@pulumi/okta 4.9.0-alpha.1718431198 → 4.9.0-alpha.1718755579
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/adminRoleCustom.d.ts +105 -107
- package/adminRoleCustom.js +3 -5
- package/adminRoleCustom.js.map +1 -1
- package/adminRoleCustomAssignments.d.ts +12 -18
- package/adminRoleCustomAssignments.js +3 -6
- package/adminRoleCustomAssignments.js.map +1 -1
- package/adminRoleTargets.d.ts +14 -16
- package/adminRoleTargets.js +0 -2
- package/adminRoleTargets.js.map +1 -1
- package/app/accessPolicyAssignment.d.ts +23 -2
- package/app/accessPolicyAssignment.js +23 -2
- package/app/accessPolicyAssignment.js.map +1 -1
- package/app/autoLogin.d.ts +63 -97
- package/app/autoLogin.js +3 -37
- package/app/autoLogin.js.map +1 -1
- package/app/basicAuth.d.ts +30 -33
- package/app/basicAuth.js +4 -7
- package/app/basicAuth.js.map +1 -1
- package/app/bookmark.d.ts +30 -33
- package/app/bookmark.js +3 -6
- package/app/bookmark.js.map +1 -1
- package/app/getApp.d.ts +58 -25
- package/app/getApp.js +2 -2
- package/app/getApp.js.map +1 -1
- package/app/getMetadataSaml.d.ts +11 -5
- package/app/getMetadataSaml.js +2 -2
- package/app/getMetadataSaml.js.map +1 -1
- package/app/getOauth.d.ts +62 -34
- package/app/getOauth.js +2 -2
- package/app/getOauth.js.map +1 -1
- package/app/getSaml.d.ts +75 -56
- package/app/getSaml.js +2 -2
- package/app/getSaml.js.map +1 -1
- package/app/groupAssignment.d.ts +23 -9
- package/app/groupAssignment.js +17 -3
- package/app/groupAssignment.js.map +1 -1
- package/app/oauth.d.ts +135 -273
- package/app/oauth.js +6 -60
- package/app/oauth.js.map +1 -1
- package/app/oauthPostLogoutRedirectUri.d.ts +4 -6
- package/app/oauthPostLogoutRedirectUri.js +1 -3
- package/app/oauthPostLogoutRedirectUri.js.map +1 -1
- package/app/oauthRedirectUri.d.ts +4 -6
- package/app/oauthRedirectUri.js +1 -3
- package/app/oauthRedirectUri.js.map +1 -1
- package/app/oauthRoleAssignment.d.ts +4 -29
- package/app/oauthRoleAssignment.js +4 -29
- package/app/oauthRoleAssignment.js.map +1 -1
- package/app/saml.d.ts +161 -289
- package/app/saml.js +6 -152
- package/app/saml.js.map +1 -1
- package/app/securePasswordStore.d.ts +79 -80
- package/app/securePasswordStore.js +6 -7
- package/app/securePasswordStore.js.map +1 -1
- package/app/swa.d.ts +70 -71
- package/app/swa.js +4 -5
- package/app/swa.js.map +1 -1
- package/app/threeField.d.ts +74 -76
- package/app/threeField.js +5 -7
- package/app/threeField.js.map +1 -1
- package/app/user.d.ts +12 -17
- package/app/user.js +0 -2
- package/app/user.js.map +1 -1
- package/appGroupAssignments.d.ts +6 -8
- package/appGroupAssignments.js +3 -5
- package/appGroupAssignments.js.map +1 -1
- package/appOauthApiScope.d.ts +5 -7
- package/appOauthApiScope.js +2 -4
- package/appOauthApiScope.js.map +1 -1
- package/appSamlAppSettings.d.ts +6 -7
- package/appSamlAppSettings.js +3 -4
- package/appSamlAppSettings.js.map +1 -1
- package/appSharedCredentials.d.ts +61 -63
- package/appSharedCredentials.js +4 -6
- package/appSharedCredentials.js.map +1 -1
- package/appSignonPolicy.d.ts +3 -39
- package/appSignonPolicy.js +3 -39
- package/appSignonPolicy.js.map +1 -1
- package/appSignonPolicyRule.d.ts +69 -361
- package/appSignonPolicyRule.js +1 -278
- package/appSignonPolicyRule.js.map +1 -1
- package/appUserBaseSchemaProperty.d.ts +25 -29
- package/appUserBaseSchemaProperty.js +1 -5
- package/appUserBaseSchemaProperty.js.map +1 -1
- package/appUserSchemaProperty.d.ts +51 -41
- package/appUserSchemaProperty.js +0 -2
- package/appUserSchemaProperty.js.map +1 -1
- package/auth/getServer.d.ts +11 -11
- package/auth/getServer.js +2 -2
- package/auth/getServerPolicy.d.ts +15 -9
- package/auth/getServerPolicy.js +2 -2
- package/auth/getServerPolicy.js.map +1 -1
- package/auth/getServerScopes.d.ts +8 -5
- package/auth/getServerScopes.js +2 -2
- package/auth/getServerScopes.js.map +1 -1
- package/auth/server.d.ts +15 -19
- package/auth/server.js +1 -5
- package/auth/server.js.map +1 -1
- package/auth/serverClaim.d.ts +13 -17
- package/auth/serverClaim.js +1 -5
- package/auth/serverClaim.js.map +1 -1
- package/auth/serverPolicy.d.ts +10 -14
- package/auth/serverPolicy.js +1 -5
- package/auth/serverPolicy.js.map +1 -1
- package/auth/serverPolicyClaim.d.ts +50 -66
- package/auth/serverPolicyClaim.js +0 -25
- package/auth/serverPolicyClaim.js.map +1 -1
- package/auth/serverPolicyRule.d.ts +32 -43
- package/auth/serverPolicyRule.js +0 -2
- package/auth/serverPolicyRule.js.map +1 -1
- package/auth/serverScope.d.ts +16 -20
- package/auth/serverScope.js +1 -5
- package/auth/serverScope.js.map +1 -1
- package/authServerClaimDefault.d.ts +10 -25
- package/authServerClaimDefault.js +0 -9
- package/authServerClaimDefault.js.map +1 -1
- package/authServerDefault.d.ts +15 -19
- package/authServerDefault.js +1 -5
- package/authServerDefault.js.map +1 -1
- package/authenticator.d.ts +53 -61
- package/authenticator.js +11 -11
- package/authenticator.js.map +1 -1
- package/behaviour.d.ts +21 -41
- package/behaviour.js +0 -2
- package/behaviour.js.map +1 -1
- package/brand.d.ts +23 -22
- package/brand.js +8 -4
- package/brand.js.map +1 -1
- package/captcha.d.ts +15 -17
- package/captcha.js +3 -5
- package/captcha.js.map +1 -1
- package/captchaOrgWideSettings.d.ts +8 -43
- package/captchaOrgWideSettings.js +2 -37
- package/captchaOrgWideSettings.js.map +1 -1
- package/domain.d.ts +13 -21
- package/domain.js +0 -2
- package/domain.js.map +1 -1
- package/domainCertificate.d.ts +17 -24
- package/domainCertificate.js +2 -9
- package/domainCertificate.js.map +1 -1
- package/domainVerification.d.ts +4 -10
- package/domainVerification.js +1 -7
- package/domainVerification.js.map +1 -1
- package/emailCustomization.d.ts +38 -222
- package/emailCustomization.js +29 -33
- package/emailCustomization.js.map +1 -1
- package/emailDomain.d.ts +4 -8
- package/emailDomain.js +0 -4
- package/emailDomain.js.map +1 -1
- package/emailDomainVerification.d.ts +3 -7
- package/emailDomainVerification.js +0 -4
- package/emailDomainVerification.js.map +1 -1
- package/emailSender.d.ts +15 -17
- package/emailSender.js +2 -4
- package/emailSender.js.map +1 -1
- package/emailSenderVerification.d.ts +5 -9
- package/emailSenderVerification.js +2 -6
- package/emailSenderVerification.js.map +1 -1
- package/eventHook.d.ts +16 -11
- package/eventHook.js +1 -5
- package/eventHook.js.map +1 -1
- package/eventHookVerification.d.ts +4 -10
- package/eventHookVerification.js +1 -7
- package/eventHookVerification.js.map +1 -1
- package/factor/factor.d.ts +4 -9
- package/factor/factor.js +1 -3
- package/factor/factor.js.map +1 -1
- package/factorTotp.d.ts +12 -21
- package/factorTotp.js +3 -3
- package/factorTotp.js.map +1 -1
- package/getAppGroupAssignments.d.ts +6 -6
- package/getAppGroupAssignments.js +2 -2
- package/getAppSignonPolicy.d.ts +16 -6
- package/getAppSignonPolicy.js +8 -4
- package/getAppSignonPolicy.js.map +1 -1
- package/getAppUserAssignments.d.ts +6 -6
- package/getAppUserAssignments.js +2 -2
- package/getAuthServerClaim.d.ts +15 -12
- package/getAuthServerClaim.js +2 -2
- package/getAuthServerClaim.js.map +1 -1
- package/getAuthServerClaims.d.ts +8 -5
- package/getAuthServerClaims.js +2 -2
- package/getAuthServerClaims.js.map +1 -1
- package/getAuthenticator.d.ts +24 -26
- package/getAuthenticator.js +14 -22
- package/getAuthenticator.js.map +1 -1
- package/getBehaviour.d.ts +6 -8
- package/getBehaviour.js +2 -2
- package/getBehaviour.js.map +1 -1
- package/getBehaviours.d.ts +7 -7
- package/getBehaviours.js +2 -2
- package/getBrand.d.ts +9 -6
- package/getBrand.js +2 -2
- package/getBrand.js.map +1 -1
- package/getBrands.d.ts +2 -2
- package/getBrands.js +2 -2
- package/getDomain.d.ts +11 -14
- package/getDomain.js +2 -8
- package/getDomain.js.map +1 -1
- package/getEmailCustomization.d.ts +14 -9
- package/getEmailCustomization.js +2 -6
- package/getEmailCustomization.js.map +1 -1
- package/getEmailCustomizations.d.ts +11 -9
- package/getEmailCustomizations.js +2 -6
- package/getEmailCustomizations.js.map +1 -1
- package/getGroups.d.ts +11 -25
- package/getGroups.js +2 -2
- package/getGroups.js.map +1 -1
- package/getLogStream.d.ts +8 -39
- package/getLogStream.js +2 -24
- package/getLogStream.js.map +1 -1
- package/getNetworkZone.d.ts +12 -12
- package/getNetworkZone.js +2 -2
- package/getOrgMetadata.d.ts +0 -22
- package/getOrgMetadata.js +0 -22
- package/getOrgMetadata.js.map +1 -1
- package/getRoleSubscription.d.ts +13 -35
- package/getRoleSubscription.js +2 -2
- package/getRoleSubscription.js.map +1 -1
- package/getTemplate.d.ts +10 -8
- package/getTemplate.js +2 -6
- package/getTemplate.js.map +1 -1
- package/getTemplates.d.ts +6 -7
- package/getTemplates.js +2 -6
- package/getTemplates.js.map +1 -1
- package/getTheme.d.ts +14 -12
- package/getTheme.js +2 -6
- package/getTheme.js.map +1 -1
- package/getThemes.d.ts +6 -7
- package/getThemes.js +2 -6
- package/getThemes.js.map +1 -1
- package/getTrustedOrigins.d.ts +7 -4
- package/getTrustedOrigins.js +2 -2
- package/getTrustedOrigins.js.map +1 -1
- package/getUserSecurityQuestions.d.ts +4 -8
- package/getUserSecurityQuestions.js +0 -4
- package/getUserSecurityQuestions.js.map +1 -1
- package/group/getEveryoneGroup.d.ts +10 -5
- package/group/getEveryoneGroup.js +4 -2
- package/group/getEveryoneGroup.js.map +1 -1
- package/group/getGroup.d.ts +17 -26
- package/group/getGroup.js +2 -2
- package/group/getGroup.js.map +1 -1
- package/group/getRule.d.ts +9 -9
- package/group/getRule.js +2 -2
- package/group/group.d.ts +4 -36
- package/group/group.js +1 -33
- package/group/group.js.map +1 -1
- package/group/role.d.ts +37 -81
- package/group/role.js +1 -6
- package/group/role.js.map +1 -1
- package/group/rule.d.ts +12 -20
- package/group/rule.js +0 -2
- package/group/rule.js.map +1 -1
- package/groupMemberships.d.ts +8 -10
- package/groupMemberships.js +2 -4
- package/groupMemberships.js.map +1 -1
- package/groupSchemaProperty.d.ts +57 -59
- package/groupSchemaProperty.js +0 -2
- package/groupSchemaProperty.js.map +1 -1
- package/idp/getMetadataSaml.d.ts +9 -6
- package/idp/getMetadataSaml.js +2 -2
- package/idp/getMetadataSaml.js.map +1 -1
- package/idp/getOidc.d.ts +9 -9
- package/idp/getOidc.js +2 -2
- package/idp/getSaml.d.ts +16 -13
- package/idp/getSaml.js +2 -2
- package/idp/getSaml.js.map +1 -1
- package/idp/getSocial.d.ts +8 -2
- package/idp/getSocial.js +2 -2
- package/idp/getSocial.js.map +1 -1
- package/idp/oidc.d.ts +70 -62
- package/idp/oidc.js +3 -5
- package/idp/oidc.js.map +1 -1
- package/idp/saml.d.ts +64 -86
- package/idp/saml.js +1 -5
- package/idp/saml.js.map +1 -1
- package/idp/samlKey.d.ts +3 -5
- package/idp/samlKey.js +0 -2
- package/idp/samlKey.js.map +1 -1
- package/idp/social.d.ts +99 -69
- package/idp/social.js +11 -5
- package/idp/social.js.map +1 -1
- package/inline/hook.d.ts +4 -26
- package/inline/hook.js +1 -5
- package/inline/hook.js.map +1 -1
- package/linkDefinition.d.ts +2 -3
- package/linkDefinition.js +2 -3
- package/linkDefinition.js.map +1 -1
- package/linkValue.d.ts +7 -9
- package/linkValue.js +1 -3
- package/linkValue.js.map +1 -1
- package/logStream.d.ts +32 -27
- package/logStream.js +23 -9
- package/logStream.js.map +1 -1
- package/network/zone.d.ts +25 -66
- package/network/zone.js +1 -39
- package/network/zone.js.map +1 -1
- package/orgConfiguration.d.ts +4 -9
- package/orgConfiguration.js +1 -3
- package/orgConfiguration.js.map +1 -1
- package/orgSupport.d.ts +4 -7
- package/orgSupport.js +1 -4
- package/orgSupport.js.map +1 -1
- package/package.json +3 -3
- package/policy/getDefaultPolicy.d.ts +9 -7
- package/policy/getDefaultPolicy.js +6 -2
- package/policy/getDefaultPolicy.js.map +1 -1
- package/policy/getPolicy.d.ts +11 -26
- package/policy/getPolicy.js +2 -2
- package/policy/getPolicy.js.map +1 -1
- package/policy/mfa.d.ts +18 -220
- package/policy/mfa.js +0 -10
- package/policy/mfa.js.map +1 -1
- package/policy/password.d.ts +91 -95
- package/policy/password.js +1 -5
- package/policy/password.js.map +1 -1
- package/policy/ruleIdpDiscovery.d.ts +111 -93
- package/policy/ruleIdpDiscovery.js +48 -57
- package/policy/ruleIdpDiscovery.js.map +1 -1
- package/policy/ruleMfa.d.ts +40 -30
- package/policy/ruleMfa.js +1 -3
- package/policy/ruleMfa.js.map +1 -1
- package/policy/rulePassword.d.ts +34 -38
- package/policy/rulePassword.js +1 -5
- package/policy/rulePassword.js.map +1 -1
- package/policy/ruleSignon.d.ts +94 -85
- package/policy/ruleSignon.js +1 -4
- package/policy/ruleSignon.js.map +1 -1
- package/policy/signon.d.ts +16 -20
- package/policy/signon.js +1 -5
- package/policy/signon.js.map +1 -1
- package/policyMfaDefault.d.ts +15 -214
- package/policyMfaDefault.js +2 -9
- package/policyMfaDefault.js.map +1 -1
- package/policyPasswordDefault.d.ts +85 -101
- package/policyPasswordDefault.js +1 -5
- package/policyPasswordDefault.js.map +1 -1
- package/policyProfileEnrollment.d.ts +8 -9
- package/policyProfileEnrollment.js +2 -3
- package/policyProfileEnrollment.js.map +1 -1
- package/policyProfileEnrollmentApps.d.ts +8 -11
- package/policyProfileEnrollmentApps.js +3 -6
- package/policyProfileEnrollmentApps.js.map +1 -1
- package/policyRuleProfileEnrollment.d.ts +42 -31
- package/policyRuleProfileEnrollment.js +2 -3
- package/policyRuleProfileEnrollment.js.map +1 -1
- package/profile/mapping.d.ts +19 -34
- package/profile/mapping.js +4 -4
- package/profile/mapping.js.map +1 -1
- package/rateLimiting.d.ts +8 -17
- package/rateLimiting.js +2 -5
- package/rateLimiting.js.map +1 -1
- package/resourceSet.d.ts +18 -26
- package/resourceSet.js +9 -14
- package/resourceSet.js.map +1 -1
- package/roleSubscription.d.ts +35 -86
- package/roleSubscription.js +2 -2
- package/roleSubscription.js.map +1 -1
- package/securityNotificationEmails.d.ts +4 -7
- package/securityNotificationEmails.js +4 -7
- package/securityNotificationEmails.js.map +1 -1
- package/templateSms.d.ts +4 -8
- package/templateSms.js +1 -5
- package/templateSms.js.map +1 -1
- package/theme.d.ts +46 -46
- package/theme.js +2 -2
- package/threatInsightSettings.d.ts +7 -27
- package/threatInsightSettings.js +1 -3
- package/threatInsightSettings.js.map +1 -1
- package/trustedorigin/origin.d.ts +13 -17
- package/trustedorigin/origin.js +1 -5
- package/trustedorigin/origin.js.map +1 -1
- package/types/input.d.ts +65 -162
- package/types/output.d.ts +75 -275
- package/user/getUser.d.ts +32 -104
- package/user/getUser.js +2 -2
- package/user/getUser.js.map +1 -1
- package/user/getUserProfileMappingSource.d.ts +9 -7
- package/user/getUserProfileMappingSource.js +6 -4
- package/user/getUserProfileMappingSource.js.map +1 -1
- package/user/getUserType.d.ts +7 -7
- package/user/getUserType.js +2 -2
- package/user/getUsers.d.ts +95 -37
- package/user/getUsers.js +64 -24
- package/user/getUsers.js.map +1 -1
- package/user/user.d.ts +160 -209
- package/user/user.js +43 -65
- package/user/user.js.map +1 -1
- package/user/userType.d.ts +1 -5
- package/user/userType.js +1 -5
- package/user/userType.js.map +1 -1
- package/userAdminRoles.d.ts +10 -17
- package/userAdminRoles.js +1 -5
- package/userAdminRoles.js.map +1 -1
- package/userBaseSchemaProperty.d.ts +26 -34
- package/userBaseSchemaProperty.js +2 -10
- package/userBaseSchemaProperty.js.map +1 -1
- package/userFactorQuestion.d.ts +1 -5
- package/userFactorQuestion.js +1 -5
- package/userFactorQuestion.js.map +1 -1
- package/userGroupMemberships.d.ts +3 -3
- package/userSchemaProperty.d.ts +57 -56
- package/userSchemaProperty.js +0 -8
- package/userSchemaProperty.js.map +1 -1
package/policy/mfa.d.ts
CHANGED
|
@@ -1,13 +1,5 @@
|
|
|
1
1
|
import * as pulumi from "@pulumi/pulumi";
|
|
2
2
|
/**
|
|
3
|
-
* Creates an MFA Policy.
|
|
4
|
-
*
|
|
5
|
-
* This resource allows you to create and configure an MFA Policy.
|
|
6
|
-
*
|
|
7
|
-
* > Requires Org Feature Flag `OKTA_MFA_POLICY`. Contact support to have this feature flag ***enabled***.
|
|
8
|
-
*
|
|
9
|
-
* > Unless Org Feature Flag `ENG_ENABLE_OPTIONAL_PASSWORD_ENROLLMENT` is ***disabled*** `oktaPassword` or `oktaEmail` must be present and its `enroll` value set to `REQUIRED`. Contact support to have this feature flag ***disabled***.
|
|
10
|
-
*
|
|
11
3
|
* ## Example Usage
|
|
12
4
|
*
|
|
13
5
|
* ```typescript
|
|
@@ -44,8 +36,6 @@ import * as pulumi from "@pulumi/pulumi";
|
|
|
44
36
|
*
|
|
45
37
|
* ## Import
|
|
46
38
|
*
|
|
47
|
-
* An MFA Policy can be imported via the Okta ID.
|
|
48
|
-
*
|
|
49
39
|
* ```sh
|
|
50
40
|
* $ pulumi import okta:policy/mfa:Mfa example <policy id>
|
|
51
41
|
* ```
|
|
@@ -67,153 +57,89 @@ export declare class Mfa extends pulumi.CustomResource {
|
|
|
67
57
|
*/
|
|
68
58
|
static isInstance(obj: any): obj is Mfa;
|
|
69
59
|
/**
|
|
70
|
-
* Policy Description
|
|
60
|
+
* Policy Description
|
|
71
61
|
*/
|
|
72
62
|
readonly description: pulumi.Output<string | undefined>;
|
|
73
|
-
/**
|
|
74
|
-
* DUO MFA policy settings (✓ Classic, ✓ OIE).
|
|
75
|
-
*/
|
|
76
63
|
readonly duo: pulumi.Output<{
|
|
77
64
|
[key: string]: string;
|
|
78
65
|
} | undefined>;
|
|
79
|
-
/**
|
|
80
|
-
* External IDP MFA policy settings (✓ OIE).
|
|
81
|
-
*/
|
|
82
66
|
readonly externalIdp: pulumi.Output<{
|
|
83
67
|
[key: string]: string;
|
|
84
68
|
} | undefined>;
|
|
85
|
-
/**
|
|
86
|
-
* Fido U2F MFA policy settings (✓ Classic).
|
|
87
|
-
*/
|
|
88
69
|
readonly fidoU2f: pulumi.Output<{
|
|
89
70
|
[key: string]: string;
|
|
90
71
|
} | undefined>;
|
|
91
|
-
/**
|
|
92
|
-
* Fido Web Authn MFA policy settings (✓ Classic).
|
|
93
|
-
*/
|
|
94
72
|
readonly fidoWebauthn: pulumi.Output<{
|
|
95
73
|
[key: string]: string;
|
|
96
74
|
} | undefined>;
|
|
97
|
-
/**
|
|
98
|
-
* Google OTP MFA policy settings (✓ Classic, ✓ OIE).
|
|
99
|
-
*/
|
|
100
75
|
readonly googleOtp: pulumi.Output<{
|
|
101
76
|
[key: string]: string;
|
|
102
77
|
} | undefined>;
|
|
103
78
|
/**
|
|
104
|
-
* List of Group IDs to Include
|
|
79
|
+
* List of Group IDs to Include
|
|
105
80
|
*/
|
|
106
81
|
readonly groupsIncludeds: pulumi.Output<string[] | undefined>;
|
|
107
|
-
/**
|
|
108
|
-
* HMAC-based One-Time Password MFA policy settings (✓ Classic).
|
|
109
|
-
*/
|
|
110
82
|
readonly hotp: pulumi.Output<{
|
|
111
83
|
[key: string]: string;
|
|
112
84
|
} | undefined>;
|
|
113
85
|
/**
|
|
114
|
-
*
|
|
115
|
-
* > **WARNING:** Tenant must have the Okta Identity Engine enabled in order to use this feature.
|
|
86
|
+
* Is the policy using Okta Identity Engine (OIE) with authenticators instead of factors?
|
|
116
87
|
*/
|
|
117
88
|
readonly isOie: pulumi.Output<boolean | undefined>;
|
|
118
89
|
/**
|
|
119
|
-
* Policy Name
|
|
90
|
+
* Policy Name
|
|
120
91
|
*/
|
|
121
92
|
readonly name: pulumi.Output<string>;
|
|
122
|
-
/**
|
|
123
|
-
* Okta Call MFA policy settings (✓ Classic).
|
|
124
|
-
*/
|
|
125
93
|
readonly oktaCall: pulumi.Output<{
|
|
126
94
|
[key: string]: string;
|
|
127
95
|
} | undefined>;
|
|
128
|
-
/**
|
|
129
|
-
* Okta Email MFA policy settings (✓ Classic, ✓ OIE).
|
|
130
|
-
*/
|
|
131
96
|
readonly oktaEmail: pulumi.Output<{
|
|
132
97
|
[key: string]: string;
|
|
133
98
|
} | undefined>;
|
|
134
|
-
/**
|
|
135
|
-
* Okta OTP (via the Okta Verify app) MFA policy settings (✓ Classic).
|
|
136
|
-
*/
|
|
137
99
|
readonly oktaOtp: pulumi.Output<{
|
|
138
100
|
[key: string]: string;
|
|
139
101
|
} | undefined>;
|
|
140
|
-
/**
|
|
141
|
-
* Okta Password MFA policy settings (✓ Classic, ✓ OIE).
|
|
142
|
-
*/
|
|
143
102
|
readonly oktaPassword: pulumi.Output<{
|
|
144
103
|
[key: string]: string;
|
|
145
104
|
} | undefined>;
|
|
146
|
-
/**
|
|
147
|
-
* Okta Push MFA policy settings (✓ Classic).
|
|
148
|
-
*/
|
|
149
105
|
readonly oktaPush: pulumi.Output<{
|
|
150
106
|
[key: string]: string;
|
|
151
107
|
} | undefined>;
|
|
152
|
-
/**
|
|
153
|
-
* Okta Question MFA policy settings (✓ Classic).
|
|
154
|
-
*/
|
|
155
108
|
readonly oktaQuestion: pulumi.Output<{
|
|
156
109
|
[key: string]: string;
|
|
157
110
|
} | undefined>;
|
|
158
|
-
/**
|
|
159
|
-
* Okta SMS MFA policy settings (✓ Classic).
|
|
160
|
-
*/
|
|
161
111
|
readonly oktaSms: pulumi.Output<{
|
|
162
112
|
[key: string]: string;
|
|
163
113
|
} | undefined>;
|
|
164
|
-
/**
|
|
165
|
-
* Okta Verify MFA policy settings (✓ OIE).
|
|
166
|
-
*/
|
|
167
114
|
readonly oktaVerify: pulumi.Output<{
|
|
168
115
|
[key: string]: string;
|
|
169
116
|
} | undefined>;
|
|
170
|
-
/**
|
|
171
|
-
* On-Prem MFA MFA policy settings (✓ OIE).
|
|
172
|
-
*/
|
|
173
117
|
readonly onpremMfa: pulumi.Output<{
|
|
174
118
|
[key: string]: string;
|
|
175
119
|
} | undefined>;
|
|
176
|
-
/**
|
|
177
|
-
* Phone Number MFA policy settings (✓ OIE).
|
|
178
|
-
*/
|
|
179
120
|
readonly phoneNumber: pulumi.Output<{
|
|
180
121
|
[key: string]: string;
|
|
181
122
|
} | undefined>;
|
|
182
123
|
/**
|
|
183
|
-
* Priority
|
|
124
|
+
* Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
|
|
184
125
|
*/
|
|
185
126
|
readonly priority: pulumi.Output<number | undefined>;
|
|
186
|
-
/**
|
|
187
|
-
* RSA Token MFA policy settings (✓ Classic, ✓ OIE).
|
|
188
|
-
*/
|
|
189
127
|
readonly rsaToken: pulumi.Output<{
|
|
190
128
|
[key: string]: string;
|
|
191
129
|
} | undefined>;
|
|
192
|
-
/**
|
|
193
|
-
* Security Question MFA policy settings (✓ OIE).
|
|
194
|
-
*/
|
|
195
130
|
readonly securityQuestion: pulumi.Output<{
|
|
196
131
|
[key: string]: string;
|
|
197
132
|
} | undefined>;
|
|
198
133
|
/**
|
|
199
|
-
* Policy Status: `
|
|
134
|
+
* Policy Status: `ACTIVE` or `INACTIVE`. Default: `ACTIVE`
|
|
200
135
|
*/
|
|
201
136
|
readonly status: pulumi.Output<string | undefined>;
|
|
202
|
-
/**
|
|
203
|
-
* Symantec VIP MFA policy settings (✓ Classic).
|
|
204
|
-
*/
|
|
205
137
|
readonly symantecVip: pulumi.Output<{
|
|
206
138
|
[key: string]: string;
|
|
207
139
|
} | undefined>;
|
|
208
|
-
/**
|
|
209
|
-
* FIDO2 (WebAuthn) MFA policy settings (✓ OIE).
|
|
210
|
-
*/
|
|
211
140
|
readonly webauthn: pulumi.Output<{
|
|
212
141
|
[key: string]: string;
|
|
213
142
|
} | undefined>;
|
|
214
|
-
/**
|
|
215
|
-
* Yubikey Token MFA policy settings (✓ Classic, ✓ OIE).
|
|
216
|
-
*/
|
|
217
143
|
readonly yubikeyToken: pulumi.Output<{
|
|
218
144
|
[key: string]: string;
|
|
219
145
|
} | undefined>;
|
|
@@ -231,153 +157,89 @@ export declare class Mfa extends pulumi.CustomResource {
|
|
|
231
157
|
*/
|
|
232
158
|
export interface MfaState {
|
|
233
159
|
/**
|
|
234
|
-
* Policy Description
|
|
160
|
+
* Policy Description
|
|
235
161
|
*/
|
|
236
162
|
description?: pulumi.Input<string>;
|
|
237
|
-
/**
|
|
238
|
-
* DUO MFA policy settings (✓ Classic, ✓ OIE).
|
|
239
|
-
*/
|
|
240
163
|
duo?: pulumi.Input<{
|
|
241
164
|
[key: string]: pulumi.Input<string>;
|
|
242
165
|
}>;
|
|
243
|
-
/**
|
|
244
|
-
* External IDP MFA policy settings (✓ OIE).
|
|
245
|
-
*/
|
|
246
166
|
externalIdp?: pulumi.Input<{
|
|
247
167
|
[key: string]: pulumi.Input<string>;
|
|
248
168
|
}>;
|
|
249
|
-
/**
|
|
250
|
-
* Fido U2F MFA policy settings (✓ Classic).
|
|
251
|
-
*/
|
|
252
169
|
fidoU2f?: pulumi.Input<{
|
|
253
170
|
[key: string]: pulumi.Input<string>;
|
|
254
171
|
}>;
|
|
255
|
-
/**
|
|
256
|
-
* Fido Web Authn MFA policy settings (✓ Classic).
|
|
257
|
-
*/
|
|
258
172
|
fidoWebauthn?: pulumi.Input<{
|
|
259
173
|
[key: string]: pulumi.Input<string>;
|
|
260
174
|
}>;
|
|
261
|
-
/**
|
|
262
|
-
* Google OTP MFA policy settings (✓ Classic, ✓ OIE).
|
|
263
|
-
*/
|
|
264
175
|
googleOtp?: pulumi.Input<{
|
|
265
176
|
[key: string]: pulumi.Input<string>;
|
|
266
177
|
}>;
|
|
267
178
|
/**
|
|
268
|
-
* List of Group IDs to Include
|
|
179
|
+
* List of Group IDs to Include
|
|
269
180
|
*/
|
|
270
181
|
groupsIncludeds?: pulumi.Input<pulumi.Input<string>[]>;
|
|
271
|
-
/**
|
|
272
|
-
* HMAC-based One-Time Password MFA policy settings (✓ Classic).
|
|
273
|
-
*/
|
|
274
182
|
hotp?: pulumi.Input<{
|
|
275
183
|
[key: string]: pulumi.Input<string>;
|
|
276
184
|
}>;
|
|
277
185
|
/**
|
|
278
|
-
*
|
|
279
|
-
* > **WARNING:** Tenant must have the Okta Identity Engine enabled in order to use this feature.
|
|
186
|
+
* Is the policy using Okta Identity Engine (OIE) with authenticators instead of factors?
|
|
280
187
|
*/
|
|
281
188
|
isOie?: pulumi.Input<boolean>;
|
|
282
189
|
/**
|
|
283
|
-
* Policy Name
|
|
190
|
+
* Policy Name
|
|
284
191
|
*/
|
|
285
192
|
name?: pulumi.Input<string>;
|
|
286
|
-
/**
|
|
287
|
-
* Okta Call MFA policy settings (✓ Classic).
|
|
288
|
-
*/
|
|
289
193
|
oktaCall?: pulumi.Input<{
|
|
290
194
|
[key: string]: pulumi.Input<string>;
|
|
291
195
|
}>;
|
|
292
|
-
/**
|
|
293
|
-
* Okta Email MFA policy settings (✓ Classic, ✓ OIE).
|
|
294
|
-
*/
|
|
295
196
|
oktaEmail?: pulumi.Input<{
|
|
296
197
|
[key: string]: pulumi.Input<string>;
|
|
297
198
|
}>;
|
|
298
|
-
/**
|
|
299
|
-
* Okta OTP (via the Okta Verify app) MFA policy settings (✓ Classic).
|
|
300
|
-
*/
|
|
301
199
|
oktaOtp?: pulumi.Input<{
|
|
302
200
|
[key: string]: pulumi.Input<string>;
|
|
303
201
|
}>;
|
|
304
|
-
/**
|
|
305
|
-
* Okta Password MFA policy settings (✓ Classic, ✓ OIE).
|
|
306
|
-
*/
|
|
307
202
|
oktaPassword?: pulumi.Input<{
|
|
308
203
|
[key: string]: pulumi.Input<string>;
|
|
309
204
|
}>;
|
|
310
|
-
/**
|
|
311
|
-
* Okta Push MFA policy settings (✓ Classic).
|
|
312
|
-
*/
|
|
313
205
|
oktaPush?: pulumi.Input<{
|
|
314
206
|
[key: string]: pulumi.Input<string>;
|
|
315
207
|
}>;
|
|
316
|
-
/**
|
|
317
|
-
* Okta Question MFA policy settings (✓ Classic).
|
|
318
|
-
*/
|
|
319
208
|
oktaQuestion?: pulumi.Input<{
|
|
320
209
|
[key: string]: pulumi.Input<string>;
|
|
321
210
|
}>;
|
|
322
|
-
/**
|
|
323
|
-
* Okta SMS MFA policy settings (✓ Classic).
|
|
324
|
-
*/
|
|
325
211
|
oktaSms?: pulumi.Input<{
|
|
326
212
|
[key: string]: pulumi.Input<string>;
|
|
327
213
|
}>;
|
|
328
|
-
/**
|
|
329
|
-
* Okta Verify MFA policy settings (✓ OIE).
|
|
330
|
-
*/
|
|
331
214
|
oktaVerify?: pulumi.Input<{
|
|
332
215
|
[key: string]: pulumi.Input<string>;
|
|
333
216
|
}>;
|
|
334
|
-
/**
|
|
335
|
-
* On-Prem MFA MFA policy settings (✓ OIE).
|
|
336
|
-
*/
|
|
337
217
|
onpremMfa?: pulumi.Input<{
|
|
338
218
|
[key: string]: pulumi.Input<string>;
|
|
339
219
|
}>;
|
|
340
|
-
/**
|
|
341
|
-
* Phone Number MFA policy settings (✓ OIE).
|
|
342
|
-
*/
|
|
343
220
|
phoneNumber?: pulumi.Input<{
|
|
344
221
|
[key: string]: pulumi.Input<string>;
|
|
345
222
|
}>;
|
|
346
223
|
/**
|
|
347
|
-
* Priority
|
|
224
|
+
* Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
|
|
348
225
|
*/
|
|
349
226
|
priority?: pulumi.Input<number>;
|
|
350
|
-
/**
|
|
351
|
-
* RSA Token MFA policy settings (✓ Classic, ✓ OIE).
|
|
352
|
-
*/
|
|
353
227
|
rsaToken?: pulumi.Input<{
|
|
354
228
|
[key: string]: pulumi.Input<string>;
|
|
355
229
|
}>;
|
|
356
|
-
/**
|
|
357
|
-
* Security Question MFA policy settings (✓ OIE).
|
|
358
|
-
*/
|
|
359
230
|
securityQuestion?: pulumi.Input<{
|
|
360
231
|
[key: string]: pulumi.Input<string>;
|
|
361
232
|
}>;
|
|
362
233
|
/**
|
|
363
|
-
* Policy Status: `
|
|
234
|
+
* Policy Status: `ACTIVE` or `INACTIVE`. Default: `ACTIVE`
|
|
364
235
|
*/
|
|
365
236
|
status?: pulumi.Input<string>;
|
|
366
|
-
/**
|
|
367
|
-
* Symantec VIP MFA policy settings (✓ Classic).
|
|
368
|
-
*/
|
|
369
237
|
symantecVip?: pulumi.Input<{
|
|
370
238
|
[key: string]: pulumi.Input<string>;
|
|
371
239
|
}>;
|
|
372
|
-
/**
|
|
373
|
-
* FIDO2 (WebAuthn) MFA policy settings (✓ OIE).
|
|
374
|
-
*/
|
|
375
240
|
webauthn?: pulumi.Input<{
|
|
376
241
|
[key: string]: pulumi.Input<string>;
|
|
377
242
|
}>;
|
|
378
|
-
/**
|
|
379
|
-
* Yubikey Token MFA policy settings (✓ Classic, ✓ OIE).
|
|
380
|
-
*/
|
|
381
243
|
yubikeyToken?: pulumi.Input<{
|
|
382
244
|
[key: string]: pulumi.Input<string>;
|
|
383
245
|
}>;
|
|
@@ -387,153 +249,89 @@ export interface MfaState {
|
|
|
387
249
|
*/
|
|
388
250
|
export interface MfaArgs {
|
|
389
251
|
/**
|
|
390
|
-
* Policy Description
|
|
252
|
+
* Policy Description
|
|
391
253
|
*/
|
|
392
254
|
description?: pulumi.Input<string>;
|
|
393
|
-
/**
|
|
394
|
-
* DUO MFA policy settings (✓ Classic, ✓ OIE).
|
|
395
|
-
*/
|
|
396
255
|
duo?: pulumi.Input<{
|
|
397
256
|
[key: string]: pulumi.Input<string>;
|
|
398
257
|
}>;
|
|
399
|
-
/**
|
|
400
|
-
* External IDP MFA policy settings (✓ OIE).
|
|
401
|
-
*/
|
|
402
258
|
externalIdp?: pulumi.Input<{
|
|
403
259
|
[key: string]: pulumi.Input<string>;
|
|
404
260
|
}>;
|
|
405
|
-
/**
|
|
406
|
-
* Fido U2F MFA policy settings (✓ Classic).
|
|
407
|
-
*/
|
|
408
261
|
fidoU2f?: pulumi.Input<{
|
|
409
262
|
[key: string]: pulumi.Input<string>;
|
|
410
263
|
}>;
|
|
411
|
-
/**
|
|
412
|
-
* Fido Web Authn MFA policy settings (✓ Classic).
|
|
413
|
-
*/
|
|
414
264
|
fidoWebauthn?: pulumi.Input<{
|
|
415
265
|
[key: string]: pulumi.Input<string>;
|
|
416
266
|
}>;
|
|
417
|
-
/**
|
|
418
|
-
* Google OTP MFA policy settings (✓ Classic, ✓ OIE).
|
|
419
|
-
*/
|
|
420
267
|
googleOtp?: pulumi.Input<{
|
|
421
268
|
[key: string]: pulumi.Input<string>;
|
|
422
269
|
}>;
|
|
423
270
|
/**
|
|
424
|
-
* List of Group IDs to Include
|
|
271
|
+
* List of Group IDs to Include
|
|
425
272
|
*/
|
|
426
273
|
groupsIncludeds?: pulumi.Input<pulumi.Input<string>[]>;
|
|
427
|
-
/**
|
|
428
|
-
* HMAC-based One-Time Password MFA policy settings (✓ Classic).
|
|
429
|
-
*/
|
|
430
274
|
hotp?: pulumi.Input<{
|
|
431
275
|
[key: string]: pulumi.Input<string>;
|
|
432
276
|
}>;
|
|
433
277
|
/**
|
|
434
|
-
*
|
|
435
|
-
* > **WARNING:** Tenant must have the Okta Identity Engine enabled in order to use this feature.
|
|
278
|
+
* Is the policy using Okta Identity Engine (OIE) with authenticators instead of factors?
|
|
436
279
|
*/
|
|
437
280
|
isOie?: pulumi.Input<boolean>;
|
|
438
281
|
/**
|
|
439
|
-
* Policy Name
|
|
282
|
+
* Policy Name
|
|
440
283
|
*/
|
|
441
284
|
name?: pulumi.Input<string>;
|
|
442
|
-
/**
|
|
443
|
-
* Okta Call MFA policy settings (✓ Classic).
|
|
444
|
-
*/
|
|
445
285
|
oktaCall?: pulumi.Input<{
|
|
446
286
|
[key: string]: pulumi.Input<string>;
|
|
447
287
|
}>;
|
|
448
|
-
/**
|
|
449
|
-
* Okta Email MFA policy settings (✓ Classic, ✓ OIE).
|
|
450
|
-
*/
|
|
451
288
|
oktaEmail?: pulumi.Input<{
|
|
452
289
|
[key: string]: pulumi.Input<string>;
|
|
453
290
|
}>;
|
|
454
|
-
/**
|
|
455
|
-
* Okta OTP (via the Okta Verify app) MFA policy settings (✓ Classic).
|
|
456
|
-
*/
|
|
457
291
|
oktaOtp?: pulumi.Input<{
|
|
458
292
|
[key: string]: pulumi.Input<string>;
|
|
459
293
|
}>;
|
|
460
|
-
/**
|
|
461
|
-
* Okta Password MFA policy settings (✓ Classic, ✓ OIE).
|
|
462
|
-
*/
|
|
463
294
|
oktaPassword?: pulumi.Input<{
|
|
464
295
|
[key: string]: pulumi.Input<string>;
|
|
465
296
|
}>;
|
|
466
|
-
/**
|
|
467
|
-
* Okta Push MFA policy settings (✓ Classic).
|
|
468
|
-
*/
|
|
469
297
|
oktaPush?: pulumi.Input<{
|
|
470
298
|
[key: string]: pulumi.Input<string>;
|
|
471
299
|
}>;
|
|
472
|
-
/**
|
|
473
|
-
* Okta Question MFA policy settings (✓ Classic).
|
|
474
|
-
*/
|
|
475
300
|
oktaQuestion?: pulumi.Input<{
|
|
476
301
|
[key: string]: pulumi.Input<string>;
|
|
477
302
|
}>;
|
|
478
|
-
/**
|
|
479
|
-
* Okta SMS MFA policy settings (✓ Classic).
|
|
480
|
-
*/
|
|
481
303
|
oktaSms?: pulumi.Input<{
|
|
482
304
|
[key: string]: pulumi.Input<string>;
|
|
483
305
|
}>;
|
|
484
|
-
/**
|
|
485
|
-
* Okta Verify MFA policy settings (✓ OIE).
|
|
486
|
-
*/
|
|
487
306
|
oktaVerify?: pulumi.Input<{
|
|
488
307
|
[key: string]: pulumi.Input<string>;
|
|
489
308
|
}>;
|
|
490
|
-
/**
|
|
491
|
-
* On-Prem MFA MFA policy settings (✓ OIE).
|
|
492
|
-
*/
|
|
493
309
|
onpremMfa?: pulumi.Input<{
|
|
494
310
|
[key: string]: pulumi.Input<string>;
|
|
495
311
|
}>;
|
|
496
|
-
/**
|
|
497
|
-
* Phone Number MFA policy settings (✓ OIE).
|
|
498
|
-
*/
|
|
499
312
|
phoneNumber?: pulumi.Input<{
|
|
500
313
|
[key: string]: pulumi.Input<string>;
|
|
501
314
|
}>;
|
|
502
315
|
/**
|
|
503
|
-
* Priority
|
|
316
|
+
* Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
|
|
504
317
|
*/
|
|
505
318
|
priority?: pulumi.Input<number>;
|
|
506
|
-
/**
|
|
507
|
-
* RSA Token MFA policy settings (✓ Classic, ✓ OIE).
|
|
508
|
-
*/
|
|
509
319
|
rsaToken?: pulumi.Input<{
|
|
510
320
|
[key: string]: pulumi.Input<string>;
|
|
511
321
|
}>;
|
|
512
|
-
/**
|
|
513
|
-
* Security Question MFA policy settings (✓ OIE).
|
|
514
|
-
*/
|
|
515
322
|
securityQuestion?: pulumi.Input<{
|
|
516
323
|
[key: string]: pulumi.Input<string>;
|
|
517
324
|
}>;
|
|
518
325
|
/**
|
|
519
|
-
* Policy Status: `
|
|
326
|
+
* Policy Status: `ACTIVE` or `INACTIVE`. Default: `ACTIVE`
|
|
520
327
|
*/
|
|
521
328
|
status?: pulumi.Input<string>;
|
|
522
|
-
/**
|
|
523
|
-
* Symantec VIP MFA policy settings (✓ Classic).
|
|
524
|
-
*/
|
|
525
329
|
symantecVip?: pulumi.Input<{
|
|
526
330
|
[key: string]: pulumi.Input<string>;
|
|
527
331
|
}>;
|
|
528
|
-
/**
|
|
529
|
-
* FIDO2 (WebAuthn) MFA policy settings (✓ OIE).
|
|
530
|
-
*/
|
|
531
332
|
webauthn?: pulumi.Input<{
|
|
532
333
|
[key: string]: pulumi.Input<string>;
|
|
533
334
|
}>;
|
|
534
|
-
/**
|
|
535
|
-
* Yubikey Token MFA policy settings (✓ Classic, ✓ OIE).
|
|
536
|
-
*/
|
|
537
335
|
yubikeyToken?: pulumi.Input<{
|
|
538
336
|
[key: string]: pulumi.Input<string>;
|
|
539
337
|
}>;
|
package/policy/mfa.js
CHANGED
|
@@ -6,14 +6,6 @@ exports.Mfa = void 0;
|
|
|
6
6
|
const pulumi = require("@pulumi/pulumi");
|
|
7
7
|
const utilities = require("../utilities");
|
|
8
8
|
/**
|
|
9
|
-
* Creates an MFA Policy.
|
|
10
|
-
*
|
|
11
|
-
* This resource allows you to create and configure an MFA Policy.
|
|
12
|
-
*
|
|
13
|
-
* > Requires Org Feature Flag `OKTA_MFA_POLICY`. Contact support to have this feature flag ***enabled***.
|
|
14
|
-
*
|
|
15
|
-
* > Unless Org Feature Flag `ENG_ENABLE_OPTIONAL_PASSWORD_ENROLLMENT` is ***disabled*** `oktaPassword` or `oktaEmail` must be present and its `enroll` value set to `REQUIRED`. Contact support to have this feature flag ***disabled***.
|
|
16
|
-
*
|
|
17
9
|
* ## Example Usage
|
|
18
10
|
*
|
|
19
11
|
* ```typescript
|
|
@@ -50,8 +42,6 @@ const utilities = require("../utilities");
|
|
|
50
42
|
*
|
|
51
43
|
* ## Import
|
|
52
44
|
*
|
|
53
|
-
* An MFA Policy can be imported via the Okta ID.
|
|
54
|
-
*
|
|
55
45
|
* ```sh
|
|
56
46
|
* $ pulumi import okta:policy/mfa:Mfa example <policy id>
|
|
57
47
|
* ```
|
package/policy/mfa.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mfa.js","sourceRoot":"","sources":["../../policy/mfa.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,0CAA0C;AAE1C
|
|
1
|
+
{"version":3,"file":"mfa.js","sourceRoot":"","sources":["../../policy/mfa.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,0CAA0C;AAE1C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AACH,MAAa,GAAI,SAAQ,MAAM,CAAC,cAAc;IAC1C;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAgB,EAAE,IAAmC;QAC9G,OAAO,IAAI,GAAG,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IAC1D,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,GAAG,CAAC,YAAY,CAAC;IACpD,CAAC;IAwDD,YAAY,IAAY,EAAE,WAAgC,EAAE,IAAmC;QAC3F,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAmC,CAAC;YAClD,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,OAAO,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,kBAAkB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;SAC3E;aAAM;YACH,MAAM,IAAI,GAAG,WAAkC,CAAC;YAChD,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;YACpD,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,cAAc,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,iBAAiB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5E,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,cAAc,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,cAAc,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,kBAAkB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,cAAc,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;SACzE;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,GAAG,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IACxD,CAAC;;AAlJL,kBAmJC;AArIG,gBAAgB;AACO,gBAAY,GAAG,qBAAqB,CAAC"}
|