXRhIGluc3RhbmNlb2YgQXJyYXkpIHtcbiAgICByZXR1cm4gZGF0YS5tYXAocmVtb3ZlQXNzZXREZXRhaWxzRnJvbU1hbmlmZXN0KVxuICB9XG5cbiAgaWYgKGRhdGEgPT09IE9iamVjdChkYXRhKSkge1xuICAgIC8vIGF3czpjZGs6YXNzZXQgaW4gbWV0YWRhdGFcbiAgICBpZiAoZGF0YVtcInR5cGVcIl0gPT09IFwiYXdzOmNkazphc3NldFwiICYmIFwiZGF0YVwiIGluIGRhdGEpIHtcbiAgICAgIHJldHVybiB7XG4gICAgICAgIC4uLmRhdGEsXG4gICAgICAgIGRhdGE6IFwic25hcHNob3QtdmFsdWVcIixcbiAgICAgIH1cbiAgICB9XG5cbiAgICByZXR1cm4gT2JqZWN0LmZyb21FbnRyaWVzKFxuICAgICAgT2JqZWN0LmVudHJpZXMoZGF0YSBhcyBSZWNvcmQ8c3RyaW5nLCB1bmtub3duPilcbiAgICAgICAgLm1hcCgoW2tleSwgdmFsdWVdKSA9PiB7XG4gICAgICAgICAgaWYgKGtleS5pbmNsdWRlcyhcIkFzc2V0UGFyYW1ldGVyc1wiKSkge1xuICAgICAgICAgICAgcmV0dXJuIG51bGxcbiAgICAgICAgICB9IGVsc2Uge1xuICAgICAgICAgICAgcmV0dXJuIFtrZXksIHJlbW92ZUFzc2V0RGV0YWlsc0Zyb21NYW5pZmVzdCh2YWx1ZSldXG4gICAgICAgICAgfVxuICAgICAgICB9KVxuICAgICAgICAuZmlsdGVyKChpdCk6IGl0IGlzIFtdID0+IGl0ICE9IG51bGwpLFxuICAgIClcbiAgfVxuXG4gIGlmICh0eXBlb2YgZGF0YSA9PT0gXCJzdHJpbmdcIikge1xuICAgIGNvbnN0IG5ld0N1cnJlbnRWZXJzaW9uID0gcmV3cml0ZUN1cnJlbnRWZXJzaW9uSWZGb3VuZChkYXRhKVxuICAgIGlmIChuZXdDdXJyZW50VmVyc2lvbikge1xuICAgICAgcmV0dXJuIG5ld0N1cnJlbnRWZXJzaW9uXG4gICAgfVxuXG4gICAgLy8gSGFuZGxlIHR5cGljYWwgY29udGVudCBoYXNoZXMuXG4gICAgcmV0dXJuIGRhdGEucmVwbGFjZSgvWzAtOWEtZl17NjR9L2csIFwic25hcHNob3QtdmFsdWVcIilcbiAgfVxuXG4gIHJldHVybiBkYXRhXG59XG5cbi8qKlxuICogUmVtb3ZlIHRoZSBDREtNZXRhZGF0YSByZXNvdXJjZXMgdGhhdCBpcyBwYXJ0IG9mIHRoZSBzeW50aGVzaXplZFxuICogdGVtcGxhdGUgc2luY2UgQ0RLIDEuNjMuMC5cbiAqL1xuLy8gZXNsaW50LWRpc2FibGUtbmV4dC1saW5lIEB0eXBlc2NyaXB0LWVzbGludC9uby1leHBsaWNpdC1hbnlcbmZ1bmN0aW9uIHJlbW92ZUNka01ldGFkYXRhUmVzb3VyY2VGcm9tVGVtcGxhdGUoZGF0YTogYW55KTogYW55IHtcbiAgY29uc3QgY3AgPSB7XG4gICAgLi4uZGF0YSxcbiAgICBSZXNvdXJjZXM6IHtcbiAgICAgIC4uLmRhdGEuUmVzb3VyY2VzLFxuICAgIH0sXG4gIH1cblxuICBkZWxldGUgY3AuUmVzb3VyY2VzLkNES01ldGFkYXRhXG4gIHJldHVybiBjcFxufVxuXG5mdW5jdGlvbiBwcmVwYXJlTWFuaWZlc3RGb3JTbmFwc2hvdChjb250ZW50OiBzdHJpbmcpOiBzdHJpbmcge1xuICBjb25zdCBpbnB1dCA9IEpTT04ucGFyc2UoY29udGVudClcbiAgY29uc3Qgb3V0cHV0ID0gW1xuICAgIHJlbW92ZVZlcnNpb24sXG4gICAgLy8gUmVtb3ZlIHRoZSBydW50aW1lIHZlcnNpb24gaW5mb3JtYXRpb24gc28gaXQgZG9uJ3QgY29uZmxpY3Qgd2l0aCBDSVxuICAgIC8vIG9yIG90aGVyIHVzZXJzIGdlbmVyYXRpbmcgdGhlIHNuYXBzaG90cy5cbiAgICByZW1vdmVSdW50aW1lTGlicmFyaWVzLFxuICAgIC8vIFJlbW92ZSB0aGUgdHJhY2UgZnJvbSBtYW5pZmVzdCBmb3Igbm93LlxuICAgIHJlbW92ZVRyYWNlLFxuICAgIC8vIEF2b2lkIGRldGFpbHMgKGhhc2hlcykgZnJvbSBhc3NldHMuXG4gICAgcmVtb3ZlQXNzZXREZXRhaWxzRnJvbU1hbmlmZXN0LFxuICBdLnJlZHVjZSgoYWNjLCBmbikgPT4gZm4oYWNjKSwgaW5wdXQpXG5cbiAgcmV0dXJuIEpTT04uc3RyaW5naWZ5KG91dHB1dCwgdW5kZWZpbmVkLCBcIiAgXCIpXG59XG5cbi8qKlxuICogVHJhbnNmb3JtIHRoZSBDbG91ZCBBc3NlbWJseSBtYW5pZmVzdCBmaWxlIHNvIHRoYXQgaXQgY2FuIGJlIHBlcnNpc3RlZFxuICogYXMgYSBzbmFwc2hvdCB3aXRob3V0IGNhdXNpbmcgaW52YWxpZGF0aW9ucyBmb3IgZXZlcnkgc3ludGhlc2l6ZS5cbiAqL1xuYXN5bmMgZnVuY3Rpb24gcHJlcGFyZU1hbmlmZXN0RmlsZUZvclNuYXBzaG90KGZpbGU6IHN0cmluZyk6IFByb21pc2U8dm9pZD4ge1xuICBjb25zdCByZXN1bHQgPSBwcmVwYXJlTWFuaWZlc3RGb3JTbmFwc2hvdChcbiAgICBhd2FpdCBmcy5wcm9taXNlcy5yZWFkRmlsZShmaWxlLCBcInV0ZjhcIiksXG4gIClcblxuICBhd2FpdCBmcy5wcm9taXNlcy53cml0ZUZpbGUoZmlsZSwgcmVzdWx0KVxufVxuXG5mdW5jdGlvbiBwcmVwYXJlVGVtcGxhdGVGb3JTbmFwc2hvdChjb250ZW50OiBzdHJpbmcpOiBzdHJpbmcge1xuICBjb25zdCBpbnB1dCA9IEpTT04ucGFyc2UoY29udGVudClcbiAgY29uc3Qgb3V0cHV0ID0gW1xuICAgIHJlbW92ZUNka01ldGFkYXRhUmVzb3VyY2VGcm9tVGVtcGxhdGUsXG4gICAgLy8gQXZvaWQgZGV0YWlscyAoaGFzaGVzKSBmcm9tIGFzc2V0cy5cbiAgICByZW1vdmVBc3NldERldGFpbHNGcm9tVGVtcGxhdGUsXG4gIF0ucmVkdWNlKChhY2MsIGZuKSA9PiBmbihhY2MpLCBpbnB1dClcblxuICByZXR1cm4gSlNPTi5zdHJpbmdpZnkob3V0cHV0LCB1bmRlZmluZWQsIFwiICBcIilcbn1cblxuLyoqXG4gKiBUcmFuc2Zvcm0gYSBDbG91ZCBBc3NlbWJseSB0ZW1wbGF0ZSBmaWxlIHNvIHRoYXQgaXQgY2FuIGJlIHBlcnNpc3RlZFxuICogYXMgYSBzbmFwc2hvdCB3aXRob3V0IGNhdXNpbmcgaW52YWxpZGF0aW9ucyBmb3IgbWlub3IgY2hhbmdlcy5cbiAqL1xuYXN5bmMgZnVuY3Rpb24gcHJlcGFyZVRlbXBsYXRlRmlsZUZvclNuYXBzaG90KGZpbGU6IHN0cmluZyk6IFByb21pc2U8dm9pZD4ge1xuICBjb25zdCByZXN1bHQgPSBwcmVwYXJlVGVtcGxhdGVGb3JTbmFwc2hvdChcbiAgICBhd2FpdCBmcy5wcm9taXNlcy5yZWFkRmlsZShmaWxlLCBcInV0ZjhcIiksXG4gIClcblxuICBhd2FpdCBmcy5wcm9taXNlcy53cml0ZUZpbGUoZmlsZSwgcmVzdWx0KVxufVxuXG4vKipcbiAqIENvbnZlcnQgYSBDbG91ZCBBc3NlbWJseSB0byBhIHNuYXBzaG90LlxuICovXG5leHBvcnQgYXN5bmMgZnVuY3Rpb24gY3JlYXRlQ2xvdWRBc3NlbWJseVNuYXBzaG90KFxuICBzcmM6IHN0cmluZyxcbiAgZHN0OiBzdHJpbmcsXG4pOiBQcm9taXNlPHZvaWQ+IHtcbiAgY29uc3QgYmFzZSA9IHBhdGguam9pbihwcm9jZXNzLmN3ZCgpLCBkc3QpXG5cbiAgYXdhaXQgY3B5KFwiLlwiLCBiYXNlLCB7XG4gICAgcGFyZW50czogdHJ1ZSxcbiAgICBjd2Q6IHBhdGguam9pbihwcm9jZXNzLmN3ZCgpLCBzcmMpLFxuICB9KVxuXG4gIC8vIERvbid0IGtlZXAgdHJhY2sgb2YgbWFuaWZlc3QgdmVyc2lvbi5cbiAgYXdhaXQgZGVsKHBhdGguam9pbihkc3QsIFwiKiovY2RrLm91dFwiKSlcblxuICAvLyBUaGUgdHJlZSBmaWxlIGRvZXNuJ3QgZ2l2ZSB1cyBtdWNoIHZhbHVlIGFzIHBhcnQgb2YgdGhlIHNuYXBzaG90LlxuICBhd2FpdCBkZWwocGF0aC5qb2luKGRzdCwgXCJ0cmVlLmpzb25cIikpXG5cbiAgLy8gUmVtb3ZlIGFzc2V0IGNvbnRlbnRzIGZvciBub3cuXG4gIGF3YWl0IGRlbChwYXRoLmpvaW4oZHN0LCBcIioqL2Fzc2V0LipcIikpXG5cbiAgLy8gUmVtb3ZlIGFzc2V0IGNvbmZpZ3Mgc28gd2UgZG9uJ3QgaGF2ZSB0byB1cGRhdGVcbiAgLy8gc25hcHNob3RzIGZvciBhc3NldCBjaGFuZ2VzLlxuICBhd2FpdCBkZWwocGF0aC5qb2luKGRzdCwgXCIqKi8qLmFzc2V0cy5qc29uXCIpKVxuXG4gIC8vIFJlbW92ZSBncmFwaHZpeiBmaWxlcyBnZW5lcmF0ZWQgd2hlbiB1c2luZyBDREsgUGlwZWxpbmVzXG4gIGF3YWl0IGRlbChwYXRoLmpvaW4oZHN0LCBcIioqLyouZG90XCIpKVxuXG4gIC8vIFRyYW5zZm9ybSB0aGUgbWFuaWZlc3QgdG8gYmUgbW9yZSBzbmFwc2hvdCBmcmllbmRseS5cbiAgZm9yIChjb25zdCBmaWxlIG9mIGdsb2Iuc3luYyhcIioqL21hbmlmZXN0Lmpzb25cIiwgeyBjd2Q6IGJhc2UgfSkpIHtcbiAgICBhd2FpdCBwcmVwYXJlTWFuaWZlc3RGaWxlRm9yU25hcHNob3QocGF0aC5qb2luKGJhc2UsIGZpbGUpKVxuICB9XG5cbiAgLy8gVHJhbnNmb3JtIGFsbCB0ZW1wbGF0ZXMuXG4gIGZvciAoY29uc3QgZmlsZSBvZiBnbG9iLnN5bmMoXCIqKi8qLnRlbXBsYXRlLmpzb25cIiwgeyBjd2Q6IGJhc2UgfSkpIHtcbiAgICBhd2FpdCBwcmVwYXJlVGVtcGxhdGVGaWxlRm9yU25hcHNob3QocGF0aC5qb2luKGJhc2UsIGZpbGUpKVxuICB9XG59XG4iXX0=

package/lib/ssm-parameter-backed-resource.d.ts

@@ -0,0 +1,45 @@
+import * as constructs from "constructs";
+type ReferenceToResource<T> = (scope: constructs.Construct, id: string, reference: string) => T;
+interface Props<T> {
+    /**
+     * The nonce can be used to force the stack to update to check
+     * for a new value.
+     *
+     * @default Date.now().toString()
+     */
+    nonce?: string;
+    parameterName: string;
+    resource: T;
+    resourceToReference(resource: T): string;
+    referenceToResource: ReferenceToResource<T>;
+    /**
+     * List of regions that can retrieve this resource from an SSM Parameter.
+     */
+    regions: string[];
+}
+/**
+ * Register SSM Parameters in other regions storing a reference to
+ * a resource, which can then be resolved in the other region by
+ * reading from the parameter.
+ *
+ * Storing the SSM Parameters in the other regions speeds up the
+ * resolving of parameters, since we can use CloudFormation SSM
+ * Parameters instead of custom resources.
+ *
+ * If the resource is in the same region, the resource will be returned
+ * like normally in CDK, causing an export/import if cross-stack.
+ */
+export declare class SsmParameterBackedResource<T> extends constructs.Construct {
+    private readonly nonce;
+    private readonly parameterName;
+    private readonly resource;
+    private readonly referenceToResource;
+    private readonly regions;
+    constructor(scope: constructs.Construct, id: string, props: Props<T>);
+    /**
+     * Get the resource by resolving the value from SSM Parameter Store
+     * in case we are cross-region or cross-stage.
+     */
+    get(scope: constructs.Construct, id: string): T;
+}
+export {};

package/lib/ssm-parameter-backed-resource.js

@@ -0,0 +1,67 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SsmParameterBackedResource = void 0;
+const constructs = require("constructs");
+const ssm = require("aws-cdk-lib/aws-ssm");
+const cdk = require("aws-cdk-lib");
+const cross_region_ssm_parameter_1 = require("./cross-region-ssm-parameter");
+const utils_1 = require("./utils");
+/**
+ * Register SSM Parameters in other regions storing a reference to
+ * a resource, which can then be resolved in the other region by
+ * reading from the parameter.
+ *
+ * Storing the SSM Parameters in the other regions speeds up the
+ * resolving of parameters, since we can use CloudFormation SSM
+ * Parameters instead of custom resources.
+ *
+ * If the resource is in the same region, the resource will be returned
+ * like normally in CDK, causing an export/import if cross-stack.
+ */
+class SsmParameterBackedResource extends constructs.Construct {
+    constructor(scope, id, props) {
+        var _a;
+        super(scope, id);
+        this.nonce = (_a = props.nonce) !== null && _a !== void 0 ? _a : Date.now().toString();
+        this.parameterName = props.parameterName;
+        this.resource = props.resource;
+        this.referenceToResource = props.referenceToResource;
+        this.regions = props.regions;
+        const value = props.resourceToReference(props.resource);
+        for (const region of props.regions) {
+            new cross_region_ssm_parameter_1.CrossRegionSsmParameter(this, `Param${region}`, {
+                name: this.parameterName,
+                region,
+                value,
+            });
+        }
+    }
+    /**
+     * Get the resource by resolving the value from SSM Parameter Store
+     * in case we are cross-region or cross-stage.
+     */
+    get(scope, id) {
+        const producerRegion = cdk.Stack.of(this).region;
+        const consumerRegion = cdk.Stack.of(scope).region;
+        const sameStageOrApp = (0, utils_1.getStageOrApp)(this) === (0, utils_1.getStageOrApp)(scope);
+        // Fast-path: Same region and parent stage/app.
+        if (producerRegion === consumerRegion && sameStageOrApp) {
+            return this.resource;
+        }
+        if (!this.regions.includes(consumerRegion)) {
+            throw new Error(`The region ${consumerRegion} is not registered for the parameter`);
+        }
+        // Only add dependency if within same app/stage. If not it
+        // is the caller responsibility to ensure deployment order.
+        if (sameStageOrApp) {
+            scope.node.addDependency(this);
+        }
+        new cdk.CfnParameter(scope, `${id}Nonce`, {
+            default: this.nonce,
+        });
+        const reference = ssm.StringParameter.valueForStringParameter(scope, this.parameterName);
+        return this.referenceToResource(scope, id, reference);
+    }
+}
+exports.SsmParameterBackedResource = SsmParameterBackedResource;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic3NtLXBhcmFtZXRlci1iYWNrZWQtcmVzb3VyY2UuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvc3NtLXBhcmFtZXRlci1iYWNrZWQtcmVzb3VyY2UudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEseUNBQXdDO0FBQ3hDLDJDQUEwQztBQUMxQyxtQ0FBa0M7QUFDbEMsNkVBQXNFO0FBQ3RFLG1DQUF1QztBQTBCdkM7Ozs7Ozs7Ozs7O0dBV0c7QUFDSCxNQUFhLDBCQUE4QixTQUFRLFVBQVUsQ0FBQyxTQUFTO0lBT3JFLFlBQVksS0FBMkIsRUFBRSxFQUFVLEVBQUUsS0FBZTs7UUFDbEUsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQTtRQUNoQixJQUFJLENBQUMsS0FBSyxHQUFHLE1BQUEsS0FBSyxDQUFDLEtBQUssbUNBQUksSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDLFFBQVEsRUFBRSxDQUFBO1FBQ2pELElBQUksQ0FBQyxhQUFhLEdBQUcsS0FBSyxDQUFDLGFBQWEsQ0FBQTtRQUN4QyxJQUFJLENBQUMsUUFBUSxHQUFHLEtBQUssQ0FBQyxRQUFRLENBQUE7UUFDOUIsSUFBSSxDQUFDLG1CQUFtQixHQUFHLEtBQUssQ0FBQyxtQkFBbUIsQ0FBQTtRQUNwRCxJQUFJLENBQUMsT0FBTyxHQUFHLEtBQUssQ0FBQyxPQUFPLENBQUE7UUFFNUIsTUFBTSxLQUFLLEdBQUcsS0FBSyxDQUFDLG1CQUFtQixDQUFDLEtBQUssQ0FBQyxRQUFRLENBQUMsQ0FBQTtRQUV2RCxLQUFLLE1BQU0sTUFBTSxJQUFJLEtBQUssQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUNuQyxJQUFJLG9EQUF1QixDQUFDLElBQUksRUFBRSxRQUFRLE1BQU0sRUFBRSxFQUFFO2dCQUNsRCxJQUFJLEVBQUUsSUFBSSxDQUFDLGFBQWE7Z0JBQ3hCLE1BQU07Z0JBQ04sS0FBSzthQUNOLENBQUMsQ0FBQTtRQUNKLENBQUM7SUFDSCxDQUFDO0lBRUQ7OztPQUdHO0lBQ0ksR0FBRyxDQUFDLEtBQTJCLEVBQUUsRUFBVTtRQUNoRCxNQUFNLGNBQWMsR0FBRyxHQUFHLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQyxJQUFJLENBQUMsQ0FBQyxNQUFNLENBQUE7UUFDaEQsTUFBTSxjQUFjLEdBQUcsR0FBRyxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUMsS0FBSyxDQUFDLENBQUMsTUFBTSxDQUFBO1FBRWpELE1BQU0sY0FBYyxHQUFHLElBQUEscUJBQWEsRUFBQyxJQUFJLENBQUMsS0FBSyxJQUFBLHFCQUFhLEVBQUMsS0FBSyxDQUFDLENBQUE7UUFFbkUsK0NBQStDO1FBQy9DLElBQUksY0FBYyxLQUFLLGNBQWMsSUFBSSxjQUFjLEVBQUUsQ0FBQztZQUN4RCxPQUFPLElBQUksQ0FBQyxRQUFRLENBQUE7UUFDdEIsQ0FBQztRQUVELElBQUksQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxjQUFjLENBQUMsRUFBRSxDQUFDO1lBQzNDLE1BQU0sSUFBSSxLQUFLLENBQ2IsY0FBYyxjQUFjLHNDQUFzQyxDQUNuRSxDQUFBO1FBQ0gsQ0FBQztRQUVELDBEQUEwRDtRQUMxRCwyREFBMkQ7UUFDM0QsSUFBSSxjQUFjLEVBQUUsQ0FBQztZQUNuQixLQUFLLENBQUMsSUFBSSxDQUFDLGFBQWEsQ0FBQyxJQUFJLENBQUMsQ0FBQTtRQUNoQyxDQUFDO1FBRUQsSUFBSSxHQUFHLENBQUMsWUFBWSxDQUFDLEtBQUssRUFBRSxHQUFHLEVBQUUsT0FBTyxFQUFFO1lBQ3hDLE9BQU8sRUFBRSxJQUFJLENBQUMsS0FBSztTQUNwQixDQUFDLENBQUE7UUFFRixNQUFNLFNBQVMsR0FBRyxHQUFHLENBQUMsZUFBZSxDQUFDLHVCQUF1QixDQUMzRCxLQUFLLEVBQ0wsSUFBSSxDQUFDLGFBQWEsQ0FDbkIsQ0FBQTtRQUNELE9BQU8sSUFBSSxDQUFDLG1CQUFtQixDQUFDLEtBQUssRUFBRSxFQUFFLEVBQUUsU0FBUyxDQUFDLENBQUE7SUFDdkQsQ0FBQztDQUNGO0FBL0RELGdFQStEQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCAqIGFzIGNvbnN0cnVjdHMgZnJvbSBcImNvbnN0cnVjdHNcIlxuaW1wb3J0ICogYXMgc3NtIGZyb20gXCJhd3MtY2RrLWxpYi9hd3Mtc3NtXCJcbmltcG9ydCAqIGFzIGNkayBmcm9tIFwiYXdzLWNkay1saWJcIlxuaW1wb3J0IHsgQ3Jvc3NSZWdpb25Tc21QYXJhbWV0ZXIgfSBmcm9tIFwiLi9jcm9zcy1yZWdpb24tc3NtLXBhcmFtZXRlclwiXG5pbXBvcnQgeyBnZXRTdGFnZU9yQXBwIH0gZnJvbSBcIi4vdXRpbHNcIlxuXG50eXBlIFJlZmVyZW5jZVRvUmVzb3VyY2U8VD4gPSAoXG4gIHNjb3BlOiBjb25zdHJ1Y3RzLkNvbnN0cnVjdCxcbiAgaWQ6IHN0cmluZyxcbiAgcmVmZXJlbmNlOiBzdHJpbmcsXG4pID0+IFRcblxuaW50ZXJmYWNlIFByb3BzPFQ+IHtcbiAgLyoqXG4gICAqIFRoZSBub25jZSBjYW4gYmUgdXNlZCB0byBmb3JjZSB0aGUgc3RhY2sgdG8gdXBkYXRlIHRvIGNoZWNrXG4gICAqIGZvciBhIG5ldyB2YWx1ZS5cbiAgICpcbiAgICogQGRlZmF1bHQgRGF0ZS5ub3coKS50b1N0cmluZygpXG4gICAqL1xuICBub25jZT86IHN0cmluZ1xuICBwYXJhbWV0ZXJOYW1lOiBzdHJpbmdcbiAgcmVzb3VyY2U6IFRcbiAgcmVzb3VyY2VUb1JlZmVyZW5jZShyZXNvdXJjZTogVCk6IHN0cmluZ1xuICByZWZlcmVuY2VUb1Jlc291cmNlOiBSZWZlcmVuY2VUb1Jlc291cmNlPFQ+XG4gIC8qKlxuICAgKiBMaXN0IG9mIHJlZ2lvbnMgdGhhdCBjYW4gcmV0cmlldmUgdGhpcyByZXNvdXJjZSBmcm9tIGFuIFNTTSBQYXJhbWV0ZXIuXG4gICAqL1xuICByZWdpb25zOiBzdHJpbmdbXVxufVxuXG4vKipcbiAqIFJlZ2lzdGVyIFNTTSBQYXJhbWV0ZXJzIGluIG90aGVyIHJlZ2lvbnMgc3RvcmluZyBhIHJlZmVyZW5jZSB0b1xuICogYSByZXNvdXJjZSwgd2hpY2ggY2FuIHRoZW4gYmUgcmVzb2x2ZWQgaW4gdGhlIG90aGVyIHJlZ2lvbiBieVxuICogcmVhZGluZyBmcm9tIHRoZSBwYXJhbWV0ZXIuXG4gKlxuICogU3RvcmluZyB0aGUgU1NNIFBhcmFtZXRlcnMgaW4gdGhlIG90aGVyIHJlZ2lvbnMgc3BlZWRzIHVwIHRoZVxuICogcmVzb2x2aW5nIG9mIHBhcmFtZXRlcnMsIHNpbmNlIHdlIGNhbiB1c2UgQ2xvdWRGb3JtYXRpb24gU1NNXG4gKiBQYXJhbWV0ZXJzIGluc3RlYWQgb2YgY3VzdG9tIHJlc291cmNlcy5cbiAqXG4gKiBJZiB0aGUgcmVzb3VyY2UgaXMgaW4gdGhlIHNhbWUgcmVnaW9uLCB0aGUgcmVzb3VyY2Ugd2lsbCBiZSByZXR1cm5lZFxuICogbGlrZSBub3JtYWxseSBpbiBDREssIGNhdXNpbmcgYW4gZXhwb3J0L2ltcG9ydCBpZiBjcm9zcy1zdGFjay5cbiAqL1xuZXhwb3J0IGNsYXNzIFNzbVBhcmFtZXRlckJhY2tlZFJlc291cmNlPFQ+IGV4dGVuZHMgY29uc3RydWN0cy5Db25zdHJ1Y3Qge1xuICBwcml2YXRlIHJlYWRvbmx5IG5vbmNlOiBzdHJpbmdcbiAgcHJpdmF0ZSByZWFkb25seSBwYXJhbWV0ZXJOYW1lOiBzdHJpbmdcbiAgcHJpdmF0ZSByZWFkb25seSByZXNvdXJjZTogVFxuICBwcml2YXRlIHJlYWRvbmx5IHJlZmVyZW5jZVRvUmVzb3VyY2U6IFJlZmVyZW5jZVRvUmVzb3VyY2U8VD5cbiAgcHJpdmF0ZSByZWFkb25seSByZWdpb25zOiBzdHJpbmdbXVxuXG4gIGNvbnN0cnVjdG9yKHNjb3BlOiBjb25zdHJ1Y3RzLkNvbnN0cnVjdCwgaWQ6IHN0cmluZywgcHJvcHM6IFByb3BzPFQ+KSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkKVxuICAgIHRoaXMubm9uY2UgPSBwcm9wcy5ub25jZSA/PyBEYXRlLm5vdygpLnRvU3RyaW5nKClcbiAgICB0aGlzLnBhcmFtZXRlck5hbWUgPSBwcm9wcy5wYXJhbWV0ZXJOYW1lXG4gICAgdGhpcy5yZXNvdXJjZSA9IHByb3BzLnJlc291cmNlXG4gICAgdGhpcy5yZWZlcmVuY2VUb1Jlc291cmNlID0gcHJvcHMucmVmZXJlbmNlVG9SZXNvdXJjZVxuICAgIHRoaXMucmVnaW9ucyA9IHByb3BzLnJlZ2lvbnNcblxuICAgIGNvbnN0IHZhbHVlID0gcHJvcHMucmVzb3VyY2VUb1JlZmVyZW5jZShwcm9wcy5yZXNvdXJjZSlcblxuICAgIGZvciAoY29uc3QgcmVnaW9uIG9mIHByb3BzLnJlZ2lvbnMpIHtcbiAgICAgIG5ldyBDcm9zc1JlZ2lvblNzbVBhcmFtZXRlcih0aGlzLCBgUGFyYW0ke3JlZ2lvbn1gLCB7XG4gICAgICAgIG5hbWU6IHRoaXMucGFyYW1ldGVyTmFtZSxcbiAgICAgICAgcmVnaW9uLFxuICAgICAgICB2YWx1ZSxcbiAgICAgIH0pXG4gICAgfVxuICB9XG5cbiAgLyoqXG4gICAqIEdldCB0aGUgcmVzb3VyY2UgYnkgcmVzb2x2aW5nIHRoZSB2YWx1ZSBmcm9tIFNTTSBQYXJhbWV0ZXIgU3RvcmVcbiAgICogaW4gY2FzZSB3ZSBhcmUgY3Jvc3MtcmVnaW9uIG9yIGNyb3NzLXN0YWdlLlxuICAgKi9cbiAgcHVibGljIGdldChzY29wZTogY29uc3RydWN0cy5Db25zdHJ1Y3QsIGlkOiBzdHJpbmcpOiBUIHtcbiAgICBjb25zdCBwcm9kdWNlclJlZ2lvbiA9IGNkay5TdGFjay5vZih0aGlzKS5yZWdpb25cbiAgICBjb25zdCBjb25zdW1lclJlZ2lvbiA9IGNkay5TdGFjay5vZihzY29wZSkucmVnaW9uXG5cbiAgICBjb25zdCBzYW1lU3RhZ2VPckFwcCA9IGdldFN0YWdlT3JBcHAodGhpcykgPT09IGdldFN0YWdlT3JBcHAoc2NvcGUpXG5cbiAgICAvLyBGYXN0LXBhdGg6IFNhbWUgcmVnaW9uIGFuZCBwYXJlbnQgc3RhZ2UvYXBwLlxuICAgIGlmIChwcm9kdWNlclJlZ2lvbiA9PT0gY29uc3VtZXJSZWdpb24gJiYgc2FtZVN0YWdlT3JBcHApIHtcbiAgICAgIHJldHVybiB0aGlzLnJlc291cmNlXG4gICAgfVxuXG4gICAgaWYgKCF0aGlzLnJlZ2lvbnMuaW5jbHVkZXMoY29uc3VtZXJSZWdpb24pKSB7XG4gICAgICB0aHJvdyBuZXcgRXJyb3IoXG4gICAgICAgIGBUaGUgcmVnaW9uICR7Y29uc3VtZXJSZWdpb259IGlzIG5vdCByZWdpc3RlcmVkIGZvciB0aGUgcGFyYW1ldGVyYCxcbiAgICAgIClcbiAgICB9XG5cbiAgICAvLyBPbmx5IGFkZCBkZXBlbmRlbmN5IGlmIHdpdGhpbiBzYW1lIGFwcC9zdGFnZS4gSWYgbm90IGl0XG4gICAgLy8gaXMgdGhlIGNhbGxlciByZXNwb25zaWJpbGl0eSB0byBlbnN1cmUgZGVwbG95bWVudCBvcmRlci5cbiAgICBpZiAoc2FtZVN0YWdlT3JBcHApIHtcbiAgICAgIHNjb3BlLm5vZGUuYWRkRGVwZW5kZW5jeSh0aGlzKVxuICAgIH1cblxuICAgIG5ldyBjZGsuQ2ZuUGFyYW1ldGVyKHNjb3BlLCBgJHtpZH1Ob25jZWAsIHtcbiAgICAgIGRlZmF1bHQ6IHRoaXMubm9uY2UsXG4gICAgfSlcblxuICAgIGNvbnN0IHJlZmVyZW5jZSA9IHNzbS5TdHJpbmdQYXJhbWV0ZXIudmFsdWVGb3JTdHJpbmdQYXJhbWV0ZXIoXG4gICAgICBzY29wZSxcbiAgICAgIHRoaXMucGFyYW1ldGVyTmFtZSxcbiAgICApXG4gICAgcmV0dXJuIHRoaXMucmVmZXJlbmNlVG9SZXNvdXJjZShzY29wZSwgaWQsIHJlZmVyZW5jZSlcbiAgfVxufVxuIl19

package/lib/ssm-parameter-reader.d.ts

@@ -0,0 +1,21 @@
+import * as constructs from "constructs";
+import * as cr from "aws-cdk-lib/custom-resources";
+interface Props {
+    parameterName: string;
+    region: string;
+    /**
+     * Value that must be updated to check if the parameter has a new value.
+     *
+     * @default Date.now().toString()
+     */
+    nonce?: string;
+}
+/**
+ * Get value of a SSM parameter dynamically during deployment
+ * with support to read cross-region.
+ */
+export declare class SsmParameterReader extends cr.AwsCustomResource {
+    constructor(scope: constructs.Construct, id: string, props: Props);
+    getParameterValue(): string;
+}
+export {};

package/lib/ssm-parameter-reader.js

@@ -0,0 +1,48 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SsmParameterReader = void 0;
+const cdk = require("aws-cdk-lib");
+const cr = require("aws-cdk-lib/custom-resources");
+function removeLeadingSlash(value) {
+    return value.slice(0, 1) == "/" ? value.slice(1) : value;
+}
+/**
+ * Get value of a SSM parameter dynamically during deployment
+ * with support to read cross-region.
+ */
+class SsmParameterReader extends cr.AwsCustomResource {
+    constructor(scope, id, props) {
+        var _a;
+        super(scope, id, {
+            onUpdate: {
+                service: "SSM",
+                action: "getParameter",
+                parameters: {
+                    Name: props.parameterName,
+                },
+                region: props.region,
+                // Update physical id to fetch the latest version.
+                physicalResourceId: cr.PhysicalResourceId.of(props.parameterName),
+            },
+            policy: cr.AwsCustomResourcePolicy.fromSdkCalls({
+                resources: [
+                    cdk.Arn.format({
+                        service: "ssm",
+                        region: props.region,
+                        resource: "parameter",
+                        resourceName: removeLeadingSlash(props.parameterName),
+                    }, cdk.Stack.of(scope)),
+                ],
+            }),
+        });
+        const r = this.node.findChild("Resource").node
+            .defaultChild;
+        r.cfnOptions.metadata = r.cfnOptions.metadata || {};
+        r.cfnOptions.metadata.Nonce = (_a = props.nonce) !== null && _a !== void 0 ? _a : Date.now().toString();
+    }
+    getParameterValue() {
+        return this.getResponseField("Parameter.Value");
+    }
+}
+exports.SsmParameterReader = SsmParameterReader;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic3NtLXBhcmFtZXRlci1yZWFkZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvc3NtLXBhcmFtZXRlci1yZWFkZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQ0EsbUNBQWtDO0FBQ2xDLG1EQUFrRDtBQWFsRCxTQUFTLGtCQUFrQixDQUFDLEtBQWE7SUFDdkMsT0FBTyxLQUFLLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsSUFBSSxHQUFHLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQTtBQUMxRCxDQUFDO0FBRUQ7OztHQUdHO0FBQ0gsTUFBYSxrQkFBbUIsU0FBUSxFQUFFLENBQUMsaUJBQWlCO0lBQzFELFlBQVksS0FBMkIsRUFBRSxFQUFVLEVBQUUsS0FBWTs7UUFDL0QsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLEVBQUU7WUFDZixRQUFRLEVBQUU7Z0JBQ1IsT0FBTyxFQUFFLEtBQUs7Z0JBQ2QsTUFBTSxFQUFFLGNBQWM7Z0JBQ3RCLFVBQVUsRUFBRTtvQkFDVixJQUFJLEVBQUUsS0FBSyxDQUFDLGFBQWE7aUJBQzFCO2dCQUNELE1BQU0sRUFBRSxLQUFLLENBQUMsTUFBTTtnQkFDcEIsa0RBQWtEO2dCQUNsRCxrQkFBa0IsRUFBRSxFQUFFLENBQUMsa0JBQWtCLENBQUMsRUFBRSxDQUFDLEtBQUssQ0FBQyxhQUFhLENBQUM7YUFDbEU7WUFDRCxNQUFNLEVBQUUsRUFBRSxDQUFDLHVCQUF1QixDQUFDLFlBQVksQ0FBQztnQkFDOUMsU0FBUyxFQUFFO29CQUNULEdBQUcsQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUNaO3dCQUNFLE9BQU8sRUFBRSxLQUFLO3dCQUNkLE1BQU0sRUFBRSxLQUFLLENBQUMsTUFBTTt3QkFDcEIsUUFBUSxFQUFFLFdBQVc7d0JBQ3JCLFlBQVksRUFBRSxrQkFBa0IsQ0FBQyxLQUFLLENBQUMsYUFBYSxDQUFDO3FCQUN0RCxFQUNELEdBQUcsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDLEtBQUssQ0FBQyxDQUNwQjtpQkFDRjthQUNGLENBQUM7U0FDSCxDQUFDLENBQUE7UUFFRixNQUFNLENBQUMsR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxVQUFVLENBQUMsQ0FBQyxJQUFJO2FBQzNDLFlBQStCLENBQUE7UUFDbEMsQ0FBQyxDQUFDLFVBQVUsQ0FBQyxRQUFRLEdBQUcsQ0FBQyxDQUFDLFVBQVUsQ0FBQyxRQUFRLElBQUksRUFBRSxDQUFBO1FBQ25ELENBQUMsQ0FBQyxVQUFVLENBQUMsUUFBUSxDQUFDLEtBQUssR0FBRyxNQUFBLEtBQUssQ0FBQyxLQUFLLG1DQUFJLElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQyxRQUFRLEVBQUUsQ0FBQTtJQUNwRSxDQUFDO0lBRU0saUJBQWlCO1FBQ3RCLE9BQU8sSUFBSSxDQUFDLGdCQUFnQixDQUFDLGlCQUFpQixDQUFDLENBQUE7SUFDakQsQ0FBQztDQUNGO0FBckNELGdEQXFDQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCAqIGFzIGNvbnN0cnVjdHMgZnJvbSBcImNvbnN0cnVjdHNcIlxuaW1wb3J0ICogYXMgY2RrIGZyb20gXCJhd3MtY2RrLWxpYlwiXG5pbXBvcnQgKiBhcyBjciBmcm9tIFwiYXdzLWNkay1saWIvY3VzdG9tLXJlc291cmNlc1wiXG5cbmludGVyZmFjZSBQcm9wcyB7XG4gIHBhcmFtZXRlck5hbWU6IHN0cmluZ1xuICByZWdpb246IHN0cmluZ1xuICAvKipcbiAgICogVmFsdWUgdGhhdCBtdXN0IGJlIHVwZGF0ZWQgdG8gY2hlY2sgaWYgdGhlIHBhcmFtZXRlciBoYXMgYSBuZXcgdmFsdWUuXG4gICAqXG4gICAqIEBkZWZhdWx0IERhdGUubm93KCkudG9TdHJpbmcoKVxuICAgKi9cbiAgbm9uY2U/OiBzdHJpbmdcbn1cblxuZnVuY3Rpb24gcmVtb3ZlTGVhZGluZ1NsYXNoKHZhbHVlOiBzdHJpbmcpOiBzdHJpbmcge1xuICByZXR1cm4gdmFsdWUuc2xpY2UoMCwgMSkgPT0gXCIvXCIgPyB2YWx1ZS5zbGljZSgxKSA6IHZhbHVlXG59XG5cbi8qKlxuICogR2V0IHZhbHVlIG9mIGEgU1NNIHBhcmFtZXRlciBkeW5hbWljYWxseSBkdXJpbmcgZGVwbG95bWVudFxuICogd2l0aCBzdXBwb3J0IHRvIHJlYWQgY3Jvc3MtcmVnaW9uLlxuICovXG5leHBvcnQgY2xhc3MgU3NtUGFyYW1ldGVyUmVhZGVyIGV4dGVuZHMgY3IuQXdzQ3VzdG9tUmVzb3VyY2Uge1xuICBjb25zdHJ1Y3RvcihzY29wZTogY29uc3RydWN0cy5Db25zdHJ1Y3QsIGlkOiBzdHJpbmcsIHByb3BzOiBQcm9wcykge1xuICAgIHN1cGVyKHNjb3BlLCBpZCwge1xuICAgICAgb25VcGRhdGU6IHtcbiAgICAgICAgc2VydmljZTogXCJTU01cIixcbiAgICAgICAgYWN0aW9uOiBcImdldFBhcmFtZXRlclwiLFxuICAgICAgICBwYXJhbWV0ZXJzOiB7XG4gICAgICAgICAgTmFtZTogcHJvcHMucGFyYW1ldGVyTmFtZSxcbiAgICAgICAgfSxcbiAgICAgICAgcmVnaW9uOiBwcm9wcy5yZWdpb24sXG4gICAgICAgIC8vIFVwZGF0ZSBwaHlzaWNhbCBpZCB0byBmZXRjaCB0aGUgbGF0ZXN0IHZlcnNpb24uXG4gICAgICAgIHBoeXNpY2FsUmVzb3VyY2VJZDogY3IuUGh5c2ljYWxSZXNvdXJjZUlkLm9mKHByb3BzLnBhcmFtZXRlck5hbWUpLFxuICAgICAgfSxcbiAgICAgIHBvbGljeTogY3IuQXdzQ3VzdG9tUmVzb3VyY2VQb2xpY3kuZnJvbVNka0NhbGxzKHtcbiAgICAgICAgcmVzb3VyY2VzOiBbXG4gICAgICAgICAgY2RrLkFybi5mb3JtYXQoXG4gICAgICAgICAgICB7XG4gICAgICAgICAgICAgIHNlcnZpY2U6IFwic3NtXCIsXG4gICAgICAgICAgICAgIHJlZ2lvbjogcHJvcHMucmVnaW9uLFxuICAgICAgICAgICAgICByZXNvdXJjZTogXCJwYXJhbWV0ZXJcIixcbiAgICAgICAgICAgICAgcmVzb3VyY2VOYW1lOiByZW1vdmVMZWFkaW5nU2xhc2gocHJvcHMucGFyYW1ldGVyTmFtZSksXG4gICAgICAgICAgICB9LFxuICAgICAgICAgICAgY2RrLlN0YWNrLm9mKHNjb3BlKSxcbiAgICAgICAgICApLFxuICAgICAgICBdLFxuICAgICAgfSksXG4gICAgfSlcblxuICAgIGNvbnN0IHIgPSB0aGlzLm5vZGUuZmluZENoaWxkKFwiUmVzb3VyY2VcIikubm9kZVxuICAgICAgLmRlZmF1bHRDaGlsZCBhcyBjZGsuQ2ZuUmVzb3VyY2VcbiAgICByLmNmbk9wdGlvbnMubWV0YWRhdGEgPSByLmNmbk9wdGlvbnMubWV0YWRhdGEgfHwge31cbiAgICByLmNmbk9wdGlvbnMubWV0YWRhdGEuTm9uY2UgPSBwcm9wcy5ub25jZSA/PyBEYXRlLm5vdygpLnRvU3RyaW5nKClcbiAgfVxuXG4gIHB1YmxpYyBnZXRQYXJhbWV0ZXJWYWx1ZSgpOiBzdHJpbmcge1xuICAgIHJldHVybiB0aGlzLmdldFJlc3BvbnNlRmllbGQoXCJQYXJhbWV0ZXIuVmFsdWVcIilcbiAgfVxufVxuIl19

package/lib/tags.d.ts

@@ -0,0 +1,8 @@
+import * as constructs from "constructs";
+import * as cdk from "aws-cdk-lib";
+/**
+ * Tag all supported resources within an application.
+ *
+ * CDK will propagate tags too all resources that support it.
+ */
+export declare function tagResources(scope: constructs.Construct, tags: (stack: cdk.Stack) => Record<string, string>): void;

package/lib/tags.js

@@ -0,0 +1,36 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.tagResources = void 0;
+const cdk = require("aws-cdk-lib");
+const cm = require("aws-cdk-lib/aws-certificatemanager");
+function shouldTag(construct) {
+    // See https://github.com/aws/aws-cdk/issues/14519#issuecomment-833103147
+    if (construct instanceof cm.DnsValidatedCertificate) {
+        return false;
+    }
+    return true;
+}
+/**
+ * Tag all supported resources within an application.
+ *
+ * CDK will propagate tags too all resources that support it.
+ */
+function tagResources(scope, tags) {
+    cdk.Aspects.of(scope).add({
+        visit(construct) {
+            if (cdk.TagManager.isTaggable(construct) && shouldTag(construct)) {
+                // We pick the last stack in chain to support stages where
+                // there are multiple stacks.
+                const allStacks = construct.node.scopes.filter((it) => cdk.Stack.isStack(it));
+                const stack = allStacks.length > 0 ? allStacks[allStacks.length - 1] : undefined;
+                if (stack != null) {
+                    for (const [key, value] of Object.entries(tags(stack))) {
+                        construct.tags.setTag(key, value, 100, true);
+                    }
+                }
+            }
+        },
+    });
+}
+exports.tagResources = tagResources;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidGFncy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uL3NyYy90YWdzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUNBLG1DQUFrQztBQUNsQyx5REFBd0Q7QUFFeEQsU0FBUyxTQUFTLENBQUMsU0FBZ0M7SUFDakQseUVBQXlFO0lBQ3pFLElBQUksU0FBUyxZQUFZLEVBQUUsQ0FBQyx1QkFBdUIsRUFBRSxDQUFDO1FBQ3BELE9BQU8sS0FBSyxDQUFBO0lBQ2QsQ0FBQztJQUVELE9BQU8sSUFBSSxDQUFBO0FBQ2IsQ0FBQztBQUVEOzs7O0dBSUc7QUFDSCxTQUFnQixZQUFZLENBQzFCLEtBQTJCLEVBQzNCLElBQWtEO0lBRWxELEdBQUcsQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDLEtBQUssQ0FBQyxDQUFDLEdBQUcsQ0FBQztRQUN4QixLQUFLLENBQUMsU0FBZ0M7WUFDcEMsSUFBSSxHQUFHLENBQUMsVUFBVSxDQUFDLFVBQVUsQ0FBQyxTQUFTLENBQUMsSUFBSSxTQUFTLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FBQztnQkFDakUsMERBQTBEO2dCQUMxRCw2QkFBNkI7Z0JBQzdCLE1BQU0sU0FBUyxHQUFHLFNBQVMsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDLEVBQUUsRUFBbUIsRUFBRSxDQUNyRSxHQUFHLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUMsQ0FDdEIsQ0FBQTtnQkFFRCxNQUFNLEtBQUssR0FDVCxTQUFTLENBQUMsTUFBTSxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUMsU0FBUyxDQUFDLFNBQVMsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLFNBQVMsQ0FBQTtnQkFDcEUsSUFBSSxLQUFLLElBQUksSUFBSSxFQUFFLENBQUM7b0JBQ2xCLEtBQUssTUFBTSxDQUFDLEdBQUcsRUFBRSxLQUFLLENBQUMsSUFBSSxNQUFNLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQyxFQUFFLENBQUM7d0JBQ3ZELFNBQVMsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLEdBQUcsRUFBRSxLQUFLLEVBQUUsR0FBRyxFQUFFLElBQUksQ0FBQyxDQUFBO29CQUM5QyxDQUFDO2dCQUNILENBQUM7WUFDSCxDQUFDO1FBQ0gsQ0FBQztLQUNGLENBQUMsQ0FBQTtBQUNKLENBQUM7QUF2QkQsb0NBdUJDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0ICogYXMgY29uc3RydWN0cyBmcm9tIFwiY29uc3RydWN0c1wiXG5pbXBvcnQgKiBhcyBjZGsgZnJvbSBcImF3cy1jZGstbGliXCJcbmltcG9ydCAqIGFzIGNtIGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtY2VydGlmaWNhdGVtYW5hZ2VyXCJcblxuZnVuY3Rpb24gc2hvdWxkVGFnKGNvbnN0cnVjdDogY29uc3RydWN0cy5JQ29uc3RydWN0KSB7XG4gIC8vIFNlZSBodHRwczovL2dpdGh1Yi5jb20vYXdzL2F3cy1jZGsvaXNzdWVzLzE0NTE5I2lzc3VlY29tbWVudC04MzMxMDMxNDdcbiAgaWYgKGNvbnN0cnVjdCBpbnN0YW5jZW9mIGNtLkRuc1ZhbGlkYXRlZENlcnRpZmljYXRlKSB7XG4gICAgcmV0dXJuIGZhbHNlXG4gIH1cblxuICByZXR1cm4gdHJ1ZVxufVxuXG4vKipcbiAqIFRhZyBhbGwgc3VwcG9ydGVkIHJlc291cmNlcyB3aXRoaW4gYW4gYXBwbGljYXRpb24uXG4gKlxuICogQ0RLIHdpbGwgcHJvcGFnYXRlIHRhZ3MgdG9vIGFsbCByZXNvdXJjZXMgdGhhdCBzdXBwb3J0IGl0LlxuICovXG5leHBvcnQgZnVuY3Rpb24gdGFnUmVzb3VyY2VzKFxuICBzY29wZTogY29uc3RydWN0cy5Db25zdHJ1Y3QsXG4gIHRhZ3M6IChzdGFjazogY2RrLlN0YWNrKSA9PiBSZWNvcmQ8c3RyaW5nLCBzdHJpbmc+LFxuKTogdm9pZCB7XG4gIGNkay5Bc3BlY3RzLm9mKHNjb3BlKS5hZGQoe1xuICAgIHZpc2l0KGNvbnN0cnVjdDogY29uc3RydWN0cy5JQ29uc3RydWN0KSB7XG4gICAgICBpZiAoY2RrLlRhZ01hbmFnZXIuaXNUYWdnYWJsZShjb25zdHJ1Y3QpICYmIHNob3VsZFRhZyhjb25zdHJ1Y3QpKSB7XG4gICAgICAgIC8vIFdlIHBpY2sgdGhlIGxhc3Qgc3RhY2sgaW4gY2hhaW4gdG8gc3VwcG9ydCBzdGFnZXMgd2hlcmVcbiAgICAgICAgLy8gdGhlcmUgYXJlIG11bHRpcGxlIHN0YWNrcy5cbiAgICAgICAgY29uc3QgYWxsU3RhY2tzID0gY29uc3RydWN0Lm5vZGUuc2NvcGVzLmZpbHRlcigoaXQpOiBpdCBpcyBjZGsuU3RhY2sgPT5cbiAgICAgICAgICBjZGsuU3RhY2suaXNTdGFjayhpdCksXG4gICAgICAgIClcblxuICAgICAgICBjb25zdCBzdGFjayA9XG4gICAgICAgICAgYWxsU3RhY2tzLmxlbmd0aCA+IDAgPyBhbGxTdGFja3NbYWxsU3RhY2tzLmxlbmd0aCAtIDFdIDogdW5kZWZpbmVkXG4gICAgICAgIGlmIChzdGFjayAhPSBudWxsKSB7XG4gICAgICAgICAgZm9yIChjb25zdCBba2V5LCB2YWx1ZV0gb2YgT2JqZWN0LmVudHJpZXModGFncyhzdGFjaykpKSB7XG4gICAgICAgICAgICBjb25zdHJ1Y3QudGFncy5zZXRUYWcoa2V5LCB2YWx1ZSwgMTAwLCB0cnVlKVxuICAgICAgICAgIH1cbiAgICAgICAgfVxuICAgICAgfVxuICAgIH0sXG4gIH0pXG59XG4iXX0=

package/lib/utils.d.ts

@@ -0,0 +1,2 @@
+import * as constructs from "constructs";
+export declare function getStageOrApp(scope: constructs.Construct): constructs.Construct;

package/lib/utils.js

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getStageOrApp = void 0;
+const cdk = require("aws-cdk-lib");
+function getStageOrApp(scope) {
+    const stage = cdk.Stage.of(scope);
+    if (stage != null) {
+        return stage;
+    }
+    const app = scope.node.root;
+    if (!cdk.App.isApp(app)) {
+        throw new Error(`Could not locate cdk App for ${scope.node.id}`);
+    }
+    return app;
+}
+exports.getStageOrApp = getStageOrApp;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidXRpbHMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvdXRpbHMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQ0EsbUNBQWtDO0FBRWxDLFNBQWdCLGFBQWEsQ0FDM0IsS0FBMkI7SUFFM0IsTUFBTSxLQUFLLEdBQUcsR0FBRyxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUMsS0FBSyxDQUFDLENBQUE7SUFDakMsSUFBSSxLQUFLLElBQUksSUFBSSxFQUFFLENBQUM7UUFDbEIsT0FBTyxLQUFLLENBQUE7SUFDZCxDQUFDO0lBRUQsTUFBTSxHQUFHLEdBQUcsS0FBSyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUE7SUFDM0IsSUFBSSxDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUM7UUFDeEIsTUFBTSxJQUFJLEtBQUssQ0FBQyxnQ0FBZ0MsS0FBSyxDQUFDLElBQUksQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFBO0lBQ2xFLENBQUM7SUFDRCxPQUFPLEdBQUcsQ0FBQTtBQUNaLENBQUM7QUFiRCxzQ0FhQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCAqIGFzIGNvbnN0cnVjdHMgZnJvbSBcImNvbnN0cnVjdHNcIlxuaW1wb3J0ICogYXMgY2RrIGZyb20gXCJhd3MtY2RrLWxpYlwiXG5cbmV4cG9ydCBmdW5jdGlvbiBnZXRTdGFnZU9yQXBwKFxuICBzY29wZTogY29uc3RydWN0cy5Db25zdHJ1Y3QsXG4pOiBjb25zdHJ1Y3RzLkNvbnN0cnVjdCB7XG4gIGNvbnN0IHN0YWdlID0gY2RrLlN0YWdlLm9mKHNjb3BlKVxuICBpZiAoc3RhZ2UgIT0gbnVsbCkge1xuICAgIHJldHVybiBzdGFnZVxuICB9XG5cbiAgY29uc3QgYXBwID0gc2NvcGUubm9kZS5yb290XG4gIGlmICghY2RrLkFwcC5pc0FwcChhcHApKSB7XG4gICAgdGhyb3cgbmV3IEVycm9yKGBDb3VsZCBub3QgbG9jYXRlIGNkayBBcHAgZm9yICR7c2NvcGUubm9kZS5pZH1gKVxuICB9XG4gIHJldHVybiBhcHBcbn1cbiJdfQ==

package/lib/webapp/index.d.ts

@@ -0,0 +1,3 @@
+export { Webapp, WebappProps } from "./webapp";
+export { generateContentSecurityPolicyHeader } from "./security-headers";
+export { WebappMonitor } from "./monitor";

package/lib/webapp/index.js

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.WebappMonitor = exports.generateContentSecurityPolicyHeader = exports.Webapp = void 0;
+var webapp_1 = require("./webapp");
+Object.defineProperty(exports, "Webapp", { enumerable: true, get: function () { return webapp_1.Webapp; } });
+var security_headers_1 = require("./security-headers");
+Object.defineProperty(exports, "generateContentSecurityPolicyHeader", { enumerable: true, get: function () { return security_headers_1.generateContentSecurityPolicyHeader; } });
+var monitor_1 = require("./monitor");
+Object.defineProperty(exports, "WebappMonitor", { enumerable: true, get: function () { return monitor_1.WebappMonitor; } });
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvd2ViYXBwL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLG1DQUE4QztBQUFyQyxnR0FBQSxNQUFNLE9BQUE7QUFDZix1REFBd0U7QUFBL0QsdUlBQUEsbUNBQW1DLE9BQUE7QUFDNUMscUNBQXlDO0FBQWhDLHdHQUFBLGFBQWEsT0FBQSIsInNvdXJjZXNDb250ZW50IjpbImV4cG9ydCB7IFdlYmFwcCwgV2ViYXBwUHJvcHMgfSBmcm9tIFwiLi93ZWJhcHBcIlxuZXhwb3J0IHsgZ2VuZXJhdGVDb250ZW50U2VjdXJpdHlQb2xpY3lIZWFkZXIgfSBmcm9tIFwiLi9zZWN1cml0eS1oZWFkZXJzXCJcbmV4cG9ydCB7IFdlYmFwcE1vbml0b3IgfSBmcm9tIFwiLi9tb25pdG9yXCJcbiJdfQ==