@pulumi/vault 5.6.0 → 5.7.1

package/types/output.d.ts

@@ -1,4 +1,4 @@
-import { output as outputs } from "../types";
+import * as outputs from "../types/output";
 export interface AuthBackendTune {
     /**
      * List of headers to whitelist and allowing
@@ -109,7 +109,7 @@ export declare namespace azure {
     }
 }
 export declare namespace config {
-    interface AuthLogins {
+    interface AuthLogin {
         method?: string;
         namespace?: string;
         parameters?: {
@@ -117,7 +117,96 @@ export declare namespace config {
         };
         path: string;
     }
-    interface ClientAuths {
+    interface AuthLoginAws {
+        awsAccessKeyId?: string;
+        awsIamEndpoint?: string;
+        awsProfile?: string;
+        awsRegion?: string;
+        awsRoleArn?: string;
+        awsRoleSessionName?: string;
+        awsSecretAccessKey?: string;
+        awsSessionToken?: string;
+        awsSharedCredentialsFile?: string;
+        awsStsEndpoint?: string;
+        awsWebIdentityTokenFile?: string;
+        headerValue?: string;
+        mount?: string;
+        namespace?: string;
+        role: string;
+    }
+    interface AuthLoginAzure {
+        clientId?: string;
+        jwt?: string;
+        mount?: string;
+        namespace?: string;
+        resourceGroupName: string;
+        role: string;
+        scope?: string;
+        subscriptionId: string;
+        tenantId?: string;
+        vmName?: string;
+        vmssName?: string;
+    }
+    interface AuthLoginCert {
+        certFile: string;
+        keyFile: string;
+        mount?: string;
+        name?: string;
+        namespace?: string;
+    }
+    interface AuthLoginGcp {
+        credentials?: string;
+        jwt?: string;
+        mount?: string;
+        namespace?: string;
+        role: string;
+        serviceAccount?: string;
+    }
+    interface AuthLoginJwt {
+        jwt: string;
+        mount?: string;
+        namespace?: string;
+        role: string;
+    }
+    interface AuthLoginKerberos {
+        disableFastNegotiation?: boolean;
+        keytabPath?: string;
+        krb5confPath?: string;
+        mount?: string;
+        namespace?: string;
+        realm?: string;
+        removeInstanceName?: boolean;
+        service?: string;
+        token?: string;
+        username?: string;
+    }
+    interface AuthLoginOci {
+        authType: string;
+        mount?: string;
+        namespace?: string;
+        role: string;
+    }
+    interface AuthLoginOidc {
+        callbackAddress?: string;
+        callbackListenerAddress?: string;
+        mount?: string;
+        namespace?: string;
+        role: string;
+    }
+    interface AuthLoginRadius {
+        mount?: string;
+        namespace?: string;
+        password: string;
+        username: string;
+    }
+    interface AuthLoginUserpass {
+        mount?: string;
+        namespace?: string;
+        password?: string;
+        passwordFile?: string;
+        username: string;
+    }
+    interface ClientAuth {
         certFile: string;
         keyFile: string;
     }
@@ -259,6 +348,10 @@ export declare namespace database {
          * for an example.
          */
         connectionUrl?: string;
+        /**
+         * Disable special character escaping in username and password.
+         */
+        disableEscaping?: boolean;
         /**
          * The maximum amount of time a connection may be reused.
          */
@@ -614,6 +707,10 @@ export declare namespace database {
          * for an example.
          */
         connectionUrl?: string;
+        /**
+         * Disable special character escaping in username and password.
+         */
+        disableEscaping?: boolean;
         /**
          * The maximum amount of time a connection may be reused.
          */
@@ -641,6 +738,25 @@ export declare namespace database {
          */
         usernameTemplate?: string;
     }
+    interface SecretBackendConnectionRedisElasticache {
+        /**
+         * The root credential password used in the connection URL.
+         */
+        password?: string;
+        /**
+         * The region where the ElastiCache cluster is hosted. If omitted Vault tries to infer from the environment instead.
+         */
+        region?: string;
+        /**
+         * The URL for Elasticsearch's API. https requires certificate
+         * by trusted CA if used.
+         */
+        url: string;
+        /**
+         * The root credential username used in the connection URL.
+         */
+        username?: string;
+    }
     interface SecretBackendConnectionRedshift {
         /**
          * Specifies the Redshift DSN. See
@@ -649,6 +765,10 @@ export declare namespace database {
          * for an example.
          */
         connectionUrl?: string;
+        /**
+         * Disable special character escaping in username and password.
+         */
+        disableEscaping?: boolean;
         /**
          * The maximum amount of time a connection may be reused.
          */
@@ -892,8 +1012,7 @@ export declare namespace database {
          */
         tlsServerName?: string;
         /**
-         * The URL for Elasticsearch's API. https requires certificate
-         * by trusted CA if used.
+         * The configuration endpoint for the ElastiCache cluster to connect to.
          */
         url: string;
         /**
@@ -927,6 +1046,10 @@ export declare namespace database {
         data?: {
             [key: string]: any;
         };
+        /**
+         * Disable special character escaping in username and password.
+         */
+        disableEscaping?: boolean;
         /**
          * The maximum number of seconds to keep
          * a connection alive for.
@@ -1523,6 +1646,10 @@ export declare namespace database {
         data?: {
             [key: string]: any;
         };
+        /**
+         * Disable special character escaping in username and password.
+         */
+        disableEscaping?: boolean;
         /**
          * The maximum number of seconds to keep
          * a connection alive for.
@@ -1565,6 +1692,50 @@ export declare namespace database {
          */
         verifyConnection?: boolean;
     }
+    interface SecretsMountRedisElasticach {
+        /**
+         * A list of roles that are allowed to use this
+         * connection.
+         */
+        allowedRoles?: string[];
+        /**
+         * A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
+         */
+        data?: {
+            [key: string]: any;
+        };
+        name: string;
+        /**
+         * The password to be used in the connection.
+         */
+        password?: string;
+        /**
+         * Specifies the name of the plugin to use.
+         */
+        pluginName: string;
+        /**
+         * The AWS region where the ElastiCache cluster is hosted.
+         * If omitted the plugin tries to infer the region from the environment.
+         */
+        region?: string;
+        /**
+         * A list of database statements to be executed to rotate the root user's credentials.
+         */
+        rootRotationStatements?: string[];
+        /**
+         * The configuration endpoint for the ElastiCache cluster to connect to.
+         */
+        url: string;
+        /**
+         * The username to be used in the connection (the account admin level).
+         */
+        username?: string;
+        /**
+         * Whether the connection should be verified on
+         * initial configuration or not.
+         */
+        verifyConnection?: boolean;
+    }
     interface SecretsMountRedshift {
         /**
          * A list of roles that are allowed to use this
@@ -1582,6 +1753,10 @@ export declare namespace database {
         data?: {
             [key: string]: any;
         };
+        /**
+         * Disable special character escaping in username and password.
+         */
+        disableEscaping?: boolean;
         /**
          * The maximum number of seconds to keep
          * a connection alive for.
@@ -1685,6 +1860,24 @@ export declare namespace database {
     }
 }
 export declare namespace gcp {
+    interface AuthBackendCustomEndpoint {
+        /**
+         * Replaces the service endpoint used in API requests to `https://www.googleapis.com`.
+         */
+        api?: string;
+        /**
+         * Replaces the service endpoint used in API requests to `https://compute.googleapis.com`.
+         */
+        compute?: string;
+        /**
+         * Replaces the service endpoint used in API requests to `https://cloudresourcemanager.googleapis.com`.
+         */
+        crm?: string;
+        /**
+         * Replaces the service endpoint used in API requests to `https://iam.googleapis.com`.
+         */
+        iam?: string;
+    }
     interface SecretRolesetBinding {
         /**
          * Resource or resource path for which IAM policy information will be bound. The resource path may be specified in a few different [formats](https://www.vaultproject.io/docs/secrets/gcp/index.html#roleset-bindings).
@@ -1844,6 +2037,215 @@ export declare namespace jwt {
         tokenType?: string;
     }
 }
+export declare namespace managed {
+    interface KeysAw {
+        /**
+         * The AWS access key to use.
+         */
+        accessKey: string;
+        /**
+         * If no existing key can be found in
+         * the referenced backend, instructs Vault to generate a key within the backend.
+         */
+        allowGenerateKey: boolean;
+        /**
+         * Controls the ability for Vault to replace through
+         * generation or importing a key into the configured backend even
+         * if a key is present, if set to `false` those operations are forbidden
+         * if a key exists.
+         */
+        allowReplaceKey: boolean;
+        /**
+         * Controls the ability for Vault to import a key to the
+         * configured backend, if `false`, those operations will be forbidden.
+         */
+        allowStoreKey: boolean;
+        /**
+         * If `true`, allows usage from any mount point within the
+         * namespace.
+         */
+        anyMount: boolean;
+        /**
+         * Supplies the curve value when using the `CKM_ECDSA` mechanism.
+         * Required if `allowGenerateKey` is `true`.
+         */
+        curve?: string;
+        /**
+         * Used to specify a custom AWS endpoint.
+         */
+        endpoint?: string;
+        /**
+         * Supplies the size in bits of the key when using `CKM_RSA_PKCS_PSS`,
+         * `CKM_RSA_PKCS_OAEP` or `CKM_RSA_PKCS` as a value for `mechanism`. Required if
+         * `allowGenerateKey` is `true`.
+         */
+        keyBits: string;
+        /**
+         * The type of key to use.
+         */
+        keyType: string;
+        /**
+         * An identifier for the key.
+         */
+        kmsKey: string;
+        /**
+         * A unique lowercase name that serves as identifying the key.
+         */
+        name: string;
+        /**
+         * The AWS region where the keys are stored (or will be stored).
+         */
+        region: string;
+        /**
+         * The AWS access key to use.
+         */
+        secretKey: string;
+        uuid: string;
+    }
+    interface KeysAzure {
+        /**
+         * If no existing key can be found in
+         * the referenced backend, instructs Vault to generate a key within the backend.
+         */
+        allowGenerateKey: boolean;
+        /**
+         * Controls the ability for Vault to replace through
+         * generation or importing a key into the configured backend even
+         * if a key is present, if set to `false` those operations are forbidden
+         * if a key exists.
+         */
+        allowReplaceKey: boolean;
+        /**
+         * Controls the ability for Vault to import a key to the
+         * configured backend, if `false`, those operations will be forbidden.
+         */
+        allowStoreKey: boolean;
+        /**
+         * If `true`, allows usage from any mount point within the
+         * namespace.
+         */
+        anyMount: boolean;
+        /**
+         * The client id for credentials to query the Azure APIs.
+         */
+        clientId: string;
+        /**
+         * The client secret for credentials to query the Azure APIs.
+         */
+        clientSecret: string;
+        /**
+         * The Azure Cloud environment API endpoints to use.
+         */
+        environment: string;
+        /**
+         * Supplies the size in bits of the key when using `CKM_RSA_PKCS_PSS`,
+         * `CKM_RSA_PKCS_OAEP` or `CKM_RSA_PKCS` as a value for `mechanism`. Required if
+         * `allowGenerateKey` is `true`.
+         */
+        keyBits?: string;
+        /**
+         * The Key Vault key to use for encryption and decryption.
+         */
+        keyName: string;
+        /**
+         * The type of key to use.
+         */
+        keyType: string;
+        /**
+         * A unique lowercase name that serves as identifying the key.
+         */
+        name: string;
+        /**
+         * The Azure Key Vault resource's DNS Suffix to connect to.
+         */
+        resource: string;
+        /**
+         * The tenant id for the Azure Active Directory organization.
+         */
+        tenantId: string;
+        uuid: string;
+        /**
+         * The Key Vault vault to use for encryption and decryption.
+         */
+        vaultName: string;
+    }
+    interface KeysPkc {
+        /**
+         * If no existing key can be found in
+         * the referenced backend, instructs Vault to generate a key within the backend.
+         */
+        allowGenerateKey: boolean;
+        /**
+         * Controls the ability for Vault to replace through
+         * generation or importing a key into the configured backend even
+         * if a key is present, if set to `false` those operations are forbidden
+         * if a key exists.
+         */
+        allowReplaceKey: boolean;
+        /**
+         * Controls the ability for Vault to import a key to the
+         * configured backend, if `false`, those operations will be forbidden.
+         */
+        allowStoreKey: boolean;
+        /**
+         * If `true`, allows usage from any mount point within the
+         * namespace.
+         */
+        anyMount: boolean;
+        /**
+         * Supplies the curve value when using the `CKM_ECDSA` mechanism.
+         * Required if `allowGenerateKey` is `true`.
+         */
+        curve?: string;
+        /**
+         * Force all operations to open up a read-write session to
+         * the HSM.
+         */
+        forceRwSession?: string;
+        /**
+         * Supplies the size in bits of the key when using `CKM_RSA_PKCS_PSS`,
+         * `CKM_RSA_PKCS_OAEP` or `CKM_RSA_PKCS` as a value for `mechanism`. Required if
+         * `allowGenerateKey` is `true`.
+         */
+        keyBits?: string;
+        /**
+         * The id of a PKCS#11 key to use.
+         */
+        keyId: string;
+        /**
+         * The label of the key to use.
+         */
+        keyLabel: string;
+        /**
+         * The name of the kmsLibrary stanza to use from Vault's config
+         * to lookup the local library path.
+         */
+        library: string;
+        /**
+         * The encryption/decryption mechanism to use, specified as a
+         * hexadecimal (prefixed by 0x) string.
+         */
+        mechanism: string;
+        /**
+         * A unique lowercase name that serves as identifying the key.
+         */
+        name: string;
+        /**
+         * The PIN for login.
+         */
+        pin: string;
+        /**
+         * The slot number to use, specified as a string in a decimal format
+         * (e.g. `2305843009213693953`).
+         */
+        slot?: string;
+        /**
+         * The slot token label to use.
+         */
+        tokenLabel?: string;
+        uuid: string;
+    }
+}
 export declare namespace okta {
     interface AuthBackendGroup {
         /**
@@ -1870,6 +2272,8 @@ export declare namespace okta {
         username: string;
     }
 }
+export declare namespace pkiSecret {
+}
 export declare namespace rabbitMq {
     interface SecretBackendRoleVhost {
         configure: string;

package/utilities.js

@@ -2,7 +2,7 @@
 // *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
 // *** Do not edit by hand unless you're certain you know what you are doing! ***
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.resourceOptsDefaults = exports.getVersion = exports.getEnvNumber = exports.getEnvBoolean = exports.getEnv = void 0;
+exports.lazyLoad = exports.resourceOptsDefaults = exports.getVersion = exports.getEnvNumber = exports.getEnvBoolean = exports.getEnv = void 0;
 function getEnv(...vars) {
     for (const v of vars) {
         const value = process.env[v];
@@ -54,4 +54,16 @@ function resourceOptsDefaults() {
     return { version: getVersion() };
 }
 exports.resourceOptsDefaults = resourceOptsDefaults;
+/** @internal */
+function lazyLoad(exports, props, loadModule) {
+    for (let property of props) {
+        Object.defineProperty(exports, property, {
+            enumerable: true,
+            get: function () {
+                return loadModule()[property];
+            },
+        });
+    }
+}
+exports.lazyLoad = lazyLoad;
 //# sourceMappingURL=utilities.js.map

package/utilities.js.map

@@ -1 +1 @@
-{"version":3,"file":"utilities.js","sourceRoot":"","sources":["../utilities.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAGjF,SAAgB,MAAM,CAAC,GAAG,IAAc;IACpC,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE;QAClB,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAC7B,IAAI,KAAK,EAAE;YACP,OAAO,KAAK,CAAC;SAChB;KACJ;IACD,OAAO,SAAS,CAAC;AACrB,CAAC;AARD,wBAQC;AAED,SAAgB,aAAa,CAAC,GAAG,IAAc;IAC3C,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC;IAC1B,IAAI,CAAC,KAAK,SAAS,EAAE;QACjB,uGAAuG;QACvG,yDAAyD;QACzD,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,SAAS,EAAE;YAC1E,OAAO,IAAI,CAAC;SACf;QACD,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,SAAS,EAAE;YAC7E,OAAO,KAAK,CAAC;SAChB;KACJ;IACD,OAAO,SAAS,CAAC;AACrB,CAAC;AAbD,sCAaC;AAED,SAAgB,YAAY,CAAC,GAAG,IAAc;IAC1C,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC;IAC1B,IAAI,CAAC,KAAK,SAAS,EAAE;QACjB,MAAM,CAAC,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;QACxB,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;YACX,OAAO,CAAC,CAAC;SACZ;KACJ;IACD,OAAO,SAAS,CAAC;AACrB,CAAC;AATD,oCASC;AAED,SAAgB,UAAU;IACtB,IAAI,OAAO,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC;IAChD,6EAA6E;IAC7E,iCAAiC;IACjC,IAAI,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE;QAC5B,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;KAC9B;IACD,OAAO,OAAO,CAAC;AACnB,CAAC;AARD,gCAQC;AAED,gBAAgB;AAChB,SAAgB,oBAAoB;IAChC,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,EAAE,CAAC;AACrC,CAAC;AAFD,oDAEC"}
+{"version":3,"file":"utilities.js","sourceRoot":"","sources":["../utilities.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAGjF,SAAgB,MAAM,CAAC,GAAG,IAAc;IACpC,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE;QAClB,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAC7B,IAAI,KAAK,EAAE;YACP,OAAO,KAAK,CAAC;SAChB;KACJ;IACD,OAAO,SAAS,CAAC;AACrB,CAAC;AARD,wBAQC;AAED,SAAgB,aAAa,CAAC,GAAG,IAAc;IAC3C,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC;IAC1B,IAAI,CAAC,KAAK,SAAS,EAAE;QACjB,uGAAuG;QACvG,yDAAyD;QACzD,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,SAAS,EAAE;YAC1E,OAAO,IAAI,CAAC;SACf;QACD,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,SAAS,EAAE;YAC7E,OAAO,KAAK,CAAC;SAChB;KACJ;IACD,OAAO,SAAS,CAAC;AACrB,CAAC;AAbD,sCAaC;AAED,SAAgB,YAAY,CAAC,GAAG,IAAc;IAC1C,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC;IAC1B,IAAI,CAAC,KAAK,SAAS,EAAE;QACjB,MAAM,CAAC,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;QACxB,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;YACX,OAAO,CAAC,CAAC;SACZ;KACJ;IACD,OAAO,SAAS,CAAC;AACrB,CAAC;AATD,oCASC;AAED,SAAgB,UAAU;IACtB,IAAI,OAAO,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC;IAChD,6EAA6E;IAC7E,iCAAiC;IACjC,IAAI,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE;QAC5B,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;KAC9B;IACD,OAAO,OAAO,CAAC;AACnB,CAAC;AARD,gCAQC;AAED,gBAAgB;AAChB,SAAgB,oBAAoB;IAChC,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,EAAE,CAAC;AACrC,CAAC;AAFD,oDAEC;AAED,gBAAgB;AAChB,SAAgB,QAAQ,CAAC,OAAY,EAAE,KAAe,EAAE,UAAe;IACnE,KAAK,IAAI,QAAQ,IAAI,KAAK,EAAE;QACxB,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,QAAQ,EAAE;YACrC,UAAU,EAAE,IAAI;YAChB,GAAG,EAAE;gBACD,OAAO,UAAU,EAAE,CAAC,QAAQ,CAAC,CAAC;YAClC,CAAC;SACJ,CAAC,CAAC;KACN;AACL,CAAC;AATD,4BASC"}

package/approle/authBackendRoleSecretID.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"authBackendRoleSecretID.js","sourceRoot":"","sources":["../../approle/authBackendRoleSecretID.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,0CAA0C;AAE1C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,MAAa,uBAAwB,SAAQ,MAAM,CAAC,cAAc;IAsF9D,YAAY,IAAY,EAAE,WAAwE,EAAE,IAAmC;QACnI,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAuD,CAAC;YACtE,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,qBAAqB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS,CAAC;YACtF,cAAc,CAAC,kBAAkB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1E,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;SACzE;aAAM;YACH,MAAM,IAAI,GAAG,WAAsD,CAAC;YACpE,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACrD,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;aAC3D;YACD,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,qBAAqB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS,CAAC;YACpF,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,UAAU,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAC/C,cAAc,CAAC,kBAAkB,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACvD,cAAc,CAAC,eAAe,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SACvD;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,uBAAuB,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAC5E,CAAC;IAtHD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAoC,EAAE,IAAmC;QAClI,OAAO,IAAI,uBAAuB,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IAC9E,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,uBAAuB,CAAC,YAAY,CAAC;IACxE,CAAC;;AA1BL,0DAwHC;AA1GG,gBAAgB;AACO,oCAAY,GAAG,+DAA+D,CAAC"}