UNPKG

@taimos/cdk-controltower

Version:

[![npm version](https://badge.fury.io/js/@taimos%2Fcdk-controltower.svg)](https://badge.fury.io/js/@taimos%2Fcdk-controltower)

github.com/taimos/cdk-controltower

taimos/cdk-controltower

93 lines 22 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.SsoPermissionStack = void 0; const aws_cdk_lib_1 = require("aws-cdk-lib"); const account_permission_sfn_1 = require("./account-permission-sfn"); class SsoPermissionStack extends aws_cdk_lib_1.Stack { constructor(scope, id, props) { var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m, _o, _p, _q, _r, _s, _t, _u, _v, _w, _x, _y, _z, _0, _1, _2; super(scope, id, props); this.permissionSets = {}; const adminPermissionSet = new aws_cdk_lib_1.aws_sso.CfnPermissionSet(this, 'AdminSet', { instanceArn: props.ssoConfig.instanceArn, name: 'AdminAccess', description: (_b = (_a = props.adminSetOptions) === null || _a === void 0 ? void 0 : _a.description) !== null && _b !== void 0 ? _b : 'Grant administrative access', inlinePolicy: (_c = props.adminSetOptions) === null || _c === void 0 ? void 0 : _c.inlinePolicy, managedPolicies: (_e = (_d = props.adminSetOptions) === null || _d === void 0 ? void 0 : _d.managedPolicies) !== null && _e !== void 0 ? _e : [ 'arn:aws:iam::aws:policy/AdministratorAccess', ], sessionDuration: (_g = (_f = props.adminSetOptions) === null || _f === void 0 ? void 0 : _f.sessionDuration) !== null && _g !== void 0 ? _g : 'PT8H', relayStateType: (_h = props.adminSetOptions) === null || _h === void 0 ? void 0 : _h.relayStateType, }); this.permissionSets.Admin = adminPermissionSet; const readOnlyPermissionSet = new aws_cdk_lib_1.aws_sso.CfnPermissionSet(this, 'ReadOnlySet', { instanceArn: props.ssoConfig.instanceArn, name: 'ReadOnlyAccess', description: (_k = (_j = props.readOnlySetOptions) === null || _j === void 0 ? void 0 : _j.description) !== null && _k !== void 0 ? _k : 'Grant read-only access', inlinePolicy: (_l = props.readOnlySetOptions) === null || _l === void 0 ? void 0 : _l.inlinePolicy, managedPolicies: (_o = (_m = props.readOnlySetOptions) === null || _m === void 0 ? void 0 : _m.managedPolicies) !== null && _o !== void 0 ? _o : [ 'arn:aws:iam::aws:policy/ReadOnlyAccess', ], sessionDuration: (_q = (_p = props.readOnlySetOptions) === null || _p === void 0 ? void 0 : _p.sessionDuration) !== null && _q !== void 0 ? _q : 'PT8H', relayStateType: (_r = props.readOnlySetOptions) === null || _r === void 0 ? void 0 : _r.relayStateType, }); this.permissionSets.ReadOnly = readOnlyPermissionSet; const billingPermissionSet = new aws_cdk_lib_1.aws_sso.CfnPermissionSet(this, 'BillingSet', { instanceArn: props.ssoConfig.instanceArn, name: 'BillingAccess', description: (_t = (_s = props.billingSetOptions) === null || _s === void 0 ? void 0 : _s.description) !== null && _t !== void 0 ? _t : 'Grant read-only and billing access', inlinePolicy: (_u = props.billingSetOptions) === null || _u === void 0 ? void 0 : _u.inlinePolicy, managedPolicies: (_w = (_v = props.billingSetOptions) === null || _v === void 0 ? void 0 : _v.managedPolicies) !== null && _w !== void 0 ? _w : [ 'arn:aws:iam::aws:policy/job-function/Billing', 'arn:aws:iam::aws:policy/ReadOnlyAccess', ], sessionDuration: (_y = (_x = props.billingSetOptions) === null || _x === void 0 ? void 0 : _x.sessionDuration) !== null && _y !== void 0 ? _y : 'PT8H', relayStateType: (_0 = (_z = props.billingSetOptions) === null || _z === void 0 ? void 0 : _z.relayStateType) !== null && _0 !== void 0 ? _0 : 'https://us-east-1.console.aws.amazon.com/billing/home#/', }); this.permissionSets.Billing = billingPermissionSet; for (const permSetName of Object.keys((_1 = props.permissionSets) !== null && _1 !== void 0 ? _1 : {})) { const permSetOptions = props.permissionSets[permSetName]; this.permissionSets[permSetName] = new aws_cdk_lib_1.aws_sso.CfnPermissionSet(this, `${permSetName}Set`, { instanceArn: props.ssoConfig.instanceArn, name: `${permSetName}Access`, description: permSetOptions === null || permSetOptions === void 0 ? void 0 : permSetOptions.description, inlinePolicy: permSetOptions === null || permSetOptions === void 0 ? void 0 : permSetOptions.inlinePolicy, managedPolicies: permSetOptions === null || permSetOptions === void 0 ? void 0 : permSetOptions.managedPolicies, sessionDuration: (_2 = permSetOptions === null || permSetOptions === void 0 ? void 0 : permSetOptions.sessionDuration) !== null && _2 !== void 0 ? _2 : 'PT8H', relayStateType: permSetOptions.relayStateType, }); } for (const accountName of Object.keys(props.groupPermissions)) { const account = props.accounts[accountName]; for (const groupName of Object.keys(props.groupPermissions[accountName])) { const groupId = props.ssoConfig.groups[groupName].GroupId; for (const perm of props.groupPermissions[accountName][groupName]) { const permSet = this.permissionSets[perm]; if (!permSet) { throw new Error('Invalid permission set type found: ' + perm); } new aws_cdk_lib_1.aws_sso.CfnAssignment(this, `Assignment-${account.Id}-${groupId}-${perm}Access`, { instanceArn: props.ssoConfig.instanceArn, permissionSetArn: permSet.attrPermissionSetArn, targetType: 'AWS_ACCOUNT', targetId: account.Id, principalType: 'GROUP', principalId: groupId, }); } } } if (props.defaultAssignmentsForNewAccount) { new account_permission_sfn_1.AccountPermission(this, 'AccountCreationWorkflow', { ssoInstanceArn: props.ssoConfig.instanceArn, defaultAssignments: props.defaultAssignmentsForNewAccount.map(a => ({ groupId: props.ssoConfig.groups[a.groupName].GroupId, permissionSetName: a.permissionSetName, permissionSet: this.permissionSets[a.permissionSetName], })), }); } } } exports.SsoPermissionStack = SsoPermissionStack; //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic3NvLXBlcm1pc3Npb25zLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL3Nzby1wZXJtaXNzaW9ucy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSw2Q0FLcUI7QUFFckIscUVBQTZEO0FBb0Y3RCxNQUFhLGtCQUF1RCxTQUFRLG1CQUFLO0lBSS9FLFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBb0M7O1FBQzVFLEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxFQUFFLEtBQUssQ0FBQyxDQUFDO1FBSGxCLG1CQUFjLEdBQTZDLEVBQUUsQ0FBQztRQUtwRSxNQUFNLGtCQUFrQixHQUFHLElBQUkscUJBQUcsQ0FBQyxnQkFBZ0IsQ0FBQyxJQUFJLEVBQUUsVUFBVSxFQUFFO1lBQ3BFLFdBQVcsRUFBRSxLQUFLLENBQUMsU0FBUyxDQUFDLFdBQVc7WUFDeEMsSUFBSSxFQUFFLGFBQWE7WUFDbkIsV0FBVyxFQUFFLE1BQUEsTUFBQSxLQUFLLENBQUMsZUFBZSwwQ0FBRSxXQUFXLG1DQUFJLDZCQUE2QjtZQUNoRixZQUFZLEVBQUUsTUFBQSxLQUFLLENBQUMsZUFBZSwwQ0FBRSxZQUFZO1lBQ2pELGVBQWUsRUFBRSxNQUFBLE1BQUEsS0FBSyxDQUFDLGVBQWUsMENBQUUsZUFBZSxtQ0FBSTtnQkFDekQsNkNBQTZDO2FBQzlDO1lBQ0QsZUFBZSxFQUFFLE1BQUEsTUFBQSxLQUFLLENBQUMsZUFBZSwwQ0FBRSxlQUFlLG1DQUFJLE1BQU07WUFDakUsY0FBYyxFQUFFLE1BQUEsS0FBSyxDQUFDLGVBQWUsMENBQUUsY0FBYztTQUN0RCxDQUFDLENBQUM7UUFDSCxJQUFJLENBQUMsY0FBYyxDQUFDLEtBQUssR0FBRyxrQkFBa0IsQ0FBQztRQUUvQyxNQUFNLHFCQUFxQixHQUFHLElBQUkscUJBQUcsQ0FBQyxnQkFBZ0IsQ0FBQyxJQUFJLEVBQUUsYUFBYSxFQUFFO1lBQzFFLFdBQVcsRUFBRSxLQUFLLENBQUMsU0FBUyxDQUFDLFdBQVc7WUFDeEMsSUFBSSxFQUFFLGdCQUFnQjtZQUN0QixXQUFXLEVBQUUsTUFBQSxNQUFBLEtBQUssQ0FBQyxrQkFBa0IsMENBQUUsV0FBVyxtQ0FBSSx3QkFBd0I7WUFDOUUsWUFBWSxFQUFFLE1BQUEsS0FBSyxDQUFDLGtCQUFrQiwwQ0FBRSxZQUFZO1lBQ3BELGVBQWUsRUFBRSxNQUFBLE1BQUEsS0FBSyxDQUFDLGtCQUFrQiwwQ0FBRSxlQUFlLG1DQUFJO2dCQUM1RCx3Q0FBd0M7YUFDekM7WUFDRCxlQUFlLEVBQUUsTUFBQSxNQUFBLEtBQUssQ0FBQyxrQkFBa0IsMENBQUUsZUFBZSxtQ0FBSSxNQUFNO1lBQ3BFLGNBQWMsRUFBRSxNQUFBLEtBQUssQ0FBQyxrQkFBa0IsMENBQUUsY0FBYztTQUN6RCxDQUFDLENBQUM7UUFDSCxJQUFJLENBQUMsY0FBYyxDQUFDLFFBQVEsR0FBRyxxQkFBcUIsQ0FBQztRQUVyRCxNQUFNLG9CQUFvQixHQUFHLElBQUkscUJBQUcsQ0FBQyxnQkFBZ0IsQ0FBQyxJQUFJLEVBQUUsWUFBWSxFQUFFO1lBQ3hFLFdBQVcsRUFBRSxLQUFLLENBQUMsU0FBUyxDQUFDLFdBQVc7WUFDeEMsSUFBSSxFQUFFLGVBQWU7WUFDckIsV0FBVyxFQUFFLE1BQUEsTUFBQSxLQUFLLENBQUMsaUJBQWlCLDBDQUFFLFdBQVcsbUNBQUksb0NBQW9DO1lBQ3pGLFlBQVksRUFBRSxNQUFBLEtBQUssQ0FBQyxpQkFBaUIsMENBQUUsWUFBWTtZQUNuRCxlQUFlLEVBQUUsTUFBQSxNQUFBLEtBQUssQ0FBQyxpQkFBaUIsMENBQUUsZUFBZSxtQ0FBSTtnQkFDM0QsOENBQThDO2dCQUM5Qyx3Q0FBd0M7YUFDekM7WUFDRCxlQUFlLEVBQUUsTUFBQSxNQUFBLEtBQUssQ0FBQyxpQkFBaUIsMENBQUUsZUFBZSxtQ0FBSSxNQUFNO1lBQ25FLGNBQWMsRUFBRSxNQUFBLE1BQUEsS0FBSyxDQUFDLGlCQUFpQiwwQ0FBRSxjQUFjLG1DQUFJLHlEQUF5RDtTQUNySCxDQUFDLENBQUM7UUFDSCxJQUFJLENBQUMsY0FBYyxDQUFDLE9BQU8sR0FBRyxvQkFBb0IsQ0FBQztRQUVuRCxLQUFLLE1BQU0sV0FBVyxJQUFJLE1BQU0sQ0FBQyxJQUFJLENBQUMsTUFBQSxLQUFLLENBQUMsY0FBYyxtQ0FBSSxFQUFFLENBQUMsRUFBRSxDQUFDO1lBQ2xFLE1BQU0sY0FBYyxHQUFHLEtBQUssQ0FBQyxjQUFlLENBQUMsV0FBVyxDQUFDLENBQUM7WUFDMUQsSUFBSSxDQUFDLGNBQWMsQ0FBQyxXQUFXLENBQUMsR0FBRyxJQUFJLHFCQUFHLENBQUMsZ0JBQWdCLENBQUMsSUFBSSxFQUFFLEdBQUcsV0FBVyxLQUFLLEVBQUU7Z0JBQ3JGLFdBQVcsRUFBRSxLQUFLLENBQUMsU0FBUyxDQUFDLFdBQVc7Z0JBQ3hDLElBQUksRUFBRSxHQUFHLFdBQVcsUUFBUTtnQkFDNUIsV0FBVyxFQUFFLGNBQWMsYUFBZCxjQUFjLHVCQUFkLGNBQWMsQ0FBRSxXQUFXO2dCQUN4QyxZQUFZLEVBQUUsY0FBYyxhQUFkLGNBQWMsdUJBQWQsY0FBYyxDQUFFLFlBQVk7Z0JBQzFDLGVBQWUsRUFBRSxjQUFjLGFBQWQsY0FBYyx1QkFBZCxjQUFjLENBQUUsZUFBZTtnQkFDaEQsZUFBZSxFQUFFLE1BQUEsY0FBYyxhQUFkLGNBQWMsdUJBQWQsY0FBYyxDQUFFLGVBQWUsbUNBQUksTUFBTTtnQkFDMUQsY0FBYyxFQUFFLGNBQWMsQ0FBQyxjQUFjO2FBQzlDLENBQUMsQ0FBQztRQUNMLENBQUM7UUFFRCxLQUFLLE1BQU0sV0FBVyxJQUFJLE1BQU0sQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLGdCQUFnQixDQUFDLEVBQUUsQ0FBQztZQUM5RCxNQUFNLE9BQU8sR0FBRyxLQUFLLENBQUMsUUFBUSxDQUFDLFdBQWdCLENBQUMsQ0FBQztZQUNqRCxLQUFLLE1BQU0sU0FBUyxJQUFJLE1BQU0sQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLGdCQUFnQixDQUFDLFdBQWdCLENBQUUsQ0FBQyxFQUFFLENBQUM7Z0JBQy9FLE1BQU0sT0FBTyxHQUFHLEtBQUssQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDLFNBQWMsQ0FBQyxDQUFDLE9BQU8sQ0FBQztnQkFDL0QsS0FBSyxNQUFNLElBQUksSUFBSSxLQUFLLENBQUMsZ0JBQWdCLENBQUMsV0FBZ0IsQ0FBRSxDQUFDLFNBQWMsQ0FBRSxFQUFFLENBQUM7b0JBQzlFLE1BQU0sT0FBTyxHQUFHLElBQUksQ0FBQyxjQUFjLENBQUMsSUFBSSxDQUFDLENBQUM7b0JBQzFDLElBQUksQ0FBQyxPQUFPLEVBQUUsQ0FBQzt3QkFDYixNQUFNLElBQUksS0FBSyxDQUFDLHFDQUFxQyxHQUFHLElBQUksQ0FBQyxDQUFDO29CQUNoRSxDQUFDO29CQUVELElBQUkscUJBQUcsQ0FBQyxhQUFhLENBQUMsSUFBSSxFQUFFLGNBQWMsT0FBTyxDQUFDLEVBQUUsSUFBSSxPQUFPLElBQUksSUFBSSxRQUFRLEVBQUU7d0JBQy9FLFdBQVcsRUFBRSxLQUFLLENBQUMsU0FBUyxDQUFDLFdBQVc7d0JBQ3hDLGdCQUFnQixFQUFFLE9BQU8sQ0FBQyxvQkFBb0I7d0JBQzlDLFVBQVUsRUFBRSxhQUFhO3dCQUN6QixRQUFRLEVBQUUsT0FBTyxDQUFDLEVBQUU7d0JBQ3BCLGFBQWEsRUFBRSxPQUFPO3dCQUN0QixXQUFXLEVBQUUsT0FBTztxQkFDckIsQ0FBQyxDQUFDO2dCQUNMLENBQUM7WUFDSCxDQUFDO1FBQ0gsQ0FBQztRQUVELElBQUksS0FBSyxDQUFDLCtCQUErQixFQUFFLENBQUM7WUFDMUMsSUFBSSwwQ0FBaUIsQ0FBQyxJQUFJLEVBQUUseUJBQXlCLEVBQUU7Z0JBQ3JELGNBQWMsRUFBRSxLQUFLLENBQUMsU0FBUyxDQUFDLFdBQVc7Z0JBQzNDLGtCQUFrQixFQUFFLEtBQUssQ0FBQywrQkFBK0IsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDO29CQUNsRSxPQUFPLEVBQUUsS0FBSyxDQUFDLFNBQVMsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLFNBQWMsQ0FBQyxDQUFDLE9BQU87b0JBQ3pELGlCQUFpQixFQUFFLENBQUMsQ0FBQyxpQkFBaUI7b0JBQ3RDLGFBQWEsRUFBRSxJQUFJLENBQUMsY0FBYyxDQUFDLENBQUMsQ0FBQyxpQkFBaUIsQ0FBQztpQkFDeEQsQ0FBQyxDQUFDO2FBQ0osQ0FBQyxDQUFDO1FBQ0wsQ0FBQztJQUVILENBQUM7Q0FFRjtBQS9GRCxnREErRkMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQge1xuICBhd3Nfc3NvIGFzIHNzbyxcbiAgSVJlc29sdmFibGUsXG4gIFN0YWNrLFxuICBTdGFja1Byb3BzLFxufSBmcm9tICdhd3MtY2RrLWxpYic7XG5pbXBvcnQgeyBDb25zdHJ1Y3QgfSBmcm9tICdjb25zdHJ1Y3RzJztcbmltcG9ydCB7IEFjY291bnRQZXJtaXNzaW9uIH0gZnJvbSAnLi9hY2NvdW50LXBlcm1pc3Npb24tc2ZuJztcbmltcG9ydCB7IEFjY291bnRDb25maWcsIEdyb3VwQ29uZmlnLCBTc29Qcm9wcyB9IGZyb20gJy4vYXdzLW9yZyc7XG5cbmV4cG9ydCBpbnRlcmZhY2UgUGVybWlzc2lvblNldE9wdGlvbnMge1xuICAvKipcbiAgICAgKiBUaGUgZGVzY3JpcHRpb24gb2YgdGhlIGBQZXJtaXNzaW9uU2V0YCAuXG4gICAgICpcbiAgICAgKiBAbGluayBodHRwOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9BV1NDbG91ZEZvcm1hdGlvbi9sYXRlc3QvVXNlckd1aWRlL2F3cy1yZXNvdXJjZS1zc28tcGVybWlzc2lvbnNldC5odG1sI2Nmbi1zc28tcGVybWlzc2lvbnNldC1kZXNjcmlwdGlvblxuICAgICAqL1xuICByZWFkb25seSBkZXNjcmlwdGlvbj86IHN0cmluZztcbiAgLyoqXG4gICAqIFRoZSBJQU0gaW5saW5lIHBvbGljeSB0aGF0IGlzIGF0dGFjaGVkIHRvIHRoZSBwZXJtaXNzaW9uIHNldC5cbiAgICpcbiAgICogQGxpbmsgaHR0cDovL2RvY3MuYXdzLmFtYXpvbi5jb20vQVdTQ2xvdWRGb3JtYXRpb24vbGF0ZXN0L1VzZXJHdWlkZS9hd3MtcmVzb3VyY2Utc3NvLXBlcm1pc3Npb25zZXQuaHRtbCNjZm4tc3NvLXBlcm1pc3Npb25zZXQtaW5saW5lcG9saWN5XG4gICAqL1xuICByZWFkb25seSBpbmxpbmVQb2xpY3k/OiBhbnkgfCBJUmVzb2x2YWJsZTtcbiAgLyoqXG4gICAqIEEgc3RydWN0dXJlIHRoYXQgc3RvcmVzIHRoZSBkZXRhaWxzIG9mIHRoZSBJQU0gbWFuYWdlZCBwb2xpY3kuXG4gICAqXG4gICAqIEBsaW5rIGh0dHA6Ly9kb2NzLmF3cy5hbWF6b24uY29tL0FXU0Nsb3VkRm9ybWF0aW9uL2xhdGVzdC9Vc2VyR3VpZGUvYXdzLXJlc291cmNlLXNzby1wZXJtaXNzaW9uc2V0Lmh0bWwjY2ZuLXNzby1wZXJtaXNzaW9uc2V0LW1hbmFnZWRwb2xpY2llc1xuICAgKi9cbiAgcmVhZG9ubHkgbWFuYWdlZFBvbGljaWVzPzogc3RyaW5nW107XG4gIC8qKlxuICAgKiBUaGUgbGVuZ3RoIG9mIHRpbWUgdGhhdCB0aGUgYXBwbGljYXRpb24gdXNlciBzZXNzaW9ucyBhcmUgdmFsaWQgZm9yIGluIHRoZSBJU08tODYwMSBzdGFuZGFyZC5cbiAgICpcbiAgICogQGxpbmsgaHR0cDovL2RvY3MuYXdzLmFtYXpvbi5jb20vQVdTQ2xvdWRGb3JtYXRpb24vbGF0ZXN0L1VzZXJHdWlkZS9hd3MtcmVzb3VyY2Utc3NvLXBlcm1pc3Npb25zZXQuaHRtbCNjZm4tc3NvLXBlcm1pc3Npb25zZXQtc2Vzc2lvbmR1cmF0aW9uXG4gICAqL1xuICByZWFkb25seSBzZXNzaW9uRHVyYXRpb24/OiBzdHJpbmc7XG4gIC8qKlxuICAgKiBVc2VkIHRvIHJlZGlyZWN0IHVzZXJzIHdpdGhpbiB0aGUgYXBwbGljYXRpb24gZHVyaW5nIHRoZSBmZWRlcmF0aW9uIGF1dGhlbnRpY2F0aW9uIHByb2Nlc3MuXG4gICAqXG4gICAqIEBsaW5rIGh0dHA6Ly9kb2NzLmF3cy5hbWF6b24uY29tL0FXU0Nsb3VkRm9ybWF0aW9uL2xhdGVzdC9Vc2VyR3VpZGUvYXdzLXJlc291cmNlLXNzby1wZXJtaXNzaW9uc2V0Lmh0bWwjY2ZuLXNzby1wZXJtaXNzaW9uc2V0LXJlbGF5c3RhdGV0eXBlXG4gICAqL1xuICByZWFkb25seSByZWxheVN0YXRlVHlwZT86IHN0cmluZztcbn1cblxuZXhwb3J0IGludGVyZmFjZSBTc29QZXJtaXNzaW9uQ29uZmlnPFQgZXh0ZW5kcyBzdHJpbmcsIFMgZXh0ZW5kcyBzdHJpbmc+IHsvKipcbiAgICogQXNzaWdubWVudHMgb2YgZ3JvdXBzIHRvIEFXUyBhY2NvdW50cyBhbmQgcGVybWlzc2lvbiBzZXRzXG4gICAqXG4gICAqIFNwZWNpZnkgaGVyZSB3aG8gaGFzIHdoaWNoIGFjY2VzcyB0byB3aGF0LlxuICAgKiBgYGBcbiAgICp7XG4gICAqICAnTXlBY2NvdW50IE5hbWUnOiB7XG4gICAqICAgICdteUdyb3VwSWQnOiBbJ0FkbWluJ10sXG4gICAqICB9XG4gICAqfVxuICAgKiBgYGBcbiAgICovXG4gIHJlYWRvbmx5IGdyb3VwUGVybWlzc2lvbnM6IEFjY291bnRDb25maWc8VCwgR3JvdXBDb25maWc8Uywgc3RyaW5nW10+PjtcbiAgLyoqXG4gICAqIG9wdGlvbmFsIGNvbmZpZ3VyYXRpb24gb3B0aW9ucyBmb3IgdGhlIEFkbWluIHBlcm1pc3Npb24gc2V0XG4gICAqXG4gICAqIEBkZWZhdWx0IGBBZG1pbmlzdHJhdG9yQWNjZXNzYCB3aXRoIDggaG91cnMgc2Vzc2lvbiBkdXJhdGlvblxuICAgKi9cbiAgcmVhZG9ubHkgYWRtaW5TZXRPcHRpb25zPzogUGVybWlzc2lvblNldE9wdGlvbnM7XG4gIC8qKlxuICAgKiBvcHRpb25hbCBjb25maWd1cmF0aW9uIG9wdGlvbnMgZm9yIHRoZSBSZWFkT25seSBwZXJtaXNzaW9uIHNldFxuICAgKlxuICAgKiBAZGVmYXVsdCBgUmVhZE9ubHlBY2Nlc3NgIHdpdGggOCBob3VycyBzZXNzaW9uIGR1cmF0aW9uXG4gICAqL1xuICByZWFkb25seSByZWFkT25seVNldE9wdGlvbnM/OiBQZXJtaXNzaW9uU2V0T3B0aW9ucztcbiAgLyoqXG4gICAqIG9wdGlvbmFsIGNvbmZpZ3VyYXRpb24gb3B0aW9ucyBmb3IgdGhlIEFkbWluIHBlcm1pc3Npb24gc2V0XG4gICAqXG4gICAqIEBkZWZhdWx0IGBSZWFkT25seUFjY2Vzc2AgYW5kIGBqb2ItZnVuY3Rpb24vQmlsbGluZ2Agd2l0aCA4IGhvdXJzIHNlc3Npb24gZHVyYXRpb25cbiAgICovXG4gIHJlYWRvbmx5IGJpbGxpbmdTZXRPcHRpb25zPzogUGVybWlzc2lvblNldE9wdGlvbnM7XG4gIC8qKlxuICAgKiBhZGQgbW9yZSBwZXJtaXNzaW9uIHNldHMgaGVyZSBiZXNpZGVzIEFkbWluLCBCaWxsaW5nLCBhbmQgUmVhZE9ubHlcbiAgICovXG4gIHJlYWRvbmx5IHBlcm1pc3Npb25TZXRzPzogeyBbbmFtZTogc3RyaW5nXTogUGVybWlzc2lvblNldE9wdGlvbnMgfTtcbiAgLyoqXG4gICAqIENvbGxlY3Rpb24gb2YgZ3JvdXAgLSBwZXJtaXNzaW9uIHNldCBhc3NpZ25tZW50cyBmb3IgZXZlcnkgbmV3IGFjY291bnRcbiAgICpcbiAgICogVXNlIHRoaXMgdG8gZ3JhbnQgeW91ciBhZG1pbnMgcGVybWlzc2lvbnMgZm9yIGV2ZXJ5IGFjY291bnQgZGlyZWN0bHkgYWZ0ZXIgY3JlYXRpb25cbiAgICovXG4gIHJlYWRvbmx5IGRlZmF1bHRBc3NpZ25tZW50c0Zvck5ld0FjY291bnQ/OiB7XG4gICAgcmVhZG9ubHkgZ3JvdXBOYW1lOiBTO1xuICAgIHJlYWRvbmx5IHBlcm1pc3Npb25TZXROYW1lOiBzdHJpbmc7XG4gIH1bXTtcbn1cblxuZXhwb3J0IHR5cGUgU3NvUGVybWlzc2lvblN0YWNrUHJvcHM8VCBleHRlbmRzIHN0cmluZywgUyBleHRlbmRzIHN0cmluZz4gPSBTc29Qcm9wczxULCBTPiAmIFNzb1Blcm1pc3Npb25Db25maWc8VCwgUz4gJiBTdGFja1Byb3BzO1xuXG5leHBvcnQgY2xhc3MgU3NvUGVybWlzc2lvblN0YWNrPFQgZXh0ZW5kcyBzdHJpbmcsIFMgZXh0ZW5kcyBzdHJpbmc+IGV4dGVuZHMgU3RhY2sge1xuXG4gIHByaXZhdGUgcGVybWlzc2lvblNldHM6IHsgW25hbWU6IHN0cmluZ106IHNzby5DZm5QZXJtaXNzaW9uU2V0IH0gPSB7fTtcblxuICBjb25zdHJ1Y3RvcihzY29wZTogQ29uc3RydWN0LCBpZDogc3RyaW5nLCBwcm9wczogU3NvUGVybWlzc2lvblN0YWNrUHJvcHM8VCwgUz4pIHtcbiAgICBzdXBlcihzY29wZSwgaWQsIHByb3BzKTtcblxuICAgIGNvbnN0IGFkbWluUGVybWlzc2lvblNldCA9IG5ldyBzc28uQ2ZuUGVybWlzc2lvblNldCh0aGlzLCAnQWRtaW5TZXQnLCB7XG4gICAgICBpbnN0YW5jZUFybjogcHJvcHMuc3NvQ29uZmlnLmluc3RhbmNlQXJuLFxuICAgICAgbmFtZTogJ0FkbWluQWNjZXNzJyxcbiAgICAgIGRlc2NyaXB0aW9uOiBwcm9wcy5hZG1pblNldE9wdGlvbnM/LmRlc2NyaXB0aW9uID8/ICdHcmFudCBhZG1pbmlzdHJhdGl2ZSBhY2Nlc3MnLFxuICAgICAgaW5saW5lUG9saWN5OiBwcm9wcy5hZG1pblNldE9wdGlvbnM/LmlubGluZVBvbGljeSxcbiAgICAgIG1hbmFnZWRQb2xpY2llczogcHJvcHMuYWRtaW5TZXRPcHRpb25zPy5tYW5hZ2VkUG9saWNpZXMgPz8gW1xuICAgICAgICAnYXJuOmF3czppYW06OmF3czpwb2xpY3kvQWRtaW5pc3RyYXRvckFjY2VzcycsXG4gICAgICBdLFxuICAgICAgc2Vzc2lvbkR1cmF0aW9uOiBwcm9wcy5hZG1pblNldE9wdGlvbnM/LnNlc3Npb25EdXJhdGlvbiA/PyAnUFQ4SCcsXG4gICAgICByZWxheVN0YXRlVHlwZTogcHJvcHMuYWRtaW5TZXRPcHRpb25zPy5yZWxheVN0YXRlVHlwZSxcbiAgICB9KTtcbiAgICB0aGlzLnBlcm1pc3Npb25TZXRzLkFkbWluID0gYWRtaW5QZXJtaXNzaW9uU2V0O1xuXG4gICAgY29uc3QgcmVhZE9ubHlQZXJtaXNzaW9uU2V0ID0gbmV3IHNzby5DZm5QZXJtaXNzaW9uU2V0KHRoaXMsICdSZWFkT25seVNldCcsIHtcbiAgICAgIGluc3RhbmNlQXJuOiBwcm9wcy5zc29Db25maWcuaW5zdGFuY2VBcm4sXG4gICAgICBuYW1lOiAnUmVhZE9ubHlBY2Nlc3MnLFxuICAgICAgZGVzY3JpcHRpb246IHByb3BzLnJlYWRPbmx5U2V0T3B0aW9ucz8uZGVzY3JpcHRpb24gPz8gJ0dyYW50IHJlYWQtb25seSBhY2Nlc3MnLFxuICAgICAgaW5saW5lUG9saWN5OiBwcm9wcy5yZWFkT25seVNldE9wdGlvbnM/LmlubGluZVBvbGljeSxcbiAgICAgIG1hbmFnZWRQb2xpY2llczogcHJvcHMucmVhZE9ubHlTZXRPcHRpb25zPy5tYW5hZ2VkUG9saWNpZXMgPz8gW1xuICAgICAgICAnYXJuOmF3czppYW06OmF3czpwb2xpY3kvUmVhZE9ubHlBY2Nlc3MnLFxuICAgICAgXSxcbiAgICAgIHNlc3Npb25EdXJhdGlvbjogcHJvcHMucmVhZE9ubHlTZXRPcHRpb25zPy5zZXNzaW9uRHVyYXRpb24gPz8gJ1BUOEgnLFxuICAgICAgcmVsYXlTdGF0ZVR5cGU6IHByb3BzLnJlYWRPbmx5U2V0T3B0aW9ucz8ucmVsYXlTdGF0ZVR5cGUsXG4gICAgfSk7XG4gICAgdGhpcy5wZXJtaXNzaW9uU2V0cy5SZWFkT25seSA9IHJlYWRPbmx5UGVybWlzc2lvblNldDtcblxuICAgIGNvbnN0IGJpbGxpbmdQZXJtaXNzaW9uU2V0ID0gbmV3IHNzby5DZm5QZXJtaXNzaW9uU2V0KHRoaXMsICdCaWxsaW5nU2V0Jywge1xuICAgICAgaW5zdGFuY2VBcm46IHByb3BzLnNzb0NvbmZpZy5pbnN0YW5jZUFybixcbiAgICAgIG5hbWU6ICdCaWxsaW5nQWNjZXNzJyxcbiAgICAgIGRlc2NyaXB0aW9uOiBwcm9wcy5iaWxsaW5nU2V0T3B0aW9ucz8uZGVzY3JpcHRpb24gPz8gJ0dyYW50IHJlYWQtb25seSBhbmQgYmlsbGluZyBhY2Nlc3MnLFxuICAgICAgaW5saW5lUG9saWN5OiBwcm9wcy5iaWxsaW5nU2V0T3B0aW9ucz8uaW5saW5lUG9saWN5LFxuICAgICAgbWFuYWdlZFBvbGljaWVzOiBwcm9wcy5iaWxsaW5nU2V0T3B0aW9ucz8ubWFuYWdlZFBvbGljaWVzID8/IFtcbiAgICAgICAgJ2Fybjphd3M6aWFtOjphd3M6cG9saWN5L2pvYi1mdW5jdGlvbi9CaWxsaW5nJyxcbiAgICAgICAgJ2Fybjphd3M6aWFtOjphd3M6cG9saWN5L1JlYWRPbmx5QWNjZXNzJyxcbiAgICAgIF0sXG4gICAgICBzZXNzaW9uRHVyYXRpb246IHByb3BzLmJpbGxpbmdTZXRPcHRpb25zPy5zZXNzaW9uRHVyYXRpb24gPz8gJ1BUOEgnLFxuICAgICAgcmVsYXlTdGF0ZVR5cGU6IHByb3BzLmJpbGxpbmdTZXRPcHRpb25zPy5yZWxheVN0YXRlVHlwZSA/PyAnaHR0cHM6Ly91cy1lYXN0LTEuY29uc29sZS5hd3MuYW1hem9uLmNvbS9iaWxsaW5nL2hvbWUjLycsXG4gICAgfSk7XG4gICAgdGhpcy5wZXJtaXNzaW9uU2V0cy5CaWxsaW5nID0gYmlsbGluZ1Blcm1pc3Npb25TZXQ7XG5cbiAgICBmb3IgKGNvbnN0IHBlcm1TZXROYW1lIG9mIE9iamVjdC5rZXlzKHByb3BzLnBlcm1pc3Npb25TZXRzID8/IHt9KSkge1xuICAgICAgY29uc3QgcGVybVNldE9wdGlvbnMgPSBwcm9wcy5wZXJtaXNzaW9uU2V0cyFbcGVybVNldE5hbWVdO1xuICAgICAgdGhpcy5wZXJtaXNzaW9uU2V0c1twZXJtU2V0TmFtZV0gPSBuZXcgc3NvLkNmblBlcm1pc3Npb25TZXQodGhpcywgYCR7cGVybVNldE5hbWV9U2V0YCwge1xuICAgICAgICBpbnN0YW5jZUFybjogcHJvcHMuc3NvQ29uZmlnLmluc3RhbmNlQXJuLFxuICAgICAgICBuYW1lOiBgJHtwZXJtU2V0TmFtZX1BY2Nlc3NgLFxuICAgICAgICBkZXNjcmlwdGlvbjogcGVybVNldE9wdGlvbnM/LmRlc2NyaXB0aW9uLFxuICAgICAgICBpbmxpbmVQb2xpY3k6IHBlcm1TZXRPcHRpb25zPy5pbmxpbmVQb2xpY3ksXG4gICAgICAgIG1hbmFnZWRQb2xpY2llczogcGVybVNldE9wdGlvbnM/Lm1hbmFnZWRQb2xpY2llcyxcbiAgICAgICAgc2Vzc2lvbkR1cmF0aW9uOiBwZXJtU2V0T3B0aW9ucz8uc2Vzc2lvbkR1cmF0aW9uID8/ICdQVDhIJyxcbiAgICAgICAgcmVsYXlTdGF0ZVR5cGU6IHBlcm1TZXRPcHRpb25zLnJlbGF5U3RhdGVUeXBlLFxuICAgICAgfSk7XG4gICAgfVxuXG4gICAgZm9yIChjb25zdCBhY2NvdW50TmFtZSBvZiBPYmplY3Qua2V5cyhwcm9wcy5ncm91cFBlcm1pc3Npb25zKSkge1xuICAgICAgY29uc3QgYWNjb3VudCA9IHByb3BzLmFjY291bnRzW2FjY291bnROYW1lIGFzIFRdO1xuICAgICAgZm9yIChjb25zdCBncm91cE5hbWUgb2YgT2JqZWN0LmtleXMocHJvcHMuZ3JvdXBQZXJtaXNzaW9uc1thY2NvdW50TmFtZSBhcyBUXSEpKSB7XG4gICAgICAgIGNvbnN0IGdyb3VwSWQgPSBwcm9wcy5zc29Db25maWcuZ3JvdXBzW2dyb3VwTmFtZSBhcyBTXS5Hcm91cElkO1xuICAgICAgICBmb3IgKGNvbnN0IHBlcm0gb2YgcHJvcHMuZ3JvdXBQZXJtaXNzaW9uc1thY2NvdW50TmFtZSBhcyBUXSFbZ3JvdXBOYW1lIGFzIFNdISkge1xuICAgICAgICAgIGNvbnN0IHBlcm1TZXQgPSB0aGlzLnBlcm1pc3Npb25TZXRzW3Blcm1dO1xuICAgICAgICAgIGlmICghcGVybVNldCkge1xuICAgICAgICAgICAgdGhyb3cgbmV3IEVycm9yKCdJbnZhbGlkIHBlcm1pc3Npb24gc2V0IHR5cGUgZm91bmQ6ICcgKyBwZXJtKTtcbiAgICAgICAgICB9XG5cbiAgICAgICAgICBuZXcgc3NvLkNmbkFzc2lnbm1lbnQodGhpcywgYEFzc2lnbm1lbnQtJHthY2NvdW50LklkfS0ke2dyb3VwSWR9LSR7cGVybX1BY2Nlc3NgLCB7XG4gICAgICAgICAgICBpbnN0YW5jZUFybjogcHJvcHMuc3NvQ29uZmlnLmluc3RhbmNlQXJuLFxuICAgICAgICAgICAgcGVybWlzc2lvblNldEFybjogcGVybVNldC5hdHRyUGVybWlzc2lvblNldEFybixcbiAgICAgICAgICAgIHRhcmdldFR5cGU6ICdBV1NfQUNDT1VOVCcsXG4gICAgICAgICAgICB0YXJnZXRJZDogYWNjb3VudC5JZCxcbiAgICAgICAgICAgIHByaW5jaXBhbFR5cGU6ICdHUk9VUCcsXG4gICAgICAgICAgICBwcmluY2lwYWxJZDogZ3JvdXBJZCxcbiAgICAgICAgICB9KTtcbiAgICAgICAgfVxuICAgICAgfVxuICAgIH1cblxuICAgIGlmIChwcm9wcy5kZWZhdWx0QXNzaWdubWVudHNGb3JOZXdBY2NvdW50KSB7XG4gICAgICBuZXcgQWNjb3VudFBlcm1pc3Npb24odGhpcywgJ0FjY291bnRDcmVhdGlvbldvcmtmbG93Jywge1xuICAgICAgICBzc29JbnN0YW5jZUFybjogcHJvcHMuc3NvQ29uZmlnLmluc3RhbmNlQXJuLFxuICAgICAgICBkZWZhdWx0QXNzaWdubWVudHM6IHByb3BzLmRlZmF1bHRBc3NpZ25tZW50c0Zvck5ld0FjY291bnQubWFwKGEgPT4gKHtcbiAgICAgICAgICBncm91cElkOiBwcm9wcy5zc29Db25maWcuZ3JvdXBzW2EuZ3JvdXBOYW1lIGFzIFNdLkdyb3VwSWQsXG4gICAgICAgICAgcGVybWlzc2lvblNldE5hbWU6IGEucGVybWlzc2lvblNldE5hbWUsXG4gICAgICAgICAgcGVybWlzc2lvblNldDogdGhpcy5wZXJtaXNzaW9uU2V0c1thLnBlcm1pc3Npb25TZXROYW1lXSxcbiAgICAgICAgfSkpLFxuICAgICAgfSk7XG4gICAgfVxuXG4gIH1cblxufSJdfQ==