token-injectable-docker-builder 1.12.2 → 1.13.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/.jsii +46 -27
  2. package/API.md +22 -0
  3. package/README.md +3 -2
  4. package/isComplete/isComplete.js +35 -1
  5. package/lib/index.d.ts +14 -0
  6. package/lib/index.js +50 -15
  7. package/package.json +1 -1
package/.jsii CHANGED
@@ -8536,7 +8536,7 @@
8536
8536
  },
8537
8537
  "name": "token-injectable-docker-builder",
8538
8538
  "readme": {
8539
- "markdown": "# TokenInjectableDockerBuilder\n\nThe `TokenInjectableDockerBuilder` is a flexible AWS CDK construct that enables the usage of AWS CDK tokens in the building, pushing, and deployment of Docker images to Amazon Elastic Container Registry (ECR). It leverages AWS CodeBuild and Lambda custom resources.\n\n---\n\n## Why?\n\nAWS CDK already provides mechanisms for creating deployable assets using Docker, such as [DockerImageAsset](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecr_assets.DockerImageAsset.html) and [DockerImageCode](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_lambda.DockerImageCode.html), but these constructs are limited because they cannot accept CDK tokens as build-args. The `TokenInjectableDockerBuilder` allows injecting CDK tokens as build-time arguments into Docker-based assets, enabling more dynamic dependency relationships.\n\nFor example, a Next.js frontend Docker image may require an API Gateway URL as an argument to create a reference from the UI to the associated API in a given deployment. With this construct, you can deploy the API Gateway first, then pass its URL as a build-time argument to the Next.js Docker image. As a result, your Next.js frontend can dynamically fetch data from the API Gateway without hardcoding the URL or needing multiple separate stacks.\n\n---\n\n## Features\n\n- **Build and Push Docker Images**: Automatically builds and pushes Docker images to ECR.\n- **Token Support**: Supports custom build arguments for Docker builds, including CDK tokens resolved at deployment time.\n- **Shared Provider (Singleton)**: When building multiple Docker images in the same stack, use `TokenInjectableDockerBuilderProvider` to share a single pair of Lambda functions across all builders, reducing resource overhead from ~2 Lambdas per image to 2 Lambdas total.\n- **Custom Install and Pre-Build Commands**: Allows specifying custom commands to run during the `install` and `pre_build` phases of the CodeBuild build process.\n- **VPC Configuration**: Supports deploying the CodeBuild project within a VPC, with customizable security groups and subnet selection.\n- **Docker Login**: Supports Docker login using credentials stored in AWS Secrets Manager.\n- **ECR Repository Management**: Creates an ECR repository with lifecycle rules and encryption.\n- **Integration with ECS and Lambda**: Provides outputs for use in AWS ECS and AWS Lambda.\n- **Custom Build Query Interval**: Configure how frequently the custom resource polls for build completion using the `completenessQueryInterval` property (defaults to 30 seconds).\n- **Custom Dockerfile**: Specify a custom Dockerfile name via the `file` property (e.g. `Dockerfile.production`), allowing multiple Docker images from the same source directory.\n- **ECR Docker Layer Caching**: By default, builds use `docker buildx` with ECR as a remote cache backend, reducing build times by reusing layers across deploys. Set `cacheDisabled: true` to force a clean build from scratch.\n- **Platform Support**: Build images for `linux/amd64` (x86_64) or `linux/arm64` (Graviton) using native CodeBuild instances — no emulation, no QEMU. ARM builds are faster and cheaper.\n- **Persistent Build Logs**: Pass `buildLogGroup` with a log group that has RETAIN removal policy so build logs survive rollbacks and stack deletion for debugging.\n- **ECR Pull-Through Cache**: When your Dockerfile uses base images from ECR pull-through cache (e.g. `docker-hub/library/node:20-slim`, `ghcr/org/image:tag`), pass `ecrPullThroughCachePrefixes` to grant the CodeBuild role pull access to those cache prefixes.\n\n---\n\n## Installation\n\n### For NPM\n\nInstall the construct using NPM:\n\n```bash\nnpm install token-injectable-docker-builder\n```\n\n### For Python\n\nInstall the construct using pip:\n\n```bash\npip install token-injectable-docker-builder\n```\n\n---\n\n## API Reference\n\n### `TokenInjectableDockerBuilderProvider`\n\nA singleton construct that creates the `onEvent` and `isComplete` Lambda functions once per stack. When building multiple Docker images, share a single provider to avoid creating redundant Lambda functions.\n\n#### Static Methods\n\n| Method | Description |\n|---|---|\n| `getOrCreate(scope, props?)` | Returns the existing provider for the stack, or creates one if it doesn't exist. |\n\n#### Properties in `TokenInjectableDockerBuilderProviderProps`\n\n| Property | Type | Required | Description |\n|---|---|---|---|\n| `queryInterval` | `Duration` | No | How often the provider polls for build completion. Defaults to `Duration.seconds(30)`. |\n\n#### Instance Properties\n\n| Property | Type | Description |\n|---|---|---|\n| `serviceToken` | `string` | The service token used by CustomResource instances. |\n\n#### Instance Methods\n\n| Method | Description |\n|---|---|\n| `registerProject(project, ecrRepo, encryptionKey?)` | Grants the shared Lambdas permission to start builds and access ECR for a specific CodeBuild project. Called automatically when `provider` is passed to `TokenInjectableDockerBuilder`. |\n\n---\n\n### `TokenInjectableDockerBuilder`\n\n#### Parameters\n\n- **`scope`**: The construct's parent scope.\n- **`id`**: The construct ID.\n- **`props`**: Configuration properties.\n\n#### Properties in `TokenInjectableDockerBuilderProps`\n\n| Property | Type | Required | Description |\n|----------------------------|-----------------------------|----------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| `path` | `string` | Yes | The file path to the Dockerfile or source code directory. |\n| `buildArgs` | `{ [key: string]: string }` | No | Build arguments to pass to the Docker build process. These are transformed into `--build-arg` flags. To use in Dockerfile, leverage the `ARG` keyword. For more details, please see the [official Docker docs](https://docs.docker.com/build/building/variables/). |\n| `provider` | `TokenInjectableDockerBuilderProvider` | No | Shared provider for the custom resource Lambdas. Use `TokenInjectableDockerBuilderProvider.getOrCreate(this)` to share a single pair of Lambdas across all builders in the same stack. When omitted, each builder creates its own Lambdas (original behavior). |\n| `dockerLoginSecretArn` | `string` | No | ARN of an AWS Secrets Manager secret for Docker credentials. Skips login if not provided. |\n| `vpc` | `IVpc` | No | The VPC in which the CodeBuild project will be deployed. If provided, the CodeBuild project will be launched within the specified VPC. |\n| `securityGroups` | `ISecurityGroup[]` | No | The security groups to attach to the CodeBuild project. These should define the network access rules for the CodeBuild project. |\n| `subnetSelection` | `SubnetSelection` | No | The subnet selection to specify which subnets to use within the VPC. Allows the user to select private, public, or isolated subnets. |\n| `installCommands` | `string[]` | No | Custom commands to run during the `install` phase of the CodeBuild build process. Will be executed before the Docker image is built. Useful for installing necessary dependencies for running pre-build scripts. |\n| `preBuildCommands` | `string[]` | No | Custom commands to run during the `pre_build` phase of the CodeBuild build process. Will be executed before the Docker image is built. Useful for running pre-build scripts, such as fetching configs. |\n| `kmsEncryption` | `boolean` | No | Whether to enable KMS encryption for the ECR repository. If `true`, a KMS key will be created for encrypting ECR images; otherwise, AES-256 encryption is used. Defaults to `false`. |\n| `completenessQueryInterval`| `Duration` | No | The query interval for checking if the CodeBuild project has completed. This determines how frequently the custom resource polls for build completion. Defaults to `Duration.seconds(30)`. Ignored when `provider` is set (the provider's `queryInterval` is used instead). |\n| `exclude` | `string[]` | No | A list of file paths in the Docker directory to exclude from the S3 asset bundle. If a `.dockerignore` file is present in the source directory, its contents will be used if this prop is not set. Defaults to an empty list or `.dockerignore` contents. |\n| `file` | `string` | No | The name of the Dockerfile to use for the build. Passed as `--file` to `docker build`. Useful when a project has multiple Dockerfiles (e.g. `Dockerfile.production`, `Dockerfile.admin`). Defaults to `Dockerfile`. |\n| `cacheDisabled` | `boolean` | No | When `true`, disables Docker layer caching. Every build runs from scratch. Use for debugging, corrupted cache, or major dependency changes. Defaults to `false`. |\n| `platform` | `'linux/amd64' \\| 'linux/arm64'` | No | Target platform for the Docker image. When set to `'linux/arm64'`, uses a native ARM/Graviton CodeBuild instance for fast builds without emulation. Defaults to `'linux/amd64'`. |\n| `buildLogGroup` | `ILogGroup` | No | CloudWatch log group for CodeBuild build logs. When provided with RETAIN removal policy, logs survive rollbacks and stack deletion. If not provided, CodeBuild uses default logging (logs are deleted on rollback). |\n| `ecrPullThroughCachePrefixes` | `string[]` | No | ECR pull-through cache repository prefixes to grant pull access to. Use when your Dockerfile references base images from ECR pull-through cache (e.g. `docker-hub/library/node:20-slim`, `ghcr/org/image:tag`). The CodeBuild role is granted `ecr:BatchGetImage`, `ecr:GetDownloadUrlForLayer`, and `ecr:BatchCheckLayerAvailability` on repositories matching each prefix. Example: `['docker-hub', 'ghcr']`. Defaults to no pull-through cache access. |\n\n#### Instance Properties\n\n| Property | Type | Description |\n|---|---|---|\n| `containerImage` | `ContainerImage` | An ECS-compatible container image referencing the built Docker image. |\n| `dockerImageCode` | `DockerImageCode` | A Lambda-compatible Docker image code referencing the built Docker image. |\n\n---\n\n## Usage Examples\n\n### Shared Provider (Recommended for Multiple Images)\n\nWhen building multiple Docker images in the same stack, use a shared provider to avoid creating redundant Lambda functions. Without a shared provider, each builder creates 2 Lambdas + 1 Provider framework Lambda. With 10 images, that's 30 Lambdas. A shared provider reduces this to just 3 Lambdas total.\n\n#### TypeScript/NPM Example\n\n```typescript\nimport * as cdk from 'aws-cdk-lib';\nimport {\n TokenInjectableDockerBuilder,\n TokenInjectableDockerBuilderProvider,\n} from 'token-injectable-docker-builder';\nimport * as ecs from 'aws-cdk-lib/aws-ecs';\n\nexport class MultiImageStack extends cdk.Stack {\n constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {\n super(scope, id, props);\n\n // Create a shared provider once per stack (singleton)\n const provider = TokenInjectableDockerBuilderProvider.getOrCreate(this);\n\n // Build multiple Docker images sharing the same provider\n const apiBuilder = new TokenInjectableDockerBuilder(this, 'ApiImage', {\n path: './src/api',\n provider,\n });\n\n const workerBuilder = new TokenInjectableDockerBuilder(this, 'WorkerImage', {\n path: './src/worker',\n provider,\n });\n\n const frontendBuilder = new TokenInjectableDockerBuilder(this, 'FrontendImage', {\n path: './src/frontend',\n buildArgs: { API_URL: 'https://api.example.com' },\n platform: 'linux/arm64', // Build natively on Graviton\n provider,\n });\n\n // Use in ECS task definitions\n const taskDef = new ecs.FargateTaskDefinition(this, 'TaskDef');\n taskDef.addContainer('api', { image: apiBuilder.containerImage });\n taskDef.addContainer('worker', { image: workerBuilder.containerImage });\n }\n}\n```\n\n#### Python Example\n\n```python\nfrom aws_cdk import aws_ecs as ecs, core as cdk\nfrom token_injectable_docker_builder import (\n TokenInjectableDockerBuilder,\n TokenInjectableDockerBuilderProvider,\n)\n\nclass MultiImageStack(cdk.Stack):\n def __init__(self, scope: cdk.App, id: str, **kwargs):\n super().__init__(scope, id, **kwargs)\n\n # Create a shared provider once per stack (singleton)\n provider = TokenInjectableDockerBuilderProvider.get_or_create(self)\n\n # Build multiple Docker images sharing the same provider\n api_builder = TokenInjectableDockerBuilder(self, \"ApiImage\",\n path=\"./src/api\",\n provider=provider,\n )\n\n worker_builder = TokenInjectableDockerBuilder(self, \"WorkerImage\",\n path=\"./src/worker\",\n provider=provider,\n )\n\n frontend_builder = TokenInjectableDockerBuilder(self, \"FrontendImage\",\n path=\"./src/frontend\",\n build_args={\"API_URL\": \"https://api.example.com\"},\n provider=provider,\n )\n```\n\n### Simple Usage Example\n\nThis example demonstrates the basic usage of the `TokenInjectableDockerBuilder`, where a Next.js frontend Docker image requires an API Gateway URL as a build argument to create a reference from the UI to the associated API in a given deployment.\n\n#### TypeScript/NPM Example\n\n```typescript\nimport * as cdk from 'aws-cdk-lib';\nimport { TokenInjectableDockerBuilder } from 'token-injectable-docker-builder';\nimport * as ecs from 'aws-cdk-lib/aws-ecs';\nimport * as ec2 from 'aws-cdk-lib/aws-ec2';\nimport * as apigateway from 'aws-cdk-lib/aws-apigateway';\n\nexport class SimpleStack extends cdk.Stack {\n constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {\n super(scope, id, props);\n\n // Create your API Gateway\n const api = new apigateway.RestApi(this, 'MyApiGateway', {\n restApiName: 'MyService',\n });\n\n // Create the Docker builder\n const dockerBuilder = new TokenInjectableDockerBuilder(this, 'SimpleDockerBuilder', {\n path: './nextjs-app', // Path to your Next.js app Docker context\n buildArgs: {\n API_URL: api.url, // Pass the API Gateway URL as a build argument\n },\n // Optionally override the default completeness query interval:\n // completenessQueryInterval: cdk.Duration.seconds(45),\n });\n\n // Use in ECS\n const cluster = new ecs.Cluster(this, 'EcsCluster', {\n vpc: new ec2.Vpc(this, 'Vpc'),\n });\n\n const service = new ecs.FargateService(this, 'FargateService', {\n cluster,\n taskDefinition: new ecs.FargateTaskDefinition(this, 'TaskDef', {\n cpu: 512,\n memoryLimitMiB: 1024,\n }).addContainer('Container', {\n image: dockerBuilder.containerImage,\n logging: ecs.LogDriver.awsLogs({ streamPrefix: 'MyApp' }),\n }),\n });\n\n service.node.addDependency(dockerBuilder);\n }\n}\n```\n\n#### Python Example\n\n```python\nfrom aws_cdk import (\n aws_ecs as ecs,\n aws_ec2 as ec2,\n aws_apigateway as apigateway,\n Duration,\n core as cdk,\n)\nfrom token_injectable_docker_builder import TokenInjectableDockerBuilder\n\nclass SimpleStack(cdk.Stack):\n\n def __init__(self, scope: cdk.App, id: str, **kwargs):\n super().__init__(scope, id, **kwargs)\n\n # Create your API Gateway\n api = apigateway.RestApi(self, \"MyApiGateway\",\n rest_api_name=\"MyService\",\n )\n\n # Create the Docker builder\n docker_builder = TokenInjectableDockerBuilder(self, \"SimpleDockerBuilder\",\n path=\"./nextjs-app\", # Path to your Next.js app Docker context\n build_args={\n \"API_URL\": api.url, # Pass the API Gateway URL as a build argument\n },\n # Optionally override the default completeness query interval:\n # completeness_query_interval=Duration.seconds(45)\n )\n\n # Use in ECS\n vpc = ec2.Vpc(self, \"Vpc\")\n cluster = ecs.Cluster(self, \"EcsCluster\", vpc=vpc)\n\n task_definition = ecs.FargateTaskDefinition(self, \"TaskDef\",\n cpu=512,\n memory_limit_mib=1024,\n )\n\n task_definition.node.add_dependency(docker_builder)\n\n task_definition.add_container(\"Container\",\n image=docker_builder.container_image,\n logging=ecs.LogDriver.aws_logs(stream_prefix=\"MyApp\"),\n )\n\n ecs.FargateService(self, \"FargateService\",\n cluster=cluster,\n task_definition=task_definition,\n )\n```\n\n---\n\n### Advanced Usage Example\n\nBuilding on the previous example, this advanced usage demonstrates how to include additional configurations, such as fetching private API endpoints and configuration files during the build process.\n\n#### TypeScript/NPM Example\n\n```typescript\nimport * as cdk from 'aws-cdk-lib';\nimport { TokenInjectableDockerBuilder } from 'token-injectable-docker-builder';\nimport * as ecs from 'aws-cdk-lib/aws-ecs';\nimport * as ec2 from 'aws-cdk-lib/aws-ec2';\nimport * as apigateway from 'aws-cdk-lib/aws-apigateway';\n\nexport class AdvancedStack extends cdk.Stack {\n constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {\n super(scope, id, props);\n\n // Create your API Gateway\n const api = new apigateway.RestApi(this, 'MyApiGateway', {\n restApiName: 'MyService',\n });\n\n // VPC and Security Group for CodeBuild\n const vpc = new ec2.Vpc(this, 'MyVpc');\n const securityGroup = new ec2.SecurityGroup(this, 'MySecurityGroup', {\n vpc,\n });\n\n // Create the Docker builder with additional pre-build commands\n const dockerBuilder = new TokenInjectableDockerBuilder(this, 'AdvancedDockerBuilder', {\n path: './nextjs-app',\n buildArgs: {\n API_URL: api.url,\n },\n vpc,\n securityGroups: [securityGroup],\n subnetSelection: { subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS },\n installCommands: [\n 'echo \"Updating package lists...\"',\n 'apt-get update -y',\n 'echo \"Installing necessary packages...\"',\n 'apt-get install -y curl',\n ],\n preBuildCommands: [\n 'echo \"Fetching private API configuration...\"',\n // Replace with your actual command to fetch configs\n 'curl -o config.json https://internal-api.example.com/config',\n ],\n // Optionally override the default completeness query interval:\n // completenessQueryInterval: cdk.Duration.seconds(45),\n });\n\n // Use in ECS\n const cluster = new ecs.Cluster(this, 'EcsCluster', { vpc });\n\n const service = new ecs.FargateService(this, 'FargateService', {\n cluster,\n taskDefinition: new ecs.FargateTaskDefinition(this, 'TaskDef', {\n cpu: 512,\n memoryLimitMiB: 1024,\n }).addContainer('Container', {\n image: dockerBuilder.containerImage,\n logging: ecs.LogDriver.awsLogs({ streamPrefix: 'MyApp' }),\n }),\n });\n\n service.node.addDependency(dockerBuilder);\n }\n}\n```\n\n#### Python Example\n\n```python\nfrom aws_cdk import (\n aws_ecs as ecs,\n aws_ec2 as ec2,\n aws_apigateway as apigateway,\n Duration,\n core as cdk,\n)\nfrom token_injectable_docker_builder import TokenInjectableDockerBuilder\n\nclass AdvancedStack(cdk.Stack):\n\n def __init__(self, scope: cdk.App, id: str, **kwargs):\n super().__init__(scope, id, **kwargs)\n\n # Create your API Gateway\n api = apigateway.RestApi(self, \"MyApiGateway\",\n rest_api_name=\"MyService\",\n )\n\n # VPC and Security Group for CodeBuild\n vpc = ec2.Vpc(self, \"MyVpc\")\n security_group = ec2.SecurityGroup(self, \"MySecurityGroup\", vpc=vpc)\n\n # Create the Docker builder with additional pre-build commands\n docker_builder = TokenInjectableDockerBuilder(self, \"AdvancedDockerBuilder\",\n path=\"./nextjs-app\",\n build_args={\n \"API_URL\": api.url,\n },\n vpc=vpc,\n security_groups=[security_group],\n subnet_selection=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PRIVATE_WITH_EGRESS),\n install_commands=[\n 'echo \"Updating package lists...\"',\n 'apt-get update -y',\n 'echo \"Installing necessary packages...\"',\n 'apt-get install -y curl',\n ],\n pre_build_commands=[\n 'echo \"Fetching private API configuration...\"',\n # Replace with your actual command to fetch configs\n 'curl -o config.json https://internal-api.example.com/config',\n ],\n # Optionally override the default completeness query interval:\n # completeness_query_interval=Duration.seconds(45)\n )\n\n # Use in ECS\n cluster = ecs.Cluster(self, \"EcsCluster\", vpc=vpc)\n\n task_definition = ecs.FargateTaskDefinition(self, \"TaskDef\",\n cpu=512,\n memory_limit_mib=1024,\n )\n\n task_definition.node.add_dependency(docker_builder)\n\n task_definition.add_container(\"Container\",\n image=docker_builder.container_image,\n logging=ecs.LogDriver.aws_logs(stream_prefix=\"MyApp\"),\n )\n\n ecs.FargateService(self, \"FargateService\",\n cluster=cluster,\n task_definition=task_definition,\n )\n```\n\n### ECR Pull-Through Cache Example\n\nWhen your Dockerfile uses base images from an ECR pull-through cache (e.g. to avoid Docker Hub rate limits), pass `ecrPullThroughCachePrefixes` so the CodeBuild role can pull those images:\n\n```typescript\nimport * as cdk from 'aws-cdk-lib';\nimport {\n TokenInjectableDockerBuilder,\n TokenInjectableDockerBuilderProvider,\n} from 'token-injectable-docker-builder';\nimport * as lambda from 'aws-cdk-lib/aws-lambda';\n\nexport class PullThroughCacheStack extends cdk.Stack {\n constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {\n super(scope, id, props);\n\n const provider = TokenInjectableDockerBuilderProvider.getOrCreate(this);\n const node20Slim = `${this.account}.dkr.ecr.${this.region}.amazonaws.com/docker-hub/library/node:20-slim`;\n\n const apiImage = new TokenInjectableDockerBuilder(this, 'ApiImage', {\n path: './src',\n file: 'api/Dockerfile',\n platform: 'linux/arm64',\n provider,\n buildArgs: { NODE_20_SLIM: node20Slim },\n ecrPullThroughCachePrefixes: ['docker-hub', 'ghcr'],\n });\n\n new lambda.DockerImageFunction(this, 'ApiLambda', {\n code: apiImage.dockerImageCode,\n architecture: lambda.Architecture.ARM_64,\n });\n }\n}\n```\n\n---\n\nIn this advanced example:\n\n- **VPC Configuration**: The CodeBuild project is configured to run inside a VPC with specified security groups and subnet selection, allowing it to access internal resources such as a private API endpoint.\n- **Custom Install and Pre-Build Commands**: The `installCommands` and `preBuildCommands` properties are used to install necessary packages and fetch configuration files from a private API before building the Docker image.\n- **Access to Internal APIs**: By running inside a VPC and configuring the security groups appropriately, the CodeBuild project can access private endpoints not accessible over the public internet.\n\n---\n\n## How It Works\n\n1. **Docker Source**: Packages the source code or Dockerfile specified in the `path` property as an S3 asset.\n2. **CodeBuild Project**:\n - Uses the packaged asset and `buildArgs` to build the Docker image.\n - Executes any custom `installCommands` and `preBuildCommands` during the build process.\n - Pushes the image to an ECR repository.\n - By default, uses `docker buildx` with ECR registry cache to speed up builds.\n3. **Custom Resource**:\n - Triggers the build process using a Lambda function (`onEvent`).\n - Monitors the build status using another Lambda function (`isComplete`) which polls at the interval specified by `completenessQueryInterval` (defaulting to 30 seconds if not provided).\n - When using a shared `provider`, the same pair of Lambdas handles all builders in the stack.\n4. **Outputs**:\n - `.containerImage`: Returns the Docker image for ECS.\n - `.dockerImageCode`: Returns the Docker image code for Lambda.\n\n### Resource Comparison\n\n| Scenario | Lambdas Created | CodeBuild Projects | ECR Repos |\n|---|---|---|---|\n| 5 images, no shared provider | 15 (3 per image) | 5 | 5 |\n| 5 images, shared provider | 3 (shared) | 5 | 5 |\n| 10 images, no shared provider | 30 (3 per image) | 10 | 10 |\n| 10 images, shared provider | 3 (shared) | 10 | 10 |\n\n---\n\n## IAM Permissions\n\nThe construct automatically grants permissions for:\n\n- **CodeBuild**:\n - Pull and push images to ECR.\n - Pull from ECR pull-through cache prefixes when `ecrPullThroughCachePrefixes` is provided (e.g. `['docker-hub', 'ghcr']`).\n - Access to AWS Secrets Manager if `dockerLoginSecretArn` is provided.\n - Access to the KMS key for encryption.\n- **Lambda Functions** (per-instance or shared provider):\n - Start and monitor CodeBuild builds.\n - Access CloudWatch Logs.\n - Access to the KMS key for encryption.\n - Pull and push images to ECR.\n\nWhen using the shared provider, `registerProject()` incrementally adds IAM permissions for each CodeBuild project and ECR repository.\n\n---\n\n## Notes\n\n- **Shared Provider**: Use `TokenInjectableDockerBuilderProvider.getOrCreate(this)` when building multiple images in the same stack. This is the recommended approach for stacks with 2+ Docker images.\n- **Build Arguments**: Pass custom arguments via `buildArgs` as `--build-arg` flags. CDK tokens can be used to inject dynamic values resolved at deployment time.\n- **Custom Commands**: Use `installCommands` and `preBuildCommands` to run custom shell commands during the build process. This can be useful for installing dependencies or fetching configuration files.\n- **VPC Configuration**: If your build process requires access to resources within a VPC, you can specify the VPC, security groups, and subnet selection.\n- **Docker Login**: If you need to log in to a private Docker registry before building the image, provide the ARN of a secret in AWS Secrets Manager containing the Docker credentials.\n- **ECR Repository**: Automatically creates an ECR repository with lifecycle rules to manage image retention, encryption with a KMS key, and image scanning on push.\n- **Build Query Interval**: The polling frequency for checking build completion can be customized via the `completenessQueryInterval` property (per-instance) or `queryInterval` (shared provider).\n- **Custom Dockerfile**: Use the `file` property to specify a Dockerfile other than the default `Dockerfile`. This is passed as the `--file` flag to `docker build`.\n- **Docker Layer Caching**: By default, builds use ECR as a remote cache backend (via `docker buildx`), which can reduce build times by up to 25%. Set `cacheDisabled: true` when you need a clean build—for example, when debugging, the cache is corrupted, or after major dependency upgrades.\n- **Platform / Architecture**: Set `platform: 'linux/arm64'` to build ARM64/Graviton images using a native ARM CodeBuild instance. Defaults to `'linux/amd64'` (x86_64). Native builds are faster and cheaper than cross-compilation with QEMU.\n- **Build Log Retention**: Pass `buildLogGroup` with a log group that has RETAIN removal policy to ensure build logs survive CloudFormation rollbacks and stack deletion.\n- **ECR Pull-Through Cache**: When using ECR pull-through cache for base images (e.g. to avoid Docker Hub rate limits), pass `ecrPullThroughCachePrefixes: ['docker-hub', 'ghcr']` so the CodeBuild role can pull from those cached repositories. Your ECR registry must have a pull-through cache rule and registry policy configured separately.\n- **Backward Compatibility**: The `provider` prop is optional. Omitting it preserves the original behavior where each builder creates its own Lambdas. Existing code works without changes.\n\n---\n\n## Troubleshooting\n\n1. **Build Errors**: Check the CodeBuild logs in CloudWatch Logs for detailed error messages. If you pass `buildLogGroup` with RETAIN removal policy, logs persist even after rollbacks. Otherwise, logs are deleted when the CodeBuild project is removed during rollback.\n2. **Lambda Errors**: Check the `onEvent` and `isComplete` Lambda function logs in CloudWatch Logs. With a shared provider, both builders' events flow through the same Lambdas—filter by `ProjectName` in the logs.\n3. **\"Image manifest, config or layer media type not supported\" (Lambda)**: Docker Buildx v0.10+ adds provenance attestations by default, producing OCI image indexes that Lambda rejects. This construct disables them with `--provenance=false --sbom=false` so images are Lambda-compatible. If you see this error, ensure you're using a recent version of the construct.\n4. **Permissions**: Ensure IAM roles have the required permissions for CodeBuild, ECR, Secrets Manager, and KMS if applicable. When using a shared provider, verify that `registerProject()` was called for each builder (this happens automatically when passing the `provider` prop).\n5. **Network Access**: If the build requires network access (e.g., to download dependencies or access internal APIs), ensure that the VPC configuration allows necessary network connectivity, and adjust security group rules accordingly.\n\n---\n\n## Support\n\nFor issues or feature requests, please open an issue on [GitHub](https://github.com/AlexTech314/TokenInjectableDockerBuilder).\n\n---\n\n## Reference Links\n\n[![View on Construct Hub](https://constructs.dev/badge?package=token-injectable-docker-builder)](https://constructs.dev/packages/token-injectable-docker-builder)\n\n---\n\n## License\n\nThis project is licensed under the terms of the MIT license.\n\n---\n\n## Acknowledgements\n\n- Inspired by the need for more dynamic Docker asset management in AWS CDK.\n- Thanks to the AWS CDK community for their continuous support and contributions.\n\n---\n\nFeel free to reach out if you have any questions or need further assistance!\n"
8539
+ "markdown": "# TokenInjectableDockerBuilder\n\nThe `TokenInjectableDockerBuilder` is a flexible AWS CDK construct that enables the usage of AWS CDK tokens in the building, pushing, and deployment of Docker images to Amazon Elastic Container Registry (ECR). It leverages AWS CodeBuild and Lambda custom resources.\n\n---\n\n## Why?\n\nAWS CDK already provides mechanisms for creating deployable assets using Docker, such as [DockerImageAsset](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecr_assets.DockerImageAsset.html) and [DockerImageCode](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_lambda.DockerImageCode.html), but these constructs are limited because they cannot accept CDK tokens as build-args. The `TokenInjectableDockerBuilder` allows injecting CDK tokens as build-time arguments into Docker-based assets, enabling more dynamic dependency relationships.\n\nFor example, a Next.js frontend Docker image may require an API Gateway URL as an argument to create a reference from the UI to the associated API in a given deployment. With this construct, you can deploy the API Gateway first, then pass its URL as a build-time argument to the Next.js Docker image. As a result, your Next.js frontend can dynamically fetch data from the API Gateway without hardcoding the URL or needing multiple separate stacks.\n\n---\n\n## Features\n\n- **Build and Push Docker Images**: Automatically builds and pushes Docker images to ECR.\n- **Token Support**: Supports custom build arguments for Docker builds, including CDK tokens resolved at deployment time.\n- **Shared Provider (Singleton)**: When building multiple Docker images in the same stack, use `TokenInjectableDockerBuilderProvider` to share a single pair of Lambda functions across all builders, reducing resource overhead from ~2 Lambdas per image to 2 Lambdas total.\n- **Custom Install and Pre-Build Commands**: Allows specifying custom commands to run during the `install` and `pre_build` phases of the CodeBuild build process.\n- **VPC Configuration**: Supports deploying the CodeBuild project within a VPC, with customizable security groups and subnet selection.\n- **Docker Login**: Supports Docker login using credentials stored in AWS Secrets Manager.\n- **ECR Repository Management**: Creates an ECR repository with lifecycle rules (keeps only 3 images by default, configurable via `maxImageCount`) and encryption.\n- **Integration with ECS and Lambda**: Provides outputs for use in AWS ECS and AWS Lambda.\n- **Custom Build Query Interval**: Configure how frequently the custom resource polls for build completion using the `completenessQueryInterval` property (defaults to 30 seconds).\n- **Custom Dockerfile**: Specify a custom Dockerfile name via the `file` property (e.g. `Dockerfile.production`), allowing multiple Docker images from the same source directory.\n- **ECR Docker Layer Caching**: By default, builds use `docker buildx` with ECR as a remote cache backend, reducing build times by reusing layers across deploys. Set `cacheDisabled: true` to force a clean build from scratch.\n- **Platform Support**: Build images for `linux/amd64` (x86_64) or `linux/arm64` (Graviton) using native CodeBuild instances — no emulation, no QEMU. ARM builds are faster and cheaper.\n- **Persistent Build Logs**: Pass `buildLogGroup` with a log group that has RETAIN removal policy so build logs survive rollbacks and stack deletion for debugging.\n- **ECR Pull-Through Cache**: When your Dockerfile uses base images from ECR pull-through cache (e.g. `docker-hub/library/node:20-slim`, `ghcr/org/image:tag`), pass `ecrPullThroughCachePrefixes` to grant the CodeBuild role pull access to those cache prefixes.\n\n---\n\n## Installation\n\n### For NPM\n\nInstall the construct using NPM:\n\n```bash\nnpm install token-injectable-docker-builder\n```\n\n### For Python\n\nInstall the construct using pip:\n\n```bash\npip install token-injectable-docker-builder\n```\n\n---\n\n## API Reference\n\n### `TokenInjectableDockerBuilderProvider`\n\nA singleton construct that creates the `onEvent` and `isComplete` Lambda functions once per stack. When building multiple Docker images, share a single provider to avoid creating redundant Lambda functions.\n\n#### Static Methods\n\n| Method | Description |\n|---|---|\n| `getOrCreate(scope, props?)` | Returns the existing provider for the stack, or creates one if it doesn't exist. |\n\n#### Properties in `TokenInjectableDockerBuilderProviderProps`\n\n| Property | Type | Required | Description |\n|---|---|---|---|\n| `queryInterval` | `Duration` | No | How often the provider polls for build completion. Defaults to `Duration.seconds(30)`. |\n\n#### Instance Properties\n\n| Property | Type | Description |\n|---|---|---|\n| `serviceToken` | `string` | The service token used by CustomResource instances. |\n\n#### Instance Methods\n\n| Method | Description |\n|---|---|\n| `registerProject(project, ecrRepo, encryptionKey?)` | Grants the shared Lambdas permission to start builds and access ECR for a specific CodeBuild project. Called automatically when `provider` is passed to `TokenInjectableDockerBuilder`. |\n\n---\n\n### `TokenInjectableDockerBuilder`\n\n#### Parameters\n\n- **`scope`**: The construct's parent scope.\n- **`id`**: The construct ID.\n- **`props`**: Configuration properties.\n\n#### Properties in `TokenInjectableDockerBuilderProps`\n\n| Property | Type | Required | Description |\n|----------------------------|-----------------------------|----------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| `path` | `string` | Yes | The file path to the Dockerfile or source code directory. |\n| `buildArgs` | `{ [key: string]: string }` | No | Build arguments to pass to the Docker build process. These are transformed into `--build-arg` flags. To use in Dockerfile, leverage the `ARG` keyword. For more details, please see the [official Docker docs](https://docs.docker.com/build/building/variables/). |\n| `provider` | `TokenInjectableDockerBuilderProvider` | No | Shared provider for the custom resource Lambdas. Use `TokenInjectableDockerBuilderProvider.getOrCreate(this)` to share a single pair of Lambdas across all builders in the same stack. When omitted, each builder creates its own Lambdas (original behavior). |\n| `dockerLoginSecretArn` | `string` | No | ARN of an AWS Secrets Manager secret for Docker credentials. Skips login if not provided. |\n| `vpc` | `IVpc` | No | The VPC in which the CodeBuild project will be deployed. If provided, the CodeBuild project will be launched within the specified VPC. |\n| `securityGroups` | `ISecurityGroup[]` | No | The security groups to attach to the CodeBuild project. These should define the network access rules for the CodeBuild project. |\n| `subnetSelection` | `SubnetSelection` | No | The subnet selection to specify which subnets to use within the VPC. Allows the user to select private, public, or isolated subnets. |\n| `installCommands` | `string[]` | No | Custom commands to run during the `install` phase of the CodeBuild build process. Will be executed before the Docker image is built. Useful for installing necessary dependencies for running pre-build scripts. |\n| `preBuildCommands` | `string[]` | No | Custom commands to run during the `pre_build` phase of the CodeBuild build process. Will be executed before the Docker image is built. Useful for running pre-build scripts, such as fetching configs. |\n| `kmsEncryption` | `boolean` | No | Whether to enable KMS encryption for the ECR repository. If `true`, a KMS key will be created for encrypting ECR images; otherwise, AES-256 encryption is used. Defaults to `false`. |\n| `completenessQueryInterval`| `Duration` | No | The query interval for checking if the CodeBuild project has completed. This determines how frequently the custom resource polls for build completion. Defaults to `Duration.seconds(30)`. Ignored when `provider` is set (the provider's `queryInterval` is used instead). |\n| `exclude` | `string[]` | No | A list of file paths in the Docker directory to exclude from the S3 asset bundle. If a `.dockerignore` file is present in the source directory, its contents will be used if this prop is not set. Defaults to an empty list or `.dockerignore` contents. |\n| `file` | `string` | No | The name of the Dockerfile to use for the build. Passed as `--file` to `docker build`. Useful when a project has multiple Dockerfiles (e.g. `Dockerfile.production`, `Dockerfile.admin`). Defaults to `Dockerfile`. |\n| `cacheDisabled` | `boolean` | No | When `true`, disables Docker layer caching. Every build runs from scratch. Use for debugging, corrupted cache, or major dependency changes. Defaults to `false`. |\n| `platform` | `'linux/amd64' \\| 'linux/arm64'` | No | Target platform for the Docker image. When set to `'linux/arm64'`, uses a native ARM/Graviton CodeBuild instance for fast builds without emulation. Defaults to `'linux/amd64'`. |\n| `buildLogGroup` | `ILogGroup` | No | CloudWatch log group for CodeBuild build logs. When provided with RETAIN removal policy, logs survive rollbacks and stack deletion. If not provided, CodeBuild uses default logging (logs are deleted on rollback). |\n| `maxImageCount` | `number` | No | Maximum number of images to retain in the ECR repository. A lifecycle rule automatically expires older images beyond this count. Defaults to `3`. |\n| `ecrPullThroughCachePrefixes` | `string[]` | No | ECR pull-through cache repository prefixes to grant pull access to. Use when your Dockerfile references base images from ECR pull-through cache (e.g. `docker-hub/library/node:20-slim`, `ghcr/org/image:tag`). The CodeBuild role is granted `ecr:BatchGetImage`, `ecr:GetDownloadUrlForLayer`, and `ecr:BatchCheckLayerAvailability` on repositories matching each prefix. Example: `['docker-hub', 'ghcr']`. Defaults to no pull-through cache access. |\n\n#### Instance Properties\n\n| Property | Type | Description |\n|---|---|---|\n| `containerImage` | `ContainerImage` | An ECS-compatible container image referencing the built Docker image. |\n| `dockerImageCode` | `DockerImageCode` | A Lambda-compatible Docker image code referencing the built Docker image. |\n\n---\n\n## Usage Examples\n\n### Shared Provider (Recommended for Multiple Images)\n\nWhen building multiple Docker images in the same stack, use a shared provider to avoid creating redundant Lambda functions. Without a shared provider, each builder creates 2 Lambdas + 1 Provider framework Lambda. With 10 images, that's 30 Lambdas. A shared provider reduces this to just 3 Lambdas total.\n\n#### TypeScript/NPM Example\n\n```typescript\nimport * as cdk from 'aws-cdk-lib';\nimport {\n TokenInjectableDockerBuilder,\n TokenInjectableDockerBuilderProvider,\n} from 'token-injectable-docker-builder';\nimport * as ecs from 'aws-cdk-lib/aws-ecs';\n\nexport class MultiImageStack extends cdk.Stack {\n constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {\n super(scope, id, props);\n\n // Create a shared provider once per stack (singleton)\n const provider = TokenInjectableDockerBuilderProvider.getOrCreate(this);\n\n // Build multiple Docker images sharing the same provider\n const apiBuilder = new TokenInjectableDockerBuilder(this, 'ApiImage', {\n path: './src/api',\n provider,\n });\n\n const workerBuilder = new TokenInjectableDockerBuilder(this, 'WorkerImage', {\n path: './src/worker',\n provider,\n });\n\n const frontendBuilder = new TokenInjectableDockerBuilder(this, 'FrontendImage', {\n path: './src/frontend',\n buildArgs: { API_URL: 'https://api.example.com' },\n platform: 'linux/arm64', // Build natively on Graviton\n provider,\n });\n\n // Use in ECS task definitions\n const taskDef = new ecs.FargateTaskDefinition(this, 'TaskDef');\n taskDef.addContainer('api', { image: apiBuilder.containerImage });\n taskDef.addContainer('worker', { image: workerBuilder.containerImage });\n }\n}\n```\n\n#### Python Example\n\n```python\nfrom aws_cdk import aws_ecs as ecs, core as cdk\nfrom token_injectable_docker_builder import (\n TokenInjectableDockerBuilder,\n TokenInjectableDockerBuilderProvider,\n)\n\nclass MultiImageStack(cdk.Stack):\n def __init__(self, scope: cdk.App, id: str, **kwargs):\n super().__init__(scope, id, **kwargs)\n\n # Create a shared provider once per stack (singleton)\n provider = TokenInjectableDockerBuilderProvider.get_or_create(self)\n\n # Build multiple Docker images sharing the same provider\n api_builder = TokenInjectableDockerBuilder(self, \"ApiImage\",\n path=\"./src/api\",\n provider=provider,\n )\n\n worker_builder = TokenInjectableDockerBuilder(self, \"WorkerImage\",\n path=\"./src/worker\",\n provider=provider,\n )\n\n frontend_builder = TokenInjectableDockerBuilder(self, \"FrontendImage\",\n path=\"./src/frontend\",\n build_args={\"API_URL\": \"https://api.example.com\"},\n provider=provider,\n )\n```\n\n### Simple Usage Example\n\nThis example demonstrates the basic usage of the `TokenInjectableDockerBuilder`, where a Next.js frontend Docker image requires an API Gateway URL as a build argument to create a reference from the UI to the associated API in a given deployment.\n\n#### TypeScript/NPM Example\n\n```typescript\nimport * as cdk from 'aws-cdk-lib';\nimport { TokenInjectableDockerBuilder } from 'token-injectable-docker-builder';\nimport * as ecs from 'aws-cdk-lib/aws-ecs';\nimport * as ec2 from 'aws-cdk-lib/aws-ec2';\nimport * as apigateway from 'aws-cdk-lib/aws-apigateway';\n\nexport class SimpleStack extends cdk.Stack {\n constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {\n super(scope, id, props);\n\n // Create your API Gateway\n const api = new apigateway.RestApi(this, 'MyApiGateway', {\n restApiName: 'MyService',\n });\n\n // Create the Docker builder\n const dockerBuilder = new TokenInjectableDockerBuilder(this, 'SimpleDockerBuilder', {\n path: './nextjs-app', // Path to your Next.js app Docker context\n buildArgs: {\n API_URL: api.url, // Pass the API Gateway URL as a build argument\n },\n // Optionally override the default completeness query interval:\n // completenessQueryInterval: cdk.Duration.seconds(45),\n });\n\n // Use in ECS\n const cluster = new ecs.Cluster(this, 'EcsCluster', {\n vpc: new ec2.Vpc(this, 'Vpc'),\n });\n\n const service = new ecs.FargateService(this, 'FargateService', {\n cluster,\n taskDefinition: new ecs.FargateTaskDefinition(this, 'TaskDef', {\n cpu: 512,\n memoryLimitMiB: 1024,\n }).addContainer('Container', {\n image: dockerBuilder.containerImage,\n logging: ecs.LogDriver.awsLogs({ streamPrefix: 'MyApp' }),\n }),\n });\n\n service.node.addDependency(dockerBuilder);\n }\n}\n```\n\n#### Python Example\n\n```python\nfrom aws_cdk import (\n aws_ecs as ecs,\n aws_ec2 as ec2,\n aws_apigateway as apigateway,\n Duration,\n core as cdk,\n)\nfrom token_injectable_docker_builder import TokenInjectableDockerBuilder\n\nclass SimpleStack(cdk.Stack):\n\n def __init__(self, scope: cdk.App, id: str, **kwargs):\n super().__init__(scope, id, **kwargs)\n\n # Create your API Gateway\n api = apigateway.RestApi(self, \"MyApiGateway\",\n rest_api_name=\"MyService\",\n )\n\n # Create the Docker builder\n docker_builder = TokenInjectableDockerBuilder(self, \"SimpleDockerBuilder\",\n path=\"./nextjs-app\", # Path to your Next.js app Docker context\n build_args={\n \"API_URL\": api.url, # Pass the API Gateway URL as a build argument\n },\n # Optionally override the default completeness query interval:\n # completeness_query_interval=Duration.seconds(45)\n )\n\n # Use in ECS\n vpc = ec2.Vpc(self, \"Vpc\")\n cluster = ecs.Cluster(self, \"EcsCluster\", vpc=vpc)\n\n task_definition = ecs.FargateTaskDefinition(self, \"TaskDef\",\n cpu=512,\n memory_limit_mib=1024,\n )\n\n task_definition.node.add_dependency(docker_builder)\n\n task_definition.add_container(\"Container\",\n image=docker_builder.container_image,\n logging=ecs.LogDriver.aws_logs(stream_prefix=\"MyApp\"),\n )\n\n ecs.FargateService(self, \"FargateService\",\n cluster=cluster,\n task_definition=task_definition,\n )\n```\n\n---\n\n### Advanced Usage Example\n\nBuilding on the previous example, this advanced usage demonstrates how to include additional configurations, such as fetching private API endpoints and configuration files during the build process.\n\n#### TypeScript/NPM Example\n\n```typescript\nimport * as cdk from 'aws-cdk-lib';\nimport { TokenInjectableDockerBuilder } from 'token-injectable-docker-builder';\nimport * as ecs from 'aws-cdk-lib/aws-ecs';\nimport * as ec2 from 'aws-cdk-lib/aws-ec2';\nimport * as apigateway from 'aws-cdk-lib/aws-apigateway';\n\nexport class AdvancedStack extends cdk.Stack {\n constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {\n super(scope, id, props);\n\n // Create your API Gateway\n const api = new apigateway.RestApi(this, 'MyApiGateway', {\n restApiName: 'MyService',\n });\n\n // VPC and Security Group for CodeBuild\n const vpc = new ec2.Vpc(this, 'MyVpc');\n const securityGroup = new ec2.SecurityGroup(this, 'MySecurityGroup', {\n vpc,\n });\n\n // Create the Docker builder with additional pre-build commands\n const dockerBuilder = new TokenInjectableDockerBuilder(this, 'AdvancedDockerBuilder', {\n path: './nextjs-app',\n buildArgs: {\n API_URL: api.url,\n },\n vpc,\n securityGroups: [securityGroup],\n subnetSelection: { subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS },\n installCommands: [\n 'echo \"Updating package lists...\"',\n 'apt-get update -y',\n 'echo \"Installing necessary packages...\"',\n 'apt-get install -y curl',\n ],\n preBuildCommands: [\n 'echo \"Fetching private API configuration...\"',\n // Replace with your actual command to fetch configs\n 'curl -o config.json https://internal-api.example.com/config',\n ],\n // Optionally override the default completeness query interval:\n // completenessQueryInterval: cdk.Duration.seconds(45),\n });\n\n // Use in ECS\n const cluster = new ecs.Cluster(this, 'EcsCluster', { vpc });\n\n const service = new ecs.FargateService(this, 'FargateService', {\n cluster,\n taskDefinition: new ecs.FargateTaskDefinition(this, 'TaskDef', {\n cpu: 512,\n memoryLimitMiB: 1024,\n }).addContainer('Container', {\n image: dockerBuilder.containerImage,\n logging: ecs.LogDriver.awsLogs({ streamPrefix: 'MyApp' }),\n }),\n });\n\n service.node.addDependency(dockerBuilder);\n }\n}\n```\n\n#### Python Example\n\n```python\nfrom aws_cdk import (\n aws_ecs as ecs,\n aws_ec2 as ec2,\n aws_apigateway as apigateway,\n Duration,\n core as cdk,\n)\nfrom token_injectable_docker_builder import TokenInjectableDockerBuilder\n\nclass AdvancedStack(cdk.Stack):\n\n def __init__(self, scope: cdk.App, id: str, **kwargs):\n super().__init__(scope, id, **kwargs)\n\n # Create your API Gateway\n api = apigateway.RestApi(self, \"MyApiGateway\",\n rest_api_name=\"MyService\",\n )\n\n # VPC and Security Group for CodeBuild\n vpc = ec2.Vpc(self, \"MyVpc\")\n security_group = ec2.SecurityGroup(self, \"MySecurityGroup\", vpc=vpc)\n\n # Create the Docker builder with additional pre-build commands\n docker_builder = TokenInjectableDockerBuilder(self, \"AdvancedDockerBuilder\",\n path=\"./nextjs-app\",\n build_args={\n \"API_URL\": api.url,\n },\n vpc=vpc,\n security_groups=[security_group],\n subnet_selection=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PRIVATE_WITH_EGRESS),\n install_commands=[\n 'echo \"Updating package lists...\"',\n 'apt-get update -y',\n 'echo \"Installing necessary packages...\"',\n 'apt-get install -y curl',\n ],\n pre_build_commands=[\n 'echo \"Fetching private API configuration...\"',\n # Replace with your actual command to fetch configs\n 'curl -o config.json https://internal-api.example.com/config',\n ],\n # Optionally override the default completeness query interval:\n # completeness_query_interval=Duration.seconds(45)\n )\n\n # Use in ECS\n cluster = ecs.Cluster(self, \"EcsCluster\", vpc=vpc)\n\n task_definition = ecs.FargateTaskDefinition(self, \"TaskDef\",\n cpu=512,\n memory_limit_mib=1024,\n )\n\n task_definition.node.add_dependency(docker_builder)\n\n task_definition.add_container(\"Container\",\n image=docker_builder.container_image,\n logging=ecs.LogDriver.aws_logs(stream_prefix=\"MyApp\"),\n )\n\n ecs.FargateService(self, \"FargateService\",\n cluster=cluster,\n task_definition=task_definition,\n )\n```\n\n### ECR Pull-Through Cache Example\n\nWhen your Dockerfile uses base images from an ECR pull-through cache (e.g. to avoid Docker Hub rate limits), pass `ecrPullThroughCachePrefixes` so the CodeBuild role can pull those images:\n\n```typescript\nimport * as cdk from 'aws-cdk-lib';\nimport {\n TokenInjectableDockerBuilder,\n TokenInjectableDockerBuilderProvider,\n} from 'token-injectable-docker-builder';\nimport * as lambda from 'aws-cdk-lib/aws-lambda';\n\nexport class PullThroughCacheStack extends cdk.Stack {\n constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {\n super(scope, id, props);\n\n const provider = TokenInjectableDockerBuilderProvider.getOrCreate(this);\n const node20Slim = `${this.account}.dkr.ecr.${this.region}.amazonaws.com/docker-hub/library/node:20-slim`;\n\n const apiImage = new TokenInjectableDockerBuilder(this, 'ApiImage', {\n path: './src',\n file: 'api/Dockerfile',\n platform: 'linux/arm64',\n provider,\n buildArgs: { NODE_20_SLIM: node20Slim },\n ecrPullThroughCachePrefixes: ['docker-hub', 'ghcr'],\n });\n\n new lambda.DockerImageFunction(this, 'ApiLambda', {\n code: apiImage.dockerImageCode,\n architecture: lambda.Architecture.ARM_64,\n });\n }\n}\n```\n\n---\n\nIn this advanced example:\n\n- **VPC Configuration**: The CodeBuild project is configured to run inside a VPC with specified security groups and subnet selection, allowing it to access internal resources such as a private API endpoint.\n- **Custom Install and Pre-Build Commands**: The `installCommands` and `preBuildCommands` properties are used to install necessary packages and fetch configuration files from a private API before building the Docker image.\n- **Access to Internal APIs**: By running inside a VPC and configuring the security groups appropriately, the CodeBuild project can access private endpoints not accessible over the public internet.\n\n---\n\n## How It Works\n\n1. **Docker Source**: Packages the source code or Dockerfile specified in the `path` property as an S3 asset.\n2. **CodeBuild Project**:\n - Uses the packaged asset and `buildArgs` to build the Docker image.\n - Executes any custom `installCommands` and `preBuildCommands` during the build process.\n - Pushes the image to an ECR repository.\n - By default, uses `docker buildx` with ECR registry cache to speed up builds.\n3. **Custom Resource**:\n - Triggers the build process using a Lambda function (`onEvent`).\n - Monitors the build status using another Lambda function (`isComplete`) which polls at the interval specified by `completenessQueryInterval` (defaulting to 30 seconds if not provided).\n - When using a shared `provider`, the same pair of Lambdas handles all builders in the stack.\n4. **Outputs**:\n - `.containerImage`: Returns the Docker image for ECS.\n - `.dockerImageCode`: Returns the Docker image code for Lambda.\n\n### Resource Comparison\n\n| Scenario | Lambdas Created | CodeBuild Projects | ECR Repos |\n|---|---|---|---|\n| 5 images, no shared provider | 15 (3 per image) | 5 | 5 |\n| 5 images, shared provider | 3 (shared) | 5 | 5 |\n| 10 images, no shared provider | 30 (3 per image) | 10 | 10 |\n| 10 images, shared provider | 3 (shared) | 10 | 10 |\n\n---\n\n## IAM Permissions\n\nThe construct automatically grants permissions for:\n\n- **CodeBuild**:\n - Pull and push images to ECR.\n - Pull from ECR pull-through cache prefixes when `ecrPullThroughCachePrefixes` is provided (e.g. `['docker-hub', 'ghcr']`).\n - Access to AWS Secrets Manager if `dockerLoginSecretArn` is provided.\n - Access to the KMS key for encryption.\n- **Lambda Functions** (per-instance or shared provider):\n - Start and monitor CodeBuild builds.\n - Access CloudWatch Logs.\n - Access to the KMS key for encryption.\n - Pull and push images to ECR.\n\nWhen using the shared provider, `registerProject()` incrementally adds IAM permissions for each CodeBuild project and ECR repository.\n\n---\n\n## Notes\n\n- **Shared Provider**: Use `TokenInjectableDockerBuilderProvider.getOrCreate(this)` when building multiple images in the same stack. This is the recommended approach for stacks with 2+ Docker images.\n- **Build Arguments**: Pass custom arguments via `buildArgs` as `--build-arg` flags. CDK tokens can be used to inject dynamic values resolved at deployment time.\n- **Custom Commands**: Use `installCommands` and `preBuildCommands` to run custom shell commands during the build process. This can be useful for installing dependencies or fetching configuration files.\n- **VPC Configuration**: If your build process requires access to resources within a VPC, you can specify the VPC, security groups, and subnet selection.\n- **Docker Login**: If you need to log in to a private Docker registry before building the image, provide the ARN of a secret in AWS Secrets Manager containing the Docker credentials.\n- **ECR Repository**: Automatically creates an ECR repository with lifecycle rules to manage image retention (keeps 3 images by default, configurable via `maxImageCount`), encryption with a KMS key, and image scanning on push.\n- **Build Query Interval**: The polling frequency for checking build completion can be customized via the `completenessQueryInterval` property (per-instance) or `queryInterval` (shared provider).\n- **Custom Dockerfile**: Use the `file` property to specify a Dockerfile other than the default `Dockerfile`. This is passed as the `--file` flag to `docker build`.\n- **Docker Layer Caching**: By default, builds use ECR as a remote cache backend (via `docker buildx`), which can reduce build times by up to 25%. Set `cacheDisabled: true` when you need a clean build—for example, when debugging, the cache is corrupted, or after major dependency upgrades.\n- **Platform / Architecture**: Set `platform: 'linux/arm64'` to build ARM64/Graviton images using a native ARM CodeBuild instance. Defaults to `'linux/amd64'` (x86_64). Native builds are faster and cheaper than cross-compilation with QEMU.\n- **Build Log Retention**: Pass `buildLogGroup` with a log group that has RETAIN removal policy to ensure build logs survive CloudFormation rollbacks and stack deletion.\n- **ECR Pull-Through Cache**: When using ECR pull-through cache for base images (e.g. to avoid Docker Hub rate limits), pass `ecrPullThroughCachePrefixes: ['docker-hub', 'ghcr']` so the CodeBuild role can pull from those cached repositories. Your ECR registry must have a pull-through cache rule and registry policy configured separately.\n- **Backward Compatibility**: The `provider` prop is optional. Omitting it preserves the original behavior where each builder creates its own Lambdas. Existing code works without changes.\n\n---\n\n## Troubleshooting\n\n1. **Build Errors**: Check the CodeBuild logs in CloudWatch Logs for detailed error messages. If you pass `buildLogGroup` with RETAIN removal policy, logs persist even after rollbacks. Otherwise, logs are deleted when the CodeBuild project is removed during rollback.\n2. **Lambda Errors**: Check the `onEvent` and `isComplete` Lambda function logs in CloudWatch Logs. With a shared provider, both builders' events flow through the same Lambdas—filter by `ProjectName` in the logs.\n3. **\"Image manifest, config or layer media type not supported\" (Lambda)**: Docker Buildx v0.10+ adds provenance attestations by default, producing OCI image indexes that Lambda rejects. This construct disables them with `--provenance=false --sbom=false` so images are Lambda-compatible. If you see this error, ensure you're using a recent version of the construct.\n4. **Permissions**: Ensure IAM roles have the required permissions for CodeBuild, ECR, Secrets Manager, and KMS if applicable. When using a shared provider, verify that `registerProject()` was called for each builder (this happens automatically when passing the `provider` prop).\n5. **Network Access**: If the build requires network access (e.g., to download dependencies or access internal APIs), ensure that the VPC configuration allows necessary network connectivity, and adjust security group rules accordingly.\n\n---\n\n## Support\n\nFor issues or feature requests, please open an issue on [GitHub](https://github.com/AlexTech314/TokenInjectableDockerBuilder).\n\n---\n\n## Reference Links\n\n[![View on Construct Hub](https://constructs.dev/badge?package=token-injectable-docker-builder)](https://constructs.dev/packages/token-injectable-docker-builder)\n\n---\n\n## License\n\nThis project is licensed under the terms of the MIT license.\n\n---\n\n## Acknowledgements\n\n- Inspired by the need for more dynamic Docker asset management in AWS CDK.\n- Thanks to the AWS CDK community for their continuous support and contributions.\n\n---\n\nFeel free to reach out if you have any questions or need further assistance!\n"
8540
8540
  },
8541
8541
  "repository": {
8542
8542
  "type": "git",
@@ -8568,7 +8568,7 @@
8568
8568
  },
8569
8569
  "locationInModule": {
8570
8570
  "filename": "src/index.ts",
8571
- "line": 346
8571
+ "line": 362
8572
8572
  },
8573
8573
  "parameters": [
8574
8574
  {
@@ -8603,7 +8603,7 @@
8603
8603
  "kind": "class",
8604
8604
  "locationInModule": {
8605
8605
  "filename": "src/index.ts",
8606
- "line": 321
8606
+ "line": 337
8607
8607
  },
8608
8608
  "name": "TokenInjectableDockerBuilder",
8609
8609
  "properties": [
@@ -8615,7 +8615,7 @@
8615
8615
  "immutable": true,
8616
8616
  "locationInModule": {
8617
8617
  "filename": "src/index.ts",
8618
- "line": 331
8618
+ "line": 347
8619
8619
  },
8620
8620
  "name": "containerImage",
8621
8621
  "type": {
@@ -8630,7 +8630,7 @@
8630
8630
  "immutable": true,
8631
8631
  "locationInModule": {
8632
8632
  "filename": "src/index.ts",
8633
- "line": 337
8633
+ "line": 353
8634
8634
  },
8635
8635
  "name": "dockerImageCode",
8636
8636
  "type": {
@@ -8651,7 +8651,7 @@
8651
8651
  "kind": "interface",
8652
8652
  "locationInModule": {
8653
8653
  "filename": "src/index.ts",
8654
- "line": 130
8654
+ "line": 131
8655
8655
  },
8656
8656
  "name": "TokenInjectableDockerBuilderProps",
8657
8657
  "properties": [
@@ -8664,7 +8664,7 @@
8664
8664
  "immutable": true,
8665
8665
  "locationInModule": {
8666
8666
  "filename": "src/index.ts",
8667
- "line": 134
8667
+ "line": 135
8668
8668
  },
8669
8669
  "name": "path",
8670
8670
  "type": {
@@ -8682,7 +8682,7 @@
8682
8682
  "immutable": true,
8683
8683
  "locationInModule": {
8684
8684
  "filename": "src/index.ts",
8685
- "line": 145
8685
+ "line": 146
8686
8686
  },
8687
8687
  "name": "buildArgs",
8688
8688
  "optional": true,
@@ -8706,7 +8706,7 @@
8706
8706
  "immutable": true,
8707
8707
  "locationInModule": {
8708
8708
  "filename": "src/index.ts",
8709
- "line": 267
8709
+ "line": 268
8710
8710
  },
8711
8711
  "name": "buildLogGroup",
8712
8712
  "optional": true,
@@ -8725,7 +8725,7 @@
8725
8725
  "immutable": true,
8726
8726
  "locationInModule": {
8727
8727
  "filename": "src/index.ts",
8728
- "line": 258
8728
+ "line": 259
8729
8729
  },
8730
8730
  "name": "cacheDisabled",
8731
8731
  "optional": true,
@@ -8744,7 +8744,7 @@
8744
8744
  "immutable": true,
8745
8745
  "locationInModule": {
8746
8746
  "filename": "src/index.ts",
8747
- "line": 233
8747
+ "line": 234
8748
8748
  },
8749
8749
  "name": "completenessQueryInterval",
8750
8750
  "optional": true,
@@ -8763,7 +8763,7 @@
8763
8763
  "immutable": true,
8764
8764
  "locationInModule": {
8765
8765
  "filename": "src/index.ts",
8766
- "line": 162
8766
+ "line": 163
8767
8767
  },
8768
8768
  "name": "dockerLoginSecretArn",
8769
8769
  "optional": true,
@@ -8783,7 +8783,7 @@
8783
8783
  "immutable": true,
8784
8784
  "locationInModule": {
8785
8785
  "filename": "src/index.ts",
8786
- "line": 300
8786
+ "line": 301
8787
8787
  },
8788
8788
  "name": "ecrPullThroughCachePrefixes",
8789
8789
  "optional": true,
@@ -8807,7 +8807,7 @@
8807
8807
  "immutable": true,
8808
8808
  "locationInModule": {
8809
8809
  "filename": "src/index.ts",
8810
- "line": 241
8810
+ "line": 242
8811
8811
  },
8812
8812
  "name": "exclude",
8813
8813
  "optional": true,
@@ -8832,7 +8832,7 @@
8832
8832
  "immutable": true,
8833
8833
  "locationInModule": {
8834
8834
  "filename": "src/index.ts",
8835
- "line": 250
8835
+ "line": 251
8836
8836
  },
8837
8837
  "name": "file",
8838
8838
  "optional": true,
@@ -8851,7 +8851,7 @@
8851
8851
  "immutable": true,
8852
8852
  "locationInModule": {
8853
8853
  "filename": "src/index.ts",
8854
- "line": 202
8854
+ "line": 203
8855
8855
  },
8856
8856
  "name": "installCommands",
8857
8857
  "optional": true,
@@ -8875,7 +8875,7 @@
8875
8875
  "immutable": true,
8876
8876
  "locationInModule": {
8877
8877
  "filename": "src/index.ts",
8878
- "line": 225
8878
+ "line": 226
8879
8879
  },
8880
8880
  "name": "kmsEncryption",
8881
8881
  "optional": true,
@@ -8883,6 +8883,25 @@
8883
8883
  "primitive": "boolean"
8884
8884
  }
8885
8885
  },
8886
+ {
8887
+ "abstract": true,
8888
+ "docs": {
8889
+ "default": "undefined - no count-based expiration; only untagged-after-30-days",
8890
+ "remarks": "**WARNING:** Lambda functions pin images by digest internally even when\nreferenced by tag. Setting this can delete images that Lambda functions\n(and ECS tasks) are still pinned to, breaking the next configuration\nupdate with \"Image ID cannot be found\".\n\nLeave undefined (the default) for production use. Untagged images are\nalways cleaned up after 30 days regardless of this setting.",
8891
+ "stability": "stable",
8892
+ "summary": "Maximum number of tagged images to retain in the ECR repository."
8893
+ },
8894
+ "immutable": true,
8895
+ "locationInModule": {
8896
+ "filename": "src/index.ts",
8897
+ "line": 316
8898
+ },
8899
+ "name": "maxImageCount",
8900
+ "optional": true,
8901
+ "type": {
8902
+ "primitive": "number"
8903
+ }
8904
+ },
8886
8905
  {
8887
8906
  "abstract": true,
8888
8907
  "docs": {
@@ -8894,7 +8913,7 @@
8894
8913
  "immutable": true,
8895
8914
  "locationInModule": {
8896
8915
  "filename": "src/index.ts",
8897
- "line": 277
8916
+ "line": 278
8898
8917
  },
8899
8918
  "name": "platform",
8900
8919
  "optional": true,
@@ -8913,7 +8932,7 @@
8913
8932
  "immutable": true,
8914
8933
  "locationInModule": {
8915
8934
  "filename": "src/index.ts",
8916
- "line": 216
8935
+ "line": 217
8917
8936
  },
8918
8937
  "name": "preBuildCommands",
8919
8938
  "optional": true,
@@ -8937,7 +8956,7 @@
8937
8956
  "immutable": true,
8938
8957
  "locationInModule": {
8939
8958
  "filename": "src/index.ts",
8940
- "line": 288
8959
+ "line": 289
8941
8960
  },
8942
8961
  "name": "provider",
8943
8962
  "optional": true,
@@ -8956,7 +8975,7 @@
8956
8975
  "immutable": true,
8957
8976
  "locationInModule": {
8958
8977
  "filename": "src/index.ts",
8959
- "line": 313
8978
+ "line": 329
8960
8979
  },
8961
8980
  "name": "retainBuildLogs",
8962
8981
  "optional": true,
@@ -8975,7 +8994,7 @@
8975
8994
  "immutable": true,
8976
8995
  "locationInModule": {
8977
8996
  "filename": "src/index.ts",
8978
- "line": 178
8997
+ "line": 179
8979
8998
  },
8980
8999
  "name": "securityGroups",
8981
9000
  "optional": true,
@@ -8999,7 +9018,7 @@
8999
9018
  "immutable": true,
9000
9019
  "locationInModule": {
9001
9020
  "filename": "src/index.ts",
9002
- "line": 186
9021
+ "line": 187
9003
9022
  },
9004
9023
  "name": "subnetSelection",
9005
9024
  "optional": true,
@@ -9018,7 +9037,7 @@
9018
9037
  "immutable": true,
9019
9038
  "locationInModule": {
9020
9039
  "filename": "src/index.ts",
9021
- "line": 170
9040
+ "line": 171
9022
9041
  },
9023
9042
  "name": "vpc",
9024
9043
  "optional": true,
@@ -9084,7 +9103,7 @@
9084
9103
  },
9085
9104
  "locationInModule": {
9086
9105
  "filename": "src/index.ts",
9087
- "line": 110
9106
+ "line": 111
9088
9107
  },
9089
9108
  "name": "registerProject",
9090
9109
  "parameters": [
@@ -9167,6 +9186,6 @@
9167
9186
  "symbolId": "src/index:TokenInjectableDockerBuilderProviderProps"
9168
9187
  }
9169
9188
  },
9170
- "version": "1.12.2",
9171
- "fingerprint": "aVymQvfAo3DJtR28MDa++5wnoZNMwtzq54FCzqs3J3U="
9189
+ "version": "1.13.1",
9190
+ "fingerprint": "FGSRN2b/1UrH9JRP9SeLoI63/z8RIi2NQyd0sCb0qpA="
9172
9191
  }
package/API.md CHANGED
@@ -373,6 +373,7 @@ const tokenInjectableDockerBuilderProps: TokenInjectableDockerBuilderProps = { .
373
373
  | <code><a href="#token-injectable-docker-builder.TokenInjectableDockerBuilderProps.property.file">file</a></code> | <code>string</code> | The name of the Dockerfile to use for the build. |
374
374
  | <code><a href="#token-injectable-docker-builder.TokenInjectableDockerBuilderProps.property.installCommands">installCommands</a></code> | <code>string[]</code> | Custom commands to run during the install phase of CodeBuild. |
375
375
  | <code><a href="#token-injectable-docker-builder.TokenInjectableDockerBuilderProps.property.kmsEncryption">kmsEncryption</a></code> | <code>boolean</code> | Whether to enable KMS encryption for the ECR repository. |
376
+ | <code><a href="#token-injectable-docker-builder.TokenInjectableDockerBuilderProps.property.maxImageCount">maxImageCount</a></code> | <code>number</code> | Maximum number of tagged images to retain in the ECR repository. |
376
377
  | <code><a href="#token-injectable-docker-builder.TokenInjectableDockerBuilderProps.property.platform">platform</a></code> | <code>string</code> | Target platform for the Docker image. |
377
378
  | <code><a href="#token-injectable-docker-builder.TokenInjectableDockerBuilderProps.property.preBuildCommands">preBuildCommands</a></code> | <code>string[]</code> | Custom commands to run during the pre_build phase of CodeBuild. |
378
379
  | <code><a href="#token-injectable-docker-builder.TokenInjectableDockerBuilderProps.property.provider">provider</a></code> | <code><a href="#token-injectable-docker-builder.TokenInjectableDockerBuilderProvider">TokenInjectableDockerBuilderProvider</a></code> | Shared provider for the custom resource Lambdas. |
@@ -597,6 +598,27 @@ If `false`, the repository will use AES-256 encryption.
597
598
 
598
599
  ---
599
600
 
601
+ ##### `maxImageCount`<sup>Optional</sup> <a name="maxImageCount" id="token-injectable-docker-builder.TokenInjectableDockerBuilderProps.property.maxImageCount"></a>
602
+
603
+ ```typescript
604
+ public readonly maxImageCount: number;
605
+ ```
606
+
607
+ - *Type:* number
608
+ - *Default:* undefined - no count-based expiration; only untagged-after-30-days
609
+
610
+ Maximum number of tagged images to retain in the ECR repository.
611
+
612
+ **WARNING:** Lambda functions pin images by digest internally even when
613
+ referenced by tag. Setting this can delete images that Lambda functions
614
+ (and ECS tasks) are still pinned to, breaking the next configuration
615
+ update with "Image ID cannot be found".
616
+
617
+ Leave undefined (the default) for production use. Untagged images are
618
+ always cleaned up after 30 days regardless of this setting.
619
+
620
+ ---
621
+
600
622
  ##### `platform`<sup>Optional</sup> <a name="platform" id="token-injectable-docker-builder.TokenInjectableDockerBuilderProps.property.platform"></a>
601
623
 
602
624
  ```typescript
package/README.md CHANGED
@@ -20,7 +20,7 @@ For example, a Next.js frontend Docker image may require an API Gateway URL as a
20
20
  - **Custom Install and Pre-Build Commands**: Allows specifying custom commands to run during the `install` and `pre_build` phases of the CodeBuild build process.
21
21
  - **VPC Configuration**: Supports deploying the CodeBuild project within a VPC, with customizable security groups and subnet selection.
22
22
  - **Docker Login**: Supports Docker login using credentials stored in AWS Secrets Manager.
23
- - **ECR Repository Management**: Creates an ECR repository with lifecycle rules and encryption.
23
+ - **ECR Repository Management**: Creates an ECR repository with lifecycle rules (keeps only 3 images by default, configurable via `maxImageCount`) and encryption.
24
24
  - **Integration with ECS and Lambda**: Provides outputs for use in AWS ECS and AWS Lambda.
25
25
  - **Custom Build Query Interval**: Configure how frequently the custom resource polls for build completion using the `completenessQueryInterval` property (defaults to 30 seconds).
26
26
  - **Custom Dockerfile**: Specify a custom Dockerfile name via the `file` property (e.g. `Dockerfile.production`), allowing multiple Docker images from the same source directory.
@@ -111,6 +111,7 @@ A singleton construct that creates the `onEvent` and `isComplete` Lambda functio
111
111
  | `cacheDisabled` | `boolean` | No | When `true`, disables Docker layer caching. Every build runs from scratch. Use for debugging, corrupted cache, or major dependency changes. Defaults to `false`. |
112
112
  | `platform` | `'linux/amd64' \| 'linux/arm64'` | No | Target platform for the Docker image. When set to `'linux/arm64'`, uses a native ARM/Graviton CodeBuild instance for fast builds without emulation. Defaults to `'linux/amd64'`. |
113
113
  | `buildLogGroup` | `ILogGroup` | No | CloudWatch log group for CodeBuild build logs. When provided with RETAIN removal policy, logs survive rollbacks and stack deletion. If not provided, CodeBuild uses default logging (logs are deleted on rollback). |
114
+ | `maxImageCount` | `number` | No | Maximum number of images to retain in the ECR repository. A lifecycle rule automatically expires older images beyond this count. Defaults to `3`. |
114
115
  | `ecrPullThroughCachePrefixes` | `string[]` | No | ECR pull-through cache repository prefixes to grant pull access to. Use when your Dockerfile references base images from ECR pull-through cache (e.g. `docker-hub/library/node:20-slim`, `ghcr/org/image:tag`). The CodeBuild role is granted `ecr:BatchGetImage`, `ecr:GetDownloadUrlForLayer`, and `ecr:BatchCheckLayerAvailability` on repositories matching each prefix. Example: `['docker-hub', 'ghcr']`. Defaults to no pull-through cache access. |
115
116
 
116
117
  #### Instance Properties
@@ -555,7 +556,7 @@ When using the shared provider, `registerProject()` incrementally adds IAM permi
555
556
  - **Custom Commands**: Use `installCommands` and `preBuildCommands` to run custom shell commands during the build process. This can be useful for installing dependencies or fetching configuration files.
556
557
  - **VPC Configuration**: If your build process requires access to resources within a VPC, you can specify the VPC, security groups, and subnet selection.
557
558
  - **Docker Login**: If you need to log in to a private Docker registry before building the image, provide the ARN of a secret in AWS Secrets Manager containing the Docker credentials.
558
- - **ECR Repository**: Automatically creates an ECR repository with lifecycle rules to manage image retention, encryption with a KMS key, and image scanning on push.
559
+ - **ECR Repository**: Automatically creates an ECR repository with lifecycle rules to manage image retention (keeps 3 images by default, configurable via `maxImageCount`), encryption with a KMS key, and image scanning on push.
559
560
  - **Build Query Interval**: The polling frequency for checking build completion can be customized via the `completenessQueryInterval` property (per-instance) or `queryInterval` (shared provider).
560
561
  - **Custom Dockerfile**: Use the `file` property to specify a Dockerfile other than the default `Dockerfile`. This is passed as the `--file` flag to `docker build`.
561
562
  - **Docker Layer Caching**: By default, builds use ECR as a remote cache backend (via `docker buildx`), which can reduce build times by up to 25%. Set `cacheDisabled: true` when you need a clean build—for example, when debugging, the cache is corrupted, or after major dependency upgrades.
package/isComplete/isComplete.js CHANGED
@@ -7,6 +7,10 @@ const {
7
7
  CloudWatchLogsClient,
8
8
  GetLogEventsCommand,
9
9
  } = require('@aws-sdk/client-cloudwatch-logs');
10
+ const {
11
+ ECRClient,
12
+ DescribeImagesCommand,
13
+ } = require('@aws-sdk/client-ecr');
10
14
 
11
15
  exports.handler = async (event) => {
12
16
  console.log('--- isComplete Handler Invoked ---');
@@ -16,6 +20,7 @@ exports.handler = async (event) => {
16
20
  const region = process.env.AWS_REGION;
17
21
  const codebuildClient = new CodeBuildClient({ region });
18
22
  const logsClient = new CloudWatchLogsClient({ region });
23
+ const ecrClient = new ECRClient({ region });
19
24
 
20
25
  try {
21
26
  const projectName = event.ResourceProperties?.ProjectName;
@@ -69,13 +74,42 @@ exports.handler = async (event) => {
69
74
  return { IsComplete: false };
70
75
  }
71
76
 
72
- // If build succeeded, return the image tag from the custom resource properties
77
+ // If build succeeded, query ECR for the image digest of the just-pushed
78
+ // tag. We return the digest (sha256:...) so consumers can pin to it.
79
+ // Tags are mutable; digests are content-addressable and immutable.
73
80
  if (buildStatus === 'SUCCEEDED') {
74
81
  const imageTag = event.ResourceProperties?.ImageTag || process.env.IMAGE_TAG;
82
+ const repositoryName = event.ResourceProperties?.RepositoryName;
83
+
84
+ if (!repositoryName) {
85
+ throw new Error('Missing RepositoryName in ResourceProperties');
86
+ }
87
+
88
+ console.log(`Querying ECR for digest of ${repositoryName}:${imageTag}...`);
89
+ const describeResp = await ecrClient.send(
90
+ new DescribeImagesCommand({
91
+ repositoryName,
92
+ imageIds: [{ imageTag }],
93
+ }),
94
+ );
95
+ console.log('DescribeImagesCommand response:', JSON.stringify(describeResp, null, 2));
96
+
97
+ const imageDetail = describeResp.imageDetails?.[0];
98
+ if (!imageDetail || !imageDetail.imageDigest) {
99
+ throw new Error(
100
+ `Image ${repositoryName}:${imageTag} was not found in ECR after a successful build. ` +
101
+ 'This indicates the CodeBuild project did not push the image correctly.',
102
+ );
103
+ }
104
+
105
+ const imageDigest = imageDetail.imageDigest;
106
+ console.log(`Resolved digest: ${imageDigest}`);
107
+
75
108
  return {
76
109
  IsComplete: true,
77
110
  Data: {
78
111
  ImageTag: imageTag,
112
+ ImageDigest: imageDigest,
79
113
  },
80
114
  };
81
115
  }
package/lib/index.d.ts CHANGED
@@ -203,6 +203,20 @@ export interface TokenInjectableDockerBuilderProps {
203
203
  * @default - No pull-through cache access
204
204
  */
205
205
  readonly ecrPullThroughCachePrefixes?: string[];
206
+ /**
207
+ * Maximum number of tagged images to retain in the ECR repository.
208
+ *
209
+ * **WARNING:** Lambda functions pin images by digest internally even when
210
+ * referenced by tag. Setting this can delete images that Lambda functions
211
+ * (and ECS tasks) are still pinned to, breaking the next configuration
212
+ * update with "Image ID cannot be found".
213
+ *
214
+ * Leave undefined (the default) for production use. Untagged images are
215
+ * always cleaned up after 30 days regardless of this setting.
216
+ *
217
+ * @default undefined - no count-based expiration; only untagged-after-30-days
218
+ */
219
+ readonly maxImageCount?: number;
206
220
  /**
207
221
  * When `true`, creates a CloudWatch log group outside of CloudFormation
208
222
  * (`/docker-builder/<projectName>`) and directs CodeBuild output there.
package/lib/index.js CHANGED
@@ -66,6 +66,7 @@ class TokenInjectableDockerBuilderProvider extends constructs_1.Construct {
66
66
  'logs:GetLogEvents',
67
67
  'logs:DescribeLogStreams',
68
68
  'logs:DescribeLogGroups',
69
+ 'ecr:DescribeImages',
69
70
  ],
70
71
  resources: ['*'],
71
72
  }));
@@ -95,7 +96,7 @@ class TokenInjectableDockerBuilderProvider extends constructs_1.Construct {
95
96
  }
96
97
  exports.TokenInjectableDockerBuilderProvider = TokenInjectableDockerBuilderProvider;
97
98
  _a = JSII_RTTI_SYMBOL_1;
98
- TokenInjectableDockerBuilderProvider[_a] = { fqn: "token-injectable-docker-builder.TokenInjectableDockerBuilderProvider", version: "1.12.2" };
99
+ TokenInjectableDockerBuilderProvider[_a] = { fqn: "token-injectable-docker-builder.TokenInjectableDockerBuilderProvider", version: "1.13.1" };
99
100
  /**
100
101
  * A CDK construct to build and push Docker images to an ECR repository using
101
102
  * CodeBuild and Lambda custom resources, **then** retrieve the final image tag
@@ -111,9 +112,7 @@ class TokenInjectableDockerBuilder extends constructs_1.Construct {
111
112
  */
112
113
  constructor(scope, id, props) {
113
114
  super(scope, id);
114
- const { path: sourcePath, buildArgs, dockerLoginSecretArn, vpc, securityGroups, subnetSelection, installCommands, preBuildCommands, kmsEncryption = false, completenessQueryInterval, exclude, file: dockerFile, cacheDisabled = false, buildLogGroup: buildLogGroupProp, platform = 'linux/amd64', provider: sharedProvider, ecrPullThroughCachePrefixes, retainBuildLogs = false, } = props;
115
- // Generate an ephemeral tag for CodeBuild
116
- const imageTag = crypto.randomUUID();
115
+ const { path: sourcePath, buildArgs, dockerLoginSecretArn, vpc, securityGroups, subnetSelection, installCommands, preBuildCommands, kmsEncryption = false, completenessQueryInterval, exclude, file: dockerFile, cacheDisabled = false, buildLogGroup: buildLogGroupProp, platform = 'linux/amd64', provider: sharedProvider, ecrPullThroughCachePrefixes, retainBuildLogs = false, maxImageCount, } = props;
117
116
  // Optionally define a KMS key for ECR encryption if requested
118
117
  let encryptionKey;
119
118
  if (kmsEncryption) {
@@ -121,15 +120,27 @@ class TokenInjectableDockerBuilder extends constructs_1.Construct {
121
120
  enableKeyRotation: true,
122
121
  });
123
122
  }
124
- // Create an ECR repository (optionally with KMS encryption)
123
+ // Create an ECR repository (optionally with KMS encryption).
124
+ //
125
+ // SAFETY: We deliberately do NOT delete tagged images by default.
126
+ // Lambda functions pin images by digest internally; deleting an in-use
127
+ // tagged image makes the Lambda's next config update fail with
128
+ // "Image ID cannot be found". Users can opt-in to maxImageCount, but
129
+ // it carries a strong warning in the prop docs.
125
130
  this.ecrRepository = new aws_ecr_1.Repository(this, 'ECRRepository', {
126
131
  lifecycleRules: [
127
132
  {
128
133
  rulePriority: 1,
129
- description: 'Remove untagged images after 1 day',
134
+ description: 'Remove untagged images after 30 days',
130
135
  tagStatus: aws_ecr_1.TagStatus.UNTAGGED,
131
- maxImageAge: aws_cdk_lib_1.Duration.days(1),
136
+ maxImageAge: aws_cdk_lib_1.Duration.days(30),
132
137
  },
138
+ ...(maxImageCount !== undefined ? [{
139
+ rulePriority: 2,
140
+ description: `(OPT-IN, UNSAFE) Keep only ${maxImageCount} most recent tagged images`,
141
+ tagStatus: aws_ecr_1.TagStatus.ANY,
142
+ maxImageCount,
143
+ }] : []),
133
144
  ],
134
145
  encryption: kmsEncryption ? aws_ecr_1.RepositoryEncryption.KMS : aws_ecr_1.RepositoryEncryption.AES_256,
135
146
  encryptionKey: kmsEncryption ? encryptionKey : undefined,
@@ -160,6 +171,21 @@ class TokenInjectableDockerBuilder extends constructs_1.Construct {
160
171
  path: sourcePath,
161
172
  exclude: effectiveExclude,
162
173
  });
174
+ // Compute a deterministic image tag from all build inputs. Same source +
175
+ // same buildArgs + same Dockerfile + same platform → same tag → no rebuild,
176
+ // no ECR churn. Different inputs → different tag → new image pushed.
177
+ //
178
+ // This replaces the previous `crypto.randomUUID()` which generated a new
179
+ // tag on every synth, forcing a rebuild and Lambda update on every deploy
180
+ // even when nothing changed.
181
+ const imageTag = 'src-' + crypto
182
+ .createHash('sha256')
183
+ .update(sourceAsset.assetHash)
184
+ .update(JSON.stringify(buildArgs ?? {}))
185
+ .update(dockerFile ?? 'Dockerfile')
186
+ .update(platform)
187
+ .digest('hex')
188
+ .substring(0, 16);
163
189
  // Convert buildArgs to a CLI-friendly string
164
190
  const buildArgsString = buildArgs
165
191
  ? Object.entries(buildArgs)
@@ -345,6 +371,7 @@ class TokenInjectableDockerBuilder extends constructs_1.Construct {
345
371
  'logs:GetLogEvents',
346
372
  'logs:DescribeLogStreams',
347
373
  'logs:DescribeLogGroups',
374
+ 'ecr:DescribeImages',
348
375
  ],
349
376
  resources: ['*'],
350
377
  }));
@@ -361,26 +388,34 @@ class TokenInjectableDockerBuilder extends constructs_1.Construct {
361
388
  });
362
389
  serviceToken = provider.serviceToken;
363
390
  }
364
- // Custom Resource that triggers the CodeBuild and waits for completion
391
+ // Custom Resource that triggers the CodeBuild and waits for completion.
392
+ // RepositoryName is passed so the isComplete handler can query ECR for
393
+ // the image digest after the build succeeds.
365
394
  const buildTriggerResource = new aws_cdk_lib_1.CustomResource(this, 'BuildTriggerResource', {
366
395
  serviceToken,
367
396
  properties: {
368
397
  ProjectName: codeBuildProject.projectName,
398
+ RepositoryName: this.ecrRepository.repositoryName,
369
399
  ImageTag: imageTag,
370
- Trigger: sourceAsset.assetHash,
400
+ Trigger: imageTag,
371
401
  RetainBuildLogs: retainBuildLogs ? 'true' : 'false',
372
402
  },
373
403
  });
374
404
  buildTriggerResource.node.addDependency(codeBuildProject);
375
- // Retrieve the final Docker image tag from Data.ImageTag
376
- const imageTagRef = buildTriggerResource.getAttString('ImageTag');
377
- this.containerImage = aws_ecs_1.ContainerImage.fromEcrRepository(this.ecrRepository, imageTagRef);
405
+ // Reference the image by DIGEST, not tag. The digest is content-addressable
406
+ // and immutable: even if the tag is later moved or deleted, Lambda's pinned
407
+ // reference still works as long as the digest exists in ECR. This is the
408
+ // safety mechanism that prevents the "Image ID cannot be found" failure
409
+ // mode when CFN rolls back and re-pushes the same tag with different
410
+ // content.
411
+ const imageDigestRef = buildTriggerResource.getAttString('ImageDigest');
412
+ this.containerImage = aws_ecs_1.ContainerImage.fromEcrRepository(this.ecrRepository, imageDigestRef);
378
413
  this.dockerImageCode = aws_lambda_1.DockerImageCode.fromEcr(this.ecrRepository, {
379
- tagOrDigest: imageTagRef,
414
+ tagOrDigest: imageDigestRef,
380
415
  });
381
416
  }
382
417
  }
383
418
  exports.TokenInjectableDockerBuilder = TokenInjectableDockerBuilder;
384
419
  _b = JSII_RTTI_SYMBOL_1;
385
- TokenInjectableDockerBuilder[_b] = { fqn: "token-injectable-docker-builder.TokenInjectableDockerBuilder", version: "1.12.2" };
386
- //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFBQSxpQ0FBaUM7QUFDakMseUJBQXlCO0FBQ3pCLDZCQUE2QjtBQUU3Qiw2Q0FBOEQ7QUFDOUQsNkRBQTRHO0FBRTVHLGlEQUFrRjtBQUNsRixpREFBcUQ7QUFDckQsaURBQXNEO0FBQ3RELGlEQUEwQztBQUMxQyx1REFBa0Y7QUFFbEYsNkRBQWtEO0FBQ2xELG1FQUF3RDtBQUN4RCwyQ0FBdUM7QUFFdkMsTUFBTSxxQkFBcUIsR0FBRyxzQ0FBc0MsQ0FBQztBQWNyRTs7Ozs7O0dBTUc7QUFDSCxNQUFhLG9DQUFxQyxTQUFRLHNCQUFTO0lBQ2pFOzs7O09BSUc7SUFDSSxNQUFNLENBQUMsV0FBVyxDQUFDLEtBQWdCLEVBQUUsS0FBaUQ7UUFDM0YsTUFBTSxLQUFLLEdBQUcsbUJBQUssQ0FBQyxFQUFFLENBQUMsS0FBSyxDQUFDLENBQUM7UUFDOUIsTUFBTSxRQUFRLEdBQUcsS0FBSyxDQUFDLElBQUksQ0FBQyxZQUFZLENBQUMscUJBQXFCLENBQXFELENBQUM7UUFDcEgsSUFBSSxRQUFRO1lBQUUsT0FBTyxRQUFRLENBQUM7UUFDOUIsT0FBTyxJQUFJLG9DQUFvQyxDQUFDLEtBQUssRUFBRSxxQkFBcUIsRUFBRSxLQUFLLENBQUMsQ0FBQztJQUN2RixDQUFDO0lBUUQsWUFBb0IsS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBaUQ7UUFDakcsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztRQUVqQixJQUFJLENBQUMsc0JBQXNCLEdBQUcsSUFBSSxxQkFBUSxDQUFDLElBQUksRUFBRSxnQkFBZ0IsRUFBRTtZQUNqRSxPQUFPLEVBQUUsb0JBQU8sQ0FBQyxXQUFXO1lBQzVCLElBQUksRUFBRSxpQkFBSSxDQUFDLFNBQVMsQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLFNBQVMsRUFBRSxZQUFZLENBQUMsQ0FBQztZQUMzRCxPQUFPLEVBQUUsaUJBQWlCO1lBQzFCLE9BQU8sRUFBRSxzQkFBUSxDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7U0FDOUIsQ0FBQyxDQUFDO1FBQ0gsSUFBSSxDQUFDLHNCQUFzQixDQUFDLGVBQWUsQ0FDekMsSUFBSSx5QkFBZSxDQUFDO1lBQ2xCLE9BQU8sRUFBRTtnQkFDUCxxQkFBcUI7Z0JBQ3JCLHlCQUF5QjtnQkFDekIscUJBQXFCO2FBQ3RCO1lBQ0QsU0FBUyxFQUFFLENBQUMsOENBQThDLENBQUM7U0FDNUQsQ0FBQyxDQUNILENBQUM7UUFFRixJQUFJLENBQUMseUJBQXlCLEdBQUcsSUFBSSxxQkFBUSxDQUFDLElBQUksRUFBRSxtQkFBbUIsRUFBRTtZQUN2RSxPQUFPLEVBQUUsb0JBQU8sQ0FBQyxXQUFXO1lBQzVCLElBQUksRUFBRSxpQkFBSSxDQUFDLFNBQVMsQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLFNBQVMsRUFBRSxlQUFlLENBQUMsQ0FBQztZQUM5RCxPQUFPLEVBQUUsb0JBQW9CO1lBQzdCLE9BQU8sRUFBRSxzQkFBUSxDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7U0FDOUIsQ0FBQyxDQUFDO1FBQ0gsSUFBSSxDQUFDLHlCQUF5QixDQUFDLGVBQWUsQ0FDNUMsSUFBSSx5QkFBZSxDQUFDO1lBQ2xCLE9BQU8sRUFBRTtnQkFDUCwwQkFBMEI7Z0JBQzFCLGdDQUFnQztnQkFDaEMsbUJBQW1CO2dCQUNuQix5QkFBeUI7Z0JBQ3pCLHdCQUF3QjthQUN6QjtZQUNELFNBQVMsRUFBRSxDQUFDLEdBQUcsQ0FBQztTQUNqQixDQUFDLENBQ0gsQ0FBQztRQUVGLE1BQU0sUUFBUSxHQUFHLElBQUksMkJBQVEsQ0FBQyxJQUFJLEVBQUUsVUFBVSxFQUFFO1lBQzlDLGNBQWMsRUFBRSxJQUFJLENBQUMsc0JBQXNCO1lBQzNDLGlCQUFpQixFQUFFLElBQUksQ0FBQyx5QkFBeUI7WUFDakQsYUFBYSxFQUFFLEtBQUssRUFBRSxhQUFhLElBQUksc0JBQVEsQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1NBQzVELENBQUMsQ0FBQztRQUVILElBQUksQ0FBQyxZQUFZLEdBQUcsUUFBUSxDQUFDLFlBQVksQ0FBQztJQUM1QyxDQUFDO0lBRUQ7OztPQUdHO0lBQ0ksZUFBZSxDQUFDLE9BQWdCLEVBQUUsT0FBbUIsRUFBRSxhQUFtQjtRQUMvRSxJQUFJLENBQUMsc0JBQXNCLENBQUMsZUFBZSxDQUN6QyxJQUFJLHlCQUFlLENBQUM7WUFDbEIsT0FBTyxFQUFFLENBQUMsc0JBQXNCLENBQUM7WUFDakMsU0FBUyxFQUFFLENBQUMsT0FBTyxDQUFDLFVBQVUsQ0FBQztTQUNoQyxDQUFDLENBQ0gsQ0FBQztRQUNGLE9BQU8sQ0FBQyxhQUFhLENBQUMsSUFBSSxDQUFDLHNCQUFzQixDQUFDLENBQUM7UUFDbkQsT0FBTyxDQUFDLGFBQWEsQ0FBQyxJQUFJLENBQUMseUJBQXlCLENBQUMsQ0FBQztRQUV0RCxJQUFJLGFBQWEsRUFBRSxDQUFDO1lBQ2xCLGFBQWEsQ0FBQyxtQkFBbUIsQ0FBQyxJQUFJLENBQUMsc0JBQXNCLENBQUMsQ0FBQztZQUMvRCxhQUFhLENBQUMsbUJBQW1CLENBQUMsSUFBSSxDQUFDLHlCQUF5QixDQUFDLENBQUM7UUFDcEUsQ0FBQztJQUNILENBQUM7O0FBckZILG9GQXNGQzs7O0FBK0xEOzs7O0dBSUc7QUFDSCxNQUFhLDRCQUE2QixTQUFRLHNCQUFTO0lBa0J6RDs7Ozs7O09BTUc7SUFDSCxZQUFZLEtBQWdCLEVBQUUsRUFBVSxFQUFFLEtBQXdDO1FBQ2hGLEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFFakIsTUFBTSxFQUNKLElBQUksRUFBRSxVQUFVLEVBQ2hCLFNBQVMsRUFDVCxvQkFBb0IsRUFDcEIsR0FBRyxFQUNILGNBQWMsRUFDZCxlQUFlLEVBQ2YsZUFBZSxFQUNmLGdCQUFnQixFQUNoQixhQUFhLEdBQUcsS0FBSyxFQUNyQix5QkFBeUIsRUFDekIsT0FBTyxFQUNQLElBQUksRUFBRSxVQUFVLEVBQ2hCLGFBQWEsR0FBRyxLQUFLLEVBQ3JCLGFBQWEsRUFBRSxpQkFBaUIsRUFDaEMsUUFBUSxHQUFHLGFBQWEsRUFDeEIsUUFBUSxFQUFFLGNBQWMsRUFDeEIsMkJBQTJCLEVBQzNCLGVBQWUsR0FBRyxLQUFLLEdBQ3hCLEdBQUcsS0FBSyxDQUFDO1FBRVYsMENBQTBDO1FBQzFDLE1BQU0sUUFBUSxHQUFHLE1BQU0sQ0FBQyxVQUFVLEVBQUUsQ0FBQztRQUVyQyw4REFBOEQ7UUFDOUQsSUFBSSxhQUE4QixDQUFDO1FBQ25DLElBQUksYUFBYSxFQUFFLENBQUM7WUFDbEIsYUFBYSxHQUFHLElBQUksYUFBRyxDQUFDLElBQUksRUFBRSxrQkFBa0IsRUFBRTtnQkFDaEQsaUJBQWlCLEVBQUUsSUFBSTthQUN4QixDQUFDLENBQUM7UUFDTCxDQUFDO1FBRUQsNERBQTREO1FBQzVELElBQUksQ0FBQyxhQUFhLEdBQUcsSUFBSSxvQkFBVSxDQUFDLElBQUksRUFBRSxlQUFlLEVBQUU7WUFDekQsY0FBYyxFQUFFO2dCQUNkO29CQUNFLFlBQVksRUFBRSxDQUFDO29CQUNmLFdBQVcsRUFBRSxvQ0FBb0M7b0JBQ2pELFNBQVMsRUFBRSxtQkFBUyxDQUFDLFFBQVE7b0JBQzdCLFdBQVcsRUFBRSxzQkFBUSxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUM7aUJBQzlCO2FBQ0Y7WUFDRCxVQUFVLEVBQUUsYUFBYSxDQUFDLENBQUMsQ0FBQyw4QkFBb0IsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLDhCQUFvQixDQUFDLE9BQU87WUFDbkYsYUFBYSxFQUFFLGFBQWEsQ0FBQyxDQUFDLENBQUMsYUFBYSxDQUFDLENBQUMsQ0FBQyxTQUFTO1lBQ3hELGVBQWUsRUFBRSxJQUFJO1NBQ3RCLENBQUMsQ0FBQztRQUVILElBQUksZ0JBQWdCLEdBQUcsT0FBTyxDQUFDO1FBQy9CLElBQUksQ0FBQyxnQkFBZ0IsRUFBRSxDQUFDO1lBQ3RCLE1BQU0sZ0JBQWdCLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQyxVQUFVLEVBQUUsZUFBZSxDQUFDLENBQUM7WUFDaEUsSUFBSSxFQUFFLENBQUMsVUFBVSxDQUFDLGdCQUFnQixDQUFDLEVBQUUsQ0FBQztnQkFDcEMsTUFBTSxXQUFXLEdBQUcsRUFBRSxDQUFDLFlBQVksQ0FBQyxnQkFBZ0IsRUFBRSxNQUFNLENBQUMsQ0FBQztnQkFDOUQsZ0JBQWdCLEdBQUcsV0FBVztxQkFDM0IsS0FBSyxDQUFDLElBQUksQ0FBQztxQkFDWCxHQUFHLENBQUMsQ0FBQyxJQUFZLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxJQUFJLEVBQUUsQ0FBQztxQkFDbEMsTUFBTSxDQUFDLENBQUMsSUFBWSxFQUFFLEVBQUUsQ0FBQyxJQUFJLENBQUMsTUFBTSxHQUFHLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQztZQUN4RSxDQUFDO1FBQ0gsQ0FBQztRQUVELG9GQUFvRjtRQUNwRixNQUFNLGNBQWMsR0FBRyxVQUFVLElBQUksWUFBWSxDQUFDO1FBQ2xELElBQUksZ0JBQWdCLEVBQUUsQ0FBQztZQUNyQixnQkFBZ0IsR0FBRyxnQkFBZ0IsQ0FBQyxNQUFNLENBQUMsQ0FBQyxPQUFlLEVBQUUsRUFBRTtnQkFDN0QsTUFBTSxPQUFPLEdBQUcsT0FBTyxDQUFDLE9BQU8sQ0FBQyxtQkFBbUIsRUFBRSxNQUFNLENBQUMsQ0FBQztnQkFDN0QsTUFBTSxLQUFLLEdBQUcsSUFBSSxNQUFNLENBQUMsSUFBSSxPQUFPLENBQUMsT0FBTyxDQUFDLEtBQUssRUFBRSxJQUFJLENBQUMsQ0FBQyxPQUFPLENBQUMsS0FBSyxFQUFFLEdBQUcsQ0FBQyxHQUFHLEVBQUUsR0FBRyxDQUFDLENBQUM7Z0JBQ3ZGLE9BQU8sQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLGNBQWMsQ0FBQyxDQUFDO1lBQ3JDLENBQUMsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztRQUVELDZEQUE2RDtRQUM3RCxNQUFNLFdBQVcsR0FBRyxJQUFJLHFCQUFLLENBQUMsSUFBSSxFQUFFLGFBQWEsRUFBRTtZQUNqRCxJQUFJLEVBQUUsVUFBVTtZQUNoQixPQUFPLEVBQUUsZ0JBQWdCO1NBQzFCLENBQUMsQ0FBQztRQUVILDZDQUE2QztRQUM3QyxNQUFNLGVBQWUsR0FBRyxTQUFTO1lBQy9CLENBQUMsQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQztpQkFDeEIsR0FBRyxDQUFDLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLGVBQWUsQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDO2lCQUN4QyxJQUFJLENBQUMsR0FBRyxDQUFDO1lBQ1osQ0FBQyxDQUFDLEVBQUUsQ0FBQztRQUVQLE1BQU0sY0FBYyxHQUFHLFVBQVUsQ0FBQyxDQUFDLENBQUMseUJBQXlCLFVBQVUsRUFBRSxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUM7UUFFL0Usd0RBQXdEO1FBQ3hELE1BQU0sbUJBQW1CLEdBQUcsb0JBQW9CO1lBQzlDLENBQUMsQ0FBQztnQkFDQSx5Q0FBeUM7Z0JBQ3pDLDRDQUE0QztnQkFDNUMscUVBQXFFLG9CQUFvQix3REFBd0Q7Z0JBQ2pKLHFFQUFxRSxvQkFBb0Isd0RBQXdEO2dCQUNqSixvQ0FBb0M7Z0JBQ3BDLG1GQUFtRjthQUNwRjtZQUNELENBQUMsQ0FBQyxDQUFDLDBEQUEwRCxDQUFDLENBQUM7UUFFakUsTUFBTSxxQkFBcUIsR0FBRyxhQUFhO1lBQ3pDLENBQUMsQ0FBQyxFQUFFO1lBQ0osQ0FBQyxDQUFDO2dCQUNBLHdEQUF3RDtnQkFDeEQsa0lBQWtJO2FBQ25JLENBQUM7UUFFSixNQUFNLFlBQVksR0FBRyxjQUFjLFFBQVEsRUFBRSxDQUFDO1FBRTlDLHNGQUFzRjtRQUN0RiwyR0FBMkc7UUFDM0csTUFBTSxZQUFZLEdBQUcsYUFBYTtZQUNoQyxDQUFDLENBQUMsZ0JBQWdCLFlBQVksSUFBSSxjQUFjLElBQUksZUFBZSxxQkFBcUIsUUFBUSxxQkFBcUI7WUFDckgsQ0FBQyxDQUFDLDhCQUE4QixZQUFZLHFLQUFxSyxjQUFjLElBQUksZUFBZSxxQkFBcUIsUUFBUSxxQkFBcUIsQ0FBQztRQUV2UyxNQUFNLFlBQVksR0FBRztZQUNuQixPQUFPLEVBQUUsS0FBSztZQUNkLE1BQU0sRUFBRTtnQkFDTixPQUFPLEVBQUU7b0JBQ1AsUUFBUSxFQUFFO3dCQUNSLG1DQUFtQzt3QkFDbkMsR0FBRyxDQUFDLGVBQWUsSUFBSSxFQUFFLENBQUM7d0JBQzFCLEdBQUcscUJBQXFCO3FCQUN6QjtpQkFDRjtnQkFDRCxTQUFTLEVBQUU7b0JBQ1QsUUFBUSxFQUFFO3dCQUNSLEdBQUcsQ0FBQyxnQkFBZ0IsSUFBSSxFQUFFLENBQUM7d0JBQzNCLEdBQUcsbUJBQW1CO3dCQUN0QixxQ0FBcUM7d0JBQ3JDLGdGQUFnRjt3QkFDaEYsbUNBQW1DO3dCQUNuQyw4SkFBOEo7cUJBQy9KO2lCQUNGO2dCQUNELEtBQUssRUFBRTtvQkFDTCxRQUFRLEVBQUU7d0JBQ1Isd0NBQXdDLFFBQVEsTUFBTTt3QkFDdEQsWUFBWTtxQkFDYjtpQkFDRjtnQkFDRCxHQUFHLENBQUMsYUFBYSxJQUFJO29CQUNuQixVQUFVLEVBQUU7d0JBQ1YsUUFBUSxFQUFFOzRCQUNSLHVDQUF1QyxRQUFRLE1BQU07NEJBQ3JELDZCQUE2QixRQUFRLEVBQUU7eUJBQ3hDO3FCQUNGO2lCQUNGLENBQUM7YUFDSDtTQUNGLENBQUM7UUFFRixNQUFNLEtBQUssR0FBRyxRQUFRLEtBQUssYUFBYSxDQUFDO1FBQ3pDLE1BQU0sY0FBYyxHQUFHLEtBQUs7WUFDMUIsQ0FBQyxDQUFDLGtDQUFrQixDQUFDLDJCQUEyQjtZQUNoRCxDQUFDLENBQUMsK0JBQWUsQ0FBQyxZQUFZLENBQUM7UUFFakMsK0JBQStCO1FBQy9CLE1BQU0sZ0JBQWdCLEdBQUcsSUFBSSx1QkFBTyxDQUFDLElBQUksRUFBRSxrQkFBa0IsRUFBRTtZQUM3RCxNQUFNLEVBQUUsc0JBQU0sQ0FBQyxFQUFFLENBQUM7Z0JBQ2hCLE1BQU0sRUFBRSxXQUFXLENBQUMsTUFBTTtnQkFDMUIsSUFBSSxFQUFFLFdBQVcsQ0FBQyxXQUFXO2FBQzlCLENBQUM7WUFDRixXQUFXLEVBQUU7Z0JBQ1gsVUFBVSxFQUFFLGNBQWM7Z0JBQzFCLFVBQVUsRUFBRSxJQUFJO2FBQ2pCO1lBQ0Qsb0JBQW9CLEVBQUU7Z0JBQ3BCLFlBQVksRUFBRSxFQUFFLEtBQUssRUFBRSxJQUFJLENBQUMsYUFBYSxDQUFDLGFBQWEsRUFBRTthQUMxRDtZQUNELFNBQVMsRUFBRSx5QkFBUyxDQUFDLFVBQVUsQ0FBQyxZQUFZLENBQUM7WUFDN0MsR0FBRyxDQUFDLGlCQUFpQixJQUFJO2dCQUN2QixPQUFPLEVBQUU7b0JBQ1AsVUFBVSxFQUFFO3dCQUNWLFFBQVEsRUFBRSxpQkFBaUI7cUJBQzVCO2lCQUNGO2FBQ0YsQ0FBQztZQUNGLEdBQUc7WUFDSCxjQUFjO1lBQ2QsZUFBZTtTQUNoQixDQUFDLENBQUM7UUFFSCx1RUFBdUU7UUFDdkUsSUFBSSxlQUFlLEVBQUUsQ0FBQztZQUNwQixNQUFNLEtBQUssR0FBRyxtQkFBSyxDQUFDLEVBQUUsQ0FBQyxJQUFJLENBQUMsQ0FBQztZQUM3QixnQkFBZ0IsQ0FBQyxlQUFlLENBQzlCLElBQUkseUJBQWUsQ0FBQztnQkFDbEIsT0FBTyxFQUFFO29CQUNQLHFCQUFxQjtvQkFDckIsc0JBQXNCO29CQUN0QixtQkFBbUI7aUJBQ3BCO2dCQUNELFNBQVMsRUFBRTtvQkFDVCxnQkFBZ0IsS0FBSyxDQUFDLE1BQU0sSUFBSSxLQUFLLENBQUMsT0FBTyw4QkFBOEIsZ0JBQWdCLENBQUMsV0FBVyxFQUFFO29CQUN6RyxnQkFBZ0IsS0FBSyxDQUFDLE1BQU0sSUFBSSxLQUFLLENBQUMsT0FBTyw4QkFBOEIsZ0JBQWdCLENBQUMsV0FBVyxJQUFJO2lCQUM1RzthQUNGLENBQUMsQ0FDSCxDQUFDO1FBQ0osQ0FBQztRQUVELG1EQUFtRDtRQUNuRCxJQUFJLENBQUMsYUFBYSxDQUFDLGFBQWEsQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO1FBQ25ELGdCQUFnQixDQUFDLGVBQWUsQ0FDOUIsSUFBSSx5QkFBZSxDQUFDO1lBQ2xCLE9BQU8sRUFBRTtnQkFDUCwyQkFBMkI7Z0JBQzNCLDRCQUE0QjtnQkFDNUIsaUNBQWlDO2dCQUNqQyxtQkFBbUI7YUFDcEI7WUFDRCxTQUFTLEVBQUUsQ0FBQyxHQUFHLENBQUM7U0FDakIsQ0FBQyxDQUNILENBQUM7UUFDRixJQUFJLDJCQUEyQixJQUFJLDJCQUEyQixDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUMxRSxNQUFNLEtBQUssR0FBRyxtQkFBSyxDQUFDLEVBQUUsQ0FBQyxJQUFJLENBQUMsQ0FBQztZQUM3QixnQkFBZ0IsQ0FBQyxlQUFlLENBQzlCLElBQUkseUJBQWUsQ0FBQztnQkFDbEIsT0FBTyxFQUFFO29CQUNQLG1CQUFtQjtvQkFDbkIsNEJBQTRCO29CQUM1QixpQ0FBaUM7b0JBQ2pDLDhCQUE4QjtvQkFDOUIsc0JBQXNCO2lCQUN2QjtnQkFDRCxTQUFTLEVBQUUsMkJBQTJCLENBQUMsR0FBRyxDQUN4QyxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsZUFBZSxLQUFLLENBQUMsTUFBTSxJQUFJLEtBQUssQ0FBQyxPQUFPLGVBQWUsTUFBTSxJQUFJLENBQ2xGO2FBQ0YsQ0FBQyxDQUNILENBQUM7UUFDSixDQUFDO1FBQ0QsSUFBSSxvQkFBb0IsRUFBRSxDQUFDO1lBQ3pCLGdCQUFnQixDQUFDLGVBQWUsQ0FDOUIsSUFBSSx5QkFBZSxDQUFDO2dCQUNsQixPQUFPLEVBQUUsQ0FBQywrQkFBK0IsQ0FBQztnQkFDMUMsU0FBUyxFQUFFLENBQUMsb0JBQW9CLENBQUM7YUFDbEMsQ0FBQyxDQUNILENBQUM7UUFDSixDQUFDO1FBRUQsMkRBQTJEO1FBQzNELElBQUksYUFBYSxFQUFFLENBQUM7WUFDbEIsYUFBYSxDQUFDLG1CQUFtQixDQUFDLGdCQUFnQixDQUFDLElBQUssQ0FBQyxDQUFDO1FBQzVELENBQUM7UUFFRCxxRUFBcUU7UUFDckUsSUFBSSxZQUFvQixDQUFDO1FBQ3pCLElBQUksY0FBYyxFQUFFLENBQUM7WUFDbkIsY0FBYyxDQUFDLGVBQWUsQ0FBQyxnQkFBZ0IsRUFBRSxJQUFJLENBQUMsYUFBYSxFQUFFLGFBQWEsQ0FBQyxDQUFDO1lBQ3BGLFlBQVksR0FBRyxjQUFjLENBQUMsWUFBWSxDQUFDO1FBQzdDLENBQUM7YUFBTSxDQUFDO1lBQ04sTUFBTSxzQkFBc0IsR0FBRyxJQUFJLHFCQUFRLENBQUMsSUFBSSxFQUFFLHdCQUF3QixFQUFFO2dCQUMxRSxPQUFPLEVBQUUsb0JBQU8sQ0FBQyxXQUFXO2dCQUM1QixJQUFJLEVBQUUsaUJBQUksQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxTQUFTLEVBQUUsWUFBWSxDQUFDLENBQUM7Z0JBQzNELE9BQU8sRUFBRSxpQkFBaUI7Z0JBQzFCLE9BQU8sRUFBRSxzQkFBUSxDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7YUFDOUIsQ0FBQyxDQUFDO1lBQ0gsc0JBQXNCLENBQUMsZUFBZSxDQUNwQyxJQUFJLHlCQUFlLENBQUM7Z0JBQ2xCLE9BQU8sRUFBRSxDQUFDLHNCQUFzQixDQUFDO2dCQUNqQyxTQUFTLEVBQUUsQ0FBQyxnQkFBZ0IsQ0FBQyxVQUFVLENBQUM7YUFDekMsQ0FBQyxDQUNILENBQUM7WUFDRixzQkFBc0IsQ0FBQyxlQUFlLENBQ3BDLElBQUkseUJBQWUsQ0FBQztnQkFDbEIsT0FBTyxFQUFFO29CQUNQLHFCQUFxQjtvQkFDckIseUJBQXlCO29CQUN6QixxQkFBcUI7aUJBQ3RCO2dCQUNELFNBQVMsRUFBRSxDQUFDLDhDQUE4QyxDQUFDO2FBQzVELENBQUMsQ0FDSCxDQUFDO1lBRUYsTUFBTSx5QkFBeUIsR0FBRyxJQUFJLHFCQUFRLENBQUMsSUFBSSxFQUFFLDJCQUEyQixFQUFFO2dCQUNoRixPQUFPLEVBQUUsb0JBQU8sQ0FBQyxXQUFXO2dCQUM1QixJQUFJLEVBQUUsaUJBQUksQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxTQUFTLEVBQUUsZUFBZSxDQUFDLENBQUM7Z0JBQzlELFdBQVcsRUFBRTtvQkFDWCxTQUFTLEVBQUUsUUFBUTtpQkFDcEI7Z0JBQ0QsT0FBTyxFQUFFLG9CQUFvQjtnQkFDN0IsT0FBTyxFQUFFLHNCQUFRLENBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQzthQUM5QixDQUFDLENBQUM7WUFDSCx5QkFBeUIsQ0FBQyxlQUFlLENBQ3ZDLElBQUkseUJBQWUsQ0FBQztnQkFDbEIsT0FBTyxFQUFFO29CQUNQLDBCQUEwQjtvQkFDMUIsZ0NBQWdDO29CQUNoQyxtQkFBbUI7b0JBQ25CLHlCQUF5QjtvQkFDekIsd0JBQXdCO2lCQUN6QjtnQkFDRCxTQUFTLEVBQUUsQ0FBQyxHQUFHLENBQUM7YUFDakIsQ0FBQyxDQUNILENBQUM7WUFFRixJQUFJLGFBQWEsRUFBRSxDQUFDO2dCQUNsQixhQUFhLENBQUMsbUJBQW1CLENBQUMsc0JBQXNCLENBQUMsQ0FBQztnQkFDMUQsYUFBYSxDQUFDLG1CQUFtQixDQUFDLHlCQUF5QixDQUFDLENBQUM7WUFDL0QsQ0FBQztZQUNELElBQUksQ0FBQyxhQUFhLENBQUMsYUFBYSxDQUFDLHNCQUFzQixDQUFDLENBQUM7WUFDekQsSUFBSSxDQUFDLGFBQWEsQ0FBQyxhQUFhLENBQUMseUJBQXlCLENBQUMsQ0FBQztZQUU1RCxNQUFNLFFBQVEsR0FBRyxJQUFJLDJCQUFRLENBQUMsSUFBSSxFQUFFLHdCQUF3QixFQUFFO2dCQUM1RCxjQUFjLEVBQUUsc0JBQXNCO2dCQUN0QyxpQkFBaUIsRUFBRSx5QkFBeUI7Z0JBQzVDLGFBQWEsRUFBRSx5QkFBeUIsSUFBSSxzQkFBUSxDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7YUFDakUsQ0FBQyxDQUFDO1lBQ0gsWUFBWSxHQUFHLFFBQVEsQ0FBQyxZQUFZLENBQUM7UUFDdkMsQ0FBQztRQUVELHVFQUF1RTtRQUN2RSxNQUFNLG9CQUFvQixHQUFHLElBQUksNEJBQWMsQ0FBQyxJQUFJLEVBQUUsc0JBQXNCLEVBQUU7WUFDNUUsWUFBWTtZQUNaLFVBQVUsRUFBRTtnQkFDVixXQUFXLEVBQUUsZ0JBQWdCLENBQUMsV0FBVztnQkFDekMsUUFBUSxFQUFFLFFBQVE7Z0JBQ2xCLE9BQU8sRUFBRSxXQUFXLENBQUMsU0FBUztnQkFDOUIsZUFBZSxFQUFFLGVBQWUsQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxPQUFPO2FBQ3BEO1NBQ0YsQ0FBQyxDQUFDO1FBQ0gsb0JBQW9CLENBQUMsSUFBSSxDQUFDLGFBQWEsQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO1FBRTFELHlEQUF5RDtRQUN6RCxNQUFNLFdBQVcsR0FBRyxvQkFBb0IsQ0FBQyxZQUFZLENBQUMsVUFBVSxDQUFDLENBQUM7UUFDbEUsSUFBSSxDQUFDLGNBQWMsR0FBRyx3QkFBYyxDQUFDLGlCQUFpQixDQUFDLElBQUksQ0FBQyxhQUFhLEVBQUUsV0FBVyxDQUFDLENBQUM7UUFDeEYsSUFBSSxDQUFDLGVBQWUsR0FBRyw0QkFBZSxDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUMsYUFBYSxFQUFFO1lBQ2pFLFdBQVcsRUFBRSxXQUFXO1NBQ3pCLENBQUMsQ0FBQztJQUNMLENBQUM7O0FBaldILG9FQWtXQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCAqIGFzIGNyeXB0byBmcm9tICdjcnlwdG8nO1xuaW1wb3J0ICogYXMgZnMgZnJvbSAnZnMnO1xuaW1wb3J0ICogYXMgcGF0aCBmcm9tICdwYXRoJztcblxuaW1wb3J0IHsgQ3VzdG9tUmVzb3VyY2UsIER1cmF0aW9uLCBTdGFjayB9IGZyb20gJ2F3cy1jZGstbGliJztcbmltcG9ydCB7IFByb2plY3QsIFNvdXJjZSwgTGludXhCdWlsZEltYWdlLCBMaW51eEFybUJ1aWxkSW1hZ2UsIEJ1aWxkU3BlYyB9IGZyb20gJ2F3cy1jZGstbGliL2F3cy1jb2RlYnVpbGQnO1xuaW1wb3J0IHsgSVZwYywgSVNlY3VyaXR5R3JvdXAsIFN1Ym5ldFNlbGVjdGlvbiB9IGZyb20gJ2F3cy1jZGstbGliL2F3cy1lYzInO1xuaW1wb3J0IHsgUmVwb3NpdG9yeSwgUmVwb3NpdG9yeUVuY3J5cHRpb24sIFRhZ1N0YXR1cyB9IGZyb20gJ2F3cy1jZGstbGliL2F3cy1lY3InO1xuaW1wb3J0IHsgQ29udGFpbmVySW1hZ2UgfSBmcm9tICdhd3MtY2RrLWxpYi9hd3MtZWNzJztcbmltcG9ydCB7IFBvbGljeVN0YXRlbWVudCB9IGZyb20gJ2F3cy1jZGstbGliL2F3cy1pYW0nO1xuaW1wb3J0IHsgS2V5IH0gZnJvbSAnYXdzLWNkay1saWIvYXdzLWttcyc7XG5pbXBvcnQgeyBSdW50aW1lLCBDb2RlLCBEb2NrZXJJbWFnZUNvZGUsIEZ1bmN0aW9uIH0gZnJvbSAnYXdzLWNkay1saWIvYXdzLWxhbWJkYSc7XG5pbXBvcnQgeyBJTG9nR3JvdXAgfSBmcm9tICdhd3MtY2RrLWxpYi9hd3MtbG9ncyc7XG5pbXBvcnQgeyBBc3NldCB9IGZyb20gJ2F3cy1jZGstbGliL2F3cy1zMy1hc3NldHMnO1xuaW1wb3J0IHsgUHJvdmlkZXIgfSBmcm9tICdhd3MtY2RrLWxpYi9jdXN0b20tcmVzb3VyY2VzJztcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gJ2NvbnN0cnVjdHMnO1xuXG5jb25zdCBQUk9WSURFUl9TSU5HTEVUT05fSUQgPSAnVG9rZW5JbmplY3RhYmxlRG9ja2VyQnVpbGRlclByb3ZpZGVyJztcblxuLyoqXG4gKiBPcHRpb25zIGZvciBjcmVhdGluZyBhIGBUb2tlbkluamVjdGFibGVEb2NrZXJCdWlsZGVyUHJvdmlkZXJgLlxuICovXG5leHBvcnQgaW50ZXJmYWNlIFRva2VuSW5qZWN0YWJsZURvY2tlckJ1aWxkZXJQcm92aWRlclByb3BzIHtcbiAgLyoqXG4gICAqIEhvdyBvZnRlbiB0aGUgcHJvdmlkZXIgcG9sbHMgZm9yIGJ1aWxkIGNvbXBsZXRpb24uXG4gICAqXG4gICAqIEBkZWZhdWx0IER1cmF0aW9uLnNlY29uZHMoMzApXG4gICAqL1xuICByZWFkb25seSBxdWVyeUludGVydmFsPzogRHVyYXRpb247XG59XG5cbi8qKlxuICogU2hhcmVkIHByb3ZpZGVyIGZvciBgVG9rZW5JbmplY3RhYmxlRG9ja2VyQnVpbGRlcmAgaW5zdGFuY2VzLlxuICpcbiAqIENyZWF0ZXMgdGhlIG9uRXZlbnQgYW5kIGlzQ29tcGxldGUgTGFtYmRhIGZ1bmN0aW9ucyBvbmNlIHBlciBzdGFjay5cbiAqIEVhY2ggYnVpbGRlciBpbnN0YW5jZSByZWdpc3RlcnMgaXRzIENvZGVCdWlsZCBwcm9qZWN0IEFSTiBzbyB0aGVcbiAqIHNoYXJlZCBMYW1iZGFzIGhhdmUgcGVybWlzc2lvbiB0byBzdGFydCBidWlsZHMgYW5kIHJlYWQgbG9ncy5cbiAqL1xuZXhwb3J0IGNsYXNzIFRva2VuSW5qZWN0YWJsZURvY2tlckJ1aWxkZXJQcm92aWRlciBleHRlbmRzIENvbnN0cnVjdCB7XG4gIC8qKlxuICAgKiBHZXQgb3IgY3JlYXRlIHRoZSBzaW5nbGV0b24gcHJvdmlkZXIgZm9yIHRoaXMgc3RhY2suXG4gICAqIEFsbCBgVG9rZW5JbmplY3RhYmxlRG9ja2VyQnVpbGRlcmAgaW5zdGFuY2VzIGluIHRoZSBzYW1lIHN0YWNrXG4gICAqIHNoYXJlIGEgc2luZ2xlIHBhaXIgb2YgTGFtYmRhIGZ1bmN0aW9ucy5cbiAgICovXG4gIHB1YmxpYyBzdGF0aWMgZ2V0T3JDcmVhdGUoc2NvcGU6IENvbnN0cnVjdCwgcHJvcHM/OiBUb2tlbkluamVjdGFibGVEb2NrZXJCdWlsZGVyUHJvdmlkZXJQcm9wcyk6IFRva2VuSW5qZWN0YWJsZURvY2tlckJ1aWxkZXJQcm92aWRlciB7XG4gICAgY29uc3Qgc3RhY2sgPSBTdGFjay5vZihzY29wZSk7XG4gICAgY29uc3QgZXhpc3RpbmcgPSBzdGFjay5ub2RlLnRyeUZpbmRDaGlsZChQUk9WSURFUl9TSU5HTEVUT05fSUQpIGFzIFRva2VuSW5qZWN0YWJsZURvY2tlckJ1aWxkZXJQcm92aWRlciB8IHVuZGVmaW5lZDtcbiAgICBpZiAoZXhpc3RpbmcpIHJldHVybiBleGlzdGluZztcbiAgICByZXR1cm4gbmV3IFRva2VuSW5qZWN0YWJsZURvY2tlckJ1aWxkZXJQcm92aWRlcihzdGFjaywgUFJPVklERVJfU0lOR0xFVE9OX0lELCBwcm9wcyk7XG4gIH1cblxuICAvKiogVGhlIHNlcnZpY2UgdG9rZW4gdXNlZCBieSBDdXN0b21SZXNvdXJjZSBpbnN0YW5jZXMuICovXG4gIHB1YmxpYyByZWFkb25seSBzZXJ2aWNlVG9rZW46IHN0cmluZztcblxuICBwcml2YXRlIHJlYWRvbmx5IG9uRXZlbnRIYW5kbGVyRnVuY3Rpb246IEZ1bmN0aW9uO1xuICBwcml2YXRlIHJlYWRvbmx5IGlzQ29tcGxldGVIYW5kbGVyRnVuY3Rpb246IEZ1bmN0aW9uO1xuXG4gIHByaXZhdGUgY29uc3RydWN0b3Ioc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZywgcHJvcHM/OiBUb2tlbkluamVjdGFibGVEb2NrZXJCdWlsZGVyUHJvdmlkZXJQcm9wcykge1xuICAgIHN1cGVyKHNjb3BlLCBpZCk7XG5cbiAgICB0aGlzLm9uRXZlbnRIYW5kbGVyRnVuY3Rpb24gPSBuZXcgRnVuY3Rpb24odGhpcywgJ09uRXZlbnRIYW5kbGVyJywge1xuICAgICAgcnVudGltZTogUnVudGltZS5OT0RFSlNfMjJfWCxcbiAgICAgIGNvZGU6IENvZGUuZnJvbUFzc2V0KHBhdGgucmVzb2x2ZShfX2Rpcm5hbWUsICcuLi9vbkV2ZW50JykpLFxuICAgICAgaGFuZGxlcjogJ29uRXZlbnQuaGFuZGxlcicsXG4gICAgICB0aW1lb3V0OiBEdXJhdGlvbi5taW51dGVzKDE1KSxcbiAgICB9KTtcbiAgICB0aGlzLm9uRXZlbnRIYW5kbGVyRnVuY3Rpb24uYWRkVG9Sb2xlUG9saWN5KFxuICAgICAgbmV3IFBvbGljeVN0YXRlbWVudCh7XG4gICAgICAgIGFjdGlvbnM6IFtcbiAgICAgICAgICAnbG9nczpDcmVhdGVMb2dHcm91cCcsXG4gICAgICAgICAgJ2xvZ3M6UHV0UmV0ZW50aW9uUG9saWN5JyxcbiAgICAgICAgICAnbG9nczpEZWxldGVMb2dHcm91cCcsXG4gICAgICAgIF0sXG4gICAgICAgIHJlc291cmNlczogWydhcm46YXdzOmxvZ3M6KjoqOmxvZy1ncm91cDovZG9ja2VyLWJ1aWxkZXIvKiddLFxuICAgICAgfSksXG4gICAgKTtcblxuICAgIHRoaXMuaXNDb21wbGV0ZUhhbmRsZXJGdW5jdGlvbiA9IG5ldyBGdW5jdGlvbih0aGlzLCAnSXNDb21wbGV0ZUhhbmRsZXInLCB7XG4gICAgICBydW50aW1lOiBSdW50aW1lLk5PREVKU18yMl9YLFxuICAgICAgY29kZTogQ29kZS5mcm9tQXNzZXQocGF0aC5yZXNvbHZlKF9fZGlybmFtZSwgJy4uL2lzQ29tcGxldGUnKSksXG4gICAgICBoYW5kbGVyOiAnaXNDb21wbGV0ZS5oYW5kbGVyJyxcbiAgICAgIHRpbWVvdXQ6IER1cmF0aW9uLm1pbnV0ZXMoMTUpLFxuICAgIH0pO1xuICAgIHRoaXMuaXNDb21wbGV0ZUhhbmRsZXJGdW5jdGlvbi5hZGRUb1JvbGVQb2xpY3koXG4gICAgICBuZXcgUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgYWN0aW9uczogW1xuICAgICAgICAgICdjb2RlYnVpbGQ6QmF0Y2hHZXRCdWlsZHMnLFxuICAgICAgICAgICdjb2RlYnVpbGQ6TGlzdEJ1aWxkc0ZvclByb2plY3QnLFxuICAgICAgICAgICdsb2dzOkdldExvZ0V2ZW50cycsXG4gICAgICAgICAgJ2xvZ3M6RGVzY3JpYmVMb2dTdHJlYW1zJyxcbiAgICAgICAgICAnbG9nczpEZXNjcmliZUxvZ0dyb3VwcycsXG4gICAgICAgIF0sXG4gICAgICAgIHJlc291cmNlczogWycqJ10sXG4gICAgICB9KSxcbiAgICApO1xuXG4gICAgY29uc3QgcHJvdmlkZXIgPSBuZXcgUHJvdmlkZXIodGhpcywgJ1Byb3ZpZGVyJywge1xuICAgICAgb25FdmVudEhhbmRsZXI6IHRoaXMub25FdmVudEhhbmRsZXJGdW5jdGlvbixcbiAgICAgIGlzQ29tcGxldGVIYW5kbGVyOiB0aGlzLmlzQ29tcGxldGVIYW5kbGVyRnVuY3Rpb24sXG4gICAgICBxdWVyeUludGVydmFsOiBwcm9wcz8ucXVlcnlJbnRlcnZhbCA/PyBEdXJhdGlvbi5zZWNvbmRzKDMwKSxcbiAgICB9KTtcblxuICAgIHRoaXMuc2VydmljZVRva2VuID0gcHJvdmlkZXIuc2VydmljZVRva2VuO1xuICB9XG5cbiAgLyoqXG4gICAqIEdyYW50IHRoZSBzaGFyZWQgTGFtYmRhcyBwZXJtaXNzaW9uIHRvIHN0YXJ0IGJ1aWxkcyBmb3IgYSBzcGVjaWZpY1xuICAgKiBDb2RlQnVpbGQgcHJvamVjdCBhbmQgcHVsbC9wdXNoIHRvIGl0cyBFQ1IgcmVwb3NpdG9yeS5cbiAgICovXG4gIHB1YmxpYyByZWdpc3RlclByb2plY3QocHJvamVjdDogUHJvamVjdCwgZWNyUmVwbzogUmVwb3NpdG9yeSwgZW5jcnlwdGlvbktleT86IEtleSk6IHZvaWQge1xuICAgIHRoaXMub25FdmVudEhhbmRsZXJGdW5jdGlvbi5hZGRUb1JvbGVQb2xpY3koXG4gICAgICBuZXcgUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgYWN0aW9uczogWydjb2RlYnVpbGQ6U3RhcnRCdWlsZCddLFxuICAgICAgICByZXNvdXJjZXM6IFtwcm9qZWN0LnByb2plY3RBcm5dLFxuICAgICAgfSksXG4gICAgKTtcbiAgICBlY3JSZXBvLmdyYW50UHVsbFB1c2godGhpcy5vbkV2ZW50SGFuZGxlckZ1bmN0aW9uKTtcbiAgICBlY3JSZXBvLmdyYW50UHVsbFB1c2godGhpcy5pc0NvbXBsZXRlSGFuZGxlckZ1bmN0aW9uKTtcblxuICAgIGlmIChlbmNyeXB0aW9uS2V5KSB7XG4gICAgICBlbmNyeXB0aW9uS2V5LmdyYW50RW5jcnlwdERlY3J5cHQodGhpcy5vbkV2ZW50SGFuZGxlckZ1bmN0aW9uKTtcbiAgICAgIGVuY3J5cHRpb25LZXkuZ3JhbnRFbmNyeXB0RGVjcnlwdCh0aGlzLmlzQ29tcGxldGVIYW5kbGVyRnVuY3Rpb24pO1xuICAgIH1cbiAgfVxufVxuXG4vKipcbiAqIFByb3BlcnRpZXMgZm9yIHRoZSBgVG9rZW5JbmplY3RhYmxlRG9ja2VyQnVpbGRlcmAgY29uc3RydWN0LlxuICovXG5leHBvcnQgaW50ZXJmYWNlIFRva2VuSW5qZWN0YWJsZURvY2tlckJ1aWxkZXJQcm9wcyB7XG4gIC8qKlxuICAgKiBUaGUgcGF0aCB0byB0aGUgZGlyZWN0b3J5IGNvbnRhaW5pbmcgdGhlIERvY2tlcmZpbGUgb3Igc291cmNlIGNvZGUuXG4gICAqL1xuICByZWFkb25seSBwYXRoOiBzdHJpbmc7XG5cbiAgLyoqXG4gICAqIEJ1aWxkIGFyZ3VtZW50cyB0byBwYXNzIHRvIHRoZSBEb2NrZXIgYnVpbGQgcHJvY2Vzcy5cbiAgICogVGhlc2UgYXJlIHRyYW5zZm9ybWVkIGludG8gYC0tYnVpbGQtYXJnIEtFWT1WQUxVRWAgZmxhZ3MuXG4gICAqIEBleGFtcGxlXG4gICAqIHtcbiAgICogICBUT0tFTjogJ215LXNlY3JldC10b2tlbicsXG4gICAqICAgRU5WOiAncHJvZHVjdGlvbidcbiAgICogfVxuICAgKi9cbiAgcmVhZG9ubHkgYnVpbGRBcmdzPzogeyBba2V5OiBzdHJpbmddOiBzdHJpbmcgfTtcblxuICAvKipcbiAgICogVGhlIEFSTiBvZiB0aGUgQVdTIFNlY3JldHMgTWFuYWdlciBzZWNyZXQgY29udGFpbmluZyBEb2NrZXIgbG9naW4gY3JlZGVudGlhbHMuXG4gICAqIFRoaXMgc2VjcmV0IHNob3VsZCBzdG9yZSBhIEpTT04gb2JqZWN0IHdpdGggdGhlIGZvbGxvd2luZyBzdHJ1Y3R1cmU6XG4gICAqIGBgYGpzb25cbiAgICoge1xuICAgKiAgIFwidXNlcm5hbWVcIjogXCJteS1kb2NrZXItdXNlcm5hbWVcIixcbiAgICogICBcInBhc3N3b3JkXCI6IFwibXktZG9ja2VyLXBhc3N3b3JkXCJcbiAgICogfVxuICAgKiBgYGBcbiAgICogSWYgbm90IHByb3ZpZGVkIChvciBub3QgbmVlZGVkKSwgdGhlIGNvbnN0cnVjdCB3aWxsIHNraXAgRG9ja2VyIEh1YiBsb2dpbi5cbiAgICpcbiAgICogKipOb3RlKio6IFRoZSBzZWNyZXQgbXVzdCBiZSBpbiB0aGUgc2FtZSByZWdpb24gYXMgdGhlIHN0YWNrLlxuICAgKlxuICAgKiBAZXhhbXBsZSAnYXJuOmF3czpzZWNyZXRzbWFuYWdlcjp1cy1lYXN0LTE6MTIzNDU2Nzg5MDEyOnNlY3JldDpEb2NrZXJMb2dpblNlY3JldCdcbiAgICovXG4gIHJlYWRvbmx5IGRvY2tlckxvZ2luU2VjcmV0QXJuPzogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBUaGUgVlBDIGluIHdoaWNoIHRoZSBDb2RlQnVpbGQgcHJvamVjdCB3aWxsIGJlIGRlcGxveWVkLlxuICAgKiBJZiBwcm92aWRlZCwgdGhlIENvZGVCdWlsZCBwcm9qZWN0IHdpbGwgYmUgbGF1bmNoZWQgd2l0aGluIHRoZSBzcGVjaWZpZWQgVlBDLlxuICAgKlxuICAgKiBAZGVmYXVsdCAtIE5vIFZQQyBpcyBhdHRhY2hlZCwgYW5kIHRoZSBDb2RlQnVpbGQgcHJvamVjdCB3aWxsIHVzZSBwdWJsaWMgaW50ZXJuZXQuXG4gICAqL1xuICByZWFkb25seSB2cGM/OiBJVnBjO1xuXG4gIC8qKlxuICAgKiBUaGUgc2VjdXJpdHkgZ3JvdXBzIHRvIGF0dGFjaCB0byB0aGUgQ29kZUJ1aWxkIHByb2plY3QuXG4gICAqIFRoZXNlIGRlZmluZSB0aGUgbmV0d29yayBhY2Nlc3MgcnVsZXMgZm9yIHRoZSBDb2RlQnVpbGQgcHJvamVjdC5cbiAgICpcbiAgICogQGRlZmF1bHQgLSBObyBzZWN1cml0eSBncm91cHMgYXJlIGF0dGFjaGVkLlxuICAgKi9cbiAgcmVhZG9ubHkgc2VjdXJpdHlHcm91cHM/OiBJU2VjdXJpdHlHcm91cFtdO1xuXG4gIC8qKlxuICAgKiBUaGUgc3VibmV0IHNlbGVjdGlvbiB0byBzcGVjaWZ5IHdoaWNoIHN1Ym5ldHMgdG8gdXNlIHdpdGhpbiB0aGUgVlBDLlxuICAgKiBBbGxvd3MgdGhlIHVzZXIgdG8gc2VsZWN0IHByaXZhdGUsIHB1YmxpYywgb3IgaXNvbGF0ZWQgc3VibmV0cy5cbiAgICpcbiAgICogQGRlZmF1bHQgLSBBbGwgc3VibmV0cyBpbiB0aGUgVlBDIGFyZSB1c2VkLlxuICAgKi9cbiAgcmVhZG9ubHkgc3VibmV0U2VsZWN0aW9uPzogU3VibmV0U2VsZWN0aW9uO1xuXG4gIC8qKlxuICAgKiBDdXN0b20gY29tbWFuZHMgdG8gcnVuIGR1cmluZyB0aGUgaW5zdGFsbCBwaGFzZSBvZiBDb2RlQnVpbGQuXG4gICAqXG4gICAqICoqRXhhbXBsZSoqOlxuICAgKiBgYGB0c1xuICAgKiBpbnN0YWxsQ29tbWFuZHM6IFtcbiAgICogICAnZWNobyBcIlVwZGF0aW5nIHBhY2thZ2UgbGlzdHMuLi5cIicsXG4gICAqICAgJ2FwdC1nZXQgdXBkYXRlIC15JyxcbiAgICogICAnZWNobyBcIkluc3RhbGxpbmcgcmVxdWlyZWQgcGFja2FnZXMuLi5cIicsXG4gICAqICAgJ2FwdC1nZXQgaW5zdGFsbCAteSBjdXJsIGRuc3V0aWxzJyxcbiAgICogXSxcbiAgICogYGBgXG4gICAqIEBkZWZhdWx0IC0gTm8gYWRkaXRpb25hbCBpbnN0YWxsIGNvbW1hbmRzLlxuICAgKi9cbiAgcmVhZG9ubHkgaW5zdGFsbENvbW1hbmRzPzogc3RyaW5nW107XG5cbiAgLyoqXG4gICAqIEN1c3RvbSBjb21tYW5kcyB0byBydW4gZHVyaW5nIHRoZSBwcmVfYnVpbGQgcGhhc2Ugb2YgQ29kZUJ1aWxkLlxuICAgKlxuICAgKiAqKkV4YW1wbGUqKjpcbiAgICogYGBgdHNcbiAgICogcHJlQnVpbGRDb21tYW5kczogW1xuICAgKiAgICdlY2hvIFwiRmV0Y2hpbmcgY29uZmlndXJhdGlvbiBmcm9tIHByaXZhdGUgQVBJLi4uXCInLFxuICAgKiAgICdjdXJsIC1vIGNvbmZpZy5qc29uIGh0dHBzOi8vYXBpLmV4YW1wbGUuY29tL2NvbmZpZycsXG4gICAqIF0sXG4gICAqIGBgYFxuICAgKiBAZGVmYXVsdCAtIE5vIGFkZGl0aW9uYWwgcHJlLWJ1aWxkIGNvbW1hbmRzLlxuICAgKi9cbiAgcmVhZG9ubHkgcHJlQnVpbGRDb21tYW5kcz86IHN0cmluZ1tdO1xuXG4gIC8qKlxuICAgKiBXaGV0aGVyIHRvIGVuYWJsZSBLTVMgZW5jcnlwdGlvbiBmb3IgdGhlIEVDUiByZXBvc2l0b3J5LlxuICAgKiBJZiBgdHJ1ZWAsIGEgS01TIGtleSB3aWxsIGJlIGNyZWF0ZWQgZm9yIGVuY3J5cHRpbmcgRUNSIGltYWdlcy5cbiAgICogSWYgYGZhbHNlYCwgdGhlIHJlcG9zaXRvcnkgd2lsbCB1c2UgQUVTLTI1NiBlbmNyeXB0aW9uLlxuICAgKlxuICAgKiBAZGVmYXVsdCAtIGZhbHNlXG4gICAqL1xuICByZWFkb25seSBrbXNFbmNyeXB0aW9uPzogYm9vbGVhbjtcblxuICAvKipcbiAgICogVGhlIHF1ZXJ5IGludGVydmFsIGZvciBjaGVja2luZyBpZiB0aGUgQ29kZUJ1aWxkIHByb2plY3QgaGFzIGNvbXBsZXRlZC5cbiAgICogVGhpcyBkZXRlcm1pbmVzIGhvdyBmcmVxdWVudGx5IHRoZSBjdXN0b20gcmVzb3VyY2UgcG9sbHMgZm9yIGJ1aWxkIGNvbXBsZXRpb24uXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gRHVyYXRpb24uc2Vjb25kcygzMClcbiAgICovXG4gIHJlYWRvbmx5IGNvbXBsZXRlbmVzc1F1ZXJ5SW50ZXJ2YWw/OiBEdXJhdGlvbjtcblxuICAvKipcbiAgICogQSBsaXN0IG9mIGZpbGUgcGF0aHMgaW4gdGhlIERvY2tlciBkaXJlY3RvcnkgdG8gZXhjbHVkZSBmcm9tIGJ1aWxkLlxuICAgKiBXaWxsIHVzZSBwYXRocyBpbiAuZG9ja2VyaWdub3JlIGZpbGUgaWYgcHJlc2VudC5cbiAgICpcbiAgICogQGRlZmF1bHQgLSBObyBmaWxlIHBhdGggZXhjbHVzaW9uc1xuICAgKi9cbiAgcmVhZG9ubHkgZXhjbHVkZT86IHN0cmluZ1tdO1xuXG4gIC8qKlxuICAgKiBUaGUgbmFtZSBvZiB0aGUgRG9ja2VyZmlsZSB0byB1c2UgZm9yIHRoZSBidWlsZC5cbiAgICogUGFzc2VkIGFzIGAtLWZpbGVgIHRvIGBkb2NrZXIgYnVpbGRgLlxuICAgKlxuICAgKiBAZXhhbXBsZSAnRG9ja2VyZmlsZS5wcm9kdWN0aW9uJ1xuICAgKiBAZGVmYXVsdCAnRG9ja2VyZmlsZSdcbiAgICovXG4gIHJlYWRvbmx5IGZpbGU/OiBzdHJpbmc7XG5cbiAgLyoqXG4gICAqIFdoZW4gYHRydWVgLCBkaXNhYmxlcyBEb2NrZXIgbGF5ZXIgY2FjaGluZy4gRXZlcnkgYnVpbGQgcnVucyBmcm9tIHNjcmF0Y2guXG4gICAqIFVzZSBmb3IgZGVidWdnaW5nLCBjb3JydXB0ZWQgY2FjaGUsIG9yIG1ham9yIGRlcGVuZGVuY3kgY2hhbmdlcy5cbiAgICpcbiAgICogQGRlZmF1bHQgZmFsc2VcbiAgICovXG4gIHJlYWRvbmx5IGNhY2hlRGlzYWJsZWQ/OiBib29sZWFuO1xuXG4gIC8qKlxuICAgKiBDbG91ZFdhdGNoIGxvZyBncm91cCBmb3IgQ29kZUJ1aWxkIGJ1aWxkIGxvZ3MuXG4gICAqIFdoZW4gcHJvdmlkZWQgd2l0aCBhIFJFVEFJTiByZW1vdmFsIHBvbGljeSwgYnVpbGQgbG9ncyBzdXJ2aXZlIHJvbGxiYWNrc1xuICAgKiBhbmQgc3RhY2sgZGVsZXRpb24gZm9yIGRlYnVnZ2luZy5cbiAgICpcbiAgICogQGRlZmF1bHQgLSBDb2RlQnVpbGQgZGVmYXVsdCBsb2dnaW5nIChsb2dzIGFyZSBkZWxldGVkIG9uIHJvbGxiYWNrKVxuICAgKi9cbiAgcmVhZG9ubHkgYnVpbGRMb2dHcm91cD86IElMb2dHcm91cDtcblxuICAvKipcbiAgICogVGFyZ2V0IHBsYXRmb3JtIGZvciB0aGUgRG9ja2VyIGltYWdlLlxuICAgKlxuICAgKiBXaGVuIHNldCB0byBgJ2xpbnV4L2FybTY0J2AsIHRoZSBjb25zdHJ1Y3QgdXNlcyBhIG5hdGl2ZSBBUk0vR3Jhdml0b25cbiAgICogQ29kZUJ1aWxkIGluc3RhbmNlIGZvciBmYXN0IGJ1aWxkcyB3aXRob3V0IGVtdWxhdGlvbi5cbiAgICpcbiAgICogQGRlZmF1bHQgJ2xpbnV4L2FtZDY0J1xuICAgKi9cbiAgcmVhZG9ubHkgcGxhdGZvcm0/OiAnbGludXgvYW1kNjQnIHwgJ2xpbnV4L2FybTY0JztcblxuICAvKipcbiAgICogU2hhcmVkIHByb3ZpZGVyIGZvciB0aGUgY3VzdG9tIHJlc291cmNlIExhbWJkYXMuXG4gICAqIFVzZSBgVG9rZW5JbmplY3RhYmxlRG9ja2VyQnVpbGRlclByb3ZpZGVyLmdldE9yQ3JlYXRlKHRoaXMpYCB0byBjcmVhdGVcbiAgICogYSBzaW5nbGV0b24gdGhhdCBpcyBzaGFyZWQgYWNyb3NzIGFsbCBidWlsZGVycyBpbiB0aGUgc2FtZSBzdGFjay5cbiAgICpcbiAgICogV2hlbiBvbWl0dGVkLCBlYWNoIGJ1aWxkZXIgY3JlYXRlcyBpdHMgb3duIExhbWJkYXMgKG9yaWdpbmFsIGJlaGF2aW9yKS5cbiAgICpcbiAgICogQGRlZmF1bHQgLSBBIG5ldyBwcm92aWRlciBpcyBjcmVhdGVkIHBlciBidWlsZGVyIGluc3RhbmNlXG4gICAqL1xuICByZWFkb25seSBwcm92aWRlcj86IFRva2VuSW5qZWN0YWJsZURvY2tlckJ1aWxkZXJQcm92aWRlcjtcblxuICAvKipcbiAgICogRUNSIHB1bGwtdGhyb3VnaCBjYWNoZSByZXBvc2l0b3J5IHByZWZpeGVzIHRvIGdyYW50IHB1bGwgYWNjZXNzIHRvLlxuICAgKiBVc2Ugd2hlbiB5b3VyIERvY2tlcmZpbGUgcmVmZXJlbmNlcyBiYXNlIGltYWdlcyBmcm9tIEVDUiBwdWxsLXRocm91Z2hcbiAgICogY2FjaGUgKGUuZy4gZG9ja2VyLWh1Yi9saWJyYXJ5L25vZGU6MjAtc2xpbSwgZ2hjci9vcmcvaW1hZ2U6dGFnKS5cbiAgICogVGhlIENvZGVCdWlsZCByb2xlIHdpbGwgYmUgZ3JhbnRlZCBlY3I6QmF0Y2hHZXRJbWFnZSwgZWNyOkdldERvd25sb2FkVXJsRm9yTGF5ZXIsXG4gICAqIGFuZCBlY3I6QmF0Y2hDaGVja0xheWVyQXZhaWxhYmlsaXR5IG9uIHJlcG9zaXRvcmllcyBtYXRjaGluZyBlYWNoIHByZWZpeC5cbiAgICpcbiAgICogQGV4YW1wbGUgWydkb2NrZXItaHViJywgJ2doY3InXVxuICAgKiBAZGVmYXVsdCAtIE5vIHB1bGwtdGhyb3VnaCBjYWNoZSBhY2Nlc3NcbiAgICovXG4gIHJlYWRvbmx5IGVjclB1bGxUaHJvdWdoQ2FjaGVQcmVmaXhlcz86IHN0cmluZ1tdO1xuXG4gIC8qKlxuICAgKiBXaGVuIGB0cnVlYCwgY3JlYXRlcyBhIENsb3VkV2F0Y2ggbG9nIGdyb3VwIG91dHNpZGUgb2YgQ2xvdWRGb3JtYXRpb25cbiAgICogKGAvZG9ja2VyLWJ1aWxkZXIvPHByb2plY3ROYW1lPmApIGFuZCBkaXJlY3RzIENvZGVCdWlsZCBvdXRwdXQgdGhlcmUuXG4gICAqIEJlY2F1c2UgdGhlIGxvZyBncm91cCBpcyBtYW5hZ2VkIGltcGVyYXRpdmVseSAobm90IGJ5IENsb3VkRm9ybWF0aW9uKSxcbiAgICogaXQgc3Vydml2ZXMgc3RhY2sgcm9sbGJhY2tzIGFuZCBwcmVzZXJ2ZXMgZnVsbCBidWlsZCBsb2dzIGZvciBkZWJ1Z2dpbmcuXG4gICAqIEEgNy1kYXkgcmV0ZW50aW9uIHBvbGljeSBpcyBhcHBsaWVkIHNvIG9sZCBsb2dzIGF1dG8tZXhwaXJlLlxuICAgKlxuICAgKiBTZXQgdG8gYGZhbHNlYCBhZnRlciBkZWJ1Z2dpbmcgdG8gZGVsZXRlIHRoZSBsb2cgZ3JvdXAgYW5kIGNsZWFuIHVwLlxuICAgKlxuICAgKiBAZGVmYXVsdCBmYWxzZVxuICAgKi9cbiAgcmVhZG9ubHkgcmV0YWluQnVpbGRMb2dzPzogYm9vbGVhbjtcbn1cblxuLyoqXG4gKiBBIENESyBjb25zdHJ1Y3QgdG8gYnVpbGQgYW5kIHB1c2ggRG9ja2VyIGltYWdlcyB0byBhbiBFQ1IgcmVwb3NpdG9yeSB1c2luZ1xuICogQ29kZUJ1aWxkIGFuZCBMYW1iZGEgY3VzdG9tIHJlc291cmNlcywgKip0aGVuKiogcmV0cmlldmUgdGhlIGZpbmFsIGltYWdlIHRhZ1xuICogc28gdGhhdCBFQ1MvTGFtYmRhIHJlZmVyZW5jZXMgdXNlIHRoZSBleGFjdCBkaWdlc3QuXG4gKi9cbmV4cG9ydCBjbGFzcyBUb2tlbkluamVjdGFibGVEb2NrZXJCdWlsZGVyIGV4dGVuZHMgQ29uc3RydWN0IHtcbiAgLyoqXG4gICAqIFRoZSBFQ1IgcmVwb3NpdG9yeSB0aGF0IHN0b3JlcyB0aGUgcmVzdWx0aW5nIERvY2tlciBpbWFnZS5cbiAgICovXG4gIHByaXZhdGUgcmVhZG9ubHkgZWNyUmVwb3NpdG9yeTogUmVwb3NpdG9yeTtcblxuICAvKipcbiAgICogQW4gRUNTLWNvbXBhdGlibGUgY29udGFpbmVyIGltYWdlIHJlZmVyZW5jaW5nIHRoZSB0YWdcbiAgICogb2YgdGhlIGJ1aWx0IERvY2tlciBpbWFnZS5cbiAgICovXG4gIHB1YmxpYyByZWFkb25seSBjb250YWluZXJJbWFnZTogQ29udGFpbmVySW1hZ2U7XG5cbiAgLyoqXG4gICAqIEEgTGFtYmRhLWNvbXBhdGlibGUgRG9ja2VySW1hZ2VDb2RlIHJlZmVyZW5jaW5nIHRoZSB0YWdcbiAgICogb2YgdGhlIGJ1aWx0IERvY2tlciBpbWFnZS5cbiAgICovXG4gIHB1YmxpYyByZWFkb25seSBkb2NrZXJJbWFnZUNvZGU6IERvY2tlckltYWdlQ29kZTtcblxuICAvKipcbiAgICogQ3JlYXRlcyBhIG5ldyBgVG9rZW5JbmplY3RhYmxlRG9ja2VyQnVpbGRlcmAuXG4gICAqXG4gICAqIEBwYXJhbSBzY29wZSBUaGUgc2NvcGUgaW4gd2hpY2ggdG8gZGVmaW5lIHRoaXMgY29uc3RydWN0LlxuICAgKiBAcGFyYW0gaWQgVGhlIHNjb3BlZCBjb25zdHJ1Y3QgSUQuXG4gICAqIEBwYXJhbSBwcm9wcyBDb25maWd1cmF0aW9uIGZvciBidWlsZGluZyBhbmQgcHVzaGluZyB0aGUgRG9ja2VyIGltYWdlLlxuICAgKi9cbiAgY29uc3RydWN0b3Ioc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZywgcHJvcHM6IFRva2VuSW5qZWN0YWJsZURvY2tlckJ1aWxkZXJQcm9wcykge1xuICAgIHN1cGVyKHNjb3BlLCBpZCk7XG5cbiAgICBjb25zdCB7XG4gICAgICBwYXRoOiBzb3VyY2VQYXRoLFxuICAgICAgYnVpbGRBcmdzLFxuICAgICAgZG9ja2VyTG9naW5TZWNyZXRBcm4sXG4gICAgICB2cGMsXG4gICAgICBzZWN1cml0eUdyb3VwcyxcbiAgICAgIHN1Ym5ldFNlbGVjdGlvbixcbiAgICAgIGluc3RhbGxDb21tYW5kcyxcbiAgICAgIHByZUJ1aWxkQ29tbWFuZHMsXG4gICAgICBrbXNFbmNyeXB0aW9uID0gZmFsc2UsXG4gICAgICBjb21wbGV0ZW5lc3NRdWVyeUludGVydmFsLFxuICAgICAgZXhjbHVkZSxcbiAgICAgIGZpbGU6IGRvY2tlckZpbGUsXG4gICAgICBjYWNoZURpc2FibGVkID0gZmFsc2UsXG4gICAgICBidWlsZExvZ0dyb3VwOiBidWlsZExvZ0dyb3VwUHJvcCxcbiAgICAgIHBsYXRmb3JtID0gJ2xpbnV4L2FtZDY0JyxcbiAgICAgIHByb3ZpZGVyOiBzaGFyZWRQcm92aWRlcixcbiAgICAgIGVjclB1bGxUaHJvdWdoQ2FjaGVQcmVmaXhlcyxcbiAgICAgIHJldGFpbkJ1aWxkTG9ncyA9IGZhbHNlLFxuICAgIH0gPSBwcm9wcztcblxuICAgIC8vIEdlbmVyYXRlIGFuIGVwaGVtZXJhbCB0YWcgZm9yIENvZGVCdWlsZFxuICAgIGNvbnN0IGltYWdlVGFnID0gY3J5cHRvLnJhbmRvbVVVSUQoKTtcblxuICAgIC8vIE9wdGlvbmFsbHkgZGVmaW5lIGEgS01TIGtleSBmb3IgRUNSIGVuY3J5cHRpb24gaWYgcmVxdWVzdGVkXG4gICAgbGV0IGVuY3J5cHRpb25LZXk6IEtleSB8IHVuZGVmaW5lZDtcbiAgICBpZiAoa21zRW5jcnlwdGlvbikge1xuICAgICAgZW5jcnlwdGlvbktleSA9IG5ldyBLZXkodGhpcywgJ0VjckVuY3J5cHRpb25LZXknLCB7XG4gICAgICAgIGVuYWJsZUtleVJvdGF0aW9uOiB0cnVlLFxuICAgICAgfSk7XG4gICAgfVxuXG4gICAgLy8gQ3JlYXRlIGFuIEVDUiByZXBvc2l0b3J5IChvcHRpb25hbGx5IHdpdGggS01TIGVuY3J5cHRpb24pXG4gICAgdGhpcy5lY3JSZXBvc2l0b3J5ID0gbmV3IFJlcG9zaXRvcnkodGhpcywgJ0VDUlJlcG9zaXRvcnknLCB7XG4gICAgICBsaWZlY3ljbGVSdWxlczogW1xuICAgICAgICB7XG4gICAgICAgICAgcnVsZVByaW9yaXR5OiAxLFxuICAgICAgICAgIGRlc2NyaXB0aW9uOiAnUmVtb3ZlIHVudGFnZ2VkIGltYWdlcyBhZnRlciAxIGRheScsXG4gICAgICAgICAgdGFnU3RhdHVzOiBUYWdTdGF0dXMuVU5UQUdHRUQsXG4gICAgICAgICAgbWF4SW1hZ2VBZ2U6IER1cmF0aW9uLmRheXMoMSksXG4gICAgICAgIH0sXG4gICAgICBdLFxuICAgICAgZW5jcnlwdGlvbjoga21zRW5jcnlwdGlvbiA/IFJlcG9zaXRvcnlFbmNyeXB0aW9uLktNUyA6IFJlcG9zaXRvcnlFbmNyeXB0aW9uLkFFU18yNTYsXG4gICAgICBlbmNyeXB0aW9uS2V5OiBrbXNFbmNyeXB0aW9uID8gZW5jcnlwdGlvbktleSA6IHVuZGVmaW5lZCxcbiAgICAgIGltYWdlU2Nhbk9uUHVzaDogdHJ1ZSxcbiAgICB9KTtcblxuICAgIGxldCBlZmZlY3RpdmVFeGNsdWRlID0gZXhjbHVkZTtcbiAgICBpZiAoIWVmZmVjdGl2ZUV4Y2x1ZGUpIHtcbiAgICAgIGNvbnN0IGRvY2tlcmlnbm9yZVBhdGggPSBwYXRoLmpvaW4oc291cmNlUGF0aCwgJy5kb2NrZXJpZ25vcmUnKTtcbiAgICAgIGlmIChmcy5leGlzdHNTeW5jKGRvY2tlcmlnbm9yZVBhdGgpKSB7XG4gICAgICAgIGNvbnN0IGZpbGVDb250ZW50ID0gZnMucmVhZEZpbGVTeW5jKGRvY2tlcmlnbm9yZVBhdGgsICd1dGY4Jyk7XG4gICAgICAgIGVmZmVjdGl2ZUV4Y2x1ZGUgPSBmaWxlQ29udGVudFxuICAgICAgICAgIC5zcGxpdCgnXFxuJylcbiAgICAgICAgICAubWFwKChsaW5lOiBzdHJpbmcpID0+IGxpbmUudHJpbSgpKVxuICAgICAgICAgIC5maWx0ZXIoKGxpbmU6IHN0cmluZykgPT4gbGluZS5sZW5ndGggPiAwICYmICFsaW5lLnN0YXJ0c1dpdGgoJyMnKSk7XG4gICAgICB9XG4gICAgfVxuXG4gICAgLy8gRW5zdXJlIHRoZSB0YXJnZXQgRG9ja2VyZmlsZSBpcyBuZXZlciBleGNsdWRlZCAoaGFuZGxlcyBnbG9icyBsaWtlIFwiRG9ja2VyZmlsZSpcIilcbiAgICBjb25zdCBkb2NrZXJGaWxlTmFtZSA9IGRvY2tlckZpbGUgPz8gJ0RvY2tlcmZpbGUnO1xuICAgIGlmIChlZmZlY3RpdmVFeGNsdWRlKSB7XG4gICAgICBlZmZlY3RpdmVFeGNsdWRlID0gZWZmZWN0aXZlRXhjbHVkZS5maWx0ZXIoKHBhdHRlcm46IHN0cmluZykgPT4ge1xuICAgICAgICBjb25zdCBlc2NhcGVkID0gcGF0dGVybi5yZXBsYWNlKC9bLiteJHt9KCl8W1xcXVxcXFxdL2csICdcXFxcJCYnKTtcbiAgICAgICAgY29uc3QgcmVnZXggPSBuZXcgUmVnRXhwKGBeJHtlc2NhcGVkLnJlcGxhY2UoL1xcKi9nLCAnLionKS5yZXBsYWNlKC9cXD8vZywgJy4nKX0kYCwgJ2knKTtcbiAgICAgICAgcmV0dXJuICFyZWdleC50ZXN0KGRvY2tlckZpbGVOYW1lKTtcbiAgICAgIH0pO1xuICAgIH1cblxuICAgIC8vIFdyYXAgdGhlIHNvdXJjZSBmb2xkZXIgYXMgYW4gUzMgYXNzZXQgZm9yIENvZGVCdWlsZCB0byB1c2VcbiAgICBjb25zdCBzb3VyY2VBc3NldCA9IG5ldyBBc3NldCh0aGlzLCAnU291cmNlQXNzZXQnLCB7XG4gICAgICBwYXRoOiBzb3VyY2VQYXRoLFxuICAgICAgZXhjbHVkZTogZWZmZWN0aXZlRXhjbHVkZSxcbiAgICB9KTtcblxuICAgIC8vIENvbnZlcnQgYnVpbGRBcmdzIHRvIGEgQ0xJLWZyaWVuZGx5IHN0cmluZ1xuICAgIGNvbnN0IGJ1aWxkQXJnc1N0cmluZyA9IGJ1aWxkQXJnc1xuICAgICAgPyBPYmplY3QuZW50cmllcyhidWlsZEFyZ3MpXG4gICAgICAgIC5tYXAoKFtrLCB2XSkgPT4gYC0tYnVpbGQtYXJnICR7a309JHt2fWApXG4gICAgICAgIC5qb2luKCcgJylcbiAgICAgIDogJyc7XG5cbiAgICBjb25zdCBkb2NrZXJGaWxlRmxhZyA9IGRvY2tlckZpbGUgPyBgLWYgJENPREVCVUlMRF9TUkNfRElSLyR7ZG9ja2VyRmlsZX1gIDogJyc7XG5cbiAgICAvLyBPcHRpb25hbCBEb2NrZXJIdWIgbG9naW4sIGlmIGEgc2VjcmV0IEFSTiBpcyBwcm92aWRlZFxuICAgIGNvbnN0IGRvY2tlckxvZ2luQ29tbWFuZHMgPSBkb2NrZXJMb2dpblNlY3JldEFyblxuICAgICAgPyBbXG4gICAgICAgICdlY2hvIFwiUmV0cmlldmluZyBEb2NrZXIgY3JlZGVudGlhbHMuLi5cIicsXG4gICAgICAgICdhcHQtZ2V0IHVwZGF0ZSAteSAmJiBhcHQtZ2V0IGluc3RhbGwgLXkganEnLFxuICAgICAgICBgRE9DS0VSX1VTRVJOQU1FPSQoYXdzIHNlY3JldHNtYW5hZ2VyIGdldC1zZWNyZXQtdmFsdWUgLS1zZWNyZXQtaWQgJHtkb2NrZXJMb2dpblNlY3JldEFybn0gLS1xdWVyeSBTZWNyZXRTdHJpbmcgLS1vdXRwdXQgdGV4dCB8IGpxIC1yIC51c2VybmFtZSlgLFxuICAgICAgICBgRE9DS0VSX1BBU1NXT1JEPSQoYXdzIHNlY3JldHNtYW5hZ2VyIGdldC1zZWNyZXQtdmFsdWUgLS1zZWNyZXQtaWQgJHtkb2NrZXJMb2dpblNlY3JldEFybn0gLS1xdWVyeSBTZWNyZXRTdHJpbmcgLS1vdXRwdXQgdGV4dCB8IGpxIC1yIC5wYXNzd29yZClgLFxuICAgICAgICAnZWNobyBcIkxvZ2dpbmcgaW4gdG8gRG9ja2VyIEh1Yi4uLlwiJyxcbiAgICAgICAgJ2VjaG8gJERPQ0tFUl9QQVNTV09SRCB8IGRvY2tlciBsb2dpbiAtLXVzZXJuYW1lICRET0NLRVJfVVNFUk5BTUUgLS1wYXNzd29yZC1zdGRpbicsXG4gICAgICBdXG4gICAgICA6IFsnZWNobyBcIk5vIERvY2tlciBjcmVkZW50aWFscy4gU2tpcHBpbmcgRG9ja2VyIEh1YiBsb2dpbi5cIiddO1xuXG4gICAgY29uc3QgYnVpbGR4SW5zdGFsbENvbW1hbmRzID0gY2FjaGVEaXNhYmxlZFxuICAgICAgPyBbXVxuICAgICAgOiBbXG4gICAgICAgICdlY2hvIFwiU2V0dGluZyB1cCBEb2NrZXIgYnVpbGR4IGZvciBFQ1IgbGF5ZXIgY2FjaGUuLi5cIicsXG4gICAgICAgICdkb2NrZXIgYnVpbGR4IGNyZWF0ZSAtLWRyaXZlciBkb2NrZXItY29udGFpbmVyIC0tbmFtZSBlY3ItY2FjaGUtYnVpbGRlciAtLXVzZSAyPi9kZXYvbnVsbCB8fCBkb2NrZXIgYnVpbGR4IHVzZSBlY3ItY2FjaGUtYnVpbGRlcicsXG4gICAgICBdO1xuXG4gICAgY29uc3QgcGxhdGZvcm1GbGFnID0gYC0tcGxhdGZvcm0gJHtwbGF0Zm9ybX1gO1xuXG4gICAgLy8gLS1wcm92ZW5hbmNlPWZhbHNlIC0tc2JvbT1mYWxzZTogRG9ja2VyIEJ1aWxkeCB2MC4xMCsgYWRkcyBhdHRlc3RhdGlvbnMgYnkgZGVmYXVsdCxcbiAgICAvLyBwcm9kdWNpbmcgT0NJIGltYWdlIGluZGV4ZXMgdGhhdCBBV1MgTGFtYmRhIGRvZXMgbm90IHN1cHBvcnQuIERpc2FibGUgdGhlbSBmb3IgTGFtYmRhL0VDUyBjb21wYXRpYmlsaXR5LlxuICAgIGNvbnN0IGJ1aWxkQ29tbWFuZCA9IGNhY2hlRGlzYWJsZWRcbiAgICAgID8gYGRvY2tlciBidWlsZCAke3BsYXRmb3JtRmxhZ30gJHtkb2NrZXJGaWxlRmxhZ30gJHtidWlsZEFyZ3NTdHJpbmd9IC10ICRFQ1JfUkVQT19VUkk6JHtpbWFnZVRhZ30gJENPREVCVUlMRF9TUkNfRElSYFxuICAgICAgOiBgZG9ja2VyIGJ1aWxkeCBidWlsZCAtLXB1c2ggJHtwbGF0Zm9ybUZsYWd9IC0tcHJvdmVuYW5jZT1mYWxzZSAtLXNib209ZmFsc2UgLS1jYWNoZS1mcm9tIHR5cGU9cmVnaXN0cnkscmVmPSRFQ1JfUkVQT19VUkk6Y2FjaGUgLS1jYWNoZS10byB0eXBlPXJlZ2lzdHJ5LHJlZj0kRUNSX1JFUE9fVVJJOmNhY2hlLG1vZGU9bWF4LGltYWdlLW1hbmlmZXN0PXRydWUgJHtkb2NrZXJGaWxlRmxhZ30gJHtidWlsZEFyZ3NTdHJpbmd9IC10ICRFQ1JfUkVQT19VUkk6JHtpbWFnZVRhZ30gJENPREVCVUlMRF9TUkNfRElSYDtcblxuICAgIGNvbnN0IGJ1aWxkU3BlY09iaiA9IHtcbiAgICAgIHZlcnNpb246ICcwLjInLFxuICAgICAgcGhhc2VzOiB7XG4gICAgICAgIGluc3RhbGw6IHtcbiAgICAgICAgICBjb21tYW5kczogW1xuICAgICAgICAgICAgJ2VjaG8gXCJCZWdpbm5pbmcgaW5zdGFsbCBwaGFzZS4uLlwiJyxcbiAgICAgICAgICAgIC4uLihpbnN0YWxsQ29tbWFuZHMgPz8gW10pLFxuICAgICAgICAgICAgLi4uYnVpbGR4SW5zdGFsbENvbW1hbmRzLFxuICAgICAgICAgIF0sXG4gICAgICAgIH0sXG4gICAgICAgIHByZV9idWlsZDoge1xuICAgICAgICAgIGNvbW1hbmRzOiBbXG4gICAgICAgICAgICAuLi4ocHJlQnVpbGRDb21tYW5kcyA/PyBbXSksXG4gICAgICAgICAgICAuLi5kb2NrZXJMb2dpbkNvbW1hbmRzLFxuICAgICAgICAgICAgJ2VjaG8gXCJSZXRyaWV2aW5nIEFXUyBBY2NvdW50IElELi4uXCInLFxuICAgICAgICAgICAgJ2V4cG9ydCBBQ0NPVU5UX0lEPSQoYXdzIHN0cyBnZXQtY2FsbGVyLWlkZW50aXR5IC0tcXVlcnkgQWNjb3VudCAtLW91dHB1dCB0ZXh0KScsXG4gICAgICAgICAgICAnZWNobyBcIkxvZ2dpbmcgaW50byBBbWF6b24gRUNSLi4uXCInLFxuICAgICAgICAgICAgJ2F3cyBlY3IgZ2V0LWxvZ2luLXBhc3N3b3JkIC0tcmVnaW9uICRBV1NfREVGQVVMVF9SRUdJT04gfCBkb2NrZXIgbG9naW4gLS11c2VybmFtZSBBV1MgLS1wYXNzd29yZC1zdGRpbiAkQUNDT1VOVF9JRC5ka3IuZWNyLiRBV1NfREVGQVVMVF9SRUdJT04uYW1hem9uYXdzLmNvbScsXG4gICAgICAgICAgXSxcbiAgICAgICAgfSxcbiAgICAgICAgYnVpbGQ6IHtcbiAgICAgICAgICBjb21tYW5kczogW1xuICAgICAgICAgICAgYGVjaG8gXCJCdWlsZGluZyBEb2NrZXIgaW1hZ2Ugd2l0aCB0YWcgJHtpbWFnZVRhZ30uLi5cImAsXG4gICAgICAgICAgICBidWlsZENvbW1hbmQsXG4gICAgICAgICAgXSxcbiAgICAgICAgfSxcbiAgICAgICAgLi4uKGNhY2hlRGlzYWJsZWQgJiYge1xuICAgICAgICAgIHBvc3RfYnVpbGQ6IHtcbiAgICAgICAgICAgIGNvbW1hbmRzOiBbXG4gICAgICAgICAgICAgIGBlY2hvIFwiUHVzaGluZyBEb2NrZXIgaW1hZ2Ugd2l0aCB0YWcgJHtpbWFnZVRhZ30uLi5cImAsXG4gICAgICAgICAgICAgIGBkb2NrZXIgcHVzaCAkRUNSX1JFUE9fVVJJOiR7aW1hZ2VUYWd9YCxcbiAgICAgICAgICAgIF0sXG4gICAgICAgICAgfSxcbiAgICAgICAgfSksXG4gICAgICB9LFxuICAgIH07XG5cbiAgICBjb25zdCBpc0FybSA9IHBsYXRmb3JtID09PSAnbGludXgvYXJtNjQnO1xuICAgIGNvbnN0IGNvZGVCdWlsZEltYWdlID0gaXNBcm1cbiAgICAgID8gTGludXhBcm1CdWlsZEltYWdlLkFNQVpPTl9MSU5VWF8yX1NUQU5EQVJEXzNfMFxuICAgICAgOiBMaW51eEJ1aWxkSW1hZ2UuU1RBTkRBUkRfN18wO1xuXG4gICAgLy8gQ3JlYXRlIHRoZSBDb2RlQnVpbGQgcHJvamVjdFxuICAgIGNvbnN0IGNvZGVCdWlsZFByb2plY3QgPSBuZXcgUHJvamVjdCh0aGlzLCAnQ29kZUJ1aWxkUHJvamVjdCcsIHtcbiAgICAgIHNvdXJjZTogU291cmNlLnMzKHtcbiAgICAgICAgYnVja2V0OiBzb3VyY2VBc3NldC5idWNrZXQsXG4gICAgICAgIHBhdGg6IHNvdXJjZUFzc2V0LnMzT2JqZWN0S2V5LFxuICAgICAgfSksXG4gICAgICBlbnZpcm9ubWVudDoge1xuICAgICAgICBidWlsZEltYWdlOiBjb2RlQnVpbGRJbWFnZSxcbiAgICAgICAgcHJpdmlsZWdlZDogdHJ1ZSxcbiAgICAgIH0sXG4gICAgICBlbnZpcm9ubWVudFZhcmlhYmxlczoge1xuICAgICAgICBFQ1JfUkVQT19VUkk6IHsgdmFsdWU6IHRoaXMuZWNyUmVwb3NpdG9yeS5yZXBvc2l0b3J5VXJpIH0sXG4gICAgICB9LFxuICAgICAgYnVpbGRTcGVjOiBCdWlsZFNwZWMuZnJvbU9iamVjdChidWlsZFNwZWNPYmopLFxuICAgICAgLi4uKGJ1aWxkTG9nR3JvdXBQcm9wICYmIHtcbiAgICAgICAgbG9nZ2luZzoge1xuICAgICAgICAgIGNsb3VkV2F0Y2g6IHtcbiAgICAgICAgICAgIGxvZ0dyb3VwOiBidWlsZExvZ0dyb3VwUHJvcCxcbiAgICAgICAgICB9LFxuICAgICAgICB9LFxuICAgICAgfSksXG4gICAgICB2cGMsXG4gICAgICBzZWN1cml0eUdyb3VwcyxcbiAgICAgIHN1Ym5ldFNlbGVjdGlvbixcbiAgICB9KTtcblxuICAgIC8vIEdyYW50IENvZGVCdWlsZCBwZXJtaXNzaW9uIHRvIHdyaXRlIHRvIHRoZSByZXRhaW5lZCBidWlsZCBsb2dzIGdyb3VwXG4gICAgaWYgKHJldGFpbkJ1aWxkTG9ncykge1xuICAgICAgY29uc3Qgc3RhY2sgPSBTdGFjay5vZih0aGlzKTtcbiAgICAgIGNvZGVCdWlsZFByb2plY3QuYWRkVG9Sb2xlUG9saWN5KFxuICAgICAgICBuZXcgUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgICBhY3Rpb25zOiBbXG4gICAgICAgICAgICAnbG9nczpDcmVhdGVMb2dHcm91cCcsXG4gICAgICAgICAgICAnbG9nczpDcmVhdGVMb2dTdHJlYW0nLFxuICAgICAgICAgICAgJ2xvZ3M6UHV0TG9nRXZlbnRzJyxcbiAgICAgICAgICBdLFxuICAgICAgICAgIHJlc291cmNlczogW1xuICAgICAgICAgICAgYGFybjphd3M6bG9nczoke3N0YWNrLnJlZ2lvbn06JHtzdGFjay5hY2NvdW50fTpsb2ctZ3JvdXA6L2RvY2tlci1idWlsZGVyLyR7Y29kZUJ1aWxkUHJvamVjdC5wcm9qZWN0TmFtZX1gLFxuICAgICAgICAgICAgYGFybjphd3M6bG9nczoke3N0YWNrLnJlZ2lvbn06JHtzdGFjay5hY2NvdW50fTpsb2ctZ3JvdXA6L2RvY2tlci1idWlsZGVyLyR7Y29kZUJ1aWxkUHJvamVjdC5wcm9qZWN0TmFtZX06KmAsXG4gICAgICAgICAgXSxcbiAgICAgICAgfSksXG4gICAgICApO1xuICAgIH1cblxuICAgIC8vIEdyYW50IENvZGVCdWlsZCB0aGUgYWJpbGl0eSB0byBpbnRlcmFjdCB3aXRoIEVDUlxuICAgIHRoaXMuZWNyUmVwb3NpdG9yeS5ncmFudFB1bGxQdXNoKGNvZGVCdWlsZFByb2plY3QpO1xuICAgIGNvZGVCdWlsZFByb2plY3QuYWRkVG9Sb2xlUG9saWN5KFxuICAgICAgbmV3IFBvbGljeVN0YXRlbWVudCh7XG4gICAgICAgIGFjdGlvbnM6IFtcbiAgICAgICAgICAnZWNyOkdldEF1dGhvcml6YXRpb25Ub2tlbicsXG4gICAgICAgICAgJ2VjcjpHZXREb3dubG9hZFVybEZvckxheWVyJyxcbiAgICAgICAgICAnZWNyOkJhdGNoQ2hlY2tMYXllckF2YWlsYWJpbGl0eScsXG4gICAgICAgICAgJ2VjcjpCYXRjaEdldEltYWdlJyxcbiAgICAgICAgXSxcbiAgICAgICAgcmVzb3VyY2VzOiBbJyonXSxcbiAgICAgIH0pLFxuICAgICk7XG4gICAgaWYgKGVjclB1bGxUaHJvdWdoQ2FjaGVQcmVmaXhlcyAmJiBlY3JQdWxsVGhyb3VnaENhY2hlUHJlZml4ZXMubGVuZ3RoID4gMCkge1xuICAgICAgY29uc3Qgc3RhY2sgPSBTdGFjay5vZih0aGlzKTtcbiAgICAgIGNvZGVCdWlsZFByb2plY3QuYWRkVG9Sb2xlUG9saWN5KFxuICAgICAgICBuZXcgUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgICBhY3Rpb25zOiBbXG4gICAgICAgICAgICAnZWNyOkJhdGNoR2V0SW1hZ2UnLFxuICAgICAgICAgICAgJ2VjcjpHZXREb3dubG9hZFVybEZvckxheWVyJyxcbiAgICAgICAgICAgICdlY3I6QmF0Y2hDaGVja0xheWVyQXZhaWxhYmlsaXR5JyxcbiAgICAgICAgICAgICdlY3I6QmF0Y2hJbXBvcnRVcHN0cmVhbUltYWdlJyxcbiAgICAgICAgICAgICdlY3I6Q3JlYXRlUmVwb3NpdG9yeScsXG4gICAgICAgICAgXSxcbiAgICAgICAgICByZXNvdXJjZXM6IGVjclB1bGxUaHJvdWdoQ2FjaGVQcmVmaXhlcy5tYXAoXG4gICAgICAgICAgICAocHJlZml4KSA9PiBgYXJuOmF3czplY3I6JHtzdGFjay5yZWdpb259OiR7c3RhY2suYWNjb3VudH06cmVwb3NpdG9yeS8ke3ByZWZpeH0vKmAsXG4gICAgICAgICAgKSxcbiAgICAgICAgfSksXG4gICAgICApO1xuICAgIH1cbiAgICBpZiAoZG9ja2VyTG9naW5TZWNyZXRBcm4pIHtcbiAgICAgIGNvZGVCdWlsZFByb2plY3QuYWRkVG9Sb2xlUG9saWN5KFxuICAgICAgICBuZXcgUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgICBhY3Rpb25zOiBbJ3NlY3JldHNtYW5hZ2VyOkdldFNlY3JldFZhbHVlJ10sXG4gICAgICAgICAgcmVzb3VyY2VzOiBbZG9ja2VyTG9naW5TZWNyZXRBcm5dLFxuICAgICAgICB9KSxcbiAgICAgICk7XG4gICAgfVxuXG4gICAgLy8gQ29uZGl0aW9uYWxseSBncmFudCBLTVMgZW5jcnlwdC9kZWNyeXB0IGlmIGEga2V5IGlzIHVzZWRcbiAgICBpZiAoZW5jcnlwdGlvbktleSkge1xuICAgICAgZW5jcnlwdGlvbktleS5ncmFudEVuY3J5cHREZWNyeXB0KGNvZGVCdWlsZFByb2plY3Qucm9sZSEpO1xuICAgIH1cblxuICAgIC8vIFJlc29sdmUgdGhlIHNlcnZpY2UgdG9rZW46IHNoYXJlZCBwcm92aWRlciBvciBwZXItaW5zdGFuY2UgTGFtYmRhc1xuICAgIGxldCBzZXJ2aWNlVG9rZW46IHN0cmluZztcbiAgICBpZiAoc2hhcmVkUHJvdmlkZXIpIHtcbiAgICAgIHNoYXJlZFByb3ZpZGVyLnJlZ2lzdGVyUHJvamVjdChjb2RlQnVpbGRQcm9qZWN0LCB0aGlzLmVjclJlcG9zaXRvcnksIGVuY3J5cHRpb25LZXkpO1xuICAgICAgc2VydmljZVRva2VuID0gc2hhcmVkUHJvdmlkZXIuc2VydmljZVRva2VuO1xuICAgIH0gZWxzZSB7XG4gICAgICBjb25zdCBvbkV2ZW50SGFuZGxlckZ1bmN0aW9uID0gbmV3IEZ1bmN0aW9uKHRoaXMsICdPbkV2ZW50SGFuZGxlckZ1bmN0aW9uJywge1xuICAgICAgICBydW50aW1lOiBSdW50aW1lLk5PREVKU18yMl9YLFxuICAgICAgICBjb2RlOiBDb2RlLmZyb21Bc3NldChwYXRoLnJlc29sdmUoX19kaXJuYW1lLCAnLi4vb25FdmVudCcpKSxcbiAgICAgICAgaGFuZGxlcjogJ29uRXZlbnQuaGFuZGxlcicsXG4gICAgICAgIHRpbWVvdXQ6IER1cmF0aW9uLm1pbnV0ZXMoMTUpLFxuICAgICAgfSk7XG4gICAgICBvbkV2ZW50SGFuZGxlckZ1bmN0aW9uLmFkZFRvUm9sZVBvbGljeShcbiAgICAgICAgbmV3IFBvbGljeVN0YXRlbWVudCh7XG4gICAgICAgICAgYWN0aW9uczogWydjb2RlYnVpbGQ6U3RhcnRCdWlsZCddLFxuICAgICAgICAgIHJlc291cmNlczogW2NvZGVCdWlsZFByb2plY3QucHJvamVjdEFybl0sXG4gICAgICAgIH0pLFxuICAgICAgKTtcbiAgICAgIG9uRXZlbnRIYW5kbGVyRnVuY3Rpb24uYWRkVG9Sb2xlUG9saWN5KFxuICAgICAgICBuZXcgUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgICBhY3Rpb25zOiBbXG4gICAgICAgICAgICAnbG9nczpDcmVhdGVMb2dHcm91cCcsXG4gICAgICAgICAgICAnbG9nczpQdXRSZXRlbnRpb25Qb2xpY3knLFxuICAgICAgICAgICAgJ2xvZ3M6RGVsZXRlTG9nR3JvdXAnLFxuICAgICAgICAgIF0sXG4gICAgICAgICAgcmVzb3VyY2VzOiBbJ2Fybjphd3M6bG9nczoqOio6bG9nLWdyb3VwOi9kb2NrZXItYnVpbGRlci8qJ10sXG4gICAgICAgIH0pLFxuICAgICAgKTtcblxuICAgICAgY29uc3QgaXNDb21wbGV0ZUhhbmRsZXJGdW5jdGlvbiA9IG5ldyBGdW5jdGlvbih0aGlzLCAnSXNDb21wbGV0ZUhhbmRsZXJGdW5jdGlvbicsIHtcbiAgICAgICAgcnVudGltZTogUnVudGltZS5OT0RFSlNfMjJfWCxcbiAgICAgICAgY29kZTogQ29kZS5mcm9tQXNzZXQocGF0aC5yZXNvbHZlKF9fZGlybmFtZSwgJy4uL2lzQ29tcGxldGUnKSksXG4gICAgICAgIGVudmlyb25tZW50OiB7XG4gICAgICAgICAgSU1BR0VfVEFHOiBpbWFnZVRhZyxcbiAgICAgICAgfSxcbiAgICAgICAgaGFuZGxlcjogJ2lzQ29tcGxldGUuaGFuZGxlcicsXG4gICAgICAgIHRpbWVvdXQ6IER1cmF0aW9uLm1pbnV0ZXMoMTUpLFxuICAgICAgfSk7XG4gICAgICBpc0NvbXBsZXRlSGFuZGxlckZ1bmN0aW9uLmFkZFRvUm9sZVBvbGljeShcbiAgICAgICAgbmV3IFBvbGljeVN0YXRlbWVudCh7XG4gICAgICAgICAgYWN0aW9uczogW1xuICAgICAgICAgICAgJ2NvZGVidWlsZDpCYXRjaEdldEJ1aWxkcycsXG4gICAgICAgICAgICAnY29kZWJ1aWxkOkxpc3RCdWlsZHNGb3JQcm9qZWN0JyxcbiAgICAgICAgICAgICdsb2dzOkdldExvZ0V2ZW50cycsXG4gICAgICAgICAgICAnbG9nczpEZXNjcmliZUxvZ1N0cmVhbXMnLFxuICAgICAgICAgICAgJ2xvZ3M6RGVzY3JpYmVMb2dHcm91cHMnLFxuICAgICAgICAgIF0sXG4gICAgICAgICAgcmVzb3VyY2VzOiBbJyonXSxcbiAgICAgICAgfSksXG4gICAgICApO1xuXG4gICAgICBpZiAoZW5jcnlwdGlvbktleSkge1xuICAgICAgICBlbmNyeXB0aW9uS2V5LmdyYW50RW5jcnlwdERlY3J5cHQob25FdmVudEhhbmRsZXJGdW5jdGlvbik7XG4gICAgICAgIGVuY3J5cHRpb25LZXkuZ3JhbnRFbmNyeXB0RGVjcnlwdChpc0NvbXBsZXRlSGFuZGxlckZ1bmN0aW9uKTtcbiAgICAgIH1cbiAgICAgIHRoaXMuZWNyUmVwb3NpdG9yeS5ncmFudFB1bGxQdXNoKG9uRXZlbnRIYW5kbGVyRnVuY3Rpb24pO1xuICAgICAgdGhpcy5lY3JSZXBvc2l0b3J5LmdyYW50UHVsbFB1c2goaXNDb21wbGV0ZUhhbmRsZXJGdW5jdGlvbik7XG5cbiAgICAgIGNvbnN0IHByb3ZpZGVyID0gbmV3IFByb3ZpZGVyKHRoaXMsICdDdXN0b21SZXNvdXJjZVByb3ZpZGVyJywge1xuICAgICAgICBvbkV2ZW50SGFuZGxlcjogb25FdmVudEhhbmRsZXJGdW5jdGlvbixcbiAgICAgICAgaXNDb21wbGV0ZUhhbmRsZXI6IGlzQ29tcGxldGVIYW5kbGVyRnVuY3Rpb24sXG4gICAgICAgIHF1ZXJ5SW50ZXJ2YWw6IGNvbXBsZXRlbmVzc1F1ZXJ5SW50ZXJ2YWwgPz8gRHVyYXRpb24uc2Vjb25kcygzMCksXG4gICAgICB9KTtcbiAgICAgIHNlcnZpY2VUb2tlbiA9IHByb3ZpZGVyLnNlcnZpY2VUb2tlbjtcbiAgICB9XG5cbiAgICAvLyBDdXN0b20gUmVzb3VyY2UgdGhhdCB0cmlnZ2VycyB0aGUgQ29kZUJ1aWxkIGFuZCB3YWl0cyBmb3IgY29tcGxldGlvblxuICAgIGNvbnN0IGJ1aWxkVHJpZ2dlclJlc291cmNlID0gbmV3IEN1c3RvbVJlc291cmNlKHRoaXMsICdCdWlsZFRyaWdnZXJSZXNvdXJjZScsIHtcbiAgICAgIHNlcnZpY2VUb2tlbixcbiAgICAgIHByb3BlcnRpZXM6IHtcbiAgICAgICAgUHJvamVjdE5hbWU6IGNvZGVCdWlsZFByb2plY3QucHJvamVjdE5hbWUsXG4gICAgICAgIEltYWdlVGFnOiBpbWFnZVRhZyxcbiAgICAgICAgVHJpZ2dlcjogc291cmNlQXNzZXQuYXNzZXRIYXNoLFxuICAgICAgICBSZXRhaW5CdWlsZExvZ3M6IHJldGFpbkJ1aWxkTG9ncyA/ICd0cnVlJyA6ICdmYWxzZScsXG4gICAgICB9LFxuICAgIH0pO1xuICAgIGJ1aWxkVHJpZ2dlclJlc291cmNlLm5vZGUuYWRkRGVwZW5kZW5jeShjb2RlQnVpbGRQcm9qZWN0KTtcblxuICAgIC8vIFJldHJpZXZlIHRoZSBmaW5hbCBEb2NrZXIgaW1hZ2UgdGFnIGZyb20gRGF0YS5JbWFnZVRhZ1xuICAgIGNvbnN0IGltYWdlVGFnUmVmID0gYnVpbGRUcmlnZ2VyUmVzb3VyY2UuZ2V0QXR0U3RyaW5nKCdJbWFnZVRhZycpO1xuICAgIHRoaXMuY29udGFpbmVySW1hZ2UgPSBDb250YWluZXJJbWFnZS5mcm9tRWNyUmVwb3NpdG9yeSh0aGlzLmVjclJlcG9zaXRvcnksIGltYWdlVGFnUmVmKTtcbiAgICB0aGlzLmRvY2tlckltYWdlQ29kZSA9IERvY2tlckltYWdlQ29kZS5mcm9tRWNyKHRoaXMuZWNyUmVwb3NpdG9yeSwge1xuICAgICAgdGFnT3JEaWdlc3Q6IGltYWdlVGFnUmVmLFxuICAgIH0pO1xuICB9XG59XG4iXX0=
420
+ TokenInjectableDockerBuilder[_b] = { fqn: "token-injectable-docker-builder.TokenInjectableDockerBuilder", version: "1.13.1" };
421
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFBQSxpQ0FBaUM7QUFDakMseUJBQXlCO0FBQ3pCLDZCQUE2QjtBQUU3Qiw2Q0FBOEQ7QUFDOUQsNkRBQTRHO0FBRTVHLGlEQUFrRjtBQUNsRixpREFBcUQ7QUFDckQsaURBQXNEO0FBQ3RELGlEQUEwQztBQUMxQyx1REFBa0Y7QUFFbEYsNkRBQWtEO0FBQ2xELG1FQUF3RDtBQUN4RCwyQ0FBdUM7QUFFdkMsTUFBTSxxQkFBcUIsR0FBRyxzQ0FBc0MsQ0FBQztBQWNyRTs7Ozs7O0dBTUc7QUFDSCxNQUFhLG9DQUFxQyxTQUFRLHNCQUFTO0lBQ2pFOzs7O09BSUc7SUFDSSxNQUFNLENBQUMsV0FBVyxDQUFDLEtBQWdCLEVBQUUsS0FBaUQ7UUFDM0YsTUFBTSxLQUFLLEdBQUcsbUJBQUssQ0FBQyxFQUFFLENBQUMsS0FBSyxDQUFDLENBQUM7UUFDOUIsTUFBTSxRQUFRLEdBQUcsS0FBSyxDQUFDLElBQUksQ0FBQyxZQUFZLENBQUMscUJBQXFCLENBQXFELENBQUM7UUFDcEgsSUFBSSxRQUFRO1lBQUUsT0FBTyxRQUFRLENBQUM7UUFDOUIsT0FBTyxJQUFJLG9DQUFvQyxDQUFDLEtBQUssRUFBRSxxQkFBcUIsRUFBRSxLQUFLLENBQUMsQ0FBQztJQUN2RixDQUFDO0lBUUQsWUFBb0IsS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBaUQ7UUFDakcsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztRQUVqQixJQUFJLENBQUMsc0JBQXNCLEdBQUcsSUFBSSxxQkFBUSxDQUFDLElBQUksRUFBRSxnQkFBZ0IsRUFBRTtZQUNqRSxPQUFPLEVBQUUsb0JBQU8sQ0FBQyxXQUFXO1lBQzVCLElBQUksRUFBRSxpQkFBSSxDQUFDLFNBQVMsQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLFNBQVMsRUFBRSxZQUFZLENBQUMsQ0FBQztZQUMzRCxPQUFPLEVBQUUsaUJBQWlCO1lBQzFCLE9BQU8sRUFBRSxzQkFBUSxDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7U0FDOUIsQ0FBQyxDQUFDO1FBQ0gsSUFBSSxDQUFDLHNCQUFzQixDQUFDLGVBQWUsQ0FDekMsSUFBSSx5QkFBZSxDQUFDO1lBQ2xCLE9BQU8sRUFBRTtnQkFDUCxxQkFBcUI7Z0JBQ3JCLHlCQUF5QjtnQkFDekIscUJBQXFCO2FBQ3RCO1lBQ0QsU0FBUyxFQUFFLENBQUMsOENBQThDLENBQUM7U0FDNUQsQ0FBQyxDQUNILENBQUM7UUFFRixJQUFJLENBQUMseUJBQXlCLEdBQUcsSUFBSSxxQkFBUSxDQUFDLElBQUksRUFBRSxtQkFBbUIsRUFBRTtZQUN2RSxPQUFPLEVBQUUsb0JBQU8sQ0FBQyxXQUFXO1lBQzVCLElBQUksRUFBRSxpQkFBSSxDQUFDLFNBQVMsQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLFNBQVMsRUFBRSxlQUFlLENBQUMsQ0FBQztZQUM5RCxPQUFPLEVBQUUsb0JBQW9CO1lBQzdCLE9BQU8sRUFBRSxzQkFBUSxDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7U0FDOUIsQ0FBQyxDQUFDO1FBQ0gsSUFBSSxDQUFDLHlCQUF5QixDQUFDLGVBQWUsQ0FDNUMsSUFBSSx5QkFBZSxDQUFDO1lBQ2xCLE9BQU8sRUFBRTtnQkFDUCwwQkFBMEI7Z0JBQzFCLGdDQUFnQztnQkFDaEMsbUJBQW1CO2dCQUNuQix5QkFBeUI7Z0JBQ3pCLHdCQUF3QjtnQkFDeEIsb0JBQW9CO2FBQ3JCO1lBQ0QsU0FBUyxFQUFFLENBQUMsR0FBRyxDQUFDO1NBQ2pCLENBQUMsQ0FDSCxDQUFDO1FBRUYsTUFBTSxRQUFRLEdBQUcsSUFBSSwyQkFBUSxDQUFDLElBQUksRUFBRSxVQUFVLEVBQUU7WUFDOUMsY0FBYyxFQUFFLElBQUksQ0FBQyxzQkFBc0I7WUFDM0MsaUJBQWlCLEVBQUUsSUFBSSxDQUFDLHlCQUF5QjtZQUNqRCxhQUFhLEVBQUUsS0FBSyxFQUFFLGFBQWEsSUFBSSxzQkFBUSxDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7U0FDNUQsQ0FBQyxDQUFDO1FBRUgsSUFBSSxDQUFDLFlBQVksR0FBRyxRQUFRLENBQUMsWUFBWSxDQUFDO0lBQzVDLENBQUM7SUFFRDs7O09BR0c7SUFDSSxlQUFlLENBQUMsT0FBZ0IsRUFBRSxPQUFtQixFQUFFLGFBQW1CO1FBQy9FLElBQUksQ0FBQyxzQkFBc0IsQ0FBQyxlQUFlLENBQ3pDLElBQUkseUJBQWUsQ0FBQztZQUNsQixPQUFPLEVBQUUsQ0FBQyxzQkFBc0IsQ0FBQztZQUNqQyxTQUFTLEVBQUUsQ0FBQyxPQUFPLENBQUMsVUFBVSxDQUFDO1NBQ2hDLENBQUMsQ0FDSCxDQUFDO1FBQ0YsT0FBTyxDQUFDLGFBQWEsQ0FBQyxJQUFJLENBQUMsc0JBQXNCLENBQUMsQ0FBQztRQUNuRCxPQUFPLENBQUMsYUFBYSxDQUFDLElBQUksQ0FBQyx5QkFBeUIsQ0FBQyxDQUFDO1FBRXRELElBQUksYUFBYSxFQUFFLENBQUM7WUFDbEIsYUFBYSxDQUFDLG1CQUFtQixDQUFDLElBQUksQ0FBQyxzQkFBc0IsQ0FBQyxDQUFDO1lBQy9ELGFBQWEsQ0FBQyxtQkFBbUIsQ0FBQyxJQUFJLENBQUMseUJBQXlCLENBQUMsQ0FBQztRQUNwRSxDQUFDO0lBQ0gsQ0FBQzs7QUF0Rkgsb0ZBdUZDOzs7QUE4TUQ7Ozs7R0FJRztBQUNILE1BQWEsNEJBQTZCLFNBQVEsc0JBQVM7SUFrQnpEOzs7Ozs7T0FNRztJQUNILFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBd0M7UUFDaEYsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztRQUVqQixNQUFNLEVBQ0osSUFBSSxFQUFFLFVBQVUsRUFDaEIsU0FBUyxFQUNULG9CQUFvQixFQUNwQixHQUFHLEVBQ0gsY0FBYyxFQUNkLGVBQWUsRUFDZixlQUFlLEVBQ2YsZ0JBQWdCLEVBQ2hCLGFBQWEsR0FBRyxLQUFLLEVBQ3JCLHlCQUF5QixFQUN6QixPQUFPLEVBQ1AsSUFBSSxFQUFFLFVBQVUsRUFDaEIsYUFBYSxHQUFHLEtBQUssRUFDckIsYUFBYSxFQUFFLGlCQUFpQixFQUNoQyxRQUFRLEdBQUcsYUFBYSxFQUN4QixRQUFRLEVBQUUsY0FBYyxFQUN4QiwyQkFBMkIsRUFDM0IsZUFBZSxHQUFHLEtBQUssRUFDdkIsYUFBYSxHQUNkLEdBQUcsS0FBSyxDQUFDO1FBRVYsOERBQThEO1FBQzlELElBQUksYUFBOEIsQ0FBQztRQUNuQyxJQUFJLGFBQWEsRUFBRSxDQUFDO1lBQ2xCLGFBQWEsR0FBRyxJQUFJLGFBQUcsQ0FBQyxJQUFJLEVBQUUsa0JBQWtCLEVBQUU7Z0JBQ2hELGlCQUFpQixFQUFFLElBQUk7YUFDeEIsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztRQUVELDZEQUE2RDtRQUM3RCxFQUFFO1FBQ0Ysa0VBQWtFO1FBQ2xFLHVFQUF1RTtRQUN2RSwrREFBK0Q7UUFDL0QscUVBQXFFO1FBQ3JFLGdEQUFnRDtRQUNoRCxJQUFJLENBQUMsYUFBYSxHQUFHLElBQUksb0JBQVUsQ0FBQyxJQUFJLEVBQUUsZUFBZSxFQUFFO1lBQ3pELGNBQWMsRUFBRTtnQkFDZDtvQkFDRSxZQUFZLEVBQUUsQ0FBQztvQkFDZixXQUFXLEVBQUUsc0NBQXNDO29CQUNuRCxTQUFTLEVBQUUsbUJBQVMsQ0FBQyxRQUFRO29CQUM3QixXQUFXLEVBQUUsc0JBQVEsQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDO2lCQUMvQjtnQkFDRCxHQUFHLENBQUMsYUFBYSxLQUFLLFNBQVMsQ0FBQyxDQUFDLENBQUMsQ0FBQzt3QkFDakMsWUFBWSxFQUFFLENBQUM7d0JBQ2YsV0FBVyxFQUFFLDhCQUE4QixhQUFhLDRCQUE0Qjt3QkFDcEYsU0FBUyxFQUFFLG1CQUFTLENBQUMsR0FBRzt3QkFDeEIsYUFBYTtxQkFDZCxDQUFDLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQzthQUNUO1lBQ0QsVUFBVSxFQUFFLGFBQWEsQ0FBQyxDQUFDLENBQUMsOEJBQW9CLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyw4QkFBb0IsQ0FBQyxPQUFPO1lBQ25GLGFBQWEsRUFBRSxhQUFhLENBQUMsQ0FBQyxDQUFDLGFBQWEsQ0FBQyxDQUFDLENBQUMsU0FBUztZQUN4RCxlQUFlLEVBQUUsSUFBSTtTQUN0QixDQUFDLENBQUM7UUFFSCxJQUFJLGdCQUFnQixHQUFHLE9BQU8sQ0FBQztRQUMvQixJQUFJLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQztZQUN0QixNQUFNLGdCQUFnQixHQUFHLElBQUksQ0FBQyxJQUFJLENBQUMsVUFBVSxFQUFFLGVBQWUsQ0FBQyxDQUFDO1lBQ2hFLElBQUksRUFBRSxDQUFDLFVBQVUsQ0FBQyxnQkFBZ0IsQ0FBQyxFQUFFLENBQUM7Z0JBQ3BDLE1BQU0sV0FBVyxHQUFHLEVBQUUsQ0FBQyxZQUFZLENBQUMsZ0JBQWdCLEVBQUUsTUFBTSxDQUFDLENBQUM7Z0JBQzlELGdCQUFnQixHQUFHLFdBQVc7cUJBQzNCLEtBQUssQ0FBQyxJQUFJLENBQUM7cUJBQ1gsR0FBRyxDQUFDLENBQUMsSUFBWSxFQUFFLEVBQUUsQ0FBQyxJQUFJLENBQUMsSUFBSSxFQUFFLENBQUM7cUJBQ2xDLE1BQU0sQ0FBQyxDQUFDLElBQVksRUFBRSxFQUFFLENBQUMsSUFBSSxDQUFDLE1BQU0sR0FBRyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUM7WUFDeEUsQ0FBQztRQUNILENBQUM7UUFFRCxvRkFBb0Y7UUFDcEYsTUFBTSxjQUFjLEdBQUcsVUFBVSxJQUFJLFlBQVksQ0FBQztRQUNsRCxJQUFJLGdCQUFnQixFQUFFLENBQUM7WUFDckIsZ0JBQWdCLEdBQUcsZ0JBQWdCLENBQUMsTUFBTSxDQUFDLENBQUMsT0FBZSxFQUFFLEVBQUU7Z0JBQzdELE1BQU0sT0FBTyxHQUFHLE9BQU8sQ0FBQyxPQUFPLENBQUMsbUJBQW1CLEVBQUUsTUFBTSxDQUFDLENBQUM7Z0JBQzdELE1BQU0sS0FBSyxHQUFHLElBQUksTUFBTSxDQUFDLElBQUksT0FBTyxDQUFDLE9BQU8sQ0FBQyxLQUFLLEVBQUUsSUFBSSxDQUFDLENBQUMsT0FBTyxDQUFDLEtBQUssRUFBRSxHQUFHLENBQUMsR0FBRyxFQUFFLEdBQUcsQ0FBQyxDQUFDO2dCQUN2RixPQUFPLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxjQUFjLENBQUMsQ0FBQztZQUNyQyxDQUFDLENBQUMsQ0FBQztRQUNMLENBQUM7UUFFRCw2REFBNkQ7UUFDN0QsTUFBTSxXQUFXLEdBQUcsSUFBSSxxQkFBSyxDQUFDLElBQUksRUFBRSxhQUFhLEVBQUU7WUFDakQsSUFBSSxFQUFFLFVBQVU7WUFDaEIsT0FBTyxFQUFFLGdCQUFnQjtTQUMxQixDQUFDLENBQUM7UUFFSCx5RUFBeUU7UUFDekUsNEVBQTRFO1FBQzVFLHFFQUFxRTtRQUNyRSxFQUFFO1FBQ0YseUVBQXlFO1FBQ3pFLDBFQUEwRTtRQUMxRSw2QkFBNkI7UUFDN0IsTUFBTSxRQUFRLEdBQUcsTUFBTSxHQUFHLE1BQU07YUFDN0IsVUFBVSxDQUFDLFFBQVEsQ0FBQzthQUNwQixNQUFNLENBQUMsV0FBVyxDQUFDLFNBQVMsQ0FBQzthQUM3QixNQUFNLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxTQUFTLElBQUksRUFBRSxDQUFDLENBQUM7YUFDdkMsTUFBTSxDQUFDLFVBQVUsSUFBSSxZQUFZLENBQUM7YUFDbEMsTUFBTSxDQUFDLFFBQVEsQ0FBQzthQUNoQixNQUFNLENBQUMsS0FBSyxDQUFDO2FBQ2IsU0FBUyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQztRQUVwQiw2Q0FBNkM7UUFDN0MsTUFBTSxlQUFlLEdBQUcsU0FBUztZQUMvQixDQUFDLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUM7aUJBQ3hCLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxlQUFlLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQztpQkFDeEMsSUFBSSxDQUFDLEdBQUcsQ0FBQztZQUNaLENBQUMsQ0FBQyxFQUFFLENBQUM7UUFFUCxNQUFNLGNBQWMsR0FBRyxVQUFVLENBQUMsQ0FBQyxDQUFDLHlCQUF5QixVQUFVLEVBQUUsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDO1FBRS9FLHdEQUF3RDtRQUN4RCxNQUFNLG1CQUFtQixHQUFHLG9CQUFvQjtZQUM5QyxDQUFDLENBQUM7Z0JBQ0EseUNBQXlDO2dCQUN6Qyw0Q0FBNEM7Z0JBQzVDLHFFQUFxRSxvQkFBb0Isd0RBQXdEO2dCQUNqSixxRUFBcUUsb0JBQW9CLHdEQUF3RDtnQkFDakosb0NBQW9DO2dCQUNwQyxtRkFBbUY7YUFDcEY7WUFDRCxDQUFDLENBQUMsQ0FBQywwREFBMEQsQ0FBQyxDQUFDO1FBRWpFLE1BQU0scUJBQXFCLEdBQUcsYUFBYTtZQUN6QyxDQUFDLENBQUMsRUFBRTtZQUNKLENBQUMsQ0FBQztnQkFDQSx3REFBd0Q7Z0JBQ3hELGtJQUFrSTthQUNuSSxDQUFDO1FBRUosTUFBTSxZQUFZLEdBQUcsY0FBYyxRQUFRLEVBQUUsQ0FBQztRQUU5QyxzRkFBc0Y7UUFDdEYsMkdBQTJHO1FBQzNHLE1BQU0sWUFBWSxHQUFHLGFBQWE7WUFDaEMsQ0FBQyxDQUFDLGdCQUFnQixZQUFZLElBQUksY0FBYyxJQUFJLGVBQWUscUJBQXFCLFFBQVEscUJBQXFCO1lBQ3JILENBQUMsQ0FBQyw4QkFBOEIsWUFBWSxxS0FBcUssY0FBYyxJQUFJLGVBQWUscUJBQXFCLFFBQVEscUJBQXFCLENBQUM7UUFFdlMsTUFBTSxZQUFZLEdBQUc7WUFDbkIsT0FBTyxFQUFFLEtBQUs7WUFDZCxNQUFNLEVBQUU7Z0JBQ04sT0FBTyxFQUFFO29CQUNQLFFBQVEsRUFBRTt3QkFDUixtQ0FBbUM7d0JBQ25DLEdBQUcsQ0FBQyxlQUFlLElBQUksRUFBRSxDQUFDO3dCQUMxQixHQUFHLHFCQUFxQjtxQkFDekI7aUJBQ0Y7Z0JBQ0QsU0FBUyxFQUFFO29CQUNULFFBQVEsRUFBRTt3QkFDUixHQUFHLENBQUMsZ0JBQWdCLElBQUksRUFBRSxDQUFDO3dCQUMzQixHQUFHLG1CQUFtQjt3QkFDdEIscUNBQXFDO3dCQUNyQyxnRkFBZ0Y7d0JBQ2hGLG1DQUFtQzt3QkFDbkMsOEpBQThKO3FCQUMvSjtpQkFDRjtnQkFDRCxLQUFLLEVBQUU7b0JBQ0wsUUFBUSxFQUFFO3dCQUNSLHdDQUF3QyxRQUFRLE1BQU07d0JBQ3RELFlBQVk7cUJBQ2I7aUJBQ0Y7Z0JBQ0QsR0FBRyxDQUFDLGFBQWEsSUFBSTtvQkFDbkIsVUFBVSxFQUFFO3dCQUNWLFFBQVEsRUFBRTs0QkFDUix1Q0FBdUMsUUFBUSxNQUFNOzRCQUNyRCw2QkFBNkIsUUFBUSxFQUFFO3lCQUN4QztxQkFDRjtpQkFDRixDQUFDO2FBQ0g7U0FDRixDQUFDO1FBRUYsTUFBTSxLQUFLLEdBQUcsUUFBUSxLQUFLLGFBQWEsQ0FBQztRQUN6QyxNQUFNLGNBQWMsR0FBRyxLQUFLO1lBQzFCLENBQUMsQ0FBQyxrQ0FBa0IsQ0FBQywyQkFBMkI7WUFDaEQsQ0FBQyxDQUFDLCtCQUFlLENBQUMsWUFBWSxDQUFDO1FBRWpDLCtCQUErQjtRQUMvQixNQUFNLGdCQUFnQixHQUFHLElBQUksdUJBQU8sQ0FBQyxJQUFJLEVBQUUsa0JBQWtCLEVBQUU7WUFDN0QsTUFBTSxFQUFFLHNCQUFNLENBQUMsRUFBRSxDQUFDO2dCQUNoQixNQUFNLEVBQUUsV0FBVyxDQUFDLE1BQU07Z0JBQzFCLElBQUksRUFBRSxXQUFXLENBQUMsV0FBVzthQUM5QixDQUFDO1lBQ0YsV0FBVyxFQUFFO2dCQUNYLFVBQVUsRUFBRSxjQUFjO2dCQUMxQixVQUFVLEVBQUUsSUFBSTthQUNqQjtZQUNELG9CQUFvQixFQUFFO2dCQUNwQixZQUFZLEVBQUUsRUFBRSxLQUFLLEVBQUUsSUFBSSxDQUFDLGFBQWEsQ0FBQyxhQUFhLEVBQUU7YUFDMUQ7WUFDRCxTQUFTLEVBQUUseUJBQVMsQ0FBQyxVQUFVLENBQUMsWUFBWSxDQUFDO1lBQzdDLEdBQUcsQ0FBQyxpQkFBaUIsSUFBSTtnQkFDdkIsT0FBTyxFQUFFO29CQUNQLFVBQVUsRUFBRTt3QkFDVixRQUFRLEVBQUUsaUJBQWlCO3FCQUM1QjtpQkFDRjthQUNGLENBQUM7WUFDRixHQUFHO1lBQ0gsY0FBYztZQUNkLGVBQWU7U0FDaEIsQ0FBQyxDQUFDO1FBRUgsdUVBQXVFO1FBQ3ZFLElBQUksZUFBZSxFQUFFLENBQUM7WUFDcEIsTUFBTSxLQUFLLEdBQUcsbUJBQUssQ0FBQyxFQUFFLENBQUMsSUFBSSxDQUFDLENBQUM7WUFDN0IsZ0JBQWdCLENBQUMsZUFBZSxDQUM5QixJQUFJLHlCQUFlLENBQUM7Z0JBQ2xCLE9BQU8sRUFBRTtvQkFDUCxxQkFBcUI7b0JBQ3JCLHNCQUFzQjtvQkFDdEIsbUJBQW1CO2lCQUNwQjtnQkFDRCxTQUFTLEVBQUU7b0JBQ1QsZ0JBQWdCLEtBQUssQ0FBQyxNQUFNLElBQUksS0FBSyxDQUFDLE9BQU8sOEJBQThCLGdCQUFnQixDQUFDLFdBQVcsRUFBRTtvQkFDekcsZ0JBQWdCLEtBQUssQ0FBQyxNQUFNLElBQUksS0FBSyxDQUFDLE9BQU8sOEJBQThCLGdCQUFnQixDQUFDLFdBQVcsSUFBSTtpQkFDNUc7YUFDRixDQUFDLENBQ0gsQ0FBQztRQUNKLENBQUM7UUFFRCxtREFBbUQ7UUFDbkQsSUFBSSxDQUFDLGFBQWEsQ0FBQyxhQUFhLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztRQUNuRCxnQkFBZ0IsQ0FBQyxlQUFlLENBQzlCLElBQUkseUJBQWUsQ0FBQztZQUNsQixPQUFPLEVBQUU7Z0JBQ1AsMkJBQTJCO2dCQUMzQiw0QkFBNEI7Z0JBQzVCLGlDQUFpQztnQkFDakMsbUJBQW1CO2FBQ3BCO1lBQ0QsU0FBUyxFQUFFLENBQUMsR0FBRyxDQUFDO1NBQ2pCLENBQUMsQ0FDSCxDQUFDO1FBQ0YsSUFBSSwyQkFBMkIsSUFBSSwyQkFBMkIsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDMUUsTUFBTSxLQUFLLEdBQUcsbUJBQUssQ0FBQyxFQUFFLENBQUMsSUFBSSxDQUFDLENBQUM7WUFDN0IsZ0JBQWdCLENBQUMsZUFBZSxDQUM5QixJQUFJLHlCQUFlLENBQUM7Z0JBQ2xCLE9BQU8sRUFBRTtvQkFDUCxtQkFBbUI7b0JBQ25CLDRCQUE0QjtvQkFDNUIsaUNBQWlDO29CQUNqQyw4QkFBOEI7b0JBQzlCLHNCQUFzQjtpQkFDdkI7Z0JBQ0QsU0FBUyxFQUFFLDJCQUEyQixDQUFDLEdBQUcsQ0FDeEMsQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDLGVBQWUsS0FBSyxDQUFDLE1BQU0sSUFBSSxLQUFLLENBQUMsT0FBTyxlQUFlLE1BQU0sSUFBSSxDQUNsRjthQUNGLENBQUMsQ0FDSCxDQUFDO1FBQ0osQ0FBQztRQUNELElBQUksb0JBQW9CLEVBQUUsQ0FBQztZQUN6QixnQkFBZ0IsQ0FBQyxlQUFlLENBQzlCLElBQUkseUJBQWUsQ0FBQztnQkFDbEIsT0FBTyxFQUFFLENBQUMsK0JBQStCLENBQUM7Z0JBQzFDLFNBQVMsRUFBRSxDQUFDLG9CQUFvQixDQUFDO2FBQ2xDLENBQUMsQ0FDSCxDQUFDO1FBQ0osQ0FBQztRQUVELDJEQUEyRDtRQUMzRCxJQUFJLGFBQWEsRUFBRSxDQUFDO1lBQ2xCLGFBQWEsQ0FBQyxtQkFBbUIsQ0FBQyxnQkFBZ0IsQ0FBQyxJQUFLLENBQUMsQ0FBQztRQUM1RCxDQUFDO1FBRUQscUVBQXFFO1FBQ3JFLElBQUksWUFBb0IsQ0FBQztRQUN6QixJQUFJLGNBQWMsRUFBRSxDQUFDO1lBQ25CLGNBQWMsQ0FBQyxlQUFlLENBQUMsZ0JBQWdCLEVBQUUsSUFBSSxDQUFDLGFBQWEsRUFBRSxhQUFhLENBQUMsQ0FBQztZQUNwRixZQUFZLEdBQUcsY0FBYyxDQUFDLFlBQVksQ0FBQztRQUM3QyxDQUFDO2FBQU0sQ0FBQztZQUNOLE1BQU0sc0JBQXNCLEdBQUcsSUFBSSxxQkFBUSxDQUFDLElBQUksRUFBRSx3QkFBd0IsRUFBRTtnQkFDMUUsT0FBTyxFQUFFLG9CQUFPLENBQUMsV0FBVztnQkFDNUIsSUFBSSxFQUFFLGlCQUFJLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsU0FBUyxFQUFFLFlBQVksQ0FBQyxDQUFDO2dCQUMzRCxPQUFPLEVBQUUsaUJBQWlCO2dCQUMxQixPQUFPLEVBQUUsc0JBQVEsQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDO2FBQzlCLENBQUMsQ0FBQztZQUNILHNCQUFzQixDQUFDLGVBQWUsQ0FDcEMsSUFBSSx5QkFBZSxDQUFDO2dCQUNsQixPQUFPLEVBQUUsQ0FBQyxzQkFBc0IsQ0FBQztnQkFDakMsU0FBUyxFQUFFLENBQUMsZ0JBQWdCLENBQUMsVUFBVSxDQUFDO2FBQ3pDLENBQUMsQ0FDSCxDQUFDO1lBQ0Ysc0JBQXNCLENBQUMsZUFBZSxDQUNwQyxJQUFJLHlCQUFlLENBQUM7Z0JBQ2xCLE9BQU8sRUFBRTtvQkFDUCxxQkFBcUI7b0JBQ3JCLHlCQUF5QjtvQkFDekIscUJBQXFCO2lCQUN0QjtnQkFDRCxTQUFTLEVBQUUsQ0FBQyw4Q0FBOEMsQ0FBQzthQUM1RCxDQUFDLENBQ0gsQ0FBQztZQUVGLE1BQU0seUJBQXlCLEdBQUcsSUFBSSxxQkFBUSxDQUFDLElBQUksRUFBRSwyQkFBMkIsRUFBRTtnQkFDaEYsT0FBTyxFQUFFLG9CQUFPLENBQUMsV0FBVztnQkFDNUIsSUFBSSxFQUFFLGlCQUFJLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsU0FBUyxFQUFFLGVBQWUsQ0FBQyxDQUFDO2dCQUM5RCxXQUFXLEVBQUU7b0JBQ1gsU0FBUyxFQUFFLFFBQVE7aUJBQ3BCO2dCQUNELE9BQU8sRUFBRSxvQkFBb0I7Z0JBQzdCLE9BQU8sRUFBRSxzQkFBUSxDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7YUFDOUIsQ0FBQyxDQUFDO1lBQ0gseUJBQXlCLENBQUMsZUFBZSxDQUN2QyxJQUFJLHlCQUFlLENBQUM7Z0JBQ2xCLE9BQU8sRUFBRTtvQkFDUCwwQkFBMEI7b0JBQzFCLGdDQUFnQztvQkFDaEMsbUJBQW1CO29CQUNuQix5QkFBeUI7b0JBQ3pCLHdCQUF3QjtvQkFDeEIsb0JBQW9CO2lCQUNyQjtnQkFDRCxTQUFTLEVBQUUsQ0FBQyxHQUFHLENBQUM7YUFDakIsQ0FBQyxDQUNILENBQUM7WUFFRixJQUFJLGFBQWEsRUFBRSxDQUFDO2dCQUNsQixhQUFhLENBQUMsbUJBQW1CLENBQUMsc0JBQXNCLENBQUMsQ0FBQztnQkFDMUQsYUFBYSxDQUFDLG1CQUFtQixDQUFDLHlCQUF5QixDQUFDLENBQUM7WUFDL0QsQ0FBQztZQUNELElBQUksQ0FBQyxhQUFhLENBQUMsYUFBYSxDQUFDLHNCQUFzQixDQUFDLENBQUM7WUFDekQsSUFBSSxDQUFDLGFBQWEsQ0FBQyxhQUFhLENBQUMseUJBQXlCLENBQUMsQ0FBQztZQUU1RCxNQUFNLFFBQVEsR0FBRyxJQUFJLDJCQUFRLENBQUMsSUFBSSxFQUFFLHdCQUF3QixFQUFFO2dCQUM1RCxjQUFjLEVBQUUsc0JBQXNCO2dCQUN0QyxpQkFBaUIsRUFBRSx5QkFBeUI7Z0JBQzVDLGFBQWEsRUFBRSx5QkFBeUIsSUFBSSxzQkFBUSxDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7YUFDakUsQ0FBQyxDQUFDO1lBQ0gsWUFBWSxHQUFHLFFBQVEsQ0FBQyxZQUFZLENBQUM7UUFDdkMsQ0FBQztRQUVELHdFQUF3RTtRQUN4RSx1RUFBdUU7UUFDdkUsNkNBQTZDO1FBQzdDLE1BQU0sb0JBQW9CLEdBQUcsSUFBSSw0QkFBYyxDQUFDLElBQUksRUFBRSxzQkFBc0IsRUFBRTtZQUM1RSxZQUFZO1lBQ1osVUFBVSxFQUFFO2dCQUNWLFdBQVcsRUFBRSxnQkFBZ0IsQ0FBQyxXQUFXO2dCQUN6QyxjQUFjLEVBQUUsSUFBSSxDQUFDLGFBQWEsQ0FBQyxjQUFjO2dCQUNqRCxRQUFRLEVBQUUsUUFBUTtnQkFDbEIsT0FBTyxFQUFFLFFBQVE7Z0JBQ2pCLGVBQWUsRUFBRSxlQUFlLENBQUMsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsT0FBTzthQUNwRDtTQUNGLENBQUMsQ0FBQztRQUNILG9CQUFvQixDQUFDLElBQUksQ0FBQyxhQUFhLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztRQUUxRCw0RUFBNEU7UUFDNUUsNEVBQTRFO1FBQzVFLHlFQUF5RTtRQUN6RSx3RUFBd0U7UUFDeEUscUVBQXFFO1FBQ3JFLFdBQVc7UUFDWCxNQUFNLGNBQWMsR0FBRyxvQkFBb0IsQ0FBQyxZQUFZLENBQUMsYUFBYSxDQUFDLENBQUM7UUFDeEUsSUFBSSxDQUFDLGNBQWMsR0FBRyx3QkFBYyxDQUFDLGlCQUFpQixDQUFDLElBQUksQ0FBQyxhQUFhLEVBQUUsY0FBYyxDQUFDLENBQUM7UUFDM0YsSUFBSSxDQUFDLGVBQWUsR0FBRyw0QkFBZSxDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUMsYUFBYSxFQUFFO1lBQ2pFLFdBQVcsRUFBRSxjQUFjO1NBQzVCLENBQUMsQ0FBQztJQUNMLENBQUM7O0FBcFlILG9FQXFZQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCAqIGFzIGNyeXB0byBmcm9tICdjcnlwdG8nO1xuaW1wb3J0ICogYXMgZnMgZnJvbSAnZnMnO1xuaW1wb3J0ICogYXMgcGF0aCBmcm9tICdwYXRoJztcblxuaW1wb3J0IHsgQ3VzdG9tUmVzb3VyY2UsIER1cmF0aW9uLCBTdGFjayB9IGZyb20gJ2F3cy1jZGstbGliJztcbmltcG9ydCB7IFByb2plY3QsIFNvdXJjZSwgTGludXhCdWlsZEltYWdlLCBMaW51eEFybUJ1aWxkSW1hZ2UsIEJ1aWxkU3BlYyB9IGZyb20gJ2F3cy1jZGstbGliL2F3cy1jb2RlYnVpbGQnO1xuaW1wb3J0IHsgSVZwYywgSVNlY3VyaXR5R3JvdXAsIFN1Ym5ldFNlbGVjdGlvbiB9IGZyb20gJ2F3cy1jZGstbGliL2F3cy1lYzInO1xuaW1wb3J0IHsgUmVwb3NpdG9yeSwgUmVwb3NpdG9yeUVuY3J5cHRpb24sIFRhZ1N0YXR1cyB9IGZyb20gJ2F3cy1jZGstbGliL2F3cy1lY3InO1xuaW1wb3J0IHsgQ29udGFpbmVySW1hZ2UgfSBmcm9tICdhd3MtY2RrLWxpYi9hd3MtZWNzJztcbmltcG9ydCB7IFBvbGljeVN0YXRlbWVudCB9IGZyb20gJ2F3cy1jZGstbGliL2F3cy1pYW0nO1xuaW1wb3J0IHsgS2V5IH0gZnJvbSAnYXdzLWNkay1saWIvYXdzLWttcyc7XG5pbXBvcnQgeyBSdW50aW1lLCBDb2RlLCBEb2NrZXJJbWFnZUNvZGUsIEZ1bmN0aW9uIH0gZnJvbSAnYXdzLWNkay1saWIvYXdzLWxhbWJkYSc7XG5pbXBvcnQgeyBJTG9nR3JvdXAgfSBmcm9tICdhd3MtY2RrLWxpYi9hd3MtbG9ncyc7XG5pbXBvcnQgeyBBc3NldCB9IGZyb20gJ2F3cy1jZGstbGliL2F3cy1zMy1hc3NldHMnO1xuaW1wb3J0IHsgUHJvdmlkZXIgfSBmcm9tICdhd3MtY2RrLWxpYi9jdXN0b20tcmVzb3VyY2VzJztcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gJ2NvbnN0cnVjdHMnO1xuXG5jb25zdCBQUk9WSURFUl9TSU5HTEVUT05fSUQgPSAnVG9rZW5JbmplY3RhYmxlRG9ja2VyQnVpbGRlclByb3ZpZGVyJztcblxuLyoqXG4gKiBPcHRpb25zIGZvciBjcmVhdGluZyBhIGBUb2tlbkluamVjdGFibGVEb2NrZXJCdWlsZGVyUHJvdmlkZXJgLlxuICovXG5leHBvcnQgaW50ZXJmYWNlIFRva2VuSW5qZWN0YWJsZURvY2tlckJ1aWxkZXJQcm92aWRlclByb3BzIHtcbiAgLyoqXG4gICAqIEhvdyBvZnRlbiB0aGUgcHJvdmlkZXIgcG9sbHMgZm9yIGJ1aWxkIGNvbXBsZXRpb24uXG4gICAqXG4gICAqIEBkZWZhdWx0IER1cmF0aW9uLnNlY29uZHMoMzApXG4gICAqL1xuICByZWFkb25seSBxdWVyeUludGVydmFsPzogRHVyYXRpb247XG59XG5cbi8qKlxuICogU2hhcmVkIHByb3ZpZGVyIGZvciBgVG9rZW5JbmplY3RhYmxlRG9ja2VyQnVpbGRlcmAgaW5zdGFuY2VzLlxuICpcbiAqIENyZWF0ZXMgdGhlIG9uRXZlbnQgYW5kIGlzQ29tcGxldGUgTGFtYmRhIGZ1bmN0aW9ucyBvbmNlIHBlciBzdGFjay5cbiAqIEVhY2ggYnVpbGRlciBpbnN0YW5jZSByZWdpc3RlcnMgaXRzIENvZGVCdWlsZCBwcm9qZWN0IEFSTiBzbyB0aGVcbiAqIHNoYXJlZCBMYW1iZGFzIGhhdmUgcGVybWlzc2lvbiB0byBzdGFydCBidWlsZHMgYW5kIHJlYWQgbG9ncy5cbiAqL1xuZXhwb3J0IGNsYXNzIFRva2VuSW5qZWN0YWJsZURvY2tlckJ1aWxkZXJQcm92aWRlciBleHRlbmRzIENvbnN0cnVjdCB7XG4gIC8qKlxuICAgKiBHZXQgb3IgY3JlYXRlIHRoZSBzaW5nbGV0b24gcHJvdmlkZXIgZm9yIHRoaXMgc3RhY2suXG4gICAqIEFsbCBgVG9rZW5JbmplY3RhYmxlRG9ja2VyQnVpbGRlcmAgaW5zdGFuY2VzIGluIHRoZSBzYW1lIHN0YWNrXG4gICAqIHNoYXJlIGEgc2luZ2xlIHBhaXIgb2YgTGFtYmRhIGZ1bmN0aW9ucy5cbiAgICovXG4gIHB1YmxpYyBzdGF0aWMgZ2V0T3JDcmVhdGUoc2NvcGU6IENvbnN0cnVjdCwgcHJvcHM/OiBUb2tlbkluamVjdGFibGVEb2NrZXJCdWlsZGVyUHJvdmlkZXJQcm9wcyk6IFRva2VuSW5qZWN0YWJsZURvY2tlckJ1aWxkZXJQcm92aWRlciB7XG4gICAgY29uc3Qgc3RhY2sgPSBTdGFjay5vZihzY29wZSk7XG4gICAgY29uc3QgZXhpc3RpbmcgPSBzdGFjay5ub2RlLnRyeUZpbmRDaGlsZChQUk9WSURFUl9TSU5HTEVUT05fSUQpIGFzIFRva2VuSW5qZWN0YWJsZURvY2tlckJ1aWxkZXJQcm92aWRlciB8IHVuZGVmaW5lZDtcbiAgICBpZiAoZXhpc3RpbmcpIHJldHVybiBleGlzdGluZztcbiAgICByZXR1cm4gbmV3IFRva2VuSW5qZWN0YWJsZURvY2tlckJ1aWxkZXJQcm92aWRlcihzdGFjaywgUFJPVklERVJfU0lOR0xFVE9OX0lELCBwcm9wcyk7XG4gIH1cblxuICAvKiogVGhlIHNlcnZpY2UgdG9rZW4gdXNlZCBieSBDdXN0b21SZXNvdXJjZSBpbnN0YW5jZXMuICovXG4gIHB1YmxpYyByZWFkb25seSBzZXJ2aWNlVG9rZW46IHN0cmluZztcblxuICBwcml2YXRlIHJlYWRvbmx5IG9uRXZlbnRIYW5kbGVyRnVuY3Rpb246IEZ1bmN0aW9uO1xuICBwcml2YXRlIHJlYWRvbmx5IGlzQ29tcGxldGVIYW5kbGVyRnVuY3Rpb246IEZ1bmN0aW9uO1xuXG4gIHByaXZhdGUgY29uc3RydWN0b3Ioc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZywgcHJvcHM/OiBUb2tlbkluamVjdGFibGVEb2NrZXJCdWlsZGVyUHJvdmlkZXJQcm9wcykge1xuICAgIHN1cGVyKHNjb3BlLCBpZCk7XG5cbiAgICB0aGlzLm9uRXZlbnRIYW5kbGVyRnVuY3Rpb24gPSBuZXcgRnVuY3Rpb24odGhpcywgJ09uRXZlbnRIYW5kbGVyJywge1xuICAgICAgcnVudGltZTogUnVudGltZS5OT0RFSlNfMjJfWCxcbiAgICAgIGNvZGU6IENvZGUuZnJvbUFzc2V0KHBhdGgucmVzb2x2ZShfX2Rpcm5hbWUsICcuLi9vbkV2ZW50JykpLFxuICAgICAgaGFuZGxlcjogJ29uRXZlbnQuaGFuZGxlcicsXG4gICAgICB0aW1lb3V0OiBEdXJhdGlvbi5taW51dGVzKDE1KSxcbiAgICB9KTtcbiAgICB0aGlzLm9uRXZlbnRIYW5kbGVyRnVuY3Rpb24uYWRkVG9Sb2xlUG9saWN5KFxuICAgICAgbmV3IFBvbGljeVN0YXRlbWVudCh7XG4gICAgICAgIGFjdGlvbnM6IFtcbiAgICAgICAgICAnbG9nczpDcmVhdGVMb2dHcm91cCcsXG4gICAgICAgICAgJ2xvZ3M6UHV0UmV0ZW50aW9uUG9saWN5JyxcbiAgICAgICAgICAnbG9nczpEZWxldGVMb2dHcm91cCcsXG4gICAgICAgIF0sXG4gICAgICAgIHJlc291cmNlczogWydhcm46YXdzOmxvZ3M6KjoqOmxvZy1ncm91cDovZG9ja2VyLWJ1aWxkZXIvKiddLFxuICAgICAgfSksXG4gICAgKTtcblxuICAgIHRoaXMuaXNDb21wbGV0ZUhhbmRsZXJGdW5jdGlvbiA9IG5ldyBGdW5jdGlvbih0aGlzLCAnSXNDb21wbGV0ZUhhbmRsZXInLCB7XG4gICAgICBydW50aW1lOiBSdW50aW1lLk5PREVKU18yMl9YLFxuICAgICAgY29kZTogQ29kZS5mcm9tQXNzZXQocGF0aC5yZXNvbHZlKF9fZGlybmFtZSwgJy4uL2lzQ29tcGxldGUnKSksXG4gICAgICBoYW5kbGVyOiAnaXNDb21wbGV0ZS5oYW5kbGVyJyxcbiAgICAgIHRpbWVvdXQ6IER1cmF0aW9uLm1pbnV0ZXMoMTUpLFxuICAgIH0pO1xuICAgIHRoaXMuaXNDb21wbGV0ZUhhbmRsZXJGdW5jdGlvbi5hZGRUb1JvbGVQb2xpY3koXG4gICAgICBuZXcgUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgYWN0aW9uczogW1xuICAgICAgICAgICdjb2RlYnVpbGQ6QmF0Y2hHZXRCdWlsZHMnLFxuICAgICAgICAgICdjb2RlYnVpbGQ6TGlzdEJ1aWxkc0ZvclByb2plY3QnLFxuICAgICAgICAgICdsb2dzOkdldExvZ0V2ZW50cycsXG4gICAgICAgICAgJ2xvZ3M6RGVzY3JpYmVMb2dTdHJlYW1zJyxcbiAgICAgICAgICAnbG9nczpEZXNjcmliZUxvZ0dyb3VwcycsXG4gICAgICAgICAgJ2VjcjpEZXNjcmliZUltYWdlcycsXG4gICAgICAgIF0sXG4gICAgICAgIHJlc291cmNlczogWycqJ10sXG4gICAgICB9KSxcbiAgICApO1xuXG4gICAgY29uc3QgcHJvdmlkZXIgPSBuZXcgUHJvdmlkZXIodGhpcywgJ1Byb3ZpZGVyJywge1xuICAgICAgb25FdmVudEhhbmRsZXI6IHRoaXMub25FdmVudEhhbmRsZXJGdW5jdGlvbixcbiAgICAgIGlzQ29tcGxldGVIYW5kbGVyOiB0aGlzLmlzQ29tcGxldGVIYW5kbGVyRnVuY3Rpb24sXG4gICAgICBxdWVyeUludGVydmFsOiBwcm9wcz8ucXVlcnlJbnRlcnZhbCA/PyBEdXJhdGlvbi5zZWNvbmRzKDMwKSxcbiAgICB9KTtcblxuICAgIHRoaXMuc2VydmljZVRva2VuID0gcHJvdmlkZXIuc2VydmljZVRva2VuO1xuICB9XG5cbiAgLyoqXG4gICAqIEdyYW50IHRoZSBzaGFyZWQgTGFtYmRhcyBwZXJtaXNzaW9uIHRvIHN0YXJ0IGJ1aWxkcyBmb3IgYSBzcGVjaWZpY1xuICAgKiBDb2RlQnVpbGQgcHJvamVjdCBhbmQgcHVsbC9wdXNoIHRvIGl0cyBFQ1IgcmVwb3NpdG9yeS5cbiAgICovXG4gIHB1YmxpYyByZWdpc3RlclByb2plY3QocHJvamVjdDogUHJvamVjdCwgZWNyUmVwbzogUmVwb3NpdG9yeSwgZW5jcnlwdGlvbktleT86IEtleSk6IHZvaWQge1xuICAgIHRoaXMub25FdmVudEhhbmRsZXJGdW5jdGlvbi5hZGRUb1JvbGVQb2xpY3koXG4gICAgICBuZXcgUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgYWN0aW9uczogWydjb2RlYnVpbGQ6U3RhcnRCdWlsZCddLFxuICAgICAgICByZXNvdXJjZXM6IFtwcm9qZWN0LnByb2plY3RBcm5dLFxuICAgICAgfSksXG4gICAgKTtcbiAgICBlY3JSZXBvLmdyYW50UHVsbFB1c2godGhpcy5vbkV2ZW50SGFuZGxlckZ1bmN0aW9uKTtcbiAgICBlY3JSZXBvLmdyYW50UHVsbFB1c2godGhpcy5pc0NvbXBsZXRlSGFuZGxlckZ1bmN0aW9uKTtcblxuICAgIGlmIChlbmNyeXB0aW9uS2V5KSB7XG4gICAgICBlbmNyeXB0aW9uS2V5LmdyYW50RW5jcnlwdERlY3J5cHQodGhpcy5vbkV2ZW50SGFuZGxlckZ1bmN0aW9uKTtcbiAgICAgIGVuY3J5cHRpb25LZXkuZ3JhbnRFbmNyeXB0RGVjcnlwdCh0aGlzLmlzQ29tcGxldGVIYW5kbGVyRnVuY3Rpb24pO1xuICAgIH1cbiAgfVxufVxuXG4vKipcbiAqIFByb3BlcnRpZXMgZm9yIHRoZSBgVG9rZW5JbmplY3RhYmxlRG9ja2VyQnVpbGRlcmAgY29uc3RydWN0LlxuICovXG5leHBvcnQgaW50ZXJmYWNlIFRva2VuSW5qZWN0YWJsZURvY2tlckJ1aWxkZXJQcm9wcyB7XG4gIC8qKlxuICAgKiBUaGUgcGF0aCB0byB0aGUgZGlyZWN0b3J5IGNvbnRhaW5pbmcgdGhlIERvY2tlcmZpbGUgb3Igc291cmNlIGNvZGUuXG4gICAqL1xuICByZWFkb25seSBwYXRoOiBzdHJpbmc7XG5cbiAgLyoqXG4gICAqIEJ1aWxkIGFyZ3VtZW50cyB0byBwYXNzIHRvIHRoZSBEb2NrZXIgYnVpbGQgcHJvY2Vzcy5cbiAgICogVGhlc2UgYXJlIHRyYW5zZm9ybWVkIGludG8gYC0tYnVpbGQtYXJnIEtFWT1WQUxVRWAgZmxhZ3MuXG4gICAqIEBleGFtcGxlXG4gICAqIHtcbiAgICogICBUT0tFTjogJ215LXNlY3JldC10b2tlbicsXG4gICAqICAgRU5WOiAncHJvZHVjdGlvbidcbiAgICogfVxuICAgKi9cbiAgcmVhZG9ubHkgYnVpbGRBcmdzPzogeyBba2V5OiBzdHJpbmddOiBzdHJpbmcgfTtcblxuICAvKipcbiAgICogVGhlIEFSTiBvZiB0aGUgQVdTIFNlY3JldHMgTWFuYWdlciBzZWNyZXQgY29udGFpbmluZyBEb2NrZXIgbG9naW4gY3JlZGVudGlhbHMuXG4gICAqIFRoaXMgc2VjcmV0IHNob3VsZCBzdG9yZSBhIEpTT04gb2JqZWN0IHdpdGggdGhlIGZvbGxvd2luZyBzdHJ1Y3R1cmU6XG4gICAqIGBgYGpzb25cbiAgICoge1xuICAgKiAgIFwidXNlcm5hbWVcIjogXCJteS1kb2NrZXItdXNlcm5hbWVcIixcbiAgICogICBcInBhc3N3b3JkXCI6IFwibXktZG9ja2VyLXBhc3N3b3JkXCJcbiAgICogfVxuICAgKiBgYGBcbiAgICogSWYgbm90IHByb3ZpZGVkIChvciBub3QgbmVlZGVkKSwgdGhlIGNvbnN0cnVjdCB3aWxsIHNraXAgRG9ja2VyIEh1YiBsb2dpbi5cbiAgICpcbiAgICogKipOb3RlKio6IFRoZSBzZWNyZXQgbXVzdCBiZSBpbiB0aGUgc2FtZSByZWdpb24gYXMgdGhlIHN0YWNrLlxuICAgKlxuICAgKiBAZXhhbXBsZSAnYXJuOmF3czpzZWNyZXRzbWFuYWdlcjp1cy1lYXN0LTE6MTIzNDU2Nzg5MDEyOnNlY3JldDpEb2NrZXJMb2dpblNlY3JldCdcbiAgICovXG4gIHJlYWRvbmx5IGRvY2tlckxvZ2luU2VjcmV0QXJuPzogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBUaGUgVlBDIGluIHdoaWNoIHRoZSBDb2RlQnVpbGQgcHJvamVjdCB3aWxsIGJlIGRlcGxveWVkLlxuICAgKiBJZiBwcm92aWRlZCwgdGhlIENvZGVCdWlsZCBwcm9qZWN0IHdpbGwgYmUgbGF1bmNoZWQgd2l0aGluIHRoZSBzcGVjaWZpZWQgVlBDLlxuICAgKlxuICAgKiBAZGVmYXVsdCAtIE5vIFZQQyBpcyBhdHRhY2hlZCwgYW5kIHRoZSBDb2RlQnVpbGQgcHJvamVjdCB3aWxsIHVzZSBwdWJsaWMgaW50ZXJuZXQuXG4gICAqL1xuICByZWFkb25seSB2cGM/OiBJVnBjO1xuXG4gIC8qKlxuICAgKiBUaGUgc2VjdXJpdHkgZ3JvdXBzIHRvIGF0dGFjaCB0byB0aGUgQ29kZUJ1aWxkIHByb2plY3QuXG4gICAqIFRoZXNlIGRlZmluZSB0aGUgbmV0d29yayBhY2Nlc3MgcnVsZXMgZm9yIHRoZSBDb2RlQnVpbGQgcHJvamVjdC5cbiAgICpcbiAgICogQGRlZmF1bHQgLSBObyBzZWN1cml0eSBncm91cHMgYXJlIGF0dGFjaGVkLlxuICAgKi9cbiAgcmVhZG9ubHkgc2VjdXJpdHlHcm91cHM/OiBJU2VjdXJpdHlHcm91cFtdO1xuXG4gIC8qKlxuICAgKiBUaGUgc3VibmV0IHNlbGVjdGlvbiB0byBzcGVjaWZ5IHdoaWNoIHN1Ym5ldHMgdG8gdXNlIHdpdGhpbiB0aGUgVlBDLlxuICAgKiBBbGxvd3MgdGhlIHVzZXIgdG8gc2VsZWN0IHByaXZhdGUsIHB1YmxpYywgb3IgaXNvbGF0ZWQgc3VibmV0cy5cbiAgICpcbiAgICogQGRlZmF1bHQgLSBBbGwgc3VibmV0cyBpbiB0aGUgVlBDIGFyZSB1c2VkLlxuICAgKi9cbiAgcmVhZG9ubHkgc3VibmV0U2VsZWN0aW9uPzogU3VibmV0U2VsZWN0aW9uO1xuXG4gIC8qKlxuICAgKiBDdXN0b20gY29tbWFuZHMgdG8gcnVuIGR1cmluZyB0aGUgaW5zdGFsbCBwaGFzZSBvZiBDb2RlQnVpbGQuXG4gICAqXG4gICAqICoqRXhhbXBsZSoqOlxuICAgKiBgYGB0c1xuICAgKiBpbnN0YWxsQ29tbWFuZHM6IFtcbiAgICogICAnZWNobyBcIlVwZGF0aW5nIHBhY2thZ2UgbGlzdHMuLi5cIicsXG4gICAqICAgJ2FwdC1nZXQgdXBkYXRlIC15JyxcbiAgICogICAnZWNobyBcIkluc3RhbGxpbmcgcmVxdWlyZWQgcGFja2FnZXMuLi5cIicsXG4gICAqICAgJ2FwdC1nZXQgaW5zdGFsbCAteSBjdXJsIGRuc3V0aWxzJyxcbiAgICogXSxcbiAgICogYGBgXG4gICAqIEBkZWZhdWx0IC0gTm8gYWRkaXRpb25hbCBpbnN0YWxsIGNvbW1hbmRzLlxuICAgKi9cbiAgcmVhZG9ubHkgaW5zdGFsbENvbW1hbmRzPzogc3RyaW5nW107XG5cbiAgLyoqXG4gICAqIEN1c3RvbSBjb21tYW5kcyB0byBydW4gZHVyaW5nIHRoZSBwcmVfYnVpbGQgcGhhc2Ugb2YgQ29kZUJ1aWxkLlxuICAgKlxuICAgKiAqKkV4YW1wbGUqKjpcbiAgICogYGBgdHNcbiAgICogcHJlQnVpbGRDb21tYW5kczogW1xuICAgKiAgICdlY2hvIFwiRmV0Y2hpbmcgY29uZmlndXJhdGlvbiBmcm9tIHByaXZhdGUgQVBJLi4uXCInLFxuICAgKiAgICdjdXJsIC1vIGNvbmZpZy5qc29uIGh0dHBzOi8vYXBpLmV4YW1wbGUuY29tL2NvbmZpZycsXG4gICAqIF0sXG4gICAqIGBgYFxuICAgKiBAZGVmYXVsdCAtIE5vIGFkZGl0aW9uYWwgcHJlLWJ1aWxkIGNvbW1hbmRzLlxuICAgKi9cbiAgcmVhZG9ubHkgcHJlQnVpbGRDb21tYW5kcz86IHN0cmluZ1tdO1xuXG4gIC8qKlxuICAgKiBXaGV0aGVyIHRvIGVuYWJsZSBLTVMgZW5jcnlwdGlvbiBmb3IgdGhlIEVDUiByZXBvc2l0b3J5LlxuICAgKiBJZiBgdHJ1ZWAsIGEgS01TIGtleSB3aWxsIGJlIGNyZWF0ZWQgZm9yIGVuY3J5cHRpbmcgRUNSIGltYWdlcy5cbiAgICogSWYgYGZhbHNlYCwgdGhlIHJlcG9zaXRvcnkgd2lsbCB1c2UgQUVTLTI1NiBlbmNyeXB0aW9uLlxuICAgKlxuICAgKiBAZGVmYXVsdCAtIGZhbHNlXG4gICAqL1xuICByZWFkb25seSBrbXNFbmNyeXB0aW9uPzogYm9vbGVhbjtcblxuICAvKipcbiAgICogVGhlIHF1ZXJ5IGludGVydmFsIGZvciBjaGVja2luZyBpZiB0aGUgQ29kZUJ1aWxkIHByb2plY3QgaGFzIGNvbXBsZXRlZC5cbiAgICogVGhpcyBkZXRlcm1pbmVzIGhvdyBmcmVxdWVudGx5IHRoZSBjdXN0b20gcmVzb3VyY2UgcG9sbHMgZm9yIGJ1aWxkIGNvbXBsZXRpb24uXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gRHVyYXRpb24uc2Vjb25kcygzMClcbiAgICovXG4gIHJlYWRvbmx5IGNvbXBsZXRlbmVzc1F1ZXJ5SW50ZXJ2YWw/OiBEdXJhdGlvbjtcblxuICAvKipcbiAgICogQSBsaXN0IG9mIGZpbGUgcGF0aHMgaW4gdGhlIERvY2tlciBkaXJlY3RvcnkgdG8gZXhjbHVkZSBmcm9tIGJ1aWxkLlxuICAgKiBXaWxsIHVzZSBwYXRocyBpbiAuZG9ja2VyaWdub3JlIGZpbGUgaWYgcHJlc2VudC5cbiAgICpcbiAgICogQGRlZmF1bHQgLSBObyBmaWxlIHBhdGggZXhjbHVzaW9uc1xuICAgKi9cbiAgcmVhZG9ubHkgZXhjbHVkZT86IHN0cmluZ1tdO1xuXG4gIC8qKlxuICAgKiBUaGUgbmFtZSBvZiB0aGUgRG9ja2VyZmlsZSB0byB1c2UgZm9yIHRoZSBidWlsZC5cbiAgICogUGFzc2VkIGFzIGAtLWZpbGVgIHRvIGBkb2NrZXIgYnVpbGRgLlxuICAgKlxuICAgKiBAZXhhbXBsZSAnRG9ja2VyZmlsZS5wcm9kdWN0aW9uJ1xuICAgKiBAZGVmYXVsdCAnRG9ja2VyZmlsZSdcbiAgICovXG4gIHJlYWRvbmx5IGZpbGU/OiBzdHJpbmc7XG5cbiAgLyoqXG4gICAqIFdoZW4gYHRydWVgLCBkaXNhYmxlcyBEb2NrZXIgbGF5ZXIgY2FjaGluZy4gRXZlcnkgYnVpbGQgcnVucyBmcm9tIHNjcmF0Y2guXG4gICAqIFVzZSBmb3IgZGVidWdnaW5nLCBjb3JydXB0ZWQgY2FjaGUsIG9yIG1ham9yIGRlcGVuZGVuY3kgY2hhbmdlcy5cbiAgICpcbiAgICogQGRlZmF1bHQgZmFsc2VcbiAgICovXG4gIHJlYWRvbmx5IGNhY2hlRGlzYWJsZWQ/OiBib29sZWFuO1xuXG4gIC8qKlxuICAgKiBDbG91ZFdhdGNoIGxvZyBncm91cCBmb3IgQ29kZUJ1aWxkIGJ1aWxkIGxvZ3MuXG4gICAqIFdoZW4gcHJvdmlkZWQgd2l0aCBhIFJFVEFJTiByZW1vdmFsIHBvbGljeSwgYnVpbGQgbG9ncyBzdXJ2aXZlIHJvbGxiYWNrc1xuICAgKiBhbmQgc3RhY2sgZGVsZXRpb24gZm9yIGRlYnVnZ2luZy5cbiAgICpcbiAgICogQGRlZmF1bHQgLSBDb2RlQnVpbGQgZGVmYXVsdCBsb2dnaW5nIChsb2dzIGFyZSBkZWxldGVkIG9uIHJvbGxiYWNrKVxuICAgKi9cbiAgcmVhZG9ubHkgYnVpbGRMb2dHcm91cD86IElMb2dHcm91cDtcblxuICAvKipcbiAgICogVGFyZ2V0IHBsYXRmb3JtIGZvciB0aGUgRG9ja2VyIGltYWdlLlxuICAgKlxuICAgKiBXaGVuIHNldCB0byBgJ2xpbnV4L2FybTY0J2AsIHRoZSBjb25zdHJ1Y3QgdXNlcyBhIG5hdGl2ZSBBUk0vR3Jhdml0b25cbiAgICogQ29kZUJ1aWxkIGluc3RhbmNlIGZvciBmYXN0IGJ1aWxkcyB3aXRob3V0IGVtdWxhdGlvbi5cbiAgICpcbiAgICogQGRlZmF1bHQgJ2xpbnV4L2FtZDY0J1xuICAgKi9cbiAgcmVhZG9ubHkgcGxhdGZvcm0/OiAnbGludXgvYW1kNjQnIHwgJ2xpbnV4L2FybTY0JztcblxuICAvKipcbiAgICogU2hhcmVkIHByb3ZpZGVyIGZvciB0aGUgY3VzdG9tIHJlc291cmNlIExhbWJkYXMuXG4gICAqIFVzZSBgVG9rZW5JbmplY3RhYmxlRG9ja2VyQnVpbGRlclByb3ZpZGVyLmdldE9yQ3JlYXRlKHRoaXMpYCB0byBjcmVhdGVcbiAgICogYSBzaW5nbGV0b24gdGhhdCBpcyBzaGFyZWQgYWNyb3NzIGFsbCBidWlsZGVycyBpbiB0aGUgc2FtZSBzdGFjay5cbiAgICpcbiAgICogV2hlbiBvbWl0dGVkLCBlYWNoIGJ1aWxkZXIgY3JlYXRlcyBpdHMgb3duIExhbWJkYXMgKG9yaWdpbmFsIGJlaGF2aW9yKS5cbiAgICpcbiAgICogQGRlZmF1bHQgLSBBIG5ldyBwcm92aWRlciBpcyBjcmVhdGVkIHBlciBidWlsZGVyIGluc3RhbmNlXG4gICAqL1xuICByZWFkb25seSBwcm92aWRlcj86IFRva2VuSW5qZWN0YWJsZURvY2tlckJ1aWxkZXJQcm92aWRlcjtcblxuICAvKipcbiAgICogRUNSIHB1bGwtdGhyb3VnaCBjYWNoZSByZXBvc2l0b3J5IHByZWZpeGVzIHRvIGdyYW50IHB1bGwgYWNjZXNzIHRvLlxuICAgKiBVc2Ugd2hlbiB5b3VyIERvY2tlcmZpbGUgcmVmZXJlbmNlcyBiYXNlIGltYWdlcyBmcm9tIEVDUiBwdWxsLXRocm91Z2hcbiAgICogY2FjaGUgKGUuZy4gZG9ja2VyLWh1Yi9saWJyYXJ5L25vZGU6MjAtc2xpbSwgZ2hjci9vcmcvaW1hZ2U6dGFnKS5cbiAgICogVGhlIENvZGVCdWlsZCByb2xlIHdpbGwgYmUgZ3JhbnRlZCBlY3I6QmF0Y2hHZXRJbWFnZSwgZWNyOkdldERvd25sb2FkVXJsRm9yTGF5ZXIsXG4gICAqIGFuZCBlY3I6QmF0Y2hDaGVja0xheWVyQXZhaWxhYmlsaXR5IG9uIHJlcG9zaXRvcmllcyBtYXRjaGluZyBlYWNoIHByZWZpeC5cbiAgICpcbiAgICogQGV4YW1wbGUgWydkb2NrZXItaHViJywgJ2doY3InXVxuICAgKiBAZGVmYXVsdCAtIE5vIHB1bGwtdGhyb3VnaCBjYWNoZSBhY2Nlc3NcbiAgICovXG4gIHJlYWRvbmx5IGVjclB1bGxUaHJvdWdoQ2FjaGVQcmVmaXhlcz86IHN0cmluZ1tdO1xuXG4gIC8qKlxuICAgKiBNYXhpbXVtIG51bWJlciBvZiB0YWdnZWQgaW1hZ2VzIHRvIHJldGFpbiBpbiB0aGUgRUNSIHJlcG9zaXRvcnkuXG4gICAqXG4gICAqICoqV0FSTklORzoqKiBMYW1iZGEgZnVuY3Rpb25zIHBpbiBpbWFnZXMgYnkgZGlnZXN0IGludGVybmFsbHkgZXZlbiB3aGVuXG4gICAqIHJlZmVyZW5jZWQgYnkgdGFnLiBTZXR0aW5nIHRoaXMgY2FuIGRlbGV0ZSBpbWFnZXMgdGhhdCBMYW1iZGEgZnVuY3Rpb25zXG4gICAqIChhbmQgRUNTIHRhc2tzKSBhcmUgc3RpbGwgcGlubmVkIHRvLCBicmVha2luZyB0aGUgbmV4dCBjb25maWd1cmF0aW9uXG4gICAqIHVwZGF0ZSB3aXRoIFwiSW1hZ2UgSUQgY2Fubm90IGJlIGZvdW5kXCIuXG4gICAqXG4gICAqIExlYXZlIHVuZGVmaW5lZCAodGhlIGRlZmF1bHQpIGZvciBwcm9kdWN0aW9uIHVzZS4gVW50YWdnZWQgaW1hZ2VzIGFyZVxuICAgKiBhbHdheXMgY2xlYW5lZCB1cCBhZnRlciAzMCBkYXlzIHJlZ2FyZGxlc3Mgb2YgdGhpcyBzZXR0aW5nLlxuICAgKlxuICAgKiBAZGVmYXVsdCB1bmRlZmluZWQgLSBubyBjb3VudC1iYXNlZCBleHBpcmF0aW9uOyBvbmx5IHVudGFnZ2VkLWFmdGVyLTMwLWRheXNcbiAgICovXG4gIHJlYWRvbmx5IG1heEltYWdlQ291bnQ/OiBudW1iZXI7XG5cbiAgLyoqXG4gICAqIFdoZW4gYHRydWVgLCBjcmVhdGVzIGEgQ2xvdWRXYXRjaCBsb2cgZ3JvdXAgb3V0c2lkZSBvZiBDbG91ZEZvcm1hdGlvblxuICAgKiAoYC9kb2NrZXItYnVpbGRlci88cHJvamVjdE5hbWU+YCkgYW5kIGRpcmVjdHMgQ29kZUJ1aWxkIG91dHB1dCB0aGVyZS5cbiAgICogQmVjYXVzZSB0aGUgbG9nIGdyb3VwIGlzIG1hbmFnZWQgaW1wZXJhdGl2ZWx5IChub3QgYnkgQ2xvdWRGb3JtYXRpb24pLFxuICAgKiBpdCBzdXJ2aXZlcyBzdGFjayByb2xsYmFja3MgYW5kIHByZXNlcnZlcyBmdWxsIGJ1aWxkIGxvZ3MgZm9yIGRlYnVnZ2luZy5cbiAgICogQSA3LWRheSByZXRlbnRpb24gcG9saWN5IGlzIGFwcGxpZWQgc28gb2xkIGxvZ3MgYXV0by1leHBpcmUuXG4gICAqXG4gICAqIFNldCB0byBgZmFsc2VgIGFmdGVyIGRlYnVnZ2luZyB0byBkZWxldGUgdGhlIGxvZyBncm91cCBhbmQgY2xlYW4gdXAuXG4gICAqXG4gICAqIEBkZWZhdWx0IGZhbHNlXG4gICAqL1xuICByZWFkb25seSByZXRhaW5CdWlsZExvZ3M/OiBib29sZWFuO1xufVxuXG4vKipcbiAqIEEgQ0RLIGNvbnN0cnVjdCB0byBidWlsZCBhbmQgcHVzaCBEb2NrZXIgaW1hZ2VzIHRvIGFuIEVDUiByZXBvc2l0b3J5IHVzaW5nXG4gKiBDb2RlQnVpbGQgYW5kIExhbWJkYSBjdXN0b20gcmVzb3VyY2VzLCAqKnRoZW4qKiByZXRyaWV2ZSB0aGUgZmluYWwgaW1hZ2UgdGFnXG4gKiBzbyB0aGF0IEVDUy9MYW1iZGEgcmVmZXJlbmNlcyB1c2UgdGhlIGV4YWN0IGRpZ2VzdC5cbiAqL1xuZXhwb3J0IGNsYXNzIFRva2VuSW5qZWN0YWJsZURvY2tlckJ1aWxkZXIgZXh0ZW5kcyBDb25zdHJ1Y3Qge1xuICAvKipcbiAgICogVGhlIEVDUiByZXBvc2l0b3J5IHRoYXQgc3RvcmVzIHRoZSByZXN1bHRpbmcgRG9ja2VyIGltYWdlLlxuICAgKi9cbiAgcHJpdmF0ZSByZWFkb25seSBlY3JSZXBvc2l0b3J5OiBSZXBvc2l0b3J5O1xuXG4gIC8qKlxuICAgKiBBbiBFQ1MtY29tcGF0aWJsZSBjb250YWluZXIgaW1hZ2UgcmVmZXJlbmNpbmcgdGhlIHRhZ1xuICAgKiBvZiB0aGUgYnVpbHQgRG9ja2VyIGltYWdlLlxuICAgKi9cbiAgcHVibGljIHJlYWRvbmx5IGNvbnRhaW5lckltYWdlOiBDb250YWluZXJJbWFnZTtcblxuICAvKipcbiAgICogQSBMYW1iZGEtY29tcGF0aWJsZSBEb2NrZXJJbWFnZUNvZGUgcmVmZXJlbmNpbmcgdGhlIHRhZ1xuICAgKiBvZiB0aGUgYnVpbHQgRG9ja2VyIGltYWdlLlxuICAgKi9cbiAgcHVibGljIHJlYWRvbmx5IGRvY2tlckltYWdlQ29kZTogRG9ja2VySW1hZ2VDb2RlO1xuXG4gIC8qKlxuICAgKiBDcmVhdGVzIGEgbmV3IGBUb2tlbkluamVjdGFibGVEb2NrZXJCdWlsZGVyYC5cbiAgICpcbiAgICogQHBhcmFtIHNjb3BlIFRoZSBzY29wZSBpbiB3aGljaCB0byBkZWZpbmUgdGhpcyBjb25zdHJ1Y3QuXG4gICAqIEBwYXJhbSBpZCBUaGUgc2NvcGVkIGNvbnN0cnVjdCBJRC5cbiAgICogQHBhcmFtIHByb3BzIENvbmZpZ3VyYXRpb24gZm9yIGJ1aWxkaW5nIGFuZCBwdXNoaW5nIHRoZSBEb2NrZXIgaW1hZ2UuXG4gICAqL1xuICBjb25zdHJ1Y3RvcihzY29wZTogQ29uc3RydWN0LCBpZDogc3RyaW5nLCBwcm9wczogVG9rZW5JbmplY3RhYmxlRG9ja2VyQnVpbGRlclByb3BzKSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkKTtcblxuICAgIGNvbnN0IHtcbiAgICAgIHBhdGg6IHNvdXJjZVBhdGgsXG4gICAgICBidWlsZEFyZ3MsXG4gICAgICBkb2NrZXJMb2dpblNlY3JldEFybixcbiAgICAgIHZwYyxcbiAgICAgIHNlY3VyaXR5R3JvdXBzLFxuICAgICAgc3VibmV0U2VsZWN0aW9uLFxuICAgICAgaW5zdGFsbENvbW1hbmRzLFxuICAgICAgcHJlQnVpbGRDb21tYW5kcyxcbiAgICAgIGttc0VuY3J5cHRpb24gPSBmYWxzZSxcbiAgICAgIGNvbXBsZXRlbmVzc1F1ZXJ5SW50ZXJ2YWwsXG4gICAgICBleGNsdWRlLFxuICAgICAgZmlsZTogZG9ja2VyRmlsZSxcbiAgICAgIGNhY2hlRGlzYWJsZWQgPSBmYWxzZSxcbiAgICAgIGJ1aWxkTG9nR3JvdXA6IGJ1aWxkTG9nR3JvdXBQcm9wLFxuICAgICAgcGxhdGZvcm0gPSAnbGludXgvYW1kNjQnLFxuICAgICAgcHJvdmlkZXI6IHNoYXJlZFByb3ZpZGVyLFxuICAgICAgZWNyUHVsbFRocm91Z2hDYWNoZVByZWZpeGVzLFxuICAgICAgcmV0YWluQnVpbGRMb2dzID0gZmFsc2UsXG4gICAgICBtYXhJbWFnZUNvdW50LFxuICAgIH0gPSBwcm9wcztcblxuICAgIC8vIE9wdGlvbmFsbHkgZGVmaW5lIGEgS01TIGtleSBmb3IgRUNSIGVuY3J5cHRpb24gaWYgcmVxdWVzdGVkXG4gICAgbGV0IGVuY3J5cHRpb25LZXk6IEtleSB8IHVuZGVmaW5lZDtcbiAgICBpZiAoa21zRW5jcnlwdGlvbikge1xuICAgICAgZW5jcnlwdGlvbktleSA9IG5ldyBLZXkodGhpcywgJ0VjckVuY3J5cHRpb25LZXknLCB7XG4gICAgICAgIGVuYWJsZUtleVJvdGF0aW9uOiB0cnVlLFxuICAgICAgfSk7XG4gICAgfVxuXG4gICAgLy8gQ3JlYXRlIGFuIEVDUiByZXBvc2l0b3J5IChvcHRpb25hbGx5IHdpdGggS01TIGVuY3J5cHRpb24pLlxuICAgIC8vXG4gICAgLy8gU0FGRVRZOiBXZSBkZWxpYmVyYXRlbHkgZG8gTk9UIGRlbGV0ZSB0YWdnZWQgaW1hZ2VzIGJ5IGRlZmF1bHQuXG4gICAgLy8gTGFtYmRhIGZ1bmN0aW9ucyBwaW4gaW1hZ2VzIGJ5IGRpZ2VzdCBpbnRlcm5hbGx5OyBkZWxldGluZyBhbiBpbi11c2VcbiAgICAvLyB0YWdnZWQgaW1hZ2UgbWFrZXMgdGhlIExhbWJkYSdzIG5leHQgY29uZmlnIHVwZGF0ZSBmYWlsIHdpdGhcbiAgICAvLyBcIkltYWdlIElEIGNhbm5vdCBiZSBmb3VuZFwiLiBVc2VycyBjYW4gb3B0LWluIHRvIG1heEltYWdlQ291bnQsIGJ1dFxuICAgIC8vIGl0IGNhcnJpZXMgYSBzdHJvbmcgd2FybmluZyBpbiB0aGUgcHJvcCBkb2NzLlxuICAgIHRoaXMuZWNyUmVwb3NpdG9yeSA9IG5ldyBSZXBvc2l0b3J5KHRoaXMsICdFQ1JSZXBvc2l0b3J5Jywge1xuICAgICAgbGlmZWN5Y2xlUnVsZXM6IFtcbiAgICAgICAge1xuICAgICAgICAgIHJ1bGVQcmlvcml0eTogMSxcbiAgICAgICAgICBkZXNjcmlwdGlvbjogJ1JlbW92ZSB1bnRhZ2dlZCBpbWFnZXMgYWZ0ZXIgMzAgZGF5cycsXG4gICAgICAgICAgdGFnU3RhdHVzOiBUYWdTdGF0dXMuVU5UQUdHRUQsXG4gICAgICAgICAgbWF4SW1hZ2VBZ2U6IER1cmF0aW9uLmRheXMoMzApLFxuICAgICAgICB9LFxuICAgICAgICAuLi4obWF4SW1hZ2VDb3VudCAhPT0gdW5kZWZpbmVkID8gW3tcbiAgICAgICAgICBydWxlUHJpb3JpdHk6IDIsXG4gICAgICAgICAgZGVzY3JpcHRpb246IGAoT1BULUlOLCBVTlNBRkUpIEtlZXAgb25seSAke21heEltYWdlQ291bnR9IG1vc3QgcmVjZW50IHRhZ2dlZCBpbWFnZXNgLFxuICAgICAgICAgIHRhZ1N0YXR1czogVGFnU3RhdHVzLkFOWSxcbiAgICAgICAgICBtYXhJbWFnZUNvdW50LFxuICAgICAgICB9XSA6IFtdKSxcbiAgICAgIF0sXG4gICAgICBlbmNyeXB0aW9uOiBrbXNFbmNyeXB0aW9uID8gUmVwb3NpdG9yeUVuY3J5cHRpb24uS01TIDogUmVwb3NpdG9yeUVuY3J5cHRpb24uQUVTXzI1NixcbiAgICAgIGVuY3J5cHRpb25LZXk6IGttc0VuY3J5cHRpb24gPyBlbmNyeXB0aW9uS2V5IDogdW5kZWZpbmVkLFxuICAgICAgaW1hZ2VTY2FuT25QdXNoOiB0cnVlLFxuICAgIH0pO1xuXG4gICAgbGV0IGVmZmVjdGl2ZUV4Y2x1ZGUgPSBleGNsdWRlO1xuICAgIGlmICghZWZmZWN0aXZlRXhjbHVkZSkge1xuICAgICAgY29uc3QgZG9ja2VyaWdub3JlUGF0aCA9IHBhdGguam9pbihzb3VyY2VQYXRoLCAnLmRvY2tlcmlnbm9yZScpO1xuICAgICAgaWYgKGZzLmV4aXN0c1N5bmMoZG9ja2VyaWdub3JlUGF0aCkpIHtcbiAgICAgICAgY29uc3QgZmlsZUNvbnRlbnQgPSBmcy5yZWFkRmlsZVN5bmMoZG9ja2VyaWdub3JlUGF0aCwgJ3V0ZjgnKTtcbiAgICAgICAgZWZmZWN0aXZlRXhjbHVkZSA9IGZpbGVDb250ZW50XG4gICAgICAgICAgLnNwbGl0KCdcXG4nKVxuICAgICAgICAgIC5tYXAoKGxpbmU6IHN0cmluZykgPT4gbGluZS50cmltKCkpXG4gICAgICAgICAgLmZpbHRlcigobGluZTogc3RyaW5nKSA9PiBsaW5lLmxlbmd0aCA+IDAgJiYgIWxpbmUuc3RhcnRzV2l0aCgnIycpKTtcbiAgICAgIH1cbiAgICB9XG5cbiAgICAvLyBFbnN1cmUgdGhlIHRhcmdldCBEb2NrZXJmaWxlIGlzIG5ldmVyIGV4Y2x1ZGVkIChoYW5kbGVzIGdsb2JzIGxpa2UgXCJEb2NrZXJmaWxlKlwiKVxuICAgIGNvbnN0IGRvY2tlckZpbGVOYW1lID0gZG9ja2VyRmlsZSA/PyAnRG9ja2VyZmlsZSc7XG4gICAgaWYgKGVmZmVjdGl2ZUV4Y2x1ZGUpIHtcbiAgICAgIGVmZmVjdGl2ZUV4Y2x1ZGUgPSBlZmZlY3RpdmVFeGNsdWRlLmZpbHRlcigocGF0dGVybjogc3RyaW5nKSA9PiB7XG4gICAgICAgIGNvbnN0IGVzY2FwZWQgPSBwYXR0ZXJuLnJlcGxhY2UoL1suK14ke30oKXxbXFxdXFxcXF0vZywgJ1xcXFwkJicpO1xuICAgICAgICBjb25zdCByZWdleCA9IG5ldyBSZWdFeHAoYF4ke2VzY2FwZWQucmVwbGFjZSgvXFwqL2csICcuKicpLnJlcGxhY2UoL1xcPy9nLCAnLicpfSRgLCAnaScpO1xuICAgICAgICByZXR1cm4gIXJlZ2V4LnRlc3QoZG9ja2VyRmlsZU5hbWUpO1xuICAgICAgfSk7XG4gICAgfVxuXG4gICAgLy8gV3JhcCB0aGUgc291cmNlIGZvbGRlciBhcyBhbiBTMyBhc3NldCBmb3IgQ29kZUJ1aWxkIHRvIHVzZVxuICAgIGNvbnN0IHNvdXJjZUFzc2V0ID0gbmV3IEFzc2V0KHRoaXMsICdTb3VyY2VBc3NldCcsIHtcbiAgICAgIHBhdGg6IHNvdXJjZVBhdGgsXG4gICAgICBleGNsdWRlOiBlZmZlY3RpdmVFeGNsdWRlLFxuICAgIH0pO1xuXG4gICAgLy8gQ29tcHV0ZSBhIGRldGVybWluaXN0aWMgaW1hZ2UgdGFnIGZyb20gYWxsIGJ1aWxkIGlucHV0cy4gU2FtZSBzb3VyY2UgK1xuICAgIC8vIHNhbWUgYnVpbGRBcmdzICsgc2FtZSBEb2NrZXJmaWxlICsgc2FtZSBwbGF0Zm9ybSDihpIgc2FtZSB0YWcg4oaSIG5vIHJlYnVpbGQsXG4gICAgLy8gbm8gRUNSIGNodXJuLiBEaWZmZXJlbnQgaW5wdXRzIOKGkiBkaWZmZXJlbnQgdGFnIOKGkiBuZXcgaW1hZ2UgcHVzaGVkLlxuICAgIC8vXG4gICAgLy8gVGhpcyByZXBsYWNlcyB0aGUgcHJldmlvdXMgYGNyeXB0by5yYW5kb21VVUlEKClgIHdoaWNoIGdlbmVyYXRlZCBhIG5ld1xuICAgIC8vIHRhZyBvbiBldmVyeSBzeW50aCwgZm9yY2luZyBhIHJlYnVpbGQgYW5kIExhbWJkYSB1cGRhdGUgb24gZXZlcnkgZGVwbG95XG4gICAgLy8gZXZlbiB3aGVuIG5vdGhpbmcgY2hhbmdlZC5cbiAgICBjb25zdCBpbWFnZVRhZyA9ICdzcmMtJyArIGNyeXB0b1xuICAgICAgLmNyZWF0ZUhhc2goJ3NoYTI1NicpXG4gICAgICAudXBkYXRlKHNvdXJjZUFzc2V0LmFzc2V0SGFzaClcbiAgICAgIC51cGRhdGUoSlNPTi5zdHJpbmdpZnkoYnVpbGRBcmdzID8/IHt9KSlcbiAgICAgIC51cGRhdGUoZG9ja2VyRmlsZSA/PyAnRG9ja2VyZmlsZScpXG4gICAgICAudXBkYXRlKHBsYXRmb3JtKVxuICAgICAgLmRpZ2VzdCgnaGV4JylcbiAgICAgIC5zdWJzdHJpbmcoMCwgMTYpO1xuXG4gICAgLy8gQ29udmVydCBidWlsZEFyZ3MgdG8gYSBDTEktZnJpZW5kbHkgc3RyaW5nXG4gICAgY29uc3QgYnVpbGRBcmdzU3RyaW5nID0gYnVpbGRBcmdzXG4gICAgICA/IE9iamVjdC5lbnRyaWVzKGJ1aWxkQXJncylcbiAgICAgICAgLm1hcCgoW2ssIHZdKSA9PiBgLS1idWlsZC1hcmcgJHtrfT0ke3Z9YClcbiAgICAgICAgLmpvaW4oJyAnKVxuICAgICAgOiAnJztcblxuICAgIGNvbnN0IGRvY2tlckZpbGVGbGFnID0gZG9ja2VyRmlsZSA/IGAtZiAkQ09ERUJVSUxEX1NSQ19ESVIvJHtkb2NrZXJGaWxlfWAgOiAnJztcblxuICAgIC8vIE9wdGlvbmFsIERvY2tlckh1YiBsb2dpbiwgaWYgYSBzZWNyZXQgQVJOIGlzIHByb3ZpZGVkXG4gICAgY29uc3QgZG9ja2VyTG9naW5Db21tYW5kcyA9IGRvY2tlckxvZ2luU2VjcmV0QXJuXG4gICAgICA/IFtcbiAgICAgICAgJ2VjaG8gXCJSZXRyaWV2aW5nIERvY2tlciBjcmVkZW50aWFscy4uLlwiJyxcbiAgICAgICAgJ2FwdC1nZXQgdXBkYXRlIC15ICYmIGFwdC1nZXQgaW5zdGFsbCAteSBqcScsXG4gICAgICAgIGBET0NLRVJfVVNFUk5BTUU9JChhd3Mgc2VjcmV0c21hbmFnZXIgZ2V0LXNlY3JldC12YWx1ZSAtLXNlY3JldC1pZCAke2RvY2tlckxvZ2luU2VjcmV0QXJufSAtLXF1ZXJ5IFNlY3JldFN0cmluZyAtLW91dHB1dCB0ZXh0IHwganEgLXIgLnVzZXJuYW1lKWAsXG4gICAgICAgIGBET0NLRVJfUEFTU1dPUkQ9JChhd3Mgc2VjcmV0c21hbmFnZXIgZ2V0LXNlY3JldC12YWx1ZSAtLXNlY3JldC1pZCAke2RvY2tlckxvZ2luU2VjcmV0QXJufSAtLXF1ZXJ5IFNlY3JldFN0cmluZyAtLW91dHB1dCB0ZXh0IHwganEgLXIgLnBhc3N3b3JkKWAsXG4gICAgICAgICdlY2hvIFwiTG9nZ2luZyBpbiB0byBEb2NrZXIgSHViLi4uXCInLFxuICAgICAgICAnZWNobyAkRE9DS0VSX1BBU1NXT1JEIHwgZG9ja2VyIGxvZ2luIC0tdXNlcm5hbWUgJERPQ0tFUl9VU0VSTkFNRSAtLXBhc3N3b3JkLXN0ZGluJyxcbiAgICAgIF1cbiAgICAgIDogWydlY2hvIFwiTm8gRG9ja2VyIGNyZWRlbnRpYWxzLiBTa2lwcGluZyBEb2NrZXIgSHViIGxvZ2luLlwiJ107XG5cbiAgICBjb25zdCBidWlsZHhJbnN0YWxsQ29tbWFuZHMgPSBjYWNoZURpc2FibGVkXG4gICAgICA/IFtdXG4gICAgICA6IFtcbiAgICAgICAgJ2VjaG8gXCJTZXR0aW5nIHVwIERvY2tlciBidWlsZHggZm9yIEVDUiBsYXllciBjYWNoZS4uLlwiJyxcbiAgICAgICAgJ2RvY2tlciBidWlsZHggY3JlYXRlIC0tZHJpdmVyIGRvY2tlci1jb250YWluZXIgLS1uYW1lIGVjci1jYWNoZS1idWlsZGVyIC0tdXNlIDI+L2Rldi9udWxsIHx8IGRvY2tlciBidWlsZHggdXNlIGVjci1jYWNoZS1idWlsZGVyJyxcbiAgICAgIF07XG5cbiAgICBjb25zdCBwbGF0Zm9ybUZsYWcgPSBgLS1wbGF0Zm9ybSAke3BsYXRmb3JtfWA7XG5cbiAgICAvLyAtLXByb3ZlbmFuY2U9ZmFsc2UgLS1zYm9tPWZhbHNlOiBEb2NrZXIgQnVpbGR4IHYwLjEwKyBhZGRzIGF0dGVzdGF0aW9ucyBieSBkZWZhdWx0LFxuICAgIC8vIHByb2R1Y2luZyBPQ0kgaW1hZ2UgaW5kZXhlcyB0aGF0IEFXUyBMYW1iZGEgZG9lcyBub3Qgc3VwcG9ydC4gRGlzYWJsZSB0aGVtIGZvciBMYW1iZGEvRUNTIGNvbXBhdGliaWxpdHkuXG4gICAgY29uc3QgYnVpbGRDb21tYW5kID0gY2FjaGVEaXNhYmxlZFxuICAgICAgPyBgZG9ja2VyIGJ1aWxkICR7cGxhdGZvcm1GbGFnfSAke2RvY2tlckZpbGVGbGFnfSAke2J1aWxkQXJnc1N0cmluZ30gLXQgJEVDUl9SRVBPX1VSSToke2ltYWdlVGFnfSAkQ09ERUJVSUxEX1NSQ19ESVJgXG4gICAgICA6IGBkb2NrZXIgYnVpbGR4IGJ1aWxkIC0tcHVzaCAke3BsYXRmb3JtRmxhZ30gLS1wcm92ZW5hbmNlPWZhbHNlIC0tc2JvbT1mYWxzZSAtLWNhY2hlLWZyb20gdHlwZT1yZWdpc3RyeSxyZWY9JEVDUl9SRVBPX1VSSTpjYWNoZSAtLWNhY2hlLXRvIHR5cGU9cmVnaXN0cnkscmVmPSRFQ1JfUkVQT19VUkk6Y2FjaGUsbW9kZT1tYXgsaW1hZ2UtbWFuaWZlc3Q9dHJ1ZSAke2RvY2tlckZpbGVGbGFnfSAke2J1aWxkQXJnc1N0cmluZ30gLXQgJEVDUl9SRVBPX1VSSToke2ltYWdlVGFnfSAkQ09ERUJVSUxEX1NSQ19ESVJgO1xuXG4gICAgY29uc3QgYnVpbGRTcGVjT2JqID0ge1xuICAgICAgdmVyc2lvbjogJzAuMicsXG4gICAgICBwaGFzZXM6IHtcbiAgICAgICAgaW5zdGFsbDoge1xuICAgICAgICAgIGNvbW1hbmRzOiBbXG4gICAgICAgICAgICAnZWNobyBcIkJlZ2lubmluZyBpbnN0YWxsIHBoYXNlLi4uXCInLFxuICAgICAgICAgICAgLi4uKGluc3RhbGxDb21tYW5kcyA/PyBbXSksXG4gICAgICAgICAgICAuLi5idWlsZHhJbnN0YWxsQ29tbWFuZHMsXG4gICAgICAgICAgXSxcbiAgICAgICAgfSxcbiAgICAgICAgcHJlX2J1aWxkOiB7XG4gICAgICAgICAgY29tbWFuZHM6IFtcbiAgICAgICAgICAgIC4uLihwcmVCdWlsZENvbW1hbmRzID8/IFtdKSxcbiAgICAgICAgICAgIC4uLmRvY2tlckxvZ2luQ29tbWFuZHMsXG4gICAgICAgICAgICAnZWNobyBcIlJldHJpZXZpbmcgQVdTIEFjY291bnQgSUQuLi5cIicsXG4gICAgICAgICAgICAnZXhwb3J0IEFDQ09VTlRfSUQ9JChhd3Mgc3RzIGdldC1jYWxsZXItaWRlbnRpdHkgLS1xdWVyeSBBY2NvdW50IC0tb3V0cHV0IHRleHQpJyxcbiAgICAgICAgICAgICdlY2hvIFwiTG9nZ2luZyBpbnRvIEFtYXpvbiBFQ1IuLi5cIicsXG4gICAgICAgICAgICAnYXdzIGVjciBnZXQtbG9naW4tcGFzc3dvcmQgLS1yZWdpb24gJEFXU19ERUZBVUxUX1JFR0lPTiB8IGRvY2tlciBsb2dpbiAtLXVzZXJuYW1lIEFXUyAtLXBhc3N3b3JkLXN0ZGluICRBQ0NPVU5UX0lELmRrci5lY3IuJEFXU19ERUZBVUxUX1JFR0lPTi5hbWF6b25hd3MuY29tJyxcbiAgICAgICAgICBdLFxuICAgICAgICB9LFxuICAgICAgICBidWlsZDoge1xuICAgICAgICAgIGNvbW1hbmRzOiBbXG4gICAgICAgICAgICBgZWNobyBcIkJ1aWxkaW5nIERvY2tlciBpbWFnZSB3aXRoIHRhZyAke2ltYWdlVGFnfS4uLlwiYCxcbiAgICAgICAgICAgIGJ1aWxkQ29tbWFuZCxcbiAgICAgICAgICBdLFxuICAgICAgICB9LFxuICAgICAgICAuLi4oY2FjaGVEaXNhYmxlZCAmJiB7XG4gICAgICAgICAgcG9zdF9idWlsZDoge1xuICAgICAgICAgICAgY29tbWFuZHM6IFtcbiAgICAgICAgICAgICAgYGVjaG8gXCJQdXNoaW5nIERvY2tlciBpbWFnZSB3aXRoIHRhZyAke2ltYWdlVGFnfS4uLlwiYCxcbiAgICAgICAgICAgICAgYGRvY2tlciBwdXNoICRFQ1JfUkVQT19VUkk6JHtpbWFnZVRhZ31gLFxuICAgICAgICAgICAgXSxcbiAgICAgICAgICB9LFxuICAgICAgICB9KSxcbiAgICAgIH0sXG4gICAgfTtcblxuICAgIGNvbnN0IGlzQXJtID0gcGxhdGZvcm0gPT09ICdsaW51eC9hcm02NCc7XG4gICAgY29uc3QgY29kZUJ1aWxkSW1hZ2UgPSBpc0FybVxuICAgICAgPyBMaW51eEFybUJ1aWxkSW1hZ2UuQU1BWk9OX0xJTlVYXzJfU1RBTkRBUkRfM18wXG4gICAgICA6IExpbnV4QnVpbGRJbWFnZS5TVEFOREFSRF83XzA7XG5cbiAgICAvLyBDcmVhdGUgdGhlIENvZGVCdWlsZCBwcm9qZWN0XG4gICAgY29uc3QgY29kZUJ1aWxkUHJvamVjdCA9IG5ldyBQcm9qZWN0KHRoaXMsICdDb2RlQnVpbGRQcm9qZWN0Jywge1xuICAgICAgc291cmNlOiBTb3VyY2UuczMoe1xuICAgICAgICBidWNrZXQ6IHNvdXJjZUFzc2V0LmJ1Y2tldCxcbiAgICAgICAgcGF0aDogc291cmNlQXNzZXQuczNPYmplY3RLZXksXG4gICAgICB9KSxcbiAgICAgIGVudmlyb25tZW50OiB7XG4gICAgICAgIGJ1aWxkSW1hZ2U6IGNvZGVCdWlsZEltYWdlLFxuICAgICAgICBwcml2aWxlZ2VkOiB0cnVlLFxuICAgICAgfSxcbiAgICAgIGVudmlyb25tZW50VmFyaWFibGVzOiB7XG4gICAgICAgIEVDUl9SRVBPX1VSSTogeyB2YWx1ZTogdGhpcy5lY3JSZXBvc2l0b3J5LnJlcG9zaXRvcnlVcmkgfSxcbiAgICAgIH0sXG4gICAgICBidWlsZFNwZWM6IEJ1aWxkU3BlYy5mcm9tT2JqZWN0KGJ1aWxkU3BlY09iaiksXG4gICAgICAuLi4oYnVpbGRMb2dHcm91cFByb3AgJiYge1xuICAgICAgICBsb2dnaW5nOiB7XG4gICAgICAgICAgY2xvdWRXYXRjaDoge1xuICAgICAgICAgICAgbG9nR3JvdXA6IGJ1aWxkTG9nR3JvdXBQcm9wLFxuICAgICAgICAgIH0sXG4gICAgICAgIH0sXG4gICAgICB9KSxcbiAgICAgIHZwYyxcbiAgICAgIHNlY3VyaXR5R3JvdXBzLFxuICAgICAgc3VibmV0U2VsZWN0aW9uLFxuICAgIH0pO1xuXG4gICAgLy8gR3JhbnQgQ29kZUJ1aWxkIHBlcm1pc3Npb24gdG8gd3JpdGUgdG8gdGhlIHJldGFpbmVkIGJ1aWxkIGxvZ3MgZ3JvdXBcbiAgICBpZiAocmV0YWluQnVpbGRMb2dzKSB7XG4gICAgICBjb25zdCBzdGFjayA9IFN0YWNrLm9mKHRoaXMpO1xuICAgICAgY29kZUJ1aWxkUHJvamVjdC5hZGRUb1JvbGVQb2xpY3koXG4gICAgICAgIG5ldyBQb2xpY3lTdGF0ZW1lbnQoe1xuICAgICAgICAgIGFjdGlvbnM6IFtcbiAgICAgICAgICAgICdsb2dzOkNyZWF0ZUxvZ0dyb3VwJyxcbiAgICAgICAgICAgICdsb2dzOkNyZWF0ZUxvZ1N0cmVhbScsXG4gICAgICAgICAgICAnbG9nczpQdXRMb2dFdmVudHMnLFxuICAgICAgICAgIF0sXG4gICAgICAgICAgcmVzb3VyY2VzOiBbXG4gICAgICAgICAgICBgYXJuOmF3czpsb2dzOiR7c3RhY2sucmVnaW9ufToke3N0YWNrLmFjY291bnR9OmxvZy1ncm91cDovZG9ja2VyLWJ1aWxkZXIvJHtjb2RlQnVpbGRQcm9qZWN0LnByb2plY3ROYW1lfWAsXG4gICAgICAgICAgICBgYXJuOmF3czpsb2dzOiR7c3RhY2sucmVnaW9ufToke3N0YWNrLmFjY291bnR9OmxvZy1ncm91cDovZG9ja2VyLWJ1aWxkZXIvJHtjb2RlQnVpbGRQcm9qZWN0LnByb2plY3ROYW1lfToqYCxcbiAgICAgICAgICBdLFxuICAgICAgICB9KSxcbiAgICAgICk7XG4gICAgfVxuXG4gICAgLy8gR3JhbnQgQ29kZUJ1aWxkIHRoZSBhYmlsaXR5IHRvIGludGVyYWN0IHdpdGggRUNSXG4gICAgdGhpcy5lY3JSZXBvc2l0b3J5LmdyYW50UHVsbFB1c2goY29kZUJ1aWxkUHJvamVjdCk7XG4gICAgY29kZUJ1aWxkUHJvamVjdC5hZGRUb1JvbGVQb2xpY3koXG4gICAgICBuZXcgUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgYWN0aW9uczogW1xuICAgICAgICAgICdlY3I6R2V0QXV0aG9yaXphdGlvblRva2VuJyxcbiAgICAgICAgICAnZWNyOkdldERvd25sb2FkVXJsRm9yTGF5ZXInLFxuICAgICAgICAgICdlY3I6QmF0Y2hDaGVja0xheWVyQXZhaWxhYmlsaXR5JyxcbiAgICAgICAgICAnZWNyOkJhdGNoR2V0SW1hZ2UnLFxuICAgICAgICBdLFxuICAgICAgICByZXNvdXJjZXM6IFsnKiddLFxuICAgICAgfSksXG4gICAgKTtcbiAgICBpZiAoZWNyUHVsbFRocm91Z2hDYWNoZVByZWZpeGVzICYmIGVjclB1bGxUaHJvdWdoQ2FjaGVQcmVmaXhlcy5sZW5ndGggPiAwKSB7XG4gICAgICBjb25zdCBzdGFjayA9IFN0YWNrLm9mKHRoaXMpO1xuICAgICAgY29kZUJ1aWxkUHJvamVjdC5hZGRUb1JvbGVQb2xpY3koXG4gICAgICAgIG5ldyBQb2xpY3lTdGF0ZW1lbnQoe1xuICAgICAgICAgIGFjdGlvbnM6IFtcbiAgICAgICAgICAgICdlY3I6QmF0Y2hHZXRJbWFnZScsXG4gICAgICAgICAgICAnZWNyOkdldERvd25sb2FkVXJsRm9yTGF5ZXInLFxuICAgICAgICAgICAgJ2VjcjpCYXRjaENoZWNrTGF5ZXJBdmFpbGFiaWxpdHknLFxuICAgICAgICAgICAgJ2VjcjpCYXRjaEltcG9ydFVwc3RyZWFtSW1hZ2UnLFxuICAgICAgICAgICAgJ2VjcjpDcmVhdGVSZXBvc2l0b3J5JyxcbiAgICAgICAgICBdLFxuICAgICAgICAgIHJlc291cmNlczogZWNyUHVsbFRocm91Z2hDYWNoZVByZWZpeGVzLm1hcChcbiAgICAgICAgICAgIChwcmVmaXgpID0+IGBhcm46YXdzOmVjcjoke3N0YWNrLnJlZ2lvbn06JHtzdGFjay5hY2NvdW50fTpyZXBvc2l0b3J5LyR7cHJlZml4fS8qYCxcbiAgICAgICAgICApLFxuICAgICAgICB9KSxcbiAgICAgICk7XG4gICAgfVxuICAgIGlmIChkb2NrZXJMb2dpblNlY3JldEFybikge1xuICAgICAgY29kZUJ1aWxkUHJvamVjdC5hZGRUb1JvbGVQb2xpY3koXG4gICAgICAgIG5ldyBQb2xpY3lTdGF0ZW1lbnQoe1xuICAgICAgICAgIGFjdGlvbnM6IFsnc2VjcmV0c21hbmFnZXI6R2V0U2VjcmV0VmFsdWUnXSxcbiAgICAgICAgICByZXNvdXJjZXM6IFtkb2NrZXJMb2dpblNlY3JldEFybl0sXG4gICAgICAgIH0pLFxuICAgICAgKTtcbiAgICB9XG5cbiAgICAvLyBDb25kaXRpb25hbGx5IGdyYW50IEtNUyBlbmNyeXB0L2RlY3J5cHQgaWYgYSBrZXkgaXMgdXNlZFxuICAgIGlmIChlbmNyeXB0aW9uS2V5KSB7XG4gICAgICBlbmNyeXB0aW9uS2V5LmdyYW50RW5jcnlwdERlY3J5cHQoY29kZUJ1aWxkUHJvamVjdC5yb2xlISk7XG4gICAgfVxuXG4gICAgLy8gUmVzb2x2ZSB0aGUgc2VydmljZSB0b2tlbjogc2hhcmVkIHByb3ZpZGVyIG9yIHBlci1pbnN0YW5jZSBMYW1iZGFzXG4gICAgbGV0IHNlcnZpY2VUb2tlbjogc3RyaW5nO1xuICAgIGlmIChzaGFyZWRQcm92aWRlcikge1xuICAgICAgc2hhcmVkUHJvdmlkZXIucmVnaXN0ZXJQcm9qZWN0KGNvZGVCdWlsZFByb2plY3QsIHRoaXMuZWNyUmVwb3NpdG9yeSwgZW5jcnlwdGlvbktleSk7XG4gICAgICBzZXJ2aWNlVG9rZW4gPSBzaGFyZWRQcm92aWRlci5zZXJ2aWNlVG9rZW47XG4gICAgfSBlbHNlIHtcbiAgICAgIGNvbnN0IG9uRXZlbnRIYW5kbGVyRnVuY3Rpb24gPSBuZXcgRnVuY3Rpb24odGhpcywgJ09uRXZlbnRIYW5kbGVyRnVuY3Rpb24nLCB7XG4gICAgICAgIHJ1bnRpbWU6IFJ1bnRpbWUuTk9ERUpTXzIyX1gsXG4gICAgICAgIGNvZGU6IENvZGUuZnJvbUFzc2V0KHBhdGgucmVzb2x2ZShfX2Rpcm5hbWUsICcuLi9vbkV2ZW50JykpLFxuICAgICAgICBoYW5kbGVyOiAnb25FdmVudC5oYW5kbGVyJyxcbiAgICAgICAgdGltZW91dDogRHVyYXRpb24ubWludXRlcygxNSksXG4gICAgICB9KTtcbiAgICAgIG9uRXZlbnRIYW5kbGVyRnVuY3Rpb24uYWRkVG9Sb2xlUG9saWN5KFxuICAgICAgICBuZXcgUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgICBhY3Rpb25zOiBbJ2NvZGVidWlsZDpTdGFydEJ1aWxkJ10sXG4gICAgICAgICAgcmVzb3VyY2VzOiBbY29kZUJ1aWxkUHJvamVjdC5wcm9qZWN0QXJuXSxcbiAgICAgICAgfSksXG4gICAgICApO1xuICAgICAgb25FdmVudEhhbmRsZXJGdW5jdGlvbi5hZGRUb1JvbGVQb2xpY3koXG4gICAgICAgIG5ldyBQb2xpY3lTdGF0ZW1lbnQoe1xuICAgICAgICAgIGFjdGlvbnM6IFtcbiAgICAgICAgICAgICdsb2dzOkNyZWF0ZUxvZ0dyb3VwJyxcbiAgICAgICAgICAgICdsb2dzOlB1dFJldGVudGlvblBvbGljeScsXG4gICAgICAgICAgICAnbG9nczpEZWxldGVMb2dHcm91cCcsXG4gICAgICAgICAgXSxcbiAgICAgICAgICByZXNvdXJjZXM6IFsnYXJuOmF3czpsb2dzOio6Kjpsb2ctZ3JvdXA6L2RvY2tlci1idWlsZGVyLyonXSxcbiAgICAgICAgfSksXG4gICAgICApO1xuXG4gICAgICBjb25zdCBpc0NvbXBsZXRlSGFuZGxlckZ1bmN0aW9uID0gbmV3IEZ1bmN0aW9uKHRoaXMsICdJc0NvbXBsZXRlSGFuZGxlckZ1bmN0aW9uJywge1xuICAgICAgICBydW50aW1lOiBSdW50aW1lLk5PREVKU18yMl9YLFxuICAgICAgICBjb2RlOiBDb2RlLmZyb21Bc3NldChwYXRoLnJlc29sdmUoX19kaXJuYW1lLCAnLi4vaXNDb21wbGV0ZScpKSxcbiAgICAgICAgZW52aXJvbm1lbnQ6IHtcbiAgICAgICAgICBJTUFHRV9UQUc6IGltYWdlVGFnLFxuICAgICAgICB9LFxuICAgICAgICBoYW5kbGVyOiAnaXNDb21wbGV0ZS5oYW5kbGVyJyxcbiAgICAgICAgdGltZW91dDogRHVyYXRpb24ubWludXRlcygxNSksXG4gICAgICB9KTtcbiAgICAgIGlzQ29tcGxldGVIYW5kbGVyRnVuY3Rpb24uYWRkVG9Sb2xlUG9saWN5KFxuICAgICAgICBuZXcgUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgICBhY3Rpb25zOiBbXG4gICAgICAgICAgICAnY29kZWJ1aWxkOkJhdGNoR2V0QnVpbGRzJyxcbiAgICAgICAgICAgICdjb2RlYnVpbGQ6TGlzdEJ1aWxkc0ZvclByb2plY3QnLFxuICAgICAgICAgICAgJ2xvZ3M6R2V0TG9nRXZlbnRzJyxcbiAgICAgICAgICAgICdsb2dzOkRlc2NyaWJlTG9nU3RyZWFtcycsXG4gICAgICAgICAgICAnbG9nczpEZXNjcmliZUxvZ0dyb3VwcycsXG4gICAgICAgICAgICAnZWNyOkRlc2NyaWJlSW1hZ2VzJyxcbiAgICAgICAgICBdLFxuICAgICAgICAgIHJlc291cmNlczogWycqJ10sXG4gICAgICAgIH0pLFxuICAgICAgKTtcblxuICAgICAgaWYgKGVuY3J5cHRpb25LZXkpIHtcbiAgICAgICAgZW5jcnlwdGlvbktleS5ncmFudEVuY3J5cHREZWNyeXB0KG9uRXZlbnRIYW5kbGVyRnVuY3Rpb24pO1xuICAgICAgICBlbmNyeXB0aW9uS2V5LmdyYW50RW5jcnlwdERlY3J5cHQoaXNDb21wbGV0ZUhhbmRsZXJGdW5jdGlvbik7XG4gICAgICB9XG4gICAgICB0aGlzLmVjclJlcG9zaXRvcnkuZ3JhbnRQdWxsUHVzaChvbkV2ZW50SGFuZGxlckZ1bmN0aW9uKTtcbiAgICAgIHRoaXMuZWNyUmVwb3NpdG9yeS5ncmFudFB1bGxQdXNoKGlzQ29tcGxldGVIYW5kbGVyRnVuY3Rpb24pO1xuXG4gICAgICBjb25zdCBwcm92aWRlciA9IG5ldyBQcm92aWRlcih0aGlzLCAnQ3VzdG9tUmVzb3VyY2VQcm92aWRlcicsIHtcbiAgICAgICAgb25FdmVudEhhbmRsZXI6IG9uRXZlbnRIYW5kbGVyRnVuY3Rpb24sXG4gICAgICAgIGlzQ29tcGxldGVIYW5kbGVyOiBpc0NvbXBsZXRlSGFuZGxlckZ1bmN0aW9uLFxuICAgICAgICBxdWVyeUludGVydmFsOiBjb21wbGV0ZW5lc3NRdWVyeUludGVydmFsID8/IER1cmF0aW9uLnNlY29uZHMoMzApLFxuICAgICAgfSk7XG4gICAgICBzZXJ2aWNlVG9rZW4gPSBwcm92aWRlci5zZXJ2aWNlVG9rZW47XG4gICAgfVxuXG4gICAgLy8gQ3VzdG9tIFJlc291cmNlIHRoYXQgdHJpZ2dlcnMgdGhlIENvZGVCdWlsZCBhbmQgd2FpdHMgZm9yIGNvbXBsZXRpb24uXG4gICAgLy8gUmVwb3NpdG9yeU5hbWUgaXMgcGFzc2VkIHNvIHRoZSBpc0NvbXBsZXRlIGhhbmRsZXIgY2FuIHF1ZXJ5IEVDUiBmb3JcbiAgICAvLyB0aGUgaW1hZ2UgZGlnZXN0IGFmdGVyIHRoZSBidWlsZCBzdWNjZWVkcy5cbiAgICBjb25zdCBidWlsZFRyaWdnZXJSZXNvdXJjZSA9IG5ldyBDdXN0b21SZXNvdXJjZSh0aGlzLCAnQnVpbGRUcmlnZ2VyUmVzb3VyY2UnLCB7XG4gICAgICBzZXJ2aWNlVG9rZW4sXG4gICAgICBwcm9wZXJ0aWVzOiB7XG4gICAgICAgIFByb2plY3ROYW1lOiBjb2RlQnVpbGRQcm9qZWN0LnByb2plY3ROYW1lLFxuICAgICAgICBSZXBvc2l0b3J5TmFtZTogdGhpcy5lY3JSZXBvc2l0b3J5LnJlcG9zaXRvcnlOYW1lLFxuICAgICAgICBJbWFnZVRhZzogaW1hZ2VUYWcsXG4gICAgICAgIFRyaWdnZXI6IGltYWdlVGFnLFxuICAgICAgICBSZXRhaW5CdWlsZExvZ3M6IHJldGFpbkJ1aWxkTG9ncyA/ICd0cnVlJyA6ICdmYWxzZScsXG4gICAgICB9LFxuICAgIH0pO1xuICAgIGJ1aWxkVHJpZ2dlclJlc291cmNlLm5vZGUuYWRkRGVwZW5kZW5jeShjb2RlQnVpbGRQcm9qZWN0KTtcblxuICAgIC8vIFJlZmVyZW5jZSB0aGUgaW1hZ2UgYnkgRElHRVNULCBub3QgdGFnLiBUaGUgZGlnZXN0IGlzIGNvbnRlbnQtYWRkcmVzc2FibGVcbiAgICAvLyBhbmQgaW1tdXRhYmxlOiBldmVuIGlmIHRoZSB0YWcgaXMgbGF0ZXIgbW92ZWQgb3IgZGVsZXRlZCwgTGFtYmRhJ3MgcGlubmVkXG4gICAgLy8gcmVmZXJlbmNlIHN0aWxsIHdvcmtzIGFzIGxvbmcgYXMgdGhlIGRpZ2VzdCBleGlzdHMgaW4gRUNSLiBUaGlzIGlzIHRoZVxuICAgIC8vIHNhZmV0eSBtZWNoYW5pc20gdGhhdCBwcmV2ZW50cyB0aGUgXCJJbWFnZSBJRCBjYW5ub3QgYmUgZm91bmRcIiBmYWlsdXJlXG4gICAgLy8gbW9kZSB3aGVuIENGTiByb2xscyBiYWNrIGFuZCByZS1wdXNoZXMgdGhlIHNhbWUgdGFnIHdpdGggZGlmZmVyZW50XG4gICAgLy8gY29udGVudC5cbiAgICBjb25zdCBpbWFnZURpZ2VzdFJlZiA9IGJ1aWxkVHJpZ2dlclJlc291cmNlLmdldEF0dFN0cmluZygnSW1hZ2VEaWdlc3QnKTtcbiAgICB0aGlzLmNvbnRhaW5lckltYWdlID0gQ29udGFpbmVySW1hZ2UuZnJvbUVjclJlcG9zaXRvcnkodGhpcy5lY3JSZXBvc2l0b3J5LCBpbWFnZURpZ2VzdFJlZik7XG4gICAgdGhpcy5kb2NrZXJJbWFnZUNvZGUgPSBEb2NrZXJJbWFnZUNvZGUuZnJvbUVjcih0aGlzLmVjclJlcG9zaXRvcnksIHtcbiAgICAgIHRhZ09yRGlnZXN0OiBpbWFnZURpZ2VzdFJlZixcbiAgICB9KTtcbiAgfVxufVxuIl19
package/package.json CHANGED
@@ -98,7 +98,7 @@
98
98
  "publishConfig": {
99
99
  "access": "public"
100
100
  },
101
- "version": "1.12.2",
101
+ "version": "1.13.1",
102
102
  "jest": {
103
103
  "coverageProvider": "v8",
104
104
  "testMatch": [