npm - @liflig/cdk - Versions diffs - 2.18.9 → 2.19.0 - Mend

@liflig/cdk 2.18.9 → 2.19.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/lib/build-artifacts/github-actions-role.d.ts +68 -0
package/lib/build-artifacts/github-actions-role.js +73 -0
package/lib/build-artifacts/index.d.ts +68 -29
package/lib/build-artifacts/index.js +132 -65
package/package.json +8 -8

package/lib/build-artifacts/github-actions-role.d.ts ADDED Viewed

@@ -0,0 +1,68 @@
+import * as iam from "aws-cdk-lib/aws-iam";
+import * as constructs from "constructs";
+export interface Props {
+    /**
+     * A list of trusted GitHub repository owners.
+     *
+     * This functions as a sort of whitelist to catch
+     * potential typos in {@link repositories}.
+     */
+    trustedOwners: string[];
+    /**
+     * The name of the trusted branch.
+     *
+     * The wildcard characters '*' and '?' can be used to
+     * represent any combination of characters and any single
+     * character, respectively.
+     *
+     * @default "master"
+     */
+    trustedBranch?: string;
+    /**
+     * The name of the role to create.
+     *
+     * @default "github-actions-role"
+     */
+    roleName?: string;
+    /**
+     * The GitHub repositories that the principal trusts.
+     */
+    repositories: {
+        /**
+         * The name of the GitHub repository.
+         *
+         * The wildcard characters '*' and '?' can be used to
+         * represent any combination of characters and any single
+         * character, respectively.
+         *
+         * NOTE: Be careful when using wildcard characters as you
+         * may grant access to repositories you did not intend.
+         *
+         * @example "my-repository"
+         * @example "my-team-*"
+         */
+        name: string;
+        /**
+         * The name of the owner of the GitHub repository.
+         *
+         * NOTE: The owner must explicitly be whitelisted in {@link trustedOwners}.
+         */
+        owner: string;
+    }[];
+    /**
+     * An existing OpenID Connect Provider for GitHub Actions.
+     */
+    oidcProvider: iam.IOpenIdConnectProvider;
+}
+/**
+ * Utility function for validating the construct properties.
+ */
+export declare const validateProps: (props: Props) => boolean;
+/**
+ * Creates an IAM role that can be assumed by GitHub Actions workflows
+ * in specific GitHub repositories and branches using OpenID Connect.
+ */
+export declare class GithubActionsRole extends constructs.Construct {
+    readonly role: iam.Role;
+    constructor(scope: constructs.Construct, id: string, props: Props);
+}

package/lib/build-artifacts/github-actions-role.js ADDED Viewed

@@ -0,0 +1,73 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GithubActionsRole = exports.validateProps = void 0;
+const iam = require("aws-cdk-lib/aws-iam");
+const constructs = require("constructs");
+/**
+ * Utility function for validating the construct properties.
+ */
+const validateProps = (props) => {
+    let valid = true;
+    if (props.trustedOwners.length === 0) {
+        console.error("At least 1 trusted owner must be supplied, but 0 were given");
+        valid = false;
+    }
+    if (props.repositories.length === 0) {
+        console.error("At least 1 repository must be supplied, but 0 were given");
+        valid = false;
+    }
+    props.trustedOwners.forEach((owner) => {
+        if (!owner.match(/^[a-zA-Z0-9-]+$/)) {
+            console.error(`Trusted owner ${owner} contains invalid characters`);
+            valid = false;
+        }
+    });
+    props.repositories.forEach((repository) => {
+        if (!props.trustedOwners.includes(repository.owner)) {
+            console.error(`Owner ${repository.owner} of repository ${repository.name} not configured as a trusted owner`);
+            valid = false;
+        }
+    });
+    return valid;
+};
+exports.validateProps = validateProps;
+/**
+ * Creates an IAM role that can be assumed by GitHub Actions workflows
+ * in specific GitHub repositories and branches using OpenID Connect.
+ */
+class GithubActionsRole extends constructs.Construct {
+    constructor(scope, id, props) {
+        var _a;
+        super(scope, id);
+        if (!(0, exports.validateProps)(props)) {
+            throw new Error("Invalid props were supplied");
+        }
+        const subjects = props.repositories.map((repository) => { var _a; return `repo:${repository.owner}/${repository.name}:ref:refs/heads/${(_a = props.trustedBranch) !== null && _a !== void 0 ? _a : "master"}`; });
+        const fullyQualifiedSubjects = subjects.filter((subject) => !(subject.includes("?") || subject.includes("*")));
+        const wildcardSubjects = subjects.filter((subject) => subject.includes("?") || subject.includes("*"));
+        const principalConditions = {
+            ...(fullyQualifiedSubjects.length && {
+                StringEquals: {
+                    "token.actions.githubusercontent.com:sub": fullyQualifiedSubjects,
+                },
+            }),
+            ...(wildcardSubjects.length && {
+                StringLike: {
+                    "token.actions.githubusercontent.com:sub": wildcardSubjects,
+                },
+            }),
+        };
+        const principal = new iam.FederatedPrincipal(props.oidcProvider.openIdConnectProviderArn, principalConditions, "sts:AssumeRoleWithWebIdentity");
+        // Verify that the principal is configured with a trust relationship
+        // that contains at least one IAM condition with a context key and values
+        if (!Object.values(principalConditions).some((conditionElement) => Object.entries(conditionElement).some(([conditionKey, conditionValue]) => conditionKey && conditionValue.length))) {
+            throw new Error("The principal's trust policy needs to be configured with at least one IAM condition");
+        }
+        this.role = new iam.Role(this, "Role", {
+            roleName: (_a = props.roleName) !== null && _a !== void 0 ? _a : "github-actions-role",
+            assumedBy: principal,
+        });
+    }
+}
+exports.GithubActionsRole = GithubActionsRole;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZ2l0aHViLWFjdGlvbnMtcm9sZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9idWlsZC1hcnRpZmFjdHMvZ2l0aHViLWFjdGlvbnMtcm9sZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSwyQ0FBMEM7QUFDMUMseUNBQXdDO0FBeUR4Qzs7R0FFRztBQUNJLE1BQU0sYUFBYSxHQUFHLENBQUMsS0FBWSxFQUFFLEVBQUU7SUFDNUMsSUFBSSxLQUFLLEdBQUcsSUFBSSxDQUFBO0lBQ2hCLElBQUksS0FBSyxDQUFDLGFBQWEsQ0FBQyxNQUFNLEtBQUssQ0FBQyxFQUFFLENBQUM7UUFDckMsT0FBTyxDQUFDLEtBQUssQ0FBQyw2REFBNkQsQ0FBQyxDQUFBO1FBQzVFLEtBQUssR0FBRyxLQUFLLENBQUE7SUFDZixDQUFDO0lBQ0QsSUFBSSxLQUFLLENBQUMsWUFBWSxDQUFDLE1BQU0sS0FBSyxDQUFDLEVBQUUsQ0FBQztRQUNwQyxPQUFPLENBQUMsS0FBSyxDQUFDLDBEQUEwRCxDQUFDLENBQUE7UUFDekUsS0FBSyxHQUFHLEtBQUssQ0FBQTtJQUNmLENBQUM7SUFDRCxLQUFLLENBQUMsYUFBYSxDQUFDLE9BQU8sQ0FBQyxDQUFDLEtBQUssRUFBRSxFQUFFO1FBQ3BDLElBQUksQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLGlCQUFpQixDQUFDLEVBQUUsQ0FBQztZQUNwQyxPQUFPLENBQUMsS0FBSyxDQUFDLGlCQUFpQixLQUFLLDhCQUE4QixDQUFDLENBQUE7WUFDbkUsS0FBSyxHQUFHLEtBQUssQ0FBQTtRQUNmLENBQUM7SUFDSCxDQUFDLENBQUMsQ0FBQTtJQUVGLEtBQUssQ0FBQyxZQUFZLENBQUMsT0FBTyxDQUFDLENBQUMsVUFBVSxFQUFFLEVBQUU7UUFDeEMsSUFBSSxDQUFDLEtBQUssQ0FBQyxhQUFhLENBQUMsUUFBUSxDQUFDLFVBQVUsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDO1lBQ3BELE9BQU8sQ0FBQyxLQUFLLENBQ1gsU0FBUyxVQUFVLENBQUMsS0FBSyxrQkFBa0IsVUFBVSxDQUFDLElBQUksb0NBQW9DLENBQy9GLENBQUE7WUFDRCxLQUFLLEdBQUcsS0FBSyxDQUFBO1FBQ2YsQ0FBQztJQUNILENBQUMsQ0FBQyxDQUFBO0lBQ0YsT0FBTyxLQUFLLENBQUE7QUFDZCxDQUFDLENBQUE7QUExQlksUUFBQSxhQUFhLGlCQTBCekI7QUFFRDs7O0dBR0c7QUFDSCxNQUFhLGlCQUFrQixTQUFRLFVBQVUsQ0FBQyxTQUFTO0lBR3pELFlBQVksS0FBMkIsRUFBRSxFQUFVLEVBQUUsS0FBWTs7UUFDL0QsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQTtRQUNoQixJQUFJLENBQUMsSUFBQSxxQkFBYSxFQUFDLEtBQUssQ0FBQyxFQUFFLENBQUM7WUFDMUIsTUFBTSxJQUFJLEtBQUssQ0FBQyw2QkFBNkIsQ0FBQyxDQUFBO1FBQ2hELENBQUM7UUFFRCxNQUFNLFFBQVEsR0FBRyxLQUFLLENBQUMsWUFBWSxDQUFDLEdBQUcsQ0FDckMsQ0FBQyxVQUFVLEVBQUUsRUFBRSxXQUNiLE9BQUEsUUFBUSxVQUFVLENBQUMsS0FBSyxJQUFJLFVBQVUsQ0FBQyxJQUFJLG1CQUFtQixNQUFBLEtBQUssQ0FBQyxhQUFhLG1DQUFJLFFBQVEsRUFBRSxDQUFBLEVBQUEsQ0FDbEcsQ0FBQTtRQUNELE1BQU0sc0JBQXNCLEdBQUcsUUFBUSxDQUFDLE1BQU0sQ0FDNUMsQ0FBQyxPQUFPLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxJQUFJLE9BQU8sQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FDL0QsQ0FBQTtRQUVELE1BQU0sZ0JBQWdCLEdBQUcsUUFBUSxDQUFDLE1BQU0sQ0FDdEMsQ0FBQyxPQUFPLEVBQUUsRUFBRSxDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLElBQUksT0FBTyxDQUFDLFFBQVEsQ0FBQyxHQUFHLENBQUMsQ0FDNUQsQ0FBQTtRQUNELE1BQU0sbUJBQW1CLEdBQUc7WUFDMUIsR0FBRyxDQUFDLHNCQUFzQixDQUFDLE1BQU0sSUFBSTtnQkFDbkMsWUFBWSxFQUFFO29CQUNaLHlDQUF5QyxFQUFFLHNCQUFzQjtpQkFDbEU7YUFDRixDQUFDO1lBQ0YsR0FBRyxDQUFDLGdCQUFnQixDQUFDLE1BQU0sSUFBSTtnQkFDN0IsVUFBVSxFQUFFO29CQUNWLHlDQUF5QyxFQUFFLGdCQUFnQjtpQkFDNUQ7YUFDRixDQUFDO1NBQ0gsQ0FBQTtRQUVELE1BQU0sU0FBUyxHQUFHLElBQUksR0FBRyxDQUFDLGtCQUFrQixDQUMxQyxLQUFLLENBQUMsWUFBWSxDQUFDLHdCQUF3QixFQUMzQyxtQkFBbUIsRUFDbkIsK0JBQStCLENBQ2hDLENBQUE7UUFFRCxvRUFBb0U7UUFDcEUseUVBQXlFO1FBQ3pFLElBQ0UsQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLG1CQUFtQixDQUFDLENBQUMsSUFBSSxDQUFDLENBQUMsZ0JBQWdCLEVBQUUsRUFBRSxDQUM1RCxNQUFNLENBQUMsT0FBTyxDQUFDLGdCQUFnQixDQUFDLENBQUMsSUFBSSxDQUNuQyxDQUFDLENBQUMsWUFBWSxFQUFFLGNBQWMsQ0FBQyxFQUFFLEVBQUUsQ0FDakMsWUFBWSxJQUFJLGNBQWMsQ0FBQyxNQUFNLENBQ3hDLENBQ0YsRUFDRCxDQUFDO1lBQ0QsTUFBTSxJQUFJLEtBQUssQ0FDYixxRkFBcUYsQ0FDdEYsQ0FBQTtRQUNILENBQUM7UUFDRCxJQUFJLENBQUMsSUFBSSxHQUFHLElBQUksR0FBRyxDQUFDLElBQUksQ0FBQyxJQUFJLEVBQUUsTUFBTSxFQUFFO1lBQ3JDLFFBQVEsRUFBRSxNQUFBLEtBQUssQ0FBQyxRQUFRLG1DQUFJLHFCQUFxQjtZQUNqRCxTQUFTLEVBQUUsU0FBUztTQUNyQixDQUFDLENBQUE7SUFDSixDQUFDO0NBQ0Y7QUExREQsOENBMERDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0ICogYXMgaWFtIGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtaWFtXCJcbmltcG9ydCAqIGFzIGNvbnN0cnVjdHMgZnJvbSBcImNvbnN0cnVjdHNcIlxuXG5leHBvcnQgaW50ZXJmYWNlIFByb3BzIHtcbiAgLyoqXG4gICAqIEEgbGlzdCBvZiB0cnVzdGVkIEdpdEh1YiByZXBvc2l0b3J5IG93bmVycy5cbiAgICpcbiAgICogVGhpcyBmdW5jdGlvbnMgYXMgYSBzb3J0IG9mIHdoaXRlbGlzdCB0byBjYXRjaFxuICAgKiBwb3RlbnRpYWwgdHlwb3MgaW4ge0BsaW5rIHJlcG9zaXRvcmllc30uXG4gICAqL1xuICB0cnVzdGVkT3duZXJzOiBzdHJpbmdbXVxuICAvKipcbiAgICogVGhlIG5hbWUgb2YgdGhlIHRydXN0ZWQgYnJhbmNoLlxuICAgKlxuICAgKiBUaGUgd2lsZGNhcmQgY2hhcmFjdGVycyAnKicgYW5kICc/JyBjYW4gYmUgdXNlZCB0b1xuICAgKiByZXByZXNlbnQgYW55IGNvbWJpbmF0aW9uIG9mIGNoYXJhY3RlcnMgYW5kIGFueSBzaW5nbGVcbiAgICogY2hhcmFjdGVyLCByZXNwZWN0aXZlbHkuXG4gICAqXG4gICAqIEBkZWZhdWx0IFwibWFzdGVyXCJcbiAgICovXG4gIHRydXN0ZWRCcmFuY2g/OiBzdHJpbmdcbiAgLyoqXG4gICAqIFRoZSBuYW1lIG9mIHRoZSByb2xlIHRvIGNyZWF0ZS5cbiAgICpcbiAgICogQGRlZmF1bHQgXCJnaXRodWItYWN0aW9ucy1yb2xlXCJcbiAgICovXG4gIHJvbGVOYW1lPzogc3RyaW5nXG4gIC8qKlxuICAgKiBUaGUgR2l0SHViIHJlcG9zaXRvcmllcyB0aGF0IHRoZSBwcmluY2lwYWwgdHJ1c3RzLlxuICAgKi9cbiAgcmVwb3NpdG9yaWVzOiB7XG4gICAgLyoqXG4gICAgICogVGhlIG5hbWUgb2YgdGhlIEdpdEh1YiByZXBvc2l0b3J5LlxuICAgICAqXG4gICAgICogVGhlIHdpbGRjYXJkIGNoYXJhY3RlcnMgJyonIGFuZCAnPycgY2FuIGJlIHVzZWQgdG9cbiAgICAgKiByZXByZXNlbnQgYW55IGNvbWJpbmF0aW9uIG9mIGNoYXJhY3RlcnMgYW5kIGFueSBzaW5nbGVcbiAgICAgKiBjaGFyYWN0ZXIsIHJlc3BlY3RpdmVseS5cbiAgICAgKlxuICAgICAqIE5PVEU6IEJlIGNhcmVmdWwgd2hlbiB1c2luZyB3aWxkY2FyZCBjaGFyYWN0ZXJzIGFzIHlvdVxuICAgICAqIG1heSBncmFudCBhY2Nlc3MgdG8gcmVwb3NpdG9yaWVzIHlvdSBkaWQgbm90IGludGVuZC5cbiAgICAgKlxuICAgICAqIEBleGFtcGxlIFwibXktcmVwb3NpdG9yeVwiXG4gICAgICogQGV4YW1wbGUgXCJteS10ZWFtLSpcIlxuICAgICAqL1xuICAgIG5hbWU6IHN0cmluZ1xuICAgIC8qKlxuICAgICAqIFRoZSBuYW1lIG9mIHRoZSBvd25lciBvZiB0aGUgR2l0SHViIHJlcG9zaXRvcnkuXG4gICAgICpcbiAgICAgKiBOT1RFOiBUaGUgb3duZXIgbXVzdCBleHBsaWNpdGx5IGJlIHdoaXRlbGlzdGVkIGluIHtAbGluayB0cnVzdGVkT3duZXJzfS5cbiAgICAgKi9cbiAgICBvd25lcjogc3RyaW5nXG4gIH1bXVxuICAvKipcbiAgICogQW4gZXhpc3RpbmcgT3BlbklEIENvbm5lY3QgUHJvdmlkZXIgZm9yIEdpdEh1YiBBY3Rpb25zLlxuICAgKi9cbiAgb2lkY1Byb3ZpZGVyOiBpYW0uSU9wZW5JZENvbm5lY3RQcm92aWRlclxufVxuXG4vKipcbiAqIFV0aWxpdHkgZnVuY3Rpb24gZm9yIHZhbGlkYXRpbmcgdGhlIGNvbnN0cnVjdCBwcm9wZXJ0aWVzLlxuICovXG5leHBvcnQgY29uc3QgdmFsaWRhdGVQcm9wcyA9IChwcm9wczogUHJvcHMpID0+IHtcbiAgbGV0IHZhbGlkID0gdHJ1ZVxuICBpZiAocHJvcHMudHJ1c3RlZE93bmVycy5sZW5ndGggPT09IDApIHtcbiAgICBjb25zb2xlLmVycm9yKFwiQXQgbGVhc3QgMSB0cnVzdGVkIG93bmVyIG11c3QgYmUgc3VwcGxpZWQsIGJ1dCAwIHdlcmUgZ2l2ZW5cIilcbiAgICB2YWxpZCA9IGZhbHNlXG4gIH1cbiAgaWYgKHByb3BzLnJlcG9zaXRvcmllcy5sZW5ndGggPT09IDApIHtcbiAgICBjb25zb2xlLmVycm9yKFwiQXQgbGVhc3QgMSByZXBvc2l0b3J5IG11c3QgYmUgc3VwcGxpZWQsIGJ1dCAwIHdlcmUgZ2l2ZW5cIilcbiAgICB2YWxpZCA9IGZhbHNlXG4gIH1cbiAgcHJvcHMudHJ1c3RlZE93bmVycy5mb3JFYWNoKChvd25lcikgPT4ge1xuICAgIGlmICghb3duZXIubWF0Y2goL15bYS16QS1aMC05LV0rJC8pKSB7XG4gICAgICBjb25zb2xlLmVycm9yKGBUcnVzdGVkIG93bmVyICR7b3duZXJ9IGNvbnRhaW5zIGludmFsaWQgY2hhcmFjdGVyc2ApXG4gICAgICB2YWxpZCA9IGZhbHNlXG4gICAgfVxuICB9KVxuXG4gIHByb3BzLnJlcG9zaXRvcmllcy5mb3JFYWNoKChyZXBvc2l0b3J5KSA9PiB7XG4gICAgaWYgKCFwcm9wcy50cnVzdGVkT3duZXJzLmluY2x1ZGVzKHJlcG9zaXRvcnkub3duZXIpKSB7XG4gICAgICBjb25zb2xlLmVycm9yKFxuICAgICAgICBgT3duZXIgJHtyZXBvc2l0b3J5Lm93bmVyfSBvZiByZXBvc2l0b3J5ICR7cmVwb3NpdG9yeS5uYW1lfSBub3QgY29uZmlndXJlZCBhcyBhIHRydXN0ZWQgb3duZXJgLFxuICAgICAgKVxuICAgICAgdmFsaWQgPSBmYWxzZVxuICAgIH1cbiAgfSlcbiAgcmV0dXJuIHZhbGlkXG59XG5cbi8qKlxuICogQ3JlYXRlcyBhbiBJQU0gcm9sZSB0aGF0IGNhbiBiZSBhc3N1bWVkIGJ5IEdpdEh1YiBBY3Rpb25zIHdvcmtmbG93c1xuICogaW4gc3BlY2lmaWMgR2l0SHViIHJlcG9zaXRvcmllcyBhbmQgYnJhbmNoZXMgdXNpbmcgT3BlbklEIENvbm5lY3QuXG4gKi9cbmV4cG9ydCBjbGFzcyBHaXRodWJBY3Rpb25zUm9sZSBleHRlbmRzIGNvbnN0cnVjdHMuQ29uc3RydWN0IHtcbiAgcHVibGljIHJlYWRvbmx5IHJvbGU6IGlhbS5Sb2xlXG5cbiAgY29uc3RydWN0b3Ioc2NvcGU6IGNvbnN0cnVjdHMuQ29uc3RydWN0LCBpZDogc3RyaW5nLCBwcm9wczogUHJvcHMpIHtcbiAgICBzdXBlcihzY29wZSwgaWQpXG4gICAgaWYgKCF2YWxpZGF0ZVByb3BzKHByb3BzKSkge1xuICAgICAgdGhyb3cgbmV3IEVycm9yKFwiSW52YWxpZCBwcm9wcyB3ZXJlIHN1cHBsaWVkXCIpXG4gICAgfVxuXG4gICAgY29uc3Qgc3ViamVjdHMgPSBwcm9wcy5yZXBvc2l0b3JpZXMubWFwKFxuICAgICAgKHJlcG9zaXRvcnkpID0+XG4gICAgICAgIGByZXBvOiR7cmVwb3NpdG9yeS5vd25lcn0vJHtyZXBvc2l0b3J5Lm5hbWV9OnJlZjpyZWZzL2hlYWRzLyR7cHJvcHMudHJ1c3RlZEJyYW5jaCA/PyBcIm1hc3RlclwifWAsXG4gICAgKVxuICAgIGNvbnN0IGZ1bGx5UXVhbGlmaWVkU3ViamVjdHMgPSBzdWJqZWN0cy5maWx0ZXIoXG4gICAgICAoc3ViamVjdCkgPT4gIShzdWJqZWN0LmluY2x1ZGVzKFwiP1wiKSB8fCBzdWJqZWN0LmluY2x1ZGVzKFwiKlwiKSksXG4gICAgKVxuXG4gICAgY29uc3Qgd2lsZGNhcmRTdWJqZWN0cyA9IHN1YmplY3RzLmZpbHRlcihcbiAgICAgIChzdWJqZWN0KSA9PiBzdWJqZWN0LmluY2x1ZGVzKFwiP1wiKSB8fCBzdWJqZWN0LmluY2x1ZGVzKFwiKlwiKSxcbiAgICApXG4gICAgY29uc3QgcHJpbmNpcGFsQ29uZGl0aW9ucyA9IHtcbiAgICAgIC4uLihmdWxseVF1YWxpZmllZFN1YmplY3RzLmxlbmd0aCAmJiB7XG4gICAgICAgIFN0cmluZ0VxdWFsczoge1xuICAgICAgICAgIFwidG9rZW4uYWN0aW9ucy5naXRodWJ1c2VyY29udGVudC5jb206c3ViXCI6IGZ1bGx5UXVhbGlmaWVkU3ViamVjdHMsXG4gICAgICAgIH0sXG4gICAgICB9KSxcbiAgICAgIC4uLih3aWxkY2FyZFN1YmplY3RzLmxlbmd0aCAmJiB7XG4gICAgICAgIFN0cmluZ0xpa2U6IHtcbiAgICAgICAgICBcInRva2VuLmFjdGlvbnMuZ2l0aHVidXNlcmNvbnRlbnQuY29tOnN1YlwiOiB3aWxkY2FyZFN1YmplY3RzLFxuICAgICAgICB9LFxuICAgICAgfSksXG4gICAgfVxuXG4gICAgY29uc3QgcHJpbmNpcGFsID0gbmV3IGlhbS5GZWRlcmF0ZWRQcmluY2lwYWwoXG4gICAgICBwcm9wcy5vaWRjUHJvdmlkZXIub3BlbklkQ29ubmVjdFByb3ZpZGVyQXJuLFxuICAgICAgcHJpbmNpcGFsQ29uZGl0aW9ucyxcbiAgICAgIFwic3RzOkFzc3VtZVJvbGVXaXRoV2ViSWRlbnRpdHlcIixcbiAgICApXG5cbiAgICAvLyBWZXJpZnkgdGhhdCB0aGUgcHJpbmNpcGFsIGlzIGNvbmZpZ3VyZWQgd2l0aCBhIHRydXN0IHJlbGF0aW9uc2hpcFxuICAgIC8vIHRoYXQgY29udGFpbnMgYXQgbGVhc3Qgb25lIElBTSBjb25kaXRpb24gd2l0aCBhIGNvbnRleHQga2V5IGFuZCB2YWx1ZXNcbiAgICBpZiAoXG4gICAgICAhT2JqZWN0LnZhbHVlcyhwcmluY2lwYWxDb25kaXRpb25zKS5zb21lKChjb25kaXRpb25FbGVtZW50KSA9PlxuICAgICAgICBPYmplY3QuZW50cmllcyhjb25kaXRpb25FbGVtZW50KS5zb21lKFxuICAgICAgICAgIChbY29uZGl0aW9uS2V5LCBjb25kaXRpb25WYWx1ZV0pID0+XG4gICAgICAgICAgICBjb25kaXRpb25LZXkgJiYgY29uZGl0aW9uVmFsdWUubGVuZ3RoLFxuICAgICAgICApLFxuICAgICAgKVxuICAgICkge1xuICAgICAgdGhyb3cgbmV3IEVycm9yKFxuICAgICAgICBcIlRoZSBwcmluY2lwYWwncyB0cnVzdCBwb2xpY3kgbmVlZHMgdG8gYmUgY29uZmlndXJlZCB3aXRoIGF0IGxlYXN0IG9uZSBJQU0gY29uZGl0aW9uXCIsXG4gICAgICApXG4gICAgfVxuICAgIHRoaXMucm9sZSA9IG5ldyBpYW0uUm9sZSh0aGlzLCBcIlJvbGVcIiwge1xuICAgICAgcm9sZU5hbWU6IHByb3BzLnJvbGVOYW1lID8/IFwiZ2l0aHViLWFjdGlvbnMtcm9sZVwiLFxuICAgICAgYXNzdW1lZEJ5OiBwcmluY2lwYWwsXG4gICAgfSlcbiAgfVxufVxuIl19

package/lib/build-artifacts/index.d.ts CHANGED Viewed

@@ -1,57 +1,94 @@
 import * as constructs from "constructs";
 import * as ecr from "aws-cdk-lib/aws-ecr";
+import * as iam from "aws-cdk-lib/aws-iam";
+import { Props as GithubActionsRoleProps } from "./github-actions-role";
 interface Props {
     /**
-     * The name to use for the S3 Bucket. Should include both account and region
-     * so that it will not conflict with other accounts/regions.
+     * The name to use for the S3 Bucket.
      *
-     * @default - no bucket will be created
+     * NOTE: Should include both account and region so that it will
+     * not conflict with other accounts/regions.
      */
-    bucketName?: string;
+    bucketName: string;
     /**
      * The name to use for the ECR Repository.
      */
     ecrRepositoryName: string;
     /**
-     * The lifecycle rules to apply to images stored in the ECR repository.
-     *
-     * @default - Expire images after 180 days
-     */
-    ecrRepositoryLifecycleRules?: ecr.LifecycleRule[];
-    /**
-     * Reference to the IAM Role that will be granted permission to
-     * assume the CI role. This role must have permission to assume
-     * the CI role.
+     * Create a role that can be assumed by Liflig Jenkins.
      *
-     * @default - use Liflig Jenkins role
+     * @deprecated
+     * @default - no role will be created
      */
-    externalRoleArn?: string;
+    ciRoleName?: string;
     /**
-     * The name of the role that will be created that will be assumed
-     * from the CI system.
+     * The lifecycle rules to apply to images stored in the ECR repository.
      *
-     * @default - no role will be created
+     * @default - Expire images after 180 days
      */
-    ciRoleName?: string;
+    ecrRepositoryLifecycleRules?: ecr.LifecycleRule[];
     /**
-     * The AWS Accounts that will be granted permission to read from
+     * ID of AWS accounts that will be granted permission to read from
      * the artifact repos.
      */
-    targetAccountIds: string[];
+    targetAccountIds?: string[];
     /**
-     * Flag if Griid is bootstrapped and the account this construct is
-     * deployed to is the build account. Will attach policies and
-     * reference existing artifacts and roles.
+     * Configuration for creating IAM roles that can be assumed
+     * by GitHub Actions in specific GitHub repositories.
      *
-     * @default false
+     * @default - no roles are created.
      */
-    griid?: boolean;
+    githubActions?: Omit<GithubActionsRoleProps, "trustedOwners" | "trustedBranch" | "oidcProvider" | "roleName"> & {
+        /**
+         * A list of trusted GitHub repository owners.
+         *
+         * @default ["capralifecycle"]
+         */
+        trustedOwners?: string[];
+        /**
+         * The name of the role to create.
+         *
+         * @default "github-actions-role"
+         */
+        roleName?: string;
+        /**
+         * The name of the default branch in all repositories.
+         *
+         * @default "master"
+         */
+        defaultBranch?: string;
+        /**
+         * Configuration for a limited role that can be used on non-default
+         * branches with less IAM permissions than the main role.
+         *
+         * @default - a limited role is created.
+         */
+        limitedRoleConfiguration?: {
+            /**
+             * Whether to create the role or not.
+             *
+             * @default true
+             */
+            enabled?: boolean;
+            /**
+             * The name of the role to create.
+             *
+             * @default "github-actions-limited-role"
+             */
+            roleName?: string;
+        };
+    };
 }
 /**
- * Build artifacts.
+ * Utility function for validating the construct properties.
+ */
+export declare const validateProps: (props: Props) => boolean;
+/**
+ * Create various artifacts used as part of Continuous Integration (CI).
  *
- * This holds a S3 Bucket, a ECR Repository and roles to be used
- * from CI system for uploading.
+ * This includes artifact repositories such as S3 bucket and ECR
+ * repository, as well as IAM role(s) that grant the CI server write
+ * access to these repositories.
  *
  * TODO: How can we cleanup stuff that goes into this S3 Bucket and
  *  ECR Repository? Can we ever reliably cleanup? We probably need
@@ -63,6 +100,8 @@ export declare class BuildArtifacts extends constructs.Construct {
     readonly bucketName: string | undefined;
     readonly ecrRepositoryArn: string;
     readonly ecrRepositoryName: string;
+    readonly role?: iam.Role;
+    readonly limitedRole?: iam.Role;
     constructor(scope: constructs.Construct, id: string, props: Props);
 }
 export {};

package/lib/build-artifacts/index.js CHANGED Viewed

@@ -1,17 +1,59 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.BuildArtifacts = void 0;
+exports.BuildArtifacts = exports.validateProps = void 0;
 const constructs = require("constructs");
 const ecr = require("aws-cdk-lib/aws-ecr");
 const iam = require("aws-cdk-lib/aws-iam");
 const s3 = require("aws-cdk-lib/aws-s3");
 const cdk = require("aws-cdk-lib");
-const griid_1 = require("../griid");
+const github_actions_role_1 = require("./github-actions-role");
 /**
- * Build artifacts.
+ * Utility functions for generating IAM statements.
+ */
+const policyStatements = {
+    allowPipelineVariables: (scope, prefix) => new iam.PolicyStatement({
+        effect: iam.Effect.ALLOW,
+        actions: ["ssm:PutParameter"],
+        resources: [
+            `arn:aws:ssm:${cdk.Stack.of(scope).region}:${cdk.Stack.of(scope).account}:parameter/liflig-cdk/*/pipeline-variables/${prefix !== null && prefix !== void 0 ? prefix : "*"}`,
+        ],
+    }),
+    denyProdPipelines: (scope, bucket) => new iam.PolicyStatement({
+        effect: iam.Effect.DENY,
+        actions: ["s3:*"],
+        resources: [
+            bucket.arnForObjects("pipelines/*-prod/*"),
+            bucket.arnForObjects("pipelines/*-prod-*/*"),
+        ],
+    }),
+    denyProdPipelineVariables: (scope) => new iam.PolicyStatement({
+        effect: iam.Effect.DENY,
+        actions: ["ssm:PutParameter"],
+        resources: [
+            `arn:aws:ssm:${cdk.Stack.of(scope).region}:${cdk.Stack.of(scope).account}:parameter/liflig-cdk/*/pipeline-variables/prod*`,
+        ],
+    }),
+};
+/**
+ * Utility function for validating the construct properties.
+ */
+const validateProps = (props) => {
+    var _a;
+    let valid = true;
+    if (((_a = props.githubActions) === null || _a === void 0 ? void 0 : _a.defaultBranch) &&
+        !props.githubActions.defaultBranch.match(/^[a-zA-Z0-9-]+$/)) {
+        console.error(`Default branch ${props.githubActions.defaultBranch} contains invalid characters`);
+        valid = false;
+    }
+    return valid;
+};
+exports.validateProps = validateProps;
+/**
+ * Create various artifacts used as part of Continuous Integration (CI).
  *
- * This holds a S3 Bucket, a ECR Repository and roles to be used
- * from CI system for uploading.
+ * This includes artifact repositories such as S3 bucket and ECR
+ * repository, as well as IAM role(s) that grant the CI server write
+ * access to these repositories.
  *
  * TODO: How can we cleanup stuff that goes into this S3 Bucket and
  *  ECR Repository? Can we ever reliably cleanup? We probably need
@@ -21,8 +63,11 @@ const griid_1 = require("../griid");
  */
 class BuildArtifacts extends constructs.Construct {
     constructor(scope, id, props) {
-        var _a;
+        var _a, _b, _c, _d, _e, _f, _g;
         super(scope, id);
+        if (!(0, exports.validateProps)(props)) {
+            throw new Error("Invalid props were supplied");
+        }
         this.bucketName = props.bucketName;
         this.ecrRepositoryName = props.ecrRepositoryName;
         this.ecrRepositoryArn = cdk.Arn.format({
@@ -30,38 +75,19 @@ class BuildArtifacts extends constructs.Construct {
             resource: "repository",
             resourceName: this.ecrRepositoryName,
         }, cdk.Stack.of(this));
-        const externalRoleArn = (_a = props.externalRoleArn) !== null && _a !== void 0 ? _a : "arn:aws:iam::923402097046:role/buildtools-jenkins-RoleJenkinsSlave-JQGYHR5WE6C5";
         const ecrRepositoryName = props.ecrRepositoryName;
-        let bucket = undefined;
-        if (props.bucketName) {
-            bucket = new s3.Bucket(this, "S3Bucket", {
-                bucketName: props.bucketName,
-                encryption: s3.BucketEncryption.S3_MANAGED,
-                eventBridgeEnabled: true,
-                blockPublicAccess: s3.BlockPublicAccess.BLOCK_ALL,
-                versioned: true,
-                lifecycleRules: [
-                    {
-                        noncurrentVersionExpiration: cdk.Duration.days(10),
-                    },
-                ],
-            });
-        }
-        const ciRole = props.ciRoleName
-            ? new iam.Role(this, "CiRole", {
-                roleName: props.ciRoleName,
-                assumedBy: new iam.ArnPrincipal(externalRoleArn),
-            })
-            : undefined;
-        const griidCiRole = props.griid
-            ? (0, griid_1.getGriidCiRole)(this)
-            : undefined;
-        if (bucket && ciRole) {
-            bucket.grantReadWrite(ciRole);
-        }
-        if (bucket && griidCiRole) {
-            bucket.grantReadWrite(griidCiRole);
-        }
+        const bucket = new s3.Bucket(this, "S3Bucket", {
+            bucketName: props.bucketName,
+            encryption: s3.BucketEncryption.S3_MANAGED,
+            eventBridgeEnabled: true,
+            blockPublicAccess: s3.BlockPublicAccess.BLOCK_ALL,
+            versioned: true,
+            lifecycleRules: [
+                {
+                    noncurrentVersionExpiration: cdk.Duration.days(10),
+                },
+            ],
+        });
         const ecrRepo = new ecr.Repository(this, "EcrRepository", {
             repositoryName: ecrRepositoryName,
             lifecycleRules: props.ecrRepositoryLifecycleRules || [
@@ -71,48 +97,89 @@ class BuildArtifacts extends constructs.Construct {
                 },
             ],
         });
-        if (ciRole) {
-            ecrRepo.grantPullPush(ciRole);
-        }
-        if (griidCiRole) {
-            ecrRepo.grantPullPush(griidCiRole);
-        }
         // Allow a target to read from the repos. As any specific roles need
         // to exist before we can grant access, we delegate that responsibility
         // to the target account.
-        for (const targetAccountId of props.targetAccountIds) {
-            if (bucket) {
-                bucket.grantRead(new iam.AccountPrincipal(targetAccountId));
-            }
+        for (const targetAccountId of props.targetAccountIds || []) {
+            bucket.grantRead(new iam.AccountPrincipal(targetAccountId));
             ecrRepo.grantPull(new iam.AccountPrincipal(targetAccountId));
         }
-        // Grant permissions to write pipeline variables.
-        if (ciRole || griidCiRole) {
-            const account = cdk.Stack.of(this).account;
-            const region = cdk.Stack.of(this).region;
-            const statement = new iam.PolicyStatement({
-                actions: ["ssm:PutParameter"],
-                resources: [
-                    `arn:aws:ssm:${region}:${account}:parameter/liflig-cdk/*/pipeline-variables/*`,
-                ],
+        if (props.githubActions) {
+            const trustedOwners = (_a = props.githubActions.trustedOwners) !== null && _a !== void 0 ? _a : [
+                "capralifecycle",
+            ];
+            // NOTE: There's an L2 construct that predates the official CloudFormation resource,
+            // and it is therefore implemented as a custom resource.
+            // We use the L1 CloudFormation resource instead because:
+            // 1) it's simpler
+            // 2) there's a chance the L2 construct will be deprecated in the future in favor
+            // of the official CloudFormation resource.
+            const cfnOidcProvider = new iam.CfnOIDCProvider(this, "OpenIdConnectProvider", {
+                url: "https://token.actions.githubusercontent.com",
+                clientIdList: ["sts.amazonaws.com"],
+                // NOTE: The thumbprint isn't actually used, but the AWS API still requires us to supply it.
+                // More details here: https://web.archive.org/web/20240122155758/https://github.com/aws-actions/configure-aws-credentials/issues/357#issuecomment-1626357333
+                thumbprintList: ["1c58a3a8518e8759bf075b76b750d4f2df264fcd"],
             });
-            ciRole === null || ciRole === void 0 ? void 0 : ciRole.grantPrincipal.addToPrincipalPolicy(statement);
-            griidCiRole === null || griidCiRole === void 0 ? void 0 : griidCiRole.grantPrincipal.addToPrincipalPolicy(statement);
+            const oidcProvider = iam.OpenIdConnectProvider.fromOpenIdConnectProviderArn(this, "Provider", cfnOidcProvider.ref);
+            const createLimitedRole = (_c = (_b = props.githubActions.limitedRoleConfiguration) === null || _b === void 0 ? void 0 : _b.enabled) !== null && _c !== void 0 ? _c : true;
+            const role = new github_actions_role_1.GithubActionsRole(this, "GithubActionsRole", {
+                oidcProvider,
+                trustedOwners,
+                roleName: (_d = props.githubActions.roleName) !== null && _d !== void 0 ? _d : "github-actions-role",
+                trustedBranch: createLimitedRole
+                    ? (_e = props.githubActions.defaultBranch) !== null && _e !== void 0 ? _e : "master"
+                    : // NOTE: If the limited role is disabled, only one role will be created
+                        // and that role then needs to be assumable from all branches.
+                        "*",
+                repositories: props.githubActions.repositories,
+            });
+            this.role = role.role;
+            this.role.addToPolicy(policyStatements.allowPipelineVariables(this));
+            bucket.grantPut(this.role);
+            ecrRepo.grantPullPush(this.role);
+            if (createLimitedRole) {
+                const limitedRole = new github_actions_role_1.GithubActionsRole(this, "GithubActionsLimitedRole", {
+                    oidcProvider,
+                    trustedOwners,
+                    roleName: (_g = (_f = props.githubActions.limitedRoleConfiguration) === null || _f === void 0 ? void 0 : _f.roleName) !== null && _g !== void 0 ? _g : "github-actions-limited-role",
+                    // NOTE: The limited role can be assumed from all branches.
+                    trustedBranch: "*",
+                    repositories: props.githubActions.repositories,
+                });
+                this.limitedRole = limitedRole.role;
+                this.limitedRole.addToPolicy(policyStatements.allowPipelineVariables(this, "dev*"));
+                this.limitedRole.addToPolicy(policyStatements.denyProdPipelines(scope, bucket));
+                bucket.grantPut(this.limitedRole);
+                ecrRepo.grantPullPush(this.limitedRole);
+            }
+        }
+        if (props.ciRoleName) {
+            const legacyRoleForJenkins = new iam.Role(this, "CiRole", {
+                roleName: props.ciRoleName,
+                assumedBy: new iam.ArnPrincipal("arn:aws:iam::923402097046:role/buildtools-jenkins-RoleJenkinsSlave-JQGYHR5WE6C5"),
+            });
+            legacyRoleForJenkins.addToPolicy(policyStatements.allowPipelineVariables(this));
+            bucket.grantPut(legacyRoleForJenkins);
+            ecrRepo.grantPullPush(legacyRoleForJenkins);
         }
         new cdk.CfnOutput(this, "EcrRepoUri", {
             value: ecrRepo.repositoryUri,
         });
-        if (bucket) {
-            new cdk.CfnOutput(this, "BucketName", {
-                value: bucket.bucketName,
+        new cdk.CfnOutput(this, "BucketName", {
+            value: bucket.bucketName,
+        });
+        if (this.role) {
+            new cdk.CfnOutput(this, "RoleArn", {
+                value: this.role.roleArn,
             });
         }
-        if (ciRole) {
-            new cdk.CfnOutput(this, "CiRoleArn", {
-                value: ciRole.roleArn,
+        if (this.limitedRole) {
+            new cdk.CfnOutput(this, "LimitedRoleArn", {
+                value: this.limitedRole.roleArn,
             });
         }
     }
 }
 exports.BuildArtifacts = BuildArtifacts;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvYnVpbGQtYXJ0aWZhY3RzL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLHlDQUF3QztBQUN4QywyQ0FBMEM7QUFDMUMsMkNBQTBDO0FBQzFDLHlDQUF3QztBQUN4QyxtQ0FBa0M7QUFDbEMsb0NBQXlDO0FBa0R6Qzs7Ozs7Ozs7Ozs7R0FXRztBQUNILE1BQWEsY0FBZSxTQUFRLFVBQVUsQ0FBQyxTQUFTO0lBS3RELFlBQVksS0FBMkIsRUFBRSxFQUFVLEVBQUUsS0FBWTs7UUFDL0QsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQTtRQUVoQixJQUFJLENBQUMsVUFBVSxHQUFHLEtBQUssQ0FBQyxVQUFVLENBQUE7UUFDbEMsSUFBSSxDQUFDLGlCQUFpQixHQUFHLEtBQUssQ0FBQyxpQkFBaUIsQ0FBQTtRQUNoRCxJQUFJLENBQUMsZ0JBQWdCLEdBQUcsR0FBRyxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQ3BDO1lBQ0UsT0FBTyxFQUFFLEtBQUs7WUFDZCxRQUFRLEVBQUUsWUFBWTtZQUN0QixZQUFZLEVBQUUsSUFBSSxDQUFDLGlCQUFpQjtTQUNyQyxFQUNELEdBQUcsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDLElBQUksQ0FBQyxDQUNuQixDQUFBO1FBRUQsTUFBTSxlQUFlLEdBQ25CLE1BQUEsS0FBSyxDQUFDLGVBQWUsbUNBQ3JCLGlGQUFpRixDQUFBO1FBRW5GLE1BQU0saUJBQWlCLEdBQUcsS0FBSyxDQUFDLGlCQUFpQixDQUFBO1FBRWpELElBQUksTUFBTSxHQUEwQixTQUFTLENBQUE7UUFFN0MsSUFBSSxLQUFLLENBQUMsVUFBVSxFQUFFLENBQUM7WUFDckIsTUFBTSxHQUFHLElBQUksRUFBRSxDQUFDLE1BQU0sQ0FBQyxJQUFJLEVBQUUsVUFBVSxFQUFFO2dCQUN2QyxVQUFVLEVBQUUsS0FBSyxDQUFDLFVBQVU7Z0JBQzVCLFVBQVUsRUFBRSxFQUFFLENBQUMsZ0JBQWdCLENBQUMsVUFBVTtnQkFDMUMsa0JBQWtCLEVBQUUsSUFBSTtnQkFDeEIsaUJBQWlCLEVBQUUsRUFBRSxDQUFDLGlCQUFpQixDQUFDLFNBQVM7Z0JBQ2pELFNBQVMsRUFBRSxJQUFJO2dCQUNmLGNBQWMsRUFBRTtvQkFDZDt3QkFDRSwyQkFBMkIsRUFBRSxHQUFHLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUM7cUJBQ25EO2lCQUNGO2FBQ0YsQ0FBQyxDQUFBO1FBQ0osQ0FBQztRQUVELE1BQU0sTUFBTSxHQUF5QixLQUFLLENBQUMsVUFBVTtZQUNuRCxDQUFDLENBQUMsSUFBSSxHQUFHLENBQUMsSUFBSSxDQUFDLElBQUksRUFBRSxRQUFRLEVBQUU7Z0JBQzNCLFFBQVEsRUFBRSxLQUFLLENBQUMsVUFBVTtnQkFDMUIsU0FBUyxFQUFFLElBQUksR0FBRyxDQUFDLFlBQVksQ0FBQyxlQUFlLENBQUM7YUFDakQsQ0FBQztZQUNKLENBQUMsQ0FBQyxTQUFTLENBQUE7UUFFYixNQUFNLFdBQVcsR0FBMEIsS0FBSyxDQUFDLEtBQUs7WUFDcEQsQ0FBQyxDQUFDLElBQUEsc0JBQWMsRUFBQyxJQUFJLENBQUM7WUFDdEIsQ0FBQyxDQUFDLFNBQVMsQ0FBQTtRQUViLElBQUksTUFBTSxJQUFJLE1BQU0sRUFBRSxDQUFDO1lBQ3JCLE1BQU0sQ0FBQyxjQUFjLENBQUMsTUFBTSxDQUFDLENBQUE7UUFDL0IsQ0FBQztRQUVELElBQUksTUFBTSxJQUFJLFdBQVcsRUFBRSxDQUFDO1lBQzFCLE1BQU0sQ0FBQyxjQUFjLENBQUMsV0FBVyxDQUFDLENBQUE7UUFDcEMsQ0FBQztRQUVELE1BQU0sT0FBTyxHQUFHLElBQUksR0FBRyxDQUFDLFVBQVUsQ0FBQyxJQUFJLEVBQUUsZUFBZSxFQUFFO1lBQ3hELGNBQWMsRUFBRSxpQkFBaUI7WUFDakMsY0FBYyxFQUFFLEtBQUssQ0FBQywyQkFBMkIsSUFBSTtnQkFDbkQ7b0JBQ0UsV0FBVyxFQUFFLEdBQUcsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQztvQkFDbkMsU0FBUyxFQUFFLEdBQUcsQ0FBQyxTQUFTLENBQUMsR0FBRztpQkFDN0I7YUFDRjtTQUNGLENBQUMsQ0FBQTtRQUVGLElBQUksTUFBTSxFQUFFLENBQUM7WUFDWCxPQUFPLENBQUMsYUFBYSxDQUFDLE1BQU0sQ0FBQyxDQUFBO1FBQy9CLENBQUM7UUFFRCxJQUFJLFdBQVcsRUFBRSxDQUFDO1lBQ2hCLE9BQU8sQ0FBQyxhQUFhLENBQUMsV0FBVyxDQUFDLENBQUE7UUFDcEMsQ0FBQztRQUVELG9FQUFvRTtRQUNwRSx1RUFBdUU7UUFDdkUseUJBQXlCO1FBQ3pCLEtBQUssTUFBTSxlQUFlLElBQUksS0FBSyxDQUFDLGdCQUFnQixFQUFFLENBQUM7WUFDckQsSUFBSSxNQUFNLEVBQUUsQ0FBQztnQkFDWCxNQUFNLENBQUMsU0FBUyxDQUFDLElBQUksR0FBRyxDQUFDLGdCQUFnQixDQUFDLGVBQWUsQ0FBQyxDQUFDLENBQUE7WUFDN0QsQ0FBQztZQUNELE9BQU8sQ0FBQyxTQUFTLENBQUMsSUFBSSxHQUFHLENBQUMsZ0JBQWdCLENBQUMsZUFBZSxDQUFDLENBQUMsQ0FBQTtRQUM5RCxDQUFDO1FBRUQsaURBQWlEO1FBQ2pELElBQUksTUFBTSxJQUFJLFdBQVcsRUFBRSxDQUFDO1lBQzFCLE1BQU0sT0FBTyxHQUFHLEdBQUcsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDLElBQUksQ0FBQyxDQUFDLE9BQU8sQ0FBQTtZQUMxQyxNQUFNLE1BQU0sR0FBRyxHQUFHLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQyxJQUFJLENBQUMsQ0FBQyxNQUFNLENBQUE7WUFDeEMsTUFBTSxTQUFTLEdBQUcsSUFBSSxHQUFHLENBQUMsZUFBZSxDQUFDO2dCQUN4QyxPQUFPLEVBQUUsQ0FBQyxrQkFBa0IsQ0FBQztnQkFDN0IsU0FBUyxFQUFFO29CQUNULGVBQWUsTUFBTSxJQUFJLE9BQU8sOENBQThDO2lCQUMvRTthQUNGLENBQUMsQ0FBQTtZQUVGLE1BQU0sYUFBTixNQUFNLHVCQUFOLE1BQU0sQ0FBRSxjQUFjLENBQUMsb0JBQW9CLENBQUMsU0FBUyxDQUFDLENBQUE7WUFDdEQsV0FBVyxhQUFYLFdBQVcsdUJBQVgsV0FBVyxDQUFFLGNBQWMsQ0FBQyxvQkFBb0IsQ0FBQyxTQUFTLENBQUMsQ0FBQTtRQUM3RCxDQUFDO1FBRUQsSUFBSSxHQUFHLENBQUMsU0FBUyxDQUFDLElBQUksRUFBRSxZQUFZLEVBQUU7WUFDcEMsS0FBSyxFQUFFLE9BQU8sQ0FBQyxhQUFhO1NBQzdCLENBQUMsQ0FBQTtRQUVGLElBQUksTUFBTSxFQUFFLENBQUM7WUFDWCxJQUFJLEdBQUcsQ0FBQyxTQUFTLENBQUMsSUFBSSxFQUFFLFlBQVksRUFBRTtnQkFDcEMsS0FBSyxFQUFFLE1BQU0sQ0FBQyxVQUFVO2FBQ3pCLENBQUMsQ0FBQTtRQUNKLENBQUM7UUFFRCxJQUFJLE1BQU0sRUFBRSxDQUFDO1lBQ1gsSUFBSSxHQUFHLENBQUMsU0FBUyxDQUFDLElBQUksRUFBRSxXQUFXLEVBQUU7Z0JBQ25DLEtBQUssRUFBRSxNQUFNLENBQUMsT0FBTzthQUN0QixDQUFDLENBQUE7UUFDSixDQUFDO0lBQ0gsQ0FBQztDQUNGO0FBeEhELHdDQXdIQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCAqIGFzIGNvbnN0cnVjdHMgZnJvbSBcImNvbnN0cnVjdHNcIlxuaW1wb3J0ICogYXMgZWNyIGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtZWNyXCJcbmltcG9ydCAqIGFzIGlhbSBmcm9tIFwiYXdzLWNkay1saWIvYXdzLWlhbVwiXG5pbXBvcnQgKiBhcyBzMyBmcm9tIFwiYXdzLWNkay1saWIvYXdzLXMzXCJcbmltcG9ydCAqIGFzIGNkayBmcm9tIFwiYXdzLWNkay1saWJcIlxuaW1wb3J0IHsgZ2V0R3JpaWRDaVJvbGUgfSBmcm9tIFwiLi4vZ3JpaWRcIlxuXG5pbnRlcmZhY2UgUHJvcHMge1xuICAvKipcbiAgICogVGhlIG5hbWUgdG8gdXNlIGZvciB0aGUgUzMgQnVja2V0LiBTaG91bGQgaW5jbHVkZSBib3RoIGFjY291bnQgYW5kIHJlZ2lvblxuICAgKiBzbyB0aGF0IGl0IHdpbGwgbm90IGNvbmZsaWN0IHdpdGggb3RoZXIgYWNjb3VudHMvcmVnaW9ucy5cbiAgICpcbiAgICogQGRlZmF1bHQgLSBubyBidWNrZXQgd2lsbCBiZSBjcmVhdGVkXG4gICAqL1xuICBidWNrZXROYW1lPzogc3RyaW5nXG4gIC8qKlxuICAgKiBUaGUgbmFtZSB0byB1c2UgZm9yIHRoZSBFQ1IgUmVwb3NpdG9yeS5cbiAgICovXG4gIGVjclJlcG9zaXRvcnlOYW1lOiBzdHJpbmdcbiAgLyoqXG4gICAqIFRoZSBsaWZlY3ljbGUgcnVsZXMgdG8gYXBwbHkgdG8gaW1hZ2VzIHN0b3JlZCBpbiB0aGUgRUNSIHJlcG9zaXRvcnkuXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gRXhwaXJlIGltYWdlcyBhZnRlciAxODAgZGF5c1xuICAgKi9cbiAgZWNyUmVwb3NpdG9yeUxpZmVjeWNsZVJ1bGVzPzogZWNyLkxpZmVjeWNsZVJ1bGVbXVxuICAvKipcbiAgICogUmVmZXJlbmNlIHRvIHRoZSBJQU0gUm9sZSB0aGF0IHdpbGwgYmUgZ3JhbnRlZCBwZXJtaXNzaW9uIHRvXG4gICAqIGFzc3VtZSB0aGUgQ0kgcm9sZS4gVGhpcyByb2xlIG11c3QgaGF2ZSBwZXJtaXNzaW9uIHRvIGFzc3VtZVxuICAgKiB0aGUgQ0kgcm9sZS5cbiAgICpcbiAgICogQGRlZmF1bHQgLSB1c2UgTGlmbGlnIEplbmtpbnMgcm9sZVxuICAgKi9cbiAgZXh0ZXJuYWxSb2xlQXJuPzogc3RyaW5nXG4gIC8qKlxuICAgKiBUaGUgbmFtZSBvZiB0aGUgcm9sZSB0aGF0IHdpbGwgYmUgY3JlYXRlZCB0aGF0IHdpbGwgYmUgYXNzdW1lZFxuICAgKiBmcm9tIHRoZSBDSSBzeXN0ZW0uXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gbm8gcm9sZSB3aWxsIGJlIGNyZWF0ZWRcbiAgICovXG4gIGNpUm9sZU5hbWU/OiBzdHJpbmdcbiAgLyoqXG4gICAqIFRoZSBBV1MgQWNjb3VudHMgdGhhdCB3aWxsIGJlIGdyYW50ZWQgcGVybWlzc2lvbiB0byByZWFkIGZyb21cbiAgICogdGhlIGFydGlmYWN0IHJlcG9zLlxuICAgKi9cbiAgdGFyZ2V0QWNjb3VudElkczogc3RyaW5nW11cbiAgLyoqXG4gICAqIEZsYWcgaWYgR3JpaWQgaXMgYm9vdHN0cmFwcGVkIGFuZCB0aGUgYWNjb3VudCB0aGlzIGNvbnN0cnVjdCBpc1xuICAgKiBkZXBsb3llZCB0byBpcyB0aGUgYnVpbGQgYWNjb3VudC4gV2lsbCBhdHRhY2ggcG9saWNpZXMgYW5kXG4gICAqIHJlZmVyZW5jZSBleGlzdGluZyBhcnRpZmFjdHMgYW5kIHJvbGVzLlxuICAgKlxuICAgKiBAZGVmYXVsdCBmYWxzZVxuICAgKi9cbiAgZ3JpaWQ/OiBib29sZWFuXG59XG5cbi8qKlxuICogQnVpbGQgYXJ0aWZhY3RzLlxuICpcbiAqIFRoaXMgaG9sZHMgYSBTMyBCdWNrZXQsIGEgRUNSIFJlcG9zaXRvcnkgYW5kIHJvbGVzIHRvIGJlIHVzZWRcbiAqIGZyb20gQ0kgc3lzdGVtIGZvciB1cGxvYWRpbmcuXG4gKlxuICogVE9ETzogSG93IGNhbiB3ZSBjbGVhbnVwIHN0dWZmIHRoYXQgZ29lcyBpbnRvIHRoaXMgUzMgQnVja2V0IGFuZFxuICogIEVDUiBSZXBvc2l0b3J5PyBDYW4gd2UgZXZlciByZWxpYWJseSBjbGVhbnVwPyBXZSBwcm9iYWJseSBuZWVkXG4gKiAgc29tZSBzdHJhdGVneSBmb3IgaG93IHdlIHB1dCBzdHVmZiBoZXJlIHRvIGJlIGFibGUgdG8gZG8gaXQuXG4gKlxuICogQGV4cGVyaW1lbnRhbFxuICovXG5leHBvcnQgY2xhc3MgQnVpbGRBcnRpZmFjdHMgZXh0ZW5kcyBjb25zdHJ1Y3RzLkNvbnN0cnVjdCB7XG4gIHJlYWRvbmx5IGJ1Y2tldE5hbWU6IHN0cmluZyB8IHVuZGVmaW5lZFxuICByZWFkb25seSBlY3JSZXBvc2l0b3J5QXJuOiBzdHJpbmdcbiAgcmVhZG9ubHkgZWNyUmVwb3NpdG9yeU5hbWU6IHN0cmluZ1xuXG4gIGNvbnN0cnVjdG9yKHNjb3BlOiBjb25zdHJ1Y3RzLkNvbnN0cnVjdCwgaWQ6IHN0cmluZywgcHJvcHM6IFByb3BzKSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkKVxuXG4gICAgdGhpcy5idWNrZXROYW1lID0gcHJvcHMuYnVja2V0TmFtZVxuICAgIHRoaXMuZWNyUmVwb3NpdG9yeU5hbWUgPSBwcm9wcy5lY3JSZXBvc2l0b3J5TmFtZVxuICAgIHRoaXMuZWNyUmVwb3NpdG9yeUFybiA9IGNkay5Bcm4uZm9ybWF0KFxuICAgICAge1xuICAgICAgICBzZXJ2aWNlOiBcImVjclwiLFxuICAgICAgICByZXNvdXJjZTogXCJyZXBvc2l0b3J5XCIsXG4gICAgICAgIHJlc291cmNlTmFtZTogdGhpcy5lY3JSZXBvc2l0b3J5TmFtZSxcbiAgICAgIH0sXG4gICAgICBjZGsuU3RhY2sub2YodGhpcyksXG4gICAgKVxuXG4gICAgY29uc3QgZXh0ZXJuYWxSb2xlQXJuID1cbiAgICAgIHByb3BzLmV4dGVybmFsUm9sZUFybiA/P1xuICAgICAgXCJhcm46YXdzOmlhbTo6OTIzNDAyMDk3MDQ2OnJvbGUvYnVpbGR0b29scy1qZW5raW5zLVJvbGVKZW5raW5zU2xhdmUtSlFHWUhSNVdFNkM1XCJcblxuICAgIGNvbnN0IGVjclJlcG9zaXRvcnlOYW1lID0gcHJvcHMuZWNyUmVwb3NpdG9yeU5hbWVcblxuICAgIGxldCBidWNrZXQ6IHMzLkJ1Y2tldCB8IHVuZGVmaW5lZCA9IHVuZGVmaW5lZFxuXG4gICAgaWYgKHByb3BzLmJ1Y2tldE5hbWUpIHtcbiAgICAgIGJ1Y2tldCA9IG5ldyBzMy5CdWNrZXQodGhpcywgXCJTM0J1Y2tldFwiLCB7XG4gICAgICAgIGJ1Y2tldE5hbWU6IHByb3BzLmJ1Y2tldE5hbWUsXG4gICAgICAgIGVuY3J5cHRpb246IHMzLkJ1Y2tldEVuY3J5cHRpb24uUzNfTUFOQUdFRCxcbiAgICAgICAgZXZlbnRCcmlkZ2VFbmFibGVkOiB0cnVlLFxuICAgICAgICBibG9ja1B1YmxpY0FjY2VzczogczMuQmxvY2tQdWJsaWNBY2Nlc3MuQkxPQ0tfQUxMLFxuICAgICAgICB2ZXJzaW9uZWQ6IHRydWUsXG4gICAgICAgIGxpZmVjeWNsZVJ1bGVzOiBbXG4gICAgICAgICAge1xuICAgICAgICAgICAgbm9uY3VycmVudFZlcnNpb25FeHBpcmF0aW9uOiBjZGsuRHVyYXRpb24uZGF5cygxMCksXG4gICAgICAgICAgfSxcbiAgICAgICAgXSxcbiAgICAgIH0pXG4gICAgfVxuXG4gICAgY29uc3QgY2lSb2xlOiBpYW0uUm9sZSB8IHVuZGVmaW5lZCA9IHByb3BzLmNpUm9sZU5hbWVcbiAgICAgID8gbmV3IGlhbS5Sb2xlKHRoaXMsIFwiQ2lSb2xlXCIsIHtcbiAgICAgICAgICByb2xlTmFtZTogcHJvcHMuY2lSb2xlTmFtZSxcbiAgICAgICAgICBhc3N1bWVkQnk6IG5ldyBpYW0uQXJuUHJpbmNpcGFsKGV4dGVybmFsUm9sZUFybiksXG4gICAgICAgIH0pXG4gICAgICA6IHVuZGVmaW5lZFxuXG4gICAgY29uc3QgZ3JpaWRDaVJvbGU6IGlhbS5JUm9sZSB8IHVuZGVmaW5lZCA9IHByb3BzLmdyaWlkXG4gICAgICA/IGdldEdyaWlkQ2lSb2xlKHRoaXMpXG4gICAgICA6IHVuZGVmaW5lZFxuXG4gICAgaWYgKGJ1Y2tldCAmJiBjaVJvbGUpIHtcbiAgICAgIGJ1Y2tldC5ncmFudFJlYWRXcml0ZShjaVJvbGUpXG4gICAgfVxuXG4gICAgaWYgKGJ1Y2tldCAmJiBncmlpZENpUm9sZSkge1xuICAgICAgYnVja2V0LmdyYW50UmVhZFdyaXRlKGdyaWlkQ2lSb2xlKVxuICAgIH1cblxuICAgIGNvbnN0IGVjclJlcG8gPSBuZXcgZWNyLlJlcG9zaXRvcnkodGhpcywgXCJFY3JSZXBvc2l0b3J5XCIsIHtcbiAgICAgIHJlcG9zaXRvcnlOYW1lOiBlY3JSZXBvc2l0b3J5TmFtZSxcbiAgICAgIGxpZmVjeWNsZVJ1bGVzOiBwcm9wcy5lY3JSZXBvc2l0b3J5TGlmZWN5Y2xlUnVsZXMgfHwgW1xuICAgICAgICB7XG4gICAgICAgICAgbWF4SW1hZ2VBZ2U6IGNkay5EdXJhdGlvbi5kYXlzKDE4MCksXG4gICAgICAgICAgdGFnU3RhdHVzOiBlY3IuVGFnU3RhdHVzLkFOWSxcbiAgICAgICAgfSxcbiAgICAgIF0sXG4gICAgfSlcblxuICAgIGlmIChjaVJvbGUpIHtcbiAgICAgIGVjclJlcG8uZ3JhbnRQdWxsUHVzaChjaVJvbGUpXG4gICAgfVxuXG4gICAgaWYgKGdyaWlkQ2lSb2xlKSB7XG4gICAgICBlY3JSZXBvLmdyYW50UHVsbFB1c2goZ3JpaWRDaVJvbGUpXG4gICAgfVxuXG4gICAgLy8gQWxsb3cgYSB0YXJnZXQgdG8gcmVhZCBmcm9tIHRoZSByZXBvcy4gQXMgYW55IHNwZWNpZmljIHJvbGVzIG5lZWRcbiAgICAvLyB0byBleGlzdCBiZWZvcmUgd2UgY2FuIGdyYW50IGFjY2Vzcywgd2UgZGVsZWdhdGUgdGhhdCByZXNwb25zaWJpbGl0eVxuICAgIC8vIHRvIHRoZSB0YXJnZXQgYWNjb3VudC5cbiAgICBmb3IgKGNvbnN0IHRhcmdldEFjY291bnRJZCBvZiBwcm9wcy50YXJnZXRBY2NvdW50SWRzKSB7XG4gICAgICBpZiAoYnVja2V0KSB7XG4gICAgICAgIGJ1Y2tldC5ncmFudFJlYWQobmV3IGlhbS5BY2NvdW50UHJpbmNpcGFsKHRhcmdldEFjY291bnRJZCkpXG4gICAgICB9XG4gICAgICBlY3JSZXBvLmdyYW50UHVsbChuZXcgaWFtLkFjY291bnRQcmluY2lwYWwodGFyZ2V0QWNjb3VudElkKSlcbiAgICB9XG5cbiAgICAvLyBHcmFudCBwZXJtaXNzaW9ucyB0byB3cml0ZSBwaXBlbGluZSB2YXJpYWJsZXMuXG4gICAgaWYgKGNpUm9sZSB8fCBncmlpZENpUm9sZSkge1xuICAgICAgY29uc3QgYWNjb3VudCA9IGNkay5TdGFjay5vZih0aGlzKS5hY2NvdW50XG4gICAgICBjb25zdCByZWdpb24gPSBjZGsuU3RhY2sub2YodGhpcykucmVnaW9uXG4gICAgICBjb25zdCBzdGF0ZW1lbnQgPSBuZXcgaWFtLlBvbGljeVN0YXRlbWVudCh7XG4gICAgICAgIGFjdGlvbnM6IFtcInNzbTpQdXRQYXJhbWV0ZXJcIl0sXG4gICAgICAgIHJlc291cmNlczogW1xuICAgICAgICAgIGBhcm46YXdzOnNzbToke3JlZ2lvbn06JHthY2NvdW50fTpwYXJhbWV0ZXIvbGlmbGlnLWNkay8qL3BpcGVsaW5lLXZhcmlhYmxlcy8qYCxcbiAgICAgICAgXSxcbiAgICAgIH0pXG5cbiAgICAgIGNpUm9sZT8uZ3JhbnRQcmluY2lwYWwuYWRkVG9QcmluY2lwYWxQb2xpY3koc3RhdGVtZW50KVxuICAgICAgZ3JpaWRDaVJvbGU/LmdyYW50UHJpbmNpcGFsLmFkZFRvUHJpbmNpcGFsUG9saWN5KHN0YXRlbWVudClcbiAgICB9XG5cbiAgICBuZXcgY2RrLkNmbk91dHB1dCh0aGlzLCBcIkVjclJlcG9VcmlcIiwge1xuICAgICAgdmFsdWU6IGVjclJlcG8ucmVwb3NpdG9yeVVyaSxcbiAgICB9KVxuXG4gICAgaWYgKGJ1Y2tldCkge1xuICAgICAgbmV3IGNkay5DZm5PdXRwdXQodGhpcywgXCJCdWNrZXROYW1lXCIsIHtcbiAgICAgICAgdmFsdWU6IGJ1Y2tldC5idWNrZXROYW1lLFxuICAgICAgfSlcbiAgICB9XG5cbiAgICBpZiAoY2lSb2xlKSB7XG4gICAgICBuZXcgY2RrLkNmbk91dHB1dCh0aGlzLCBcIkNpUm9sZUFyblwiLCB7XG4gICAgICAgIHZhbHVlOiBjaVJvbGUucm9sZUFybixcbiAgICAgIH0pXG4gICAgfVxuICB9XG59XG4iXX0=
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvYnVpbGQtYXJ0aWZhY3RzL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLHlDQUF3QztBQUN4QywyQ0FBMEM7QUFDMUMsMkNBQTBDO0FBQzFDLHlDQUF3QztBQUN4QyxtQ0FBa0M7QUFDbEMsK0RBRzhCO0FBbUY5Qjs7R0FFRztBQUNILE1BQU0sZ0JBQWdCLEdBQUc7SUFDdkIsc0JBQXNCLEVBQUUsQ0FBQyxLQUEyQixFQUFFLE1BQWUsRUFBRSxFQUFFLENBQ3ZFLElBQUksR0FBRyxDQUFDLGVBQWUsQ0FBQztRQUN0QixNQUFNLEVBQUUsR0FBRyxDQUFDLE1BQU0sQ0FBQyxLQUFLO1FBQ3hCLE9BQU8sRUFBRSxDQUFDLGtCQUFrQixDQUFDO1FBQzdCLFNBQVMsRUFBRTtZQUNULGVBQWUsR0FBRyxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUMsS0FBSyxDQUFDLENBQUMsTUFBTSxJQUFJLEdBQUcsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDLEtBQUssQ0FBQyxDQUFDLE9BQU8sOENBQThDLE1BQU0sYUFBTixNQUFNLGNBQU4sTUFBTSxHQUFJLEdBQUcsRUFBRTtTQUN0STtLQUNGLENBQUM7SUFDSixpQkFBaUIsRUFBRSxDQUFDLEtBQTJCLEVBQUUsTUFBa0IsRUFBRSxFQUFFLENBQ3JFLElBQUksR0FBRyxDQUFDLGVBQWUsQ0FBQztRQUN0QixNQUFNLEVBQUUsR0FBRyxDQUFDLE1BQU0sQ0FBQyxJQUFJO1FBQ3ZCLE9BQU8sRUFBRSxDQUFDLE1BQU0sQ0FBQztRQUNqQixTQUFTLEVBQUU7WUFDVCxNQUFNLENBQUMsYUFBYSxDQUFDLG9CQUFvQixDQUFDO1lBQzFDLE1BQU0sQ0FBQyxhQUFhLENBQUMsc0JBQXNCLENBQUM7U0FDN0M7S0FDRixDQUFDO0lBQ0oseUJBQXlCLEVBQUUsQ0FBQyxLQUEyQixFQUFFLEVBQUUsQ0FDekQsSUFBSSxHQUFHLENBQUMsZUFBZSxDQUFDO1FBQ3RCLE1BQU0sRUFBRSxHQUFHLENBQUMsTUFBTSxDQUFDLElBQUk7UUFDdkIsT0FBTyxFQUFFLENBQUMsa0JBQWtCLENBQUM7UUFDN0IsU0FBUyxFQUFFO1lBQ1QsZUFBZSxHQUFHLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQyxLQUFLLENBQUMsQ0FBQyxNQUFNLElBQ3ZDLEdBQUcsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDLEtBQUssQ0FBQyxDQUFDLE9BQ3RCLGtEQUFrRDtTQUNuRDtLQUNGLENBQUM7Q0FDTCxDQUFBO0FBRUQ7O0dBRUc7QUFDSSxNQUFNLGFBQWEsR0FBRyxDQUFDLEtBQVksRUFBRSxFQUFFOztJQUM1QyxJQUFJLEtBQUssR0FBRyxJQUFJLENBQUE7SUFDaEIsSUFDRSxDQUFBLE1BQUEsS0FBSyxDQUFDLGFBQWEsMENBQUUsYUFBYTtRQUNsQyxDQUFDLEtBQUssQ0FBQyxhQUFhLENBQUMsYUFBYSxDQUFDLEtBQUssQ0FBQyxpQkFBaUIsQ0FBQyxFQUMzRCxDQUFDO1FBQ0QsT0FBTyxDQUFDLEtBQUssQ0FDWCxrQkFBa0IsS0FBSyxDQUFDLGFBQWEsQ0FBQyxhQUFhLDhCQUE4QixDQUNsRixDQUFBO1FBQ0QsS0FBSyxHQUFHLEtBQUssQ0FBQTtJQUNmLENBQUM7SUFDRCxPQUFPLEtBQUssQ0FBQTtBQUNkLENBQUMsQ0FBQTtBQVpZLFFBQUEsYUFBYSxpQkFZekI7QUFFRDs7Ozs7Ozs7Ozs7O0dBWUc7QUFDSCxNQUFhLGNBQWUsU0FBUSxVQUFVLENBQUMsU0FBUztJQU90RCxZQUFZLEtBQTJCLEVBQUUsRUFBVSxFQUFFLEtBQVk7O1FBQy9ELEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFDLENBQUE7UUFFaEIsSUFBSSxDQUFDLElBQUEscUJBQWEsRUFBQyxLQUFLLENBQUMsRUFBRSxDQUFDO1lBQzFCLE1BQU0sSUFBSSxLQUFLLENBQUMsNkJBQTZCLENBQUMsQ0FBQTtRQUNoRCxDQUFDO1FBRUQsSUFBSSxDQUFDLFVBQVUsR0FBRyxLQUFLLENBQUMsVUFBVSxDQUFBO1FBQ2xDLElBQUksQ0FBQyxpQkFBaUIsR0FBRyxLQUFLLENBQUMsaUJBQWlCLENBQUE7UUFDaEQsSUFBSSxDQUFDLGdCQUFnQixHQUFHLEdBQUcsQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUNwQztZQUNFLE9BQU8sRUFBRSxLQUFLO1lBQ2QsUUFBUSxFQUFFLFlBQVk7WUFDdEIsWUFBWSxFQUFFLElBQUksQ0FBQyxpQkFBaUI7U0FDckMsRUFDRCxHQUFHLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQyxJQUFJLENBQUMsQ0FDbkIsQ0FBQTtRQUVELE1BQU0saUJBQWlCLEdBQUcsS0FBSyxDQUFDLGlCQUFpQixDQUFBO1FBRWpELE1BQU0sTUFBTSxHQUFHLElBQUksRUFBRSxDQUFDLE1BQU0sQ0FBQyxJQUFJLEVBQUUsVUFBVSxFQUFFO1lBQzdDLFVBQVUsRUFBRSxLQUFLLENBQUMsVUFBVTtZQUM1QixVQUFVLEVBQUUsRUFBRSxDQUFDLGdCQUFnQixDQUFDLFVBQVU7WUFDMUMsa0JBQWtCLEVBQUUsSUFBSTtZQUN4QixpQkFBaUIsRUFBRSxFQUFFLENBQUMsaUJBQWlCLENBQUMsU0FBUztZQUNqRCxTQUFTLEVBQUUsSUFBSTtZQUNmLGNBQWMsRUFBRTtnQkFDZDtvQkFDRSwyQkFBMkIsRUFBRSxHQUFHLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUM7aUJBQ25EO2FBQ0Y7U0FDRixDQUFDLENBQUE7UUFFRixNQUFNLE9BQU8sR0FBRyxJQUFJLEdBQUcsQ0FBQyxVQUFVLENBQUMsSUFBSSxFQUFFLGVBQWUsRUFBRTtZQUN4RCxjQUFjLEVBQUUsaUJBQWlCO1lBQ2pDLGNBQWMsRUFBRSxLQUFLLENBQUMsMkJBQTJCLElBQUk7Z0JBQ25EO29CQUNFLFdBQVcsRUFBRSxHQUFHLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUM7b0JBQ25DLFNBQVMsRUFBRSxHQUFHLENBQUMsU0FBUyxDQUFDLEdBQUc7aUJBQzdCO2FBQ0Y7U0FDRixDQUFDLENBQUE7UUFFRixvRUFBb0U7UUFDcEUsdUVBQXVFO1FBQ3ZFLHlCQUF5QjtRQUN6QixLQUFLLE1BQU0sZUFBZSxJQUFJLEtBQUssQ0FBQyxnQkFBZ0IsSUFBSSxFQUFFLEVBQUUsQ0FBQztZQUMzRCxNQUFNLENBQUMsU0FBUyxDQUFDLElBQUksR0FBRyxDQUFDLGdCQUFnQixDQUFDLGVBQWUsQ0FBQyxDQUFDLENBQUE7WUFDM0QsT0FBTyxDQUFDLFNBQVMsQ0FBQyxJQUFJLEdBQUcsQ0FBQyxnQkFBZ0IsQ0FBQyxlQUFlLENBQUMsQ0FBQyxDQUFBO1FBQzlELENBQUM7UUFFRCxJQUFJLEtBQUssQ0FBQyxhQUFhLEVBQUUsQ0FBQztZQUN4QixNQUFNLGFBQWEsR0FBRyxNQUFBLEtBQUssQ0FBQyxhQUFhLENBQUMsYUFBYSxtQ0FBSTtnQkFDekQsZ0JBQWdCO2FBQ2pCLENBQUE7WUFDRCxvRkFBb0Y7WUFDcEYsd0RBQXdEO1lBQ3hELHlEQUF5RDtZQUN6RCxrQkFBa0I7WUFDbEIsaUZBQWlGO1lBQ2pGLDJDQUEyQztZQUMzQyxNQUFNLGVBQWUsR0FBRyxJQUFJLEdBQUcsQ0FBQyxlQUFlLENBQzdDLElBQUksRUFDSix1QkFBdUIsRUFDdkI7Z0JBQ0UsR0FBRyxFQUFFLDZDQUE2QztnQkFDbEQsWUFBWSxFQUFFLENBQUMsbUJBQW1CLENBQUM7Z0JBQ25DLDRGQUE0RjtnQkFDNUYsNEpBQTRKO2dCQUM1SixjQUFjLEVBQUUsQ0FBQywwQ0FBMEMsQ0FBQzthQUM3RCxDQUNGLENBQUE7WUFDRCxNQUFNLFlBQVksR0FDaEIsR0FBRyxDQUFDLHFCQUFxQixDQUFDLDRCQUE0QixDQUNwRCxJQUFJLEVBQ0osVUFBVSxFQUNWLGVBQWUsQ0FBQyxHQUFHLENBQ3BCLENBQUE7WUFDSCxNQUFNLGlCQUFpQixHQUNyQixNQUFBLE1BQUEsS0FBSyxDQUFDLGFBQWEsQ0FBQyx3QkFBd0IsMENBQUUsT0FBTyxtQ0FBSSxJQUFJLENBQUE7WUFDL0QsTUFBTSxJQUFJLEdBQUcsSUFBSSx1Q0FBaUIsQ0FBQyxJQUFJLEVBQUUsbUJBQW1CLEVBQUU7Z0JBQzVELFlBQVk7Z0JBQ1osYUFBYTtnQkFDYixRQUFRLEVBQUUsTUFBQSxLQUFLLENBQUMsYUFBYSxDQUFDLFFBQVEsbUNBQUkscUJBQXFCO2dCQUMvRCxhQUFhLEVBQUUsaUJBQWlCO29CQUM5QixDQUFDLENBQUMsTUFBQSxLQUFLLENBQUMsYUFBYSxDQUFDLGFBQWEsbUNBQUksUUFBUTtvQkFDL0MsQ0FBQyxDQUFDLHVFQUF1RTt3QkFDdkUsOERBQThEO3dCQUM5RCxHQUFHO2dCQUNQLFlBQVksRUFBRSxLQUFLLENBQUMsYUFBYSxDQUFDLFlBQVk7YUFDL0MsQ0FBQyxDQUFBO1lBQ0YsSUFBSSxDQUFDLElBQUksR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFBO1lBQ3JCLElBQUksQ0FBQyxJQUFJLENBQUMsV0FBVyxDQUFDLGdCQUFnQixDQUFDLHNCQUFzQixDQUFDLElBQUksQ0FBQyxDQUFDLENBQUE7WUFDcEUsTUFBTSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLENBQUE7WUFDMUIsT0FBTyxDQUFDLGFBQWEsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLENBQUE7WUFDaEMsSUFBSSxpQkFBaUIsRUFBRSxDQUFDO2dCQUN0QixNQUFNLFdBQVcsR0FBRyxJQUFJLHVDQUFpQixDQUN2QyxJQUFJLEVBQ0osMEJBQTBCLEVBQzFCO29CQUNFLFlBQVk7b0JBQ1osYUFBYTtvQkFDYixRQUFRLEVBQ04sTUFBQSxNQUFBLEtBQUssQ0FBQyxhQUFhLENBQUMsd0JBQXdCLDBDQUFFLFFBQVEsbUNBQ3RELDZCQUE2QjtvQkFDL0IsMkRBQTJEO29CQUMzRCxhQUFhLEVBQUUsR0FBRztvQkFDbEIsWUFBWSxFQUFFLEtBQUssQ0FBQyxhQUFhLENBQUMsWUFBWTtpQkFDL0MsQ0FDRixDQUFBO2dCQUNELElBQUksQ0FBQyxXQUFXLEdBQUcsV0FBVyxDQUFDLElBQUksQ0FBQTtnQkFDbkMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxXQUFXLENBQzFCLGdCQUFnQixDQUFDLHNCQUFzQixDQUFDLElBQUksRUFBRSxNQUFNLENBQUMsQ0FDdEQsQ0FBQTtnQkFDRCxJQUFJLENBQUMsV0FBVyxDQUFDLFdBQVcsQ0FDMUIsZ0JBQWdCLENBQUMsaUJBQWlCLENBQUMsS0FBSyxFQUFFLE1BQU0sQ0FBQyxDQUNsRCxDQUFBO2dCQUNELE1BQU0sQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxDQUFBO2dCQUNqQyxPQUFPLENBQUMsYUFBYSxDQUFDLElBQUksQ0FBQyxXQUFXLENBQUMsQ0FBQTtZQUN6QyxDQUFDO1FBQ0gsQ0FBQztRQUNELElBQUksS0FBSyxDQUFDLFVBQVUsRUFBRSxDQUFDO1lBQ3JCLE1BQU0sb0JBQW9CLEdBQUcsSUFBSSxHQUFHLENBQUMsSUFBSSxDQUFDLElBQUksRUFBRSxRQUFRLEVBQUU7Z0JBQ3hELFFBQVEsRUFBRSxLQUFLLENBQUMsVUFBVTtnQkFDMUIsU0FBUyxFQUFFLElBQUksR0FBRyxDQUFDLFlBQVksQ0FDN0IsaUZBQWlGLENBQ2xGO2FBQ0YsQ0FBQyxDQUFBO1lBQ0Ysb0JBQW9CLENBQUMsV0FBVyxDQUM5QixnQkFBZ0IsQ0FBQyxzQkFBc0IsQ0FBQyxJQUFJLENBQUMsQ0FDOUMsQ0FBQTtZQUNELE1BQU0sQ0FBQyxRQUFRLENBQUMsb0JBQW9CLENBQUMsQ0FBQTtZQUNyQyxPQUFPLENBQUMsYUFBYSxDQUFDLG9CQUFvQixDQUFDLENBQUE7UUFDN0MsQ0FBQztRQUVELElBQUksR0FBRyxDQUFDLFNBQVMsQ0FBQyxJQUFJLEVBQUUsWUFBWSxFQUFFO1lBQ3BDLEtBQUssRUFBRSxPQUFPLENBQUMsYUFBYTtTQUM3QixDQUFDLENBQUE7UUFFRixJQUFJLEdBQUcsQ0FBQyxTQUFTLENBQUMsSUFBSSxFQUFFLFlBQVksRUFBRTtZQUNwQyxLQUFLLEVBQUUsTUFBTSxDQUFDLFVBQVU7U0FDekIsQ0FBQyxDQUFBO1FBRUYsSUFBSSxJQUFJLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDZCxJQUFJLEdBQUcsQ0FBQyxTQUFTLENBQUMsSUFBSSxFQUFFLFNBQVMsRUFBRTtnQkFDakMsS0FBSyxFQUFFLElBQUksQ0FBQyxJQUFJLENBQUMsT0FBTzthQUN6QixDQUFDLENBQUE7UUFDSixDQUFDO1FBQ0QsSUFBSSxJQUFJLENBQUMsV0FBVyxFQUFFLENBQUM7WUFDckIsSUFBSSxHQUFHLENBQUMsU0FBUyxDQUFDLElBQUksRUFBRSxnQkFBZ0IsRUFBRTtnQkFDeEMsS0FBSyxFQUFFLElBQUksQ0FBQyxXQUFXLENBQUMsT0FBTzthQUNoQyxDQUFDLENBQUE7UUFDSixDQUFDO0lBQ0gsQ0FBQztDQUNGO0FBaktELHdDQWlLQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCAqIGFzIGNvbnN0cnVjdHMgZnJvbSBcImNvbnN0cnVjdHNcIlxuaW1wb3J0ICogYXMgZWNyIGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtZWNyXCJcbmltcG9ydCAqIGFzIGlhbSBmcm9tIFwiYXdzLWNkay1saWIvYXdzLWlhbVwiXG5pbXBvcnQgKiBhcyBzMyBmcm9tIFwiYXdzLWNkay1saWIvYXdzLXMzXCJcbmltcG9ydCAqIGFzIGNkayBmcm9tIFwiYXdzLWNkay1saWJcIlxuaW1wb3J0IHtcbiAgR2l0aHViQWN0aW9uc1JvbGUsXG4gIFByb3BzIGFzIEdpdGh1YkFjdGlvbnNSb2xlUHJvcHMsXG59IGZyb20gXCIuL2dpdGh1Yi1hY3Rpb25zLXJvbGVcIlxuXG5pbnRlcmZhY2UgUHJvcHMge1xuICAvKipcbiAgICogVGhlIG5hbWUgdG8gdXNlIGZvciB0aGUgUzMgQnVja2V0LlxuICAgKlxuICAgKiBOT1RFOiBTaG91bGQgaW5jbHVkZSBib3RoIGFjY291bnQgYW5kIHJlZ2lvbiBzbyB0aGF0IGl0IHdpbGxcbiAgICogbm90IGNvbmZsaWN0IHdpdGggb3RoZXIgYWNjb3VudHMvcmVnaW9ucy5cbiAgICovXG4gIGJ1Y2tldE5hbWU6IHN0cmluZ1xuICAvKipcbiAgICogVGhlIG5hbWUgdG8gdXNlIGZvciB0aGUgRUNSIFJlcG9zaXRvcnkuXG4gICAqL1xuICBlY3JSZXBvc2l0b3J5TmFtZTogc3RyaW5nXG4gIC8qKlxuICAgKiBDcmVhdGUgYSByb2xlIHRoYXQgY2FuIGJlIGFzc3VtZWQgYnkgTGlmbGlnIEplbmtpbnMuXG4gICAqXG4gICAqIEBkZXByZWNhdGVkXG4gICAqIEBkZWZhdWx0IC0gbm8gcm9sZSB3aWxsIGJlIGNyZWF0ZWRcbiAgICovXG4gIGNpUm9sZU5hbWU/OiBzdHJpbmdcbiAgLyoqXG4gICAqIFRoZSBsaWZlY3ljbGUgcnVsZXMgdG8gYXBwbHkgdG8gaW1hZ2VzIHN0b3JlZCBpbiB0aGUgRUNSIHJlcG9zaXRvcnkuXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gRXhwaXJlIGltYWdlcyBhZnRlciAxODAgZGF5c1xuICAgKi9cbiAgZWNyUmVwb3NpdG9yeUxpZmVjeWNsZVJ1bGVzPzogZWNyLkxpZmVjeWNsZVJ1bGVbXVxuICAvKipcbiAgICogSUQgb2YgQVdTIGFjY291bnRzIHRoYXQgd2lsbCBiZSBncmFudGVkIHBlcm1pc3Npb24gdG8gcmVhZCBmcm9tXG4gICAqIHRoZSBhcnRpZmFjdCByZXBvcy5cbiAgICovXG4gIHRhcmdldEFjY291bnRJZHM/OiBzdHJpbmdbXVxuICAvKipcbiAgICogQ29uZmlndXJhdGlvbiBmb3IgY3JlYXRpbmcgSUFNIHJvbGVzIHRoYXQgY2FuIGJlIGFzc3VtZWRcbiAgICogYnkgR2l0SHViIEFjdGlvbnMgaW4gc3BlY2lmaWMgR2l0SHViIHJlcG9zaXRvcmllcy5cbiAgICpcbiAgICogQGRlZmF1bHQgLSBubyByb2xlcyBhcmUgY3JlYXRlZC5cbiAgICovXG4gIGdpdGh1YkFjdGlvbnM/OiBPbWl0PFxuICAgIEdpdGh1YkFjdGlvbnNSb2xlUHJvcHMsXG4gICAgXCJ0cnVzdGVkT3duZXJzXCIgfCBcInRydXN0ZWRCcmFuY2hcIiB8IFwib2lkY1Byb3ZpZGVyXCIgfCBcInJvbGVOYW1lXCJcbiAgPiAmIHtcbiAgICAvKipcbiAgICAgKiBBIGxpc3Qgb2YgdHJ1c3RlZCBHaXRIdWIgcmVwb3NpdG9yeSBvd25lcnMuXG4gICAgICpcbiAgICAgKiBAZGVmYXVsdCBbXCJjYXByYWxpZmVjeWNsZVwiXVxuICAgICAqL1xuICAgIHRydXN0ZWRPd25lcnM/OiBzdHJpbmdbXVxuICAgIC8qKlxuICAgICAqIFRoZSBuYW1lIG9mIHRoZSByb2xlIHRvIGNyZWF0ZS5cbiAgICAgKlxuICAgICAqIEBkZWZhdWx0IFwiZ2l0aHViLWFjdGlvbnMtcm9sZVwiXG4gICAgICovXG4gICAgcm9sZU5hbWU/OiBzdHJpbmdcbiAgICAvKipcbiAgICAgKiBUaGUgbmFtZSBvZiB0aGUgZGVmYXVsdCBicmFuY2ggaW4gYWxsIHJlcG9zaXRvcmllcy5cbiAgICAgKlxuICAgICAqIEBkZWZhdWx0IFwibWFzdGVyXCJcbiAgICAgKi9cbiAgICBkZWZhdWx0QnJhbmNoPzogc3RyaW5nXG4gICAgLyoqXG4gICAgICogQ29uZmlndXJhdGlvbiBmb3IgYSBsaW1pdGVkIHJvbGUgdGhhdCBjYW4gYmUgdXNlZCBvbiBub24tZGVmYXVsdFxuICAgICAqIGJyYW5jaGVzIHdpdGggbGVzcyBJQU0gcGVybWlzc2lvbnMgdGhhbiB0aGUgbWFpbiByb2xlLlxuICAgICAqXG4gICAgICogQGRlZmF1bHQgLSBhIGxpbWl0ZWQgcm9sZSBpcyBjcmVhdGVkLlxuICAgICAqL1xuICAgIGxpbWl0ZWRSb2xlQ29uZmlndXJhdGlvbj86IHtcbiAgICAgIC8qKlxuICAgICAgICogV2hldGhlciB0byBjcmVhdGUgdGhlIHJvbGUgb3Igbm90LlxuICAgICAgICpcbiAgICAgICAqIEBkZWZhdWx0IHRydWVcbiAgICAgICAqL1xuICAgICAgZW5hYmxlZD86IGJvb2xlYW5cbiAgICAgIC8qKlxuICAgICAgICogVGhlIG5hbWUgb2YgdGhlIHJvbGUgdG8gY3JlYXRlLlxuICAgICAgICpcbiAgICAgICAqIEBkZWZhdWx0IFwiZ2l0aHViLWFjdGlvbnMtbGltaXRlZC1yb2xlXCJcbiAgICAgICAqL1xuICAgICAgcm9sZU5hbWU/OiBzdHJpbmdcbiAgICB9XG4gIH1cbn1cblxuLyoqXG4gKiBVdGlsaXR5IGZ1bmN0aW9ucyBmb3IgZ2VuZXJhdGluZyBJQU0gc3RhdGVtZW50cy5cbiAqL1xuY29uc3QgcG9saWN5U3RhdGVtZW50cyA9IHtcbiAgYWxsb3dQaXBlbGluZVZhcmlhYmxlczogKHNjb3BlOiBjb25zdHJ1Y3RzLkNvbnN0cnVjdCwgcHJlZml4Pzogc3RyaW5nKSA9PlxuICAgIG5ldyBpYW0uUG9saWN5U3RhdGVtZW50KHtcbiAgICAgIGVmZmVjdDogaWFtLkVmZmVjdC5BTExPVyxcbiAgICAgIGFjdGlvbnM6IFtcInNzbTpQdXRQYXJhbWV0ZXJcIl0sXG4gICAgICByZXNvdXJjZXM6IFtcbiAgICAgICAgYGFybjphd3M6c3NtOiR7Y2RrLlN0YWNrLm9mKHNjb3BlKS5yZWdpb259OiR7Y2RrLlN0YWNrLm9mKHNjb3BlKS5hY2NvdW50fTpwYXJhbWV0ZXIvbGlmbGlnLWNkay8qL3BpcGVsaW5lLXZhcmlhYmxlcy8ke3ByZWZpeCA/PyBcIipcIn1gLFxuICAgICAgXSxcbiAgICB9KSxcbiAgZGVueVByb2RQaXBlbGluZXM6IChzY29wZTogY29uc3RydWN0cy5Db25zdHJ1Y3QsIGJ1Y2tldDogczMuSUJ1Y2tldCkgPT5cbiAgICBuZXcgaWFtLlBvbGljeVN0YXRlbWVudCh7XG4gICAgICBlZmZlY3Q6IGlhbS5FZmZlY3QuREVOWSxcbiAgICAgIGFjdGlvbnM6IFtcInMzOipcIl0sXG4gICAgICByZXNvdXJjZXM6IFtcbiAgICAgICAgYnVja2V0LmFybkZvck9iamVjdHMoXCJwaXBlbGluZXMvKi1wcm9kLypcIiksXG4gICAgICAgIGJ1Y2tldC5hcm5Gb3JPYmplY3RzKFwicGlwZWxpbmVzLyotcHJvZC0qLypcIiksXG4gICAgICBdLFxuICAgIH0pLFxuICBkZW55UHJvZFBpcGVsaW5lVmFyaWFibGVzOiAoc2NvcGU6IGNvbnN0cnVjdHMuQ29uc3RydWN0KSA9PlxuICAgIG5ldyBpYW0uUG9saWN5U3RhdGVtZW50KHtcbiAgICAgIGVmZmVjdDogaWFtLkVmZmVjdC5ERU5ZLFxuICAgICAgYWN0aW9uczogW1wic3NtOlB1dFBhcmFtZXRlclwiXSxcbiAgICAgIHJlc291cmNlczogW1xuICAgICAgICBgYXJuOmF3czpzc206JHtjZGsuU3RhY2sub2Yoc2NvcGUpLnJlZ2lvbn06JHtcbiAgICAgICAgICBjZGsuU3RhY2sub2Yoc2NvcGUpLmFjY291bnRcbiAgICAgICAgfTpwYXJhbWV0ZXIvbGlmbGlnLWNkay8qL3BpcGVsaW5lLXZhcmlhYmxlcy9wcm9kKmAsXG4gICAgICBdLFxuICAgIH0pLFxufVxuXG4vKipcbiAqIFV0aWxpdHkgZnVuY3Rpb24gZm9yIHZhbGlkYXRpbmcgdGhlIGNvbnN0cnVjdCBwcm9wZXJ0aWVzLlxuICovXG5leHBvcnQgY29uc3QgdmFsaWRhdGVQcm9wcyA9IChwcm9wczogUHJvcHMpID0+IHtcbiAgbGV0IHZhbGlkID0gdHJ1ZVxuICBpZiAoXG4gICAgcHJvcHMuZ2l0aHViQWN0aW9ucz8uZGVmYXVsdEJyYW5jaCAmJlxuICAgICFwcm9wcy5naXRodWJBY3Rpb25zLmRlZmF1bHRCcmFuY2gubWF0Y2goL15bYS16QS1aMC05LV0rJC8pXG4gICkge1xuICAgIGNvbnNvbGUuZXJyb3IoXG4gICAgICBgRGVmYXVsdCBicmFuY2ggJHtwcm9wcy5naXRodWJBY3Rpb25zLmRlZmF1bHRCcmFuY2h9IGNvbnRhaW5zIGludmFsaWQgY2hhcmFjdGVyc2AsXG4gICAgKVxuICAgIHZhbGlkID0gZmFsc2VcbiAgfVxuICByZXR1cm4gdmFsaWRcbn1cblxuLyoqXG4gKiBDcmVhdGUgdmFyaW91cyBhcnRpZmFjdHMgdXNlZCBhcyBwYXJ0IG9mIENvbnRpbnVvdXMgSW50ZWdyYXRpb24gKENJKS5cbiAqXG4gKiBUaGlzIGluY2x1ZGVzIGFydGlmYWN0IHJlcG9zaXRvcmllcyBzdWNoIGFzIFMzIGJ1Y2tldCBhbmQgRUNSXG4gKiByZXBvc2l0b3J5LCBhcyB3ZWxsIGFzIElBTSByb2xlKHMpIHRoYXQgZ3JhbnQgdGhlIENJIHNlcnZlciB3cml0ZVxuICogYWNjZXNzIHRvIHRoZXNlIHJlcG9zaXRvcmllcy5cbiAqXG4gKiBUT0RPOiBIb3cgY2FuIHdlIGNsZWFudXAgc3R1ZmYgdGhhdCBnb2VzIGludG8gdGhpcyBTMyBCdWNrZXQgYW5kXG4gKiAgRUNSIFJlcG9zaXRvcnk/IENhbiB3ZSBldmVyIHJlbGlhYmx5IGNsZWFudXA/IFdlIHByb2JhYmx5IG5lZWRcbiAqICBzb21lIHN0cmF0ZWd5IGZvciBob3cgd2UgcHV0IHN0dWZmIGhlcmUgdG8gYmUgYWJsZSB0byBkbyBpdC5cbiAqXG4gKiBAZXhwZXJpbWVudGFsXG4gKi9cbmV4cG9ydCBjbGFzcyBCdWlsZEFydGlmYWN0cyBleHRlbmRzIGNvbnN0cnVjdHMuQ29uc3RydWN0IHtcbiAgcHVibGljIHJlYWRvbmx5IGJ1Y2tldE5hbWU6IHN0cmluZyB8IHVuZGVmaW5lZFxuICBwdWJsaWMgcmVhZG9ubHkgZWNyUmVwb3NpdG9yeUFybjogc3RyaW5nXG4gIHB1YmxpYyByZWFkb25seSBlY3JSZXBvc2l0b3J5TmFtZTogc3RyaW5nXG4gIHB1YmxpYyByZWFkb25seSByb2xlPzogaWFtLlJvbGVcbiAgcHVibGljIHJlYWRvbmx5IGxpbWl0ZWRSb2xlPzogaWFtLlJvbGVcblxuICBjb25zdHJ1Y3RvcihzY29wZTogY29uc3RydWN0cy5Db25zdHJ1Y3QsIGlkOiBzdHJpbmcsIHByb3BzOiBQcm9wcykge1xuICAgIHN1cGVyKHNjb3BlLCBpZClcblxuICAgIGlmICghdmFsaWRhdGVQcm9wcyhwcm9wcykpIHtcbiAgICAgIHRocm93IG5ldyBFcnJvcihcIkludmFsaWQgcHJvcHMgd2VyZSBzdXBwbGllZFwiKVxuICAgIH1cblxuICAgIHRoaXMuYnVja2V0TmFtZSA9IHByb3BzLmJ1Y2tldE5hbWVcbiAgICB0aGlzLmVjclJlcG9zaXRvcnlOYW1lID0gcHJvcHMuZWNyUmVwb3NpdG9yeU5hbWVcbiAgICB0aGlzLmVjclJlcG9zaXRvcnlBcm4gPSBjZGsuQXJuLmZvcm1hdChcbiAgICAgIHtcbiAgICAgICAgc2VydmljZTogXCJlY3JcIixcbiAgICAgICAgcmVzb3VyY2U6IFwicmVwb3NpdG9yeVwiLFxuICAgICAgICByZXNvdXJjZU5hbWU6IHRoaXMuZWNyUmVwb3NpdG9yeU5hbWUsXG4gICAgICB9LFxuICAgICAgY2RrLlN0YWNrLm9mKHRoaXMpLFxuICAgIClcblxuICAgIGNvbnN0IGVjclJlcG9zaXRvcnlOYW1lID0gcHJvcHMuZWNyUmVwb3NpdG9yeU5hbWVcblxuICAgIGNvbnN0IGJ1Y2tldCA9IG5ldyBzMy5CdWNrZXQodGhpcywgXCJTM0J1Y2tldFwiLCB7XG4gICAgICBidWNrZXROYW1lOiBwcm9wcy5idWNrZXROYW1lLFxuICAgICAgZW5jcnlwdGlvbjogczMuQnVja2V0RW5jcnlwdGlvbi5TM19NQU5BR0VELFxuICAgICAgZXZlbnRCcmlkZ2VFbmFibGVkOiB0cnVlLFxuICAgICAgYmxvY2tQdWJsaWNBY2Nlc3M6IHMzLkJsb2NrUHVibGljQWNjZXNzLkJMT0NLX0FMTCxcbiAgICAgIHZlcnNpb25lZDogdHJ1ZSxcbiAgICAgIGxpZmVjeWNsZVJ1bGVzOiBbXG4gICAgICAgIHtcbiAgICAgICAgICBub25jdXJyZW50VmVyc2lvbkV4cGlyYXRpb246IGNkay5EdXJhdGlvbi5kYXlzKDEwKSxcbiAgICAgICAgfSxcbiAgICAgIF0sXG4gICAgfSlcblxuICAgIGNvbnN0IGVjclJlcG8gPSBuZXcgZWNyLlJlcG9zaXRvcnkodGhpcywgXCJFY3JSZXBvc2l0b3J5XCIsIHtcbiAgICAgIHJlcG9zaXRvcnlOYW1lOiBlY3JSZXBvc2l0b3J5TmFtZSxcbiAgICAgIGxpZmVjeWNsZVJ1bGVzOiBwcm9wcy5lY3JSZXBvc2l0b3J5TGlmZWN5Y2xlUnVsZXMgfHwgW1xuICAgICAgICB7XG4gICAgICAgICAgbWF4SW1hZ2VBZ2U6IGNkay5EdXJhdGlvbi5kYXlzKDE4MCksXG4gICAgICAgICAgdGFnU3RhdHVzOiBlY3IuVGFnU3RhdHVzLkFOWSxcbiAgICAgICAgfSxcbiAgICAgIF0sXG4gICAgfSlcblxuICAgIC8vIEFsbG93IGEgdGFyZ2V0IHRvIHJlYWQgZnJvbSB0aGUgcmVwb3MuIEFzIGFueSBzcGVjaWZpYyByb2xlcyBuZWVkXG4gICAgLy8gdG8gZXhpc3QgYmVmb3JlIHdlIGNhbiBncmFudCBhY2Nlc3MsIHdlIGRlbGVnYXRlIHRoYXQgcmVzcG9uc2liaWxpdHlcbiAgICAvLyB0byB0aGUgdGFyZ2V0IGFjY291bnQuXG4gICAgZm9yIChjb25zdCB0YXJnZXRBY2NvdW50SWQgb2YgcHJvcHMudGFyZ2V0QWNjb3VudElkcyB8fCBbXSkge1xuICAgICAgYnVja2V0LmdyYW50UmVhZChuZXcgaWFtLkFjY291bnRQcmluY2lwYWwodGFyZ2V0QWNjb3VudElkKSlcbiAgICAgIGVjclJlcG8uZ3JhbnRQdWxsKG5ldyBpYW0uQWNjb3VudFByaW5jaXBhbCh0YXJnZXRBY2NvdW50SWQpKVxuICAgIH1cblxuICAgIGlmIChwcm9wcy5naXRodWJBY3Rpb25zKSB7XG4gICAgICBjb25zdCB0cnVzdGVkT3duZXJzID0gcHJvcHMuZ2l0aHViQWN0aW9ucy50cnVzdGVkT3duZXJzID8/IFtcbiAgICAgICAgXCJjYXByYWxpZmVjeWNsZVwiLFxuICAgICAgXVxuICAgICAgLy8gTk9URTogVGhlcmUncyBhbiBMMiBjb25zdHJ1Y3QgdGhhdCBwcmVkYXRlcyB0aGUgb2ZmaWNpYWwgQ2xvdWRGb3JtYXRpb24gcmVzb3VyY2UsXG4gICAgICAvLyBhbmQgaXQgaXMgdGhlcmVmb3JlIGltcGxlbWVudGVkIGFzIGEgY3VzdG9tIHJlc291cmNlLlxuICAgICAgLy8gV2UgdXNlIHRoZSBMMSBDbG91ZEZvcm1hdGlvbiByZXNvdXJjZSBpbnN0ZWFkIGJlY2F1c2U6XG4gICAgICAvLyAxKSBpdCdzIHNpbXBsZXJcbiAgICAgIC8vIDIpIHRoZXJlJ3MgYSBjaGFuY2UgdGhlIEwyIGNvbnN0cnVjdCB3aWxsIGJlIGRlcHJlY2F0ZWQgaW4gdGhlIGZ1dHVyZSBpbiBmYXZvclxuICAgICAgLy8gb2YgdGhlIG9mZmljaWFsIENsb3VkRm9ybWF0aW9uIHJlc291cmNlLlxuICAgICAgY29uc3QgY2ZuT2lkY1Byb3ZpZGVyID0gbmV3IGlhbS5DZm5PSURDUHJvdmlkZXIoXG4gICAgICAgIHRoaXMsXG4gICAgICAgIFwiT3BlbklkQ29ubmVjdFByb3ZpZGVyXCIsXG4gICAgICAgIHtcbiAgICAgICAgICB1cmw6IFwiaHR0cHM6Ly90b2tlbi5hY3Rpb25zLmdpdGh1YnVzZXJjb250ZW50LmNvbVwiLFxuICAgICAgICAgIGNsaWVudElkTGlzdDogW1wic3RzLmFtYXpvbmF3cy5jb21cIl0sXG4gICAgICAgICAgLy8gTk9URTogVGhlIHRodW1icHJpbnQgaXNuJ3QgYWN0dWFsbHkgdXNlZCwgYnV0IHRoZSBBV1MgQVBJIHN0aWxsIHJlcXVpcmVzIHVzIHRvIHN1cHBseSBpdC5cbiAgICAgICAgICAvLyBNb3JlIGRldGFpbHMgaGVyZTogaHR0cHM6Ly93ZWIuYXJjaGl2ZS5vcmcvd2ViLzIwMjQwMTIyMTU1NzU4L2h0dHBzOi8vZ2l0aHViLmNvbS9hd3MtYWN0aW9ucy9jb25maWd1cmUtYXdzLWNyZWRlbnRpYWxzL2lzc3Vlcy8zNTcjaXNzdWVjb21tZW50LTE2MjYzNTczMzNcbiAgICAgICAgICB0aHVtYnByaW50TGlzdDogW1wiMWM1OGEzYTg1MThlODc1OWJmMDc1Yjc2Yjc1MGQ0ZjJkZjI2NGZjZFwiXSxcbiAgICAgICAgfSxcbiAgICAgIClcbiAgICAgIGNvbnN0IG9pZGNQcm92aWRlciA9XG4gICAgICAgIGlhbS5PcGVuSWRDb25uZWN0UHJvdmlkZXIuZnJvbU9wZW5JZENvbm5lY3RQcm92aWRlckFybihcbiAgICAgICAgICB0aGlzLFxuICAgICAgICAgIFwiUHJvdmlkZXJcIixcbiAgICAgICAgICBjZm5PaWRjUHJvdmlkZXIucmVmLFxuICAgICAgICApXG4gICAgICBjb25zdCBjcmVhdGVMaW1pdGVkUm9sZSA9XG4gICAgICAgIHByb3BzLmdpdGh1YkFjdGlvbnMubGltaXRlZFJvbGVDb25maWd1cmF0aW9uPy5lbmFibGVkID8/IHRydWVcbiAgICAgIGNvbnN0IHJvbGUgPSBuZXcgR2l0aHViQWN0aW9uc1JvbGUodGhpcywgXCJHaXRodWJBY3Rpb25zUm9sZVwiLCB7XG4gICAgICAgIG9pZGNQcm92aWRlcixcbiAgICAgICAgdHJ1c3RlZE93bmVycyxcbiAgICAgICAgcm9sZU5hbWU6IHByb3BzLmdpdGh1YkFjdGlvbnMucm9sZU5hbWUgPz8gXCJnaXRodWItYWN0aW9ucy1yb2xlXCIsXG4gICAgICAgIHRydXN0ZWRCcmFuY2g6IGNyZWF0ZUxpbWl0ZWRSb2xlXG4gICAgICAgICAgPyBwcm9wcy5naXRodWJBY3Rpb25zLmRlZmF1bHRCcmFuY2ggPz8gXCJtYXN0ZXJcIlxuICAgICAgICAgIDogLy8gTk9URTogSWYgdGhlIGxpbWl0ZWQgcm9sZSBpcyBkaXNhYmxlZCwgb25seSBvbmUgcm9sZSB3aWxsIGJlIGNyZWF0ZWRcbiAgICAgICAgICAgIC8vIGFuZCB0aGF0IHJvbGUgdGhlbiBuZWVkcyB0byBiZSBhc3N1bWFibGUgZnJvbSBhbGwgYnJhbmNoZXMuXG4gICAgICAgICAgICBcIipcIixcbiAgICAgICAgcmVwb3NpdG9yaWVzOiBwcm9wcy5naXRodWJBY3Rpb25zLnJlcG9zaXRvcmllcyxcbiAgICAgIH0pXG4gICAgICB0aGlzLnJvbGUgPSByb2xlLnJvbGVcbiAgICAgIHRoaXMucm9sZS5hZGRUb1BvbGljeShwb2xpY3lTdGF0ZW1lbnRzLmFsbG93UGlwZWxpbmVWYXJpYWJsZXModGhpcykpXG4gICAgICBidWNrZXQuZ3JhbnRQdXQodGhpcy5yb2xlKVxuICAgICAgZWNyUmVwby5ncmFudFB1bGxQdXNoKHRoaXMucm9sZSlcbiAgICAgIGlmIChjcmVhdGVMaW1pdGVkUm9sZSkge1xuICAgICAgICBjb25zdCBsaW1pdGVkUm9sZSA9IG5ldyBHaXRodWJBY3Rpb25zUm9sZShcbiAgICAgICAgICB0aGlzLFxuICAgICAgICAgIFwiR2l0aHViQWN0aW9uc0xpbWl0ZWRSb2xlXCIsXG4gICAgICAgICAge1xuICAgICAgICAgICAgb2lkY1Byb3ZpZGVyLFxuICAgICAgICAgICAgdHJ1c3RlZE93bmVycyxcbiAgICAgICAgICAgIHJvbGVOYW1lOlxuICAgICAgICAgICAgICBwcm9wcy5naXRodWJBY3Rpb25zLmxpbWl0ZWRSb2xlQ29uZmlndXJhdGlvbj8ucm9sZU5hbWUgPz9cbiAgICAgICAgICAgICAgXCJnaXRodWItYWN0aW9ucy1saW1pdGVkLXJvbGVcIixcbiAgICAgICAgICAgIC8vIE5PVEU6IFRoZSBsaW1pdGVkIHJvbGUgY2FuIGJlIGFzc3VtZWQgZnJvbSBhbGwgYnJhbmNoZXMuXG4gICAgICAgICAgICB0cnVzdGVkQnJhbmNoOiBcIipcIixcbiAgICAgICAgICAgIHJlcG9zaXRvcmllczogcHJvcHMuZ2l0aHViQWN0aW9ucy5yZXBvc2l0b3JpZXMsXG4gICAgICAgICAgfSxcbiAgICAgICAgKVxuICAgICAgICB0aGlzLmxpbWl0ZWRSb2xlID0gbGltaXRlZFJvbGUucm9sZVxuICAgICAgICB0aGlzLmxpbWl0ZWRSb2xlLmFkZFRvUG9saWN5KFxuICAgICAgICAgIHBvbGljeVN0YXRlbWVudHMuYWxsb3dQaXBlbGluZVZhcmlhYmxlcyh0aGlzLCBcImRldipcIiksXG4gICAgICAgIClcbiAgICAgICAgdGhpcy5saW1pdGVkUm9sZS5hZGRUb1BvbGljeShcbiAgICAgICAgICBwb2xpY3lTdGF0ZW1lbnRzLmRlbnlQcm9kUGlwZWxpbmVzKHNjb3BlLCBidWNrZXQpLFxuICAgICAgICApXG4gICAgICAgIGJ1Y2tldC5ncmFudFB1dCh0aGlzLmxpbWl0ZWRSb2xlKVxuICAgICAgICBlY3JSZXBvLmdyYW50UHVsbFB1c2godGhpcy5saW1pdGVkUm9sZSlcbiAgICAgIH1cbiAgICB9XG4gICAgaWYgKHByb3BzLmNpUm9sZU5hbWUpIHtcbiAgICAgIGNvbnN0IGxlZ2FjeVJvbGVGb3JKZW5raW5zID0gbmV3IGlhbS5Sb2xlKHRoaXMsIFwiQ2lSb2xlXCIsIHtcbiAgICAgICAgcm9sZU5hbWU6IHByb3BzLmNpUm9sZU5hbWUsXG4gICAgICAgIGFzc3VtZWRCeTogbmV3IGlhbS5Bcm5QcmluY2lwYWwoXG4gICAgICAgICAgXCJhcm46YXdzOmlhbTo6OTIzNDAyMDk3MDQ2OnJvbGUvYnVpbGR0b29scy1qZW5raW5zLVJvbGVKZW5raW5zU2xhdmUtSlFHWUhSNVdFNkM1XCIsXG4gICAgICAgICksXG4gICAgICB9KVxuICAgICAgbGVnYWN5Um9sZUZvckplbmtpbnMuYWRkVG9Qb2xpY3koXG4gICAgICAgIHBvbGljeVN0YXRlbWVudHMuYWxsb3dQaXBlbGluZVZhcmlhYmxlcyh0aGlzKSxcbiAgICAgIClcbiAgICAgIGJ1Y2tldC5ncmFudFB1dChsZWdhY3lSb2xlRm9ySmVua2lucylcbiAgICAgIGVjclJlcG8uZ3JhbnRQdWxsUHVzaChsZWdhY3lSb2xlRm9ySmVua2lucylcbiAgICB9XG5cbiAgICBuZXcgY2RrLkNmbk91dHB1dCh0aGlzLCBcIkVjclJlcG9VcmlcIiwge1xuICAgICAgdmFsdWU6IGVjclJlcG8ucmVwb3NpdG9yeVVyaSxcbiAgICB9KVxuXG4gICAgbmV3IGNkay5DZm5PdXRwdXQodGhpcywgXCJCdWNrZXROYW1lXCIsIHtcbiAgICAgIHZhbHVlOiBidWNrZXQuYnVja2V0TmFtZSxcbiAgICB9KVxuXG4gICAgaWYgKHRoaXMucm9sZSkge1xuICAgICAgbmV3IGNkay5DZm5PdXRwdXQodGhpcywgXCJSb2xlQXJuXCIsIHtcbiAgICAgICAgdmFsdWU6IHRoaXMucm9sZS5yb2xlQXJuLFxuICAgICAgfSlcbiAgICB9XG4gICAgaWYgKHRoaXMubGltaXRlZFJvbGUpIHtcbiAgICAgIG5ldyBjZGsuQ2ZuT3V0cHV0KHRoaXMsIFwiTGltaXRlZFJvbGVBcm5cIiwge1xuICAgICAgICB2YWx1ZTogdGhpcy5saW1pdGVkUm9sZS5yb2xlQXJuLFxuICAgICAgfSlcbiAgICB9XG4gIH1cbn1cbiJdfQ==

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@liflig/cdk",
-  "version": "2.18.9",
+  "version": "2.19.0",
   "description": "CDK library for Liflig",
   "repository": {
     "type": "git",
@@ -40,11 +40,11 @@
   },
   "devDependencies": {
     "@aws-cdk/assert": "2.68.0",
-    "@commitlint/cli": "18.4.3",
-    "@commitlint/config-conventional": "18.4.3",
-    "@types/aws-lambda": "8.10.130",
+    "@commitlint/cli": "18.4.4",
+    "@commitlint/config-conventional": "18.4.4",
+    "@types/aws-lambda": "8.10.131",
     "@types/jest": "29.5.11",
-    "@types/node": "18.19.3",
+    "@types/node": "18.19.8",
     "@typescript-eslint/eslint-plugin": "5.62.0",
     "@typescript-eslint/parser": "5.62.0",
     "aws-cdk": "2.111.0",
@@ -52,11 +52,11 @@
     "constructs": "10.3.0",
     "eslint": "8.56.0",
     "eslint-config-prettier": "9.1.0",
-    "eslint-plugin-prettier": "5.0.1",
+    "eslint-plugin-prettier": "5.1.3",
     "husky": "8.0.3",
     "jest": "29.7.0",
     "jest-cdk-snapshot": "2.0.1",
-    "prettier": "3.1.1",
+    "prettier": "3.2.4",
     "semantic-release": "22.0.12",
     "ts-jest": "29.1.1",
     "ts-node": "10.9.2",
@@ -64,7 +64,7 @@
   },
   "dependencies": {
     "@capraconsulting/webapp-deploy-lambda": "2.1.5",
-    "aws-sdk": "2.1504.0",
+    "aws-sdk": "2.1527.0",
     "cpy": "8.1.2",
     "del": "6.1.1",
     "execa": "5.1.1",