aws-cdk 2.1006.0 → 3.0.0

package/lib/api/environment/environment-access.d.ts

@@ -1,140 +0,0 @@
-import type * as cxapi from '@aws-cdk/cx-api';
-import type { SDK } from '../aws-auth';
-import type { EnvironmentResources } from './environment-resources';
-import type { StringWithoutPlaceholders } from './placeholders';
-import { type IoHelper } from '../../../../@aws-cdk/tmp-toolkit-helpers/src/api/io/private';
-import type { SdkProvider } from '../aws-auth/sdk-provider';
-/**
- * Access particular AWS resources, based on information from the CX manifest
- *
- * It is not possible to grab direct access to AWS credentials; 9 times out of 10
- * we have to allow for role assumption, and role assumption can only work if
- * there is a CX Manifest that contains a role ARN.
- *
- * This class exists so new code isn't tempted to go and get SDK credentials directly.
- */
-export declare class EnvironmentAccess {
-    private readonly sdkProvider;
-    private readonly sdkCache;
-    private readonly environmentResources;
-    private readonly ioHelper;
-    constructor(sdkProvider: SdkProvider, toolkitStackName: string, ioHelper: IoHelper);
-    /**
-     * Resolves the environment for a stack.
-     */
-    resolveStackEnvironment(stack: cxapi.CloudFormationStackArtifact): Promise<cxapi.Environment>;
-    /**
-     * Get an SDK to access the given stack's environment for stack operations
-     *
-     * Will ask plugins for readonly credentials if available, use the default
-     * AWS credentials if not.
-     *
-     * Will assume the deploy role if configured on the stack. Check the default `deploy-role`
-     * policies to see what you can do with this role.
-     */
-    accessStackForReadOnlyStackOperations(stack: cxapi.CloudFormationStackArtifact): Promise<TargetEnvironment>;
-    /**
-     * Get an SDK to access the given stack's environment for stack operations
-     *
-     * Will ask plugins for mutating credentials if available, use the default AWS
-     * credentials if not.  The `mode` parameter is only used for querying
-     * plugins.
-     *
-     * Will assume the deploy role if configured on the stack. Check the default `deploy-role`
-     * policies to see what you can do with this role.
-     */
-    accessStackForMutableStackOperations(stack: cxapi.CloudFormationStackArtifact): Promise<TargetEnvironment>;
-    /**
-     * Get an SDK to access the given stack's environment for environmental lookups
-     *
-     * Will use a plugin if available, use the default AWS credentials if not.
-     * The `mode` parameter is only used for querying plugins.
-     *
-     * Will assume the lookup role if configured on the stack. Check the default `lookup-role`
-     * policies to see what you can do with this role. It can generally read everything
-     * in the account that does not require KMS access.
-     *
-     * ---
-     *
-     * For backwards compatibility reasons, there are some scenarios that are handled here:
-     *
-     *  1. The lookup role may not exist (it was added in bootstrap stack version 7). If so:
-     *     a. Return the default credentials if the default credentials are for the stack account
-     *        (you will notice this as `isFallbackCredentials=true`).
-     *     b. Throw an error if the default credentials are not for the stack account.
-     *
-     *  2. The lookup role may not have the correct permissions (for example, ReadOnlyAccess was added in
-     *     bootstrap stack version 8); the stack will have a minimum version number on it.
-     *     a. If it does not we throw an error which should be handled in the calling
-     *        function (and fallback to use a different role, etc)
-     *
-     * Upon success, caller will have an SDK for the right account, which may or may not have
-     * the right permissions.
-     */
-    accessStackForLookup(stack: cxapi.CloudFormationStackArtifact): Promise<TargetEnvironment>;
-    /**
-     * Get an SDK to access the given stack's environment for reading stack attributes
-     *
-     * Will use a plugin if available, use the default AWS credentials if not.
-     * The `mode` parameter is only used for querying plugins.
-     *
-     * Will try to assume the lookup role if given, will use the regular stack operations
-     * access (deploy-role) otherwise. When calling this, you should assume that you will get
-     * the least privileged role, so don't try to use it for anything the `deploy-role`
-     * wouldn't be able to do. Also you cannot rely on being able to read encrypted anything.
-     */
-    accessStackForLookupBestEffort(stack: cxapi.CloudFormationStackArtifact): Promise<TargetEnvironment>;
-    /**
-     * Get an SDK to access the given stack's environment for stack operations
-     *
-     * Will use a plugin if available, use the default AWS credentials if not.
-     * The `mode` parameter is only used for querying plugins.
-     *
-     * Will assume the deploy role if configured on the stack. Check the default `deploy-role`
-     * policies to see what you can do with this role.
-     */
-    private accessStackForStackOperations;
-    /**
-     * Prepare an SDK for use in the given environment and optionally with a role assumed.
-     */
-    private prepareSdk;
-    private cachedSdkForEnvironment;
-}
-/**
- * SDK obtained by assuming the deploy role
- * for a given environment
- */
-export interface TargetEnvironment {
-    /**
-     * The SDK for the given environment
-     */
-    readonly sdk: SDK;
-    /**
-     * The resolved environment for the stack
-     * (no more 'unknown-account/unknown-region')
-     */
-    readonly resolvedEnvironment: cxapi.Environment;
-    /**
-     * Access class for environmental resources to help the deployment
-     */
-    readonly resources: EnvironmentResources;
-    /**
-     * Whether or not we assumed a role in the process of getting these credentials
-     */
-    readonly didAssumeRole: boolean;
-    /**
-     * Whether or not these are fallback credentials
-     *
-     * Fallback credentials means that assuming the intended role failed, but the
-     * base credentials happen to be for the right account so we just picked those
-     * and hope the future SDK calls succeed.
-     *
-     * This is a backwards compatibility mechanism from around the time we introduced
-     * deployment roles.
-     */
-    readonly isFallbackCredentials: boolean;
-    /**
-     * Replace environment placeholders according to the current environment
-     */
-    replacePlaceholders(x: string | undefined): Promise<StringWithoutPlaceholders | undefined>;
-}

package/lib/api/environment/environment-access.js

@@ -1,202 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.EnvironmentAccess = void 0;
-const environment_resources_1 = require("./environment-resources");
-const placeholders_1 = require("./placeholders");
-const api_1 = require("../../../../@aws-cdk/tmp-toolkit-helpers/src/api");
-const private_1 = require("../../../../@aws-cdk/tmp-toolkit-helpers/src/api/io/private");
-const util_1 = require("../../util");
-const mode_1 = require("../plugin/mode");
-/**
- * Access particular AWS resources, based on information from the CX manifest
- *
- * It is not possible to grab direct access to AWS credentials; 9 times out of 10
- * we have to allow for role assumption, and role assumption can only work if
- * there is a CX Manifest that contains a role ARN.
- *
- * This class exists so new code isn't tempted to go and get SDK credentials directly.
- */
-class EnvironmentAccess {
-    constructor(sdkProvider, toolkitStackName, ioHelper) {
-        this.sdkProvider = sdkProvider;
-        this.sdkCache = new Map();
-        this.environmentResources = new environment_resources_1.EnvironmentResourcesRegistry(toolkitStackName);
-        this.ioHelper = ioHelper;
-    }
-    /**
-     * Resolves the environment for a stack.
-     */
-    async resolveStackEnvironment(stack) {
-        return this.sdkProvider.resolveEnvironment(stack.environment);
-    }
-    /**
-     * Get an SDK to access the given stack's environment for stack operations
-     *
-     * Will ask plugins for readonly credentials if available, use the default
-     * AWS credentials if not.
-     *
-     * Will assume the deploy role if configured on the stack. Check the default `deploy-role`
-     * policies to see what you can do with this role.
-     */
-    async accessStackForReadOnlyStackOperations(stack) {
-        return this.accessStackForStackOperations(stack, mode_1.Mode.ForReading);
-    }
-    /**
-     * Get an SDK to access the given stack's environment for stack operations
-     *
-     * Will ask plugins for mutating credentials if available, use the default AWS
-     * credentials if not.  The `mode` parameter is only used for querying
-     * plugins.
-     *
-     * Will assume the deploy role if configured on the stack. Check the default `deploy-role`
-     * policies to see what you can do with this role.
-     */
-    async accessStackForMutableStackOperations(stack) {
-        return this.accessStackForStackOperations(stack, mode_1.Mode.ForWriting);
-    }
-    /**
-     * Get an SDK to access the given stack's environment for environmental lookups
-     *
-     * Will use a plugin if available, use the default AWS credentials if not.
-     * The `mode` parameter is only used for querying plugins.
-     *
-     * Will assume the lookup role if configured on the stack. Check the default `lookup-role`
-     * policies to see what you can do with this role. It can generally read everything
-     * in the account that does not require KMS access.
-     *
-     * ---
-     *
-     * For backwards compatibility reasons, there are some scenarios that are handled here:
-     *
-     *  1. The lookup role may not exist (it was added in bootstrap stack version 7). If so:
-     *     a. Return the default credentials if the default credentials are for the stack account
-     *        (you will notice this as `isFallbackCredentials=true`).
-     *     b. Throw an error if the default credentials are not for the stack account.
-     *
-     *  2. The lookup role may not have the correct permissions (for example, ReadOnlyAccess was added in
-     *     bootstrap stack version 8); the stack will have a minimum version number on it.
-     *     a. If it does not we throw an error which should be handled in the calling
-     *        function (and fallback to use a different role, etc)
-     *
-     * Upon success, caller will have an SDK for the right account, which may or may not have
-     * the right permissions.
-     */
-    async accessStackForLookup(stack) {
-        if (!stack.environment) {
-            throw new api_1.ToolkitError(`The stack ${stack.displayName} does not have an environment`);
-        }
-        const lookupEnv = await this.prepareSdk({
-            environment: stack.environment,
-            mode: mode_1.Mode.ForReading,
-            assumeRoleArn: stack.lookupRole?.arn,
-            assumeRoleExternalId: stack.lookupRole?.assumeRoleExternalId,
-            assumeRoleAdditionalOptions: stack.lookupRole?.assumeRoleAdditionalOptions,
-        });
-        // if we succeed in assuming the lookup role, make sure we have the correct bootstrap stack version
-        if (lookupEnv.didAssumeRole && stack.lookupRole?.bootstrapStackVersionSsmParameter && stack.lookupRole.requiresBootstrapStackVersion) {
-            const version = await lookupEnv.resources.versionFromSsmParameter(stack.lookupRole.bootstrapStackVersionSsmParameter);
-            if (version < stack.lookupRole.requiresBootstrapStackVersion) {
-                throw new api_1.ToolkitError(`Bootstrap stack version '${stack.lookupRole.requiresBootstrapStackVersion}' is required, found version '${version}'. To get rid of this error, please upgrade to bootstrap version >= ${stack.lookupRole.requiresBootstrapStackVersion}`);
-            }
-        }
-        if (lookupEnv.isFallbackCredentials) {
-            const arn = await lookupEnv.replacePlaceholders(stack.lookupRole?.arn);
-            await this.ioHelper.notify(private_1.IO.DEFAULT_TOOLKIT_WARN.msg(`Lookup role ${arn} was not assumed. Proceeding with default credentials.`));
-        }
-        return lookupEnv;
-    }
-    /**
-     * Get an SDK to access the given stack's environment for reading stack attributes
-     *
-     * Will use a plugin if available, use the default AWS credentials if not.
-     * The `mode` parameter is only used for querying plugins.
-     *
-     * Will try to assume the lookup role if given, will use the regular stack operations
-     * access (deploy-role) otherwise. When calling this, you should assume that you will get
-     * the least privileged role, so don't try to use it for anything the `deploy-role`
-     * wouldn't be able to do. Also you cannot rely on being able to read encrypted anything.
-     */
-    async accessStackForLookupBestEffort(stack) {
-        if (!stack.environment) {
-            throw new api_1.ToolkitError(`The stack ${stack.displayName} does not have an environment`);
-        }
-        try {
-            return await this.accessStackForLookup(stack);
-        }
-        catch (e) {
-            await this.ioHelper.notify(private_1.IO.DEFAULT_TOOLKIT_WARN.msg(`${(0, util_1.formatErrorMessage)(e)}`));
-        }
-        return this.accessStackForStackOperations(stack, mode_1.Mode.ForReading);
-    }
-    /**
-     * Get an SDK to access the given stack's environment for stack operations
-     *
-     * Will use a plugin if available, use the default AWS credentials if not.
-     * The `mode` parameter is only used for querying plugins.
-     *
-     * Will assume the deploy role if configured on the stack. Check the default `deploy-role`
-     * policies to see what you can do with this role.
-     */
-    async accessStackForStackOperations(stack, mode) {
-        if (!stack.environment) {
-            throw new api_1.ToolkitError(`The stack ${stack.displayName} does not have an environment`);
-        }
-        return this.prepareSdk({
-            environment: stack.environment,
-            mode,
-            assumeRoleArn: stack.assumeRoleArn,
-            assumeRoleExternalId: stack.assumeRoleExternalId,
-            assumeRoleAdditionalOptions: stack.assumeRoleAdditionalOptions,
-        });
-    }
-    /**
-     * Prepare an SDK for use in the given environment and optionally with a role assumed.
-     */
-    async prepareSdk(options) {
-        const resolvedEnvironment = await this.sdkProvider.resolveEnvironment(options.environment);
-        // Substitute any placeholders with information about the current environment
-        const { assumeRoleArn } = await (0, placeholders_1.replaceEnvPlaceholders)({
-            assumeRoleArn: options.assumeRoleArn,
-        }, resolvedEnvironment, this.sdkProvider);
-        const stackSdk = await this.cachedSdkForEnvironment(resolvedEnvironment, options.mode, {
-            assumeRoleArn,
-            assumeRoleExternalId: options.assumeRoleExternalId,
-            assumeRoleAdditionalOptions: options.assumeRoleAdditionalOptions,
-        });
-        return {
-            sdk: stackSdk.sdk,
-            resolvedEnvironment,
-            resources: this.environmentResources.for(resolvedEnvironment, stackSdk.sdk, this.ioHelper),
-            // If we asked for a role, did not successfully assume it, and yet got here without an exception: that
-            // means we must have fallback credentials.
-            isFallbackCredentials: !stackSdk.didAssumeRole && !!assumeRoleArn,
-            didAssumeRole: stackSdk.didAssumeRole,
-            replacePlaceholders: async (str) => {
-                const ret = await (0, placeholders_1.replaceEnvPlaceholders)({ str }, resolvedEnvironment, this.sdkProvider);
-                return ret.str;
-            },
-        };
-    }
-    async cachedSdkForEnvironment(environment, mode, options) {
-        const cacheKeyElements = [
-            environment.account,
-            environment.region,
-            `${mode}`,
-            options?.assumeRoleArn ?? '',
-            options?.assumeRoleExternalId ?? '',
-        ];
-        if (options?.assumeRoleAdditionalOptions) {
-            cacheKeyElements.push(JSON.stringify(options.assumeRoleAdditionalOptions));
-        }
-        const cacheKey = cacheKeyElements.join(':');
-        const existing = this.sdkCache.get(cacheKey);
-        if (existing) {
-            return existing;
-        }
-        const ret = await this.sdkProvider.forEnvironment(environment, mode, options);
-        this.sdkCache.set(cacheKey, ret);
-        return ret;
-    }
-}
-exports.EnvironmentAccess = EnvironmentAccess;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZW52aXJvbm1lbnQtYWNjZXNzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiZW52aXJvbm1lbnQtYWNjZXNzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUdBLG1FQUF1RTtBQUV2RSxpREFBd0Q7QUFDeEQsMEVBQWdGO0FBQ2hGLHlGQUFnRztBQUNoRyxxQ0FBZ0Q7QUFFaEQseUNBQXNDO0FBRXRDOzs7Ozs7OztHQVFHO0FBQ0gsTUFBYSxpQkFBaUI7SUFLNUIsWUFBNkIsV0FBd0IsRUFBRSxnQkFBd0IsRUFBRSxRQUFrQjtRQUF0RSxnQkFBVyxHQUFYLFdBQVcsQ0FBYTtRQUpwQyxhQUFRLEdBQUcsSUFBSSxHQUFHLEVBQTZCLENBQUM7UUFLL0QsSUFBSSxDQUFDLG9CQUFvQixHQUFHLElBQUksb0RBQTRCLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztRQUMvRSxJQUFJLENBQUMsUUFBUSxHQUFHLFFBQVEsQ0FBQztJQUMzQixDQUFDO0lBRUQ7O09BRUc7SUFDSSxLQUFLLENBQUMsdUJBQXVCLENBQUMsS0FBd0M7UUFDM0UsT0FBTyxJQUFJLENBQUMsV0FBVyxDQUFDLGtCQUFrQixDQUFDLEtBQUssQ0FBQyxXQUFXLENBQUMsQ0FBQztJQUNoRSxDQUFDO0lBRUQ7Ozs7Ozs7O09BUUc7SUFDSSxLQUFLLENBQUMscUNBQXFDLENBQUMsS0FBd0M7UUFDekYsT0FBTyxJQUFJLENBQUMsNkJBQTZCLENBQUMsS0FBSyxFQUFFLFdBQUksQ0FBQyxVQUFVLENBQUMsQ0FBQztJQUNwRSxDQUFDO0lBRUQ7Ozs7Ozs7OztPQVNHO0lBQ0ksS0FBSyxDQUFDLG9DQUFvQyxDQUFDLEtBQXdDO1FBQ3hGLE9BQU8sSUFBSSxDQUFDLDZCQUE2QixDQUFDLEtBQUssRUFBRSxXQUFJLENBQUMsVUFBVSxDQUFDLENBQUM7SUFDcEUsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztPQTBCRztJQUNJLEtBQUssQ0FBQyxvQkFBb0IsQ0FBQyxLQUF3QztRQUN4RSxJQUFJLENBQUMsS0FBSyxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQ3ZCLE1BQU0sSUFBSSxrQkFBWSxDQUFDLGFBQWEsS0FBSyxDQUFDLFdBQVcsK0JBQStCLENBQUMsQ0FBQztRQUN4RixDQUFDO1FBRUQsTUFBTSxTQUFTLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDO1lBQ3RDLFdBQVcsRUFBRSxLQUFLLENBQUMsV0FBVztZQUM5QixJQUFJLEVBQUUsV0FBSSxDQUFDLFVBQVU7WUFDckIsYUFBYSxFQUFFLEtBQUssQ0FBQyxVQUFVLEVBQUUsR0FBRztZQUNwQyxvQkFBb0IsRUFBRSxLQUFLLENBQUMsVUFBVSxFQUFFLG9CQUFvQjtZQUM1RCwyQkFBMkIsRUFBRSxLQUFLLENBQUMsVUFBVSxFQUFFLDJCQUEyQjtTQUMzRSxDQUFDLENBQUM7UUFFSCxtR0FBbUc7UUFDbkcsSUFBSSxTQUFTLENBQUMsYUFBYSxJQUFJLEtBQUssQ0FBQyxVQUFVLEVBQUUsaUNBQWlDLElBQUksS0FBSyxDQUFDLFVBQVUsQ0FBQyw2QkFBNkIsRUFBRSxDQUFDO1lBQ3JJLE1BQU0sT0FBTyxHQUFHLE1BQU0sU0FBUyxDQUFDLFNBQVMsQ0FBQyx1QkFBdUIsQ0FBQyxLQUFLLENBQUMsVUFBVSxDQUFDLGlDQUFpQyxDQUFDLENBQUM7WUFDdEgsSUFBSSxPQUFPLEdBQUcsS0FBSyxDQUFDLFVBQVUsQ0FBQyw2QkFBNkIsRUFBRSxDQUFDO2dCQUM3RCxNQUFNLElBQUksa0JBQVksQ0FBQyw0QkFBNEIsS0FBSyxDQUFDLFVBQVUsQ0FBQyw2QkFBNkIsaUNBQWlDLE9BQU8sdUVBQXVFLEtBQUssQ0FBQyxVQUFVLENBQUMsNkJBQTZCLEVBQUUsQ0FBQyxDQUFDO1lBQ3BRLENBQUM7UUFDSCxDQUFDO1FBQ0QsSUFBSSxTQUFTLENBQUMscUJBQXFCLEVBQUUsQ0FBQztZQUNwQyxNQUFNLEdBQUcsR0FBRyxNQUFNLFNBQVMsQ0FBQyxtQkFBbUIsQ0FBQyxLQUFLLENBQUMsVUFBVSxFQUFFLEdBQUcsQ0FBQyxDQUFDO1lBQ3ZFLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsWUFBRSxDQUFDLG9CQUFvQixDQUFDLEdBQUcsQ0FBQyxlQUFlLEdBQUcsd0RBQXdELENBQUMsQ0FBQyxDQUFDO1FBQ3RJLENBQUM7UUFDRCxPQUFPLFNBQVMsQ0FBQztJQUNuQixDQUFDO0lBRUQ7Ozs7Ozs7Ozs7T0FVRztJQUNJLEtBQUssQ0FBQyw4QkFBOEIsQ0FBQyxLQUF3QztRQUNsRixJQUFJLENBQUMsS0FBSyxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQ3ZCLE1BQU0sSUFBSSxrQkFBWSxDQUFDLGFBQWEsS0FBSyxDQUFDLFdBQVcsK0JBQStCLENBQUMsQ0FBQztRQUN4RixDQUFDO1FBRUQsSUFBSSxDQUFDO1lBQ0gsT0FBTyxNQUFNLElBQUksQ0FBQyxvQkFBb0IsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUNoRCxDQUFDO1FBQUMsT0FBTyxDQUFNLEVBQUUsQ0FBQztZQUNoQixNQUFNLElBQUksQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDLFlBQUUsQ0FBQyxvQkFBb0IsQ0FBQyxHQUFHLENBQUMsR0FBRyxJQUFBLHlCQUFrQixFQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDO1FBQ3RGLENBQUM7UUFDRCxPQUFPLElBQUksQ0FBQyw2QkFBNkIsQ0FBQyxLQUFLLEVBQUUsV0FBSSxDQUFDLFVBQVUsQ0FBQyxDQUFDO0lBQ3BFLENBQUM7SUFFRDs7Ozs7Ozs7T0FRRztJQUNLLEtBQUssQ0FBQyw2QkFBNkIsQ0FBQyxLQUF3QyxFQUFFLElBQVU7UUFDOUYsSUFBSSxDQUFDLEtBQUssQ0FBQyxXQUFXLEVBQUUsQ0FBQztZQUN2QixNQUFNLElBQUksa0JBQVksQ0FBQyxhQUFhLEtBQUssQ0FBQyxXQUFXLCtCQUErQixDQUFDLENBQUM7UUFDeEYsQ0FBQztRQUVELE9BQU8sSUFBSSxDQUFDLFVBQVUsQ0FBQztZQUNyQixXQUFXLEVBQUUsS0FBSyxDQUFDLFdBQVc7WUFDOUIsSUFBSTtZQUNKLGFBQWEsRUFBRSxLQUFLLENBQUMsYUFBYTtZQUNsQyxvQkFBb0IsRUFBRSxLQUFLLENBQUMsb0JBQW9CO1lBQ2hELDJCQUEyQixFQUFFLEtBQUssQ0FBQywyQkFBMkI7U0FDL0QsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVEOztPQUVHO0lBQ0ssS0FBSyxDQUFDLFVBQVUsQ0FDdEIsT0FBOEI7UUFFOUIsTUFBTSxtQkFBbUIsR0FBRyxNQUFNLElBQUksQ0FBQyxXQUFXLENBQUMsa0JBQWtCLENBQUMsT0FBTyxDQUFDLFdBQVcsQ0FBQyxDQUFDO1FBRTNGLDZFQUE2RTtRQUM3RSxNQUFNLEVBQUUsYUFBYSxFQUFFLEdBQUcsTUFBTSxJQUFBLHFDQUFzQixFQUFDO1lBQ3JELGFBQWEsRUFBRSxPQUFPLENBQUMsYUFBYTtTQUNyQyxFQUFFLG1CQUFtQixFQUFFLElBQUksQ0FBQyxXQUFXLENBQUMsQ0FBQztRQUUxQyxNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyx1QkFBdUIsQ0FBQyxtQkFBbUIsRUFBRSxPQUFPLENBQUMsSUFBSSxFQUFFO1lBQ3JGLGFBQWE7WUFDYixvQkFBb0IsRUFBRSxPQUFPLENBQUMsb0JBQW9CO1lBQ2xELDJCQUEyQixFQUFFLE9BQU8sQ0FBQywyQkFBMkI7U0FDakUsQ0FBQyxDQUFDO1FBRUgsT0FBTztZQUNMLEdBQUcsRUFBRSxRQUFRLENBQUMsR0FBRztZQUNqQixtQkFBbUI7WUFDbkIsU0FBUyxFQUFFLElBQUksQ0FBQyxvQkFBb0IsQ0FBQyxHQUFHLENBQUMsbUJBQW1CLEVBQUUsUUFBUSxDQUFDLEdBQUcsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDO1lBQzFGLHNHQUFzRztZQUN0RywyQ0FBMkM7WUFDM0MscUJBQXFCLEVBQUUsQ0FBQyxRQUFRLENBQUMsYUFBYSxJQUFJLENBQUMsQ0FBQyxhQUFhO1lBQ2pFLGFBQWEsRUFBRSxRQUFRLENBQUMsYUFBYTtZQUNyQyxtQkFBbUIsRUFBRSxLQUFLLEVBQWdDLEdBQU0sRUFBRSxFQUFFO2dCQUNsRSxNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUEscUNBQXNCLEVBQUMsRUFBRSxHQUFHLEVBQUUsRUFBRSxtQkFBbUIsRUFBRSxJQUFJLENBQUMsV0FBVyxDQUFDLENBQUM7Z0JBQ3pGLE9BQU8sR0FBRyxDQUFDLEdBQUcsQ0FBQztZQUNqQixDQUFDO1NBQ0YsQ0FBQztJQUNKLENBQUM7SUFFTyxLQUFLLENBQUMsdUJBQXVCLENBQ25DLFdBQThCLEVBQzlCLElBQVUsRUFDVixPQUE0QjtRQUU1QixNQUFNLGdCQUFnQixHQUFHO1lBQ3ZCLFdBQVcsQ0FBQyxPQUFPO1lBQ25CLFdBQVcsQ0FBQyxNQUFNO1lBQ2xCLEdBQUcsSUFBSSxFQUFFO1lBQ1QsT0FBTyxFQUFFLGFBQWEsSUFBSSxFQUFFO1lBQzVCLE9BQU8sRUFBRSxvQkFBb0IsSUFBSSxFQUFFO1NBQ3BDLENBQUM7UUFFRixJQUFJLE9BQU8sRUFBRSwyQkFBMkIsRUFBRSxDQUFDO1lBQ3pDLGdCQUFnQixDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLE9BQU8sQ0FBQywyQkFBMkIsQ0FBQyxDQUFDLENBQUM7UUFDN0UsQ0FBQztRQUVELE1BQU0sUUFBUSxHQUFHLGdCQUFnQixDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUM1QyxNQUFNLFFBQVEsR0FBRyxJQUFJLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUM3QyxJQUFJLFFBQVEsRUFBRSxDQUFDO1lBQ2IsT0FBTyxRQUFRLENBQUM7UUFDbEIsQ0FBQztRQUNELE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLFdBQVcsQ0FBQyxjQUFjLENBQUMsV0FBVyxFQUFFLElBQUksRUFBRSxPQUFPLENBQUMsQ0FBQztRQUM5RSxJQUFJLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxRQUFRLEVBQUUsR0FBRyxDQUFDLENBQUM7UUFDakMsT0FBTyxHQUFHLENBQUM7SUFDYixDQUFDO0NBQ0Y7QUE3TUQsOENBNk1DIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHR5cGUgKiBhcyBjeGFwaSBmcm9tICdAYXdzLWNkay9jeC1hcGknO1xuaW1wb3J0IHR5cGUgeyBTREsgfSBmcm9tICcuLi9hd3MtYXV0aCc7XG5pbXBvcnQgdHlwZSB7IEVudmlyb25tZW50UmVzb3VyY2VzIH0gZnJvbSAnLi9lbnZpcm9ubWVudC1yZXNvdXJjZXMnO1xuaW1wb3J0IHsgRW52aXJvbm1lbnRSZXNvdXJjZXNSZWdpc3RyeSB9IGZyb20gJy4vZW52aXJvbm1lbnQtcmVzb3VyY2VzJztcbmltcG9ydCB0eXBlIHsgU3RyaW5nV2l0aG91dFBsYWNlaG9sZGVycyB9IGZyb20gJy4vcGxhY2Vob2xkZXJzJztcbmltcG9ydCB7IHJlcGxhY2VFbnZQbGFjZWhvbGRlcnMgfSBmcm9tICcuL3BsYWNlaG9sZGVycyc7XG5pbXBvcnQgeyBUb29sa2l0RXJyb3IgfSBmcm9tICcuLi8uLi8uLi8uLi9AYXdzLWNkay90bXAtdG9vbGtpdC1oZWxwZXJzL3NyYy9hcGknO1xuaW1wb3J0IHsgSU8sIHR5cGUgSW9IZWxwZXIgfSBmcm9tICcuLi8uLi8uLi8uLi9AYXdzLWNkay90bXAtdG9vbGtpdC1oZWxwZXJzL3NyYy9hcGkvaW8vcHJpdmF0ZSc7XG5pbXBvcnQgeyBmb3JtYXRFcnJvck1lc3NhZ2UgfSBmcm9tICcuLi8uLi91dGlsJztcbmltcG9ydCB0eXBlIHsgQ3JlZGVudGlhbHNPcHRpb25zLCBTZGtGb3JFbnZpcm9ubWVudCwgU2RrUHJvdmlkZXIgfSBmcm9tICcuLi9hd3MtYXV0aC9zZGstcHJvdmlkZXInO1xuaW1wb3J0IHsgTW9kZSB9IGZyb20gJy4uL3BsdWdpbi9tb2RlJztcblxuLyoqXG4gKiBBY2Nlc3MgcGFydGljdWxhciBBV1MgcmVzb3VyY2VzLCBiYXNlZCBvbiBpbmZvcm1hdGlvbiBmcm9tIHRoZSBDWCBtYW5pZmVzdFxuICpcbiAqIEl0IGlzIG5vdCBwb3NzaWJsZSB0byBncmFiIGRpcmVjdCBhY2Nlc3MgdG8gQVdTIGNyZWRlbnRpYWxzOyA5IHRpbWVzIG91dCBvZiAxMFxuICogd2UgaGF2ZSB0byBhbGxvdyBmb3Igcm9sZSBhc3N1bXB0aW9uLCBhbmQgcm9sZSBhc3N1bXB0aW9uIGNhbiBvbmx5IHdvcmsgaWZcbiAqIHRoZXJlIGlzIGEgQ1ggTWFuaWZlc3QgdGhhdCBjb250YWlucyBhIHJvbGUgQVJOLlxuICpcbiAqIFRoaXMgY2xhc3MgZXhpc3RzIHNvIG5ldyBjb2RlIGlzbid0IHRlbXB0ZWQgdG8gZ28gYW5kIGdldCBTREsgY3JlZGVudGlhbHMgZGlyZWN0bHkuXG4gKi9cbmV4cG9ydCBjbGFzcyBFbnZpcm9ubWVudEFjY2VzcyB7XG4gIHByaXZhdGUgcmVhZG9ubHkgc2RrQ2FjaGUgPSBuZXcgTWFwPHN0cmluZywgU2RrRm9yRW52aXJvbm1lbnQ+KCk7XG4gIHByaXZhdGUgcmVhZG9ubHkgZW52aXJvbm1lbnRSZXNvdXJjZXM6IEVudmlyb25tZW50UmVzb3VyY2VzUmVnaXN0cnk7XG4gIHByaXZhdGUgcmVhZG9ubHkgaW9IZWxwZXI6IElvSGVscGVyO1xuXG4gIGNvbnN0cnVjdG9yKHByaXZhdGUgcmVhZG9ubHkgc2RrUHJvdmlkZXI6IFNka1Byb3ZpZGVyLCB0b29sa2l0U3RhY2tOYW1lOiBzdHJpbmcsIGlvSGVscGVyOiBJb0hlbHBlcikge1xuICAgIHRoaXMuZW52aXJvbm1lbnRSZXNvdXJjZXMgPSBuZXcgRW52aXJvbm1lbnRSZXNvdXJjZXNSZWdpc3RyeSh0b29sa2l0U3RhY2tOYW1lKTtcbiAgICB0aGlzLmlvSGVscGVyID0gaW9IZWxwZXI7XG4gIH1cblxuICAvKipcbiAgICogUmVzb2x2ZXMgdGhlIGVudmlyb25tZW50IGZvciBhIHN0YWNrLlxuICAgKi9cbiAgcHVibGljIGFzeW5jIHJlc29sdmVTdGFja0Vudmlyb25tZW50KHN0YWNrOiBjeGFwaS5DbG91ZEZvcm1hdGlvblN0YWNrQXJ0aWZhY3QpOiBQcm9taXNlPGN4YXBpLkVudmlyb25tZW50PiB7XG4gICAgcmV0dXJuIHRoaXMuc2RrUHJvdmlkZXIucmVzb2x2ZUVudmlyb25tZW50KHN0YWNrLmVudmlyb25tZW50KTtcbiAgfVxuXG4gIC8qKlxuICAgKiBHZXQgYW4gU0RLIHRvIGFjY2VzcyB0aGUgZ2l2ZW4gc3RhY2sncyBlbnZpcm9ubWVudCBmb3Igc3RhY2sgb3BlcmF0aW9uc1xuICAgKlxuICAgKiBXaWxsIGFzayBwbHVnaW5zIGZvciByZWFkb25seSBjcmVkZW50aWFscyBpZiBhdmFpbGFibGUsIHVzZSB0aGUgZGVmYXVsdFxuICAgKiBBV1MgY3JlZGVudGlhbHMgaWYgbm90LlxuICAgKlxuICAgKiBXaWxsIGFzc3VtZSB0aGUgZGVwbG95IHJvbGUgaWYgY29uZmlndXJlZCBvbiB0aGUgc3RhY2suIENoZWNrIHRoZSBkZWZhdWx0IGBkZXBsb3ktcm9sZWBcbiAgICogcG9saWNpZXMgdG8gc2VlIHdoYXQgeW91IGNhbiBkbyB3aXRoIHRoaXMgcm9sZS5cbiAgICovXG4gIHB1YmxpYyBhc3luYyBhY2Nlc3NTdGFja0ZvclJlYWRPbmx5U3RhY2tPcGVyYXRpb25zKHN0YWNrOiBjeGFwaS5DbG91ZEZvcm1hdGlvblN0YWNrQXJ0aWZhY3QpOiBQcm9taXNlPFRhcmdldEVudmlyb25tZW50PiB7XG4gICAgcmV0dXJuIHRoaXMuYWNjZXNzU3RhY2tGb3JTdGFja09wZXJhdGlvbnMoc3RhY2ssIE1vZGUuRm9yUmVhZGluZyk7XG4gIH1cblxuICAvKipcbiAgICogR2V0IGFuIFNESyB0byBhY2Nlc3MgdGhlIGdpdmVuIHN0YWNrJ3MgZW52aXJvbm1lbnQgZm9yIHN0YWNrIG9wZXJhdGlvbnNcbiAgICpcbiAgICogV2lsbCBhc2sgcGx1Z2lucyBmb3IgbXV0YXRpbmcgY3JlZGVudGlhbHMgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIGRlZmF1bHQgQVdTXG4gICAqIGNyZWRlbnRpYWxzIGlmIG5vdC4gIFRoZSBgbW9kZWAgcGFyYW1ldGVyIGlzIG9ubHkgdXNlZCBmb3IgcXVlcnlpbmdcbiAgICogcGx1Z2lucy5cbiAgICpcbiAgICogV2lsbCBhc3N1bWUgdGhlIGRlcGxveSByb2xlIGlmIGNvbmZpZ3VyZWQgb24gdGhlIHN0YWNrLiBDaGVjayB0aGUgZGVmYXVsdCBgZGVwbG95LXJvbGVgXG4gICAqIHBvbGljaWVzIHRvIHNlZSB3aGF0IHlvdSBjYW4gZG8gd2l0aCB0aGlzIHJvbGUuXG4gICAqL1xuICBwdWJsaWMgYXN5bmMgYWNjZXNzU3RhY2tGb3JNdXRhYmxlU3RhY2tPcGVyYXRpb25zKHN0YWNrOiBjeGFwaS5DbG91ZEZvcm1hdGlvblN0YWNrQXJ0aWZhY3QpOiBQcm9taXNlPFRhcmdldEVudmlyb25tZW50PiB7XG4gICAgcmV0dXJuIHRoaXMuYWNjZXNzU3RhY2tGb3JTdGFja09wZXJhdGlvbnMoc3RhY2ssIE1vZGUuRm9yV3JpdGluZyk7XG4gIH1cblxuICAvKipcbiAgICogR2V0IGFuIFNESyB0byBhY2Nlc3MgdGhlIGdpdmVuIHN0YWNrJ3MgZW52aXJvbm1lbnQgZm9yIGVudmlyb25tZW50YWwgbG9va3Vwc1xuICAgKlxuICAgKiBXaWxsIHVzZSBhIHBsdWdpbiBpZiBhdmFpbGFibGUsIHVzZSB0aGUgZGVmYXVsdCBBV1MgY3JlZGVudGlhbHMgaWYgbm90LlxuICAgKiBUaGUgYG1vZGVgIHBhcmFtZXRlciBpcyBvbmx5IHVzZWQgZm9yIHF1ZXJ5aW5nIHBsdWdpbnMuXG4gICAqXG4gICAqIFdpbGwgYXNzdW1lIHRoZSBsb29rdXAgcm9sZSBpZiBjb25maWd1cmVkIG9uIHRoZSBzdGFjay4gQ2hlY2sgdGhlIGRlZmF1bHQgYGxvb2t1cC1yb2xlYFxuICAgKiBwb2xpY2llcyB0byBzZWUgd2hhdCB5b3UgY2FuIGRvIHdpdGggdGhpcyByb2xlLiBJdCBjYW4gZ2VuZXJhbGx5IHJlYWQgZXZlcnl0aGluZ1xuICAgKiBpbiB0aGUgYWNjb3VudCB0aGF0IGRvZXMgbm90IHJlcXVpcmUgS01TIGFjY2Vzcy5cbiAgICpcbiAgICogLS0tXG4gICAqXG4gICAqIEZvciBiYWNrd2FyZHMgY29tcGF0aWJpbGl0eSByZWFzb25zLCB0aGVyZSBhcmUgc29tZSBzY2VuYXJpb3MgdGhhdCBhcmUgaGFuZGxlZCBoZXJlOlxuICAgKlxuICAgKiAgMS4gVGhlIGxvb2t1cCByb2xlIG1heSBub3QgZXhpc3QgKGl0IHdhcyBhZGRlZCBpbiBib290c3RyYXAgc3RhY2sgdmVyc2lvbiA3KS4gSWYgc286XG4gICAqICAgICBhLiBSZXR1cm4gdGhlIGRlZmF1bHQgY3JlZGVudGlhbHMgaWYgdGhlIGRlZmF1bHQgY3JlZGVudGlhbHMgYXJlIGZvciB0aGUgc3RhY2sgYWNjb3VudFxuICAgKiAgICAgICAgKHlvdSB3aWxsIG5vdGljZSB0aGlzIGFzIGBpc0ZhbGxiYWNrQ3JlZGVudGlhbHM9dHJ1ZWApLlxuICAgKiAgICAgYi4gVGhyb3cgYW4gZXJyb3IgaWYgdGhlIGRlZmF1bHQgY3JlZGVudGlhbHMgYXJlIG5vdCBmb3IgdGhlIHN0YWNrIGFjY291bnQuXG4gICAqXG4gICAqICAyLiBUaGUgbG9va3VwIHJvbGUgbWF5IG5vdCBoYXZlIHRoZSBjb3JyZWN0IHBlcm1pc3Npb25zIChmb3IgZXhhbXBsZSwgUmVhZE9ubHlBY2Nlc3Mgd2FzIGFkZGVkIGluXG4gICAqICAgICBib290c3RyYXAgc3RhY2sgdmVyc2lvbiA4KTsgdGhlIHN0YWNrIHdpbGwgaGF2ZSBhIG1pbmltdW0gdmVyc2lvbiBudW1iZXIgb24gaXQuXG4gICAqICAgICBhLiBJZiBpdCBkb2VzIG5vdCB3ZSB0aHJvdyBhbiBlcnJvciB3aGljaCBzaG91bGQgYmUgaGFuZGxlZCBpbiB0aGUgY2FsbGluZ1xuICAgKiAgICAgICAgZnVuY3Rpb24gKGFuZCBmYWxsYmFjayB0byB1c2UgYSBkaWZmZXJlbnQgcm9sZSwgZXRjKVxuICAgKlxuICAgKiBVcG9uIHN1Y2Nlc3MsIGNhbGxlciB3aWxsIGhhdmUgYW4gU0RLIGZvciB0aGUgcmlnaHQgYWNjb3VudCwgd2hpY2ggbWF5IG9yIG1heSBub3QgaGF2ZVxuICAgKiB0aGUgcmlnaHQgcGVybWlzc2lvbnMuXG4gICAqL1xuICBwdWJsaWMgYXN5bmMgYWNjZXNzU3RhY2tGb3JMb29rdXAoc3RhY2s6IGN4YXBpLkNsb3VkRm9ybWF0aW9uU3RhY2tBcnRpZmFjdCk6IFByb21pc2U8VGFyZ2V0RW52aXJvbm1lbnQ+IHtcbiAgICBpZiAoIXN0YWNrLmVudmlyb25tZW50KSB7XG4gICAgICB0aHJvdyBuZXcgVG9vbGtpdEVycm9yKGBUaGUgc3RhY2sgJHtzdGFjay5kaXNwbGF5TmFtZX0gZG9lcyBub3QgaGF2ZSBhbiBlbnZpcm9ubWVudGApO1xuICAgIH1cblxuICAgIGNvbnN0IGxvb2t1cEVudiA9IGF3YWl0IHRoaXMucHJlcGFyZVNkayh7XG4gICAgICBlbnZpcm9ubWVudDogc3RhY2suZW52aXJvbm1lbnQsXG4gICAgICBtb2RlOiBNb2RlLkZvclJlYWRpbmcsXG4gICAgICBhc3N1bWVSb2xlQXJuOiBzdGFjay5sb29rdXBSb2xlPy5hcm4sXG4gICAgICBhc3N1bWVSb2xlRXh0ZXJuYWxJZDogc3RhY2subG9va3VwUm9sZT8uYXNzdW1lUm9sZUV4dGVybmFsSWQsXG4gICAgICBhc3N1bWVSb2xlQWRkaXRpb25hbE9wdGlvbnM6IHN0YWNrLmxvb2t1cFJvbGU/LmFzc3VtZVJvbGVBZGRpdGlvbmFsT3B0aW9ucyxcbiAgICB9KTtcblxuICAgIC8vIGlmIHdlIHN1Y2NlZWQgaW4gYXNzdW1pbmcgdGhlIGxvb2t1cCByb2xlLCBtYWtlIHN1cmUgd2UgaGF2ZSB0aGUgY29ycmVjdCBib290c3RyYXAgc3RhY2sgdmVyc2lvblxuICAgIGlmIChsb29rdXBFbnYuZGlkQXNzdW1lUm9sZSAmJiBzdGFjay5sb29rdXBSb2xlPy5ib290c3RyYXBTdGFja1ZlcnNpb25Tc21QYXJhbWV0ZXIgJiYgc3RhY2subG9va3VwUm9sZS5yZXF1aXJlc0Jvb3RzdHJhcFN0YWNrVmVyc2lvbikge1xuICAgICAgY29uc3QgdmVyc2lvbiA9IGF3YWl0IGxvb2t1cEVudi5yZXNvdXJjZXMudmVyc2lvbkZyb21Tc21QYXJhbWV0ZXIoc3RhY2subG9va3VwUm9sZS5ib290c3RyYXBTdGFja1ZlcnNpb25Tc21QYXJhbWV0ZXIpO1xuICAgICAgaWYgKHZlcnNpb24gPCBzdGFjay5sb29rdXBSb2xlLnJlcXVpcmVzQm9vdHN0cmFwU3RhY2tWZXJzaW9uKSB7XG4gICAgICAgIHRocm93IG5ldyBUb29sa2l0RXJyb3IoYEJvb3RzdHJhcCBzdGFjayB2ZXJzaW9uICcke3N0YWNrLmxvb2t1cFJvbGUucmVxdWlyZXNCb290c3RyYXBTdGFja1ZlcnNpb259JyBpcyByZXF1aXJlZCwgZm91bmQgdmVyc2lvbiAnJHt2ZXJzaW9ufScuIFRvIGdldCByaWQgb2YgdGhpcyBlcnJvciwgcGxlYXNlIHVwZ3JhZGUgdG8gYm9vdHN0cmFwIHZlcnNpb24gPj0gJHtzdGFjay5sb29rdXBSb2xlLnJlcXVpcmVzQm9vdHN0cmFwU3RhY2tWZXJzaW9ufWApO1xuICAgICAgfVxuICAgIH1cbiAgICBpZiAobG9va3VwRW52LmlzRmFsbGJhY2tDcmVkZW50aWFscykge1xuICAgICAgY29uc3QgYXJuID0gYXdhaXQgbG9va3VwRW52LnJlcGxhY2VQbGFjZWhvbGRlcnMoc3RhY2subG9va3VwUm9sZT8uYXJuKTtcbiAgICAgIGF3YWl0IHRoaXMuaW9IZWxwZXIubm90aWZ5KElPLkRFRkFVTFRfVE9PTEtJVF9XQVJOLm1zZyhgTG9va3VwIHJvbGUgJHthcm59IHdhcyBub3QgYXNzdW1lZC4gUHJvY2VlZGluZyB3aXRoIGRlZmF1bHQgY3JlZGVudGlhbHMuYCkpO1xuICAgIH1cbiAgICByZXR1cm4gbG9va3VwRW52O1xuICB9XG5cbiAgLyoqXG4gICAqIEdldCBhbiBTREsgdG8gYWNjZXNzIHRoZSBnaXZlbiBzdGFjaydzIGVudmlyb25tZW50IGZvciByZWFkaW5nIHN0YWNrIGF0dHJpYnV0ZXNcbiAgICpcbiAgICogV2lsbCB1c2UgYSBwbHVnaW4gaWYgYXZhaWxhYmxlLCB1c2UgdGhlIGRlZmF1bHQgQVdTIGNyZWRlbnRpYWxzIGlmIG5vdC5cbiAgICogVGhlIGBtb2RlYCBwYXJhbWV0ZXIgaXMgb25seSB1c2VkIGZvciBxdWVyeWluZyBwbHVnaW5zLlxuICAgKlxuICAgKiBXaWxsIHRyeSB0byBhc3N1bWUgdGhlIGxvb2t1cCByb2xlIGlmIGdpdmVuLCB3aWxsIHVzZSB0aGUgcmVndWxhciBzdGFjayBvcGVyYXRpb25zXG4gICAqIGFjY2VzcyAoZGVwbG95LXJvbGUpIG90aGVyd2lzZS4gV2hlbiBjYWxsaW5nIHRoaXMsIHlvdSBzaG91bGQgYXNzdW1lIHRoYXQgeW91IHdpbGwgZ2V0XG4gICAqIHRoZSBsZWFzdCBwcml2aWxlZ2VkIHJvbGUsIHNvIGRvbid0IHRyeSB0byB1c2UgaXQgZm9yIGFueXRoaW5nIHRoZSBgZGVwbG95LXJvbGVgXG4gICAqIHdvdWxkbid0IGJlIGFibGUgdG8gZG8uIEFsc28geW91IGNhbm5vdCByZWx5IG9uIGJlaW5nIGFibGUgdG8gcmVhZCBlbmNyeXB0ZWQgYW55dGhpbmcuXG4gICAqL1xuICBwdWJsaWMgYXN5bmMgYWNjZXNzU3RhY2tGb3JMb29rdXBCZXN0RWZmb3J0KHN0YWNrOiBjeGFwaS5DbG91ZEZvcm1hdGlvblN0YWNrQXJ0aWZhY3QpOiBQcm9taXNlPFRhcmdldEVudmlyb25tZW50PiB7XG4gICAgaWYgKCFzdGFjay5lbnZpcm9ubWVudCkge1xuICAgICAgdGhyb3cgbmV3IFRvb2xraXRFcnJvcihgVGhlIHN0YWNrICR7c3RhY2suZGlzcGxheU5hbWV9IGRvZXMgbm90IGhhdmUgYW4gZW52aXJvbm1lbnRgKTtcbiAgICB9XG5cbiAgICB0cnkge1xuICAgICAgcmV0dXJuIGF3YWl0IHRoaXMuYWNjZXNzU3RhY2tGb3JMb29rdXAoc3RhY2spO1xuICAgIH0gY2F0Y2ggKGU6IGFueSkge1xuICAgICAgYXdhaXQgdGhpcy5pb0hlbHBlci5ub3RpZnkoSU8uREVGQVVMVF9UT09MS0lUX1dBUk4ubXNnKGAke2Zvcm1hdEVycm9yTWVzc2FnZShlKX1gKSk7XG4gICAgfVxuICAgIHJldHVybiB0aGlzLmFjY2Vzc1N0YWNrRm9yU3RhY2tPcGVyYXRpb25zKHN0YWNrLCBNb2RlLkZvclJlYWRpbmcpO1xuICB9XG5cbiAgLyoqXG4gICAqIEdldCBhbiBTREsgdG8gYWNjZXNzIHRoZSBnaXZlbiBzdGFjaydzIGVudmlyb25tZW50IGZvciBzdGFjayBvcGVyYXRpb25zXG4gICAqXG4gICAqIFdpbGwgdXNlIGEgcGx1Z2luIGlmIGF2YWlsYWJsZSwgdXNlIHRoZSBkZWZhdWx0IEFXUyBjcmVkZW50aWFscyBpZiBub3QuXG4gICAqIFRoZSBgbW9kZWAgcGFyYW1ldGVyIGlzIG9ubHkgdXNlZCBmb3IgcXVlcnlpbmcgcGx1Z2lucy5cbiAgICpcbiAgICogV2lsbCBhc3N1bWUgdGhlIGRlcGxveSByb2xlIGlmIGNvbmZpZ3VyZWQgb24gdGhlIHN0YWNrLiBDaGVjayB0aGUgZGVmYXVsdCBgZGVwbG95LXJvbGVgXG4gICAqIHBvbGljaWVzIHRvIHNlZSB3aGF0IHlvdSBjYW4gZG8gd2l0aCB0aGlzIHJvbGUuXG4gICAqL1xuICBwcml2YXRlIGFzeW5jIGFjY2Vzc1N0YWNrRm9yU3RhY2tPcGVyYXRpb25zKHN0YWNrOiBjeGFwaS5DbG91ZEZvcm1hdGlvblN0YWNrQXJ0aWZhY3QsIG1vZGU6IE1vZGUpOiBQcm9taXNlPFRhcmdldEVudmlyb25tZW50PiB7XG4gICAgaWYgKCFzdGFjay5lbnZpcm9ubWVudCkge1xuICAgICAgdGhyb3cgbmV3IFRvb2xraXRFcnJvcihgVGhlIHN0YWNrICR7c3RhY2suZGlzcGxheU5hbWV9IGRvZXMgbm90IGhhdmUgYW4gZW52aXJvbm1lbnRgKTtcbiAgICB9XG5cbiAgICByZXR1cm4gdGhpcy5wcmVwYXJlU2RrKHtcbiAgICAgIGVudmlyb25tZW50OiBzdGFjay5lbnZpcm9ubWVudCxcbiAgICAgIG1vZGUsXG4gICAgICBhc3N1bWVSb2xlQXJuOiBzdGFjay5hc3N1bWVSb2xlQXJuLFxuICAgICAgYXNzdW1lUm9sZUV4dGVybmFsSWQ6IHN0YWNrLmFzc3VtZVJvbGVFeHRlcm5hbElkLFxuICAgICAgYXNzdW1lUm9sZUFkZGl0aW9uYWxPcHRpb25zOiBzdGFjay5hc3N1bWVSb2xlQWRkaXRpb25hbE9wdGlvbnMsXG4gICAgfSk7XG4gIH1cblxuICAvKipcbiAgICogUHJlcGFyZSBhbiBTREsgZm9yIHVzZSBpbiB0aGUgZ2l2ZW4gZW52aXJvbm1lbnQgYW5kIG9wdGlvbmFsbHkgd2l0aCBhIHJvbGUgYXNzdW1lZC5cbiAgICovXG4gIHByaXZhdGUgYXN5bmMgcHJlcGFyZVNkayhcbiAgICBvcHRpb25zOiBQcmVwYXJlU2RrUm9sZU9wdGlvbnMsXG4gICk6IFByb21pc2U8VGFyZ2V0RW52aXJvbm1lbnQ+IHtcbiAgICBjb25zdCByZXNvbHZlZEVudmlyb25tZW50ID0gYXdhaXQgdGhpcy5zZGtQcm92aWRlci5yZXNvbHZlRW52aXJvbm1lbnQob3B0aW9ucy5lbnZpcm9ubWVudCk7XG5cbiAgICAvLyBTdWJzdGl0dXRlIGFueSBwbGFjZWhvbGRlcnMgd2l0aCBpbmZvcm1hdGlvbiBhYm91dCB0aGUgY3VycmVudCBlbnZpcm9ubWVudFxuICAgIGNvbnN0IHsgYXNzdW1lUm9sZUFybiB9ID0gYXdhaXQgcmVwbGFjZUVudlBsYWNlaG9sZGVycyh7XG4gICAgICBhc3N1bWVSb2xlQXJuOiBvcHRpb25zLmFzc3VtZVJvbGVBcm4sXG4gICAgfSwgcmVzb2x2ZWRFbnZpcm9ubWVudCwgdGhpcy5zZGtQcm92aWRlcik7XG5cbiAgICBjb25zdCBzdGFja1NkayA9IGF3YWl0IHRoaXMuY2FjaGVkU2RrRm9yRW52aXJvbm1lbnQocmVzb2x2ZWRFbnZpcm9ubWVudCwgb3B0aW9ucy5tb2RlLCB7XG4gICAgICBhc3N1bWVSb2xlQXJuLFxuICAgICAgYXNzdW1lUm9sZUV4dGVybmFsSWQ6IG9wdGlvbnMuYXNzdW1lUm9sZUV4dGVybmFsSWQsXG4gICAgICBhc3N1bWVSb2xlQWRkaXRpb25hbE9wdGlvbnM6IG9wdGlvbnMuYXNzdW1lUm9sZUFkZGl0aW9uYWxPcHRpb25zLFxuICAgIH0pO1xuXG4gICAgcmV0dXJuIHtcbiAgICAgIHNkazogc3RhY2tTZGsuc2RrLFxuICAgICAgcmVzb2x2ZWRFbnZpcm9ubWVudCxcbiAgICAgIHJlc291cmNlczogdGhpcy5lbnZpcm9ubWVudFJlc291cmNlcy5mb3IocmVzb2x2ZWRFbnZpcm9ubWVudCwgc3RhY2tTZGsuc2RrLCB0aGlzLmlvSGVscGVyKSxcbiAgICAgIC8vIElmIHdlIGFza2VkIGZvciBhIHJvbGUsIGRpZCBub3Qgc3VjY2Vzc2Z1bGx5IGFzc3VtZSBpdCwgYW5kIHlldCBnb3QgaGVyZSB3aXRob3V0IGFuIGV4Y2VwdGlvbjogdGhhdFxuICAgICAgLy8gbWVhbnMgd2UgbXVzdCBoYXZlIGZhbGxiYWNrIGNyZWRlbnRpYWxzLlxuICAgICAgaXNGYWxsYmFja0NyZWRlbnRpYWxzOiAhc3RhY2tTZGsuZGlkQXNzdW1lUm9sZSAmJiAhIWFzc3VtZVJvbGVBcm4sXG4gICAgICBkaWRBc3N1bWVSb2xlOiBzdGFja1Nkay5kaWRBc3N1bWVSb2xlLFxuICAgICAgcmVwbGFjZVBsYWNlaG9sZGVyczogYXN5bmMgPEEgZXh0ZW5kcyBzdHJpbmcgfCB1bmRlZmluZWQ+KHN0cjogQSkgPT4ge1xuICAgICAgICBjb25zdCByZXQgPSBhd2FpdCByZXBsYWNlRW52UGxhY2Vob2xkZXJzKHsgc3RyIH0sIHJlc29sdmVkRW52aXJvbm1lbnQsIHRoaXMuc2RrUHJvdmlkZXIpO1xuICAgICAgICByZXR1cm4gcmV0LnN0cjtcbiAgICAgIH0sXG4gICAgfTtcbiAgfVxuXG4gIHByaXZhdGUgYXN5bmMgY2FjaGVkU2RrRm9yRW52aXJvbm1lbnQoXG4gICAgZW52aXJvbm1lbnQ6IGN4YXBpLkVudmlyb25tZW50LFxuICAgIG1vZGU6IE1vZGUsXG4gICAgb3B0aW9ucz86IENyZWRlbnRpYWxzT3B0aW9ucyxcbiAgKSB7XG4gICAgY29uc3QgY2FjaGVLZXlFbGVtZW50cyA9IFtcbiAgICAgIGVudmlyb25tZW50LmFjY291bnQsXG4gICAgICBlbnZpcm9ubWVudC5yZWdpb24sXG4gICAgICBgJHttb2RlfWAsXG4gICAgICBvcHRpb25zPy5hc3N1bWVSb2xlQXJuID8/ICcnLFxuICAgICAgb3B0aW9ucz8uYXNzdW1lUm9sZUV4dGVybmFsSWQgPz8gJycsXG4gICAgXTtcblxuICAgIGlmIChvcHRpb25zPy5hc3N1bWVSb2xlQWRkaXRpb25hbE9wdGlvbnMpIHtcbiAgICAgIGNhY2hlS2V5RWxlbWVudHMucHVzaChKU09OLnN0cmluZ2lmeShvcHRpb25zLmFzc3VtZVJvbGVBZGRpdGlvbmFsT3B0aW9ucykpO1xuICAgIH1cblxuICAgIGNvbnN0IGNhY2hlS2V5ID0gY2FjaGVLZXlFbGVtZW50cy5qb2luKCc6Jyk7XG4gICAgY29uc3QgZXhpc3RpbmcgPSB0aGlzLnNka0NhY2hlLmdldChjYWNoZUtleSk7XG4gICAgaWYgKGV4aXN0aW5nKSB7XG4gICAgICByZXR1cm4gZXhpc3Rpbmc7XG4gICAgfVxuICAgIGNvbnN0IHJldCA9IGF3YWl0IHRoaXMuc2RrUHJvdmlkZXIuZm9yRW52aXJvbm1lbnQoZW52aXJvbm1lbnQsIG1vZGUsIG9wdGlvbnMpO1xuICAgIHRoaXMuc2RrQ2FjaGUuc2V0KGNhY2hlS2V5LCByZXQpO1xuICAgIHJldHVybiByZXQ7XG4gIH1cbn1cblxuLyoqXG4gKiBTREsgb2J0YWluZWQgYnkgYXNzdW1pbmcgdGhlIGRlcGxveSByb2xlXG4gKiBmb3IgYSBnaXZlbiBlbnZpcm9ubWVudFxuICovXG5leHBvcnQgaW50ZXJmYWNlIFRhcmdldEVudmlyb25tZW50IHtcbiAgLyoqXG4gICAqIFRoZSBTREsgZm9yIHRoZSBnaXZlbiBlbnZpcm9ubWVudFxuICAgKi9cbiAgcmVhZG9ubHkgc2RrOiBTREs7XG5cbiAgLyoqXG4gICAqIFRoZSByZXNvbHZlZCBlbnZpcm9ubWVudCBmb3IgdGhlIHN0YWNrXG4gICAqIChubyBtb3JlICd1bmtub3duLWFjY291bnQvdW5rbm93bi1yZWdpb24nKVxuICAgKi9cbiAgcmVhZG9ubHkgcmVzb2x2ZWRFbnZpcm9ubWVudDogY3hhcGkuRW52aXJvbm1lbnQ7XG5cbiAgLyoqXG4gICAqIEFjY2VzcyBjbGFzcyBmb3IgZW52aXJvbm1lbnRhbCByZXNvdXJjZXMgdG8gaGVscCB0aGUgZGVwbG95bWVudFxuICAgKi9cbiAgcmVhZG9ubHkgcmVzb3VyY2VzOiBFbnZpcm9ubWVudFJlc291cmNlcztcblxuICAvKipcbiAgICogV2hldGhlciBvciBub3Qgd2UgYXNzdW1lZCBhIHJvbGUgaW4gdGhlIHByb2Nlc3Mgb2YgZ2V0dGluZyB0aGVzZSBjcmVkZW50aWFsc1xuICAgKi9cbiAgcmVhZG9ubHkgZGlkQXNzdW1lUm9sZTogYm9vbGVhbjtcblxuICAvKipcbiAgICogV2hldGhlciBvciBub3QgdGhlc2UgYXJlIGZhbGxiYWNrIGNyZWRlbnRpYWxzXG4gICAqXG4gICAqIEZhbGxiYWNrIGNyZWRlbnRpYWxzIG1lYW5zIHRoYXQgYXNzdW1pbmcgdGhlIGludGVuZGVkIHJvbGUgZmFpbGVkLCBidXQgdGhlXG4gICAqIGJhc2UgY3JlZGVudGlhbHMgaGFwcGVuIHRvIGJlIGZvciB0aGUgcmlnaHQgYWNjb3VudCBzbyB3ZSBqdXN0IHBpY2tlZCB0aG9zZVxuICAgKiBhbmQgaG9wZSB0aGUgZnV0dXJlIFNESyBjYWxscyBzdWNjZWVkLlxuICAgKlxuICAgKiBUaGlzIGlzIGEgYmFja3dhcmRzIGNvbXBhdGliaWxpdHkgbWVjaGFuaXNtIGZyb20gYXJvdW5kIHRoZSB0aW1lIHdlIGludHJvZHVjZWRcbiAgICogZGVwbG95bWVudCByb2xlcy5cbiAgICovXG4gIHJlYWRvbmx5IGlzRmFsbGJhY2tDcmVkZW50aWFsczogYm9vbGVhbjtcblxuICAvKipcbiAgICogUmVwbGFjZSBlbnZpcm9ubWVudCBwbGFjZWhvbGRlcnMgYWNjb3JkaW5nIHRvIHRoZSBjdXJyZW50IGVudmlyb25tZW50XG4gICAqL1xuICByZXBsYWNlUGxhY2Vob2xkZXJzKHg6IHN0cmluZyB8IHVuZGVmaW5lZCk6IFByb21pc2U8U3RyaW5nV2l0aG91dFBsYWNlaG9sZGVycyB8IHVuZGVmaW5lZD47XG59XG5cbmludGVyZmFjZSBQcmVwYXJlU2RrUm9sZU9wdGlvbnMge1xuICByZWFkb25seSBlbnZpcm9ubWVudDogY3hhcGkuRW52aXJvbm1lbnQ7XG4gIHJlYWRvbmx5IG1vZGU6IE1vZGU7XG4gIHJlYWRvbmx5IGFzc3VtZVJvbGVBcm4/OiBzdHJpbmc7XG4gIHJlYWRvbmx5IGFzc3VtZVJvbGVFeHRlcm5hbElkPzogc3RyaW5nO1xuICByZWFkb25seSBhc3N1bWVSb2xlQWRkaXRpb25hbE9wdGlvbnM/OiB7IFtrZXk6IHN0cmluZ106IGFueSB9O1xufVxuIl19

package/lib/api/environment/environment-resources.d.ts

@@ -1,75 +0,0 @@
-import type { Environment } from '@aws-cdk/cx-api';
-import { type IoHelper } from '../../../../@aws-cdk/tmp-toolkit-helpers/src/api/io/private';
-import type { SDK } from '../aws-auth';
-import { type EcrRepositoryInfo, ToolkitInfo } from '../toolkit-info';
-/**
- * Registry class for `EnvironmentResources`.
- *
- * The state management of this class is a bit non-standard. We want to cache
- * data related to toolkit stacks and SSM parameters, but we are not in charge
- * of ensuring caching of SDKs. Since `EnvironmentResources` needs an SDK to
- * function, we treat it as an ephemeral class, and store the actual cached data
- * in `EnvironmentResourcesRegistry`.
- */
-export declare class EnvironmentResourcesRegistry {
-    private readonly toolkitStackName?;
-    private readonly cache;
-    constructor(toolkitStackName?: string | undefined);
-    for(resolvedEnvironment: Environment, sdk: SDK, ioHelper: IoHelper): EnvironmentResources;
-}
-/**
- * Interface with the account and region we're deploying into
- *
- * Manages lookups for bootstrapped resources, falling back to the legacy "CDK Toolkit"
- * original bootstrap stack if necessary.
- *
- * The state management of this class is a bit non-standard. We want to cache
- * data related to toolkit stacks and SSM parameters, but we are not in charge
- * of ensuring caching of SDKs. Since `EnvironmentResources` needs an SDK to
- * function, we treat it as an ephemeral class, and store the actual cached data
- * in `EnvironmentResourcesRegistry`.
- */
-export declare class EnvironmentResources {
-    readonly environment: Environment;
-    private readonly sdk;
-    private readonly ioHelper;
-    private readonly cache;
-    private readonly toolkitStackName?;
-    constructor(environment: Environment, sdk: SDK, ioHelper: IoHelper, cache: EnvironmentCache, toolkitStackName?: string | undefined);
-    /**
-     * Look up the toolkit for a given environment, using a given SDK
-     */
-    lookupToolkit(): Promise<ToolkitInfo>;
-    /**
-     * Validate that the bootstrap stack version matches or exceeds the expected version
-     *
-     * Use the SSM parameter name to read the version number if given, otherwise use the version
-     * discovered on the bootstrap stack.
-     *
-     * Pass in the SSM parameter name so we can cache the lookups an don't need to do the same
-     * lookup again and again for every artifact.
-     */
-    validateVersion(expectedVersion: number | undefined, ssmParameterName: string | undefined): Promise<void>;
-    /**
-     * Read a version from an SSM parameter, cached
-     */
-    versionFromSsmParameter(parameterName: string): Promise<number>;
-    prepareEcrRepository(repositoryName: string): Promise<EcrRepositoryInfo>;
-}
-export declare class NoBootstrapStackEnvironmentResources extends EnvironmentResources {
-    constructor(environment: Environment, sdk: SDK, ioHelper: IoHelper);
-    /**
-     * Look up the toolkit for a given environment, using a given SDK
-     */
-    lookupToolkit(): Promise<ToolkitInfo>;
-}
-/**
- * Data that is cached on a per-environment level
- *
- * This cache may be shared between different instances of the `EnvironmentResources` class.
- */
-interface EnvironmentCache {
-    readonly ssmParameters: Map<string, number>;
-    toolkitInfo?: ToolkitInfo;
-}
-export {};