cdk-ecr-deployment/lib/index.js

CDK construct to deploy docker image to Amazon ECR

"use strict";
var _a, _b, _c;
Object.defineProperty(exports, "__esModule", { value: true });
exports.ECRDeployment = exports.S3ArchiveName = exports.DockerImageName = void 0;
const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
const path = require("path");
const aws_cdk_lib_1 = require("aws-cdk-lib");
const aws_lambda_1 = require("aws-cdk-lib/aws-lambda");
const constructs_1 = require("constructs");
class DockerImageName {
    /**
     * @param name - The name of the image, e.g. retrieved from `DockerImageAsset.imageUri`
     * @param creds - The credentials of the docker image. Format `user:password` or `AWS Secrets Manager secret arn` or `AWS Secrets Manager secret name`.
     *     If specifying an AWS Secrets Manager secret, the format of the secret should be either plain text (`user:password`) or
     *     JSON (`{"username":"<username>","password":"<password>"}`).
     *     For more details on JSON format, see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/private-auth.html
     */
    constructor(name, creds) {
        this.name = name;
        this.creds = creds;
    }
    get uri() { return `docker://${this.name}`; }
}
exports.DockerImageName = DockerImageName;
_a = JSII_RTTI_SYMBOL_1;
DockerImageName[_a] = { fqn: "cdk-ecr-deployment.DockerImageName", version: "4.0.2" };
class S3ArchiveName {
    /**
     * @param p - the S3 bucket name and path of the archive (a S3 URI without the s3://)
     * @param ref - appended to the end of the name with a `:`, e.g. `:latest`
     * @param creds - The credentials of the docker image. Format `user:password` or `AWS Secrets Manager secret arn` or `AWS Secrets Manager secret name`.
     *     If specifying an AWS Secrets Manager secret, the format of the secret should be either plain text (`user:password`) or
     *     JSON (`{"username":"<username>","password":"<password>"}`).
     *     For more details on JSON format, see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/private-auth.html
     */
    constructor(p, ref, creds) {
        this.creds = creds;
        this.name = p;
        if (ref) {
            this.name += ':' + ref;
        }
    }
    get uri() { return `s3://${this.name}`; }
}
exports.S3ArchiveName = S3ArchiveName;
_b = JSII_RTTI_SYMBOL_1;
S3ArchiveName[_b] = { fqn: "cdk-ecr-deployment.S3ArchiveName", version: "4.0.2" };
class ECRDeployment extends constructs_1.Construct {
    constructor(scope, id, props) {
        super(scope, id);
        const memoryLimit = props.memoryLimit ?? 512;
        this.handler = new aws_cdk_lib_1.aws_lambda.SingletonFunction(this, 'CustomResourceHandler', {
            uuid: this.renderSingletonUuid(memoryLimit),
            code: aws_cdk_lib_1.aws_lambda.Code.fromAsset(path.join(__dirname, '../lambda-bin')),
            runtime: new aws_cdk_lib_1.aws_lambda.Runtime('provided.al2023', aws_lambda_1.RuntimeFamily.OTHER), // not using Runtime.PROVIDED_AL2023 to support older CDK versions (< 2.105.0)
            handler: 'bootstrap',
            lambdaPurpose: 'Custom::CDKECRDeployment',
            description: 'Custom resource handler for copying Docker images between docker registries.',
            timeout: aws_cdk_lib_1.Duration.minutes(15),
            role: props.role,
            memorySize: memoryLimit,
            vpc: props.vpc,
            vpcSubnets: props.vpcSubnets,
            securityGroups: props.securityGroups,
        });
        const handlerRole = this.handler.role;
        if (!handlerRole) {
            throw new Error('lambda.SingletonFunction should have created a Role');
        }
        handlerRole.addToPrincipalPolicy(new aws_cdk_lib_1.aws_iam.PolicyStatement({
            effect: aws_cdk_lib_1.aws_iam.Effect.ALLOW,
            actions: [
                'ecr:GetAuthorizationToken',
                'ecr:BatchCheckLayerAvailability',
                'ecr:GetDownloadUrlForLayer',
                'ecr:GetRepositoryPolicy',
                'ecr:DescribeRepositories',
                'ecr:ListImages',
                'ecr:DescribeImages',
                'ecr:BatchGetImage',
                'ecr:ListTagsForResource',
                'ecr:DescribeImageScanFindings',
                'ecr:InitiateLayerUpload',
                'ecr:UploadLayerPart',
                'ecr:CompleteLayerUpload',
                'ecr:PutImage',
            ],
            resources: ['*'],
        }));
        handlerRole.addToPrincipalPolicy(new aws_cdk_lib_1.aws_iam.PolicyStatement({
            effect: aws_cdk_lib_1.aws_iam.Effect.ALLOW,
            actions: [
                's3:GetObject',
            ],
            resources: ['*'],
        }));
        if (props.imageArch && props.imageArch.length !== 1) {
            throw new Error(`imageArch must contain exactly 1 element, got ${JSON.stringify(props.imageArch)}`);
        }
        const imageArch = props.imageArch ? props.imageArch[0] : '';
        new aws_cdk_lib_1.CustomResource(this, 'CustomResource', {
            serviceToken: this.handler.functionArn,
            // This has been copy/pasted and is a pure lie, but changing it is going to change people's infra!! X(
            resourceType: 'Custom::CDKECRDeployment',
            properties: {
                SrcImage: props.src.uri,
                SrcCreds: props.src.creds,
                DestImage: props.dest.uri,
                DestCreds: props.dest.creds,
                ...imageArch ? { ImageArch: imageArch } : {},
            },
        });
    }
    addToPrincipalPolicy(statement) {
        const handlerRole = this.handler.role;
        if (!handlerRole) {
            throw new Error('lambda.SingletonFunction should have created a Role');
        }
        return handlerRole.addToPrincipalPolicy(statement);
    }
    renderSingletonUuid(memoryLimit) {
        let uuid = 'bd07c930-edb9-4112-a20f-03f096f53666';
        // if user specify a custom memory limit, define another singleton handler
        // with this configuration. otherwise, it won't be possible to use multiple
        // configurations since we have a singleton.
        if (memoryLimit) {
            if (aws_cdk_lib_1.Token.isUnresolved(memoryLimit)) {
                throw new Error('Can\'t use tokens when specifying "memoryLimit" since we use it to identify the singleton custom resource handler');
            }
            uuid += `-${memoryLimit.toString()}MiB`;
        }
        return uuid;
    }
}
exports.ECRDeployment = ECRDeployment;
_c = JSII_RTTI_SYMBOL_1;
ECRDeployment[_c] = { fqn: "cdk-ecr-deployment.ECRDeployment", version: "4.0.2" };
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFBQSxxRUFBcUU7QUFDckUsc0NBQXNDO0FBRXRDLDZCQUE2QjtBQUM3Qiw2Q0FBb0g7QUFFcEgsdURBQXVEO0FBQ3ZELDJDQUF1QztBQTBGdkMsTUFBYSxlQUFlO0lBQzFCOzs7Ozs7T0FNRztJQUNILFlBQTJCLElBQVksRUFBUyxLQUFjO1FBQW5DLFNBQUksR0FBSixJQUFJLENBQVE7UUFBUyxVQUFLLEdBQUwsS0FBSyxDQUFTO0lBQUksQ0FBQztJQUNuRSxJQUFXLEdBQUcsS0FBYSxPQUFPLFlBQVksSUFBSSxDQUFDLElBQUksRUFBRSxDQUFDLENBQUMsQ0FBQzs7QUFUOUQsMENBVUM7OztBQUVELE1BQWEsYUFBYTtJQUd4Qjs7Ozs7OztPQU9HO0lBQ0gsWUFBbUIsQ0FBUyxFQUFFLEdBQVksRUFBUyxLQUFjO1FBQWQsVUFBSyxHQUFMLEtBQUssQ0FBUztRQUMvRCxJQUFJLENBQUMsSUFBSSxHQUFHLENBQUMsQ0FBQztRQUNkLElBQUksR0FBRyxFQUFFLENBQUM7WUFDUixJQUFJLENBQUMsSUFBSSxJQUFJLEdBQUcsR0FBRyxHQUFHLENBQUM7UUFDekIsQ0FBQztJQUNILENBQUM7SUFDRCxJQUFXLEdBQUcsS0FBYSxPQUFPLFFBQVEsSUFBSSxDQUFDLElBQUksRUFBRSxDQUFDLENBQUMsQ0FBQzs7QUFqQjFELHNDQWtCQzs7O0FBRUQsTUFBYSxhQUFjLFNBQVEsc0JBQVM7SUFHMUMsWUFBWSxLQUFnQixFQUFFLEVBQVUsRUFBRSxLQUF5QjtRQUNqRSxLQUFLLENBQUMsS0FBSyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBQ2pCLE1BQU0sV0FBVyxHQUFHLEtBQUssQ0FBQyxXQUFXLElBQUksR0FBRyxDQUFDO1FBQzdDLElBQUksQ0FBQyxPQUFPLEdBQUcsSUFBSSx3QkFBTSxDQUFDLGlCQUFpQixDQUFDLElBQUksRUFBRSx1QkFBdUIsRUFBRTtZQUN6RSxJQUFJLEVBQUUsSUFBSSxDQUFDLG1CQUFtQixDQUFDLFdBQVcsQ0FBQztZQUMzQyxJQUFJLEVBQUUsd0JBQU0sQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsU0FBUyxFQUFFLGVBQWUsQ0FBQyxDQUFDO1lBQ2xFLE9BQU8sRUFBRSxJQUFJLHdCQUFNLENBQUMsT0FBTyxDQUFDLGlCQUFpQixFQUFFLDBCQUFhLENBQUMsS0FBSyxDQUFDLEVBQUUsOEVBQThFO1lBQ25KLE9BQU8sRUFBRSxXQUFXO1lBQ3BCLGFBQWEsRUFBRSwwQkFBMEI7WUFDekMsV0FBVyxFQUFFLDhFQUE4RTtZQUMzRixPQUFPLEVBQUUsc0JBQVEsQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1lBQzdCLElBQUksRUFBRSxLQUFLLENBQUMsSUFBSTtZQUNoQixVQUFVLEVBQUUsV0FBVztZQUN2QixHQUFHLEVBQUUsS0FBSyxDQUFDLEdBQUc7WUFDZCxVQUFVLEVBQUUsS0FBSyxDQUFDLFVBQVU7WUFDNUIsY0FBYyxFQUFFLEtBQUssQ0FBQyxjQUFjO1NBQ3JDLENBQUMsQ0FBQztRQUVILE1BQU0sV0FBVyxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDO1FBQ3RDLElBQUksQ0FBQyxXQUFXLEVBQUUsQ0FBQztZQUFDLE1BQU0sSUFBSSxLQUFLLENBQUMscURBQXFELENBQUMsQ0FBQztRQUFDLENBQUM7UUFFN0YsV0FBVyxDQUFDLG9CQUFvQixDQUM5QixJQUFJLHFCQUFHLENBQUMsZUFBZSxDQUFDO1lBQ3RCLE1BQU0sRUFBRSxxQkFBRyxDQUFDLE1BQU0sQ0FBQyxLQUFLO1lBQ3hCLE9BQU8sRUFBRTtnQkFDUCwyQkFBMkI7Z0JBQzNCLGlDQUFpQztnQkFDakMsNEJBQTRCO2dCQUM1Qix5QkFBeUI7Z0JBQ3pCLDBCQUEwQjtnQkFDMUIsZ0JBQWdCO2dCQUNoQixvQkFBb0I7Z0JBQ3BCLG1CQUFtQjtnQkFDbkIseUJBQXlCO2dCQUN6QiwrQkFBK0I7Z0JBQy9CLHlCQUF5QjtnQkFDekIscUJBQXFCO2dCQUNyQix5QkFBeUI7Z0JBQ3pCLGNBQWM7YUFDZjtZQUNELFNBQVMsRUFBRSxDQUFDLEdBQUcsQ0FBQztTQUNqQixDQUFDLENBQUMsQ0FBQztRQUNOLFdBQVcsQ0FBQyxvQkFBb0IsQ0FBQyxJQUFJLHFCQUFHLENBQUMsZUFBZSxDQUFDO1lBQ3ZELE1BQU0sRUFBRSxxQkFBRyxDQUFDLE1BQU0sQ0FBQyxLQUFLO1lBQ3hCLE9BQU8sRUFBRTtnQkFDUCxjQUFjO2FBQ2Y7WUFDRCxTQUFTLEVBQUUsQ0FBQyxHQUFHLENBQUM7U0FDakIsQ0FBQyxDQUFDLENBQUM7UUFFSixJQUFJLEtBQUssQ0FBQyxTQUFTLElBQUksS0FBSyxDQUFDLFNBQVMsQ0FBQyxNQUFNLEtBQUssQ0FBQyxFQUFFLENBQUM7WUFDcEQsTUFBTSxJQUFJLEtBQUssQ0FBQyxpREFBaUQsSUFBSSxDQUFDLFNBQVMsQ0FBQyxLQUFLLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQ3RHLENBQUM7UUFDRCxNQUFNLFNBQVMsR0FBRyxLQUFLLENBQUMsU0FBUyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsU0FBUyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUM7UUFFNUQsSUFBSSw0QkFBYyxDQUFDLElBQUksRUFBRSxnQkFBZ0IsRUFBRTtZQUN6QyxZQUFZLEVBQUUsSUFBSSxDQUFDLE9BQU8sQ0FBQyxXQUFXO1lBQ3RDLHNHQUFzRztZQUN0RyxZQUFZLEVBQUUsMEJBQTBCO1lBQ3hDLFVBQVUsRUFBRTtnQkFDVixRQUFRLEVBQUUsS0FBSyxDQUFDLEdBQUcsQ0FBQyxHQUFHO2dCQUN2QixRQUFRLEVBQUUsS0FBSyxDQUFDLEdBQUcsQ0FBQyxLQUFLO2dCQUN6QixTQUFTLEVBQUUsS0FBSyxDQUFDLElBQUksQ0FBQyxHQUFHO2dCQUN6QixTQUFTLEVBQUUsS0FBSyxDQUFDLElBQUksQ0FBQyxLQUFLO2dCQUMzQixHQUFHLFNBQVMsQ0FBQyxDQUFDLENBQUMsRUFBRSxTQUFTLEVBQUUsU0FBUyxFQUFFLENBQUMsQ0FBQyxDQUFDLEVBQUU7YUFDN0M7U0FDRixDQUFDLENBQUM7SUFDTCxDQUFDO0lBRU0sb0JBQW9CLENBQUMsU0FBMEI7UUFDcEQsTUFBTSxXQUFXLEdBQUcsSUFBSSxDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUM7UUFDdEMsSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQUMsTUFBTSxJQUFJLEtBQUssQ0FBQyxxREFBcUQsQ0FBQyxDQUFDO1FBQUMsQ0FBQztRQUU3RixPQUFPLFdBQVcsQ0FBQyxvQkFBb0IsQ0FBQyxTQUFTLENBQUMsQ0FBQztJQUNyRCxDQUFDO0lBRU8sbUJBQW1CLENBQUMsV0FBb0I7UUFDOUMsSUFBSSxJQUFJLEdBQUcsc0NBQXNDLENBQUM7UUFFbEQsMEVBQTBFO1FBQzFFLDJFQUEyRTtRQUMzRSw0Q0FBNEM7UUFDNUMsSUFBSSxXQUFXLEVBQUUsQ0FBQztZQUNoQixJQUFJLG1CQUFLLENBQUMsWUFBWSxDQUFDLFdBQVcsQ0FBQyxFQUFFLENBQUM7Z0JBQ3BDLE1BQU0sSUFBSSxLQUFLLENBQUMsbUhBQW1ILENBQUMsQ0FBQztZQUN2SSxDQUFDO1lBRUQsSUFBSSxJQUFJLElBQUksV0FBVyxDQUFDLFFBQVEsRUFBRSxLQUFLLENBQUM7UUFDMUMsQ0FBQztRQUVELE9BQU8sSUFBSSxDQUFDO0lBQ2QsQ0FBQzs7QUE5Rkgsc0NBK0ZDIiwic291cmNlc0NvbnRlbnQiOlsiLy8gQ29weXJpZ2h0IEFtYXpvbi5jb20sIEluYy4gb3IgaXRzIGFmZmlsaWF0ZXMuIEFsbCBSaWdodHMgUmVzZXJ2ZWQuXG4vLyBTUERYLUxpY2Vuc2UtSWRlbnRpZmllcjogQXBhY2hlLTIuMFxuXG5pbXBvcnQgKiBhcyBwYXRoIGZyb20gJ3BhdGgnO1xuaW1wb3J0IHsgYXdzX2VjMiBhcyBlYzIsIGF3c19pYW0gYXMgaWFtLCBhd3NfbGFtYmRhIGFzIGxhbWJkYSwgRHVyYXRpb24sIEN1c3RvbVJlc291cmNlLCBUb2tlbiB9IGZyb20gJ2F3cy1jZGstbGliJztcbmltcG9ydCB7IFBvbGljeVN0YXRlbWVudCwgQWRkVG9QcmluY2lwYWxQb2xpY3lSZXN1bHQgfSBmcm9tICdhd3MtY2RrLWxpYi9hd3MtaWFtJztcbmltcG9ydCB7IFJ1bnRpbWVGYW1pbHkgfSBmcm9tICdhd3MtY2RrLWxpYi9hd3MtbGFtYmRhJztcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gJ2NvbnN0cnVjdHMnO1xuXG5leHBvcnQgaW50ZXJmYWNlIEVDUkRlcGxveW1lbnRQcm9wcyB7XG4gIC8qKlxuICAgKiBUaGUgc291cmNlIG9mIHRoZSBkb2NrZXIgaW1hZ2UuXG4gICAqL1xuICByZWFkb25seSBzcmM6IElJbWFnZU5hbWU7XG5cbiAgLyoqXG4gICAqIFRoZSBkZXN0aW5hdGlvbiBvZiB0aGUgZG9ja2VyIGltYWdlLlxuICAgKi9cbiAgcmVhZG9ubHkgZGVzdDogSUltYWdlTmFtZTtcblxuICAvKipcbiAgICogVGhlIGltYWdlIGFyY2hpdGVjdHVyZSB0byBiZSBjb3BpZWQuXG4gICAqXG4gICAqIFRoZSAnYW1kNjQnIGFyY2hpdGVjdHVyZSB3aWxsIGJlIGNvcGllZCBieSBkZWZhdWx0LiBTcGVjaWZ5IHRoZVxuICAgKiBhcmNoaXRlY3R1cmUgb3IgYXJjaGl0ZWN0dXJlcyB0byBjb3B5IGhlcmUuXG4gICAqXG4gICAqIEl0IGlzIGN1cnJlbnRseSBub3QgcG9zc2libGUgdG8gY29weSBtb3JlIHRoYW4gb25lIGFyY2hpdGVjdHVyZVxuICAgKiBhdCBhIHRpbWU6IHRoZSBhcnJheSB5b3Ugc3BlY2lmeSBtdXN0IGNvbnRhaW4gZXhhY3RseSBvbmUgc3RyaW5nLlxuICAgKlxuICAgKiBAZGVmYXVsdCBbJ2FtZDY0J11cbiAgICovXG4gIHJlYWRvbmx5IGltYWdlQXJjaD86IHN0cmluZ1tdO1xuXG4gIC8qKlxuICAgKiBUaGUgYW1vdW50IG9mIG1lbW9yeSAoaW4gTWlCKSB0byBhbGxvY2F0ZSB0byB0aGUgQVdTIExhbWJkYSBmdW5jdGlvbiB3aGljaFxuICAgKiByZXBsaWNhdGVzIHRoZSBmaWxlcyBmcm9tIHRoZSBDREsgYnVja2V0IHRvIHRoZSBkZXN0aW5hdGlvbiBidWNrZXQuXG4gICAqXG4gICAqIElmIHlvdSBhcmUgZGVwbG95aW5nIGxhcmdlIGZpbGVzLCB5b3Ugd2lsbCBuZWVkIHRvIGluY3JlYXNlIHRoaXMgbnVtYmVyXG4gICAqIGFjY29yZGluZ2x5LlxuICAgKlxuICAgKiBAZGVmYXVsdCAtIDUxMlxuICAgKi9cbiAgcmVhZG9ubHkgbWVtb3J5TGltaXQ/OiBudW1iZXI7XG5cbiAgLyoqXG4gICAqIEV4ZWN1dGlvbiByb2xlIGFzc29jaWF0ZWQgd2l0aCB0aGlzIGZ1bmN0aW9uXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gQSByb2xlIGlzIGF1dG9tYXRpY2FsbHkgY3JlYXRlZFxuICAgKi9cbiAgcmVhZG9ubHkgcm9sZT86IGlhbS5JUm9sZTtcblxuICAvKipcbiAgICogVGhlIFZQQyBuZXR3b3JrIHRvIHBsYWNlIHRoZSBkZXBsb3ltZW50IGxhbWJkYSBoYW5kbGVyIGluLlxuICAgKlxuICAgKiBAZGVmYXVsdCAtIE5vbmVcbiAgICovXG4gIHJlYWRvbmx5IHZwYz86IGVjMi5JVnBjO1xuXG4gIC8qKlxuICAgKiBXaGVyZSBpbiB0aGUgVlBDIHRvIHBsYWNlIHRoZSBkZXBsb3ltZW50IGxhbWJkYSBoYW5kbGVyLlxuICAgKiBPbmx5IHVzZWQgaWYgJ3ZwYycgaXMgc3VwcGxpZWQuXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gdGhlIFZwYyBkZWZhdWx0IHN0cmF0ZWd5IGlmIG5vdCBzcGVjaWZpZWRcbiAgICovXG4gIHJlYWRvbmx5IHZwY1N1Ym5ldHM/OiBlYzIuU3VibmV0U2VsZWN0aW9uO1xuXG4gIC8qKlxuICAgKiBUaGUgbGlzdCBvZiBzZWN1cml0eSBncm91cHMgdG8gYXNzb2NpYXRlIHdpdGggdGhlIExhbWJkYSdzIG5ldHdvcmsgaW50ZXJmYWNlcy5cbiAgICpcbiAgICogT25seSB1c2VkIGlmICd2cGMnIGlzIHN1cHBsaWVkLlxuICAgKlxuICAgKiBAZGVmYXVsdCAtIElmIHRoZSBmdW5jdGlvbiBpcyBwbGFjZWQgd2l0aGluIGEgVlBDIGFuZCBhIHNlY3VyaXR5IGdyb3VwIGlzXG4gICAqIG5vdCBzcGVjaWZpZWQsIGVpdGhlciBieSB0aGlzIG9yIHNlY3VyaXR5R3JvdXAgcHJvcCwgYSBkZWRpY2F0ZWQgc2VjdXJpdHlcbiAgICogZ3JvdXAgd2lsbCBiZSBjcmVhdGVkIGZvciB0aGlzIGZ1bmN0aW9uLlxuICAgKi9cbiAgcmVhZG9ubHkgc2VjdXJpdHlHcm91cHM/OiBlYzIuU2VjdXJpdHlHcm91cFtdO1xufVxuXG5leHBvcnQgaW50ZXJmYWNlIElJbWFnZU5hbWUge1xuICAvKipcbiAgICogIFRoZSB1cmkgb2YgdGhlIGRvY2tlciBpbWFnZS5cbiAgICpcbiAgICogIFRoZSB1cmkgc3BlYyBmb2xsb3dzIGh0dHBzOi8vZ2l0aHViLmNvbS9jb250YWluZXJzL3Nrb3Blb1xuICAgKi9cbiAgcmVhZG9ubHkgdXJpOiBzdHJpbmc7XG5cbiAgLyoqXG4gICAqIFRoZSBjcmVkZW50aWFscyBvZiB0aGUgZG9ja2VyIGltYWdlLiBGb3JtYXQgYHVzZXI6cGFzc3dvcmRgIG9yIGBBV1MgU2VjcmV0cyBNYW5hZ2VyIHNlY3JldCBhcm5gIG9yIGBBV1MgU2VjcmV0cyBNYW5hZ2VyIHNlY3JldCBuYW1lYC5cbiAgICpcbiAgICogSWYgc3BlY2lmeWluZyBhbiBBV1MgU2VjcmV0cyBNYW5hZ2VyIHNlY3JldCwgdGhlIGZvcm1hdCBvZiB0aGUgc2VjcmV0IHNob3VsZCBiZSBlaXRoZXIgcGxhaW4gdGV4dCAoYHVzZXI6cGFzc3dvcmRgKSBvclxuICAgKiBKU09OIChge1widXNlcm5hbWVcIjpcIjx1c2VybmFtZT5cIixcInBhc3N3b3JkXCI6XCI8cGFzc3dvcmQ+XCJ9YCkuXG4gICAqXG4gICAqIEZvciBtb3JlIGRldGFpbHMgb24gSlNPTiBmb3JtYXQsIHNlZSBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vQW1hem9uRUNTL2xhdGVzdC9kZXZlbG9wZXJndWlkZS9wcml2YXRlLWF1dGguaHRtbFxuICAgKi9cbiAgY3JlZHM/OiBzdHJpbmc7XG59XG5cbmV4cG9ydCBjbGFzcyBEb2NrZXJJbWFnZU5hbWUgaW1wbGVtZW50cyBJSW1hZ2VOYW1lIHtcbiAgLyoqXG4gICAqIEBwYXJhbSBuYW1lIC0gVGhlIG5hbWUgb2YgdGhlIGltYWdlLCBlLmcuIHJldHJpZXZlZCBmcm9tIGBEb2NrZXJJbWFnZUFzc2V0LmltYWdlVXJpYFxuICAgKiBAcGFyYW0gY3JlZHMgLSBUaGUgY3JlZGVudGlhbHMgb2YgdGhlIGRvY2tlciBpbWFnZS4gRm9ybWF0IGB1c2VyOnBhc3N3b3JkYCBvciBgQVdTIFNlY3JldHMgTWFuYWdlciBzZWNyZXQgYXJuYCBvciBgQVdTIFNlY3JldHMgTWFuYWdlciBzZWNyZXQgbmFtZWAuXG4gICAqICAgICBJZiBzcGVjaWZ5aW5nIGFuIEFXUyBTZWNyZXRzIE1hbmFnZXIgc2VjcmV0LCB0aGUgZm9ybWF0IG9mIHRoZSBzZWNyZXQgc2hvdWxkIGJlIGVpdGhlciBwbGFpbiB0ZXh0IChgdXNlcjpwYXNzd29yZGApIG9yXG4gICAqICAgICBKU09OIChge1widXNlcm5hbWVcIjpcIjx1c2VybmFtZT5cIixcInBhc3N3b3JkXCI6XCI8cGFzc3dvcmQ+XCJ9YCkuXG4gICAqICAgICBGb3IgbW9yZSBkZXRhaWxzIG9uIEpTT04gZm9ybWF0LCBzZWUgaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL0FtYXpvbkVDUy9sYXRlc3QvZGV2ZWxvcGVyZ3VpZGUvcHJpdmF0ZS1hdXRoLmh0bWxcbiAgICovXG4gIHB1YmxpYyBjb25zdHJ1Y3Rvcihwcml2YXRlIG5hbWU6IHN0cmluZywgcHVibGljIGNyZWRzPzogc3RyaW5nKSB7IH1cbiAgcHVibGljIGdldCB1cmkoKTogc3RyaW5nIHsgcmV0dXJuIGBkb2NrZXI6Ly8ke3RoaXMubmFtZX1gOyB9XG59XG5cbmV4cG9ydCBjbGFzcyBTM0FyY2hpdmVOYW1lIGltcGxlbWVudHMgSUltYWdlTmFtZSB7XG4gIHByaXZhdGUgbmFtZTogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBAcGFyYW0gcCAtIHRoZSBTMyBidWNrZXQgbmFtZSBhbmQgcGF0aCBvZiB0aGUgYXJjaGl2ZSAoYSBTMyBVUkkgd2l0aG91dCB0aGUgczM6Ly8pXG4gICAqIEBwYXJhbSByZWYgLSBhcHBlbmRlZCB0byB0aGUgZW5kIG9mIHRoZSBuYW1lIHdpdGggYSBgOmAsIGUuZy4gYDpsYXRlc3RgXG4gICAqIEBwYXJhbSBjcmVkcyAtIFRoZSBjcmVkZW50aWFscyBvZiB0aGUgZG9ja2VyIGltYWdlLiBGb3JtYXQgYHVzZXI6cGFzc3dvcmRgIG9yIGBBV1MgU2VjcmV0cyBNYW5hZ2VyIHNlY3JldCBhcm5gIG9yIGBBV1MgU2VjcmV0cyBNYW5hZ2VyIHNlY3JldCBuYW1lYC5cbiAgICogICAgIElmIHNwZWNpZnlpbmcgYW4gQVdTIFNlY3JldHMgTWFuYWdlciBzZWNyZXQsIHRoZSBmb3JtYXQgb2YgdGhlIHNlY3JldCBzaG91bGQgYmUgZWl0aGVyIHBsYWluIHRleHQgKGB1c2VyOnBhc3N3b3JkYCkgb3JcbiAgICogICAgIEpTT04gKGB7XCJ1c2VybmFtZVwiOlwiPHVzZXJuYW1lPlwiLFwicGFzc3dvcmRcIjpcIjxwYXNzd29yZD5cIn1gKS5cbiAgICogICAgIEZvciBtb3JlIGRldGFpbHMgb24gSlNPTiBmb3JtYXQsIHNlZSBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vQW1hem9uRUNTL2xhdGVzdC9kZXZlbG9wZXJndWlkZS9wcml2YXRlLWF1dGguaHRtbFxuICAgKi9cbiAgcHVibGljIGNvbnN0cnVjdG9yKHA6IHN0cmluZywgcmVmPzogc3RyaW5nLCBwdWJsaWMgY3JlZHM/OiBzdHJpbmcpIHtcbiAgICB0aGlzLm5hbWUgPSBwO1xuICAgIGlmIChyZWYpIHtcbiAgICAgIHRoaXMubmFtZSArPSAnOicgKyByZWY7XG4gICAgfVxuICB9XG4gIHB1YmxpYyBnZXQgdXJpKCk6IHN0cmluZyB7IHJldHVybiBgczM6Ly8ke3RoaXMubmFtZX1gOyB9XG59XG5cbmV4cG9ydCBjbGFzcyBFQ1JEZXBsb3ltZW50IGV4dGVuZHMgQ29uc3RydWN0IHtcbiAgcHJpdmF0ZSBoYW5kbGVyOiBsYW1iZGEuU2luZ2xldG9uRnVuY3Rpb247XG5cbiAgY29uc3RydWN0b3Ioc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZywgcHJvcHM6IEVDUkRlcGxveW1lbnRQcm9wcykge1xuICAgIHN1cGVyKHNjb3BlLCBpZCk7XG4gICAgY29uc3QgbWVtb3J5TGltaXQgPSBwcm9wcy5tZW1vcnlMaW1pdCA/PyA1MTI7XG4gICAgdGhpcy5oYW5kbGVyID0gbmV3IGxhbWJkYS5TaW5nbGV0b25GdW5jdGlvbih0aGlzLCAnQ3VzdG9tUmVzb3VyY2VIYW5kbGVyJywge1xuICAgICAgdXVpZDogdGhpcy5yZW5kZXJTaW5nbGV0b25VdWlkKG1lbW9yeUxpbWl0KSxcbiAgICAgIGNvZGU6IGxhbWJkYS5Db2RlLmZyb21Bc3NldChwYXRoLmpvaW4oX19kaXJuYW1lLCAnLi4vbGFtYmRhLWJpbicpKSxcbiAgICAgIHJ1bnRpbWU6IG5ldyBsYW1iZGEuUnVudGltZSgncHJvdmlkZWQuYWwyMDIzJywgUnVudGltZUZhbWlseS5PVEhFUiksIC8vIG5vdCB1c2luZyBSdW50aW1lLlBST1ZJREVEX0FMMjAyMyB0byBzdXBwb3J0IG9sZGVyIENESyB2ZXJzaW9ucyAoPCAyLjEwNS4wKVxuICAgICAgaGFuZGxlcjogJ2Jvb3RzdHJhcCcsXG4gICAgICBsYW1iZGFQdXJwb3NlOiAnQ3VzdG9tOjpDREtFQ1JEZXBsb3ltZW50JyxcbiAgICAgIGRlc2NyaXB0aW9uOiAnQ3VzdG9tIHJlc291cmNlIGhhbmRsZXIgZm9yIGNvcHlpbmcgRG9ja2VyIGltYWdlcyBiZXR3ZWVuIGRvY2tlciByZWdpc3RyaWVzLicsXG4gICAgICB0aW1lb3V0OiBEdXJhdGlvbi5taW51dGVzKDE1KSxcbiAgICAgIHJvbGU6IHByb3BzLnJvbGUsXG4gICAgICBtZW1vcnlTaXplOiBtZW1vcnlMaW1pdCxcbiAgICAgIHZwYzogcHJvcHMudnBjLFxuICAgICAgdnBjU3VibmV0czogcHJvcHMudnBjU3VibmV0cyxcbiAgICAgIHNlY3VyaXR5R3JvdXBzOiBwcm9wcy5zZWN1cml0eUdyb3VwcyxcbiAgICB9KTtcblxuICAgIGNvbnN0IGhhbmRsZXJSb2xlID0gdGhpcy5oYW5kbGVyLnJvbGU7XG4gICAgaWYgKCFoYW5kbGVyUm9sZSkgeyB0aHJvdyBuZXcgRXJyb3IoJ2xhbWJkYS5TaW5nbGV0b25GdW5jdGlvbiBzaG91bGQgaGF2ZSBjcmVhdGVkIGEgUm9sZScpOyB9XG5cbiAgICBoYW5kbGVyUm9sZS5hZGRUb1ByaW5jaXBhbFBvbGljeShcbiAgICAgIG5ldyBpYW0uUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgZWZmZWN0OiBpYW0uRWZmZWN0LkFMTE9XLFxuICAgICAgICBhY3Rpb25zOiBbXG4gICAgICAgICAgJ2VjcjpHZXRBdXRob3JpemF0aW9uVG9rZW4nLFxuICAgICAgICAgICdlY3I6QmF0Y2hDaGVja0xheWVyQXZhaWxhYmlsaXR5JyxcbiAgICAgICAgICAnZWNyOkdldERvd25sb2FkVXJsRm9yTGF5ZXInLFxuICAgICAgICAgICdlY3I6R2V0UmVwb3NpdG9yeVBvbGljeScsXG4gICAgICAgICAgJ2VjcjpEZXNjcmliZVJlcG9zaXRvcmllcycsXG4gICAgICAgICAgJ2VjcjpMaXN0SW1hZ2VzJyxcbiAgICAgICAgICAnZWNyOkRlc2NyaWJlSW1hZ2VzJyxcbiAgICAgICAgICAnZWNyOkJhdGNoR2V0SW1hZ2UnLFxuICAgICAgICAgICdlY3I6TGlzdFRhZ3NGb3JSZXNvdXJjZScsXG4gICAgICAgICAgJ2VjcjpEZXNjcmliZUltYWdlU2NhbkZpbmRpbmdzJyxcbiAgICAgICAgICAnZWNyOkluaXRpYXRlTGF5ZXJVcGxvYWQnLFxuICAgICAgICAgICdlY3I6VXBsb2FkTGF5ZXJQYXJ0JyxcbiAgICAgICAgICAnZWNyOkNvbXBsZXRlTGF5ZXJVcGxvYWQnLFxuICAgICAgICAgICdlY3I6UHV0SW1hZ2UnLFxuICAgICAgICBdLFxuICAgICAgICByZXNvdXJjZXM6IFsnKiddLFxuICAgICAgfSkpO1xuICAgIGhhbmRsZXJSb2xlLmFkZFRvUHJpbmNpcGFsUG9saWN5KG5ldyBpYW0uUG9saWN5U3RhdGVtZW50KHtcbiAgICAgIGVmZmVjdDogaWFtLkVmZmVjdC5BTExPVyxcbiAgICAgIGFjdGlvbnM6IFtcbiAgICAgICAgJ3MzOkdldE9iamVjdCcsXG4gICAgICBdLFxuICAgICAgcmVzb3VyY2VzOiBbJyonXSxcbiAgICB9KSk7XG5cbiAgICBpZiAocHJvcHMuaW1hZ2VBcmNoICYmIHByb3BzLmltYWdlQXJjaC5sZW5ndGggIT09IDEpIHtcbiAgICAgIHRocm93IG5ldyBFcnJvcihgaW1hZ2VBcmNoIG11c3QgY29udGFpbiBleGFjdGx5IDEgZWxlbWVudCwgZ290ICR7SlNPTi5zdHJpbmdpZnkocHJvcHMuaW1hZ2VBcmNoKX1gKTtcbiAgICB9XG4gICAgY29uc3QgaW1hZ2VBcmNoID0gcHJvcHMuaW1hZ2VBcmNoID8gcHJvcHMuaW1hZ2VBcmNoWzBdIDogJyc7XG5cbiAgICBuZXcgQ3VzdG9tUmVzb3VyY2UodGhpcywgJ0N1c3RvbVJlc291cmNlJywge1xuICAgICAgc2VydmljZVRva2VuOiB0aGlzLmhhbmRsZXIuZnVuY3Rpb25Bcm4sXG4gICAgICAvLyBUaGlzIGhhcyBiZWVuIGNvcHkvcGFzdGVkIGFuZCBpcyBhIHB1cmUgbGllLCBidXQgY2hhbmdpbmcgaXQgaXMgZ29pbmcgdG8gY2hhbmdlIHBlb3BsZSdzIGluZnJhISEgWChcbiAgICAgIHJlc291cmNlVHlwZTogJ0N1c3RvbTo6Q0RLRUNSRGVwbG95bWVudCcsXG4gICAgICBwcm9wZXJ0aWVzOiB7XG4gICAgICAgIFNyY0ltYWdlOiBwcm9wcy5zcmMudXJpLFxuICAgICAgICBTcmNDcmVkczogcHJvcHMuc3JjLmNyZWRzLFxuICAgICAgICBEZXN0SW1hZ2U6IHByb3BzLmRlc3QudXJpLFxuICAgICAgICBEZXN0Q3JlZHM6IHByb3BzLmRlc3QuY3JlZHMsXG4gICAgICAgIC4uLmltYWdlQXJjaCA/IHsgSW1hZ2VBcmNoOiBpbWFnZUFyY2ggfSA6IHt9LFxuICAgICAgfSxcbiAgICB9KTtcbiAgfVxuXG4gIHB1YmxpYyBhZGRUb1ByaW5jaXBhbFBvbGljeShzdGF0ZW1lbnQ6IFBvbGljeVN0YXRlbWVudCk6IEFkZFRvUHJpbmNpcGFsUG9saWN5UmVzdWx0IHtcbiAgICBjb25zdCBoYW5kbGVyUm9sZSA9IHRoaXMuaGFuZGxlci5yb2xlO1xuICAgIGlmICghaGFuZGxlclJvbGUpIHsgdGhyb3cgbmV3IEVycm9yKCdsYW1iZGEuU2luZ2xldG9uRnVuY3Rpb24gc2hvdWxkIGhhdmUgY3JlYXRlZCBhIFJvbGUnKTsgfVxuXG4gICAgcmV0dXJuIGhhbmRsZXJSb2xlLmFkZFRvUHJpbmNpcGFsUG9saWN5KHN0YXRlbWVudCk7XG4gIH1cblxuICBwcml2YXRlIHJlbmRlclNpbmdsZXRvblV1aWQobWVtb3J5TGltaXQ/OiBudW1iZXIpIHtcbiAgICBsZXQgdXVpZCA9ICdiZDA3YzkzMC1lZGI5LTQxMTItYTIwZi0wM2YwOTZmNTM2NjYnO1xuXG4gICAgLy8gaWYgdXNlciBzcGVjaWZ5IGEgY3VzdG9tIG1lbW9yeSBsaW1pdCwgZGVmaW5lIGFub3RoZXIgc2luZ2xldG9uIGhhbmRsZXJcbiAgICAvLyB3aXRoIHRoaXMgY29uZmlndXJhdGlvbi4gb3RoZXJ3aXNlLCBpdCB3b24ndCBiZSBwb3NzaWJsZSB0byB1c2UgbXVsdGlwbGVcbiAgICAvLyBjb25maWd1cmF0aW9ucyBzaW5jZSB3ZSBoYXZlIGEgc2luZ2xldG9uLlxuICAgIGlmIChtZW1vcnlMaW1pdCkge1xuICAgICAgaWYgKFRva2VuLmlzVW5yZXNvbHZlZChtZW1vcnlMaW1pdCkpIHtcbiAgICAgICAgdGhyb3cgbmV3IEVycm9yKCdDYW5cXCd0IHVzZSB0b2tlbnMgd2hlbiBzcGVjaWZ5aW5nIFwibWVtb3J5TGltaXRcIiBzaW5jZSB3ZSB1c2UgaXQgdG8gaWRlbnRpZnkgdGhlIHNpbmdsZXRvbiBjdXN0b20gcmVzb3VyY2UgaGFuZGxlcicpO1xuICAgICAgfVxuXG4gICAgICB1dWlkICs9IGAtJHttZW1vcnlMaW1pdC50b1N0cmluZygpfU1pQmA7XG4gICAgfVxuXG4gICAgcmV0dXJuIHV1aWQ7XG4gIH1cbn1cbiJdfQ==