UNPKG

cdk-rds-sql

Version:

A CDK construct that allows creating roles or users and databases an on Aurora Serverless Postgresql or Mysql/MariaDB cluster.

github.com/berenddeboer/cdk-rds-sql

berenddeboer/cdk-rds-sql

133 lines 23.4 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
"use strict"; var _a; Object.defineProperty(exports, "__esModule", { value: true }); exports.Role = void 0; const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti"); const aws_cdk_lib_1 = require("aws-cdk-lib"); const iam = require("aws-cdk-lib/aws-iam"); const aws_secretsmanager_1 = require("aws-cdk-lib/aws-secretsmanager"); const ssm = require("aws-cdk-lib/aws-ssm"); const constructs_1 = require("constructs"); const enum_1 = require("./enum"); const role_custom_resource_1 = require("./role.custom-resource"); // Private Parameters construct (not exported) class Parameters extends constructs_1.Construct { constructor(scope, id, props) { super(scope, id); // Create parameters for each key-value pair Object.entries(props.paramData).forEach(([key, value]) => { if (value !== undefined) { new ssm.StringParameter(this, `Parameter-${key}`, { parameterName: `${props.parameterPrefix}${key}`, stringValue: value.toString(), }); } }); // For password, use the existing provider to store it in SSM const passwordParameterName = `${props.parameterPrefix}password`; const password_parameter = new aws_cdk_lib_1.CustomResource(this, "PasswordParameter", { serviceToken: props.providerServiceToken, properties: { SecretArn: props.secretArn, Resource: enum_1.RdsSqlResource.PARAMETER_PASSWORD, PasswordArn: props.passwordArn, ParameterName: passwordParameterName, }, }); password_parameter.node.addDependency(props.provider); const paramArn = `arn:aws:ssm:${aws_cdk_lib_1.Stack.of(this).region}:${aws_cdk_lib_1.Stack.of(this).account}:parameter${passwordParameterName.startsWith("/") ? "" : "/"}${passwordParameterName}`; props.provider.handler.addToRolePolicy(new iam.PolicyStatement({ actions: ["ssm:PutParameter", "ssm:AddTagsToResource", "ssm:GetParameters"], resources: [paramArn], })); } } class Role extends constructs_1.Construct { constructor(scope, id, props) { if (props.database && props.databaseName) { throw "Specify either database or databaseName"; } if (!props.database && !props.databaseName) { // If neither is specified, we might need a default or throw an error depending on desired behavior. // For now, let's assume it's allowed but the secret won't have a dbname. // If it should be required, uncomment the line below: throw "Specify either database or databaseName"; } super(scope, id); const host = props.provider.cluster.clusterEndpoint ? props.provider.cluster.clusterEndpoint.hostname : props.provider.cluster.instanceEndpoint.hostname; const port = props.provider.cluster.clusterEndpoint ? props.provider.cluster.clusterEndpoint.port : props.provider.cluster.instanceEndpoint.port; const identifier = props.provider.cluster.clusterIdentifier ? props.provider.cluster.clusterIdentifier : props.provider.cluster.instanceIdentifier; const secretTemplate = { dbClusterIdentifier: identifier, engine: props.provider.engine, host: host, port: port, username: props.roleName, dbname: props.database ? props.database.databaseName : props.databaseName, }; this.secret = new aws_secretsmanager_1.Secret(this, "Secret", { secretName: props.secretName, encryptionKey: props.encryptionKey, description: `Generated secret for ${props.provider.engine} role ${props.roleName}`, ...(props.enableIamAuth ? { // For IAM auth, create secret without password generation secretStringTemplate: JSON.stringify(secretTemplate), } : { // For password auth, generate password generateSecretString: { passwordLength: 30, // Oracle password cannot have more than 30 characters secretStringTemplate: JSON.stringify(secretTemplate), generateStringKey: "password", excludeCharacters: " %+~`#$&*()|[]{}:;<>?!'/@\"\\", }, }), removalPolicy: aws_cdk_lib_1.RemovalPolicy.DESTROY, }); // Create Parameters if parameterPrefix is provided if (props.parameterPrefix) { const paramData = { dbClusterIdentifier: identifier, engine: props.provider.engine, host: host, port: port, username: props.roleName, dbname: props.database ? props.database.databaseName : props.databaseName, }; new Parameters(this, "Parameters", { secretArn: props.provider.secret.secretArn, parameterPrefix: props.parameterPrefix, passwordArn: props.enableIamAuth ? "" : this.secret.secretArn, providerServiceToken: props.provider.serviceToken, provider: props.provider, paramData, }); } const role = new role_custom_resource_1.Role(this, "PostgresRole", { provider: props.provider, roleName: props.roleName, passwordArn: props.enableIamAuth ? "" : this.secret.secretArn, database: props.database, databaseName: props.databaseName, enableIamAuth: props.enableIamAuth, }); role.node.addDependency(this.secret); this.roleName = props.roleName; this.secret.grantRead(props.provider.handler); if (this.secret.encryptionKey) { // It seems we need to grant explicit permission this.secret.encryptionKey.grantDecrypt(props.provider.handler); } } } exports.Role = Role; _a = JSII_RTTI_SYMBOL_1; Role[_a] = { fqn: "cdk-rds-sql.Role", version: "6.1.4" }; //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicm9sZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uL3NyYy9yb2xlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7O0FBQUEsNkNBQWtFO0FBQ2xFLDJDQUEwQztBQUcxQyx1RUFBZ0U7QUFDaEUsMkNBQTBDO0FBQzFDLDJDQUFzQztBQUV0QyxpQ0FBdUM7QUFFdkMsaUVBQW1FO0FBNEVuRSw4Q0FBOEM7QUFDOUMsTUFBTSxVQUFXLFNBQVEsc0JBQVM7SUFDaEMsWUFDRSxLQUFnQixFQUNoQixFQUFVLEVBQ1YsS0FPQztRQUVELEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFDLENBQUE7UUFFaEIsNENBQTRDO1FBQzVDLE1BQU0sQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDLFNBQVMsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsR0FBRyxFQUFFLEtBQUssQ0FBQyxFQUFFLEVBQUU7WUFDdkQsSUFBSSxLQUFLLEtBQUssU0FBUyxFQUFFLENBQUM7Z0JBQ3hCLElBQUksR0FBRyxDQUFDLGVBQWUsQ0FBQyxJQUFJLEVBQUUsYUFBYSxHQUFHLEVBQUUsRUFBRTtvQkFDaEQsYUFBYSxFQUFFLEdBQUcsS0FBSyxDQUFDLGVBQWUsR0FBRyxHQUFHLEVBQUU7b0JBQy9DLFdBQVcsRUFBRSxLQUFLLENBQUMsUUFBUSxFQUFFO2lCQUM5QixDQUFDLENBQUE7WUFDSixDQUFDO1FBQ0gsQ0FBQyxDQUFDLENBQUE7UUFFRiw2REFBNkQ7UUFDN0QsTUFBTSxxQkFBcUIsR0FBRyxHQUFHLEtBQUssQ0FBQyxlQUFlLFVBQVUsQ0FBQTtRQUNoRSxNQUFNLGtCQUFrQixHQUFHLElBQUksNEJBQWMsQ0FBQyxJQUFJLEVBQUUsbUJBQW1CLEVBQUU7WUFDdkUsWUFBWSxFQUFFLEtBQUssQ0FBQyxvQkFBb0I7WUFDeEMsVUFBVSxFQUFFO2dCQUNWLFNBQVMsRUFBRSxLQUFLLENBQUMsU0FBUztnQkFDMUIsUUFBUSxFQUFFLHFCQUFjLENBQUMsa0JBQWtCO2dCQUMzQyxXQUFXLEVBQUUsS0FBSyxDQUFDLFdBQVc7Z0JBQzlCLGFBQWEsRUFBRSxxQkFBcUI7YUFDckM7U0FDRixDQUFDLENBQUE7UUFDRixrQkFBa0IsQ0FBQyxJQUFJLENBQUMsYUFBYSxDQUFDLEtBQUssQ0FBQyxRQUFRLENBQUMsQ0FBQTtRQUVyRCxNQUFNLFFBQVEsR0FBRyxlQUFlLG1CQUFLLENBQUMsRUFBRSxDQUFDLElBQUksQ0FBQyxDQUFDLE1BQU0sSUFDbkQsbUJBQUssQ0FBQyxFQUFFLENBQUMsSUFBSSxDQUFDLENBQUMsT0FDakIsYUFDRSxxQkFBcUIsQ0FBQyxVQUFVLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsR0FDL0MsR0FBRyxxQkFBcUIsRUFBRSxDQUFBO1FBRTFCLEtBQUssQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFDLGVBQWUsQ0FDcEMsSUFBSSxHQUFHLENBQUMsZUFBZSxDQUFDO1lBQ3RCLE9BQU8sRUFBRSxDQUFDLGtCQUFrQixFQUFFLHVCQUF1QixFQUFFLG1CQUFtQixDQUFDO1lBQzNFLFNBQVMsRUFBRSxDQUFDLFFBQVEsQ0FBQztTQUN0QixDQUFDLENBQ0gsQ0FBQTtJQUNILENBQUM7Q0FDRjtBQUVELE1BQWEsSUFBSyxTQUFRLHNCQUFTO0lBV2pDLFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBZ0I7UUFDeEQsSUFBSSxLQUFLLENBQUMsUUFBUSxJQUFJLEtBQUssQ0FBQyxZQUFZLEVBQUUsQ0FBQztZQUN6QyxNQUFNLHlDQUF5QyxDQUFBO1FBQ2pELENBQUM7UUFDRCxJQUFJLENBQUMsS0FBSyxDQUFDLFFBQVEsSUFBSSxDQUFDLEtBQUssQ0FBQyxZQUFZLEVBQUUsQ0FBQztZQUMzQyxvR0FBb0c7WUFDcEcseUVBQXlFO1lBQ3pFLHNEQUFzRDtZQUN0RCxNQUFNLHlDQUF5QyxDQUFBO1FBQ2pELENBQUM7UUFDRCxLQUFLLENBQUMsS0FBSyxFQUFFLEVBQUUsQ0FBQyxDQUFBO1FBRWhCLE1BQU0sSUFBSSxHQUFJLEtBQUssQ0FBQyxRQUFRLENBQUMsT0FBNEIsQ0FBQyxlQUFlO1lBQ3ZFLENBQUMsQ0FBRSxLQUFLLENBQUMsUUFBUSxDQUFDLE9BQTRCLENBQUMsZUFBZSxDQUFDLFFBQVE7WUFDdkUsQ0FBQyxDQUFFLEtBQUssQ0FBQyxRQUFRLENBQUMsT0FBNkIsQ0FBQyxnQkFBZ0IsQ0FBQyxRQUFRLENBQUE7UUFFM0UsTUFBTSxJQUFJLEdBQUksS0FBSyxDQUFDLFFBQVEsQ0FBQyxPQUE0QixDQUFDLGVBQWU7WUFDdkUsQ0FBQyxDQUFFLEtBQUssQ0FBQyxRQUFRLENBQUMsT0FBNEIsQ0FBQyxlQUFlLENBQUMsSUFBSTtZQUNuRSxDQUFDLENBQUUsS0FBSyxDQUFDLFFBQVEsQ0FBQyxPQUE2QixDQUFDLGdCQUFnQixDQUFDLElBQUksQ0FBQTtRQUV2RSxNQUFNLFVBQVUsR0FBSSxLQUFLLENBQUMsUUFBUSxDQUFDLE9BQTRCLENBQUMsaUJBQWlCO1lBQy9FLENBQUMsQ0FBRSxLQUFLLENBQUMsUUFBUSxDQUFDLE9BQTRCLENBQUMsaUJBQWlCO1lBQ2hFLENBQUMsQ0FBRSxLQUFLLENBQUMsUUFBUSxDQUFDLE9BQTZCLENBQUMsa0JBQWtCLENBQUE7UUFFcEUsTUFBTSxjQUFjLEdBQUc7WUFDckIsbUJBQW1CLEVBQUUsVUFBVTtZQUMvQixNQUFNLEVBQUUsS0FBSyxDQUFDLFFBQVEsQ0FBQyxNQUFNO1lBQzdCLElBQUksRUFBRSxJQUFJO1lBQ1YsSUFBSSxFQUFFLElBQUk7WUFDVixRQUFRLEVBQUUsS0FBSyxDQUFDLFFBQVE7WUFDeEIsTUFBTSxFQUFFLEtBQUssQ0FBQyxRQUFRLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxRQUFRLENBQUMsWUFBWSxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsWUFBWTtTQUMxRSxDQUFBO1FBRUQsSUFBSSxDQUFDLE1BQU0sR0FBRyxJQUFJLDJCQUFNLENBQUMsSUFBSSxFQUFFLFFBQVEsRUFBRTtZQUN2QyxVQUFVLEVBQUUsS0FBSyxDQUFDLFVBQVU7WUFDNUIsYUFBYSxFQUFFLEtBQUssQ0FBQyxhQUFhO1lBQ2xDLFdBQVcsRUFBRSx3QkFBd0IsS0FBSyxDQUFDLFFBQVEsQ0FBQyxNQUFNLFNBQVMsS0FBSyxDQUFDLFFBQVEsRUFBRTtZQUNuRixHQUFHLENBQUMsS0FBSyxDQUFDLGFBQWE7Z0JBQ3JCLENBQUMsQ0FBQztvQkFDRSwwREFBMEQ7b0JBQzFELG9CQUFvQixFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsY0FBYyxDQUFDO2lCQUNyRDtnQkFDSCxDQUFDLENBQUM7b0JBQ0UsdUNBQXVDO29CQUN2QyxvQkFBb0IsRUFBRTt3QkFDcEIsY0FBYyxFQUFFLEVBQUUsRUFBRSxzREFBc0Q7d0JBQzFFLG9CQUFvQixFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsY0FBYyxDQUFDO3dCQUNwRCxpQkFBaUIsRUFBRSxVQUFVO3dCQUM3QixpQkFBaUIsRUFBRSwrQkFBK0I7cUJBQ25EO2lCQUNGLENBQUM7WUFDTixhQUFhLEVBQUUsMkJBQWEsQ0FBQyxPQUFPO1NBQ3JDLENBQUMsQ0FBQTtRQUVGLG1EQUFtRDtRQUNuRCxJQUFJLEtBQUssQ0FBQyxlQUFlLEVBQUUsQ0FBQztZQUMxQixNQUFNLFNBQVMsR0FBRztnQkFDaEIsbUJBQW1CLEVBQUUsVUFBVTtnQkFDL0IsTUFBTSxFQUFFLEtBQUssQ0FBQyxRQUFRLENBQUMsTUFBTTtnQkFDN0IsSUFBSSxFQUFFLElBQUk7Z0JBQ1YsSUFBSSxFQUFFLElBQUk7Z0JBQ1YsUUFBUSxFQUFFLEtBQUssQ0FBQyxRQUFRO2dCQUN4QixNQUFNLEVBQUUsS0FBSyxDQUFDLFFBQVEsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLFFBQVEsQ0FBQyxZQUFZLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxZQUFZO2FBQzFFLENBQUE7WUFFRCxJQUFJLFVBQVUsQ0FBQyxJQUFJLEVBQUUsWUFBWSxFQUFFO2dCQUNqQyxTQUFTLEVBQUUsS0FBSyxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsU0FBUztnQkFDMUMsZUFBZSxFQUFFLEtBQUssQ0FBQyxlQUFlO2dCQUN0QyxXQUFXLEVBQUUsS0FBSyxDQUFDLGFBQWEsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLFNBQVM7Z0JBQzdELG9CQUFvQixFQUFFLEtBQUssQ0FBQyxRQUFRLENBQUMsWUFBWTtnQkFDakQsUUFBUSxFQUFFLEtBQUssQ0FBQyxRQUFRO2dCQUN4QixTQUFTO2FBQ1YsQ0FBQyxDQUFBO1FBQ0osQ0FBQztRQUVELE1BQU0sSUFBSSxHQUFHLElBQUksMkJBQWtCLENBQUMsSUFBSSxFQUFFLGNBQWMsRUFBRTtZQUN4RCxRQUFRLEVBQUUsS0FBSyxDQUFDLFFBQVE7WUFDeEIsUUFBUSxFQUFFLEtBQUssQ0FBQyxRQUFRO1lBQ3hCLFdBQVcsRUFBRSxLQUFLLENBQUMsYUFBYSxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsU0FBUztZQUM3RCxRQUFRLEVBQUUsS0FBSyxDQUFDLFFBQVE7WUFDeEIsWUFBWSxFQUFFLEtBQUssQ0FBQyxZQUFZO1lBQ2hDLGFBQWEsRUFBRSxLQUFLLENBQUMsYUFBYTtTQUNuQyxDQUFDLENBQUE7UUFDRixJQUFJLENBQUMsSUFBSSxDQUFDLGFBQWEsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUE7UUFDcEMsSUFBSSxDQUFDLFFBQVEsR0FBRyxLQUFLLENBQUMsUUFBUSxDQUFBO1FBQzlCLElBQUksQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDLEtBQUssQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFDLENBQUE7UUFDN0MsSUFBSSxJQUFJLENBQUMsTUFBTSxDQUFDLGFBQWEsRUFBRSxDQUFDO1lBQzlCLGdEQUFnRDtZQUNoRCxJQUFJLENBQUMsTUFBTSxDQUFDLGFBQWEsQ0FBQyxZQUFZLENBQUMsS0FBSyxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsQ0FBQTtRQUNoRSxDQUFDO0lBQ0gsQ0FBQzs7QUFyR0gsb0JBc0dDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgQ3VzdG9tUmVzb3VyY2UsIFJlbW92YWxQb2xpY3ksIFN0YWNrIH0gZnJvbSBcImF3cy1jZGstbGliXCJcbmltcG9ydCAqIGFzIGlhbSBmcm9tIFwiYXdzLWNkay1saWIvYXdzLWlhbVwiXG5pbXBvcnQgKiBhcyBrbXMgZnJvbSBcImF3cy1jZGstbGliL2F3cy1rbXNcIlxuaW1wb3J0IHsgSURhdGFiYXNlQ2x1c3RlciwgSURhdGFiYXNlSW5zdGFuY2UgfSBmcm9tIFwiYXdzLWNkay1saWIvYXdzLXJkc1wiXG5pbXBvcnQgeyBJU2VjcmV0LCBTZWNyZXQgfSBmcm9tIFwiYXdzLWNkay1saWIvYXdzLXNlY3JldHNtYW5hZ2VyXCJcbmltcG9ydCAqIGFzIHNzbSBmcm9tIFwiYXdzLWNkay1saWIvYXdzLXNzbVwiXG5pbXBvcnQgeyBDb25zdHJ1Y3QgfSBmcm9tIFwiY29uc3RydWN0c1wiXG5pbXBvcnQgeyBJRGF0YWJhc2UgfSBmcm9tIFwiLi9kYXRhYmFzZVwiXG5pbXBvcnQgeyBSZHNTcWxSZXNvdXJjZSB9IGZyb20gXCIuL2VudW1cIlxuaW1wb3J0IHsgUHJvdmlkZXIgfSBmcm9tIFwiLi9wcm92aWRlclwiXG5pbXBvcnQgeyBSb2xlIGFzIEN1c3RvbVJlc291cmNlUm9sZSB9IGZyb20gXCIuL3JvbGUuY3VzdG9tLXJlc291cmNlXCJcblxuZXhwb3J0IGludGVyZmFjZSBSb2xlUHJvcHMge1xuICAvKipcbiAgICogUHJvdmlkZXIuXG4gICAqL1xuICByZWFkb25seSBwcm92aWRlcjogUHJvdmlkZXJcblxuICAvKipcbiAgICogU1FMLlxuICAgKi9cbiAgcmVhZG9ubHkgcm9sZU5hbWU6IHN0cmluZ1xuXG4gIC8qKlxuICAgKiBPcHRpb25hbCBkYXRhYmFzZSB0aGlzIHVzZXIgaXMgZXhwZWN0ZWQgdG8gdXNlLlxuICAgKlxuICAgKiBJZiB0aGUgZGF0YWJhc2UgZXhpc3RzLCBjb25uZWN0IHByaXZpbGVnZXMgYXJlIGdyYW50ZWQuXG4gICAqXG4gICAqIFNwZWNpZnkgb25lIG9mIGBkYXRhYmFzZWAgb3IgYGRhdGFiYXNlTmFtZWAuIFRoaXMgaXMgdGhlIG5hbWVcbiAgICogdGhhdCB3aWxsIGJlIHN0b3JlZCBpbiB0aGUgcm9sZSdzIHNlY3JldCBhcyB0aGUgZGF0YWJhc2UgbmFtZSB0b1xuICAgKiB1c2UuXG4gICAqL1xuICByZWFkb25seSBkYXRhYmFzZT86IElEYXRhYmFzZVxuXG4gIC8qKlxuICAgKiBPcHRpb25hbCBkYXRhYmFzZSBuYW1lIHRoaXMgdXNlciBpcyBleHBlY3RlZCB0byB1c2UuXG4gICAqXG4gICAqIElmIHRoZSBkYXRhYmFzZSBleGlzdHMsIGNvbm5lY3QgcHJpdmlsZWdlcyBhcmUgZ3JhbnRlZC5cbiAgICpcbiAgICogU3BlY2lmeSBvbmUgb2YgYGRhdGFiYXNlYCBvciBgZGF0YWJhc2VOYW1lYC4gVGhpcyBpcyB0aGUgbmFtZVxuICAgKiB0aGF0IHdpbGwgYmUgc3RvcmVkIGluIHRoZSByb2xlJ3Mgc2VjcmV0IGFzIHRoZSBkYXRhYmFzZSBuYW1lIHRvXG4gICAqIHVzZS5cbiAgICovXG4gIHJlYWRvbmx5IGRhdGFiYXNlTmFtZT86IHN0cmluZ1xuXG4gIC8qKlxuICAgKiBBIG5ldyBzZWNyZXQgaXMgY3JlYXRlZCBmb3IgdGhpcyB1c2VyLlxuICAgKlxuICAgKiBPcHRpb25hbGx5IGVuY3J5cHQgaXQgd2l0aCB0aGUgZ2l2ZW4ga2V5LlxuICAgKi9cbiAgcmVhZG9ubHkgZW5jcnlwdGlvbktleT86IGttcy5JS2V5XG5cbiAgLyoqXG4gICAqIEEgbmV3IHNlY3JldCBpcyBjcmVhdGVkIGZvciB0aGlzIHVzZXIuXG4gICAqXG4gICAqIE9wdGlvbmFsbHkgYWRkIHNlY3JldCBuYW1lIHRvIHRoZSBzZWNyZXQuXG4gICAqL1xuICByZWFkb25seSBzZWNyZXROYW1lPzogc3RyaW5nXG5cbiAgLyoqXG4gICAqIFByZWZpeCBmb3IgU1NNIHBhcmFtZXRlcnMgdG8gc3RvcmUgY3JlZGVudGlhbHMgaW4gUGFyYW1ldGVyIFN0b3JlLlxuICAgKiBXaGVuIGRlZmluZWQsIGNyZWRlbnRpYWxzIHdpbGwgYWxzbyBiZSBzdG9yZWQgYXMgcGFyYW1ldGVycy5cbiAgICpcbiAgICogVGhlIHBhcmFtZXRlciBuYW1lcyBzdWNoIGFzIFwicGFzc3dvcmRcIiBpcyBzaW1wbHkgYXBwZW5kZWQgdG9cbiAgICogYHBhcmFtZXRlclByZWZpeGAsIHNvIG1ha2Ugc3VyZSB0aGUgcHJlZml4IGVuZHMgd2l0aCBhIHNsYXNoIGlmXG4gICAqICB5b3UgaGF2ZSB5b3VyIHBhcmFtZXRlciBuYW1lcyBzbGFzaCBzZXBhcmF0ZWQuXG4gICAqXG4gICAqIE5vdGUgdGhhdCB0aGUgcGFzc3dvcmQgZnJvbSB0aGUgc2VjcmV0IGlzIGNvcGllZCBqdXN0IG9uY2UsIHRoZXlcbiAgICogYXJlIG5vdCBrZXB0IGluIHN5bmMuXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gY3JlZGVudGlhbHMgYXJlIG9ubHkgc3RvcmVkIGluIFNlY3JldHMgTWFuYWdlclxuICAgKi9cbiAgcmVhZG9ubHkgcGFyYW1ldGVyUHJlZml4Pzogc3RyaW5nXG5cbiAgLyoqXG4gICAqIEVuYWJsZSBJQU0gYXV0aGVudGljYXRpb24gZm9yIHRoaXMgcm9sZS5cbiAgICpcbiAgICogV2hlbiBlbmFibGVkLCB0aGUgcm9sZSB3aWxsIGJlIGNyZWF0ZWQgd2l0aG91dCBhIHBhc3N3b3JkIGFuZFxuICAgKiBjb25maWd1cmVkIGZvciBBV1MgSUFNIGRhdGFiYXNlIGF1dGhlbnRpY2F0aW9uLiBUaGUgc2VjcmV0XG4gICAqIHdpbGwgbm90IGNvbnRhaW4gYSBwYXNzd29yZCBmaWVsZC5cbiAgICpcbiAgICogQGRlZmF1bHQgZmFsc2UgLSB1c2UgcGFzc3dvcmQgYXV0aGVudGljYXRpb25cbiAgICovXG4gIHJlYWRvbmx5IGVuYWJsZUlhbUF1dGg/OiBib29sZWFuXG59XG5cbi8vIFByaXZhdGUgUGFyYW1ldGVycyBjb25zdHJ1Y3QgKG5vdCBleHBvcnRlZClcbmNsYXNzIFBhcmFtZXRlcnMgZXh0ZW5kcyBDb25zdHJ1Y3Qge1xuICBjb25zdHJ1Y3RvcihcbiAgICBzY29wZTogQ29uc3RydWN0LFxuICAgIGlkOiBzdHJpbmcsXG4gICAgcHJvcHM6IHtcbiAgICAgIHByb3ZpZGVyOiBQcm92aWRlclxuICAgICAgc2VjcmV0QXJuOiBzdHJpbmdcbiAgICAgIHBhcmFtZXRlclByZWZpeDogc3RyaW5nXG4gICAgICBwYXNzd29yZEFybjogc3RyaW5nXG4gICAgICBwcm92aWRlclNlcnZpY2VUb2tlbjogc3RyaW5nXG4gICAgICBwYXJhbURhdGE6IFJlY29yZDxzdHJpbmcsIGFueT5cbiAgICB9XG4gICkge1xuICAgIHN1cGVyKHNjb3BlLCBpZClcblxuICAgIC8vIENyZWF0ZSBwYXJhbWV0ZXJzIGZvciBlYWNoIGtleS12YWx1ZSBwYWlyXG4gICAgT2JqZWN0LmVudHJpZXMocHJvcHMucGFyYW1EYXRhKS5mb3JFYWNoKChba2V5LCB2YWx1ZV0pID0+IHtcbiAgICAgIGlmICh2YWx1ZSAhPT0gdW5kZWZpbmVkKSB7XG4gICAgICAgIG5ldyBzc20uU3RyaW5nUGFyYW1ldGVyKHRoaXMsIGBQYXJhbWV0ZXItJHtrZXl9YCwge1xuICAgICAgICAgIHBhcmFtZXRlck5hbWU6IGAke3Byb3BzLnBhcmFtZXRlclByZWZpeH0ke2tleX1gLFxuICAgICAgICAgIHN0cmluZ1ZhbHVlOiB2YWx1ZS50b1N0cmluZygpLFxuICAgICAgICB9KVxuICAgICAgfVxuICAgIH0pXG5cbiAgICAvLyBGb3IgcGFzc3dvcmQsIHVzZSB0aGUgZXhpc3RpbmcgcHJvdmlkZXIgdG8gc3RvcmUgaXQgaW4gU1NNXG4gICAgY29uc3QgcGFzc3dvcmRQYXJhbWV0ZXJOYW1lID0gYCR7cHJvcHMucGFyYW1ldGVyUHJlZml4fXBhc3N3b3JkYFxuICAgIGNvbnN0IHBhc3N3b3JkX3BhcmFtZXRlciA9IG5ldyBDdXN0b21SZXNvdXJjZSh0aGlzLCBcIlBhc3N3b3JkUGFyYW1ldGVyXCIsIHtcbiAgICAgIHNlcnZpY2VUb2tlbjogcHJvcHMucHJvdmlkZXJTZXJ2aWNlVG9rZW4sXG4gICAgICBwcm9wZXJ0aWVzOiB7XG4gICAgICAgIFNlY3JldEFybjogcHJvcHMuc2VjcmV0QXJuLFxuICAgICAgICBSZXNvdXJjZTogUmRzU3FsUmVzb3VyY2UuUEFSQU1FVEVSX1BBU1NXT1JELFxuICAgICAgICBQYXNzd29yZEFybjogcHJvcHMucGFzc3dvcmRBcm4sXG4gICAgICAgIFBhcmFtZXRlck5hbWU6IHBhc3N3b3JkUGFyYW1ldGVyTmFtZSxcbiAgICAgIH0sXG4gICAgfSlcbiAgICBwYXNzd29yZF9wYXJhbWV0ZXIubm9kZS5hZGREZXBlbmRlbmN5KHByb3BzLnByb3ZpZGVyKVxuXG4gICAgY29uc3QgcGFyYW1Bcm4gPSBgYXJuOmF3czpzc206JHtTdGFjay5vZih0aGlzKS5yZWdpb259OiR7XG4gICAgICBTdGFjay5vZih0aGlzKS5hY2NvdW50XG4gICAgfTpwYXJhbWV0ZXIke1xuICAgICAgcGFzc3dvcmRQYXJhbWV0ZXJOYW1lLnN0YXJ0c1dpdGgoXCIvXCIpID8gXCJcIiA6IFwiL1wiXG4gICAgfSR7cGFzc3dvcmRQYXJhbWV0ZXJOYW1lfWBcblxuICAgIHByb3BzLnByb3ZpZGVyLmhhbmRsZXIuYWRkVG9Sb2xlUG9saWN5KFxuICAgICAgbmV3IGlhbS5Qb2xpY3lTdGF0ZW1lbnQoe1xuICAgICAgICBhY3Rpb25zOiBbXCJzc206UHV0UGFyYW1ldGVyXCIsIFwic3NtOkFkZFRhZ3NUb1Jlc291cmNlXCIsIFwic3NtOkdldFBhcmFtZXRlcnNcIl0sXG4gICAgICAgIHJlc291cmNlczogW3BhcmFtQXJuXSxcbiAgICAgIH0pXG4gICAgKVxuICB9XG59XG5cbmV4cG9ydCBjbGFzcyBSb2xlIGV4dGVuZHMgQ29uc3RydWN0IHtcbiAgLyoqXG4gICAqIFRoZSByb2xlIG5hbWUuXG4gICAqL1xuICBwdWJsaWMgcmVhZG9ubHkgcm9sZU5hbWU6IHN0cmluZ1xuXG4gIC8qKlxuICAgKiBUaGUgZ2VuZXJhdGVkIHNlY3JldC5cbiAgICovXG4gIHB1YmxpYyByZWFkb25seSBzZWNyZXQ6IElTZWNyZXRcblxuICBjb25zdHJ1Y3RvcihzY29wZTogQ29uc3RydWN0LCBpZDogc3RyaW5nLCBwcm9wczogUm9sZVByb3BzKSB7XG4gICAgaWYgKHByb3BzLmRhdGFiYXNlICYmIHByb3BzLmRhdGFiYXNlTmFtZSkge1xuICAgICAgdGhyb3cgXCJTcGVjaWZ5IGVpdGhlciBkYXRhYmFzZSBvciBkYXRhYmFzZU5hbWVcIlxuICAgIH1cbiAgICBpZiAoIXByb3BzLmRhdGFiYXNlICYmICFwcm9wcy5kYXRhYmFzZU5hbWUpIHtcbiAgICAgIC8vIElmIG5laXRoZXIgaXMgc3BlY2lmaWVkLCB3ZSBtaWdodCBuZWVkIGEgZGVmYXVsdCBvciB0aHJvdyBhbiBlcnJvciBkZXBlbmRpbmcgb24gZGVzaXJlZCBiZWhhdmlvci5cbiAgICAgIC8vIEZvciBub3csIGxldCdzIGFzc3VtZSBpdCdzIGFsbG93ZWQgYnV0IHRoZSBzZWNyZXQgd29uJ3QgaGF2ZSBhIGRibmFtZS5cbiAgICAgIC8vIElmIGl0IHNob3VsZCBiZSByZXF1aXJlZCwgdW5jb21tZW50IHRoZSBsaW5lIGJlbG93OlxuICAgICAgdGhyb3cgXCJTcGVjaWZ5IGVpdGhlciBkYXRhYmFzZSBvciBkYXRhYmFzZU5hbWVcIlxuICAgIH1cbiAgICBzdXBlcihzY29wZSwgaWQpXG5cbiAgICBjb25zdCBob3N0ID0gKHByb3BzLnByb3ZpZGVyLmNsdXN0ZXIgYXMgSURhdGFiYXNlQ2x1c3RlcikuY2x1c3RlckVuZHBvaW50XG4gICAgICA/IChwcm9wcy5wcm92aWRlci5jbHVzdGVyIGFzIElEYXRhYmFzZUNsdXN0ZXIpLmNsdXN0ZXJFbmRwb2ludC5ob3N0bmFtZVxuICAgICAgOiAocHJvcHMucHJvdmlkZXIuY2x1c3RlciBhcyBJRGF0YWJhc2VJbnN0YW5jZSkuaW5zdGFuY2VFbmRwb2ludC5ob3N0bmFtZVxuXG4gICAgY29uc3QgcG9ydCA9IChwcm9wcy5wcm92aWRlci5jbHVzdGVyIGFzIElEYXRhYmFzZUNsdXN0ZXIpLmNsdXN0ZXJFbmRwb2ludFxuICAgICAgPyAocHJvcHMucHJvdmlkZXIuY2x1c3RlciBhcyBJRGF0YWJhc2VDbHVzdGVyKS5jbHVzdGVyRW5kcG9pbnQucG9ydFxuICAgICAgOiAocHJvcHMucHJvdmlkZXIuY2x1c3RlciBhcyBJRGF0YWJhc2VJbnN0YW5jZSkuaW5zdGFuY2VFbmRwb2ludC5wb3J0XG5cbiAgICBjb25zdCBpZGVudGlmaWVyID0gKHByb3BzLnByb3ZpZGVyLmNsdXN0ZXIgYXMgSURhdGFiYXNlQ2x1c3RlcikuY2x1c3RlcklkZW50aWZpZXJcbiAgICAgID8gKHByb3BzLnByb3ZpZGVyLmNsdXN0ZXIgYXMgSURhdGFiYXNlQ2x1c3RlcikuY2x1c3RlcklkZW50aWZpZXJcbiAgICAgIDogKHByb3BzLnByb3ZpZGVyLmNsdXN0ZXIgYXMgSURhdGFiYXNlSW5zdGFuY2UpLmluc3RhbmNlSWRlbnRpZmllclxuXG4gICAgY29uc3Qgc2VjcmV0VGVtcGxhdGUgPSB7XG4gICAgICBkYkNsdXN0ZXJJZGVudGlmaWVyOiBpZGVudGlmaWVyLFxuICAgICAgZW5naW5lOiBwcm9wcy5wcm92aWRlci5lbmdpbmUsXG4gICAgICBob3N0OiBob3N0LFxuICAgICAgcG9ydDogcG9ydCxcbiAgICAgIHVzZXJuYW1lOiBwcm9wcy5yb2xlTmFtZSxcbiAgICAgIGRibmFtZTogcHJvcHMuZGF0YWJhc2UgPyBwcm9wcy5kYXRhYmFzZS5kYXRhYmFzZU5hbWUgOiBwcm9wcy5kYXRhYmFzZU5hbWUsXG4gICAgfVxuXG4gICAgdGhpcy5zZWNyZXQgPSBuZXcgU2VjcmV0KHRoaXMsIFwiU2VjcmV0XCIsIHtcbiAgICAgIHNlY3JldE5hbWU6IHByb3BzLnNlY3JldE5hbWUsXG4gICAgICBlbmNyeXB0aW9uS2V5OiBwcm9wcy5lbmNyeXB0aW9uS2V5LFxuICAgICAgZGVzY3JpcHRpb246IGBHZW5lcmF0ZWQgc2VjcmV0IGZvciAke3Byb3BzLnByb3ZpZGVyLmVuZ2luZX0gcm9sZSAke3Byb3BzLnJvbGVOYW1lfWAsXG4gICAgICAuLi4ocHJvcHMuZW5hYmxlSWFtQXV0aFxuICAgICAgICA/IHtcbiAgICAgICAgICAgIC8vIEZvciBJQU0gYXV0aCwgY3JlYXRlIHNlY3JldCB3aXRob3V0IHBhc3N3b3JkIGdlbmVyYXRpb25cbiAgICAgICAgICAgIHNlY3JldFN0cmluZ1RlbXBsYXRlOiBKU09OLnN0cmluZ2lmeShzZWNyZXRUZW1wbGF0ZSksXG4gICAgICAgICAgfVxuICAgICAgICA6IHtcbiAgICAgICAgICAgIC8vIEZvciBwYXNzd29yZCBhdXRoLCBnZW5lcmF0ZSBwYXNzd29yZFxuICAgICAgICAgICAgZ2VuZXJhdGVTZWNyZXRTdHJpbmc6IHtcbiAgICAgICAgICAgICAgcGFzc3dvcmRMZW5ndGg6IDMwLCAvLyBPcmFjbGUgcGFzc3dvcmQgY2Fubm90IGhhdmUgbW9yZSB0aGFuIDMwIGNoYXJhY3RlcnNcbiAgICAgICAgICAgICAgc2VjcmV0U3RyaW5nVGVtcGxhdGU6IEpTT04uc3RyaW5naWZ5KHNlY3JldFRlbXBsYXRlKSxcbiAgICAgICAgICAgICAgZ2VuZXJhdGVTdHJpbmdLZXk6IFwicGFzc3dvcmRcIixcbiAgICAgICAgICAgICAgZXhjbHVkZUNoYXJhY3RlcnM6IFwiICUrfmAjJCYqKCl8W117fTo7PD4/IScvQFxcXCJcXFxcXCIsXG4gICAgICAgICAgICB9LFxuICAgICAgICAgIH0pLFxuICAgICAgcmVtb3ZhbFBvbGljeTogUmVtb3ZhbFBvbGljeS5ERVNUUk9ZLFxuICAgIH0pXG5cbiAgICAvLyBDcmVhdGUgUGFyYW1ldGVycyBpZiBwYXJhbWV0ZXJQcmVmaXggaXMgcHJvdmlkZWRcbiAgICBpZiAocHJvcHMucGFyYW1ldGVyUHJlZml4KSB7XG4gICAgICBjb25zdCBwYXJhbURhdGEgPSB7XG4gICAgICAgIGRiQ2x1c3RlcklkZW50aWZpZXI6IGlkZW50aWZpZXIsXG4gICAgICAgIGVuZ2luZTogcHJvcHMucHJvdmlkZXIuZW5naW5lLFxuICAgICAgICBob3N0OiBob3N0LFxuICAgICAgICBwb3J0OiBwb3J0LFxuICAgICAgICB1c2VybmFtZTogcHJvcHMucm9sZU5hbWUsXG4gICAgICAgIGRibmFtZTogcHJvcHMuZGF0YWJhc2UgPyBwcm9wcy5kYXRhYmFzZS5kYXRhYmFzZU5hbWUgOiBwcm9wcy5kYXRhYmFzZU5hbWUsXG4gICAgICB9XG5cbiAgICAgIG5ldyBQYXJhbWV0ZXJzKHRoaXMsIFwiUGFyYW1ldGVyc1wiLCB7XG4gICAgICAgIHNlY3JldEFybjogcHJvcHMucHJvdmlkZXIuc2VjcmV0LnNlY3JldEFybixcbiAgICAgICAgcGFyYW1ldGVyUHJlZml4OiBwcm9wcy5wYXJhbWV0ZXJQcmVmaXgsXG4gICAgICAgIHBhc3N3b3JkQXJuOiBwcm9wcy5lbmFibGVJYW1BdXRoID8gXCJcIiA6IHRoaXMuc2VjcmV0LnNlY3JldEFybixcbiAgICAgICAgcHJvdmlkZXJTZXJ2aWNlVG9rZW46IHByb3BzLnByb3ZpZGVyLnNlcnZpY2VUb2tlbixcbiAgICAgICAgcHJvdmlkZXI6IHByb3BzLnByb3ZpZGVyLFxuICAgICAgICBwYXJhbURhdGEsXG4gICAgICB9KVxuICAgIH1cblxuICAgIGNvbnN0IHJvbGUgPSBuZXcgQ3VzdG9tUmVzb3VyY2VSb2xlKHRoaXMsIFwiUG9zdGdyZXNSb2xlXCIsIHtcbiAgICAgIHByb3ZpZGVyOiBwcm9wcy5wcm92aWRlcixcbiAgICAgIHJvbGVOYW1lOiBwcm9wcy5yb2xlTmFtZSxcbiAgICAgIHBhc3N3b3JkQXJuOiBwcm9wcy5lbmFibGVJYW1BdXRoID8gXCJcIiA6IHRoaXMuc2VjcmV0LnNlY3JldEFybixcbiAgICAgIGRhdGFiYXNlOiBwcm9wcy5kYXRhYmFzZSxcbiAgICAgIGRhdGFiYXNlTmFtZTogcHJvcHMuZGF0YWJhc2VOYW1lLFxuICAgICAgZW5hYmxlSWFtQXV0aDogcHJvcHMuZW5hYmxlSWFtQXV0aCxcbiAgICB9KVxuICAgIHJvbGUubm9kZS5hZGREZXBlbmRlbmN5KHRoaXMuc2VjcmV0KVxuICAgIHRoaXMucm9sZU5hbWUgPSBwcm9wcy5yb2xlTmFtZVxuICAgIHRoaXMuc2VjcmV0LmdyYW50UmVhZChwcm9wcy5wcm92aWRlci5oYW5kbGVyKVxuICAgIGlmICh0aGlzLnNlY3JldC5lbmNyeXB0aW9uS2V5KSB7XG4gICAgICAvLyBJdCBzZWVtcyB3ZSBuZWVkIHRvIGdyYW50IGV4cGxpY2l0IHBlcm1pc3Npb25cbiAgICAgIHRoaXMuc2VjcmV0LmVuY3J5cHRpb25LZXkuZ3JhbnREZWNyeXB0KHByb3BzLnByb3ZpZGVyLmhhbmRsZXIpXG4gICAgfVxuICB9XG59XG4iXX0=