terraconstructs 0.0.8

package/lib/aws/iam/index.js

@@ -0,0 +1,34 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./grant"), exports);
+__exportStar(require("./identity-base"), exports);
+__exportStar(require("./managed-policy"), exports);
+__exportStar(require("./oidc-provider"), exports);
+__exportStar(require("./policy-document-config.generated"), exports);
+__exportStar(require("./policy-document"), exports);
+__exportStar(require("./policy-statement-props.generated"), exports);
+__exportStar(require("./policy-statement"), exports);
+__exportStar(require("./policy"), exports);
+__exportStar(require("./principals"), exports);
+__exportStar(require("./role"), exports);
+__exportStar(require("./saml-provider"), exports);
+__exportStar(require("./unknown-principal"), exports);
+__exportStar(require("./utils"), exports);
+// auto generated by struct-builder
+__exportStar(require("./policy-statement-props.generated"), exports);
+__exportStar(require("./policy-document-config.generated"), exports);
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvYXdzL2lhbS9pbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsMENBQXdCO0FBQ3hCLGtEQUFnQztBQUNoQyxtREFBaUM7QUFDakMsa0RBQWdDO0FBQ2hDLHFFQUFtRDtBQUNuRCxvREFBa0M7QUFDbEMscUVBQW1EO0FBQ25ELHFEQUFtQztBQUNuQywyQ0FBeUI7QUFDekIsK0NBQTZCO0FBQzdCLHlDQUF1QjtBQUN2QixrREFBZ0M7QUFDaEMsc0RBQW9DO0FBQ3BDLDBDQUF3QjtBQUV4QixtQ0FBbUM7QUFDbkMscUVBQW1EO0FBQ25ELHFFQUFtRCIsInNvdXJjZXNDb250ZW50IjpbImV4cG9ydCAqIGZyb20gXCIuL2dyYW50XCI7XG5leHBvcnQgKiBmcm9tIFwiLi9pZGVudGl0eS1iYXNlXCI7XG5leHBvcnQgKiBmcm9tIFwiLi9tYW5hZ2VkLXBvbGljeVwiO1xuZXhwb3J0ICogZnJvbSBcIi4vb2lkYy1wcm92aWRlclwiO1xuZXhwb3J0ICogZnJvbSBcIi4vcG9saWN5LWRvY3VtZW50LWNvbmZpZy5nZW5lcmF0ZWRcIjtcbmV4cG9ydCAqIGZyb20gXCIuL3BvbGljeS1kb2N1bWVudFwiO1xuZXhwb3J0ICogZnJvbSBcIi4vcG9saWN5LXN0YXRlbWVudC1wcm9wcy5nZW5lcmF0ZWRcIjtcbmV4cG9ydCAqIGZyb20gXCIuL3BvbGljeS1zdGF0ZW1lbnRcIjtcbmV4cG9ydCAqIGZyb20gXCIuL3BvbGljeVwiO1xuZXhwb3J0ICogZnJvbSBcIi4vcHJpbmNpcGFsc1wiO1xuZXhwb3J0ICogZnJvbSBcIi4vcm9sZVwiO1xuZXhwb3J0ICogZnJvbSBcIi4vc2FtbC1wcm92aWRlclwiO1xuZXhwb3J0ICogZnJvbSBcIi4vdW5rbm93bi1wcmluY2lwYWxcIjtcbmV4cG9ydCAqIGZyb20gXCIuL3V0aWxzXCI7XG5cbi8vIGF1dG8gZ2VuZXJhdGVkIGJ5IHN0cnVjdC1idWlsZGVyXG5leHBvcnQgKiBmcm9tIFwiLi9wb2xpY3ktc3RhdGVtZW50LXByb3BzLmdlbmVyYXRlZFwiO1xuZXhwb3J0ICogZnJvbSBcIi4vcG9saWN5LWRvY3VtZW50LWNvbmZpZy5nZW5lcmF0ZWRcIjtcbiJdfQ==

package/lib/aws/iam/managed-policy.d.ts

@@ -0,0 +1,227 @@
+import { iamPolicy, dataAwsIamPolicy } from "@cdktf/provider-aws";
+import { Construct } from "constructs";
+import { PolicyDocument } from "./policy-document";
+import { PolicyStatement } from "./policy-statement";
+import { IGrantable, IPrincipal } from "./principals";
+import { IRole } from "./role";
+import { IAwsConstruct, AwsConstructBase, AwsConstructProps } from "../aws-construct";
+/**
+ * Outputs which may be registered for output via the Grid.
+ */
+export interface ManagedPolicyOutputs {
+    readonly arn: string;
+}
+/**
+ * A managed policy
+ */
+export interface IManagedPolicy extends IAwsConstruct {
+    /**
+     * Strongly typed managed policy outputs
+     *
+     * @attribute
+     */
+    readonly managedPolicyOutputs: ManagedPolicyOutputs;
+    /**
+     * The ARN of the managed policy
+     * @attribute
+     */
+    readonly managedPolicyArn: string;
+    /**
+     * Attaches this policy to a role.
+     *
+     * NOTE: Using this method will conflict with a role that has
+     * exclusive management of the role's policy attachments.
+     *
+     * If you attempt to manage a role's policies by multiple means,
+     * you will get resource cycling and/or errors.
+     */
+    attachToRole(role: IRole): void;
+}
+/**
+ * Properties for defining an IAM managed policy
+ */
+export interface ManagedPolicyProps extends AwsConstructProps {
+    /**
+     * The name of the managed policy. If you specify multiple policies for an entity,
+     * specify unique names. For example, if you specify a list of policies for
+     * an IAM role, each policy must have a unique name.
+     *
+     * Forces new resource
+     *
+     * @default - If omitted, Refer to `managedPolicyNamePrefix`.
+     */
+    readonly managedPolicyName?: string;
+    /**
+     * Creates a unique name beginning with the specified prefix.
+     * Conflicts with `managedPolicyName`.
+     *
+     * The name of the managed policy. If you specify multiple policies for an entity,
+     * specify unique names. For example, if you specify a list of policies for
+     * an IAM role, each policy must have a unique name.
+     *
+     * Forces new resource
+     *
+     * @default - If omitted, ET will assign a random, unique name prefixed by GridUUID.
+     */
+    readonly managedPolicyNamePrefix?: string;
+    /**
+     * A description of the managed policy. Typically used to store information about the
+     * permissions defined in the policy. For example, "Grants access to production DynamoDB tables."
+     * The policy description is immutable. After a value is assigned, it cannot be changed.
+     *
+     * Forces new resource
+     *
+     * @default - Terraform will generate a description
+     */
+    readonly description?: string;
+    /**
+     * The path for the policy. This parameter allows (through its regex pattern) a string of characters
+     * consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes.
+     * In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F),
+     * including most punctuation characters, digits, and upper and lowercased letters.
+     *
+     * For more information about paths, see IAM Identifiers in the IAM User Guide.
+     *
+     * @default - "/"
+     */
+    readonly path?: string;
+    /**
+     * Roles to attach this policy to.
+     * You can also use `attachToRole(role)` to attach this policy to a role.
+     *
+     * @default - No roles.
+     */
+    readonly roles?: IRole[];
+    /**
+     * Initial set of permissions to add to this policy document.
+     * You can also use `addPermission(statement)` to add permissions later.
+     *
+     * @default - No statements.
+     */
+    readonly statements?: PolicyStatement[];
+    /**
+     * Initial PolicyDocument to use for this ManagedPolicy. If omited, any
+     * `PolicyStatement` provided in the `statements` property will be applied
+     * against the empty default `PolicyDocument`.
+     *
+     * @default - An empty policy.
+     */
+    readonly document?: PolicyDocument;
+}
+/**
+ * Attributes to reference ManagedPolicy for plan time failures and strict external dependencies.
+ */
+export interface ManagedPolicyAttributes extends dataAwsIamPolicy.DataAwsIamPolicyConfig {
+}
+/**
+ * Managed policy base
+ */
+declare abstract class ManagedPolicyBase extends AwsConstructBase implements IManagedPolicy {
+    /**
+     * Returns the ARN of this managed policy.
+     *
+     * @attribute
+     */
+    abstract get managedPolicyArn(): string;
+    get managedPolicyOutputs(): ManagedPolicyOutputs;
+    get outputs(): Record<string, any>;
+    private readonly roles;
+    constructor(scope: Construct, id: string, props?: ManagedPolicyProps);
+    attachToRole(role: IRole): void;
+    /**
+     * Adds resource to the terraform JSON output.
+     *
+     * called by TerraformStack.prepareStack()
+     */
+    toTerraform(): any;
+}
+/**
+ * Managed policy
+ */
+export declare class ManagedPolicy extends ManagedPolicyBase implements IManagedPolicy, IGrantable {
+    /**
+     * Import a customer managed policy from the managedPolicyName.
+     *
+     * For this managed policy, you only need to know the name to be able to use it.
+     *
+     */
+    static fromManagedPolicyName(scope: Construct, id: string, managedPolicyName: string): IManagedPolicy;
+    /**
+     * Import an external managed policy by ARN.
+     *
+     * For this managed policy, you only need to know the ARN to be able to use it.
+     * This can be useful if you got the ARN from the Grid.
+     *
+     * If the imported Managed Policy ARN is a Token (such as a
+     * `dataAwsSsmParameter.value` *and* the referenced
+     * managed policy has a `path` (like `arn:...:policy/AdminPolicy/AdminAllow`), the
+     * `managedPolicyName` property will not resolve to the correct value. Instead it
+     * will resolve to the first path component.
+     * In this scenario the Managed Policy ARN should be supplied without the
+     * `path` in order to resolve the correct managed policy resource.
+     *
+     * @param scope construct scope
+     * @param id construct id
+     * @param managedPolicyArn the ARN of the managed policy to import
+     */
+    static fromManagedPolicyArn(scope: Construct, id: string, // TODO: remove this, use managedPolicyArn as id?
+    managedPolicyArn: string): IManagedPolicy;
+    /**
+     * Import a managed policy from one of the policies that AWS manages.
+     *
+     * For this managed policy, you only need to know the name and scope
+     * to be able to use it.
+     *
+     * Some managed policy names start with "service-role/", some start with
+     * "job-function/", and some don't start with anything. Include the
+     * prefix when constructing this object.
+     */
+    static fromAwsManagedPolicyName(scope: Construct, id: string, //TODO: use managedPolicyName as id instead?
+    managedPolicyName: string): IManagedPolicy;
+    /**
+     * Reference a ManagedPolicy for plan time failures and external dependencies.
+     */
+    static fromPolicyAttributes(parentScope: Construct, parentId: string, attr: ManagedPolicyAttributes): IManagedPolicy;
+    /**
+     * Returns the ARN of this managed policy.
+     *
+     * @attribute
+     */
+    get managedPolicyArn(): string;
+    /**
+     * The policy document.
+     */
+    readonly document: PolicyDocument;
+    /**
+     * The name of this policy.
+     *
+     * @attribute
+     */
+    get managedPolicyName(): string;
+    /**
+     * The description of this policy.
+     *
+     * @attribute
+     */
+    readonly description?: string;
+    /**
+     * The path of this policy.
+     *
+     * @attribute
+     */
+    readonly path: string;
+    readonly grantPrincipal: IPrincipal;
+    /**
+     * Direct access to the underlying Terraform resource.
+     *
+     * Use to define dependencies on this ManagedPolicy.
+     */
+    resource: iamPolicy.IamPolicy;
+    constructor(scope: Construct, id: string, props?: ManagedPolicyProps);
+    /**
+     * Adds a statement to the policy document.
+     */
+    addStatements(...statement: PolicyStatement[]): void;
+    private validateManagedPolicy;
+}
+export {};

package/lib/aws/iam/managed-policy.js

@@ -0,0 +1,237 @@
+"use strict";
+var _a;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ManagedPolicy = void 0;
+const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
+const provider_aws_1 = require("@cdktf/provider-aws");
+const policy_document_1 = require("./policy-document");
+const arn_1 = require("../arn");
+const aws_construct_1 = require("../aws-construct");
+const aws_stack_1 = require("../aws-stack");
+/**
+ * Managed policy base
+ */
+class ManagedPolicyBase extends aws_construct_1.AwsConstructBase {
+    get managedPolicyOutputs() {
+        return { arn: this.managedPolicyArn };
+    }
+    get outputs() {
+        return this.managedPolicyOutputs;
+    }
+    constructor(scope, id, props = {}) {
+        super(scope, id, props);
+        this.roles = new Array();
+    }
+    attachToRole(role) {
+        if (this.roles.find((r) => r.roleArn === role.roleArn)) {
+            return;
+        }
+        this.roles.push(role);
+    }
+    /**
+     * Adds resource to the terraform JSON output.
+     *
+     * called by TerraformStack.prepareStack()
+     */
+    toTerraform() {
+        // add iamRolePolicy resource for each referenced role
+        for (let i = 0; i < this.roles.length; i++) {
+            const id = `Roles${i}`;
+            // TODO: Ideally we should have used IResolvable.resolve and use the IResolveContext.preparing flag
+            // ref: https://github.com/aws/aws-cdk/blob/v2.170.0/packages/aws-cdk-lib/aws-iam/lib/policy-document.ts#L48
+            if (this.node.tryFindChild(id))
+                continue; // ignore if already generated
+            new provider_aws_1.iamRolePolicyAttachment.IamRolePolicyAttachment(this, id, {
+                policyArn: this.managedPolicyArn,
+                role: this.roles[i].roleName,
+            });
+        }
+        return {};
+    }
+}
+/**
+ * Managed policy
+ */
+class ManagedPolicy extends ManagedPolicyBase {
+    /**
+     * Import a customer managed policy from the managedPolicyName.
+     *
+     * For this managed policy, you only need to know the name to be able to use it.
+     *
+     */
+    static fromManagedPolicyName(scope, id, managedPolicyName) {
+        class Import extends ManagedPolicyBase {
+            constructor() {
+                super(...arguments);
+                this.managedPolicyArn = aws_stack_1.AwsStack.ofAwsConstruct(scope).formatArn({
+                    service: "iam",
+                    region: "", // no region for managed policy
+                    account: this.env.account,
+                    resource: "policy",
+                    resourceName: managedPolicyName,
+                });
+            }
+        }
+        return new Import(scope, id, {});
+    }
+    /**
+     * Import an external managed policy by ARN.
+     *
+     * For this managed policy, you only need to know the ARN to be able to use it.
+     * This can be useful if you got the ARN from the Grid.
+     *
+     * If the imported Managed Policy ARN is a Token (such as a
+     * `dataAwsSsmParameter.value` *and* the referenced
+     * managed policy has a `path` (like `arn:...:policy/AdminPolicy/AdminAllow`), the
+     * `managedPolicyName` property will not resolve to the correct value. Instead it
+     * will resolve to the first path component.
+     * In this scenario the Managed Policy ARN should be supplied without the
+     * `path` in order to resolve the correct managed policy resource.
+     *
+     * @param scope construct scope
+     * @param id construct id
+     * @param managedPolicyArn the ARN of the managed policy to import
+     */
+    static fromManagedPolicyArn(scope, id, // TODO: remove this, use managedPolicyArn as id?
+    managedPolicyArn) {
+        // TODO: Check scope if child already exist and return that?
+        class Import extends ManagedPolicyBase {
+            constructor() {
+                super(...arguments);
+                this.managedPolicyArn = managedPolicyArn;
+            }
+        }
+        return new Import(scope, id);
+    }
+    /**
+     * Import a managed policy from one of the policies that AWS manages.
+     *
+     * For this managed policy, you only need to know the name and scope
+     * to be able to use it.
+     *
+     * Some managed policy names start with "service-role/", some start with
+     * "job-function/", and some don't start with anything. Include the
+     * prefix when constructing this object.
+     */
+    static fromAwsManagedPolicyName(scope, id, //TODO: use managedPolicyName as id instead?
+    managedPolicyName) {
+        class AwsManagedPolicy extends ManagedPolicyBase {
+            constructor() {
+                super(...arguments);
+                this.managedPolicyArn = arn_1.Arn.format({
+                    partition: this.env.partition,
+                    service: "iam",
+                    region: "", // no region for managed policy
+                    account: "aws", // the account for a managed policy is 'aws'
+                    resource: "policy",
+                    resourceName: managedPolicyName,
+                });
+            }
+        }
+        return new AwsManagedPolicy(scope, id);
+    }
+    /**
+     * Reference a ManagedPolicy for plan time failures and external dependencies.
+     */
+    static fromPolicyAttributes(parentScope, parentId, attr) {
+        class Import extends ManagedPolicyBase {
+            constructor(scope, id) {
+                super(scope, id, attr);
+                this.resource = new provider_aws_1.dataAwsIamPolicy.DataAwsIamPolicy(this, "Resource", attr);
+                this.managedPolicyArn = this.resource.arn;
+            }
+        }
+        return new Import(parentScope, parentId);
+    }
+    /**
+     * Returns the ARN of this managed policy.
+     *
+     * @attribute
+     */
+    get managedPolicyArn() {
+        return this.resource.arn;
+    }
+    /**
+     * The name of this policy.
+     *
+     * @attribute
+     */
+    get managedPolicyName() {
+        return this.resource.name;
+    }
+    // TODO: Add support for pre-created policies?
+    // NOTE: in TerraConstruct pre-created policies are passed in through the Grid, so this seems not needed.
+    // private readonly _precreatedPolicy?: IManagedPolicy;
+    constructor(scope, id, props = {}) {
+        super(scope, id, props);
+        this.description = props.description;
+        this.path = props.path || "/";
+        this.document = props.document ?? new policy_document_1.PolicyDocument(this, "Policy");
+        if (props.managedPolicyName && props.managedPolicyNamePrefix) {
+            throw new Error("Cannot specify both 'managedPolicyName' and 'managedPolicyNamePrefix'. Use only one.");
+        }
+        const managedPolicyNamePrefix = this.stack.uniqueResourceNamePrefix(this, {
+            prefix: props.managedPolicyNamePrefix ?? this.gridUUID + "-",
+            allowedSpecialCharacters: "_+=,.@-",
+            maxLength: 128,
+        });
+        this.resource = new provider_aws_1.iamPolicy.IamPolicy(this, "Resource", {
+            ...props, // copy over Terraform Meta Arguments from ConstructProps
+            name: props.managedPolicyName,
+            namePrefix: !props.managedPolicyName
+                ? managedPolicyNamePrefix
+                : undefined,
+            description: this.description,
+            path: this.path,
+            policy: this.document.json,
+        });
+        if (props.roles) {
+            props.roles.forEach((r) => this.attachToRole(r));
+        }
+        if (props.statements) {
+            props.statements.forEach((p) => this.addStatements(p));
+        }
+        this.grantPrincipal = new ManagedPolicyGrantPrincipal(this);
+        this.node.addValidation({ validate: () => this.validateManagedPolicy() });
+    }
+    /**
+     * Adds a statement to the policy document.
+     */
+    addStatements(...statement) {
+        this.document.addStatements(...statement);
+    }
+    validateManagedPolicy() {
+        const result = new Array();
+        // validate that the policy document is not empty
+        if (this.document.isEmpty) {
+            result.push("Managed Policy is empty. You must add statements to the policy");
+        }
+        result.push(...this.document.validateForIdentityPolicy());
+        return result;
+    }
+}
+exports.ManagedPolicy = ManagedPolicy;
+_a = JSII_RTTI_SYMBOL_1;
+ManagedPolicy[_a] = { fqn: "terraconstructs.aws.iam.ManagedPolicy", version: "0.0.8" };
+class ManagedPolicyGrantPrincipal {
+    constructor(_managedPolicy) {
+        this._managedPolicy = _managedPolicy;
+        this.assumeRoleAction = "sts:AssumeRole";
+        this.grantPrincipal = this;
+        this.principalAccount = _managedPolicy.env.account;
+    }
+    get policyFragment() {
+        // This property is referenced to add policy statements as a resource-based policy.
+        // We should fail because a managed policy cannot be used as a principal of a policy document.
+        // cf. https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html#Principal_specifying
+        throw new Error(`Cannot use a ManagedPolicy '${this._managedPolicy.node.path}' as the 'Principal' or 'NotPrincipal' in an IAM Policy`);
+    }
+    addToPolicy(statement) {
+        return this.addToPrincipalPolicy(statement).statementAdded;
+    }
+    addToPrincipalPolicy(statement) {
+        this._managedPolicy.addStatements(statement);
+        return { statementAdded: true, policyDependable: this._managedPolicy };
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibWFuYWdlZC1wb2xpY3kuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvYXdzL2lhbS9tYW5hZ2VkLXBvbGljeS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7OztBQUFBLHNEQUk2QjtBQUU3Qix1REFBbUQ7QUFTbkQsZ0NBQTZCO0FBQzdCLG9EQUkwQjtBQUMxQiw0Q0FBd0M7QUEwSHhDOztHQUVHO0FBQ0gsTUFBZSxpQkFDYixTQUFRLGdDQUFnQjtJQVN4QixJQUFXLG9CQUFvQjtRQUM3QixPQUFPLEVBQUUsR0FBRyxFQUFFLElBQUksQ0FBQyxnQkFBZ0IsRUFBRSxDQUFDO0lBQ3hDLENBQUM7SUFDRCxJQUFXLE9BQU87UUFDaEIsT0FBTyxJQUFJLENBQUMsb0JBQW9CLENBQUM7SUFDbkMsQ0FBQztJQUVELFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsUUFBNEIsRUFBRTtRQUN0RSxLQUFLLENBQUMsS0FBSyxFQUFFLEVBQUUsRUFBRSxLQUFLLENBQUMsQ0FBQztRQUZULFVBQUssR0FBRyxJQUFJLEtBQUssRUFBUyxDQUFDO0lBRzVDLENBQUM7SUFDTSxZQUFZLENBQUMsSUFBVztRQUM3QixJQUFJLElBQUksQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsT0FBTyxLQUFLLElBQUksQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1lBQ3ZELE9BQU87UUFDVCxDQUFDO1FBQ0QsSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLENBQUM7SUFDeEIsQ0FBQztJQUNEOzs7O09BSUc7SUFDSSxXQUFXO1FBQ2hCLHNEQUFzRDtRQUN0RCxLQUFLLElBQUksQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxNQUFNLEVBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FBQztZQUMzQyxNQUFNLEVBQUUsR0FBRyxRQUFRLENBQUMsRUFBRSxDQUFDO1lBQ3ZCLG1HQUFtRztZQUNuRyw0R0FBNEc7WUFDNUcsSUFBSSxJQUFJLENBQUMsSUFBSSxDQUFDLFlBQVksQ0FBQyxFQUFFLENBQUM7Z0JBQUUsU0FBUyxDQUFDLDhCQUE4QjtZQUV4RSxJQUFJLHNDQUF1QixDQUFDLHVCQUF1QixDQUFDLElBQUksRUFBRSxFQUFFLEVBQUU7Z0JBQzVELFNBQVMsRUFBRSxJQUFJLENBQUMsZ0JBQWdCO2dCQUNoQyxJQUFJLEVBQUUsSUFBSSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQyxRQUFRO2FBQzdCLENBQUMsQ0FBQztRQUNMLENBQUM7UUFDRCxPQUFPLEVBQUUsQ0FBQztJQUNaLENBQUM7Q0FDRjtBQUVEOztHQUVHO0FBQ0gsTUFBYSxhQUNYLFNBQVEsaUJBQWlCO0lBR3pCOzs7OztPQUtHO0lBQ0ksTUFBTSxDQUFDLHFCQUFxQixDQUNqQyxLQUFnQixFQUNoQixFQUFVLEVBQ1YsaUJBQXlCO1FBRXpCLE1BQU0sTUFBTyxTQUFRLGlCQUFpQjtZQUF0Qzs7Z0JBQ2tCLHFCQUFnQixHQUFHLG9CQUFRLENBQUMsY0FBYyxDQUN4RCxLQUFLLENBQ04sQ0FBQyxTQUFTLENBQUM7b0JBQ1YsT0FBTyxFQUFFLEtBQUs7b0JBQ2QsTUFBTSxFQUFFLEVBQUUsRUFBRSwrQkFBK0I7b0JBQzNDLE9BQU8sRUFBRSxJQUFJLENBQUMsR0FBRyxDQUFDLE9BQU87b0JBQ3pCLFFBQVEsRUFBRSxRQUFRO29CQUNsQixZQUFZLEVBQUUsaUJBQWlCO2lCQUNoQyxDQUFDLENBQUM7WUFDTCxDQUFDO1NBQUE7UUFDRCxPQUFPLElBQUksTUFBTSxDQUFDLEtBQUssRUFBRSxFQUFFLEVBQUUsRUFBRSxDQUFDLENBQUM7SUFDbkMsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7Ozs7OztPQWlCRztJQUNJLE1BQU0sQ0FBQyxvQkFBb0IsQ0FDaEMsS0FBZ0IsRUFDaEIsRUFBVSxFQUFFLGlEQUFpRDtJQUM3RCxnQkFBd0I7UUFFeEIsNERBQTREO1FBQzVELE1BQU0sTUFBTyxTQUFRLGlCQUFpQjtZQUF0Qzs7Z0JBQ2tCLHFCQUFnQixHQUFHLGdCQUFnQixDQUFDO1lBQ3RELENBQUM7U0FBQTtRQUNELE9BQU8sSUFBSSxNQUFNLENBQUMsS0FBSyxFQUFFLEVBQUUsQ0FBQyxDQUFDO0lBQy9CLENBQUM7SUFFRDs7Ozs7Ozs7O09BU0c7SUFDSSxNQUFNLENBQUMsd0JBQXdCLENBQ3BDLEtBQWdCLEVBQ2hCLEVBQVUsRUFBRSw0Q0FBNEM7SUFDeEQsaUJBQXlCO1FBRXpCLE1BQU0sZ0JBQWlCLFNBQVEsaUJBQWlCO1lBQWhEOztnQkFDa0IscUJBQWdCLEdBQUcsU0FBRyxDQUFDLE1BQU0sQ0FBQztvQkFDNUMsU0FBUyxFQUFFLElBQUksQ0FBQyxHQUFHLENBQUMsU0FBUztvQkFDN0IsT0FBTyxFQUFFLEtBQUs7b0JBQ2QsTUFBTSxFQUFFLEVBQUUsRUFBRSwrQkFBK0I7b0JBQzNDLE9BQU8sRUFBRSxLQUFLLEVBQUUsNENBQTRDO29CQUM1RCxRQUFRLEVBQUUsUUFBUTtvQkFDbEIsWUFBWSxFQUFFLGlCQUFpQjtpQkFDaEMsQ0FBQyxDQUFDO1lBQ0wsQ0FBQztTQUFBO1FBQ0QsT0FBTyxJQUFJLGdCQUFnQixDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztJQUN6QyxDQUFDO0lBRUQ7O09BRUc7SUFDSSxNQUFNLENBQUMsb0JBQW9CLENBQ2hDLFdBQXNCLEVBQ3RCLFFBQWdCLEVBQ2hCLElBQTZCO1FBRTdCLE1BQU0sTUFBTyxTQUFRLGlCQUFpQjtZQVFwQyxZQUFZLEtBQWdCLEVBQUUsRUFBVTtnQkFDdEMsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLEVBQUUsSUFBSSxDQUFDLENBQUM7Z0JBQ3ZCLElBQUksQ0FBQyxRQUFRLEdBQUcsSUFBSSwrQkFBZ0IsQ0FBQyxnQkFBZ0IsQ0FDbkQsSUFBSSxFQUNKLFVBQVUsRUFDVixJQUFJLENBQ0wsQ0FBQztnQkFDRixJQUFJLENBQUMsZ0JBQWdCLEdBQUcsSUFBSSxDQUFDLFFBQVEsQ0FBQyxHQUFHLENBQUM7WUFDNUMsQ0FBQztTQUNGO1FBRUQsT0FBTyxJQUFJLE1BQU0sQ0FBQyxXQUFXLEVBQUUsUUFBUSxDQUFDLENBQUM7SUFDM0MsQ0FBQztJQUNEOzs7O09BSUc7SUFDSCxJQUFXLGdCQUFnQjtRQUN6QixPQUFPLElBQUksQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDO0lBQzNCLENBQUM7SUFPRDs7OztPQUlHO0lBQ0gsSUFBVyxpQkFBaUI7UUFDMUIsT0FBTyxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQztJQUM1QixDQUFDO0lBeUJELDhDQUE4QztJQUM5Qyx5R0FBeUc7SUFDekcsdURBQXVEO0lBRXZELFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsUUFBNEIsRUFBRTtRQUN0RSxLQUFLLENBQUMsS0FBSyxFQUFFLEVBQUUsRUFBRSxLQUFLLENBQUMsQ0FBQztRQUV4QixJQUFJLENBQUMsV0FBVyxHQUFHLEtBQUssQ0FBQyxXQUFXLENBQUM7UUFDckMsSUFBSSxDQUFDLElBQUksR0FBRyxLQUFLLENBQUMsSUFBSSxJQUFJLEdBQUcsQ0FBQztRQUU5QixJQUFJLENBQUMsUUFBUSxHQUFHLEtBQUssQ0FBQyxRQUFRLElBQUksSUFBSSxnQ0FBYyxDQUFDLElBQUksRUFBRSxRQUFRLENBQUMsQ0FBQztRQUVyRSxJQUFJLEtBQUssQ0FBQyxpQkFBaUIsSUFBSSxLQUFLLENBQUMsdUJBQXVCLEVBQUUsQ0FBQztZQUM3RCxNQUFNLElBQUksS0FBSyxDQUNiLHNGQUFzRixDQUN2RixDQUFDO1FBQ0osQ0FBQztRQUVELE1BQU0sdUJBQXVCLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyx3QkFBd0IsQ0FBQyxJQUFJLEVBQUU7WUFDeEUsTUFBTSxFQUFFLEtBQUssQ0FBQyx1QkFBdUIsSUFBSSxJQUFJLENBQUMsUUFBUSxHQUFHLEdBQUc7WUFDNUQsd0JBQXdCLEVBQUUsU0FBUztZQUNuQyxTQUFTLEVBQUUsR0FBRztTQUNmLENBQUMsQ0FBQztRQUVILElBQUksQ0FBQyxRQUFRLEdBQUcsSUFBSSx3QkFBUyxDQUFDLFNBQVMsQ0FBQyxJQUFJLEVBQUUsVUFBVSxFQUFFO1lBQ3hELEdBQUcsS0FBSyxFQUFFLHlEQUF5RDtZQUNuRSxJQUFJLEVBQUUsS0FBSyxDQUFDLGlCQUFpQjtZQUM3QixVQUFVLEVBQUUsQ0FBQyxLQUFLLENBQUMsaUJBQWlCO2dCQUNsQyxDQUFDLENBQUMsdUJBQXVCO2dCQUN6QixDQUFDLENBQUMsU0FBUztZQUNiLFdBQVcsRUFBRSxJQUFJLENBQUMsV0FBVztZQUM3QixJQUFJLEVBQUUsSUFBSSxDQUFDLElBQUk7WUFDZixNQUFNLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJO1NBQzNCLENBQUMsQ0FBQztRQUVILElBQUksS0FBSyxDQUFDLEtBQUssRUFBRSxDQUFDO1lBQ2hCLEtBQUssQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxJQUFJLENBQUMsWUFBWSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDbkQsQ0FBQztRQUVELElBQUksS0FBSyxDQUFDLFVBQVUsRUFBRSxDQUFDO1lBQ3JCLEtBQUssQ0FBQyxVQUFVLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxJQUFJLENBQUMsYUFBYSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDekQsQ0FBQztRQUVELElBQUksQ0FBQyxjQUFjLEdBQUcsSUFBSSwyQkFBMkIsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUU1RCxJQUFJLENBQUMsSUFBSSxDQUFDLGFBQWEsQ0FBQyxFQUFFLFFBQVEsRUFBRSxHQUFHLEVBQUUsQ0FBQyxJQUFJLENBQUMscUJBQXFCLEVBQUUsRUFBRSxDQUFDLENBQUM7SUFDNUUsQ0FBQztJQUVEOztPQUVHO0lBQ0ksYUFBYSxDQUFDLEdBQUcsU0FBNEI7UUFDbEQsSUFBSSxDQUFDLFFBQVEsQ0FBQyxhQUFhLENBQUMsR0FBRyxTQUFTLENBQUMsQ0FBQztJQUM1QyxDQUFDO0lBRU8scUJBQXFCO1FBQzNCLE1BQU0sTUFBTSxHQUFHLElBQUksS0FBSyxFQUFVLENBQUM7UUFFbkMsaURBQWlEO1FBQ2pELElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUMxQixNQUFNLENBQUMsSUFBSSxDQUNULGdFQUFnRSxDQUNqRSxDQUFDO1FBQ0osQ0FBQztRQUVELE1BQU0sQ0FBQyxJQUFJLENBQUMsR0FBRyxJQUFJLENBQUMsUUFBUSxDQUFDLHlCQUF5QixFQUFFLENBQUMsQ0FBQztRQUMxRCxPQUFPLE1BQU0sQ0FBQztJQUNoQixDQUFDOztBQXJPSCxzQ0FzT0M7OztBQUVELE1BQU0sMkJBQTJCO0lBSy9CLFlBQW9CLGNBQTZCO1FBQTdCLG1CQUFjLEdBQWQsY0FBYyxDQUFlO1FBSmpDLHFCQUFnQixHQUFHLGdCQUFnQixDQUFDO1FBS2xELElBQUksQ0FBQyxjQUFjLEdBQUcsSUFBSSxDQUFDO1FBQzNCLElBQUksQ0FBQyxnQkFBZ0IsR0FBRyxjQUFjLENBQUMsR0FBRyxDQUFDLE9BQU8sQ0FBQztJQUNyRCxDQUFDO0lBRUQsSUFBVyxjQUFjO1FBQ3ZCLG1GQUFtRjtRQUNuRiw4RkFBOEY7UUFDOUYsdUhBQXVIO1FBQ3ZILE1BQU0sSUFBSSxLQUFLLENBQ2IsK0JBQStCLElBQUksQ0FBQyxjQUFjLENBQUMsSUFBSSxDQUFDLElBQUkseURBQXlELENBQ3RILENBQUM7SUFDSixDQUFDO0lBRU0sV0FBVyxDQUFDLFNBQTBCO1FBQzNDLE9BQU8sSUFBSSxDQUFDLG9CQUFvQixDQUFDLFNBQVMsQ0FBQyxDQUFDLGNBQWMsQ0FBQztJQUM3RCxDQUFDO0lBRU0sb0JBQW9CLENBQ3pCLFNBQTBCO1FBRTFCLElBQUksQ0FBQyxjQUFjLENBQUMsYUFBYSxDQUFDLFNBQVMsQ0FBQyxDQUFDO1FBQzdDLE9BQU8sRUFBRSxjQUFjLEVBQUUsSUFBSSxFQUFFLGdCQUFnQixFQUFFLElBQUksQ0FBQyxjQUFjLEVBQUUsQ0FBQztJQUN6RSxDQUFDO0NBQ0YiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQge1xuICBpYW1Qb2xpY3ksXG4gIGRhdGFBd3NJYW1Qb2xpY3ksXG4gIGlhbVJvbGVQb2xpY3lBdHRhY2htZW50LFxufSBmcm9tIFwiQGNka3RmL3Byb3ZpZGVyLWF3c1wiO1xuaW1wb3J0IHsgQ29uc3RydWN0IH0gZnJvbSBcImNvbnN0cnVjdHNcIjtcbmltcG9ydCB7IFBvbGljeURvY3VtZW50IH0gZnJvbSBcIi4vcG9saWN5LWRvY3VtZW50XCI7XG5pbXBvcnQgeyBQb2xpY3lTdGF0ZW1lbnQgfSBmcm9tIFwiLi9wb2xpY3ktc3RhdGVtZW50XCI7XG5pbXBvcnQge1xuICBBZGRUb1ByaW5jaXBhbFBvbGljeVJlc3VsdCxcbiAgSUdyYW50YWJsZSxcbiAgSVByaW5jaXBhbCxcbiAgUHJpbmNpcGFsUG9saWN5RnJhZ21lbnQsXG59IGZyb20gXCIuL3ByaW5jaXBhbHNcIjtcbmltcG9ydCB7IElSb2xlIH0gZnJvbSBcIi4vcm9sZVwiO1xuaW1wb3J0IHsgQXJuIH0gZnJvbSBcIi4uL2FyblwiO1xuaW1wb3J0IHtcbiAgSUF3c0NvbnN0cnVjdCxcbiAgQXdzQ29uc3RydWN0QmFzZSxcbiAgQXdzQ29uc3RydWN0UHJvcHMsXG59IGZyb20gXCIuLi9hd3MtY29uc3RydWN0XCI7XG5pbXBvcnQgeyBBd3NTdGFjayB9IGZyb20gXCIuLi9hd3Mtc3RhY2tcIjtcblxuLyoqXG4gKiBPdXRwdXRzIHdoaWNoIG1heSBiZSByZWdpc3RlcmVkIGZvciBvdXRwdXQgdmlhIHRoZSBHcmlkLlxuICovXG5leHBvcnQgaW50ZXJmYWNlIE1hbmFnZWRQb2xpY3lPdXRwdXRzIHtcbiAgcmVhZG9ubHkgYXJuOiBzdHJpbmc7XG59XG5cbi8qKlxuICogQSBtYW5hZ2VkIHBvbGljeVxuICovXG5leHBvcnQgaW50ZXJmYWNlIElNYW5hZ2VkUG9saWN5IGV4dGVuZHMgSUF3c0NvbnN0cnVjdCB7XG4gIC8qKlxuICAgKiBTdHJvbmdseSB0eXBlZCBtYW5hZ2VkIHBvbGljeSBvdXRwdXRzXG4gICAqXG4gICAqIEBhdHRyaWJ1dGVcbiAgICovXG4gIHJlYWRvbmx5IG1hbmFnZWRQb2xpY3lPdXRwdXRzOiBNYW5hZ2VkUG9saWN5T3V0cHV0cztcbiAgLyoqXG4gICAqIFRoZSBBUk4gb2YgdGhlIG1hbmFnZWQgcG9saWN5XG4gICAqIEBhdHRyaWJ1dGVcbiAgICovXG4gIHJlYWRvbmx5IG1hbmFnZWRQb2xpY3lBcm46IHN0cmluZztcbiAgLyoqXG4gICAqIEF0dGFjaGVzIHRoaXMgcG9saWN5IHRvIGEgcm9sZS5cbiAgICpcbiAgICogTk9URTogVXNpbmcgdGhpcyBtZXRob2Qgd2lsbCBjb25mbGljdCB3aXRoIGEgcm9sZSB0aGF0IGhhc1xuICAgKiBleGNsdXNpdmUgbWFuYWdlbWVudCBvZiB0aGUgcm9sZSdzIHBvbGljeSBhdHRhY2htZW50cy5cbiAgICpcbiAgICogSWYgeW91IGF0dGVtcHQgdG8gbWFuYWdlIGEgcm9sZSdzIHBvbGljaWVzIGJ5IG11bHRpcGxlIG1lYW5zLFxuICAgKiB5b3Ugd2lsbCBnZXQgcmVzb3VyY2UgY3ljbGluZyBhbmQvb3IgZXJyb3JzLlxuICAgKi9cbiAgYXR0YWNoVG9Sb2xlKHJvbGU6IElSb2xlKTogdm9pZDtcbn1cblxuLyoqXG4gKiBQcm9wZXJ0aWVzIGZvciBkZWZpbmluZyBhbiBJQU0gbWFuYWdlZCBwb2xpY3lcbiAqL1xuZXhwb3J0IGludGVyZmFjZSBNYW5hZ2VkUG9saWN5UHJvcHMgZXh0ZW5kcyBBd3NDb25zdHJ1Y3RQcm9wcyB7XG4gIC8qKlxuICAgKiBUaGUgbmFtZSBvZiB0aGUgbWFuYWdlZCBwb2xpY3kuIElmIHlvdSBzcGVjaWZ5IG11bHRpcGxlIHBvbGljaWVzIGZvciBhbiBlbnRpdHksXG4gICAqIHNwZWNpZnkgdW5pcXVlIG5hbWVzLiBGb3IgZXhhbXBsZSwgaWYgeW91IHNwZWNpZnkgYSBsaXN0IG9mIHBvbGljaWVzIGZvclxuICAgKiBhbiBJQU0gcm9sZSwgZWFjaCBwb2xpY3kgbXVzdCBoYXZlIGEgdW5pcXVlIG5hbWUuXG4gICAqXG4gICAqIEZvcmNlcyBuZXcgcmVzb3VyY2VcbiAgICpcbiAgICogQGRlZmF1bHQgLSBJZiBvbWl0dGVkLCBSZWZlciB0byBgbWFuYWdlZFBvbGljeU5hbWVQcmVmaXhgLlxuICAgKi9cbiAgcmVhZG9ubHkgbWFuYWdlZFBvbGljeU5hbWU/OiBzdHJpbmc7XG5cbiAgLyoqXG4gICAqIENyZWF0ZXMgYSB1bmlxdWUgbmFtZSBiZWdpbm5pbmcgd2l0aCB0aGUgc3BlY2lmaWVkIHByZWZpeC5cbiAgICogQ29uZmxpY3RzIHdpdGggYG1hbmFnZWRQb2xpY3lOYW1lYC5cbiAgICpcbiAgICogVGhlIG5hbWUgb2YgdGhlIG1hbmFnZWQgcG9saWN5LiBJZiB5b3Ugc3BlY2lmeSBtdWx0aXBsZSBwb2xpY2llcyBmb3IgYW4gZW50aXR5LFxuICAgKiBzcGVjaWZ5IHVuaXF1ZSBuYW1lcy4gRm9yIGV4YW1wbGUsIGlmIHlvdSBzcGVjaWZ5IGEgbGlzdCBvZiBwb2xpY2llcyBmb3JcbiAgICogYW4gSUFNIHJvbGUsIGVhY2ggcG9saWN5IG11c3QgaGF2ZSBhIHVuaXF1ZSBuYW1lLlxuICAgKlxuICAgKiBGb3JjZXMgbmV3IHJlc291cmNlXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gSWYgb21pdHRlZCwgRVQgd2lsbCBhc3NpZ24gYSByYW5kb20sIHVuaXF1ZSBuYW1lIHByZWZpeGVkIGJ5IEdyaWRVVUlELlxuICAgKi9cbiAgcmVhZG9ubHkgbWFuYWdlZFBvbGljeU5hbWVQcmVmaXg/OiBzdHJpbmc7XG5cbiAgLyoqXG4gICAqIEEgZGVzY3JpcHRpb24gb2YgdGhlIG1hbmFnZWQgcG9saWN5LiBUeXBpY2FsbHkgdXNlZCB0byBzdG9yZSBpbmZvcm1hdGlvbiBhYm91dCB0aGVcbiAgICogcGVybWlzc2lvbnMgZGVmaW5lZCBpbiB0aGUgcG9saWN5LiBGb3IgZXhhbXBsZSwgXCJHcmFudHMgYWNjZXNzIHRvIHByb2R1Y3Rpb24gRHluYW1vREIgdGFibGVzLlwiXG4gICAqIFRoZSBwb2xpY3kgZGVzY3JpcHRpb24gaXMgaW1tdXRhYmxlLiBBZnRlciBhIHZhbHVlIGlzIGFzc2lnbmVkLCBpdCBjYW5ub3QgYmUgY2hhbmdlZC5cbiAgICpcbiAgICogRm9yY2VzIG5ldyByZXNvdXJjZVxuICAgKlxuICAgKiBAZGVmYXVsdCAtIFRlcnJhZm9ybSB3aWxsIGdlbmVyYXRlIGEgZGVzY3JpcHRpb25cbiAgICovXG4gIHJlYWRvbmx5IGRlc2NyaXB0aW9uPzogc3RyaW5nO1xuXG4gIC8vVE9ETzogQ29uZmlybSB0ZXJyYWZvcm0gZ2VuZXJhdGVzIGEgZGVzY3JpcHRpb24gZm9yIGlhbV9wb2xpY3k/XG5cbiAgLyoqXG4gICAqIFRoZSBwYXRoIGZvciB0aGUgcG9saWN5LiBUaGlzIHBhcmFtZXRlciBhbGxvd3MgKHRocm91Z2ggaXRzIHJlZ2V4IHBhdHRlcm4pIGEgc3RyaW5nIG9mIGNoYXJhY3RlcnNcbiAgICogY29uc2lzdGluZyBvZiBlaXRoZXIgYSBmb3J3YXJkIHNsYXNoICgvKSBieSBpdHNlbGYgb3IgYSBzdHJpbmcgdGhhdCBtdXN0IGJlZ2luIGFuZCBlbmQgd2l0aCBmb3J3YXJkIHNsYXNoZXMuXG4gICAqIEluIGFkZGl0aW9uLCBpdCBjYW4gY29udGFpbiBhbnkgQVNDSUkgY2hhcmFjdGVyIGZyb20gdGhlICEgKFxcdTAwMjEpIHRocm91Z2ggdGhlIERFTCBjaGFyYWN0ZXIgKFxcdTAwN0YpLFxuICAgKiBpbmNsdWRpbmcgbW9zdCBwdW5jdHVhdGlvbiBjaGFyYWN0ZXJzLCBkaWdpdHMsIGFuZCB1cHBlciBhbmQgbG93ZXJjYXNlZCBsZXR0ZXJzLlxuICAgKlxuICAgKiBGb3IgbW9yZSBpbmZvcm1hdGlvbiBhYm91dCBwYXRocywgc2VlIElBTSBJZGVudGlmaWVycyBpbiB0aGUgSUFNIFVzZXIgR3VpZGUuXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gXCIvXCJcbiAgICovXG4gIHJlYWRvbmx5IHBhdGg/OiBzdHJpbmc7XG5cbiAgLyoqXG4gICAqIFJvbGVzIHRvIGF0dGFjaCB0aGlzIHBvbGljeSB0by5cbiAgICogWW91IGNhbiBhbHNvIHVzZSBgYXR0YWNoVG9Sb2xlKHJvbGUpYCB0byBhdHRhY2ggdGhpcyBwb2xpY3kgdG8gYSByb2xlLlxuICAgKlxuICAgKiBAZGVmYXVsdCAtIE5vIHJvbGVzLlxuICAgKi9cbiAgcmVhZG9ubHkgcm9sZXM/OiBJUm9sZVtdO1xuXG4gIC8qKlxuICAgKiBJbml0aWFsIHNldCBvZiBwZXJtaXNzaW9ucyB0byBhZGQgdG8gdGhpcyBwb2xpY3kgZG9jdW1lbnQuXG4gICAqIFlvdSBjYW4gYWxzbyB1c2UgYGFkZFBlcm1pc3Npb24oc3RhdGVtZW50KWAgdG8gYWRkIHBlcm1pc3Npb25zIGxhdGVyLlxuICAgKlxuICAgKiBAZGVmYXVsdCAtIE5vIHN0YXRlbWVudHMuXG4gICAqL1xuICByZWFkb25seSBzdGF0ZW1lbnRzPzogUG9saWN5U3RhdGVtZW50W107XG5cbiAgLyoqXG4gICAqIEluaXRpYWwgUG9saWN5RG9jdW1lbnQgdG8gdXNlIGZvciB0aGlzIE1hbmFnZWRQb2xpY3kuIElmIG9taXRlZCwgYW55XG4gICAqIGBQb2xpY3lTdGF0ZW1lbnRgIHByb3ZpZGVkIGluIHRoZSBgc3RhdGVtZW50c2AgcHJvcGVydHkgd2lsbCBiZSBhcHBsaWVkXG4gICAqIGFnYWluc3QgdGhlIGVtcHR5IGRlZmF1bHQgYFBvbGljeURvY3VtZW50YC5cbiAgICpcbiAgICogQGRlZmF1bHQgLSBBbiBlbXB0eSBwb2xpY3kuXG4gICAqL1xuICByZWFkb25seSBkb2N1bWVudD86IFBvbGljeURvY3VtZW50O1xufVxuXG4vKipcbiAqIEF0dHJpYnV0ZXMgdG8gcmVmZXJlbmNlIE1hbmFnZWRQb2xpY3kgZm9yIHBsYW4gdGltZSBmYWlsdXJlcyBhbmQgc3RyaWN0IGV4dGVybmFsIGRlcGVuZGVuY2llcy5cbiAqL1xuZXhwb3J0IGludGVyZmFjZSBNYW5hZ2VkUG9saWN5QXR0cmlidXRlc1xuICBleHRlbmRzIGRhdGFBd3NJYW1Qb2xpY3kuRGF0YUF3c0lhbVBvbGljeUNvbmZpZyB7fVxuXG4vKipcbiAqIE1hbmFnZWQgcG9saWN5IGJhc2VcbiAqL1xuYWJzdHJhY3QgY2xhc3MgTWFuYWdlZFBvbGljeUJhc2VcbiAgZXh0ZW5kcyBBd3NDb25zdHJ1Y3RCYXNlXG4gIGltcGxlbWVudHMgSU1hbmFnZWRQb2xpY3lcbntcbiAgLyoqXG4gICAqIFJldHVybnMgdGhlIEFSTiBvZiB0aGlzIG1hbmFnZWQgcG9saWN5LlxuICAgKlxuICAgKiBAYXR0cmlidXRlXG4gICAqL1xuICBwdWJsaWMgYWJzdHJhY3QgZ2V0IG1hbmFnZWRQb2xpY3lBcm4oKTogc3RyaW5nO1xuICBwdWJsaWMgZ2V0IG1hbmFnZWRQb2xpY3lPdXRwdXRzKCk6IE1hbmFnZWRQb2xpY3lPdXRwdXRzIHtcbiAgICByZXR1cm4geyBhcm46IHRoaXMubWFuYWdlZFBvbGljeUFybiB9O1xuICB9XG4gIHB1YmxpYyBnZXQgb3V0cHV0cygpOiBSZWNvcmQ8c3RyaW5nLCBhbnk+IHtcbiAgICByZXR1cm4gdGhpcy5tYW5hZ2VkUG9saWN5T3V0cHV0cztcbiAgfVxuICBwcml2YXRlIHJlYWRvbmx5IHJvbGVzID0gbmV3IEFycmF5PElSb2xlPigpO1xuICBjb25zdHJ1Y3RvcihzY29wZTogQ29uc3RydWN0LCBpZDogc3RyaW5nLCBwcm9wczogTWFuYWdlZFBvbGljeVByb3BzID0ge30pIHtcbiAgICBzdXBlcihzY29wZSwgaWQsIHByb3BzKTtcbiAgfVxuICBwdWJsaWMgYXR0YWNoVG9Sb2xlKHJvbGU6IElSb2xlKSB7XG4gICAgaWYgKHRoaXMucm9sZXMuZmluZCgocikgPT4gci5yb2xlQXJuID09PSByb2xlLnJvbGVBcm4pKSB7XG4gICAgICByZXR1cm47XG4gICAgfVxuICAgIHRoaXMucm9sZXMucHVzaChyb2xlKTtcbiAgfVxuICAvKipcbiAgICogQWRkcyByZXNvdXJjZSB0byB0aGUgdGVycmFmb3JtIEpTT04gb3V0cHV0LlxuICAgKlxuICAgKiBjYWxsZWQgYnkgVGVycmFmb3JtU3RhY2sucHJlcGFyZVN0YWNrKClcbiAgICovXG4gIHB1YmxpYyB0b1RlcnJhZm9ybSgpOiBhbnkge1xuICAgIC8vIGFkZCBpYW1Sb2xlUG9saWN5IHJlc291cmNlIGZvciBlYWNoIHJlZmVyZW5jZWQgcm9sZVxuICAgIGZvciAobGV0IGkgPSAwOyBpIDwgdGhpcy5yb2xlcy5sZW5ndGg7IGkrKykge1xuICAgICAgY29uc3QgaWQgPSBgUm9sZXMke2l9YDtcbiAgICAgIC8vIFRPRE86IElkZWFsbHkgd2Ugc2hvdWxkIGhhdmUgdXNlZCBJUmVzb2x2YWJsZS5yZXNvbHZlIGFuZCB1c2UgdGhlIElSZXNvbHZlQ29udGV4dC5wcmVwYXJpbmcgZmxhZ1xuICAgICAgLy8gcmVmOiBodHRwczovL2dpdGh1Yi5jb20vYXdzL2F3cy1jZGsvYmxvYi92Mi4xNzAuMC9wYWNrYWdlcy9hd3MtY2RrLWxpYi9hd3MtaWFtL2xpYi9wb2xpY3ktZG9jdW1lbnQudHMjTDQ4XG4gICAgICBpZiAodGhpcy5ub2RlLnRyeUZpbmRDaGlsZChpZCkpIGNvbnRpbnVlOyAvLyBpZ25vcmUgaWYgYWxyZWFkeSBnZW5lcmF0ZWRcblxuICAgICAgbmV3IGlhbVJvbGVQb2xpY3lBdHRhY2htZW50LklhbVJvbGVQb2xpY3lBdHRhY2htZW50KHRoaXMsIGlkLCB7XG4gICAgICAgIHBvbGljeUFybjogdGhpcy5tYW5hZ2VkUG9saWN5QXJuLFxuICAgICAgICByb2xlOiB0aGlzLnJvbGVzW2ldLnJvbGVOYW1lLFxuICAgICAgfSk7XG4gICAgfVxuICAgIHJldHVybiB7fTtcbiAgfVxufVxuXG4vKipcbiAqIE1hbmFnZWQgcG9saWN5XG4gKi9cbmV4cG9ydCBjbGFzcyBNYW5hZ2VkUG9saWN5XG4gIGV4dGVuZHMgTWFuYWdlZFBvbGljeUJhc2VcbiAgaW1wbGVtZW50cyBJTWFuYWdlZFBvbGljeSwgSUdyYW50YWJsZVxue1xuICAvKipcbiAgICogSW1wb3J0IGEgY3VzdG9tZXIgbWFuYWdlZCBwb2xpY3kgZnJvbSB0aGUgbWFuYWdlZFBvbGljeU5hbWUuXG4gICAqXG4gICAqIEZvciB0aGlzIG1hbmFnZWQgcG9saWN5LCB5b3Ugb25seSBuZWVkIHRvIGtub3cgdGhlIG5hbWUgdG8gYmUgYWJsZSB0byB1c2UgaXQuXG4gICAqXG4gICAqL1xuICBwdWJsaWMgc3RhdGljIGZyb21NYW5hZ2VkUG9saWN5TmFtZShcbiAgICBzY29wZTogQ29uc3RydWN0LFxuICAgIGlkOiBzdHJpbmcsXG4gICAgbWFuYWdlZFBvbGljeU5hbWU6IHN0cmluZyxcbiAgKTogSU1hbmFnZWRQb2xpY3kge1xuICAgIGNsYXNzIEltcG9ydCBleHRlbmRzIE1hbmFnZWRQb2xpY3lCYXNlIHtcbiAgICAgIHB1YmxpYyByZWFkb25seSBtYW5hZ2VkUG9saWN5QXJuID0gQXdzU3RhY2sub2ZBd3NDb25zdHJ1Y3QoXG4gICAgICAgIHNjb3BlLFxuICAgICAgKS5mb3JtYXRBcm4oe1xuICAgICAgICBzZXJ2aWNlOiBcImlhbVwiLFxuICAgICAgICByZWdpb246IFwiXCIsIC8vIG5vIHJlZ2lvbiBmb3IgbWFuYWdlZCBwb2xpY3lcbiAgICAgICAgYWNjb3VudDogdGhpcy5lbnYuYWNjb3VudCxcbiAgICAgICAgcmVzb3VyY2U6IFwicG9saWN5XCIsXG4gICAgICAgIHJlc291cmNlTmFtZTogbWFuYWdlZFBvbGljeU5hbWUsXG4gICAgICB9KTtcbiAgICB9XG4gICAgcmV0dXJuIG5ldyBJbXBvcnQoc2NvcGUsIGlkLCB7fSk7XG4gIH1cblxuICAvKipcbiAgICogSW1wb3J0IGFuIGV4dGVybmFsIG1hbmFnZWQgcG9saWN5IGJ5IEFSTi5cbiAgICpcbiAgICogRm9yIHRoaXMgbWFuYWdlZCBwb2xpY3ksIHlvdSBvbmx5IG5lZWQgdG8ga25vdyB0aGUgQVJOIHRvIGJlIGFibGUgdG8gdXNlIGl0LlxuICAgKiBUaGlzIGNhbiBiZSB1c2VmdWwgaWYgeW91IGdvdCB0aGUgQVJOIGZyb20gdGhlIEdyaWQuXG4gICAqXG4gICAqIElmIHRoZSBpbXBvcnRlZCBNYW5hZ2VkIFBvbGljeSBBUk4gaXMgYSBUb2tlbiAoc3VjaCBhcyBhXG4gICAqIGBkYXRhQXdzU3NtUGFyYW1ldGVyLnZhbHVlYCAqYW5kKiB0aGUgcmVmZXJlbmNlZFxuICAgKiBtYW5hZ2VkIHBvbGljeSBoYXMgYSBgcGF0aGAgKGxpa2UgYGFybjouLi46cG9saWN5L0FkbWluUG9saWN5L0FkbWluQWxsb3dgKSwgdGhlXG4gICAqIGBtYW5hZ2VkUG9saWN5TmFtZWAgcHJvcGVydHkgd2lsbCBub3QgcmVzb2x2ZSB0byB0aGUgY29ycmVjdCB2YWx1ZS4gSW5zdGVhZCBpdFxuICAgKiB3aWxsIHJlc29sdmUgdG8gdGhlIGZpcnN0IHBhdGggY29tcG9uZW50LlxuICAgKiBJbiB0aGlzIHNjZW5hcmlvIHRoZSBNYW5hZ2VkIFBvbGljeSBBUk4gc2hvdWxkIGJlIHN1cHBsaWVkIHdpdGhvdXQgdGhlXG4gICAqIGBwYXRoYCBpbiBvcmRlciB0byByZXNvbHZlIHRoZSBjb3JyZWN0IG1hbmFnZWQgcG9saWN5IHJlc291cmNlLlxuICAgKlxuICAgKiBAcGFyYW0gc2NvcGUgY29uc3RydWN0IHNjb3BlXG4gICAqIEBwYXJhbSBpZCBjb25zdHJ1Y3QgaWRcbiAgICogQHBhcmFtIG1hbmFnZWRQb2xpY3lBcm4gdGhlIEFSTiBvZiB0aGUgbWFuYWdlZCBwb2xpY3kgdG8gaW1wb3J0XG4gICAqL1xuICBwdWJsaWMgc3RhdGljIGZyb21NYW5hZ2VkUG9saWN5QXJuKFxuICAgIHNjb3BlOiBDb25zdHJ1Y3QsXG4gICAgaWQ6IHN0cmluZywgLy8gVE9ETzogcmVtb3ZlIHRoaXMsIHVzZSBtYW5hZ2VkUG9saWN5QXJuIGFzIGlkP1xuICAgIG1hbmFnZWRQb2xpY3lBcm46IHN0cmluZyxcbiAgKTogSU1hbmFnZWRQb2xpY3kge1xuICAgIC8vIFRPRE86IENoZWNrIHNjb3BlIGlmIGNoaWxkIGFscmVhZHkgZXhpc3QgYW5kIHJldHVybiB0aGF0P1xuICAgIGNsYXNzIEltcG9ydCBleHRlbmRzIE1hbmFnZWRQb2xpY3lCYXNlIHtcbiAgICAgIHB1YmxpYyByZWFkb25seSBtYW5hZ2VkUG9saWN5QXJuID0gbWFuYWdlZFBvbGljeUFybjtcbiAgICB9XG4gICAgcmV0dXJuIG5ldyBJbXBvcnQoc2NvcGUsIGlkKTtcbiAgfVxuXG4gIC8qKlxuICAgKiBJbXBvcnQgYSBtYW5hZ2VkIHBvbGljeSBmcm9tIG9uZSBvZiB0aGUgcG9saWNpZXMgdGhhdCBBV1MgbWFuYWdlcy5cbiAgICpcbiAgICogRm9yIHRoaXMgbWFuYWdlZCBwb2xpY3ksIHlvdSBvbmx5IG5lZWQgdG8ga25vdyB0aGUgbmFtZSBhbmQgc2NvcGVcbiAgICogdG8gYmUgYWJsZSB0byB1c2UgaXQuXG4gICAqXG4gICAqIFNvbWUgbWFuYWdlZCBwb2xpY3kgbmFtZXMgc3RhcnQgd2l0aCBcInNlcnZpY2Utcm9sZS9cIiwgc29tZSBzdGFydCB3aXRoXG4gICAqIFwiam9iLWZ1bmN0aW9uL1wiLCBhbmQgc29tZSBkb24ndCBzdGFydCB3aXRoIGFueXRoaW5nLiBJbmNsdWRlIHRoZVxuICAgKiBwcmVmaXggd2hlbiBjb25zdHJ1Y3RpbmcgdGhpcyBvYmplY3QuXG4gICAqL1xuICBwdWJsaWMgc3RhdGljIGZyb21Bd3NNYW5hZ2VkUG9saWN5TmFtZShcbiAgICBzY29wZTogQ29uc3RydWN0LFxuICAgIGlkOiBzdHJpbmcsIC8vVE9ETzogdXNlIG1hbmFnZWRQb2xpY3lOYW1lIGFzIGlkIGluc3RlYWQ/XG4gICAgbWFuYWdlZFBvbGljeU5hbWU6IHN0cmluZyxcbiAgKTogSU1hbmFnZWRQb2xpY3kge1xuICAgIGNsYXNzIEF3c01hbmFnZWRQb2xpY3kgZXh0ZW5kcyBNYW5hZ2VkUG9saWN5QmFzZSB7XG4gICAgICBwdWJsaWMgcmVhZG9ubHkgbWFuYWdlZFBvbGljeUFybiA9IEFybi5mb3JtYXQoe1xuICAgICAgICBwYXJ0aXRpb246IHRoaXMuZW52LnBhcnRpdGlvbixcbiAgICAgICAgc2VydmljZTogXCJpYW1cIixcbiAgICAgICAgcmVnaW9uOiBcIlwiLCAvLyBubyByZWdpb24gZm9yIG1hbmFnZWQgcG9saWN5XG4gICAgICAgIGFjY291bnQ6IFwiYXdzXCIsIC8vIHRoZSBhY2NvdW50IGZvciBhIG1hbmFnZWQgcG9saWN5IGlzICdhd3MnXG4gICAgICAgIHJlc291cmNlOiBcInBvbGljeVwiLFxuICAgICAgICByZXNvdXJjZU5hbWU6IG1hbmFnZWRQb2xpY3lOYW1lLFxuICAgICAgfSk7XG4gICAgfVxuICAgIHJldHVybiBuZXcgQXdzTWFuYWdlZFBvbGljeShzY29wZSwgaWQpO1xuICB9XG5cbiAgLyoqXG4gICAqIFJlZmVyZW5jZSBhIE1hbmFnZWRQb2xpY3kgZm9yIHBsYW4gdGltZSBmYWlsdXJlcyBhbmQgZXh0ZXJuYWwgZGVwZW5kZW5jaWVzLlxuICAgKi9cbiAgcHVibGljIHN0YXRpYyBmcm9tUG9saWN5QXR0cmlidXRlcyhcbiAgICBwYXJlbnRTY29wZTogQ29uc3RydWN0LFxuICAgIHBhcmVudElkOiBzdHJpbmcsXG4gICAgYXR0cjogTWFuYWdlZFBvbGljeUF0dHJpYnV0ZXMsXG4gICk6IElNYW5hZ2VkUG9saWN5IHtcbiAgICBjbGFzcyBJbXBvcnQgZXh0ZW5kcyBNYW5hZ2VkUG9saWN5QmFzZSB7XG4gICAgICAvKipcbiAgICAgICAqIERpcmVjdCBhY2Nlc3MgdG8gdGhlIHVuZGVybHlpbmcgVGVycmFmb3JtIHJlc291cmNlLlxuICAgICAgICpcbiAgICAgICAqIFVzZSB0byBkZWZpbmUgZGVwZW5kZW5jaWVzIG9uIHRoaXMgTWFuYWdlZFBvbGljeS5cbiAgICAgICAqL1xuICAgICAgcHVibGljIHJlYWRvbmx5IHJlc291cmNlOiBkYXRhQXdzSWFtUG9saWN5LkRhdGFBd3NJYW1Qb2xpY3k7XG4gICAgICBwdWJsaWMgcmVhZG9ubHkgbWFuYWdlZFBvbGljeUFybjogc3RyaW5nO1xuICAgICAgY29uc3RydWN0b3Ioc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZykge1xuICAgICAgICBzdXBlcihzY29wZSwgaWQsIGF0dHIpO1xuICAgICAgICB0aGlzLnJlc291cmNlID0gbmV3IGRhdGFBd3NJYW1Qb2xpY3kuRGF0YUF3c0lhbVBvbGljeShcbiAgICAgICAgICB0aGlzLFxuICAgICAgICAgIFwiUmVzb3VyY2VcIixcbiAgICAgICAgICBhdHRyLFxuICAgICAgICApO1xuICAgICAgICB0aGlzLm1hbmFnZWRQb2xpY3lBcm4gPSB0aGlzLnJlc291cmNlLmFybjtcbiAgICAgIH1cbiAgICB9XG5cbiAgICByZXR1cm4gbmV3IEltcG9ydChwYXJlbnRTY29wZSwgcGFyZW50SWQpO1xuICB9XG4gIC8qKlxuICAgKiBSZXR1cm5zIHRoZSBBUk4gb2YgdGhpcyBtYW5hZ2VkIHBvbGljeS5cbiAgICpcbiAgICogQGF0dHJpYnV0ZVxuICAgKi9cbiAgcHVibGljIGdldCBtYW5hZ2VkUG9saWN5QXJuKCk6IHN0cmluZyB7XG4gICAgcmV0dXJuIHRoaXMucmVzb3VyY2UuYXJuO1xuICB9XG5cbiAgLyoqXG4gICAqIFRoZSBwb2xpY3kgZG9jdW1lbnQuXG4gICAqL1xuICBwdWJsaWMgcmVhZG9ubHkgZG9jdW1lbnQ6IFBvbGljeURvY3VtZW50O1xuXG4gIC8qKlxuICAgKiBUaGUgbmFtZSBvZiB0aGlzIHBvbGljeS5cbiAgICpcbiAgICogQGF0dHJpYnV0ZVxuICAgKi9cbiAgcHVibGljIGdldCBtYW5hZ2VkUG9saWN5TmFtZSgpOiBzdHJpbmcge1xuICAgIHJldHVybiB0aGlzLnJlc291cmNlLm5hbWU7XG4gIH1cblxuICAvKipcbiAgICogVGhlIGRlc2NyaXB0aW9uIG9mIHRoaXMgcG9saWN5LlxuICAgKlxuICAgKiBAYXR0cmlidXRlXG4gICAqL1xuICBwdWJsaWMgcmVhZG9ubHkgZGVzY3JpcHRpb24/OiBzdHJpbmc7XG5cbiAgLyoqXG4gICAqIFRoZSBwYXRoIG9mIHRoaXMgcG9saWN5LlxuICAgKlxuICAgKiBAYXR0cmlidXRlXG4gICAqL1xuICBwdWJsaWMgcmVhZG9ubHkgcGF0aDogc3RyaW5nO1xuXG4gIHB1YmxpYyByZWFkb25seSBncmFudFByaW5jaXBhbDogSVByaW5jaXBhbDtcblxuICAvKipcbiAgICogRGlyZWN0IGFjY2VzcyB0byB0aGUgdW5kZXJseWluZyBUZXJyYWZvcm0gcmVzb3VyY2UuXG4gICAqXG4gICAqIFVzZSB0byBkZWZpbmUgZGVwZW5kZW5jaWVzIG9uIHRoaXMgTWFuYWdlZFBvbGljeS5cbiAgICovXG4gIHB1YmxpYyByZXNvdXJjZTogaWFtUG9saWN5LklhbVBvbGljeTtcblxuICAvLyBUT0RPOiBBZGQgc3VwcG9ydCBmb3IgcHJlLWNyZWF0ZWQgcG9saWNpZXM/XG4gIC8vIE5PVEU6IGluIFRlcnJhQ29uc3RydWN0IHByZS1jcmVhdGVkIHBvbGljaWVzIGFyZSBwYXNzZWQgaW4gdGhyb3VnaCB0aGUgR3JpZCwgc28gdGhpcyBzZWVtcyBub3QgbmVlZGVkLlxuICAvLyBwcml2YXRlIHJlYWRvbmx5IF9wcmVjcmVhdGVkUG9saWN5PzogSU1hbmFnZWRQb2xpY3k7XG5cbiAgY29uc3RydWN0b3Ioc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZywgcHJvcHM6IE1hbmFnZWRQb2xpY3lQcm9wcyA9IHt9KSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkLCBwcm9wcyk7XG5cbiAgICB0aGlzLmRlc2NyaXB0aW9uID0gcHJvcHMuZGVzY3JpcHRpb247XG4gICAgdGhpcy5wYXRoID0gcHJvcHMucGF0aCB8fCBcIi9cIjtcblxuICAgIHRoaXMuZG9jdW1lbnQgPSBwcm9wcy5kb2N1bWVudCA/PyBuZXcgUG9saWN5RG9jdW1lbnQodGhpcywgXCJQb2xpY3lcIik7XG5cbiAgICBpZiAocHJvcHMubWFuYWdlZFBvbGljeU5hbWUgJiYgcHJvcHMubWFuYWdlZFBvbGljeU5hbWVQcmVmaXgpIHtcbiAgICAgIHRocm93IG5ldyBFcnJvcihcbiAgICAgICAgXCJDYW5ub3Qgc3BlY2lmeSBib3RoICdtYW5hZ2VkUG9saWN5TmFtZScgYW5kICdtYW5hZ2VkUG9saWN5TmFtZVByZWZpeCcuIFVzZSBvbmx5IG9uZS5cIixcbiAgICAgICk7XG4gICAgfVxuXG4gICAgY29uc3QgbWFuYWdlZFBvbGljeU5hbWVQcmVmaXggPSB0aGlzLnN0YWNrLnVuaXF1ZVJlc291cmNlTmFtZVByZWZpeCh0aGlzLCB7XG4gICAgICBwcmVmaXg6IHByb3BzLm1hbmFnZWRQb2xpY3lOYW1lUHJlZml4ID8/IHRoaXMuZ3JpZFVVSUQgKyBcIi1cIixcbiAgICAgIGFsbG93ZWRTcGVjaWFsQ2hhcmFjdGVyczogXCJfKz0sLkAtXCIsXG4gICAgICBtYXhMZW5ndGg6IDEyOCxcbiAgICB9KTtcblxuICAgIHRoaXMucmVzb3VyY2UgPSBuZXcgaWFtUG9saWN5LklhbVBvbGljeSh0aGlzLCBcIlJlc291cmNlXCIsIHtcbiAgICAgIC4uLnByb3BzLCAvLyBjb3B5IG92ZXIgVGVycmFmb3JtIE1ldGEgQXJndW1lbnRzIGZyb20gQ29uc3RydWN0UHJvcHNcbiAgICAgIG5hbWU6IHByb3BzLm1hbmFnZWRQb2xpY3lOYW1lLFxuICAgICAgbmFtZVByZWZpeDogIXByb3BzLm1hbmFnZWRQb2xpY3lOYW1lXG4gICAgICAgID8gbWFuYWdlZFBvbGljeU5hbWVQcmVmaXhcbiAgICAgICAgOiB1bmRlZmluZWQsXG4gICAgICBkZXNjcmlwdGlvbjogdGhpcy5kZXNjcmlwdGlvbixcbiAgICAgIHBhdGg6IHRoaXMucGF0aCxcbiAgICAgIHBvbGljeTogdGhpcy5kb2N1bWVudC5qc29uLFxuICAgIH0pO1xuXG4gICAgaWYgKHByb3BzLnJvbGVzKSB7XG4gICAgICBwcm9wcy5yb2xlcy5mb3JFYWNoKChyKSA9PiB0aGlzLmF0dGFjaFRvUm9sZShyKSk7XG4gICAgfVxuXG4gICAgaWYgKHByb3BzLnN0YXRlbWVudHMpIHtcbiAgICAgIHByb3BzLnN0YXRlbWVudHMuZm9yRWFjaCgocCkgPT4gdGhpcy5hZGRTdGF0ZW1lbnRzKHApKTtcbiAgICB9XG5cbiAgICB0aGlzLmdyYW50UHJpbmNpcGFsID0gbmV3IE1hbmFnZWRQb2xpY3lHcmFudFByaW5jaXBhbCh0aGlzKTtcblxuICAgIHRoaXMubm9kZS5hZGRWYWxpZGF0aW9uKHsgdmFsaWRhdGU6ICgpID0+IHRoaXMudmFsaWRhdGVNYW5hZ2VkUG9saWN5KCkgfSk7XG4gIH1cblxuICAvKipcbiAgICogQWRkcyBhIHN0YXRlbWVudCB0byB0aGUgcG9saWN5IGRvY3VtZW50LlxuICAgKi9cbiAgcHVibGljIGFkZFN0YXRlbWVudHMoLi4uc3RhdGVtZW50OiBQb2xpY3lTdGF0ZW1lbnRbXSkge1xuICAgIHRoaXMuZG9jdW1lbnQuYWRkU3RhdGVtZW50cyguLi5zdGF0ZW1lbnQpO1xuICB9XG5cbiAgcHJpdmF0ZSB2YWxpZGF0ZU1hbmFnZWRQb2xpY3koKTogc3RyaW5nW10ge1xuICAgIGNvbnN0IHJlc3VsdCA9IG5ldyBBcnJheTxzdHJpbmc+KCk7XG5cbiAgICAvLyB2YWxpZGF0ZSB0aGF0IHRoZSBwb2xpY3kgZG9jdW1lbnQgaXMgbm90IGVtcHR5XG4gICAgaWYgKHRoaXMuZG9jdW1lbnQuaXNFbXB0eSkge1xuICAgICAgcmVzdWx0LnB1c2goXG4gICAgICAgIFwiTWFuYWdlZCBQb2xpY3kgaXMgZW1wdHkuIFlvdSBtdXN0IGFkZCBzdGF0ZW1lbnRzIHRvIHRoZSBwb2xpY3lcIixcbiAgICAgICk7XG4gICAgfVxuXG4gICAgcmVzdWx0LnB1c2goLi4udGhpcy5kb2N1bWVudC52YWxpZGF0ZUZvcklkZW50aXR5UG9saWN5KCkpO1xuICAgIHJldHVybiByZXN1bHQ7XG4gIH1cbn1cblxuY2xhc3MgTWFuYWdlZFBvbGljeUdyYW50UHJpbmNpcGFsIGltcGxlbWVudHMgSVByaW5jaXBhbCB7XG4gIHB1YmxpYyByZWFkb25seSBhc3N1bWVSb2xlQWN0aW9uID0gXCJzdHM6QXNzdW1lUm9sZVwiO1xuICBwdWJsaWMgcmVhZG9ubHkgZ3JhbnRQcmluY2lwYWw6IElQcmluY2lwYWw7XG4gIHB1YmxpYyByZWFkb25seSBwcmluY2lwYWxBY2NvdW50Pzogc3RyaW5nO1xuXG4gIGNvbnN0cnVjdG9yKHByaXZhdGUgX21hbmFnZWRQb2xpY3k6IE1hbmFnZWRQb2xpY3kpIHtcbiAgICB0aGlzLmdyYW50UHJpbmNpcGFsID0gdGhpcztcbiAgICB0aGlzLnByaW5jaXBhbEFjY291bnQgPSBfbWFuYWdlZFBvbGljeS5lbnYuYWNjb3VudDtcbiAgfVxuXG4gIHB1YmxpYyBnZXQgcG9saWN5RnJhZ21lbnQoKTogUHJpbmNpcGFsUG9saWN5RnJhZ21lbnQge1xuICAgIC8vIFRoaXMgcHJvcGVydHkgaXMgcmVmZXJlbmNlZCB0byBhZGQgcG9saWN5IHN0YXRlbWVudHMgYXMgYSByZXNvdXJjZS1iYXNlZCBwb2xpY3kuXG4gICAgLy8gV2Ugc2hvdWxkIGZhaWwgYmVjYXVzZSBhIG1hbmFnZWQgcG9saWN5IGNhbm5vdCBiZSB1c2VkIGFzIGEgcHJpbmNpcGFsIG9mIGEgcG9saWN5IGRvY3VtZW50LlxuICAgIC8vIGNmLiBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vSUFNL2xhdGVzdC9Vc2VyR3VpZGUvcmVmZXJlbmNlX3BvbGljaWVzX2VsZW1lbnRzX3ByaW5jaXBhbC5odG1sI1ByaW5jaXBhbF9zcGVjaWZ5aW5nXG4gICAgdGhyb3cgbmV3IEVycm9yKFxuICAgICAgYENhbm5vdCB1c2UgYSBNYW5hZ2VkUG9saWN5ICcke3RoaXMuX21hbmFnZWRQb2xpY3kubm9kZS5wYXRofScgYXMgdGhlICdQcmluY2lwYWwnIG9yICdOb3RQcmluY2lwYWwnIGluIGFuIElBTSBQb2xpY3lgLFxuICAgICk7XG4gIH1cblxuICBwdWJsaWMgYWRkVG9Qb2xpY3koc3RhdGVtZW50OiBQb2xpY3lTdGF0ZW1lbnQpOiBib29sZWFuIHtcbiAgICByZXR1cm4gdGhpcy5hZGRUb1ByaW5jaXBhbFBvbGljeShzdGF0ZW1lbnQpLnN0YXRlbWVudEFkZGVkO1xuICB9XG5cbiAgcHVibGljIGFkZFRvUHJpbmNpcGFsUG9saWN5KFxuICAgIHN0YXRlbWVudDogUG9saWN5U3RhdGVtZW50LFxuICApOiBBZGRUb1ByaW5jaXBhbFBvbGljeVJlc3VsdCB7XG4gICAgdGhpcy5fbWFuYWdlZFBvbGljeS5hZGRTdGF0ZW1lbnRzKHN0YXRlbWVudCk7XG4gICAgcmV0dXJuIHsgc3RhdGVtZW50QWRkZWQ6IHRydWUsIHBvbGljeURlcGVuZGFibGU6IHRoaXMuX21hbmFnZWRQb2xpY3kgfTtcbiAgfVxufVxuIl19

package/lib/aws/iam/oidc-provider.d.ts

@@ -0,0 +1,120 @@
+import { iamOpenidConnectProvider } from "@cdktf/provider-aws";
+import { Construct } from "constructs";
+import { IAwsConstruct, AwsConstructBase, AwsConstructProps } from "../aws-construct";
+export interface OpenIdConnectProviderOutputs {
+    /**
+     * The Amazon Resource Name (ARN) of the IAM OpenID Connect provider.
+     * @stability stable
+     */
+    readonly arn: string;
+    /**
+     * The issuer for OIDC Provider
+     * @stability stable
+     */
+    readonly issuer: string;
+}
+/**
+ * Represents an IAM OpenID Connect provider.
+ *
+ */
+export interface IOpenIdConnectProvider extends IAwsConstruct {
+    readonly openIdConnectProviderOutputs: OpenIdConnectProviderOutputs;
+    /**
+     * The Amazon Resource Name (ARN) of the IAM OpenID Connect provider.
+     */
+    readonly openIdConnectProviderArn: string;
+    /**
+     * The issuer for OIDC Provider
+     */
+    readonly openIdConnectProviderIssuer: string;
+}
+/**
+ * Initialization properties for `OpenIdConnectProvider`.
+ */
+export interface OpenIdConnectProviderProps extends AwsConstructProps {
+    /**
+     * The URL of the identity provider. The URL must begin with https:// and
+     * should correspond to the iss claim in the provider's OpenID Connect ID
+     * tokens. Per the OIDC standard, path components are allowed but query
+     * parameters are not. Typically the URL consists of only a hostname, like
+     * https://server.example.org or https://example.com.
+     *
+     * You cannot register the same provider multiple times in a single AWS
+     * account. If you try to submit a URL that has already been used for an
+     * OpenID Connect provider in the AWS account, you will get an error.
+     */
+    readonly url: string;
+    /**
+     * A list of client IDs (also known as audiences). When a mobile or web app
+     * registers with an OpenID Connect provider, they establish a value that
+     * identifies the application. (This is the value that's sent as the client_id
+     * parameter on OAuth requests.)
+     *
+     * You can register multiple client IDs with the same provider. For example,
+     * you might have multiple applications that use the same OIDC provider. You
+     * cannot register more than 100 client IDs with a single IAM OIDC provider.
+     *
+     * Client IDs are up to 255 characters long.
+     */
+    readonly clientIds: string[];
+    /**
+     * A list of server certificate thumbprints for the OpenID Connect (OIDC)
+     * identity provider's server certificates.
+     *
+     * AWS secures communication with OIDC identity providers (IdPs) using our
+     * library of trusted root certificate authorities (CAs) to verify the
+     * JSON Web Key Set (JWKS) endpoint's TLS certificate.
+     *
+     * If your OIDC IdP relies on a certificate that is not signed by one of
+     * these trusted CAs, only then we secure communication using the
+     * thumbprints set in the IdP's configuration.
+     *
+     * AWS will fall back to thumbprint verification if we are unable to retrieve
+     * the TLS certificate or if TLS v1.3 is required.
+     *
+     * See [AWS OIDC Docs](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html#manage-oidc-provider-console)
+     */
+    readonly thumbprints?: string[];
+}
+/**
+ * IAM OIDC identity providers are entities in IAM that describe an external
+ * identity provider (IdP) service that supports the OpenID Connect (OIDC)
+ * standard, such as Google or Salesforce. You use an IAM OIDC identity provider
+ * when you want to establish trust between an OIDC-compatible IdP and your AWS
+ * account. This is useful when creating a mobile app or web application that
+ * requires access to AWS resources, but you don't want to create custom sign-in
+ * code or manage your own user identities.
+ *
+ * @see http://openid.net/connect
+ * @see https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
+ *
+ * @resource AWS::CloudFormation::CustomResource
+ */
+export declare class OpenIdConnectProvider extends AwsConstructBase implements IOpenIdConnectProvider {
+    /**
+     * Imports an Open ID connect provider from an ARN.
+     * @param scope The definition scope
+     * @param id ID of the construct
+     * @param openIdConnectProviderArn the ARN to import
+     */
+    static fromOpenIdConnectProviderArn(scope: Construct, id: string, openIdConnectProviderArn: string): IOpenIdConnectProvider;
+    readonly openIdConnectProviderOutputs: OpenIdConnectProviderOutputs;
+    get outputs(): Record<string, any>;
+    readonly resource: iamOpenidConnectProvider.IamOpenidConnectProvider;
+    /**
+     * The Amazon Resource Name (ARN) of the IAM OpenID Connect provider.
+     */
+    readonly openIdConnectProviderArn: string;
+    readonly openIdConnectProviderIssuer: string;
+    /**
+     * The thumbprints configured for this provider.
+     */
+    readonly openIdConnectProviderthumbprints: string[];
+    /**
+     * Defines an OpenID Connect provider.
+     * @param scope The definition scope
+     * @param id Construct ID
+     * @param props Initialization properties
+     */
+    constructor(scope: Construct, id: string, props: OpenIdConnectProviderProps);
+}