@webiny/project-aws 6.3.0 → 6.4.0-beta.0

package/pulumi/apps/api/createApiPulumiApp.js

@@ -1,9 +1,7 @@
-import * as aws from "@pulumi/aws";
 import { createPulumiApp, isResourceOfType } from "@webiny/pulumi";
 import { ApiBackgroundTask, ApiCloudfront, ApiFileManager, ApiGateway, ApiGraphql, ApiWebsocket, CoreOutput, VpcConfig } from "../index.js";
 import { addDomainsUrlsOutputs, withCommonLambdaEnvVariables, withServiceManifest } from "../../utils/index.js";
 import { getEnvVariableAwsRegion } from "../../env/awsRegion.js";
-// import { attachSyncSystem } from "../syncSystem/api/index.js";
 import { applyAwsResourceTags, getAwsAccountId } from "../awsUtils.js";
 import { ApiScheduler } from "./ApiScheduler.js";
 import { getProjectSdk } from "@webiny/project";
@@ -12,287 +10,221 @@ import { getOsConfigFromExtension } from "../extensions/getOsConfigFromExtension
 import { handleGuardDutyEvents } from "./handleGuardDutyEvents.js";
 import { ApiPulumi } from "../../../abstractions/features/pulumi/index.js";
 import { apiPulumi } from "../../features/ApiPulumi/index.js";
-import { ApiCustomDomains as apiCustomDomainsExt } from "../../extensions/ApiCustomDomains.js";
+import { ApiCustomDomains } from "../../extensions/ApiCustomDomains.js";
 import { applyCustomDomain } from "../customDomain.js";
-export const createApiPulumiApp = () => {
-  const baseApp = createPulumiApp({
-    name: "api",
-    path: "apps/api",
-    program: async app => {
-      const sdk = await getProjectSdk();
-      const projectConfig = await sdk.getProjectConfig();
-      const pulumiResourceNamePrefix = await sdk.getPulumiResourceNamePrefix();
-      const vpcExtensionsConfig = getVpcConfigFromExtension(projectConfig);
-      const openSearchExtensionConfig = getOsConfigFromExtension(projectConfig);
-      let searchEngineParams = null;
-      if (openSearchExtensionConfig) {
-        searchEngineParams = openSearchExtensionConfig;
-      }
-      if (searchEngineParams) {
-        const params = searchEngineParams;
-        if (typeof params === "object") {
-          if (params.endpoint) {
-            process.env.OPENSEARCH_ENDPOINT = params.endpoint;
-          }
-          if (params.domainName) {
-            process.env.AWS_OS_DOMAIN_NAME = params.domainName;
-          }
-          if (params.indexPrefix) {
-            process.env.OPENSEARCH_INDEX_PREFIX = params.indexPrefix;
-          }
-          if (params.sharedIndexes) {
-            process.env.OPENSEARCH_SHARED_INDEXES = "true";
-          }
-          if (params.username) {
-            process.env.OPENSEARCH_USERNAME = params.username;
-          }
-          if (params.password) {
-            process.env.OPENSEARCH_PASSWORD = params.password;
-          }
-        }
-      }
-      if (pulumiResourceNamePrefix) {
-        app.onResource(resource => {
-          if (!resource.name.startsWith(pulumiResourceNamePrefix)) {
-            resource.name = `${pulumiResourceNamePrefix}${resource.name}`;
-          }
-        });
-      }
-
-      // <-------------------- Enterprise start -------------------->
-      app.addHandler(async () => {
-        const featureFlags = await sdk.getFeatureFlags();
-        const usingAdvancedVpcParams = vpcExtensionsConfig && typeof vpcExtensionsConfig !== "boolean";
-        if (featureFlags.isFileManagerThreatDetectionEnabled()) {
-          handleGuardDutyEvents(app);
-        }
-
-        // Not using advanced VPC params? Then immediately exit.
-        if (usingAdvancedVpcParams) {
-          const {
-            onResource,
-            addResource
-          } = app;
-          const {
-            useExistingVpc
-          } = vpcExtensionsConfig;
-
-          // 1. We first deal with "existing VPC" setup.
-          if (useExistingVpc) {
-            if (!useExistingVpc.lambdaFunctionsVpcConfig) {
-              throw new Error("Cannot specify `useExistingVpc` parameter because the `lambdaFunctionsVpcConfig` parameter wasn't provided.");
-            }
-            onResource(resource => {
-              if (isResourceOfType(resource, aws.lambda.Function)) {
-                const canUseVpc = resource.meta.canUseVpc !== false;
-                if (canUseVpc) {
-                  resource.config.vpcConfig(useExistingVpc.lambdaFunctionsVpcConfig);
+import * as __rspack_external__pulumi_aws_e7af83c1 from "@pulumi/aws";
+const createApiPulumiApp = ()=>{
+    const baseApp = createPulumiApp({
+        name: "api",
+        path: "apps/api",
+        program: async (app)=>{
+            const sdk = await getProjectSdk();
+            const projectConfig = await sdk.getProjectConfig();
+            const pulumiResourceNamePrefix = await sdk.getPulumiResourceNamePrefix();
+            const vpcExtensionsConfig = getVpcConfigFromExtension(projectConfig);
+            const openSearchExtensionConfig = getOsConfigFromExtension(projectConfig);
+            let searchEngineParams = null;
+            if (openSearchExtensionConfig) searchEngineParams = openSearchExtensionConfig;
+            if (searchEngineParams) {
+                const params = searchEngineParams;
+                if ("object" == typeof params) {
+                    if (params.endpoint) process.env.OPENSEARCH_ENDPOINT = params.endpoint;
+                    if (params.domainName) process.env.AWS_OS_DOMAIN_NAME = params.domainName;
+                    if (params.indexPrefix) process.env.OPENSEARCH_INDEX_PREFIX = params.indexPrefix;
+                    if (params.sharedIndexes) process.env.OPENSEARCH_SHARED_INDEXES = "true";
+                    if (params.username) process.env.OPENSEARCH_USERNAME = params.username;
+                    if (params.password) process.env.OPENSEARCH_PASSWORD = params.password;
                 }
-              }
-              if (isResourceOfType(resource, aws.iam.Role)) {
-                if (resource.meta.isLambdaFunctionRole) {
-                  addResource(aws.iam.RolePolicyAttachment, {
-                    name: `${resource.name}-vpc-access-execution-role`,
-                    config: {
-                      role: resource.output.name,
-                      policyArn: aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole
+            }
+            if (pulumiResourceNamePrefix) app.onResource((resource)=>{
+                if (!resource.name.startsWith(pulumiResourceNamePrefix)) resource.name = `${pulumiResourceNamePrefix}${resource.name}`;
+            });
+            app.addHandler(async ()=>{
+                const featureFlags = await sdk.getFeatureFlags();
+                const usingAdvancedVpcParams = vpcExtensionsConfig && "boolean" != typeof vpcExtensionsConfig;
+                if (featureFlags.isFileManagerThreatDetectionEnabled()) handleGuardDutyEvents(app);
+                if (usingAdvancedVpcParams) {
+                    const { onResource, addResource } = app;
+                    const { useExistingVpc } = vpcExtensionsConfig;
+                    if (useExistingVpc) {
+                        if (!useExistingVpc.lambdaFunctionsVpcConfig) throw new Error("Cannot specify `useExistingVpc` parameter because the `lambdaFunctionsVpcConfig` parameter wasn't provided.");
+                        onResource((resource)=>{
+                            if (isResourceOfType(resource, __rspack_external__pulumi_aws_e7af83c1.lambda.Function)) {
+                                const canUseVpc = false !== resource.meta.canUseVpc;
+                                if (canUseVpc) resource.config.vpcConfig(useExistingVpc.lambdaFunctionsVpcConfig);
+                            }
+                            if (isResourceOfType(resource, __rspack_external__pulumi_aws_e7af83c1.iam.Role)) {
+                                if (resource.meta.isLambdaFunctionRole) addResource(__rspack_external__pulumi_aws_e7af83c1.iam.RolePolicyAttachment, {
+                                    name: `${resource.name}-vpc-access-execution-role`,
+                                    config: {
+                                        role: resource.output.name,
+                                        policyArn: __rspack_external__pulumi_aws_e7af83c1.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole
+                                    }
+                                });
+                            }
+                        });
                     }
-                  });
                 }
-              }
             });
-          }
-        }
-      });
-      // <-------------------- Enterprise end -------------------->
-
-      // Overrides must be applied via a handler, registered at the very start of the program.
-      // By doing this, we're ensuring user's adjustments are not applied to late.
-      sdk.getContainer().registerComposite(apiPulumi);
-      const pulumiHandlers = sdk.getContainer().resolve(ApiPulumi);
-      app.addHandler(() => {
-        return pulumiHandlers.execute(app);
-      });
-      const isProduction = app.env.isProduction;
-
-      // Register core output as a module available to all the other modules
-      const core = app.addModule(CoreOutput);
-
-      // Register VPC config module to be available to other modules.
-      const vpcEnabled = vpcExtensionsConfig === true || typeof vpcExtensionsConfig === "object" || isProduction;
-      app.addModule(VpcConfig, {
-        enabled: vpcEnabled
-      });
-      const graphql = app.addModule(ApiGraphql, {
-        env: {
-          COGNITO_REGION: getEnvVariableAwsRegion(),
-          COGNITO_USER_POOL_ID: core.cognitoUserPoolId,
-          DB_TABLE: core.primaryDynamodbTableName,
-          DB_TABLE_AUDIT_LOGS: core.auditLogsDynamodbTableName,
-          DB_TABLE_OPENSEARCH: core.opensearchDynamodbTableName,
-          OPENSEARCH_ENDPOINT: core.opensearchDomainEndpoint,
-          // Not required. Useful for testing purposes / ephemeral environments.
-          // https://www.webiny.com/docs/key-topics/ci-cd/testing/slow-ephemeral-environments
-          OPENSEARCH_INDEX_PREFIX: process.env.OPENSEARCH_INDEX_PREFIX,
-          OPENSEARCH_SHARED_INDEXES: process.env.OPENSEARCH_SHARED_INDEXES,
-          OPENSEARCH_USERNAME: process.env.OPENSEARCH_USERNAME,
-          OPENSEARCH_PASSWORD: process.env.OPENSEARCH_PASSWORD,
-          S3_BUCKET: core.fileManagerBucketId,
-          EVENT_BUS: core.eventBusArn,
-          // TODO: move to okta plugin
-          OKTA_ISSUER: process.env["OKTA_ISSUER"]
-        }
-      });
-      const websocket = app.addModule(ApiWebsocket);
-      const fileManager = app.addModule(ApiFileManager, {
-        env: {
-          DB_TABLE: core.primaryDynamodbTableName,
-          DB_TABLE_AUDIT_LOGS: core.auditLogsDynamodbTableName
-        }
-      });
-      const apiGateway = app.addModule(ApiGateway, {
-        "graphql-post": {
-          path: "/graphql",
-          method: "POST",
-          function: graphql.functions.graphql.output.arn
-        },
-        "graphql-options": {
-          path: "/graphql",
-          method: "OPTIONS",
-          function: graphql.functions.graphql.output.arn
-        },
-        "files-any": {
-          path: "/files/{path+}",
-          method: "ANY",
-          function: fileManager.functions.download.output.arn
-        },
-        "private-any": {
-          path: "/private/{path+}",
-          method: "ANY",
-          function: fileManager.functions.download.output.arn
-        },
-        "cms-post": {
-          path: "/cms/{key+}",
-          method: "POST",
-          function: graphql.functions.graphql.output.arn
-        },
-        "cms-options": {
-          path: "/cms/{key+}",
-          method: "OPTIONS",
-          function: graphql.functions.graphql.output.arn
-        },
-        "redirects-get": {
-          path: "/wb/redirects",
-          method: "GET",
-          function: graphql.functions.graphql.output.arn
-        },
-        "redirects-options": {
-          path: "/wb/redirects",
-          method: "OPTIONS",
-          function: graphql.functions.graphql.output.arn
-        },
-        "files-catch-all": {
-          path: "/{path+}",
-          method: "ANY",
-          function: fileManager.functions.download.output.arn
+            sdk.getContainer().registerComposite(apiPulumi);
+            const pulumiHandlers = sdk.getContainer().resolve(ApiPulumi);
+            app.addHandler(()=>pulumiHandlers.execute(app));
+            const isProduction = app.env.isProduction;
+            const core = app.addModule(CoreOutput);
+            const vpcEnabled = true === vpcExtensionsConfig || "object" == typeof vpcExtensionsConfig || isProduction;
+            app.addModule(VpcConfig, {
+                enabled: vpcEnabled
+            });
+            const graphql = app.addModule(ApiGraphql, {
+                env: {
+                    COGNITO_REGION: getEnvVariableAwsRegion(),
+                    COGNITO_USER_POOL_ID: core.cognitoUserPoolId,
+                    DB_TABLE: core.primaryDynamodbTableName,
+                    DB_TABLE_AUDIT_LOGS: core.auditLogsDynamodbTableName,
+                    DB_TABLE_OPENSEARCH: core.opensearchDynamodbTableName,
+                    OPENSEARCH_ENDPOINT: core.opensearchDomainEndpoint,
+                    OPENSEARCH_INDEX_PREFIX: process.env.OPENSEARCH_INDEX_PREFIX,
+                    OPENSEARCH_SHARED_INDEXES: process.env.OPENSEARCH_SHARED_INDEXES,
+                    OPENSEARCH_USERNAME: process.env.OPENSEARCH_USERNAME,
+                    OPENSEARCH_PASSWORD: process.env.OPENSEARCH_PASSWORD,
+                    S3_BUCKET: core.fileManagerBucketId,
+                    EVENT_BUS: core.eventBusArn,
+                    OKTA_ISSUER: process.env["OKTA_ISSUER"]
+                }
+            });
+            const websocket = app.addModule(ApiWebsocket);
+            const fileManager = app.addModule(ApiFileManager, {
+                env: {
+                    DB_TABLE: core.primaryDynamodbTableName,
+                    DB_TABLE_AUDIT_LOGS: core.auditLogsDynamodbTableName
+                }
+            });
+            const apiGateway = app.addModule(ApiGateway, {
+                "graphql-post": {
+                    path: "/graphql",
+                    method: "POST",
+                    function: graphql.functions.graphql.output.arn
+                },
+                "graphql-options": {
+                    path: "/graphql",
+                    method: "OPTIONS",
+                    function: graphql.functions.graphql.output.arn
+                },
+                "files-any": {
+                    path: "/files/{path+}",
+                    method: "ANY",
+                    function: fileManager.functions.download.output.arn
+                },
+                "private-any": {
+                    path: "/private/{path+}",
+                    method: "ANY",
+                    function: fileManager.functions.download.output.arn
+                },
+                "cms-post": {
+                    path: "/cms/{key+}",
+                    method: "POST",
+                    function: graphql.functions.graphql.output.arn
+                },
+                "cms-options": {
+                    path: "/cms/{key+}",
+                    method: "OPTIONS",
+                    function: graphql.functions.graphql.output.arn
+                },
+                "redirects-get": {
+                    path: "/wb/redirects",
+                    method: "GET",
+                    function: graphql.functions.graphql.output.arn
+                },
+                "redirects-options": {
+                    path: "/wb/redirects",
+                    method: "OPTIONS",
+                    function: graphql.functions.graphql.output.arn
+                },
+                "files-catch-all": {
+                    path: "/{path+}",
+                    method: "ANY",
+                    function: fileManager.functions.download.output.arn
+                }
+            });
+            const cloudfront = app.addModule(ApiCloudfront);
+            const backgroundTask = app.addModule(ApiBackgroundTask);
+            const scheduler = app.addModule(ApiScheduler);
+            const [apiCustomDomains] = projectConfig.extensionsByType(ApiCustomDomains);
+            if (apiCustomDomains) {
+                const { domains, sslMethod, certificateArn } = apiCustomDomains.params;
+                applyCustomDomain(cloudfront, {
+                    domains,
+                    sslSupportMethod: sslMethod,
+                    acmCertificateArn: certificateArn
+                });
+            }
+            app.addOutputs({
+                awsAccountId: getAwsAccountId(app),
+                region: __rspack_external__pulumi_aws_e7af83c1.config.region,
+                cognitoUserPoolId: core.cognitoUserPoolId,
+                cognitoAppClientId: core.cognitoAppClientId,
+                cognitoUserPoolPasswordPolicy: core.cognitoUserPoolPasswordPolicy,
+                dynamoDbTable: core.primaryDynamodbTableName,
+                auditLogsDynamoDbTable: core.auditLogsDynamodbTableName,
+                graphqlLambdaName: graphql.functions.graphql.output.name,
+                graphqlLambdaRole: graphql.role.output.arn,
+                graphqlLambdaRoleName: graphql.role.output.name,
+                backgroundTaskLambdaArn: backgroundTask.backgroundTask.output.arn,
+                backgroundTaskStepFunctionArn: backgroundTask.stepFunction.output.arn,
+                fileManagerDownloadLambdaArn: fileManager.functions.download.output.arn,
+                websocketApiId: websocket.websocketApi.output.id,
+                websocketApiUrl: websocket.websocketApiUrl,
+                schedulerLambdaInvokeRole: scheduler.invokeRole.output.arn
+            });
+            if (searchEngineParams) app.addOutputs({
+                dynamoDbOpensearchTable: core.opensearchDynamodbTableName
+            });
+            app.addHandler(()=>{
+                addDomainsUrlsOutputs({
+                    app,
+                    cloudfrontDistribution: cloudfront,
+                    map: {
+                        distributionDomain: "cloudfrontApiDomain",
+                        distributionUrl: "cloudfrontApiUrl",
+                        usedDomain: "apiDomain",
+                        usedUrl: "apiUrl"
+                    }
+                });
+            });
+            await applyAwsResourceTags("api");
+            return {
+                fileManager,
+                graphql,
+                apiGateway,
+                websocket,
+                cloudfront,
+                backgroundTask,
+                scheduler
+            };
         }
-      });
-      const cloudfront = app.addModule(ApiCloudfront);
-      const backgroundTask = app.addModule(ApiBackgroundTask);
-      const scheduler = app.addModule(ApiScheduler);
-      const [apiCustomDomains] = projectConfig.extensionsByType(apiCustomDomainsExt);
-      if (apiCustomDomains) {
-        const {
-          domains,
-          sslMethod,
-          certificateArn
-        } = apiCustomDomains.params;
-        applyCustomDomain(cloudfront, {
-          domains,
-          sslSupportMethod: sslMethod,
-          acmCertificateArn: certificateArn
-        });
-      }
-      app.addOutputs({
-        awsAccountId: getAwsAccountId(app),
-        region: aws.config.region,
-        cognitoUserPoolId: core.cognitoUserPoolId,
-        cognitoAppClientId: core.cognitoAppClientId,
-        cognitoUserPoolPasswordPolicy: core.cognitoUserPoolPasswordPolicy,
-        dynamoDbTable: core.primaryDynamodbTableName,
-        auditLogsDynamoDbTable: core.auditLogsDynamodbTableName,
-        graphqlLambdaName: graphql.functions.graphql.output.name,
-        graphqlLambdaRole: graphql.role.output.arn,
-        graphqlLambdaRoleName: graphql.role.output.name,
-        backgroundTaskLambdaArn: backgroundTask.backgroundTask.output.arn,
-        backgroundTaskStepFunctionArn: backgroundTask.stepFunction.output.arn,
-        fileManagerDownloadLambdaArn: fileManager.functions.download.output.arn,
-        websocketApiId: websocket.websocketApi.output.id,
-        websocketApiUrl: websocket.websocketApiUrl,
-        schedulerLambdaInvokeRole: scheduler.invokeRole.output.arn
-      });
-
-      // Only add `dynamoDbOpensearchTable` output if using search engine (ES/OS).
-      if (searchEngineParams) {
-        app.addOutputs({
-          dynamoDbOpensearchTable: core.opensearchDynamodbTableName
+    });
+    const app = withServiceManifest(withCommonLambdaEnvVariables(baseApp));
+    app.addHandler(()=>{
+        app.addServiceManifest({
+            name: "api",
+            manifest: {
+                bgTaskSfn: baseApp.resources.backgroundTask.stepFunction.output.arn,
+                cloudfront: {
+                    distributionId: baseApp.resources.cloudfront.output.id,
+                    domain: baseApp.resources.cloudfront.output.domainName.apply((v)=>`https://${v}`)
+                }
+            }
         });
-      }
-      app.addHandler(() => {
-        addDomainsUrlsOutputs({
-          app,
-          cloudfrontDistribution: cloudfront,
-          map: {
-            distributionDomain: "cloudfrontApiDomain",
-            distributionUrl: "cloudfrontApiUrl",
-            usedDomain: "apiDomain",
-            usedUrl: "apiUrl"
-          }
+        app.addServiceManifest({
+            name: "scheduler",
+            manifest: {
+                lambdaArn: baseApp.resources.graphql.functions.graphql.output.arn,
+                roleArn: baseApp.resources.scheduler.invokeRole.output.arn
+            }
         });
-      });
-      // /**
-      //  * We need to attach the Sync System if it exists.
-      //  */
-      // await attachSyncSystem({
-      //     app,
-      //     core,
-      //     env: app.params.run.env
-      // });
-
-      // Applies internal and user-defined AWS tags.
-      await applyAwsResourceTags("api");
-      return {
-        fileManager,
-        graphql,
-        apiGateway,
-        websocket,
-        cloudfront,
-        backgroundTask,
-        scheduler
-      };
-    }
-  });
-  const app = withServiceManifest(withCommonLambdaEnvVariables(baseApp));
-  app.addHandler(() => {
-    app.addServiceManifest({
-      name: "api",
-      manifest: {
-        bgTaskSfn: baseApp.resources.backgroundTask.stepFunction.output.arn,
-        cloudfront: {
-          distributionId: baseApp.resources.cloudfront.output.id,
-          domain: baseApp.resources.cloudfront.output.domainName.apply(v => `https://${v}`)
-        }
-      }
-    });
-    app.addServiceManifest({
-      name: "scheduler",
-      manifest: {
-        lambdaArn: baseApp.resources.graphql.functions.graphql.output.arn,
-        roleArn: baseApp.resources.scheduler.invokeRole.output.arn
-      }
     });
-  });
-  return app;
+    return app;
 };
+export { createApiPulumiApp };
 
 //# sourceMappingURL=createApiPulumiApp.js.map

package/pulumi/apps/api/createApiPulumiApp.js.map

@@ -1 +1 @@
-{"version":3,"names":["aws","createPulumiApp","isResourceOfType","ApiBackgroundTask","ApiCloudfront","ApiFileManager","ApiGateway","ApiGraphql","ApiWebsocket","CoreOutput","VpcConfig","addDomainsUrlsOutputs","withCommonLambdaEnvVariables","withServiceManifest","getEnvVariableAwsRegion","applyAwsResourceTags","getAwsAccountId","ApiScheduler","getProjectSdk","getVpcConfigFromExtension","getOsConfigFromExtension","handleGuardDutyEvents","ApiPulumi","apiPulumi","ApiCustomDomains","apiCustomDomainsExt","applyCustomDomain","createApiPulumiApp","baseApp","name","path","program","app","sdk","projectConfig","getProjectConfig","pulumiResourceNamePrefix","getPulumiResourceNamePrefix","vpcExtensionsConfig","openSearchExtensionConfig","searchEngineParams","params","endpoint","process","env","OPENSEARCH_ENDPOINT","domainName","AWS_OS_DOMAIN_NAME","indexPrefix","OPENSEARCH_INDEX_PREFIX","sharedIndexes","OPENSEARCH_SHARED_INDEXES","username","OPENSEARCH_USERNAME","password","OPENSEARCH_PASSWORD","onResource","resource","startsWith","addHandler","featureFlags","getFeatureFlags","usingAdvancedVpcParams","isFileManagerThreatDetectionEnabled","addResource","useExistingVpc","lambdaFunctionsVpcConfig","Error","lambda","Function","canUseVpc","meta","config","vpcConfig","iam","Role","isLambdaFunctionRole","RolePolicyAttachment","role","output","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","getContainer","registerComposite","pulumiHandlers","resolve","execute","isProduction","core","addModule","vpcEnabled","enabled","graphql","COGNITO_REGION","COGNITO_USER_POOL_ID","cognitoUserPoolId","DB_TABLE","primaryDynamodbTableName","DB_TABLE_AUDIT_LOGS","auditLogsDynamodbTableName","DB_TABLE_OPENSEARCH","opensearchDynamodbTableName","opensearchDomainEndpoint","S3_BUCKET","fileManagerBucketId","EVENT_BUS","eventBusArn","OKTA_ISSUER","websocket","fileManager","apiGateway","method","function","functions","arn","download","cloudfront","backgroundTask","scheduler","apiCustomDomains","extensionsByType","domains","sslMethod","certificateArn","sslSupportMethod","acmCertificateArn","addOutputs","awsAccountId","region","cognitoAppClientId","cognitoUserPoolPasswordPolicy","dynamoDbTable","auditLogsDynamoDbTable","graphqlLambdaName","graphqlLambdaRole","graphqlLambdaRoleName","backgroundTaskLambdaArn","backgroundTaskStepFunctionArn","stepFunction","fileManagerDownloadLambdaArn","websocketApiId","websocketApi","id","websocketApiUrl","schedulerLambdaInvokeRole","invokeRole","dynamoDbOpensearchTable","cloudfrontDistribution","map","distributionDomain","distributionUrl","usedDomain","usedUrl","addServiceManifest","manifest","bgTaskSfn","resources","distributionId","domain","apply","v","lambdaArn","roleArn"],"sources":["createApiPulumiApp.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { createPulumiApp, isResourceOfType, type PulumiApp } from \"@webiny/pulumi\";\nimport {\n    ApiBackgroundTask,\n    ApiCloudfront,\n    ApiFileManager,\n    ApiGateway,\n    ApiGraphql,\n    ApiWebsocket,\n    CoreOutput,\n    VpcConfig\n} from \"~/pulumi/apps/index.js\";\nimport {\n    addDomainsUrlsOutputs,\n    withCommonLambdaEnvVariables,\n    withServiceManifest\n} from \"~/pulumi/utils/index.js\";\nimport { getEnvVariableAwsRegion } from \"~/pulumi/env/awsRegion.js\";\n// import { attachSyncSystem } from \"../syncSystem/api/index.js\";\nimport { applyAwsResourceTags, getAwsAccountId } from \"~/pulumi/apps/awsUtils.js\";\nimport type { WithServiceManifest } from \"~/pulumi/utils/withServiceManifest.js\";\nimport { ApiScheduler } from \"~/pulumi/apps/api/ApiScheduler.js\";\nimport { getProjectSdk } from \"@webiny/project\";\nimport { getVpcConfigFromExtension } from \"~/pulumi/apps/extensions/getVpcConfigFromExtension.js\";\nimport { getOsConfigFromExtension } from \"~/pulumi/apps/extensions/getOsConfigFromExtension.js\";\nimport { handleGuardDutyEvents } from \"./handleGuardDutyEvents.js\";\nimport { ApiPulumi } from \"~/abstractions/features/pulumi/index.js\";\nimport { apiPulumi } from \"~/pulumi/features/ApiPulumi/index.js\";\nimport { ApiCustomDomains as apiCustomDomainsExt } from \"~/pulumi/extensions/ApiCustomDomains.js\";\nimport { applyCustomDomain } from \"~/pulumi/apps/customDomain.js\";\n\nexport type ApiPulumiApp = ReturnType<typeof createApiPulumiApp>;\n\nexport const createApiPulumiApp = () => {\n    const baseApp = createPulumiApp({\n        name: \"api\",\n        path: \"apps/api\",\n        program: async (app: PulumiApp & WithServiceManifest) => {\n            const sdk = await getProjectSdk();\n            const projectConfig = await sdk.getProjectConfig();\n\n            const pulumiResourceNamePrefix = await sdk.getPulumiResourceNamePrefix();\n            const vpcExtensionsConfig = getVpcConfigFromExtension(projectConfig);\n            const openSearchExtensionConfig = getOsConfigFromExtension(projectConfig);\n\n            let searchEngineParams: typeof openSearchExtensionConfig | null = null;\n\n            if (openSearchExtensionConfig) {\n                searchEngineParams = openSearchExtensionConfig;\n            }\n\n            if (searchEngineParams) {\n                const params = searchEngineParams;\n                if (typeof params === \"object\") {\n                    if (params.endpoint) {\n                        process.env.OPENSEARCH_ENDPOINT = params.endpoint;\n                    }\n\n                    if (params.domainName) {\n                        process.env.AWS_OS_DOMAIN_NAME = params.domainName;\n                    }\n\n                    if (params.indexPrefix) {\n                        process.env.OPENSEARCH_INDEX_PREFIX = params.indexPrefix;\n                    }\n\n                    if (params.sharedIndexes) {\n                        process.env.OPENSEARCH_SHARED_INDEXES = \"true\";\n                    }\n\n                    if (params.username) {\n                        process.env.OPENSEARCH_USERNAME = params.username;\n                    }\n\n                    if (params.password) {\n                        process.env.OPENSEARCH_PASSWORD = params.password;\n                    }\n                }\n            }\n\n            if (pulumiResourceNamePrefix) {\n                app.onResource(resource => {\n                    if (!resource.name.startsWith(pulumiResourceNamePrefix)) {\n                        resource.name = `${pulumiResourceNamePrefix}${resource.name}`;\n                    }\n                });\n            }\n\n            // <-------------------- Enterprise start -------------------->\n            app.addHandler(async () => {\n                const featureFlags = await sdk.getFeatureFlags();\n\n                const usingAdvancedVpcParams =\n                    vpcExtensionsConfig && typeof vpcExtensionsConfig !== \"boolean\";\n\n                if (featureFlags.isFileManagerThreatDetectionEnabled()) {\n                    handleGuardDutyEvents(app as ApiPulumiApp);\n                }\n\n                // Not using advanced VPC params? Then immediately exit.\n                if (usingAdvancedVpcParams) {\n                    const { onResource, addResource } = app;\n                    const { useExistingVpc } = vpcExtensionsConfig;\n\n                    // 1. We first deal with \"existing VPC\" setup.\n                    if (useExistingVpc) {\n                        if (!useExistingVpc.lambdaFunctionsVpcConfig) {\n                            throw new Error(\n                                \"Cannot specify `useExistingVpc` parameter because the `lambdaFunctionsVpcConfig` parameter wasn't provided.\"\n                            );\n                        }\n\n                        onResource(resource => {\n                            if (isResourceOfType(resource, aws.lambda.Function)) {\n                                const canUseVpc = resource.meta.canUseVpc !== false;\n                                if (canUseVpc) {\n                                    resource.config.vpcConfig(\n                                        useExistingVpc!.lambdaFunctionsVpcConfig\n                                    );\n                                }\n                            }\n\n                            if (isResourceOfType(resource, aws.iam.Role)) {\n                                if (resource.meta.isLambdaFunctionRole) {\n                                    addResource(aws.iam.RolePolicyAttachment, {\n                                        name: `${resource.name}-vpc-access-execution-role`,\n                                        config: {\n                                            role: resource.output.name,\n                                            policyArn:\n                                                aws.iam.ManagedPolicy\n                                                    .AWSLambdaVPCAccessExecutionRole\n                                        }\n                                    });\n                                }\n                            }\n                        });\n                    }\n                }\n            });\n            // <-------------------- Enterprise end -------------------->\n\n            // Overrides must be applied via a handler, registered at the very start of the program.\n            // By doing this, we're ensuring user's adjustments are not applied to late.\n            sdk.getContainer().registerComposite(apiPulumi);\n            const pulumiHandlers = sdk.getContainer().resolve(ApiPulumi);\n\n            app.addHandler(() => {\n                return pulumiHandlers.execute(app as ApiPulumiApp);\n            });\n\n            const isProduction = app.env.isProduction;\n\n            // Register core output as a module available to all the other modules\n            const core = app.addModule(CoreOutput);\n\n            // Register VPC config module to be available to other modules.\n            const vpcEnabled =\n                vpcExtensionsConfig === true ||\n                typeof vpcExtensionsConfig === \"object\" ||\n                isProduction;\n\n            app.addModule(VpcConfig, { enabled: vpcEnabled });\n\n            const graphql = app.addModule(ApiGraphql, {\n                env: {\n                    COGNITO_REGION: getEnvVariableAwsRegion(),\n                    COGNITO_USER_POOL_ID: core.cognitoUserPoolId,\n                    DB_TABLE: core.primaryDynamodbTableName,\n                    DB_TABLE_AUDIT_LOGS: core.auditLogsDynamodbTableName,\n                    DB_TABLE_OPENSEARCH: core.opensearchDynamodbTableName,\n                    OPENSEARCH_ENDPOINT: core.opensearchDomainEndpoint,\n\n                    // Not required. Useful for testing purposes / ephemeral environments.\n                    // https://www.webiny.com/docs/key-topics/ci-cd/testing/slow-ephemeral-environments\n                    OPENSEARCH_INDEX_PREFIX: process.env.OPENSEARCH_INDEX_PREFIX,\n                    OPENSEARCH_SHARED_INDEXES: process.env.OPENSEARCH_SHARED_INDEXES,\n                    OPENSEARCH_USERNAME: process.env.OPENSEARCH_USERNAME,\n                    OPENSEARCH_PASSWORD: process.env.OPENSEARCH_PASSWORD,\n\n                    S3_BUCKET: core.fileManagerBucketId,\n                    EVENT_BUS: core.eventBusArn,\n                    // TODO: move to okta plugin\n                    OKTA_ISSUER: process.env[\"OKTA_ISSUER\"]\n                }\n            });\n\n            const websocket = app.addModule(ApiWebsocket);\n\n            const fileManager = app.addModule(ApiFileManager, {\n                env: {\n                    DB_TABLE: core.primaryDynamodbTableName,\n                    DB_TABLE_AUDIT_LOGS: core.auditLogsDynamodbTableName\n                }\n            });\n\n            const apiGateway = app.addModule(ApiGateway, {\n                \"graphql-post\": {\n                    path: \"/graphql\",\n                    method: \"POST\",\n                    function: graphql.functions.graphql.output.arn\n                },\n                \"graphql-options\": {\n                    path: \"/graphql\",\n                    method: \"OPTIONS\",\n                    function: graphql.functions.graphql.output.arn\n                },\n                \"files-any\": {\n                    path: \"/files/{path+}\",\n                    method: \"ANY\",\n                    function: fileManager.functions.download.output.arn\n                },\n                \"private-any\": {\n                    path: \"/private/{path+}\",\n                    method: \"ANY\",\n                    function: fileManager.functions.download.output.arn\n                },\n                \"cms-post\": {\n                    path: \"/cms/{key+}\",\n                    method: \"POST\",\n                    function: graphql.functions.graphql.output.arn\n                },\n                \"cms-options\": {\n                    path: \"/cms/{key+}\",\n                    method: \"OPTIONS\",\n                    function: graphql.functions.graphql.output.arn\n                },\n                \"redirects-get\": {\n                    path: \"/wb/redirects\",\n                    method: \"GET\",\n                    function: graphql.functions.graphql.output.arn\n                },\n                \"redirects-options\": {\n                    path: \"/wb/redirects\",\n                    method: \"OPTIONS\",\n                    function: graphql.functions.graphql.output.arn\n                },\n                \"files-catch-all\": {\n                    path: \"/{path+}\",\n                    method: \"ANY\",\n                    function: fileManager.functions.download.output.arn\n                }\n            });\n\n            const cloudfront = app.addModule(ApiCloudfront);\n            const backgroundTask = app.addModule(ApiBackgroundTask);\n            const scheduler = app.addModule(ApiScheduler);\n\n            const [apiCustomDomains] = projectConfig.extensionsByType(apiCustomDomainsExt);\n            if (apiCustomDomains) {\n                const { domains, sslMethod, certificateArn } = apiCustomDomains.params;\n                applyCustomDomain(cloudfront, {\n                    domains,\n                    sslSupportMethod: sslMethod,\n                    acmCertificateArn: certificateArn\n                });\n            }\n\n            app.addOutputs({\n                awsAccountId: getAwsAccountId(app),\n                region: aws.config.region,\n                cognitoUserPoolId: core.cognitoUserPoolId,\n                cognitoAppClientId: core.cognitoAppClientId,\n                cognitoUserPoolPasswordPolicy: core.cognitoUserPoolPasswordPolicy,\n                dynamoDbTable: core.primaryDynamodbTableName,\n                auditLogsDynamoDbTable: core.auditLogsDynamodbTableName,\n                graphqlLambdaName: graphql.functions.graphql.output.name,\n                graphqlLambdaRole: graphql.role.output.arn,\n                graphqlLambdaRoleName: graphql.role.output.name,\n                backgroundTaskLambdaArn: backgroundTask.backgroundTask.output.arn,\n                backgroundTaskStepFunctionArn: backgroundTask.stepFunction.output.arn,\n                fileManagerDownloadLambdaArn: fileManager.functions.download.output.arn,\n                websocketApiId: websocket.websocketApi.output.id,\n                websocketApiUrl: websocket.websocketApiUrl,\n                schedulerLambdaInvokeRole: scheduler.invokeRole.output.arn\n            });\n\n            // Only add `dynamoDbOpensearchTable` output if using search engine (ES/OS).\n            if (searchEngineParams) {\n                app.addOutputs({\n                    dynamoDbOpensearchTable: core.opensearchDynamodbTableName\n                });\n            }\n\n            app.addHandler(() => {\n                addDomainsUrlsOutputs({\n                    app,\n                    cloudfrontDistribution: cloudfront,\n                    map: {\n                        distributionDomain: \"cloudfrontApiDomain\",\n                        distributionUrl: \"cloudfrontApiUrl\",\n                        usedDomain: \"apiDomain\",\n                        usedUrl: \"apiUrl\"\n                    }\n                });\n            });\n            // /**\n            //  * We need to attach the Sync System if it exists.\n            //  */\n            // await attachSyncSystem({\n            //     app,\n            //     core,\n            //     env: app.params.run.env\n            // });\n\n            // Applies internal and user-defined AWS tags.\n            await applyAwsResourceTags(\"api\");\n\n            return {\n                fileManager,\n                graphql,\n                apiGateway,\n                websocket,\n                cloudfront,\n                backgroundTask,\n                scheduler\n            };\n        }\n    });\n\n    const app = withServiceManifest(withCommonLambdaEnvVariables(baseApp));\n\n    app.addHandler(() => {\n        app.addServiceManifest({\n            name: \"api\",\n            manifest: {\n                bgTaskSfn: baseApp.resources.backgroundTask.stepFunction.output.arn,\n                cloudfront: {\n                    distributionId: baseApp.resources.cloudfront.output.id,\n                    domain: baseApp.resources.cloudfront.output.domainName.apply(\n                        v => `https://${v}`\n                    )\n                }\n            }\n        });\n\n        app.addServiceManifest({\n            name: \"scheduler\",\n            manifest: {\n                lambdaArn: baseApp.resources.graphql.functions.graphql.output.arn,\n                roleArn: baseApp.resources.scheduler.invokeRole.output.arn\n            }\n        });\n    });\n\n    return app;\n};\n"],"mappings":"AAAA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAClC,SAASC,eAAe,EAAEC,gBAAgB,QAAwB,gBAAgB;AAClF,SACIC,iBAAiB,EACjBC,aAAa,EACbC,cAAc,EACdC,UAAU,EACVC,UAAU,EACVC,YAAY,EACZC,UAAU,EACVC,SAAS;AAEb,SACIC,qBAAqB,EACrBC,4BAA4B,EAC5BC,mBAAmB;AAEvB,SAASC,uBAAuB;AAChC;AACA,SAASC,oBAAoB,EAAEC,eAAe;AAE9C,SAASC,YAAY;AACrB,SAASC,aAAa,QAAQ,iBAAiB;AAC/C,SAASC,yBAAyB;AAClC,SAASC,wBAAwB;AACjC,SAASC,qBAAqB;AAC9B,SAASC,SAAS;AAClB,SAASC,SAAS;AAClB,SAASC,gBAAgB,IAAIC,mBAAmB;AAChD,SAASC,iBAAiB;AAI1B,OAAO,MAAMC,kBAAkB,GAAGA,CAAA,KAAM;EACpC,MAAMC,OAAO,GAAG3B,eAAe,CAAC;IAC5B4B,IAAI,EAAE,KAAK;IACXC,IAAI,EAAE,UAAU;IAChBC,OAAO,EAAE,MAAOC,GAAoC,IAAK;MACrD,MAAMC,GAAG,GAAG,MAAMf,aAAa,CAAC,CAAC;MACjC,MAAMgB,aAAa,GAAG,MAAMD,GAAG,CAACE,gBAAgB,CAAC,CAAC;MAElD,MAAMC,wBAAwB,GAAG,MAAMH,GAAG,CAACI,2BAA2B,CAAC,CAAC;MACxE,MAAMC,mBAAmB,GAAGnB,yBAAyB,CAACe,aAAa,CAAC;MACpE,MAAMK,yBAAyB,GAAGnB,wBAAwB,CAACc,aAAa,CAAC;MAEzE,IAAIM,kBAA2D,GAAG,IAAI;MAEtE,IAAID,yBAAyB,EAAE;QAC3BC,kBAAkB,GAAGD,yBAAyB;MAClD;MAEA,IAAIC,kBAAkB,EAAE;QACpB,MAAMC,MAAM,GAAGD,kBAAkB;QACjC,IAAI,OAAOC,MAAM,KAAK,QAAQ,EAAE;UAC5B,IAAIA,MAAM,CAACC,QAAQ,EAAE;YACjBC,OAAO,CAACC,GAAG,CAACC,mBAAmB,GAAGJ,MAAM,CAACC,QAAQ;UACrD;UAEA,IAAID,MAAM,CAACK,UAAU,EAAE;YACnBH,OAAO,CAACC,GAAG,CAACG,kBAAkB,GAAGN,MAAM,CAACK,UAAU;UACtD;UAEA,IAAIL,MAAM,CAACO,WAAW,EAAE;YACpBL,OAAO,CAACC,GAAG,CAACK,uBAAuB,GAAGR,MAAM,CAACO,WAAW;UAC5D;UAEA,IAAIP,MAAM,CAACS,aAAa,EAAE;YACtBP,OAAO,CAACC,GAAG,CAACO,yBAAyB,GAAG,MAAM;UAClD;UAEA,IAAIV,MAAM,CAACW,QAAQ,EAAE;YACjBT,OAAO,CAACC,GAAG,CAACS,mBAAmB,GAAGZ,MAAM,CAACW,QAAQ;UACrD;UAEA,IAAIX,MAAM,CAACa,QAAQ,EAAE;YACjBX,OAAO,CAACC,GAAG,CAACW,mBAAmB,GAAGd,MAAM,CAACa,QAAQ;UACrD;QACJ;MACJ;MAEA,IAAIlB,wBAAwB,EAAE;QAC1BJ,GAAG,CAACwB,UAAU,CAACC,QAAQ,IAAI;UACvB,IAAI,CAACA,QAAQ,CAAC5B,IAAI,CAAC6B,UAAU,CAACtB,wBAAwB,CAAC,EAAE;YACrDqB,QAAQ,CAAC5B,IAAI,GAAG,GAAGO,wBAAwB,GAAGqB,QAAQ,CAAC5B,IAAI,EAAE;UACjE;QACJ,CAAC,CAAC;MACN;;MAEA;MACAG,GAAG,CAAC2B,UAAU,CAAC,YAAY;QACvB,MAAMC,YAAY,GAAG,MAAM3B,GAAG,CAAC4B,eAAe,CAAC,CAAC;QAEhD,MAAMC,sBAAsB,GACxBxB,mBAAmB,IAAI,OAAOA,mBAAmB,KAAK,SAAS;QAEnE,IAAIsB,YAAY,CAACG,mCAAmC,CAAC,CAAC,EAAE;UACpD1C,qBAAqB,CAACW,GAAmB,CAAC;QAC9C;;QAEA;QACA,IAAI8B,sBAAsB,EAAE;UACxB,MAAM;YAAEN,UAAU;YAAEQ;UAAY,CAAC,GAAGhC,GAAG;UACvC,MAAM;YAAEiC;UAAe,CAAC,GAAG3B,mBAAmB;;UAE9C;UACA,IAAI2B,cAAc,EAAE;YAChB,IAAI,CAACA,cAAc,CAACC,wBAAwB,EAAE;cAC1C,MAAM,IAAIC,KAAK,CACX,6GACJ,CAAC;YACL;YAEAX,UAAU,CAACC,QAAQ,IAAI;cACnB,IAAIvD,gBAAgB,CAACuD,QAAQ,EAAEzD,GAAG,CAACoE,MAAM,CAACC,QAAQ,CAAC,EAAE;gBACjD,MAAMC,SAAS,GAAGb,QAAQ,CAACc,IAAI,CAACD,SAAS,KAAK,KAAK;gBACnD,IAAIA,SAAS,EAAE;kBACXb,QAAQ,CAACe,MAAM,CAACC,SAAS,CACrBR,cAAc,CAAEC,wBACpB,CAAC;gBACL;cACJ;cAEA,IAAIhE,gBAAgB,CAACuD,QAAQ,EAAEzD,GAAG,CAAC0E,GAAG,CAACC,IAAI,CAAC,EAAE;gBAC1C,IAAIlB,QAAQ,CAACc,IAAI,CAACK,oBAAoB,EAAE;kBACpCZ,WAAW,CAAChE,GAAG,CAAC0E,GAAG,CAACG,oBAAoB,EAAE;oBACtChD,IAAI,EAAE,GAAG4B,QAAQ,CAAC5B,IAAI,4BAA4B;oBAClD2C,MAAM,EAAE;sBACJM,IAAI,EAAErB,QAAQ,CAACsB,MAAM,CAAClD,IAAI;sBAC1BmD,SAAS,EACLhF,GAAG,CAAC0E,GAAG,CAACO,aAAa,CAChBC;oBACb;kBACJ,CAAC,CAAC;gBACN;cACJ;YACJ,CAAC,CAAC;UACN;QACJ;MACJ,CAAC,CAAC;MACF;;MAEA;MACA;MACAjD,GAAG,CAACkD,YAAY,CAAC,CAAC,CAACC,iBAAiB,CAAC7D,SAAS,CAAC;MAC/C,MAAM8D,cAAc,GAAGpD,GAAG,CAACkD,YAAY,CAAC,CAAC,CAACG,OAAO,CAAChE,SAAS,CAAC;MAE5DU,GAAG,CAAC2B,UAAU,CAAC,MAAM;QACjB,OAAO0B,cAAc,CAACE,OAAO,CAACvD,GAAmB,CAAC;MACtD,CAAC,CAAC;MAEF,MAAMwD,YAAY,GAAGxD,GAAG,CAACY,GAAG,CAAC4C,YAAY;;MAEzC;MACA,MAAMC,IAAI,GAAGzD,GAAG,CAAC0D,SAAS,CAACjF,UAAU,CAAC;;MAEtC;MACA,MAAMkF,UAAU,GACZrD,mBAAmB,KAAK,IAAI,IAC5B,OAAOA,mBAAmB,KAAK,QAAQ,IACvCkD,YAAY;MAEhBxD,GAAG,CAAC0D,SAAS,CAAChF,SAAS,EAAE;QAAEkF,OAAO,EAAED;MAAW,CAAC,CAAC;MAEjD,MAAME,OAAO,GAAG7D,GAAG,CAAC0D,SAAS,CAACnF,UAAU,EAAE;QACtCqC,GAAG,EAAE;UACDkD,cAAc,EAAEhF,uBAAuB,CAAC,CAAC;UACzCiF,oBAAoB,EAAEN,IAAI,CAACO,iBAAiB;UAC5CC,QAAQ,EAAER,IAAI,CAACS,wBAAwB;UACvCC,mBAAmB,EAAEV,IAAI,CAACW,0BAA0B;UACpDC,mBAAmB,EAAEZ,IAAI,CAACa,2BAA2B;UACrDzD,mBAAmB,EAAE4C,IAAI,CAACc,wBAAwB;UAElD;UACA;UACAtD,uBAAuB,EAAEN,OAAO,CAACC,GAAG,CAACK,uBAAuB;UAC5DE,yBAAyB,EAAER,OAAO,CAACC,GAAG,CAACO,yBAAyB;UAChEE,mBAAmB,EAAEV,OAAO,CAACC,GAAG,CAACS,mBAAmB;UACpDE,mBAAmB,EAAEZ,OAAO,CAACC,GAAG,CAACW,mBAAmB;UAEpDiD,SAAS,EAAEf,IAAI,CAACgB,mBAAmB;UACnCC,SAAS,EAAEjB,IAAI,CAACkB,WAAW;UAC3B;UACAC,WAAW,EAAEjE,OAAO,CAACC,GAAG,CAAC,aAAa;QAC1C;MACJ,CAAC,CAAC;MAEF,MAAMiE,SAAS,GAAG7E,GAAG,CAAC0D,SAAS,CAAClF,YAAY,CAAC;MAE7C,MAAMsG,WAAW,GAAG9E,GAAG,CAAC0D,SAAS,CAACrF,cAAc,EAAE;QAC9CuC,GAAG,EAAE;UACDqD,QAAQ,EAAER,IAAI,CAACS,wBAAwB;UACvCC,mBAAmB,EAAEV,IAAI,CAACW;QAC9B;MACJ,CAAC,CAAC;MAEF,MAAMW,UAAU,GAAG/E,GAAG,CAAC0D,SAAS,CAACpF,UAAU,EAAE;QACzC,cAAc,EAAE;UACZwB,IAAI,EAAE,UAAU;UAChBkF,MAAM,EAAE,MAAM;UACdC,QAAQ,EAAEpB,OAAO,CAACqB,SAAS,CAACrB,OAAO,CAACd,MAAM,CAACoC;QAC/C,CAAC;QACD,iBAAiB,EAAE;UACfrF,IAAI,EAAE,UAAU;UAChBkF,MAAM,EAAE,SAAS;UACjBC,QAAQ,EAAEpB,OAAO,CAACqB,SAAS,CAACrB,OAAO,CAACd,MAAM,CAACoC;QAC/C,CAAC;QACD,WAAW,EAAE;UACTrF,IAAI,EAAE,gBAAgB;UACtBkF,MAAM,EAAE,KAAK;UACbC,QAAQ,EAAEH,WAAW,CAACI,SAAS,CAACE,QAAQ,CAACrC,MAAM,CAACoC;QACpD,CAAC;QACD,aAAa,EAAE;UACXrF,IAAI,EAAE,kBAAkB;UACxBkF,MAAM,EAAE,KAAK;UACbC,QAAQ,EAAEH,WAAW,CAACI,SAAS,CAACE,QAAQ,CAACrC,MAAM,CAACoC;QACpD,CAAC;QACD,UAAU,EAAE;UACRrF,IAAI,EAAE,aAAa;UACnBkF,MAAM,EAAE,MAAM;UACdC,QAAQ,EAAEpB,OAAO,CAACqB,SAAS,CAACrB,OAAO,CAACd,MAAM,CAACoC;QAC/C,CAAC;QACD,aAAa,EAAE;UACXrF,IAAI,EAAE,aAAa;UACnBkF,MAAM,EAAE,SAAS;UACjBC,QAAQ,EAAEpB,OAAO,CAACqB,SAAS,CAACrB,OAAO,CAACd,MAAM,CAACoC;QAC/C,CAAC;QACD,eAAe,EAAE;UACbrF,IAAI,EAAE,eAAe;UACrBkF,MAAM,EAAE,KAAK;UACbC,QAAQ,EAAEpB,OAAO,CAACqB,SAAS,CAACrB,OAAO,CAACd,MAAM,CAACoC;QAC/C,CAAC;QACD,mBAAmB,EAAE;UACjBrF,IAAI,EAAE,eAAe;UACrBkF,MAAM,EAAE,SAAS;UACjBC,QAAQ,EAAEpB,OAAO,CAACqB,SAAS,CAACrB,OAAO,CAACd,MAAM,CAACoC;QAC/C,CAAC;QACD,iBAAiB,EAAE;UACfrF,IAAI,EAAE,UAAU;UAChBkF,MAAM,EAAE,KAAK;UACbC,QAAQ,EAAEH,WAAW,CAACI,SAAS,CAACE,QAAQ,CAACrC,MAAM,CAACoC;QACpD;MACJ,CAAC,CAAC;MAEF,MAAME,UAAU,GAAGrF,GAAG,CAAC0D,SAAS,CAACtF,aAAa,CAAC;MAC/C,MAAMkH,cAAc,GAAGtF,GAAG,CAAC0D,SAAS,CAACvF,iBAAiB,CAAC;MACvD,MAAMoH,SAAS,GAAGvF,GAAG,CAAC0D,SAAS,CAACzE,YAAY,CAAC;MAE7C,MAAM,CAACuG,gBAAgB,CAAC,GAAGtF,aAAa,CAACuF,gBAAgB,CAAChG,mBAAmB,CAAC;MAC9E,IAAI+F,gBAAgB,EAAE;QAClB,MAAM;UAAEE,OAAO;UAAEC,SAAS;UAAEC;QAAe,CAAC,GAAGJ,gBAAgB,CAAC/E,MAAM;QACtEf,iBAAiB,CAAC2F,UAAU,EAAE;UAC1BK,OAAO;UACPG,gBAAgB,EAAEF,SAAS;UAC3BG,iBAAiB,EAAEF;QACvB,CAAC,CAAC;MACN;MAEA5F,GAAG,CAAC+F,UAAU,CAAC;QACXC,YAAY,EAAEhH,eAAe,CAACgB,GAAG,CAAC;QAClCiG,MAAM,EAAEjI,GAAG,CAACwE,MAAM,CAACyD,MAAM;QACzBjC,iBAAiB,EAAEP,IAAI,CAACO,iBAAiB;QACzCkC,kBAAkB,EAAEzC,IAAI,CAACyC,kBAAkB;QAC3CC,6BAA6B,EAAE1C,IAAI,CAAC0C,6BAA6B;QACjEC,aAAa,EAAE3C,IAAI,CAACS,wBAAwB;QAC5CmC,sBAAsB,EAAE5C,IAAI,CAACW,0BAA0B;QACvDkC,iBAAiB,EAAEzC,OAAO,CAACqB,SAAS,CAACrB,OAAO,CAACd,MAAM,CAAClD,IAAI;QACxD0G,iBAAiB,EAAE1C,OAAO,CAACf,IAAI,CAACC,MAAM,CAACoC,GAAG;QAC1CqB,qBAAqB,EAAE3C,OAAO,CAACf,IAAI,CAACC,MAAM,CAAClD,IAAI;QAC/C4G,uBAAuB,EAAEnB,cAAc,CAACA,cAAc,CAACvC,MAAM,CAACoC,GAAG;QACjEuB,6BAA6B,EAAEpB,cAAc,CAACqB,YAAY,CAAC5D,MAAM,CAACoC,GAAG;QACrEyB,4BAA4B,EAAE9B,WAAW,CAACI,SAAS,CAACE,QAAQ,CAACrC,MAAM,CAACoC,GAAG;QACvE0B,cAAc,EAAEhC,SAAS,CAACiC,YAAY,CAAC/D,MAAM,CAACgE,EAAE;QAChDC,eAAe,EAAEnC,SAAS,CAACmC,eAAe;QAC1CC,yBAAyB,EAAE1B,SAAS,CAAC2B,UAAU,CAACnE,MAAM,CAACoC;MAC3D,CAAC,CAAC;;MAEF;MACA,IAAI3E,kBAAkB,EAAE;QACpBR,GAAG,CAAC+F,UAAU,CAAC;UACXoB,uBAAuB,EAAE1D,IAAI,CAACa;QAClC,CAAC,CAAC;MACN;MAEAtE,GAAG,CAAC2B,UAAU,CAAC,MAAM;QACjBhD,qBAAqB,CAAC;UAClBqB,GAAG;UACHoH,sBAAsB,EAAE/B,UAAU;UAClCgC,GAAG,EAAE;YACDC,kBAAkB,EAAE,qBAAqB;YACzCC,eAAe,EAAE,kBAAkB;YACnCC,UAAU,EAAE,WAAW;YACvBC,OAAO,EAAE;UACb;QACJ,CAAC,CAAC;MACN,CAAC,CAAC;MACF;MACA;MACA;MACA;MACA;MACA;MACA;MACA;;MAEA;MACA,MAAM1I,oBAAoB,CAAC,KAAK,CAAC;MAEjC,OAAO;QACH+F,WAAW;QACXjB,OAAO;QACPkB,UAAU;QACVF,SAAS;QACTQ,UAAU;QACVC,cAAc;QACdC;MACJ,CAAC;IACL;EACJ,CAAC,CAAC;EAEF,MAAMvF,GAAG,GAAGnB,mBAAmB,CAACD,4BAA4B,CAACgB,OAAO,CAAC,CAAC;EAEtEI,GAAG,CAAC2B,UAAU,CAAC,MAAM;IACjB3B,GAAG,CAAC0H,kBAAkB,CAAC;MACnB7H,IAAI,EAAE,KAAK;MACX8H,QAAQ,EAAE;QACNC,SAAS,EAAEhI,OAAO,CAACiI,SAAS,CAACvC,cAAc,CAACqB,YAAY,CAAC5D,MAAM,CAACoC,GAAG;QACnEE,UAAU,EAAE;UACRyC,cAAc,EAAElI,OAAO,CAACiI,SAAS,CAACxC,UAAU,CAACtC,MAAM,CAACgE,EAAE;UACtDgB,MAAM,EAAEnI,OAAO,CAACiI,SAAS,CAACxC,UAAU,CAACtC,MAAM,CAACjC,UAAU,CAACkH,KAAK,CACxDC,CAAC,IAAI,WAAWA,CAAC,EACrB;QACJ;MACJ;IACJ,CAAC,CAAC;IAEFjI,GAAG,CAAC0H,kBAAkB,CAAC;MACnB7H,IAAI,EAAE,WAAW;MACjB8H,QAAQ,EAAE;QACNO,SAAS,EAAEtI,OAAO,CAACiI,SAAS,CAAChE,OAAO,CAACqB,SAAS,CAACrB,OAAO,CAACd,MAAM,CAACoC,GAAG;QACjEgD,OAAO,EAAEvI,OAAO,CAACiI,SAAS,CAACtC,SAAS,CAAC2B,UAAU,CAACnE,MAAM,CAACoC;MAC3D;IACJ,CAAC,CAAC;EACN,CAAC,CAAC;EAEF,OAAOnF,GAAG;AACd,CAAC","ignoreList":[]}
+{"version":3,"file":"pulumi/apps/api/createApiPulumiApp.js","sources":["../../../../src/pulumi/apps/api/createApiPulumiApp.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { createPulumiApp, isResourceOfType, type PulumiApp } from \"@webiny/pulumi\";\nimport {\n    ApiBackgroundTask,\n    ApiCloudfront,\n    ApiFileManager,\n    ApiGateway,\n    ApiGraphql,\n    ApiWebsocket,\n    CoreOutput,\n    VpcConfig\n} from \"~/pulumi/apps/index.js\";\nimport {\n    addDomainsUrlsOutputs,\n    withCommonLambdaEnvVariables,\n    withServiceManifest\n} from \"~/pulumi/utils/index.js\";\nimport { getEnvVariableAwsRegion } from \"~/pulumi/env/awsRegion.js\";\n// import { attachSyncSystem } from \"../syncSystem/api/index.js\";\nimport { applyAwsResourceTags, getAwsAccountId } from \"~/pulumi/apps/awsUtils.js\";\nimport type { WithServiceManifest } from \"~/pulumi/utils/withServiceManifest.js\";\nimport { ApiScheduler } from \"~/pulumi/apps/api/ApiScheduler.js\";\nimport { getProjectSdk } from \"@webiny/project\";\nimport { getVpcConfigFromExtension } from \"~/pulumi/apps/extensions/getVpcConfigFromExtension.js\";\nimport { getOsConfigFromExtension } from \"~/pulumi/apps/extensions/getOsConfigFromExtension.js\";\nimport { handleGuardDutyEvents } from \"./handleGuardDutyEvents.js\";\nimport { ApiPulumi } from \"~/abstractions/features/pulumi/index.js\";\nimport { apiPulumi } from \"~/pulumi/features/ApiPulumi/index.js\";\nimport { ApiCustomDomains as apiCustomDomainsExt } from \"~/pulumi/extensions/ApiCustomDomains.js\";\nimport { applyCustomDomain } from \"~/pulumi/apps/customDomain.js\";\n\nexport type ApiPulumiApp = ReturnType<typeof createApiPulumiApp>;\n\nexport const createApiPulumiApp = () => {\n    const baseApp = createPulumiApp({\n        name: \"api\",\n        path: \"apps/api\",\n        program: async (app: PulumiApp & WithServiceManifest) => {\n            const sdk = await getProjectSdk();\n            const projectConfig = await sdk.getProjectConfig();\n\n            const pulumiResourceNamePrefix = await sdk.getPulumiResourceNamePrefix();\n            const vpcExtensionsConfig = getVpcConfigFromExtension(projectConfig);\n            const openSearchExtensionConfig = getOsConfigFromExtension(projectConfig);\n\n            let searchEngineParams: typeof openSearchExtensionConfig | null = null;\n\n            if (openSearchExtensionConfig) {\n                searchEngineParams = openSearchExtensionConfig;\n            }\n\n            if (searchEngineParams) {\n                const params = searchEngineParams;\n                if (typeof params === \"object\") {\n                    if (params.endpoint) {\n                        process.env.OPENSEARCH_ENDPOINT = params.endpoint;\n                    }\n\n                    if (params.domainName) {\n                        process.env.AWS_OS_DOMAIN_NAME = params.domainName;\n                    }\n\n                    if (params.indexPrefix) {\n                        process.env.OPENSEARCH_INDEX_PREFIX = params.indexPrefix;\n                    }\n\n                    if (params.sharedIndexes) {\n                        process.env.OPENSEARCH_SHARED_INDEXES = \"true\";\n                    }\n\n                    if (params.username) {\n                        process.env.OPENSEARCH_USERNAME = params.username;\n                    }\n\n                    if (params.password) {\n                        process.env.OPENSEARCH_PASSWORD = params.password;\n                    }\n                }\n            }\n\n            if (pulumiResourceNamePrefix) {\n                app.onResource(resource => {\n                    if (!resource.name.startsWith(pulumiResourceNamePrefix)) {\n                        resource.name = `${pulumiResourceNamePrefix}${resource.name}`;\n                    }\n                });\n            }\n\n            // <-------------------- Enterprise start -------------------->\n            app.addHandler(async () => {\n                const featureFlags = await sdk.getFeatureFlags();\n\n                const usingAdvancedVpcParams =\n                    vpcExtensionsConfig && typeof vpcExtensionsConfig !== \"boolean\";\n\n                if (featureFlags.isFileManagerThreatDetectionEnabled()) {\n                    handleGuardDutyEvents(app as ApiPulumiApp);\n                }\n\n                // Not using advanced VPC params? Then immediately exit.\n                if (usingAdvancedVpcParams) {\n                    const { onResource, addResource } = app;\n                    const { useExistingVpc } = vpcExtensionsConfig;\n\n                    // 1. We first deal with \"existing VPC\" setup.\n                    if (useExistingVpc) {\n                        if (!useExistingVpc.lambdaFunctionsVpcConfig) {\n                            throw new Error(\n                                \"Cannot specify `useExistingVpc` parameter because the `lambdaFunctionsVpcConfig` parameter wasn't provided.\"\n                            );\n                        }\n\n                        onResource(resource => {\n                            if (isResourceOfType(resource, aws.lambda.Function)) {\n                                const canUseVpc = resource.meta.canUseVpc !== false;\n                                if (canUseVpc) {\n                                    resource.config.vpcConfig(\n                                        useExistingVpc!.lambdaFunctionsVpcConfig\n                                    );\n                                }\n                            }\n\n                            if (isResourceOfType(resource, aws.iam.Role)) {\n                                if (resource.meta.isLambdaFunctionRole) {\n                                    addResource(aws.iam.RolePolicyAttachment, {\n                                        name: `${resource.name}-vpc-access-execution-role`,\n                                        config: {\n                                            role: resource.output.name,\n                                            policyArn:\n                                                aws.iam.ManagedPolicy\n                                                    .AWSLambdaVPCAccessExecutionRole\n                                        }\n                                    });\n                                }\n                            }\n                        });\n                    }\n                }\n            });\n            // <-------------------- Enterprise end -------------------->\n\n            // Overrides must be applied via a handler, registered at the very start of the program.\n            // By doing this, we're ensuring user's adjustments are not applied to late.\n            sdk.getContainer().registerComposite(apiPulumi);\n            const pulumiHandlers = sdk.getContainer().resolve(ApiPulumi);\n\n            app.addHandler(() => {\n                return pulumiHandlers.execute(app as ApiPulumiApp);\n            });\n\n            const isProduction = app.env.isProduction;\n\n            // Register core output as a module available to all the other modules\n            const core = app.addModule(CoreOutput);\n\n            // Register VPC config module to be available to other modules.\n            const vpcEnabled =\n                vpcExtensionsConfig === true ||\n                typeof vpcExtensionsConfig === \"object\" ||\n                isProduction;\n\n            app.addModule(VpcConfig, { enabled: vpcEnabled });\n\n            const graphql = app.addModule(ApiGraphql, {\n                env: {\n                    COGNITO_REGION: getEnvVariableAwsRegion(),\n                    COGNITO_USER_POOL_ID: core.cognitoUserPoolId,\n                    DB_TABLE: core.primaryDynamodbTableName,\n                    DB_TABLE_AUDIT_LOGS: core.auditLogsDynamodbTableName,\n                    DB_TABLE_OPENSEARCH: core.opensearchDynamodbTableName,\n                    OPENSEARCH_ENDPOINT: core.opensearchDomainEndpoint,\n\n                    // Not required. Useful for testing purposes / ephemeral environments.\n                    // https://www.webiny.com/docs/key-topics/ci-cd/testing/slow-ephemeral-environments\n                    OPENSEARCH_INDEX_PREFIX: process.env.OPENSEARCH_INDEX_PREFIX,\n                    OPENSEARCH_SHARED_INDEXES: process.env.OPENSEARCH_SHARED_INDEXES,\n                    OPENSEARCH_USERNAME: process.env.OPENSEARCH_USERNAME,\n                    OPENSEARCH_PASSWORD: process.env.OPENSEARCH_PASSWORD,\n\n                    S3_BUCKET: core.fileManagerBucketId,\n                    EVENT_BUS: core.eventBusArn,\n                    // TODO: move to okta plugin\n                    OKTA_ISSUER: process.env[\"OKTA_ISSUER\"]\n                }\n            });\n\n            const websocket = app.addModule(ApiWebsocket);\n\n            const fileManager = app.addModule(ApiFileManager, {\n                env: {\n                    DB_TABLE: core.primaryDynamodbTableName,\n                    DB_TABLE_AUDIT_LOGS: core.auditLogsDynamodbTableName\n                }\n            });\n\n            const apiGateway = app.addModule(ApiGateway, {\n                \"graphql-post\": {\n                    path: \"/graphql\",\n                    method: \"POST\",\n                    function: graphql.functions.graphql.output.arn\n                },\n                \"graphql-options\": {\n                    path: \"/graphql\",\n                    method: \"OPTIONS\",\n                    function: graphql.functions.graphql.output.arn\n                },\n                \"files-any\": {\n                    path: \"/files/{path+}\",\n                    method: \"ANY\",\n                    function: fileManager.functions.download.output.arn\n                },\n                \"private-any\": {\n                    path: \"/private/{path+}\",\n                    method: \"ANY\",\n                    function: fileManager.functions.download.output.arn\n                },\n                \"cms-post\": {\n                    path: \"/cms/{key+}\",\n                    method: \"POST\",\n                    function: graphql.functions.graphql.output.arn\n                },\n                \"cms-options\": {\n                    path: \"/cms/{key+}\",\n                    method: \"OPTIONS\",\n                    function: graphql.functions.graphql.output.arn\n                },\n                \"redirects-get\": {\n                    path: \"/wb/redirects\",\n                    method: \"GET\",\n                    function: graphql.functions.graphql.output.arn\n                },\n                \"redirects-options\": {\n                    path: \"/wb/redirects\",\n                    method: \"OPTIONS\",\n                    function: graphql.functions.graphql.output.arn\n                },\n                \"files-catch-all\": {\n                    path: \"/{path+}\",\n                    method: \"ANY\",\n                    function: fileManager.functions.download.output.arn\n                }\n            });\n\n            const cloudfront = app.addModule(ApiCloudfront);\n            const backgroundTask = app.addModule(ApiBackgroundTask);\n            const scheduler = app.addModule(ApiScheduler);\n\n            const [apiCustomDomains] = projectConfig.extensionsByType(apiCustomDomainsExt);\n            if (apiCustomDomains) {\n                const { domains, sslMethod, certificateArn } = apiCustomDomains.params;\n                applyCustomDomain(cloudfront, {\n                    domains,\n                    sslSupportMethod: sslMethod,\n                    acmCertificateArn: certificateArn\n                });\n            }\n\n            app.addOutputs({\n                awsAccountId: getAwsAccountId(app),\n                region: aws.config.region,\n                cognitoUserPoolId: core.cognitoUserPoolId,\n                cognitoAppClientId: core.cognitoAppClientId,\n                cognitoUserPoolPasswordPolicy: core.cognitoUserPoolPasswordPolicy,\n                dynamoDbTable: core.primaryDynamodbTableName,\n                auditLogsDynamoDbTable: core.auditLogsDynamodbTableName,\n                graphqlLambdaName: graphql.functions.graphql.output.name,\n                graphqlLambdaRole: graphql.role.output.arn,\n                graphqlLambdaRoleName: graphql.role.output.name,\n                backgroundTaskLambdaArn: backgroundTask.backgroundTask.output.arn,\n                backgroundTaskStepFunctionArn: backgroundTask.stepFunction.output.arn,\n                fileManagerDownloadLambdaArn: fileManager.functions.download.output.arn,\n                websocketApiId: websocket.websocketApi.output.id,\n                websocketApiUrl: websocket.websocketApiUrl,\n                schedulerLambdaInvokeRole: scheduler.invokeRole.output.arn\n            });\n\n            // Only add `dynamoDbOpensearchTable` output if using search engine (ES/OS).\n            if (searchEngineParams) {\n                app.addOutputs({\n                    dynamoDbOpensearchTable: core.opensearchDynamodbTableName\n                });\n            }\n\n            app.addHandler(() => {\n                addDomainsUrlsOutputs({\n                    app,\n                    cloudfrontDistribution: cloudfront,\n                    map: {\n                        distributionDomain: \"cloudfrontApiDomain\",\n                        distributionUrl: \"cloudfrontApiUrl\",\n                        usedDomain: \"apiDomain\",\n                        usedUrl: \"apiUrl\"\n                    }\n                });\n            });\n            // /**\n            //  * We need to attach the Sync System if it exists.\n            //  */\n            // await attachSyncSystem({\n            //     app,\n            //     core,\n            //     env: app.params.run.env\n            // });\n\n            // Applies internal and user-defined AWS tags.\n            await applyAwsResourceTags(\"api\");\n\n            return {\n                fileManager,\n                graphql,\n                apiGateway,\n                websocket,\n                cloudfront,\n                backgroundTask,\n                scheduler\n            };\n        }\n    });\n\n    const app = withServiceManifest(withCommonLambdaEnvVariables(baseApp));\n\n    app.addHandler(() => {\n        app.addServiceManifest({\n            name: \"api\",\n            manifest: {\n                bgTaskSfn: baseApp.resources.backgroundTask.stepFunction.output.arn,\n                cloudfront: {\n                    distributionId: baseApp.resources.cloudfront.output.id,\n                    domain: baseApp.resources.cloudfront.output.domainName.apply(\n                        v => `https://${v}`\n                    )\n                }\n            }\n        });\n\n        app.addServiceManifest({\n            name: \"scheduler\",\n            manifest: {\n                lambdaArn: baseApp.resources.graphql.functions.graphql.output.arn,\n                roleArn: baseApp.resources.scheduler.invokeRole.output.arn\n            }\n        });\n    });\n\n    return app;\n};\n"],"names":["createApiPulumiApp","baseApp","createPulumiApp","app","sdk","getProjectSdk","projectConfig","pulumiResourceNamePrefix","vpcExtensionsConfig","getVpcConfigFromExtension","openSearchExtensionConfig","getOsConfigFromExtension","searchEngineParams","params","process","resource","featureFlags","usingAdvancedVpcParams","handleGuardDutyEvents","onResource","addResource","useExistingVpc","Error","isResourceOfType","aws","canUseVpc","apiPulumi","pulumiHandlers","ApiPulumi","isProduction","core","CoreOutput","vpcEnabled","VpcConfig","graphql","ApiGraphql","getEnvVariableAwsRegion","websocket","ApiWebsocket","fileManager","ApiFileManager","apiGateway","ApiGateway","cloudfront","ApiCloudfront","backgroundTask","ApiBackgroundTask","scheduler","ApiScheduler","apiCustomDomains","apiCustomDomainsExt","domains","sslMethod","certificateArn","applyCustomDomain","getAwsAccountId","addDomainsUrlsOutputs","applyAwsResourceTags","withServiceManifest","withCommonLambdaEnvVariables","v"],"mappings":";;;;;;;;;;;;;;;AAiCO,MAAMA,qBAAqB;IAC9B,MAAMC,UAAUC,gBAAgB;QAC5B,MAAM;QACN,MAAM;QACN,SAAS,OAAOC;YACZ,MAAMC,MAAM,MAAMC;YAClB,MAAMC,gBAAgB,MAAMF,IAAI,gBAAgB;YAEhD,MAAMG,2BAA2B,MAAMH,IAAI,2BAA2B;YACtE,MAAMI,sBAAsBC,0BAA0BH;YACtD,MAAMI,4BAA4BC,yBAAyBL;YAE3D,IAAIM,qBAA8D;YAElE,IAAIF,2BACAE,qBAAqBF;YAGzB,IAAIE,oBAAoB;gBACpB,MAAMC,SAASD;gBACf,IAAI,AAAkB,YAAlB,OAAOC,QAAqB;oBAC5B,IAAIA,OAAO,QAAQ,EACfC,QAAQ,GAAG,CAAC,mBAAmB,GAAGD,OAAO,QAAQ;oBAGrD,IAAIA,OAAO,UAAU,EACjBC,QAAQ,GAAG,CAAC,kBAAkB,GAAGD,OAAO,UAAU;oBAGtD,IAAIA,OAAO,WAAW,EAClBC,QAAQ,GAAG,CAAC,uBAAuB,GAAGD,OAAO,WAAW;oBAG5D,IAAIA,OAAO,aAAa,EACpBC,QAAQ,GAAG,CAAC,yBAAyB,GAAG;oBAG5C,IAAID,OAAO,QAAQ,EACfC,QAAQ,GAAG,CAAC,mBAAmB,GAAGD,OAAO,QAAQ;oBAGrD,IAAIA,OAAO,QAAQ,EACfC,QAAQ,GAAG,CAAC,mBAAmB,GAAGD,OAAO,QAAQ;gBAEzD;YACJ;YAEA,IAAIN,0BACAJ,IAAI,UAAU,CAACY,CAAAA;gBACX,IAAI,CAACA,SAAS,IAAI,CAAC,UAAU,CAACR,2BAC1BQ,SAAS,IAAI,GAAG,GAAGR,2BAA2BQ,SAAS,IAAI,EAAE;YAErE;YAIJZ,IAAI,UAAU,CAAC;gBACX,MAAMa,eAAe,MAAMZ,IAAI,eAAe;gBAE9C,MAAMa,yBACFT,uBAAuB,AAA+B,aAA/B,OAAOA;gBAElC,IAAIQ,aAAa,mCAAmC,IAChDE,sBAAsBf;gBAI1B,IAAIc,wBAAwB;oBACxB,MAAM,EAAEE,UAAU,EAAEC,WAAW,EAAE,GAAGjB;oBACpC,MAAM,EAAEkB,cAAc,EAAE,GAAGb;oBAG3B,IAAIa,gBAAgB;wBAChB,IAAI,CAACA,eAAe,wBAAwB,EACxC,MAAM,IAAIC,MACN;wBAIRH,WAAWJ,CAAAA;4BACP,IAAIQ,iBAAiBR,UAAUS,uCAAAA,MAAAA,CAAAA,QAAmB,GAAG;gCACjD,MAAMC,YAAYV,AAA4B,UAA5BA,SAAS,IAAI,CAAC,SAAS;gCACzC,IAAIU,WACAV,SAAS,MAAM,CAAC,SAAS,CACrBM,eAAgB,wBAAwB;4BAGpD;4BAEA,IAAIE,iBAAiBR,UAAUS,uCAAAA,GAAAA,CAAAA,IAAY,GACvC;gCAAA,IAAIT,SAAS,IAAI,CAAC,oBAAoB,EAClCK,YAAYI,uCAAAA,GAAAA,CAAAA,oBAA4B,EAAE;oCACtC,MAAM,GAAGT,SAAS,IAAI,CAAC,0BAA0B,CAAC;oCAClD,QAAQ;wCACJ,MAAMA,SAAS,MAAM,CAAC,IAAI;wCAC1B,WACIS,uCAAAA,GAAAA,CAAAA,aAAAA,CAAAA,+BACoC;oCAC5C;gCACJ;4BACJ;wBAER;oBACJ;gBACJ;YACJ;YAKApB,IAAI,YAAY,GAAG,iBAAiB,CAACsB;YACrC,MAAMC,iBAAiBvB,IAAI,YAAY,GAAG,OAAO,CAACwB;YAElDzB,IAAI,UAAU,CAAC,IACJwB,eAAe,OAAO,CAACxB;YAGlC,MAAM0B,eAAe1B,IAAI,GAAG,CAAC,YAAY;YAGzC,MAAM2B,OAAO3B,IAAI,SAAS,CAAC4B;YAG3B,MAAMC,aACFxB,AAAwB,SAAxBA,uBACA,AAA+B,YAA/B,OAAOA,uBACPqB;YAEJ1B,IAAI,SAAS,CAAC8B,WAAW;gBAAE,SAASD;YAAW;YAE/C,MAAME,UAAU/B,IAAI,SAAS,CAACgC,YAAY;gBACtC,KAAK;oBACD,gBAAgBC;oBAChB,sBAAsBN,KAAK,iBAAiB;oBAC5C,UAAUA,KAAK,wBAAwB;oBACvC,qBAAqBA,KAAK,0BAA0B;oBACpD,qBAAqBA,KAAK,2BAA2B;oBACrD,qBAAqBA,KAAK,wBAAwB;oBAIlD,yBAAyBhB,QAAQ,GAAG,CAAC,uBAAuB;oBAC5D,2BAA2BA,QAAQ,GAAG,CAAC,yBAAyB;oBAChE,qBAAqBA,QAAQ,GAAG,CAAC,mBAAmB;oBACpD,qBAAqBA,QAAQ,GAAG,CAAC,mBAAmB;oBAEpD,WAAWgB,KAAK,mBAAmB;oBACnC,WAAWA,KAAK,WAAW;oBAE3B,aAAahB,QAAQ,GAAG,CAAC,cAAc;gBAC3C;YACJ;YAEA,MAAMuB,YAAYlC,IAAI,SAAS,CAACmC;YAEhC,MAAMC,cAAcpC,IAAI,SAAS,CAACqC,gBAAgB;gBAC9C,KAAK;oBACD,UAAUV,KAAK,wBAAwB;oBACvC,qBAAqBA,KAAK,0BAA0B;gBACxD;YACJ;YAEA,MAAMW,aAAatC,IAAI,SAAS,CAACuC,YAAY;gBACzC,gBAAgB;oBACZ,MAAM;oBACN,QAAQ;oBACR,UAAUR,QAAQ,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG;gBAClD;gBACA,mBAAmB;oBACf,MAAM;oBACN,QAAQ;oBACR,UAAUA,QAAQ,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG;gBAClD;gBACA,aAAa;oBACT,MAAM;oBACN,QAAQ;oBACR,UAAUK,YAAY,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG;gBACvD;gBACA,eAAe;oBACX,MAAM;oBACN,QAAQ;oBACR,UAAUA,YAAY,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG;gBACvD;gBACA,YAAY;oBACR,MAAM;oBACN,QAAQ;oBACR,UAAUL,QAAQ,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG;gBAClD;gBACA,eAAe;oBACX,MAAM;oBACN,QAAQ;oBACR,UAAUA,QAAQ,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG;gBAClD;gBACA,iBAAiB;oBACb,MAAM;oBACN,QAAQ;oBACR,UAAUA,QAAQ,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG;gBAClD;gBACA,qBAAqB;oBACjB,MAAM;oBACN,QAAQ;oBACR,UAAUA,QAAQ,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG;gBAClD;gBACA,mBAAmB;oBACf,MAAM;oBACN,QAAQ;oBACR,UAAUK,YAAY,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG;gBACvD;YACJ;YAEA,MAAMI,aAAaxC,IAAI,SAAS,CAACyC;YACjC,MAAMC,iBAAiB1C,IAAI,SAAS,CAAC2C;YACrC,MAAMC,YAAY5C,IAAI,SAAS,CAAC6C;YAEhC,MAAM,CAACC,iBAAiB,GAAG3C,cAAc,gBAAgB,CAAC4C;YAC1D,IAAID,kBAAkB;gBAClB,MAAM,EAAEE,OAAO,EAAEC,SAAS,EAAEC,cAAc,EAAE,GAAGJ,iBAAiB,MAAM;gBACtEK,kBAAkBX,YAAY;oBAC1BQ;oBACA,kBAAkBC;oBAClB,mBAAmBC;gBACvB;YACJ;YAEAlD,IAAI,UAAU,CAAC;gBACX,cAAcoD,gBAAgBpD;gBAC9B,QAAQqB,uCAAAA,MAAAA,CAAAA,MAAiB;gBACzB,mBAAmBM,KAAK,iBAAiB;gBACzC,oBAAoBA,KAAK,kBAAkB;gBAC3C,+BAA+BA,KAAK,6BAA6B;gBACjE,eAAeA,KAAK,wBAAwB;gBAC5C,wBAAwBA,KAAK,0BAA0B;gBACvD,mBAAmBI,QAAQ,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI;gBACxD,mBAAmBA,QAAQ,IAAI,CAAC,MAAM,CAAC,GAAG;gBAC1C,uBAAuBA,QAAQ,IAAI,CAAC,MAAM,CAAC,IAAI;gBAC/C,yBAAyBW,eAAe,cAAc,CAAC,MAAM,CAAC,GAAG;gBACjE,+BAA+BA,eAAe,YAAY,CAAC,MAAM,CAAC,GAAG;gBACrE,8BAA8BN,YAAY,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG;gBACvE,gBAAgBF,UAAU,YAAY,CAAC,MAAM,CAAC,EAAE;gBAChD,iBAAiBA,UAAU,eAAe;gBAC1C,2BAA2BU,UAAU,UAAU,CAAC,MAAM,CAAC,GAAG;YAC9D;YAGA,IAAInC,oBACAT,IAAI,UAAU,CAAC;gBACX,yBAAyB2B,KAAK,2BAA2B;YAC7D;YAGJ3B,IAAI,UAAU,CAAC;gBACXqD,sBAAsB;oBAClBrD;oBACA,wBAAwBwC;oBACxB,KAAK;wBACD,oBAAoB;wBACpB,iBAAiB;wBACjB,YAAY;wBACZ,SAAS;oBACb;gBACJ;YACJ;YAWA,MAAMc,qBAAqB;YAE3B,OAAO;gBACHlB;gBACAL;gBACAO;gBACAJ;gBACAM;gBACAE;gBACAE;YACJ;QACJ;IACJ;IAEA,MAAM5C,MAAMuD,oBAAoBC,6BAA6B1D;IAE7DE,IAAI,UAAU,CAAC;QACXA,IAAI,kBAAkB,CAAC;YACnB,MAAM;YACN,UAAU;gBACN,WAAWF,QAAQ,SAAS,CAAC,cAAc,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG;gBACnE,YAAY;oBACR,gBAAgBA,QAAQ,SAAS,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE;oBACtD,QAAQA,QAAQ,SAAS,CAAC,UAAU,CAAC,MAAM,CAAC,UAAU,CAAC,KAAK,CACxD2D,CAAAA,IAAK,CAAC,QAAQ,EAAEA,GAAG;gBAE3B;YACJ;QACJ;QAEAzD,IAAI,kBAAkB,CAAC;YACnB,MAAM;YACN,UAAU;gBACN,WAAWF,QAAQ,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG;gBACjE,SAASA,QAAQ,SAAS,CAAC,SAAS,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG;YAC9D;QACJ;IACJ;IAEA,OAAOE;AACX"}