advanced-cdk-constructs/lib/declarative-policies/declarative-policies.js

[](https://codecov.io/gh/spensireli/advanced-cdk-constructs)

"use strict";
var _a;
Object.defineProperty(exports, "__esModule", { value: true });
exports.DeclarativePolicy = exports.SnapshotBlockPublicAccessState = exports.InstanceMetadataTags = exports.HttpEndpoint = exports.HttpTokens = exports.ImageProvider = exports.AllowedImagesState = exports.VpcBlockPublicAccessMode = void 0;
const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
const aws_cdk_lib_1 = require("aws-cdk-lib");
const constructs_1 = require("constructs");
/**
 * Modes for blocking public access to VPCs.
 */
var VpcBlockPublicAccessMode;
(function (VpcBlockPublicAccessMode) {
    /** No blocking of public access. */
    VpcBlockPublicAccessMode["OFF"] = "off";
    /** Block only ingress (incoming) public access. */
    VpcBlockPublicAccessMode["BLOCK_INGRESS"] = "block_ingress";
    /** Block both ingress and egress (bidirectional) public access. */
    VpcBlockPublicAccessMode["BLOCK_BIDIRECTIONAL"] = "block_bidirectional";
})(VpcBlockPublicAccessMode || (exports.VpcBlockPublicAccessMode = VpcBlockPublicAccessMode = {}));
/**
 * State for allowed images policy.
 */
var AllowedImagesState;
(function (AllowedImagesState) {
    /** Only allow images from specified providers. */
    AllowedImagesState["ENABLED"] = "enabled";
    /** Audit mode for allowed images. */
    AllowedImagesState["AUDIT_MODE"] = "audit_mode";
})(AllowedImagesState || (exports.AllowedImagesState = AllowedImagesState = {}));
/**
 * Predefined image providers for allowed images policy.
 */
var ImageProvider;
(function (ImageProvider) {
    /** Amazon-provided images. */
    ImageProvider["AMAZON"] = "amazon";
    /** AWS Marketplace images. */
    ImageProvider["AWS_MARKETPLACE"] = "aws_marketplace";
    /** AWS Backup Vault images. */
    ImageProvider["AWS_BACKUP_VAULT"] = "aws_backup_vault";
})(ImageProvider || (exports.ImageProvider = ImageProvider = {}));
/**
 * Options for IMDSv2 HttpTokens requirement.
 */
var HttpTokens;
(function (HttpTokens) {
    /** No preference for HttpTokens. */
    HttpTokens["NO_PREFERENCE"] = "no_preference";
    /** Require HttpTokens. */
    HttpTokens["REQUIRED"] = "required";
    /** HttpTokens are optional. */
    HttpTokens["OPTIONAL"] = "optional";
})(HttpTokens || (exports.HttpTokens = HttpTokens = {}));
/**
 * Options for IMDSv2 HttpEndpoint.
 */
var HttpEndpoint;
(function (HttpEndpoint) {
    /** No preference for HttpEndpoint. */
    HttpEndpoint["NO_PREFERENCE"] = "no_preference";
    /** Enable HttpEndpoint. */
    HttpEndpoint["ENABLED"] = "enabled";
    /** Disable HttpEndpoint. */
    HttpEndpoint["DISABLED"] = "disabled";
})(HttpEndpoint || (exports.HttpEndpoint = HttpEndpoint = {}));
/**
 * Options for IMDSv2 Instance Metadata Tags.
 */
var InstanceMetadataTags;
(function (InstanceMetadataTags) {
    /** No preference for instance metadata tags. */
    InstanceMetadataTags["NO_PREFERENCE"] = "no_preference";
    /** Enable instance metadata tags. */
    InstanceMetadataTags["ENABLED"] = "enabled";
    /** Disable instance metadata tags. */
    InstanceMetadataTags["DISABLED"] = "disabled";
})(InstanceMetadataTags || (exports.InstanceMetadataTags = InstanceMetadataTags = {}));
/**
 * State for blocking public access to EBS snapshots.
 */
var SnapshotBlockPublicAccessState;
(function (SnapshotBlockPublicAccessState) {
    /** Block new sharing of snapshots. */
    SnapshotBlockPublicAccessState["BLOCK_NEW_SHARING"] = "block_new_sharing";
    /** Block all sharing of snapshots. */
    SnapshotBlockPublicAccessState["BLOCK_ALL_SHARING"] = "block_all_sharing";
})(SnapshotBlockPublicAccessState || (exports.SnapshotBlockPublicAccessState = SnapshotBlockPublicAccessState = {}));
/**
 * A CDK construct that creates an AWS Organizations EC2 Declarative Policy.
 *
 * This construct allows you to declaratively define and apply EC2-related policies
 * such as blocking public access to VPCs, restricting AMI providers, enforcing
 * instance metadata service settings, and more.
 *
 * Example:
 * ```ts
 * new DeclarativePolicy(this, 'MyPolicy', {
 *   targetIds: ['ou-xxxx-xxxxxxxx'],
 *   vpcBlockPublicAccess: true,
 *   vpcBlockPublicAccessMode: VpcBlockPublicAccessMode.BLOCK_BIDIRECTIONAL,
 * });
 * ```
 */
class DeclarativePolicy extends constructs_1.Construct {
    /**
     * Create a new DeclarativePolicy.
     * @param scope The parent construct.
     * @param id The construct ID.
     * @param props The policy properties.
     */
    constructor(scope, id, props) {
        super(scope, id);
        // Set defaults for boolean properties
        const vpcBlockPublicAccess = props.vpcBlockPublicAccess ?? true;
        const disableSerialConsoleAccess = props.disableSerialConsoleAccess ?? true;
        const imageBlockPublicAccess = props.imageBlockPublicAccess ?? true;
        const restrictImageProviders = props.restrictImageProviders ?? true;
        const instanceMetadataDefaults = props.instanceMetadataDefaults ?? true;
        const blockPublicSnapshots = props.blockPublicSnapshots ?? true;
        const declarativePolicy = {
            ec2_attributes: {
                vpc_block_public_access: vpcBlockPublicAccess ? {
                    internet_gateway_block: {
                        mode: {
                            '@@assign': props.vpcBlockPublicAccessMode ?? VpcBlockPublicAccessMode.BLOCK_INGRESS,
                        },
                        exclusions_allowed: {
                            '@@assign': 'enabled',
                        },
                    },
                } : undefined,
                serial_console_access: disableSerialConsoleAccess ? {
                    status: {
                        '@@assign': 'disabled',
                    },
                } : undefined,
                image_block_public_access: imageBlockPublicAccess ? {
                    state: {
                        '@@assign': 'block_new_sharing',
                    },
                } : undefined,
                allowed_images_settings: restrictImageProviders ? {
                    state: {
                        '@@assign': props.allowedImagesState ?? AllowedImagesState.ENABLED,
                    },
                    ...(props.allowedImageProviders && props.allowedImageProviders.length > 0 ? {
                        image_criteria: {
                            criteria_1: {
                                allowed_image_providers: {
                                    '@@append': props.allowedImageProviders,
                                },
                            },
                        },
                    } : {}),
                } : undefined,
                instance_metadata_defaults: instanceMetadataDefaults ? {
                    http_tokens: {
                        '@@assign': props.httpTokens ?? HttpTokens.REQUIRED,
                    },
                    http_put_response_hop_limit: {
                        '@@assign': props.httpPutResponseHopLimit?.toString() ?? '4',
                    },
                    http_endpoint: {
                        '@@assign': props.httpEndpoint ?? HttpEndpoint.ENABLED,
                    },
                    instance_metadata_tags: {
                        '@@assign': props.instanceMetadataTags ?? InstanceMetadataTags.ENABLED,
                    },
                } : undefined,
                snapshot_block_public_access: blockPublicSnapshots ? {
                    state: {
                        '@@assign': props.snapshotBlockPublicAccessState ?? SnapshotBlockPublicAccessState.BLOCK_NEW_SHARING,
                    },
                } : undefined,
            },
        };
        const applyDeclarativePolicy = new aws_cdk_lib_1.aws_organizations.CfnPolicy(this, `DeclarativePolicy-${this.node.id}`, {
            content: declarativePolicy,
            name: props.name ?? `DeclarativePolicy-${this.node.id}`,
            type: 'DECLARATIVE_POLICY_EC2',
            description: props.description ?? 'Declarative Policy from Advanced CDK Constructs',
            targetIds: props.targetIds,
        });
        this.declarativePolicyArn = applyDeclarativePolicy.attrArn;
    }
}
exports.DeclarativePolicy = DeclarativePolicy;
_a = JSII_RTTI_SYMBOL_1;
DeclarativePolicy[_a] = { fqn: "advanced-cdk-constructs.DeclarativePolicy", version: "0.0.14" };
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZGVjbGFyYXRpdmUtcG9saWNpZXMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvZGVjbGFyYXRpdmUtcG9saWNpZXMvZGVjbGFyYXRpdmUtcG9saWNpZXMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFBQSw2Q0FBaUU7QUFDakUsMkNBQXVDO0FBRXZDOztHQUVHO0FBQ0gsSUFBWSx3QkFPWDtBQVBELFdBQVksd0JBQXdCO0lBQ2xDLG9DQUFvQztJQUNwQyx1Q0FBVyxDQUFBO0lBQ1gsbURBQW1EO0lBQ25ELDJEQUErQixDQUFBO0lBQy9CLG1FQUFtRTtJQUNuRSx1RUFBMkMsQ0FBQTtBQUM3QyxDQUFDLEVBUFcsd0JBQXdCLHdDQUF4Qix3QkFBd0IsUUFPbkM7QUFFRDs7R0FFRztBQUNILElBQVksa0JBS1g7QUFMRCxXQUFZLGtCQUFrQjtJQUM1QixrREFBa0Q7SUFDbEQseUNBQW1CLENBQUE7SUFDbkIscUNBQXFDO0lBQ3JDLCtDQUF5QixDQUFBO0FBQzNCLENBQUMsRUFMVyxrQkFBa0Isa0NBQWxCLGtCQUFrQixRQUs3QjtBQUVEOztHQUVHO0FBQ0gsSUFBWSxhQU9YO0FBUEQsV0FBWSxhQUFhO0lBQ3ZCLDhCQUE4QjtJQUM5QixrQ0FBaUIsQ0FBQTtJQUNqQiw4QkFBOEI7SUFDOUIsb0RBQW1DLENBQUE7SUFDbkMsK0JBQStCO0lBQy9CLHNEQUFxQyxDQUFBO0FBQ3ZDLENBQUMsRUFQVyxhQUFhLDZCQUFiLGFBQWEsUUFPeEI7QUFFRDs7R0FFRztBQUNILElBQVksVUFPWDtBQVBELFdBQVksVUFBVTtJQUNwQixvQ0FBb0M7SUFDcEMsNkNBQStCLENBQUE7SUFDL0IsMEJBQTBCO0lBQzFCLG1DQUFxQixDQUFBO0lBQ3JCLCtCQUErQjtJQUMvQixtQ0FBcUIsQ0FBQTtBQUN2QixDQUFDLEVBUFcsVUFBVSwwQkFBVixVQUFVLFFBT3JCO0FBRUQ7O0dBRUc7QUFDSCxJQUFZLFlBT1g7QUFQRCxXQUFZLFlBQVk7SUFDdEIsc0NBQXNDO0lBQ3RDLCtDQUErQixDQUFBO0lBQy9CLDJCQUEyQjtJQUMzQixtQ0FBbUIsQ0FBQTtJQUNuQiw0QkFBNEI7SUFDNUIscUNBQXFCLENBQUE7QUFDdkIsQ0FBQyxFQVBXLFlBQVksNEJBQVosWUFBWSxRQU92QjtBQUVEOztHQUVHO0FBQ0gsSUFBWSxvQkFPWDtBQVBELFdBQVksb0JBQW9CO0lBQzlCLGdEQUFnRDtJQUNoRCx1REFBK0IsQ0FBQTtJQUMvQixxQ0FBcUM7SUFDckMsMkNBQW1CLENBQUE7SUFDbkIsc0NBQXNDO0lBQ3RDLDZDQUFxQixDQUFBO0FBQ3ZCLENBQUMsRUFQVyxvQkFBb0Isb0NBQXBCLG9CQUFvQixRQU8vQjtBQUVEOztHQUVHO0FBQ0gsSUFBWSw4QkFLWDtBQUxELFdBQVksOEJBQThCO0lBQ3hDLHNDQUFzQztJQUN0Qyx5RUFBdUMsQ0FBQTtJQUN2QyxzQ0FBc0M7SUFDdEMseUVBQXVDLENBQUE7QUFDekMsQ0FBQyxFQUxXLDhCQUE4Qiw4Q0FBOUIsOEJBQThCLFFBS3pDO0FBK0NEOzs7Ozs7Ozs7Ozs7Ozs7R0FlRztBQUNILE1BQWEsaUJBQWtCLFNBQVEsc0JBQVM7SUFNOUM7Ozs7O09BS0c7SUFDSCxZQUFZLEtBQWdCLEVBQUUsRUFBVSxFQUFFLEtBQTZCO1FBQ3JFLEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFFakIsc0NBQXNDO1FBQ3RDLE1BQU0sb0JBQW9CLEdBQUcsS0FBSyxDQUFDLG9CQUFvQixJQUFJLElBQUksQ0FBQztRQUNoRSxNQUFNLDBCQUEwQixHQUFHLEtBQUssQ0FBQywwQkFBMEIsSUFBSSxJQUFJLENBQUM7UUFDNUUsTUFBTSxzQkFBc0IsR0FBRyxLQUFLLENBQUMsc0JBQXNCLElBQUksSUFBSSxDQUFDO1FBQ3BFLE1BQU0sc0JBQXNCLEdBQUcsS0FBSyxDQUFDLHNCQUFzQixJQUFJLElBQUksQ0FBQztRQUNwRSxNQUFNLHdCQUF3QixHQUFHLEtBQUssQ0FBQyx3QkFBd0IsSUFBSSxJQUFJLENBQUM7UUFDeEUsTUFBTSxvQkFBb0IsR0FBRyxLQUFLLENBQUMsb0JBQW9CLElBQUksSUFBSSxDQUFDO1FBRWhFLE1BQU0saUJBQWlCLEdBQUc7WUFDeEIsY0FBYyxFQUFFO2dCQUNkLHVCQUF1QixFQUFFLG9CQUFvQixDQUFDLENBQUMsQ0FBQztvQkFDOUMsc0JBQXNCLEVBQUU7d0JBQ3RCLElBQUksRUFBRTs0QkFDSixVQUFVLEVBQUUsS0FBSyxDQUFDLHdCQUF3QixJQUFJLHdCQUF3QixDQUFDLGFBQWE7eUJBQ3JGO3dCQUNELGtCQUFrQixFQUFFOzRCQUNsQixVQUFVLEVBQUUsU0FBUzt5QkFDdEI7cUJBQ0Y7aUJBQ0YsQ0FBQyxDQUFDLENBQUMsU0FBUztnQkFDYixxQkFBcUIsRUFBRSwwQkFBMEIsQ0FBQyxDQUFDLENBQUM7b0JBQ2xELE1BQU0sRUFBRTt3QkFDTixVQUFVLEVBQUUsVUFBVTtxQkFDdkI7aUJBQ0YsQ0FBQyxDQUFDLENBQUMsU0FBUztnQkFDYix5QkFBeUIsRUFBRSxzQkFBc0IsQ0FBQyxDQUFDLENBQUM7b0JBQ2xELEtBQUssRUFBRTt3QkFDTCxVQUFVLEVBQUUsbUJBQW1CO3FCQUNoQztpQkFDRixDQUFDLENBQUMsQ0FBQyxTQUFTO2dCQUNiLHVCQUF1QixFQUFFLHNCQUFzQixDQUFDLENBQUMsQ0FBQztvQkFDaEQsS0FBSyxFQUFFO3dCQUNMLFVBQVUsRUFBRSxLQUFLLENBQUMsa0JBQWtCLElBQUksa0JBQWtCLENBQUMsT0FBTztxQkFDbkU7b0JBQ0QsR0FBRyxDQUFDLEtBQUssQ0FBQyxxQkFBcUIsSUFBSSxLQUFLLENBQUMscUJBQXFCLENBQUMsTUFBTSxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUM7d0JBQzFFLGNBQWMsRUFBRTs0QkFDZCxVQUFVLEVBQUU7Z0NBQ1YsdUJBQXVCLEVBQUU7b0NBQ3ZCLFVBQVUsRUFBRSxLQUFLLENBQUMscUJBQXFCO2lDQUN4Qzs2QkFDRjt5QkFDRjtxQkFDRixDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUM7aUJBQ1IsQ0FBQyxDQUFDLENBQUMsU0FBUztnQkFDYiwwQkFBMEIsRUFBRSx3QkFBd0IsQ0FBQyxDQUFDLENBQUM7b0JBQ3JELFdBQVcsRUFBRTt3QkFDWCxVQUFVLEVBQUUsS0FBSyxDQUFDLFVBQVUsSUFBSSxVQUFVLENBQUMsUUFBUTtxQkFDcEQ7b0JBQ0QsMkJBQTJCLEVBQUU7d0JBQzNCLFVBQVUsRUFBRSxLQUFLLENBQUMsdUJBQXVCLEVBQUUsUUFBUSxFQUFFLElBQUksR0FBRztxQkFDN0Q7b0JBQ0QsYUFBYSxFQUFFO3dCQUNiLFVBQVUsRUFBRSxLQUFLLENBQUMsWUFBWSxJQUFJLFlBQVksQ0FBQyxPQUFPO3FCQUN2RDtvQkFDRCxzQkFBc0IsRUFBRTt3QkFDdEIsVUFBVSxFQUFFLEtBQUssQ0FBQyxvQkFBb0IsSUFBSSxvQkFBb0IsQ0FBQyxPQUFPO3FCQUN2RTtpQkFDRixDQUFDLENBQUMsQ0FBQyxTQUFTO2dCQUNiLDRCQUE0QixFQUFFLG9CQUFvQixDQUFDLENBQUMsQ0FBQztvQkFDbkQsS0FBSyxFQUFFO3dCQUNMLFVBQVUsRUFBRSxLQUFLLENBQUMsOEJBQThCLElBQUksOEJBQThCLENBQUMsaUJBQWlCO3FCQUNyRztpQkFDRixDQUFDLENBQUMsQ0FBQyxTQUFTO2FBQ2Q7U0FDRixDQUFDO1FBRUYsTUFBTSxzQkFBc0IsR0FBRyxJQUFJLCtCQUFhLENBQUMsU0FBUyxDQUFDLElBQUksRUFBRSxxQkFBcUIsSUFBSSxDQUFDLElBQUksQ0FBQyxFQUFFLEVBQUUsRUFBRTtZQUNwRyxPQUFPLEVBQUUsaUJBQWlCO1lBQzFCLElBQUksRUFBRSxLQUFLLENBQUMsSUFBSSxJQUFJLHFCQUFxQixJQUFJLENBQUMsSUFBSSxDQUFDLEVBQUUsRUFBRTtZQUN2RCxJQUFJLEVBQUUsd0JBQXdCO1lBQzlCLFdBQVcsRUFBRSxLQUFLLENBQUMsV0FBVyxJQUFJLGlEQUFpRDtZQUNuRixTQUFTLEVBQUUsS0FBSyxDQUFDLFNBQVM7U0FDM0IsQ0FBQyxDQUFDO1FBQ0gsSUFBSSxDQUFDLG9CQUFvQixHQUFHLHNCQUFzQixDQUFDLE9BQU8sQ0FBQztJQUU3RCxDQUFDOztBQTFGSCw4Q0EyRkMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBhd3Nfb3JnYW5pemF0aW9ucyBhcyBvcmdhbml6YXRpb25zIH0gZnJvbSAnYXdzLWNkay1saWInO1xuaW1wb3J0IHsgQ29uc3RydWN0IH0gZnJvbSAnY29uc3RydWN0cyc7XG5cbi8qKlxuICogTW9kZXMgZm9yIGJsb2NraW5nIHB1YmxpYyBhY2Nlc3MgdG8gVlBDcy5cbiAqL1xuZXhwb3J0IGVudW0gVnBjQmxvY2tQdWJsaWNBY2Nlc3NNb2RlIHtcbiAgLyoqIE5vIGJsb2NraW5nIG9mIHB1YmxpYyBhY2Nlc3MuICovXG4gIE9GRiA9ICdvZmYnLFxuICAvKiogQmxvY2sgb25seSBpbmdyZXNzIChpbmNvbWluZykgcHVibGljIGFjY2Vzcy4gKi9cbiAgQkxPQ0tfSU5HUkVTUyA9ICdibG9ja19pbmdyZXNzJyxcbiAgLyoqIEJsb2NrIGJvdGggaW5ncmVzcyBhbmQgZWdyZXNzIChiaWRpcmVjdGlvbmFsKSBwdWJsaWMgYWNjZXNzLiAqL1xuICBCTE9DS19CSURJUkVDVElPTkFMID0gJ2Jsb2NrX2JpZGlyZWN0aW9uYWwnLFxufVxuXG4vKipcbiAqIFN0YXRlIGZvciBhbGxvd2VkIGltYWdlcyBwb2xpY3kuXG4gKi9cbmV4cG9ydCBlbnVtIEFsbG93ZWRJbWFnZXNTdGF0ZSB7XG4gIC8qKiBPbmx5IGFsbG93IGltYWdlcyBmcm9tIHNwZWNpZmllZCBwcm92aWRlcnMuICovXG4gIEVOQUJMRUQgPSAnZW5hYmxlZCcsXG4gIC8qKiBBdWRpdCBtb2RlIGZvciBhbGxvd2VkIGltYWdlcy4gKi9cbiAgQVVESVRfTU9ERSA9ICdhdWRpdF9tb2RlJyxcbn1cblxuLyoqXG4gKiBQcmVkZWZpbmVkIGltYWdlIHByb3ZpZGVycyBmb3IgYWxsb3dlZCBpbWFnZXMgcG9saWN5LlxuICovXG5leHBvcnQgZW51bSBJbWFnZVByb3ZpZGVyIHtcbiAgLyoqIEFtYXpvbi1wcm92aWRlZCBpbWFnZXMuICovXG4gIEFNQVpPTiA9ICdhbWF6b24nLFxuICAvKiogQVdTIE1hcmtldHBsYWNlIGltYWdlcy4gKi9cbiAgQVdTX01BUktFVFBMQUNFID0gJ2F3c19tYXJrZXRwbGFjZScsXG4gIC8qKiBBV1MgQmFja3VwIFZhdWx0IGltYWdlcy4gKi9cbiAgQVdTX0JBQ0tVUF9WQVVMVCA9ICdhd3NfYmFja3VwX3ZhdWx0Jyxcbn1cblxuLyoqXG4gKiBPcHRpb25zIGZvciBJTURTdjIgSHR0cFRva2VucyByZXF1aXJlbWVudC5cbiAqL1xuZXhwb3J0IGVudW0gSHR0cFRva2VucyB7XG4gIC8qKiBObyBwcmVmZXJlbmNlIGZvciBIdHRwVG9rZW5zLiAqL1xuICBOT19QUkVGRVJFTkNFID0gJ25vX3ByZWZlcmVuY2UnLFxuICAvKiogUmVxdWlyZSBIdHRwVG9rZW5zLiAqL1xuICBSRVFVSVJFRCA9ICdyZXF1aXJlZCcsXG4gIC8qKiBIdHRwVG9rZW5zIGFyZSBvcHRpb25hbC4gKi9cbiAgT1BUSU9OQUwgPSAnb3B0aW9uYWwnLFxufVxuXG4vKipcbiAqIE9wdGlvbnMgZm9yIElNRFN2MiBIdHRwRW5kcG9pbnQuXG4gKi9cbmV4cG9ydCBlbnVtIEh0dHBFbmRwb2ludCB7XG4gIC8qKiBObyBwcmVmZXJlbmNlIGZvciBIdHRwRW5kcG9pbnQuICovXG4gIE5PX1BSRUZFUkVOQ0UgPSAnbm9fcHJlZmVyZW5jZScsXG4gIC8qKiBFbmFibGUgSHR0cEVuZHBvaW50LiAqL1xuICBFTkFCTEVEID0gJ2VuYWJsZWQnLFxuICAvKiogRGlzYWJsZSBIdHRwRW5kcG9pbnQuICovXG4gIERJU0FCTEVEID0gJ2Rpc2FibGVkJyxcbn1cblxuLyoqXG4gKiBPcHRpb25zIGZvciBJTURTdjIgSW5zdGFuY2UgTWV0YWRhdGEgVGFncy5cbiAqL1xuZXhwb3J0IGVudW0gSW5zdGFuY2VNZXRhZGF0YVRhZ3Mge1xuICAvKiogTm8gcHJlZmVyZW5jZSBmb3IgaW5zdGFuY2UgbWV0YWRhdGEgdGFncy4gKi9cbiAgTk9fUFJFRkVSRU5DRSA9ICdub19wcmVmZXJlbmNlJyxcbiAgLyoqIEVuYWJsZSBpbnN0YW5jZSBtZXRhZGF0YSB0YWdzLiAqL1xuICBFTkFCTEVEID0gJ2VuYWJsZWQnLFxuICAvKiogRGlzYWJsZSBpbnN0YW5jZSBtZXRhZGF0YSB0YWdzLiAqL1xuICBESVNBQkxFRCA9ICdkaXNhYmxlZCcsXG59XG5cbi8qKlxuICogU3RhdGUgZm9yIGJsb2NraW5nIHB1YmxpYyBhY2Nlc3MgdG8gRUJTIHNuYXBzaG90cy5cbiAqL1xuZXhwb3J0IGVudW0gU25hcHNob3RCbG9ja1B1YmxpY0FjY2Vzc1N0YXRlIHtcbiAgLyoqIEJsb2NrIG5ldyBzaGFyaW5nIG9mIHNuYXBzaG90cy4gKi9cbiAgQkxPQ0tfTkVXX1NIQVJJTkcgPSAnYmxvY2tfbmV3X3NoYXJpbmcnLFxuICAvKiogQmxvY2sgYWxsIHNoYXJpbmcgb2Ygc25hcHNob3RzLiAqL1xuICBCTE9DS19BTExfU0hBUklORyA9ICdibG9ja19hbGxfc2hhcmluZycsXG59XG5cbi8qKlxuICogQW4gaW1hZ2UgcHJvdmlkZXIgKHByZWRlZmluZWQgb3IgQVdTIGFjY291bnQgSUQpLlxuICovXG5leHBvcnQgdHlwZSBJbWFnZVByb3ZpZGVyT3JBY2NvdW50SWQgPSBJbWFnZVByb3ZpZGVyIHwgc3RyaW5nO1xuXG4vKipcbiAqIFByb3BlcnRpZXMgZm9yIGNvbmZpZ3VyaW5nIGEgRGVjbGFyYXRpdmVQb2xpY3kuXG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgRGVjbGFyYXRpdmVQb2xpY3lQcm9wcyB7XG4gIC8qKiBUaGUgdGFyZ2V0IEFXUyBhY2NvdW50IG9yIG9yZ2FuaXphdGlvbmFsIHVuaXQgSURzIHRvIHdoaWNoIHRoZSBwb2xpY3kgd2lsbCBiZSBhdHRhY2hlZC4gKi9cbiAgcmVhZG9ubHkgdGFyZ2V0SWRzOiBzdHJpbmdbXTtcbiAgLyoqIFRoZSBuYW1lIG9mIHRoZSBwb2xpY3kuICovXG4gIHJlYWRvbmx5IG5hbWU/OiBzdHJpbmc7XG4gIC8qKiBUaGUgZGVzY3JpcHRpb24gb2YgdGhlIHBvbGljeS4gKi9cbiAgcmVhZG9ubHkgZGVzY3JpcHRpb24/OiBzdHJpbmc7XG4gIC8qKiBXaGV0aGVyIHRvIGJsb2NrIHB1YmxpYyBhY2Nlc3MgdG8gVlBDcy4gRGVmYXVsdHMgdG8gdHJ1ZS4gKi9cbiAgcmVhZG9ubHkgdnBjQmxvY2tQdWJsaWNBY2Nlc3M/OiBib29sZWFuO1xuICAvKiogV2hldGhlciB0byBkaXNhYmxlIHNlcmlhbCBjb25zb2xlIGFjY2Vzcy4gRGVmYXVsdHMgdG8gdHJ1ZS4gKi9cbiAgcmVhZG9ubHkgZGlzYWJsZVNlcmlhbENvbnNvbGVBY2Nlc3M/OiBib29sZWFuO1xuICAvKiogV2hldGhlciB0byBibG9jayBwdWJsaWMgYWNjZXNzIHRvIEFNSXMuIERlZmF1bHRzIHRvIHRydWUuICovXG4gIHJlYWRvbmx5IGltYWdlQmxvY2tQdWJsaWNBY2Nlc3M/OiBib29sZWFuO1xuICAvKiogV2hldGhlciB0byByZXN0cmljdCBhbGxvd2VkIGltYWdlIHByb3ZpZGVycy4gRGVmYXVsdHMgdG8gdHJ1ZS4gKi9cbiAgcmVhZG9ubHkgcmVzdHJpY3RJbWFnZVByb3ZpZGVycz86IGJvb2xlYW47XG4gIC8qKiBXaGV0aGVyIHRvIGVuZm9yY2UgaW5zdGFuY2UgbWV0YWRhdGEgc2VydmljZSBkZWZhdWx0cy4gRGVmYXVsdHMgdG8gdHJ1ZS4gKi9cbiAgcmVhZG9ubHkgaW5zdGFuY2VNZXRhZGF0YURlZmF1bHRzPzogYm9vbGVhbjtcbiAgLyoqIFdoZXRoZXIgdG8gYmxvY2sgcHVibGljIHNoYXJpbmcgb2YgRUJTIHNuYXBzaG90cy4gRGVmYXVsdHMgdG8gdHJ1ZS4gKi9cbiAgcmVhZG9ubHkgYmxvY2tQdWJsaWNTbmFwc2hvdHM/OiBib29sZWFuO1xuICAvKiogVGhlIG1vZGUgZm9yIGJsb2NraW5nIHB1YmxpYyBhY2Nlc3MgdG8gVlBDcy4gKi9cbiAgcmVhZG9ubHkgdnBjQmxvY2tQdWJsaWNBY2Nlc3NNb2RlPzogVnBjQmxvY2tQdWJsaWNBY2Nlc3NNb2RlO1xuICAvKiogVGhlIHN0YXRlIGZvciBhbGxvd2VkIGltYWdlcyBwb2xpY3kuICovXG4gIHJlYWRvbmx5IGFsbG93ZWRJbWFnZXNTdGF0ZT86IEFsbG93ZWRJbWFnZXNTdGF0ZTtcbiAgLyoqIFRoZSBsaXN0IG9mIGFsbG93ZWQgaW1hZ2UgcHJvdmlkZXJzIG9yIEFXUyBhY2NvdW50IElEcy4gKi9cbiAgcmVhZG9ubHkgYWxsb3dlZEltYWdlUHJvdmlkZXJzPzogSW1hZ2VQcm92aWRlck9yQWNjb3VudElkW107XG4gIC8qKiBUaGUgSHR0cFRva2VucyBzZXR0aW5nIGZvciBpbnN0YW5jZSBtZXRhZGF0YSBzZXJ2aWNlLiAqL1xuICByZWFkb25seSBodHRwVG9rZW5zPzogSHR0cFRva2VucztcbiAgLyoqIFRoZSBob3AgbGltaXQgZm9yIEhUVFAgUFVUIHJlc3BvbnNlcyBmcm9tIHRoZSBpbnN0YW5jZSBtZXRhZGF0YSBzZXJ2aWNlLiAqL1xuICByZWFkb25seSBodHRwUHV0UmVzcG9uc2VIb3BMaW1pdD86IG51bWJlcjtcbiAgLyoqIFRoZSBIdHRwRW5kcG9pbnQgc2V0dGluZyBmb3IgaW5zdGFuY2UgbWV0YWRhdGEgc2VydmljZS4gKi9cbiAgcmVhZG9ubHkgaHR0cEVuZHBvaW50PzogSHR0cEVuZHBvaW50O1xuICAvKiogVGhlIGluc3RhbmNlIG1ldGFkYXRhIHRhZ3Mgc2V0dGluZy4gKi9cbiAgcmVhZG9ubHkgaW5zdGFuY2VNZXRhZGF0YVRhZ3M/OiBJbnN0YW5jZU1ldGFkYXRhVGFncztcbiAgLyoqIFRoZSBzdGF0ZSBmb3IgYmxvY2tpbmcgcHVibGljIGFjY2VzcyB0byBFQlMgc25hcHNob3RzLiAqL1xuICByZWFkb25seSBzbmFwc2hvdEJsb2NrUHVibGljQWNjZXNzU3RhdGU/OiBTbmFwc2hvdEJsb2NrUHVibGljQWNjZXNzU3RhdGU7XG59XG5cbi8qKlxuICogQSBDREsgY29uc3RydWN0IHRoYXQgY3JlYXRlcyBhbiBBV1MgT3JnYW5pemF0aW9ucyBFQzIgRGVjbGFyYXRpdmUgUG9saWN5LlxuICpcbiAqIFRoaXMgY29uc3RydWN0IGFsbG93cyB5b3UgdG8gZGVjbGFyYXRpdmVseSBkZWZpbmUgYW5kIGFwcGx5IEVDMi1yZWxhdGVkIHBvbGljaWVzXG4gKiBzdWNoIGFzIGJsb2NraW5nIHB1YmxpYyBhY2Nlc3MgdG8gVlBDcywgcmVzdHJpY3RpbmcgQU1JIHByb3ZpZGVycywgZW5mb3JjaW5nXG4gKiBpbnN0YW5jZSBtZXRhZGF0YSBzZXJ2aWNlIHNldHRpbmdzLCBhbmQgbW9yZS5cbiAqXG4gKiBFeGFtcGxlOlxuICogYGBgdHNcbiAqIG5ldyBEZWNsYXJhdGl2ZVBvbGljeSh0aGlzLCAnTXlQb2xpY3knLCB7XG4gKiAgIHRhcmdldElkczogWydvdS14eHh4LXh4eHh4eHh4J10sXG4gKiAgIHZwY0Jsb2NrUHVibGljQWNjZXNzOiB0cnVlLFxuICogICB2cGNCbG9ja1B1YmxpY0FjY2Vzc01vZGU6IFZwY0Jsb2NrUHVibGljQWNjZXNzTW9kZS5CTE9DS19CSURJUkVDVElPTkFMLFxuICogfSk7XG4gKiBgYGBcbiAqL1xuZXhwb3J0IGNsYXNzIERlY2xhcmF0aXZlUG9saWN5IGV4dGVuZHMgQ29uc3RydWN0IHtcbiAgLyoqXG4gICAqIFRoZSBBUk4gb2YgdGhlIGNyZWF0ZWQgZGVjbGFyYXRpdmUgcG9saWN5LlxuICAgKi9cbiAgcHVibGljIHJlYWRvbmx5IGRlY2xhcmF0aXZlUG9saWN5QXJuITogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBDcmVhdGUgYSBuZXcgRGVjbGFyYXRpdmVQb2xpY3kuXG4gICAqIEBwYXJhbSBzY29wZSBUaGUgcGFyZW50IGNvbnN0cnVjdC5cbiAgICogQHBhcmFtIGlkIFRoZSBjb25zdHJ1Y3QgSUQuXG4gICAqIEBwYXJhbSBwcm9wcyBUaGUgcG9saWN5IHByb3BlcnRpZXMuXG4gICAqL1xuICBjb25zdHJ1Y3RvcihzY29wZTogQ29uc3RydWN0LCBpZDogc3RyaW5nLCBwcm9wczogRGVjbGFyYXRpdmVQb2xpY3lQcm9wcykge1xuICAgIHN1cGVyKHNjb3BlLCBpZCk7XG5cbiAgICAvLyBTZXQgZGVmYXVsdHMgZm9yIGJvb2xlYW4gcHJvcGVydGllc1xuICAgIGNvbnN0IHZwY0Jsb2NrUHVibGljQWNjZXNzID0gcHJvcHMudnBjQmxvY2tQdWJsaWNBY2Nlc3MgPz8gdHJ1ZTtcbiAgICBjb25zdCBkaXNhYmxlU2VyaWFsQ29uc29sZUFjY2VzcyA9IHByb3BzLmRpc2FibGVTZXJpYWxDb25zb2xlQWNjZXNzID8/IHRydWU7XG4gICAgY29uc3QgaW1hZ2VCbG9ja1B1YmxpY0FjY2VzcyA9IHByb3BzLmltYWdlQmxvY2tQdWJsaWNBY2Nlc3MgPz8gdHJ1ZTtcbiAgICBjb25zdCByZXN0cmljdEltYWdlUHJvdmlkZXJzID0gcHJvcHMucmVzdHJpY3RJbWFnZVByb3ZpZGVycyA/PyB0cnVlO1xuICAgIGNvbnN0IGluc3RhbmNlTWV0YWRhdGFEZWZhdWx0cyA9IHByb3BzLmluc3RhbmNlTWV0YWRhdGFEZWZhdWx0cyA/PyB0cnVlO1xuICAgIGNvbnN0IGJsb2NrUHVibGljU25hcHNob3RzID0gcHJvcHMuYmxvY2tQdWJsaWNTbmFwc2hvdHMgPz8gdHJ1ZTtcblxuICAgIGNvbnN0IGRlY2xhcmF0aXZlUG9saWN5ID0ge1xuICAgICAgZWMyX2F0dHJpYnV0ZXM6IHtcbiAgICAgICAgdnBjX2Jsb2NrX3B1YmxpY19hY2Nlc3M6IHZwY0Jsb2NrUHVibGljQWNjZXNzID8ge1xuICAgICAgICAgIGludGVybmV0X2dhdGV3YXlfYmxvY2s6IHtcbiAgICAgICAgICAgIG1vZGU6IHtcbiAgICAgICAgICAgICAgJ0BAYXNzaWduJzogcHJvcHMudnBjQmxvY2tQdWJsaWNBY2Nlc3NNb2RlID8/IFZwY0Jsb2NrUHVibGljQWNjZXNzTW9kZS5CTE9DS19JTkdSRVNTLFxuICAgICAgICAgICAgfSxcbiAgICAgICAgICAgIGV4Y2x1c2lvbnNfYWxsb3dlZDoge1xuICAgICAgICAgICAgICAnQEBhc3NpZ24nOiAnZW5hYmxlZCcsXG4gICAgICAgICAgICB9LFxuICAgICAgICAgIH0sXG4gICAgICAgIH0gOiB1bmRlZmluZWQsXG4gICAgICAgIHNlcmlhbF9jb25zb2xlX2FjY2VzczogZGlzYWJsZVNlcmlhbENvbnNvbGVBY2Nlc3MgPyB7XG4gICAgICAgICAgc3RhdHVzOiB7XG4gICAgICAgICAgICAnQEBhc3NpZ24nOiAnZGlzYWJsZWQnLFxuICAgICAgICAgIH0sXG4gICAgICAgIH0gOiB1bmRlZmluZWQsXG4gICAgICAgIGltYWdlX2Jsb2NrX3B1YmxpY19hY2Nlc3M6IGltYWdlQmxvY2tQdWJsaWNBY2Nlc3MgPyB7XG4gICAgICAgICAgc3RhdGU6IHtcbiAgICAgICAgICAgICdAQGFzc2lnbic6ICdibG9ja19uZXdfc2hhcmluZycsXG4gICAgICAgICAgfSxcbiAgICAgICAgfSA6IHVuZGVmaW5lZCxcbiAgICAgICAgYWxsb3dlZF9pbWFnZXNfc2V0dGluZ3M6IHJlc3RyaWN0SW1hZ2VQcm92aWRlcnMgPyB7XG4gICAgICAgICAgc3RhdGU6IHtcbiAgICAgICAgICAgICdAQGFzc2lnbic6IHByb3BzLmFsbG93ZWRJbWFnZXNTdGF0ZSA/PyBBbGxvd2VkSW1hZ2VzU3RhdGUuRU5BQkxFRCxcbiAgICAgICAgICB9LFxuICAgICAgICAgIC4uLihwcm9wcy5hbGxvd2VkSW1hZ2VQcm92aWRlcnMgJiYgcHJvcHMuYWxsb3dlZEltYWdlUHJvdmlkZXJzLmxlbmd0aCA+IDAgPyB7XG4gICAgICAgICAgICBpbWFnZV9jcml0ZXJpYToge1xuICAgICAgICAgICAgICBjcml0ZXJpYV8xOiB7XG4gICAgICAgICAgICAgICAgYWxsb3dlZF9pbWFnZV9wcm92aWRlcnM6IHtcbiAgICAgICAgICAgICAgICAgICdAQGFwcGVuZCc6IHByb3BzLmFsbG93ZWRJbWFnZVByb3ZpZGVycyxcbiAgICAgICAgICAgICAgICB9LFxuICAgICAgICAgICAgICB9LFxuICAgICAgICAgICAgfSxcbiAgICAgICAgICB9IDoge30pLFxuICAgICAgICB9IDogdW5kZWZpbmVkLFxuICAgICAgICBpbnN0YW5jZV9tZXRhZGF0YV9kZWZhdWx0czogaW5zdGFuY2VNZXRhZGF0YURlZmF1bHRzID8ge1xuICAgICAgICAgIGh0dHBfdG9rZW5zOiB7XG4gICAgICAgICAgICAnQEBhc3NpZ24nOiBwcm9wcy5odHRwVG9rZW5zID8/IEh0dHBUb2tlbnMuUkVRVUlSRUQsXG4gICAgICAgICAgfSxcbiAgICAgICAgICBodHRwX3B1dF9yZXNwb25zZV9ob3BfbGltaXQ6IHtcbiAgICAgICAgICAgICdAQGFzc2lnbic6IHByb3BzLmh0dHBQdXRSZXNwb25zZUhvcExpbWl0Py50b1N0cmluZygpID8/ICc0JyxcbiAgICAgICAgICB9LFxuICAgICAgICAgIGh0dHBfZW5kcG9pbnQ6IHtcbiAgICAgICAgICAgICdAQGFzc2lnbic6IHByb3BzLmh0dHBFbmRwb2ludCA/PyBIdHRwRW5kcG9pbnQuRU5BQkxFRCxcbiAgICAgICAgICB9LFxuICAgICAgICAgIGluc3RhbmNlX21ldGFkYXRhX3RhZ3M6IHtcbiAgICAgICAgICAgICdAQGFzc2lnbic6IHByb3BzLmluc3RhbmNlTWV0YWRhdGFUYWdzID8/IEluc3RhbmNlTWV0YWRhdGFUYWdzLkVOQUJMRUQsXG4gICAgICAgICAgfSxcbiAgICAgICAgfSA6IHVuZGVmaW5lZCxcbiAgICAgICAgc25hcHNob3RfYmxvY2tfcHVibGljX2FjY2VzczogYmxvY2tQdWJsaWNTbmFwc2hvdHMgPyB7XG4gICAgICAgICAgc3RhdGU6IHtcbiAgICAgICAgICAgICdAQGFzc2lnbic6IHByb3BzLnNuYXBzaG90QmxvY2tQdWJsaWNBY2Nlc3NTdGF0ZSA/PyBTbmFwc2hvdEJsb2NrUHVibGljQWNjZXNzU3RhdGUuQkxPQ0tfTkVXX1NIQVJJTkcsXG4gICAgICAgICAgfSxcbiAgICAgICAgfSA6IHVuZGVmaW5lZCxcbiAgICAgIH0sXG4gICAgfTtcblxuICAgIGNvbnN0IGFwcGx5RGVjbGFyYXRpdmVQb2xpY3kgPSBuZXcgb3JnYW5pemF0aW9ucy5DZm5Qb2xpY3kodGhpcywgYERlY2xhcmF0aXZlUG9saWN5LSR7dGhpcy5ub2RlLmlkfWAsIHtcbiAgICAgIGNvbnRlbnQ6IGRlY2xhcmF0aXZlUG9saWN5LFxuICAgICAgbmFtZTogcHJvcHMubmFtZSA/PyBgRGVjbGFyYXRpdmVQb2xpY3ktJHt0aGlzLm5vZGUuaWR9YCxcbiAgICAgIHR5cGU6ICdERUNMQVJBVElWRV9QT0xJQ1lfRUMyJyxcbiAgICAgIGRlc2NyaXB0aW9uOiBwcm9wcy5kZXNjcmlwdGlvbiA/PyAnRGVjbGFyYXRpdmUgUG9saWN5IGZyb20gQWR2YW5jZWQgQ0RLIENvbnN0cnVjdHMnLFxuICAgICAgdGFyZ2V0SWRzOiBwcm9wcy50YXJnZXRJZHMsXG4gICAgfSk7XG4gICAgdGhpcy5kZWNsYXJhdGl2ZVBvbGljeUFybiA9IGFwcGx5RGVjbGFyYXRpdmVQb2xpY3kuYXR0ckFybjtcblxuICB9XG59Il19