@pierskarsenbarg/sdm 1.5.0 → 1.7.0

package/types/output.d.ts

@@ -317,6 +317,7 @@ export interface GetResourceResource {
     athenas: outputs.GetResourceResourceAthena[];
     auroraMysqls: outputs.GetResourceResourceAuroraMysql[];
     auroraPostgres: outputs.GetResourceResourceAuroraPostgre[];
+    auroraPostgresIams: outputs.GetResourceResourceAuroraPostgresIam[];
     aws: outputs.GetResourceResourceAw[];
     awsConsoleStaticKeyPairs: outputs.GetResourceResourceAwsConsoleStaticKeyPair[];
     awsConsoles: outputs.GetResourceResourceAwsConsole[];
@@ -369,6 +370,7 @@ export interface GetResourceResource {
     rabbitmqAmqp091s: outputs.GetResourceResourceRabbitmqAmqp091[];
     rawTcps: outputs.GetResourceResourceRawTcp[];
     rdps: outputs.GetResourceResourceRdp[];
+    rdsPostgresIams: outputs.GetResourceResourceRdsPostgresIam[];
     redis: outputs.GetResourceResourceRedi[];
     redshifts: outputs.GetResourceResourceRedshift[];
     singleStores: outputs.GetResourceResourceSingleStore[];
@@ -1279,6 +1281,70 @@ export interface GetResourceResourceAuroraPostgre {
      */
     username?: string;
 }
+export interface GetResourceResourceAuroraPostgresIam {
+    /**
+     * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
+     */
+    bindInterface?: string;
+    /**
+     * The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
+     */
+    database?: string;
+    /**
+     * A filter applied to the routing logic to pin datasource to nodes.
+     */
+    egressFilter?: string;
+    /**
+     * The host to dial to initiate a connection from the egress node to this resource.
+     */
+    hostname?: string;
+    /**
+     * Unique identifier of the Resource.
+     */
+    id?: string;
+    /**
+     * Unique human-readable name of the Resource.
+     */
+    name?: string;
+    /**
+     * If set, the database configured cannot be changed by users. This setting is not recommended for most use cases, as some clients will insist their database has changed when it has not, leading to user confusion.
+     */
+    overrideDatabase?: boolean;
+    /**
+     * The port to dial to initiate a connection from the egress node to this resource.
+     */
+    port?: number;
+    /**
+     * The local port used by clients to connect to this resource.
+     */
+    portOverride?: number;
+    /**
+     * The AWS region to connect to.
+     */
+    region?: string;
+    /**
+     * If provided, the gateway/relay will try to assume this role instead of the underlying compute's role.
+     */
+    roleAssumptionArn?: string;
+    /**
+     * ID of the secret store containing credentials for this resource, if any.
+     */
+    secretStoreId?: string;
+    /**
+     * Subdomain is the local DNS address.  (e.g. app-prod1 turns into app-prod1.your-org-name.sdm.network)
+     */
+    subdomain?: string;
+    /**
+     * Tags is a map of key, value pairs.
+     */
+    tags?: {
+        [key: string]: string;
+    };
+    /**
+     * The username to authenticate with.
+     */
+    username?: string;
+}
 export interface GetResourceResourceAw {
     /**
      * The Access Key ID to use to authenticate.
@@ -4299,6 +4365,10 @@ export interface GetResourceResourceRdp {
      * Unique identifier of the Resource.
      */
     id?: string;
+    /**
+     * When set, require a resource lock to access the resource to ensure it can only be used by one user at a time.
+     */
+    lockRequired?: boolean;
     /**
      * Unique human-readable name of the Resource.
      */
@@ -4334,6 +4404,70 @@ export interface GetResourceResourceRdp {
      */
     username?: string;
 }
+export interface GetResourceResourceRdsPostgresIam {
+    /**
+     * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
+     */
+    bindInterface?: string;
+    /**
+     * The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
+     */
+    database?: string;
+    /**
+     * A filter applied to the routing logic to pin datasource to nodes.
+     */
+    egressFilter?: string;
+    /**
+     * The host to dial to initiate a connection from the egress node to this resource.
+     */
+    hostname?: string;
+    /**
+     * Unique identifier of the Resource.
+     */
+    id?: string;
+    /**
+     * Unique human-readable name of the Resource.
+     */
+    name?: string;
+    /**
+     * If set, the database configured cannot be changed by users. This setting is not recommended for most use cases, as some clients will insist their database has changed when it has not, leading to user confusion.
+     */
+    overrideDatabase?: boolean;
+    /**
+     * The port to dial to initiate a connection from the egress node to this resource.
+     */
+    port?: number;
+    /**
+     * The local port used by clients to connect to this resource.
+     */
+    portOverride?: number;
+    /**
+     * The AWS region to connect to.
+     */
+    region?: string;
+    /**
+     * If provided, the gateway/relay will try to assume this role instead of the underlying compute's role.
+     */
+    roleAssumptionArn?: string;
+    /**
+     * ID of the secret store containing credentials for this resource, if any.
+     */
+    secretStoreId?: string;
+    /**
+     * Subdomain is the local DNS address.  (e.g. app-prod1 turns into app-prod1.your-org-name.sdm.network)
+     */
+    subdomain?: string;
+    /**
+     * Tags is a map of key, value pairs.
+     */
+    tags?: {
+        [key: string]: string;
+    };
+    /**
+     * The username to authenticate with.
+     */
+    username?: string;
+}
 export interface GetResourceResourceRedi {
     /**
      * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
@@ -5505,6 +5639,64 @@ export interface GetSecretStoreSecretStoreVaultToken {
         [key: string]: string;
     };
 }
+export interface GetWorkflowApproverWorkflowApprover {
+    /**
+     * The approver id.
+     */
+    approverId?: string;
+    /**
+     * Unique identifier of the WorkflowApprover.
+     */
+    id?: string;
+    /**
+     * The workflow id.
+     */
+    workflowId?: string;
+}
+export interface GetWorkflowRoleWorkflowRole {
+    /**
+     * Unique identifier of the WorkflowRole.
+     */
+    id?: string;
+    /**
+     * The role id.
+     */
+    roleId?: string;
+    /**
+     * The workflow id.
+     */
+    workflowId?: string;
+}
+export interface GetWorkflowWorkflow {
+    /**
+     * AccessRules is a list of access rules defining the resources this Workflow provides access to.
+     */
+    accessRules?: string;
+    /**
+     * Optional auto grant setting to automatically approve requests or not, defaults to false.
+     */
+    autoGrant?: boolean;
+    /**
+     * Optional description of the Workflow.
+     */
+    description?: string;
+    /**
+     * Optional enabled state for workflow. This setting may be overridden by the system if the workflow doesn't meet the requirements to be enabled or if other conditions prevent enabling the workflow. The requirements to enable a workflow are that the workflow must be either set up for with auto grant enabled or have one or more WorkflowApprovers created for the workflow.
+     */
+    enabled?: boolean;
+    /**
+     * Unique identifier of the Workflow.
+     */
+    id?: string;
+    /**
+     * Unique human-readable name of the Workflow.
+     */
+    name?: string;
+    /**
+     * Optional weight for workflow to specify it's priority in matching a request.
+     */
+    weight?: number;
+}
 export interface NodeGateway {
     /**
      * The hostname/port tuple which the gateway daemon will bind to. If not provided on create, set to "0.0.0.0:listen_address_port".
@@ -6425,6 +6617,66 @@ export interface ResourceAuroraPostgres {
      */
     username?: string;
 }
+export interface ResourceAuroraPostgresIam {
+    /**
+     * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
+     */
+    bindInterface: string;
+    /**
+     * The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
+     */
+    database: string;
+    /**
+     * A filter applied to the routing logic to pin datasource to nodes.
+     */
+    egressFilter?: string;
+    /**
+     * The host to dial to initiate a connection from the egress node to this resource.
+     */
+    hostname: string;
+    /**
+     * Unique human-readable name of the Resource.
+     */
+    name: string;
+    /**
+     * If set, the database configured cannot be changed by users. This setting is not recommended for most use cases, as some clients will insist their database has changed when it has not, leading to user confusion.
+     */
+    overrideDatabase?: boolean;
+    /**
+     * The port to dial to initiate a connection from the egress node to this resource.
+     */
+    port?: number;
+    /**
+     * The local port used by clients to connect to this resource.
+     */
+    portOverride: number;
+    /**
+     * The AWS region to connect to.
+     */
+    region: string;
+    /**
+     * If provided, the gateway/relay will try to assume this role instead of the underlying compute's role.
+     */
+    roleAssumptionArn?: string;
+    /**
+     * ID of the secret store containing credentials for this resource, if any.
+     */
+    secretStoreId?: string;
+    /**
+     * Subdomain is the local DNS address.  (e.g. app-prod1 turns into app-prod1.your-org-name.sdm.network)
+     */
+    subdomain: string;
+    /**
+     * Tags is a map of key, value pairs.
+     */
+    tags?: {
+        [key: string]: string;
+    };
+    /**
+     * The username to authenticate with.
+     */
+    username?: string;
+}
 export interface ResourceAws {
     /**
      * The Access Key ID to use to authenticate.
@@ -9237,6 +9489,10 @@ export interface ResourceRdp {
      * The host to dial to initiate a connection from the egress node to this resource.
      */
     hostname: string;
+    /**
+     * When set, require a resource lock to access the resource to ensure it can only be used by one user at a time.
+     */
+    lockRequired?: boolean;
     /**
      * Unique human-readable name of the Resource.
      */
@@ -9272,6 +9528,66 @@ export interface ResourceRdp {
      */
     username?: string;
 }
+export interface ResourceRdsPostgresIam {
+    /**
+     * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
+     */
+    bindInterface: string;
+    /**
+     * The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
+     */
+    database: string;
+    /**
+     * A filter applied to the routing logic to pin datasource to nodes.
+     */
+    egressFilter?: string;
+    /**
+     * The host to dial to initiate a connection from the egress node to this resource.
+     */
+    hostname: string;
+    /**
+     * Unique human-readable name of the Resource.
+     */
+    name: string;
+    /**
+     * If set, the database configured cannot be changed by users. This setting is not recommended for most use cases, as some clients will insist their database has changed when it has not, leading to user confusion.
+     */
+    overrideDatabase?: boolean;
+    /**
+     * The port to dial to initiate a connection from the egress node to this resource.
+     */
+    port?: number;
+    /**
+     * The local port used by clients to connect to this resource.
+     */
+    portOverride: number;
+    /**
+     * The AWS region to connect to.
+     */
+    region: string;
+    /**
+     * If provided, the gateway/relay will try to assume this role instead of the underlying compute's role.
+     */
+    roleAssumptionArn?: string;
+    /**
+     * ID of the secret store containing credentials for this resource, if any.
+     */
+    secretStoreId?: string;
+    /**
+     * Subdomain is the local DNS address.  (e.g. app-prod1 turns into app-prod1.your-org-name.sdm.network)
+     */
+    subdomain: string;
+    /**
+     * Tags is a map of key, value pairs.
+     */
+    tags?: {
+        [key: string]: string;
+    };
+    /**
+     * The username to authenticate with.
+     */
+    username?: string;
+}
 export interface ResourceRedis {
     /**
      * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.

package/workflow.d.ts

@@ -0,0 +1,148 @@
+import * as pulumi from "@pulumi/pulumi";
+/**
+ * Workflows are the collection of rules that define the resources to which access can be requested,
+ *  the users that can request that access, and the mechanism for approving those requests which can either
+ *  but automatic approval or a set of users authorized to approve the requests.
+ * ## Example Usage
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as sdm from "@pierskarsenbarg/sdm";
+ *
+ * const autoGrantWorkflow = new sdm.Workflow("autoGrantWorkflow", {
+ *     autoGrant: true,
+ *     enabled: true,
+ *     accessRules: JSON.stringify([{
+ *         type: "redis",
+ *         tags: {
+ *             region: "us-east",
+ *         },
+ *     }]),
+ * });
+ * const manualApprovalWorkflow = new sdm.Workflow("manualApprovalWorkflow", {
+ *     autoGrant: false,
+ *     accessRules: JSON.stringify([{
+ *         type: "redis",
+ *         tags: {
+ *             region: "us-east",
+ *         },
+ *     }]),
+ * });
+ * ```
+ * This resource can be imported using the import command.
+ *
+ * ## Import
+ *
+ * A Workflow can be imported using the id, e.g.,
+ *
+ * ```sh
+ *  $ pulumi import sdm:index/workflow:Workflow example aw-12345678
+ * ```
+ */
+export declare class Workflow extends pulumi.CustomResource {
+    /**
+     * Get an existing Workflow resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: WorkflowState, opts?: pulumi.CustomResourceOptions): Workflow;
+    /**
+     * Returns true if the given object is an instance of Workflow.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj: any): obj is Workflow;
+    /**
+     * AccessRules is a list of access rules defining the resources this Workflow provides access to.
+     */
+    readonly accessRules: pulumi.Output<string>;
+    /**
+     * Optional auto grant setting to automatically approve requests or not, defaults to false.
+     */
+    readonly autoGrant: pulumi.Output<boolean | undefined>;
+    /**
+     * Optional description of the Workflow.
+     */
+    readonly description: pulumi.Output<string | undefined>;
+    /**
+     * Optional enabled state for workflow. This setting may be overridden by the system if the workflow doesn't meet the requirements to be enabled or if other conditions prevent enabling the workflow. The requirements to enable a workflow are that the workflow must be either set up for with auto grant enabled or have one or more WorkflowApprovers created for the workflow.
+     */
+    readonly enabled: pulumi.Output<boolean | undefined>;
+    /**
+     * Unique human-readable name of the Workflow.
+     */
+    readonly name: pulumi.Output<string>;
+    /**
+     * Optional weight for workflow to specify it's priority in matching a request.
+     */
+    readonly weight: pulumi.Output<number>;
+    /**
+     * Create a Workflow resource with the given unique name, arguments, and options.
+     *
+     * @param name The _unique_ name of the resource.
+     * @param args The arguments to use to populate this resource's properties.
+     * @param opts A bag of options that control this resource's behavior.
+     */
+    constructor(name: string, args?: WorkflowArgs, opts?: pulumi.CustomResourceOptions);
+}
+/**
+ * Input properties used for looking up and filtering Workflow resources.
+ */
+export interface WorkflowState {
+    /**
+     * AccessRules is a list of access rules defining the resources this Workflow provides access to.
+     */
+    accessRules?: pulumi.Input<string>;
+    /**
+     * Optional auto grant setting to automatically approve requests or not, defaults to false.
+     */
+    autoGrant?: pulumi.Input<boolean>;
+    /**
+     * Optional description of the Workflow.
+     */
+    description?: pulumi.Input<string>;
+    /**
+     * Optional enabled state for workflow. This setting may be overridden by the system if the workflow doesn't meet the requirements to be enabled or if other conditions prevent enabling the workflow. The requirements to enable a workflow are that the workflow must be either set up for with auto grant enabled or have one or more WorkflowApprovers created for the workflow.
+     */
+    enabled?: pulumi.Input<boolean>;
+    /**
+     * Unique human-readable name of the Workflow.
+     */
+    name?: pulumi.Input<string>;
+    /**
+     * Optional weight for workflow to specify it's priority in matching a request.
+     */
+    weight?: pulumi.Input<number>;
+}
+/**
+ * The set of arguments for constructing a Workflow resource.
+ */
+export interface WorkflowArgs {
+    /**
+     * AccessRules is a list of access rules defining the resources this Workflow provides access to.
+     */
+    accessRules?: pulumi.Input<string>;
+    /**
+     * Optional auto grant setting to automatically approve requests or not, defaults to false.
+     */
+    autoGrant?: pulumi.Input<boolean>;
+    /**
+     * Optional description of the Workflow.
+     */
+    description?: pulumi.Input<string>;
+    /**
+     * Optional enabled state for workflow. This setting may be overridden by the system if the workflow doesn't meet the requirements to be enabled or if other conditions prevent enabling the workflow. The requirements to enable a workflow are that the workflow must be either set up for with auto grant enabled or have one or more WorkflowApprovers created for the workflow.
+     */
+    enabled?: pulumi.Input<boolean>;
+    /**
+     * Unique human-readable name of the Workflow.
+     */
+    name?: pulumi.Input<string>;
+    /**
+     * Optional weight for workflow to specify it's priority in matching a request.
+     */
+    weight?: pulumi.Input<number>;
+}

package/workflow.js

@@ -0,0 +1,99 @@
+"use strict";
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Workflow = void 0;
+const pulumi = require("@pulumi/pulumi");
+const utilities = require("./utilities");
+/**
+ * Workflows are the collection of rules that define the resources to which access can be requested,
+ *  the users that can request that access, and the mechanism for approving those requests which can either
+ *  but automatic approval or a set of users authorized to approve the requests.
+ * ## Example Usage
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as sdm from "@pierskarsenbarg/sdm";
+ *
+ * const autoGrantWorkflow = new sdm.Workflow("autoGrantWorkflow", {
+ *     autoGrant: true,
+ *     enabled: true,
+ *     accessRules: JSON.stringify([{
+ *         type: "redis",
+ *         tags: {
+ *             region: "us-east",
+ *         },
+ *     }]),
+ * });
+ * const manualApprovalWorkflow = new sdm.Workflow("manualApprovalWorkflow", {
+ *     autoGrant: false,
+ *     accessRules: JSON.stringify([{
+ *         type: "redis",
+ *         tags: {
+ *             region: "us-east",
+ *         },
+ *     }]),
+ * });
+ * ```
+ * This resource can be imported using the import command.
+ *
+ * ## Import
+ *
+ * A Workflow can be imported using the id, e.g.,
+ *
+ * ```sh
+ *  $ pulumi import sdm:index/workflow:Workflow example aw-12345678
+ * ```
+ */
+class Workflow extends pulumi.CustomResource {
+    /**
+     * Get an existing Workflow resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    static get(name, id, state, opts) {
+        return new Workflow(name, state, Object.assign(Object.assign({}, opts), { id: id }));
+    }
+    /**
+     * Returns true if the given object is an instance of Workflow.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj) {
+        if (obj === undefined || obj === null) {
+            return false;
+        }
+        return obj['__pulumiType'] === Workflow.__pulumiType;
+    }
+    constructor(name, argsOrState, opts) {
+        let resourceInputs = {};
+        opts = opts || {};
+        if (opts.id) {
+            const state = argsOrState;
+            resourceInputs["accessRules"] = state ? state.accessRules : undefined;
+            resourceInputs["autoGrant"] = state ? state.autoGrant : undefined;
+            resourceInputs["description"] = state ? state.description : undefined;
+            resourceInputs["enabled"] = state ? state.enabled : undefined;
+            resourceInputs["name"] = state ? state.name : undefined;
+            resourceInputs["weight"] = state ? state.weight : undefined;
+        }
+        else {
+            const args = argsOrState;
+            resourceInputs["accessRules"] = args ? args.accessRules : undefined;
+            resourceInputs["autoGrant"] = args ? args.autoGrant : undefined;
+            resourceInputs["description"] = args ? args.description : undefined;
+            resourceInputs["enabled"] = args ? args.enabled : undefined;
+            resourceInputs["name"] = args ? args.name : undefined;
+            resourceInputs["weight"] = args ? args.weight : undefined;
+        }
+        opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
+        super(Workflow.__pulumiType, name, resourceInputs, opts);
+    }
+}
+exports.Workflow = Workflow;
+/** @internal */
+Workflow.__pulumiType = 'sdm:index/workflow:Workflow';
+//# sourceMappingURL=workflow.js.map

package/workflow.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"workflow.js","sourceRoot":"","sources":["../workflow.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuCG;AACH,MAAa,QAAS,SAAQ,MAAM,CAAC,cAAc;IAC/C;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAqB,EAAE,IAAmC;QACnH,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IAC/D,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,QAAQ,CAAC,YAAY,CAAC;IACzD,CAAC;IAmCD,YAAY,IAAY,EAAE,WAA0C,EAAE,IAAmC;QACrG,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAwC,CAAC;YACvD,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;SAC/D;aAAM;YACH,MAAM,IAAI,GAAG,WAAuC,CAAC;YACrD,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;SAC7D;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,QAAQ,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAC7D,CAAC;;AAnFL,4BAoFC;AAtEG,gBAAgB;AACO,qBAAY,GAAG,6BAA6B,CAAC"}