cdk-rds-sql/lib/provider.js

A CDK construct that allows creating roles or users and databases on Aurora Serverless PostgreSQL or MySQL/MariaDB clusters, as well as AWS DSQL clusters.

"use strict";
var _a;
Object.defineProperty(exports, "__esModule", { value: true });
exports.Provider = exports.DatabaseEngine = void 0;
const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
const fs_1 = require("fs");
const path = require("path");
const aws_cdk_lib_1 = require("aws-cdk-lib");
const dsql = require("aws-cdk-lib/aws-dsql");
const aws_ec2_1 = require("aws-cdk-lib/aws-ec2");
const iam = require("aws-cdk-lib/aws-iam");
const aws_lambda_1 = require("aws-cdk-lib/aws-lambda");
const lambda = require("aws-cdk-lib/aws-lambda-nodejs");
const customResources = require("aws-cdk-lib/custom-resources");
const constructs_1 = require("constructs");
/**
 * Helper function to determine if a cluster is a DSQL cluster
 */
function isDsqlCluster(cluster) {
    return cluster instanceof dsql.CfnCluster;
}
/**
 * Supported database engines
 */
var DatabaseEngine;
(function (DatabaseEngine) {
    DatabaseEngine["POSTGRES"] = "postgres";
    DatabaseEngine["MYSQL"] = "mysql";
    DatabaseEngine["DSQL"] = "dsql";
})(DatabaseEngine || (exports.DatabaseEngine = DatabaseEngine = {}));
class Provider extends constructs_1.Construct {
    /**
     * Import an existing provider Lambda function
     */
    static fromProviderAttributes(scope, id, attrs) {
        return new ImportedProvider(scope, id, attrs);
    }
    constructor(scope, id, props) {
        super(scope, id);
        // Validate configuration
        const isDsql = isDsqlCluster(props.cluster);
        if (!isDsql && !props.secret) {
            throw new Error("Either secret (for traditional RDS) or cluster with DSQL must be provided");
        }
        if (!isDsql && !props.vpc) {
            throw new Error("VPC is required for traditional RDS databases");
        }
        if (isDsql && props.secret) {
            throw new Error("secret should not be provided when using DSQL cluster (uses IAM authentication)");
        }
        this.secret = props.secret;
        this.cluster = props.cluster;
        // Determine engine from cluster/instance instead of hardcoding
        if (isDsql) {
            // DSQL is always PostgreSQL-compatible
            this.engine = DatabaseEngine.DSQL;
        }
        else if ("clusterIdentifier" in props.cluster) {
            // It's a DatabaseCluster
            const clusterEngine = props.cluster.engine;
            this.engine =
                clusterEngine && clusterEngine.engineFamily === "MYSQL"
                    ? DatabaseEngine.MYSQL
                    : DatabaseEngine.POSTGRES;
        }
        else if ("instanceIdentifier" in props.cluster) {
            // It's a DatabaseInstance
            const instanceEngine = props.cluster.engine;
            this.engine =
                instanceEngine && instanceEngine.engineFamily === "MYSQL"
                    ? DatabaseEngine.MYSQL
                    : DatabaseEngine.POSTGRES;
        }
        else {
            // Fallback to postgres if engine hasn't been provided
            this.engine = DatabaseEngine.POSTGRES;
        }
        const functionName = "RdsSql" + slugify("28b9e791-af60-4a33-bca8-ffb6f30ef8c5");
        this.handler =
            aws_cdk_lib_1.Stack.of(this).node.tryFindChild(functionName) ??
                this.newCustomResourceHandler(scope, functionName, props);
        const provider = new customResources.Provider(this, "RdsSql", {
            onEventHandler: this.handler,
        });
        this.serviceToken = provider.serviceToken;
        // Handle database connection setup
        if (isDsql) {
            // For DSQL, grant IAM permissions instead of VPC security groups
            const dsqlCluster = props.cluster;
            this.handler.addToRolePolicy(new iam.PolicyStatement({
                effect: iam.Effect.ALLOW,
                actions: ["dsql:DbConnectAdmin"],
                resources: [dsqlCluster.attrResourceArn],
            }));
        }
        else {
            // Traditional RDS setup with security groups and secrets
            this.secret.grantRead(this.handler);
            if (this.secret.encryptionKey) {
                // It seems we need to grant explicit permission
                this.secret.encryptionKey.grantDecrypt(this.handler);
            }
            if (props.cluster.connections.securityGroups.length === 0) {
                throw new Error("Cluster does not have a security group.");
            }
            else {
                const securityGroup = props.cluster.connections.securityGroups[0];
                this.handler.node.defaultChild?.node.addDependency(securityGroup);
            }
        }
        this.node.addDependency(props.cluster);
    }
    newCustomResourceHandler(scope, id, props) {
        const isDsql = isDsqlCluster(props.cluster);
        const handlerDir = path.join(__dirname, "handler");
        const index_ts = path.join(handlerDir, "index.ts");
        const index_js = path.join(handlerDir, "index.js");
        let entry;
        if ((0, fs_1.existsSync)(index_ts)) {
            entry = index_ts;
        }
        else if ((0, fs_1.existsSync)(index_js)) {
            entry = index_js;
        }
        else {
            // Ugly hack to support SST (possibly caused by my hack to make SST work with CommonJS libraries)
            entry = path.join(path.dirname(process.env.npm_package_json || process.cwd()), "node_modules/cdk-rds-sql/lib/handler/index.js");
        }
        let ssl_options;
        if (props.ssl !== undefined && !props.ssl) {
            ssl_options = {
                SSL: JSON.stringify(props.ssl),
            };
        }
        const logger = props.logger ?? false;
        // Build environment variables
        const environment = {
            LOGGER: logger.toString(),
            ...ssl_options,
        };
        // Add DSQL-specific environment variables
        if (isDsql) {
            const dsqlCluster = props.cluster;
            const clusterId = dsqlCluster.attrIdentifier;
            const region = aws_cdk_lib_1.Stack.of(scope).region;
            environment.DSQL_ENDPOINT = `${clusterId}.dsql.${region}.on.aws`;
            environment.DSQL_PORT = "5432";
        }
        else if (props.secret) {
            // Add secret ARN to environment for traditional RDS
            environment.SECRET_ARN = props.secret.secretArn;
        }
        const deleteParameterPolicy = new iam.PolicyStatement({
            actions: ["ssm:DeleteParameter"],
            resources: [
                `arn:aws:ssm:${aws_cdk_lib_1.Stack.of(scope).region}:${aws_cdk_lib_1.Stack.of(scope).account}:parameter/*`,
            ],
            conditions: {
                StringEquals: {
                    "ssm:ResourceTag/created-by": "cdk-rds-sql",
                },
            },
        });
        const fn = new lambda.NodejsFunction(scope, id, {
            ...props.functionProps,
            // Only configure VPC for traditional RDS
            ...(isDsql
                ? {}
                : {
                    vpc: props.vpc,
                    vpcSubnets: props.vpcSubnets ?? {
                        subnetType: aws_ec2_1.SubnetType.PRIVATE_ISOLATED,
                    },
                }),
            entry: entry,
            runtime: aws_lambda_1.Runtime.NODEJS_22_X,
            timeout: props.timeout ?? props.functionProps?.timeout ?? aws_cdk_lib_1.Duration.seconds(300),
            bundling: {
                // Include the migrations directory in the bundle
                commandHooks: {
                    beforeBundling(_, outputDir) {
                        return [
                            `curl --silent -fL https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem -o ${path.join(outputDir, "global-bundle.pem")}`,
                        ];
                    },
                    afterBundling() {
                        return [];
                    },
                    beforeInstall() {
                        return [];
                    },
                },
            },
            environment,
            initialPolicy: [
                deleteParameterPolicy,
                ...(props.functionProps?.initialPolicy ?? []),
            ],
        });
        // Only configure security groups for traditional RDS (not DSQL)
        if (!isDsql &&
            (!props.functionProps?.securityGroups ||
                props.functionProps?.securityGroups.length === 0)) {
            const rdsCluster = props.cluster;
            rdsCluster.connections.allowDefaultPortFrom(fn, "Allow the rds sql handler to connect to db");
        }
        return fn;
    }
}
exports.Provider = Provider;
_a = JSII_RTTI_SYMBOL_1;
Provider[_a] = { fqn: "cdk-rds-sql.Provider", version: "7.3.2" };
class ImportedProvider extends constructs_1.Construct {
    constructor(scope, id, attrs) {
        super(scope, id);
        // Validate that either functionArn or functionName is provided
        if (!attrs.functionArn && !attrs.functionName) {
            throw new Error("Either functionArn or functionName must be provided");
        }
        if (attrs.functionArn && attrs.functionName) {
            throw new Error("Provide either functionArn or functionName, not both");
        }
        // Import the existing Lambda function
        this.handler = attrs.functionArn
            ? aws_lambda_1.Function.fromFunctionArn(this, "Handler", attrs.functionArn)
            : aws_lambda_1.Function.fromFunctionName(this, "Handler", attrs.functionName);
        // Derive serviceToken by wrapping in custom resource provider
        const provider = new customResources.Provider(this, "Provider", {
            onEventHandler: this.handler,
        });
        this.serviceToken = provider.serviceToken;
        this.engine = attrs.engine;
        this.secret = undefined; // Imported providers get secret from environment
        this.cluster = attrs.cluster; // Optional cluster for role creation
    }
}
function slugify(x) {
    return x.replace(/[^a-zA-Z0-9]/g, "");
}
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicHJvdmlkZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvcHJvdmlkZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFBQSwyQkFBK0I7QUFDL0IsNkJBQTRCO0FBQzVCLDZDQUE2QztBQUM3Qyw2Q0FBNEM7QUFDNUMsaURBQXVFO0FBQ3ZFLDJDQUEwQztBQUMxQyx1REFBcUU7QUFDckUsd0RBQXVEO0FBSXZELGdFQUErRDtBQUMvRCwyQ0FBc0M7QUFFdEM7O0dBRUc7QUFDSCxTQUFTLGFBQWEsQ0FDcEIsT0FBK0Q7SUFFL0QsT0FBTyxPQUFPLFlBQVksSUFBSSxDQUFDLFVBQVUsQ0FBQTtBQUMzQyxDQUFDO0FBd0VEOztHQUVHO0FBQ0gsSUFBWSxjQUlYO0FBSkQsV0FBWSxjQUFjO0lBQ3hCLHVDQUFxQixDQUFBO0lBQ3JCLGlDQUFlLENBQUE7SUFDZiwrQkFBYSxDQUFBO0FBQ2YsQ0FBQyxFQUpXLGNBQWMsOEJBQWQsY0FBYyxRQUl6QjtBQWlDRCxNQUFhLFFBQVMsU0FBUSxzQkFBUztJQUNyQzs7T0FFRztJQUNILE1BQU0sQ0FBQyxzQkFBc0IsQ0FDM0IsS0FBZ0IsRUFDaEIsRUFBVSxFQUNWLEtBQXlCO1FBRXpCLE9BQU8sSUFBSSxnQkFBZ0IsQ0FBQyxLQUFLLEVBQUUsRUFBRSxFQUFFLEtBQUssQ0FBQyxDQUFBO0lBQy9DLENBQUM7SUFjRCxZQUFZLEtBQWdCLEVBQUUsRUFBVSxFQUFFLEtBQWtCO1FBQzFELEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFDLENBQUE7UUFFaEIseUJBQXlCO1FBQ3pCLE1BQU0sTUFBTSxHQUFHLGFBQWEsQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLENBQUE7UUFDM0MsSUFBSSxDQUFDLE1BQU0sSUFBSSxDQUFDLEtBQUssQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUM3QixNQUFNLElBQUksS0FBSyxDQUNiLDJFQUEyRSxDQUM1RSxDQUFBO1FBQ0gsQ0FBQztRQUNELElBQUksQ0FBQyxNQUFNLElBQUksQ0FBQyxLQUFLLENBQUMsR0FBRyxFQUFFLENBQUM7WUFDMUIsTUFBTSxJQUFJLEtBQUssQ0FBQywrQ0FBK0MsQ0FBQyxDQUFBO1FBQ2xFLENBQUM7UUFDRCxJQUFJLE1BQU0sSUFBSSxLQUFLLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDM0IsTUFBTSxJQUFJLEtBQUssQ0FDYixpRkFBaUYsQ0FDbEYsQ0FBQTtRQUNILENBQUM7UUFFRCxJQUFJLENBQUMsTUFBTSxHQUFHLEtBQUssQ0FBQyxNQUFNLENBQUE7UUFDMUIsSUFBSSxDQUFDLE9BQU8sR0FBRyxLQUFLLENBQUMsT0FBTyxDQUFBO1FBRTVCLCtEQUErRDtRQUMvRCxJQUFJLE1BQU0sRUFBRSxDQUFDO1lBQ1gsdUNBQXVDO1lBQ3ZDLElBQUksQ0FBQyxNQUFNLEdBQUcsY0FBYyxDQUFDLElBQUksQ0FBQTtRQUNuQyxDQUFDO2FBQU0sSUFBSSxtQkFBbUIsSUFBSSxLQUFLLENBQUMsT0FBTyxFQUFFLENBQUM7WUFDaEQseUJBQXlCO1lBQ3pCLE1BQU0sYUFBYSxHQUFJLEtBQUssQ0FBQyxPQUE0QixDQUFDLE1BQU0sQ0FBQTtZQUNoRSxJQUFJLENBQUMsTUFBTTtnQkFDVCxhQUFhLElBQUksYUFBYSxDQUFDLFlBQVksS0FBSyxPQUFPO29CQUNyRCxDQUFDLENBQUMsY0FBYyxDQUFDLEtBQUs7b0JBQ3RCLENBQUMsQ0FBQyxjQUFjLENBQUMsUUFBUSxDQUFBO1FBQy9CLENBQUM7YUFBTSxJQUFJLG9CQUFvQixJQUFJLEtBQUssQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUNqRCwwQkFBMEI7WUFDMUIsTUFBTSxjQUFjLEdBQUksS0FBSyxDQUFDLE9BQTZCLENBQUMsTUFBTSxDQUFBO1lBQ2xFLElBQUksQ0FBQyxNQUFNO2dCQUNULGNBQWMsSUFBSSxjQUFjLENBQUMsWUFBWSxLQUFLLE9BQU87b0JBQ3ZELENBQUMsQ0FBQyxjQUFjLENBQUMsS0FBSztvQkFDdEIsQ0FBQyxDQUFDLGNBQWMsQ0FBQyxRQUFRLENBQUE7UUFDL0IsQ0FBQzthQUFNLENBQUM7WUFDTixzREFBc0Q7WUFDdEQsSUFBSSxDQUFDLE1BQU0sR0FBRyxjQUFjLENBQUMsUUFBUSxDQUFBO1FBQ3ZDLENBQUM7UUFFRCxNQUFNLFlBQVksR0FBRyxRQUFRLEdBQUcsT0FBTyxDQUFDLHNDQUFzQyxDQUFDLENBQUE7UUFDL0UsSUFBSSxDQUFDLE9BQU87WUFDVCxtQkFBSyxDQUFDLEVBQUUsQ0FBQyxJQUFJLENBQUMsQ0FBQyxJQUFJLENBQUMsWUFBWSxDQUFDLFlBQVksQ0FBZTtnQkFDN0QsSUFBSSxDQUFDLHdCQUF3QixDQUFDLEtBQUssRUFBRSxZQUFZLEVBQUUsS0FBSyxDQUFDLENBQUE7UUFFM0QsTUFBTSxRQUFRLEdBQUcsSUFBSSxlQUFlLENBQUMsUUFBUSxDQUFDLElBQUksRUFBRSxRQUFRLEVBQUU7WUFDNUQsY0FBYyxFQUFFLElBQUksQ0FBQyxPQUFPO1NBQzdCLENBQUMsQ0FBQTtRQUNGLElBQUksQ0FBQyxZQUFZLEdBQUcsUUFBUSxDQUFDLFlBQVksQ0FBQTtRQUV6QyxtQ0FBbUM7UUFDbkMsSUFBSSxNQUFNLEVBQUUsQ0FBQztZQUNYLGlFQUFpRTtZQUNqRSxNQUFNLFdBQVcsR0FBRyxLQUFLLENBQUMsT0FBMEIsQ0FBQTtZQUNwRCxJQUFJLENBQUMsT0FBTyxDQUFDLGVBQWUsQ0FDMUIsSUFBSSxHQUFHLENBQUMsZUFBZSxDQUFDO2dCQUN0QixNQUFNLEVBQUUsR0FBRyxDQUFDLE1BQU0sQ0FBQyxLQUFLO2dCQUN4QixPQUFPLEVBQUUsQ0FBQyxxQkFBcUIsQ0FBQztnQkFDaEMsU0FBUyxFQUFFLENBQUMsV0FBVyxDQUFDLGVBQWUsQ0FBQzthQUN6QyxDQUFDLENBQ0gsQ0FBQTtRQUNILENBQUM7YUFBTSxDQUFDO1lBQ04seURBQXlEO1lBQ3pELElBQUksQ0FBQyxNQUFPLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQTtZQUNwQyxJQUFJLElBQUksQ0FBQyxNQUFPLENBQUMsYUFBYSxFQUFFLENBQUM7Z0JBQy9CLGdEQUFnRDtnQkFDaEQsSUFBSSxDQUFDLE1BQU8sQ0FBQyxhQUFhLENBQUMsWUFBWSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQTtZQUN2RCxDQUFDO1lBQ0QsSUFBSSxLQUFLLENBQUMsT0FBTyxDQUFDLFdBQVcsQ0FBQyxjQUFjLENBQUMsTUFBTSxLQUFLLENBQUMsRUFBRSxDQUFDO2dCQUMxRCxNQUFNLElBQUksS0FBSyxDQUFDLHlDQUF5QyxDQUFDLENBQUE7WUFDNUQsQ0FBQztpQkFBTSxDQUFDO2dCQUNOLE1BQU0sYUFBYSxHQUFHLEtBQUssQ0FBQyxPQUFPLENBQUMsV0FBVyxDQUFDLGNBQWMsQ0FBQyxDQUFDLENBQUUsQ0FBQTtnQkFDbEUsSUFBSSxDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUMsWUFBWSxFQUFFLElBQUksQ0FBQyxhQUFhLENBQUMsYUFBYSxDQUFDLENBQUE7WUFDbkUsQ0FBQztRQUNILENBQUM7UUFDRCxJQUFJLENBQUMsSUFBSSxDQUFDLGFBQWEsQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLENBQUE7SUFDeEMsQ0FBQztJQUVTLHdCQUF3QixDQUNoQyxLQUFnQixFQUNoQixFQUFVLEVBQ1YsS0FBa0I7UUFFbEIsTUFBTSxNQUFNLEdBQUcsYUFBYSxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsQ0FBQTtRQUMzQyxNQUFNLFVBQVUsR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDLFNBQVMsRUFBRSxTQUFTLENBQUMsQ0FBQTtRQUNsRCxNQUFNLFFBQVEsR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDLFVBQVUsRUFBRSxVQUFVLENBQUMsQ0FBQTtRQUNsRCxNQUFNLFFBQVEsR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDLFVBQVUsRUFBRSxVQUFVLENBQUMsQ0FBQTtRQUNsRCxJQUFJLEtBQWEsQ0FBQTtRQUVqQixJQUFJLElBQUEsZUFBVSxFQUFDLFFBQVEsQ0FBQyxFQUFFLENBQUM7WUFDekIsS0FBSyxHQUFHLFFBQVEsQ0FBQTtRQUNsQixDQUFDO2FBQU0sSUFBSSxJQUFBLGVBQVUsRUFBQyxRQUFRLENBQUMsRUFBRSxDQUFDO1lBQ2hDLEtBQUssR0FBRyxRQUFRLENBQUE7UUFDbEIsQ0FBQzthQUFNLENBQUM7WUFDTixpR0FBaUc7WUFDakcsS0FBSyxHQUFHLElBQUksQ0FBQyxJQUFJLENBQ2YsSUFBSSxDQUFDLE9BQU8sQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLGdCQUFnQixJQUFJLE9BQU8sQ0FBQyxHQUFHLEVBQUUsQ0FBQyxFQUMzRCwrQ0FBK0MsQ0FDaEQsQ0FBQTtRQUNILENBQUM7UUFDRCxJQUFJLFdBQStDLENBQUE7UUFDbkQsSUFBSSxLQUFLLENBQUMsR0FBRyxLQUFLLFNBQVMsSUFBSSxDQUFDLEtBQUssQ0FBQyxHQUFHLEVBQUUsQ0FBQztZQUMxQyxXQUFXLEdBQUc7Z0JBQ1osR0FBRyxFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQzthQUMvQixDQUFBO1FBQ0gsQ0FBQztRQUNELE1BQU0sTUFBTSxHQUFHLEtBQUssQ0FBQyxNQUFNLElBQUksS0FBSyxDQUFBO1FBRXBDLDhCQUE4QjtRQUM5QixNQUFNLFdBQVcsR0FBMkI7WUFDMUMsTUFBTSxFQUFFLE1BQU0sQ0FBQyxRQUFRLEVBQUU7WUFDekIsR0FBRyxXQUFXO1NBQ2YsQ0FBQTtRQUVELDBDQUEwQztRQUMxQyxJQUFJLE1BQU0sRUFBRSxDQUFDO1lBQ1gsTUFBTSxXQUFXLEdBQUcsS0FBSyxDQUFDLE9BQTBCLENBQUE7WUFDcEQsTUFBTSxTQUFTLEdBQUcsV0FBVyxDQUFDLGNBQWMsQ0FBQTtZQUM1QyxNQUFNLE1BQU0sR0FBRyxtQkFBSyxDQUFDLEVBQUUsQ0FBQyxLQUFLLENBQUMsQ0FBQyxNQUFNLENBQUE7WUFDckMsV0FBVyxDQUFDLGFBQWEsR0FBRyxHQUFHLFNBQVMsU0FBUyxNQUFNLFNBQVMsQ0FBQTtZQUNoRSxXQUFXLENBQUMsU0FBUyxHQUFHLE1BQU0sQ0FBQTtRQUNoQyxDQUFDO2FBQU0sSUFBSSxLQUFLLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDeEIsb0RBQW9EO1lBQ3BELFdBQVcsQ0FBQyxVQUFVLEdBQUcsS0FBSyxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUE7UUFDakQsQ0FBQztRQUVELE1BQU0scUJBQXFCLEdBQUcsSUFBSSxHQUFHLENBQUMsZUFBZSxDQUFDO1lBQ3BELE9BQU8sRUFBRSxDQUFDLHFCQUFxQixDQUFDO1lBQ2hDLFNBQVMsRUFBRTtnQkFDVCxlQUFlLG1CQUFLLENBQUMsRUFBRSxDQUFDLEtBQUssQ0FBQyxDQUFDLE1BQU0sSUFBSSxtQkFBSyxDQUFDLEVBQUUsQ0FBQyxLQUFLLENBQUMsQ0FBQyxPQUFPLGNBQWM7YUFDL0U7WUFDRCxVQUFVLEVBQUU7Z0JBQ1YsWUFBWSxFQUFFO29CQUNaLDRCQUE0QixFQUFFLGFBQWE7aUJBQzVDO2FBQ0Y7U0FDRixDQUFDLENBQUE7UUFFRixNQUFNLEVBQUUsR0FBRyxJQUFJLE1BQU0sQ0FBQyxjQUFjLENBQUMsS0FBSyxFQUFFLEVBQUUsRUFBRTtZQUM5QyxHQUFHLEtBQUssQ0FBQyxhQUFhO1lBQ3RCLHlDQUF5QztZQUN6QyxHQUFHLENBQUMsTUFBTTtnQkFDUixDQUFDLENBQUMsRUFBRTtnQkFDSixDQUFDLENBQUM7b0JBQ0UsR0FBRyxFQUFFLEtBQUssQ0FBQyxHQUFHO29CQUNkLFVBQVUsRUFBRSxLQUFLLENBQUMsVUFBVSxJQUFJO3dCQUM5QixVQUFVLEVBQUUsb0JBQVUsQ0FBQyxnQkFBZ0I7cUJBQ3hDO2lCQUNGLENBQUM7WUFDTixLQUFLLEVBQUUsS0FBSztZQUNaLE9BQU8sRUFBRSxvQkFBTyxDQUFDLFdBQVc7WUFDNUIsT0FBTyxFQUFFLEtBQUssQ0FBQyxPQUFPLElBQUksS0FBSyxDQUFDLGFBQWEsRUFBRSxPQUFPLElBQUksc0JBQVEsQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDO1lBQy9FLFFBQVEsRUFBRTtnQkFDUixpREFBaUQ7Z0JBQ2pELFlBQVksRUFBRTtvQkFDWixjQUFjLENBQUMsQ0FBUyxFQUFFLFNBQWlCO3dCQUN6QyxPQUFPOzRCQUNMLDBGQUEwRixJQUFJLENBQUMsSUFBSSxDQUNqRyxTQUFTLEVBQ1QsbUJBQW1CLENBQ3BCLEVBQUU7eUJBQ0osQ0FBQTtvQkFDSCxDQUFDO29CQUNELGFBQWE7d0JBQ1gsT0FBTyxFQUFFLENBQUE7b0JBQ1gsQ0FBQztvQkFDRCxhQUFhO3dCQUNYLE9BQU8sRUFBRSxDQUFBO29CQUNYLENBQUM7aUJBQ0Y7YUFDRjtZQUNELFdBQVc7WUFDWCxhQUFhLEVBQUU7Z0JBQ2IscUJBQXFCO2dCQUNyQixHQUFHLENBQUMsS0FBSyxDQUFDLGFBQWEsRUFBRSxhQUFhLElBQUksRUFBRSxDQUFDO2FBQzlDO1NBQ0YsQ0FBQyxDQUFBO1FBRUYsZ0VBQWdFO1FBQ2hFLElBQ0UsQ0FBQyxNQUFNO1lBQ1AsQ0FBQyxDQUFDLEtBQUssQ0FBQyxhQUFhLEVBQUUsY0FBYztnQkFDbkMsS0FBSyxDQUFDLGFBQWEsRUFBRSxjQUFjLENBQUMsTUFBTSxLQUFLLENBQUMsQ0FBQyxFQUNuRCxDQUFDO1lBQ0QsTUFBTSxVQUFVLEdBQUcsS0FBSyxDQUFDLE9BQStDLENBQUE7WUFDeEUsVUFBVSxDQUFDLFdBQVcsQ0FBQyxvQkFBb0IsQ0FDekMsRUFBRSxFQUNGLDRDQUE0QyxDQUM3QyxDQUFBO1FBQ0gsQ0FBQztRQUVELE9BQU8sRUFBRSxDQUFBO0lBQ1gsQ0FBQzs7QUE3TkgsNEJBOE5DOzs7QUFFRCxNQUFNLGdCQUFpQixTQUFRLHNCQUFTO0lBT3RDLFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBeUI7UUFDakUsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQTtRQUVoQiwrREFBK0Q7UUFDL0QsSUFBSSxDQUFDLEtBQUssQ0FBQyxXQUFXLElBQUksQ0FBQyxLQUFLLENBQUMsWUFBWSxFQUFFLENBQUM7WUFDOUMsTUFBTSxJQUFJLEtBQUssQ0FBQyxxREFBcUQsQ0FBQyxDQUFBO1FBQ3hFLENBQUM7UUFDRCxJQUFJLEtBQUssQ0FBQyxXQUFXLElBQUksS0FBSyxDQUFDLFlBQVksRUFBRSxDQUFDO1lBQzVDLE1BQU0sSUFBSSxLQUFLLENBQUMsc0RBQXNELENBQUMsQ0FBQTtRQUN6RSxDQUFDO1FBRUQsc0NBQXNDO1FBQ3RDLElBQUksQ0FBQyxPQUFPLEdBQUcsS0FBSyxDQUFDLFdBQVc7WUFDOUIsQ0FBQyxDQUFDLHFCQUFRLENBQUMsZUFBZSxDQUFDLElBQUksRUFBRSxTQUFTLEVBQUUsS0FBSyxDQUFDLFdBQVcsQ0FBQztZQUM5RCxDQUFDLENBQUMscUJBQVEsQ0FBQyxnQkFBZ0IsQ0FBQyxJQUFJLEVBQUUsU0FBUyxFQUFFLEtBQUssQ0FBQyxZQUFhLENBQUMsQ0FBQTtRQUVuRSw4REFBOEQ7UUFDOUQsTUFBTSxRQUFRLEdBQUcsSUFBSSxlQUFlLENBQUMsUUFBUSxDQUFDLElBQUksRUFBRSxVQUFVLEVBQUU7WUFDOUQsY0FBYyxFQUFFLElBQUksQ0FBQyxPQUFPO1NBQzdCLENBQUMsQ0FBQTtRQUNGLElBQUksQ0FBQyxZQUFZLEdBQUcsUUFBUSxDQUFDLFlBQVksQ0FBQTtRQUV6QyxJQUFJLENBQUMsTUFBTSxHQUFHLEtBQUssQ0FBQyxNQUFNLENBQUE7UUFDMUIsSUFBSSxDQUFDLE1BQU0sR0FBRyxTQUFTLENBQUEsQ0FBQyxpREFBaUQ7UUFDekUsSUFBSSxDQUFDLE9BQU8sR0FBRyxLQUFLLENBQUMsT0FBTyxDQUFBLENBQUMscUNBQXFDO0lBQ3BFLENBQUM7Q0FDRjtBQUVELFNBQVMsT0FBTyxDQUFDLENBQVM7SUFDeEIsT0FBTyxDQUFDLENBQUMsT0FBTyxDQUFDLGVBQWUsRUFBRSxFQUFFLENBQUMsQ0FBQTtBQUN2QyxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgZXhpc3RzU3luYyB9IGZyb20gXCJmc1wiXG5pbXBvcnQgKiBhcyBwYXRoIGZyb20gXCJwYXRoXCJcbmltcG9ydCB7IER1cmF0aW9uLCBTdGFjayB9IGZyb20gXCJhd3MtY2RrLWxpYlwiXG5pbXBvcnQgKiBhcyBkc3FsIGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtZHNxbFwiXG5pbXBvcnQgeyBJVnBjLCBTdWJuZXRUeXBlLCBTdWJuZXRTZWxlY3Rpb24gfSBmcm9tIFwiYXdzLWNkay1saWIvYXdzLWVjMlwiXG5pbXBvcnQgKiBhcyBpYW0gZnJvbSBcImF3cy1jZGstbGliL2F3cy1pYW1cIlxuaW1wb3J0IHsgRnVuY3Rpb24sIElGdW5jdGlvbiwgUnVudGltZSB9IGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtbGFtYmRhXCJcbmltcG9ydCAqIGFzIGxhbWJkYSBmcm9tIFwiYXdzLWNkay1saWIvYXdzLWxhbWJkYS1ub2RlanNcIlxuaW1wb3J0IHsgTm9kZWpzRnVuY3Rpb25Qcm9wcyB9IGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtbGFtYmRhLW5vZGVqc1wiXG5pbXBvcnQgeyBJRGF0YWJhc2VDbHVzdGVyLCBJRGF0YWJhc2VJbnN0YW5jZSB9IGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtcmRzXCJcbmltcG9ydCB7IElTZWNyZXQgfSBmcm9tIFwiYXdzLWNkay1saWIvYXdzLXNlY3JldHNtYW5hZ2VyXCJcbmltcG9ydCAqIGFzIGN1c3RvbVJlc291cmNlcyBmcm9tIFwiYXdzLWNkay1saWIvY3VzdG9tLXJlc291cmNlc1wiXG5pbXBvcnQgeyBDb25zdHJ1Y3QgfSBmcm9tIFwiY29uc3RydWN0c1wiXG5cbi8qKlxuICogSGVscGVyIGZ1bmN0aW9uIHRvIGRldGVybWluZSBpZiBhIGNsdXN0ZXIgaXMgYSBEU1FMIGNsdXN0ZXJcbiAqL1xuZnVuY3Rpb24gaXNEc3FsQ2x1c3RlcihcbiAgY2x1c3RlcjogSURhdGFiYXNlQ2x1c3RlciB8IElEYXRhYmFzZUluc3RhbmNlIHwgZHNxbC5DZm5DbHVzdGVyXG4pOiBjbHVzdGVyIGlzIGRzcWwuQ2ZuQ2x1c3RlciB7XG4gIHJldHVybiBjbHVzdGVyIGluc3RhbmNlb2YgZHNxbC5DZm5DbHVzdGVyXG59XG5cbmV4cG9ydCBpbnRlcmZhY2UgUmRzU3FsUHJvcHMge1xuICAvKipcbiAgICogVlBDIG5ldHdvcmsgdG8gcGxhY2UgdGhlIHByb3ZpZGVyIGxhbWJkYS5cbiAgICpcbiAgICogTm9ybWFsbHkgdGhpcyBpcyB0aGUgVlBDIG9mIHlvdXIgZGF0YWJhc2UuXG4gICAqIFJlcXVpcmVkIHdoZW4geW91ciBkYXRhYmFzZSBpcyBvbmx5IGFjY2Vzc2libGUgaW4gYSBWUEMuXG4gICAqIE5vdCByZXF1aXJlZCBmb3IgRFNRTCBhcyBpdCB1c2VzIHB1YmxpYyBlbmRwb2ludHMgd2l0aCBJQU0gYXV0aGVudGljYXRpb24uXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gRnVuY3Rpb24gaXMgbm90IHBsYWNlZCB3aXRoaW4gYSBWUEMuXG4gICAqL1xuICByZWFkb25seSB2cGM/OiBJVnBjXG5cbiAgLyoqXG4gICAqIFdoZXJlIHRvIHBsYWNlIHRoZSBuZXR3b3JrIHByb3ZpZGVyIGxhbWJkYSB3aXRoaW4gdGhlIFZQQy5cbiAgICpcbiAgICogQGRlZmF1bHQgLSB0aGUgaXNvbGF0ZWQgc3VibmV0IGlmIG5vdCBzcGVjaWZpZWRcbiAgICovXG4gIHJlYWRvbmx5IHZwY1N1Ym5ldHM/OiBTdWJuZXRTZWxlY3Rpb25cblxuICAvKipcbiAgICogWW91ciBkYXRhYmFzZSBjbHVzdGVyIG9yIGluc3RhbmNlLlxuICAgKiBTdXBwb3J0cyBib3RoIHRyYWRpdGlvbmFsIFJEUy9BdXJvcmEgY2x1c3RlcnMgYW5kIERTUUwgY2x1c3RlcnMuXG4gICAqIC0gRm9yIFJEUy9BdXJvcmE6IHNlY3VyaXR5IGdyb3VwcyB3aWxsIGJlIGNvbmZpZ3VyZWQgdG8gYWxsb3cgYWNjZXNzXG4gICAqIC0gRm9yIERTUUw6IElBTSBhdXRoZW50aWNhdGlvbiB3aWxsIGJlIHVzZWQgaW5zdGVhZCBvZiBzZWNyZXRzXG4gICAqL1xuICByZWFkb25seSBjbHVzdGVyOiBJRGF0YWJhc2VDbHVzdGVyIHwgSURhdGFiYXNlSW5zdGFuY2UgfCBkc3FsLkNmbkNsdXN0ZXJcblxuICAvKipcbiAgICogU2VjcmV0IHRoYXQgZ3JhbnRzIGFjY2VzcyB0byB5b3VyIGRhdGFiYXNlLlxuICAgKlxuICAgKiBVc3VhbGx5IHRoaXMgaXMgeW91ciBjbHVzdGVyJ3MgbWFzdGVyIHNlY3JldC5cbiAgICogTm90IHJlcXVpcmVkIHdoZW4gcmVseWluZyBvbiBJQU0gYXV0aGVudGljYXRpb24gKHN1Y2ggYXMgRFNRTCkuXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gdW5kZWZpbmVkIGZvciBEU1FMIGNsdXN0ZXJzIHVzaW5nIElBTSBhdXRoZW50aWNhdGlvblxuICAgKi9cbiAgcmVhZG9ubHkgc2VjcmV0PzogSVNlY3JldFxuXG4gIC8qKlxuICAgKiBUaW1lb3V0IGZvciBsYW1iZGEgdG8gZG8gaXRzIHdvcmsuXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gNSBtaW51dGVzXG4gICAqL1xuICByZWFkb25seSB0aW1lb3V0PzogRHVyYXRpb25cblxuICAvKipcbiAgICogTG9nIFNRTCBzdGF0ZW1lbnRzLiBUaGlzIGluY2x1ZGVzIHBhc3N3b3Jkcy4gVXNlIG9ubHkgZm9yIGRlYnVnZ2luZy5cbiAgICpcbiAgICogQGRlZmF1bHQgLSBmYWxzZVxuICAgKi9cbiAgcmVhZG9ubHkgbG9nZ2VyPzogYm9vbGVhblxuXG4gIC8qKlxuICAgKiBBZGRpdGlvbmFsIGZ1bmN0aW9uIGN1c3RvbWl6YXRpb24uXG4gICAqXG4gICAqIFRoaXMgZW5hYmxlcyBhZGRpdGlvbmFsIGZ1bmN0aW9uIGN1c3RvbWl6YXRpb24gc3VjaCBhcyB0aGUgbG9nIGdyb3VwLiBIb3dldmVyLFxuICAgKiBsYW1iZGEgZnVuY3Rpb24gcHJvcGVydGllcyBjb250cm9sbGVkIGJ5IG90aGVyIHtSZHNTcWxQcm9wc30gcGFyYW1ldGVycyB3aWxsIHRydW1wXG4gICAqIG9waW9ucyBzZXQgdmlhIHRoaXMgcGFyYW1ldGVyLlxuICAgKlxuICAgKiBAZGVmYXVsdCAtIGVtcHR5XG4gICAqL1xuICByZWFkb25seSBmdW5jdGlvblByb3BzPzogTm9kZWpzRnVuY3Rpb25Qcm9wc1xuXG4gIC8qKlxuICAgKiBVc2UgU1NMP1xuICAgKlxuICAgKiBAZGVmYXVsdCAtIHRydWVcbiAgICovXG4gIHJlYWRvbmx5IHNzbD86IGJvb2xlYW5cbn1cblxuLyoqXG4gKiBTdXBwb3J0ZWQgZGF0YWJhc2UgZW5naW5lc1xuICovXG5leHBvcnQgZW51bSBEYXRhYmFzZUVuZ2luZSB7XG4gIFBPU1RHUkVTID0gXCJwb3N0Z3Jlc1wiLFxuICBNWVNRTCA9IFwibXlzcWxcIixcbiAgRFNRTCA9IFwiZHNxbFwiLFxufVxuXG5leHBvcnQgaW50ZXJmYWNlIElQcm92aWRlciB7XG4gIHJlYWRvbmx5IHNlcnZpY2VUb2tlbjogc3RyaW5nXG4gIHJlYWRvbmx5IGhhbmRsZXI6IElGdW5jdGlvblxuICByZWFkb25seSBzZWNyZXQ/OiBJU2VjcmV0XG4gIHJlYWRvbmx5IGVuZ2luZTogc3RyaW5nXG4gIHJlYWRvbmx5IGNsdXN0ZXI/OiBJRGF0YWJhc2VDbHVzdGVyIHwgSURhdGFiYXNlSW5zdGFuY2UgfCBkc3FsLkNmbkNsdXN0ZXJcbn1cblxuZXhwb3J0IGludGVyZmFjZSBQcm92aWRlckF0dHJpYnV0ZXMge1xuICAvKipcbiAgICogRWl0aGVyIHRoZSBBUk4gb3IgbmFtZSBvZiB0aGUgTGFtYmRhIGZ1bmN0aW9uLlxuICAgKiBVc2UgZnVuY3Rpb25Bcm4gZm9yIGNyb3NzLWFjY291bnQgb3IgY3Jvc3MtcmVnaW9uIHNjZW5hcmlvcy5cbiAgICogVXNlIGZ1bmN0aW9uTmFtZSBmb3Igc2FtZS1hY2NvdW50LCBzYW1lLXJlZ2lvbiBzY2VuYXJpb3MuXG4gICAqL1xuICByZWFkb25seSBmdW5jdGlvbkFybj86IHN0cmluZ1xuICByZWFkb25seSBmdW5jdGlvbk5hbWU/OiBzdHJpbmdcbiAgcmVhZG9ubHkgZW5naW5lOiBEYXRhYmFzZUVuZ2luZVxuICAvKipcbiAgICogT3B0aW9uYWwgY2x1c3RlciBpbmZvcm1hdGlvbiBmb3Igcm9sZSBjcmVhdGlvbi5cbiAgICpcbiAgICogV2hlbiBpbXBvcnRpbmcgYSBwcm92aWRlciwgY2x1c3RlciBkZXRhaWxzIGFyZSBvZnRlbiBub3QgYXZhaWxhYmxlLlxuICAgKiBIb3dldmVyLCBzb21lIG9wZXJhdGlvbnMgbGlrZSByb2xlIGNyZWF0aW9uIHJlcXVpcmUgY2x1c3RlciBlbmRwb2ludFxuICAgKiBpbmZvcm1hdGlvbiB0byBidWlsZCBjb25uZWN0aW9uIHNlY3JldHMuXG4gICAqXG4gICAqIElmIHlvdSBwbGFuIHRvIGNyZWF0ZSByb2xlcyB3aXRoIHRoZSBpbXBvcnRlZCBwcm92aWRlciwgeW91IG11c3RcbiAgICogcHJvdmlkZSB0aGUgY2x1c3RlciByZWZlcmVuY2UuIElmIHlvdSBvbmx5IHBsYW4gdG8gdXNlIGV4aXN0aW5nXG4gICAqIHJvbGVzLCBkYXRhYmFzZXMsIHNjaGVtYXMsIG9yIFNRTCBvcGVyYXRpb25zLCB0aGlzIGNhbiBiZSBvbWl0dGVkLlxuICAgKi9cbiAgcmVhZG9ubHkgY2x1c3Rlcj86IElEYXRhYmFzZUNsdXN0ZXIgfCBJRGF0YWJhc2VJbnN0YW5jZSB8IGRzcWwuQ2ZuQ2x1c3RlclxufVxuXG5leHBvcnQgY2xhc3MgUHJvdmlkZXIgZXh0ZW5kcyBDb25zdHJ1Y3QgaW1wbGVtZW50cyBJUHJvdmlkZXIge1xuICAvKipcbiAgICogSW1wb3J0IGFuIGV4aXN0aW5nIHByb3ZpZGVyIExhbWJkYSBmdW5jdGlvblxuICAgKi9cbiAgc3RhdGljIGZyb21Qcm92aWRlckF0dHJpYnV0ZXMoXG4gICAgc2NvcGU6IENvbnN0cnVjdCxcbiAgICBpZDogc3RyaW5nLFxuICAgIGF0dHJzOiBQcm92aWRlckF0dHJpYnV0ZXNcbiAgKTogSVByb3ZpZGVyIHtcbiAgICByZXR1cm4gbmV3IEltcG9ydGVkUHJvdmlkZXIoc2NvcGUsIGlkLCBhdHRycylcbiAgfVxuXG4gIHB1YmxpYyByZWFkb25seSBzZXJ2aWNlVG9rZW46IHN0cmluZ1xuICBwdWJsaWMgcmVhZG9ubHkgc2VjcmV0PzogSVNlY3JldFxuICBwdWJsaWMgcmVhZG9ubHkgaGFuZGxlcjogSUZ1bmN0aW9uXG4gIHB1YmxpYyByZWFkb25seSBjbHVzdGVyPzogSURhdGFiYXNlQ2x1c3RlciB8IElEYXRhYmFzZUluc3RhbmNlIHwgZHNxbC5DZm5DbHVzdGVyXG5cbiAgLyoqXG4gICAqIFRoZSBlbmdpbmUgbGlrZSBcInBvc3RncmVzXCIgb3IgXCJteXNxbFwiXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gaWYgd2UgY2Fubm90IGRldGVybWluZSB0aGlzIFwicG9zdGdyZXNcIlxuICAgKi9cbiAgcHVibGljIHJlYWRvbmx5IGVuZ2luZTogc3RyaW5nXG5cbiAgY29uc3RydWN0b3Ioc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZywgcHJvcHM6IFJkc1NxbFByb3BzKSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkKVxuXG4gICAgLy8gVmFsaWRhdGUgY29uZmlndXJhdGlvblxuICAgIGNvbnN0IGlzRHNxbCA9IGlzRHNxbENsdXN0ZXIocHJvcHMuY2x1c3RlcilcbiAgICBpZiAoIWlzRHNxbCAmJiAhcHJvcHMuc2VjcmV0KSB7XG4gICAgICB0aHJvdyBuZXcgRXJyb3IoXG4gICAgICAgIFwiRWl0aGVyIHNlY3JldCAoZm9yIHRyYWRpdGlvbmFsIFJEUykgb3IgY2x1c3RlciB3aXRoIERTUUwgbXVzdCBiZSBwcm92aWRlZFwiXG4gICAgICApXG4gICAgfVxuICAgIGlmICghaXNEc3FsICYmICFwcm9wcy52cGMpIHtcbiAgICAgIHRocm93IG5ldyBFcnJvcihcIlZQQyBpcyByZXF1aXJlZCBmb3IgdHJhZGl0aW9uYWwgUkRTIGRhdGFiYXNlc1wiKVxuICAgIH1cbiAgICBpZiAoaXNEc3FsICYmIHByb3BzLnNlY3JldCkge1xuICAgICAgdGhyb3cgbmV3IEVycm9yKFxuICAgICAgICBcInNlY3JldCBzaG91bGQgbm90IGJlIHByb3ZpZGVkIHdoZW4gdXNpbmcgRFNRTCBjbHVzdGVyICh1c2VzIElBTSBhdXRoZW50aWNhdGlvbilcIlxuICAgICAgKVxuICAgIH1cblxuICAgIHRoaXMuc2VjcmV0ID0gcHJvcHMuc2VjcmV0XG4gICAgdGhpcy5jbHVzdGVyID0gcHJvcHMuY2x1c3RlclxuXG4gICAgLy8gRGV0ZXJtaW5lIGVuZ2luZSBmcm9tIGNsdXN0ZXIvaW5zdGFuY2UgaW5zdGVhZCBvZiBoYXJkY29kaW5nXG4gICAgaWYgKGlzRHNxbCkge1xuICAgICAgLy8gRFNRTCBpcyBhbHdheXMgUG9zdGdyZVNRTC1jb21wYXRpYmxlXG4gICAgICB0aGlzLmVuZ2luZSA9IERhdGFiYXNlRW5naW5lLkRTUUxcbiAgICB9IGVsc2UgaWYgKFwiY2x1c3RlcklkZW50aWZpZXJcIiBpbiBwcm9wcy5jbHVzdGVyKSB7XG4gICAgICAvLyBJdCdzIGEgRGF0YWJhc2VDbHVzdGVyXG4gICAgICBjb25zdCBjbHVzdGVyRW5naW5lID0gKHByb3BzLmNsdXN0ZXIgYXMgSURhdGFiYXNlQ2x1c3RlcikuZW5naW5lXG4gICAgICB0aGlzLmVuZ2luZSA9XG4gICAgICAgIGNsdXN0ZXJFbmdpbmUgJiYgY2x1c3RlckVuZ2luZS5lbmdpbmVGYW1pbHkgPT09IFwiTVlTUUxcIlxuICAgICAgICAgID8gRGF0YWJhc2VFbmdpbmUuTVlTUUxcbiAgICAgICAgICA6IERhdGFiYXNlRW5naW5lLlBPU1RHUkVTXG4gICAgfSBlbHNlIGlmIChcImluc3RhbmNlSWRlbnRpZmllclwiIGluIHByb3BzLmNsdXN0ZXIpIHtcbiAgICAgIC8vIEl0J3MgYSBEYXRhYmFzZUluc3RhbmNlXG4gICAgICBjb25zdCBpbnN0YW5jZUVuZ2luZSA9IChwcm9wcy5jbHVzdGVyIGFzIElEYXRhYmFzZUluc3RhbmNlKS5lbmdpbmVcbiAgICAgIHRoaXMuZW5naW5lID1cbiAgICAgICAgaW5zdGFuY2VFbmdpbmUgJiYgaW5zdGFuY2VFbmdpbmUuZW5naW5lRmFtaWx5ID09PSBcIk1ZU1FMXCJcbiAgICAgICAgICA/IERhdGFiYXNlRW5naW5lLk1ZU1FMXG4gICAgICAgICAgOiBEYXRhYmFzZUVuZ2luZS5QT1NUR1JFU1xuICAgIH0gZWxzZSB7XG4gICAgICAvLyBGYWxsYmFjayB0byBwb3N0Z3JlcyBpZiBlbmdpbmUgaGFzbid0IGJlZW4gcHJvdmlkZWRcbiAgICAgIHRoaXMuZW5naW5lID0gRGF0YWJhc2VFbmdpbmUuUE9TVEdSRVNcbiAgICB9XG5cbiAgICBjb25zdCBmdW5jdGlvbk5hbWUgPSBcIlJkc1NxbFwiICsgc2x1Z2lmeShcIjI4YjllNzkxLWFmNjAtNGEzMy1iY2E4LWZmYjZmMzBlZjhjNVwiKVxuICAgIHRoaXMuaGFuZGxlciA9XG4gICAgICAoU3RhY2sub2YodGhpcykubm9kZS50cnlGaW5kQ2hpbGQoZnVuY3Rpb25OYW1lKSBhcyBJRnVuY3Rpb24pID8/XG4gICAgICB0aGlzLm5ld0N1c3RvbVJlc291cmNlSGFuZGxlcihzY29wZSwgZnVuY3Rpb25OYW1lLCBwcm9wcylcblxuICAgIGNvbnN0IHByb3ZpZGVyID0gbmV3IGN1c3RvbVJlc291cmNlcy5Qcm92aWRlcih0aGlzLCBcIlJkc1NxbFwiLCB7XG4gICAgICBvbkV2ZW50SGFuZGxlcjogdGhpcy5oYW5kbGVyLFxuICAgIH0pXG4gICAgdGhpcy5zZXJ2aWNlVG9rZW4gPSBwcm92aWRlci5zZXJ2aWNlVG9rZW5cblxuICAgIC8vIEhhbmRsZSBkYXRhYmFzZSBjb25uZWN0aW9uIHNldHVwXG4gICAgaWYgKGlzRHNxbCkge1xuICAgICAgLy8gRm9yIERTUUwsIGdyYW50IElBTSBwZXJtaXNzaW9ucyBpbnN0ZWFkIG9mIFZQQyBzZWN1cml0eSBncm91cHNcbiAgICAgIGNvbnN0IGRzcWxDbHVzdGVyID0gcHJvcHMuY2x1c3RlciBhcyBkc3FsLkNmbkNsdXN0ZXJcbiAgICAgIHRoaXMuaGFuZGxlci5hZGRUb1JvbGVQb2xpY3koXG4gICAgICAgIG5ldyBpYW0uUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgICBlZmZlY3Q6IGlhbS5FZmZlY3QuQUxMT1csXG4gICAgICAgICAgYWN0aW9uczogW1wiZHNxbDpEYkNvbm5lY3RBZG1pblwiXSxcbiAgICAgICAgICByZXNvdXJjZXM6IFtkc3FsQ2x1c3Rlci5hdHRyUmVzb3VyY2VBcm5dLFxuICAgICAgICB9KVxuICAgICAgKVxuICAgIH0gZWxzZSB7XG4gICAgICAvLyBUcmFkaXRpb25hbCBSRFMgc2V0dXAgd2l0aCBzZWN1cml0eSBncm91cHMgYW5kIHNlY3JldHNcbiAgICAgIHRoaXMuc2VjcmV0IS5ncmFudFJlYWQodGhpcy5oYW5kbGVyKVxuICAgICAgaWYgKHRoaXMuc2VjcmV0IS5lbmNyeXB0aW9uS2V5KSB7XG4gICAgICAgIC8vIEl0IHNlZW1zIHdlIG5lZWQgdG8gZ3JhbnQgZXhwbGljaXQgcGVybWlzc2lvblxuICAgICAgICB0aGlzLnNlY3JldCEuZW5jcnlwdGlvbktleS5ncmFudERlY3J5cHQodGhpcy5oYW5kbGVyKVxuICAgICAgfVxuICAgICAgaWYgKHByb3BzLmNsdXN0ZXIuY29ubmVjdGlvbnMuc2VjdXJpdHlHcm91cHMubGVuZ3RoID09PSAwKSB7XG4gICAgICAgIHRocm93IG5ldyBFcnJvcihcIkNsdXN0ZXIgZG9lcyBub3QgaGF2ZSBhIHNlY3VyaXR5IGdyb3VwLlwiKVxuICAgICAgfSBlbHNlIHtcbiAgICAgICAgY29uc3Qgc2VjdXJpdHlHcm91cCA9IHByb3BzLmNsdXN0ZXIuY29ubmVjdGlvbnMuc2VjdXJpdHlHcm91cHNbMF0hXG4gICAgICAgIHRoaXMuaGFuZGxlci5ub2RlLmRlZmF1bHRDaGlsZD8ubm9kZS5hZGREZXBlbmRlbmN5KHNlY3VyaXR5R3JvdXApXG4gICAgICB9XG4gICAgfVxuICAgIHRoaXMubm9kZS5hZGREZXBlbmRlbmN5KHByb3BzLmNsdXN0ZXIpXG4gIH1cblxuICBwcm90ZWN0ZWQgbmV3Q3VzdG9tUmVzb3VyY2VIYW5kbGVyKFxuICAgIHNjb3BlOiBDb25zdHJ1Y3QsXG4gICAgaWQ6IHN0cmluZyxcbiAgICBwcm9wczogUmRzU3FsUHJvcHNcbiAgKTogbGFtYmRhLk5vZGVqc0Z1bmN0aW9uIHtcbiAgICBjb25zdCBpc0RzcWwgPSBpc0RzcWxDbHVzdGVyKHByb3BzLmNsdXN0ZXIpXG4gICAgY29uc3QgaGFuZGxlckRpciA9IHBhdGguam9pbihfX2Rpcm5hbWUsIFwiaGFuZGxlclwiKVxuICAgIGNvbnN0IGluZGV4X3RzID0gcGF0aC5qb2luKGhhbmRsZXJEaXIsIFwiaW5kZXgudHNcIilcbiAgICBjb25zdCBpbmRleF9qcyA9IHBhdGguam9pbihoYW5kbGVyRGlyLCBcImluZGV4LmpzXCIpXG4gICAgbGV0IGVudHJ5OiBzdHJpbmdcblxuICAgIGlmIChleGlzdHNTeW5jKGluZGV4X3RzKSkge1xuICAgICAgZW50cnkgPSBpbmRleF90c1xuICAgIH0gZWxzZSBpZiAoZXhpc3RzU3luYyhpbmRleF9qcykpIHtcbiAgICAgIGVudHJ5ID0gaW5kZXhfanNcbiAgICB9IGVsc2Uge1xuICAgICAgLy8gVWdseSBoYWNrIHRvIHN1cHBvcnQgU1NUIChwb3NzaWJseSBjYXVzZWQgYnkgbXkgaGFjayB0byBtYWtlIFNTVCB3b3JrIHdpdGggQ29tbW9uSlMgbGlicmFyaWVzKVxuICAgICAgZW50cnkgPSBwYXRoLmpvaW4oXG4gICAgICAgIHBhdGguZGlybmFtZShwcm9jZXNzLmVudi5ucG1fcGFja2FnZV9qc29uIHx8IHByb2Nlc3MuY3dkKCkpLFxuICAgICAgICBcIm5vZGVfbW9kdWxlcy9jZGstcmRzLXNxbC9saWIvaGFuZGxlci9pbmRleC5qc1wiXG4gICAgICApXG4gICAgfVxuICAgIGxldCBzc2xfb3B0aW9uczogUmVjb3JkPHN0cmluZywgc3RyaW5nPiB8IHVuZGVmaW5lZFxuICAgIGlmIChwcm9wcy5zc2wgIT09IHVuZGVmaW5lZCAmJiAhcHJvcHMuc3NsKSB7XG4gICAgICBzc2xfb3B0aW9ucyA9IHtcbiAgICAgICAgU1NMOiBKU09OLnN0cmluZ2lmeShwcm9wcy5zc2wpLFxuICAgICAgfVxuICAgIH1cbiAgICBjb25zdCBsb2dnZXIgPSBwcm9wcy5sb2dnZXIgPz8gZmFsc2VcblxuICAgIC8vIEJ1aWxkIGVudmlyb25tZW50IHZhcmlhYmxlc1xuICAgIGNvbnN0IGVudmlyb25tZW50OiBSZWNvcmQ8c3RyaW5nLCBzdHJpbmc+ID0ge1xuICAgICAgTE9HR0VSOiBsb2dnZXIudG9TdHJpbmcoKSxcbiAgICAgIC4uLnNzbF9vcHRpb25zLFxuICAgIH1cblxuICAgIC8vIEFkZCBEU1FMLXNwZWNpZmljIGVudmlyb25tZW50IHZhcmlhYmxlc1xuICAgIGlmIChpc0RzcWwpIHtcbiAgICAgIGNvbnN0IGRzcWxDbHVzdGVyID0gcHJvcHMuY2x1c3RlciBhcyBkc3FsLkNmbkNsdXN0ZXJcbiAgICAgIGNvbnN0IGNsdXN0ZXJJZCA9IGRzcWxDbHVzdGVyLmF0dHJJZGVudGlmaWVyXG4gICAgICBjb25zdCByZWdpb24gPSBTdGFjay5vZihzY29wZSkucmVnaW9uXG4gICAgICBlbnZpcm9ubWVudC5EU1FMX0VORFBPSU5UID0gYCR7Y2x1c3RlcklkfS5kc3FsLiR7cmVnaW9ufS5vbi5hd3NgXG4gICAgICBlbnZpcm9ubWVudC5EU1FMX1BPUlQgPSBcIjU0MzJcIlxuICAgIH0gZWxzZSBpZiAocHJvcHMuc2VjcmV0KSB7XG4gICAgICAvLyBBZGQgc2VjcmV0IEFSTiB0byBlbnZpcm9ubWVudCBmb3IgdHJhZGl0aW9uYWwgUkRTXG4gICAgICBlbnZpcm9ubWVudC5TRUNSRVRfQVJOID0gcHJvcHMuc2VjcmV0LnNlY3JldEFyblxuICAgIH1cblxuICAgIGNvbnN0IGRlbGV0ZVBhcmFtZXRlclBvbGljeSA9IG5ldyBpYW0uUG9saWN5U3RhdGVtZW50KHtcbiAgICAgIGFjdGlvbnM6IFtcInNzbTpEZWxldGVQYXJhbWV0ZXJcIl0sXG4gICAgICByZXNvdXJjZXM6IFtcbiAgICAgICAgYGFybjphd3M6c3NtOiR7U3RhY2sub2Yoc2NvcGUpLnJlZ2lvbn06JHtTdGFjay5vZihzY29wZSkuYWNjb3VudH06cGFyYW1ldGVyLypgLFxuICAgICAgXSxcbiAgICAgIGNvbmRpdGlvbnM6IHtcbiAgICAgICAgU3RyaW5nRXF1YWxzOiB7XG4gICAgICAgICAgXCJzc206UmVzb3VyY2VUYWcvY3JlYXRlZC1ieVwiOiBcImNkay1yZHMtc3FsXCIsXG4gICAgICAgIH0sXG4gICAgICB9LFxuICAgIH0pXG5cbiAgICBjb25zdCBmbiA9IG5ldyBsYW1iZGEuTm9kZWpzRnVuY3Rpb24oc2NvcGUsIGlkLCB7XG4gICAgICAuLi5wcm9wcy5mdW5jdGlvblByb3BzLFxuICAgICAgLy8gT25seSBjb25maWd1cmUgVlBDIGZvciB0cmFkaXRpb25hbCBSRFNcbiAgICAgIC4uLihpc0RzcWxcbiAgICAgICAgPyB7fVxuICAgICAgICA6IHtcbiAgICAgICAgICAgIHZwYzogcHJvcHMudnBjLFxuICAgICAgICAgICAgdnBjU3VibmV0czogcHJvcHMudnBjU3VibmV0cyA/PyB7XG4gICAgICAgICAgICAgIHN1Ym5ldFR5cGU6IFN1Ym5ldFR5cGUuUFJJVkFURV9JU09MQVRFRCxcbiAgICAgICAgICAgIH0sXG4gICAgICAgICAgfSksXG4gICAgICBlbnRyeTogZW50cnksXG4gICAgICBydW50aW1lOiBSdW50aW1lLk5PREVKU18yMl9YLFxuICAgICAgdGltZW91dDogcHJvcHMudGltZW91dCA/PyBwcm9wcy5mdW5jdGlvblByb3BzPy50aW1lb3V0ID8/IER1cmF0aW9uLnNlY29uZHMoMzAwKSxcbiAgICAgIGJ1bmRsaW5nOiB7XG4gICAgICAgIC8vIEluY2x1ZGUgdGhlIG1pZ3JhdGlvbnMgZGlyZWN0b3J5IGluIHRoZSBidW5kbGVcbiAgICAgICAgY29tbWFuZEhvb2tzOiB7XG4gICAgICAgICAgYmVmb3JlQnVuZGxpbmcoXzogc3RyaW5nLCBvdXRwdXREaXI6IHN0cmluZyk6IHN0cmluZ1tdIHtcbiAgICAgICAgICAgIHJldHVybiBbXG4gICAgICAgICAgICAgIGBjdXJsIC0tc2lsZW50IC1mTCBodHRwczovL3RydXN0c3RvcmUucGtpLnJkcy5hbWF6b25hd3MuY29tL2dsb2JhbC9nbG9iYWwtYnVuZGxlLnBlbSAtbyAke3BhdGguam9pbihcbiAgICAgICAgICAgICAgICBvdXRwdXREaXIsXG4gICAgICAgICAgICAgICAgXCJnbG9iYWwtYnVuZGxlLnBlbVwiXG4gICAgICAgICAgICAgICl9YCxcbiAgICAgICAgICAgIF1cbiAgICAgICAgICB9LFxuICAgICAgICAgIGFmdGVyQnVuZGxpbmcoKTogc3RyaW5nW10ge1xuICAgICAgICAgICAgcmV0dXJuIFtdXG4gICAgICAgICAgfSxcbiAgICAgICAgICBiZWZvcmVJbnN0YWxsKCk6IHN0cmluZ1tdIHtcbiAgICAgICAgICAgIHJldHVybiBbXVxuICAgICAgICAgIH0sXG4gICAgICAgIH0sXG4gICAgICB9LFxuICAgICAgZW52aXJvbm1lbnQsXG4gICAgICBpbml0aWFsUG9saWN5OiBbXG4gICAgICAgIGRlbGV0ZVBhcmFtZXRlclBvbGljeSxcbiAgICAgICAgLi4uKHByb3BzLmZ1bmN0aW9uUHJvcHM/LmluaXRpYWxQb2xpY3kgPz8gW10pLFxuICAgICAgXSxcbiAgICB9KVxuXG4gICAgLy8gT25seSBjb25maWd1cmUgc2VjdXJpdHkgZ3JvdXBzIGZvciB0cmFkaXRpb25hbCBSRFMgKG5vdCBEU1FMKVxuICAgIGlmIChcbiAgICAgICFpc0RzcWwgJiZcbiAgICAgICghcHJvcHMuZnVuY3Rpb25Qcm9wcz8uc2VjdXJpdHlHcm91cHMgfHxcbiAgICAgICAgcHJvcHMuZnVuY3Rpb25Qcm9wcz8uc2VjdXJpdHlHcm91cHMubGVuZ3RoID09PSAwKVxuICAgICkge1xuICAgICAgY29uc3QgcmRzQ2x1c3RlciA9IHByb3BzLmNsdXN0ZXIgYXMgSURhdGFiYXNlQ2x1c3RlciB8IElEYXRhYmFzZUluc3RhbmNlXG4gICAgICByZHNDbHVzdGVyLmNvbm5lY3Rpb25zLmFsbG93RGVmYXVsdFBvcnRGcm9tKFxuICAgICAgICBmbixcbiAgICAgICAgXCJBbGxvdyB0aGUgcmRzIHNxbCBoYW5kbGVyIHRvIGNvbm5lY3QgdG8gZGJcIlxuICAgICAgKVxuICAgIH1cblxuICAgIHJldHVybiBmblxuICB9XG59XG5cbmNsYXNzIEltcG9ydGVkUHJvdmlkZXIgZXh0ZW5kcyBDb25zdHJ1Y3QgaW1wbGVtZW50cyBJUHJvdmlkZXIge1xuICBwdWJsaWMgcmVhZG9ubHkgc2VydmljZVRva2VuOiBzdHJpbmdcbiAgcHVibGljIHJlYWRvbmx5IGhhbmRsZXI6IElGdW5jdGlvblxuICBwdWJsaWMgcmVhZG9ubHkgc2VjcmV0PzogSVNlY3JldFxuICBwdWJsaWMgcmVhZG9ubHkgZW5naW5lOiBzdHJpbmdcbiAgcHVibGljIHJlYWRvbmx5IGNsdXN0ZXI/OiBJRGF0YWJhc2VDbHVzdGVyIHwgSURhdGFiYXNlSW5zdGFuY2UgfCBkc3FsLkNmbkNsdXN0ZXJcblxuICBjb25zdHJ1Y3RvcihzY29wZTogQ29uc3RydWN0LCBpZDogc3RyaW5nLCBhdHRyczogUHJvdmlkZXJBdHRyaWJ1dGVzKSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkKVxuXG4gICAgLy8gVmFsaWRhdGUgdGhhdCBlaXRoZXIgZnVuY3Rpb25Bcm4gb3IgZnVuY3Rpb25OYW1lIGlzIHByb3ZpZGVkXG4gICAgaWYgKCFhdHRycy5mdW5jdGlvbkFybiAmJiAhYXR0cnMuZnVuY3Rpb25OYW1lKSB7XG4gICAgICB0aHJvdyBuZXcgRXJyb3IoXCJFaXRoZXIgZnVuY3Rpb25Bcm4gb3IgZnVuY3Rpb25OYW1lIG11c3QgYmUgcHJvdmlkZWRcIilcbiAgICB9XG4gICAgaWYgKGF0dHJzLmZ1bmN0aW9uQXJuICYmIGF0dHJzLmZ1bmN0aW9uTmFtZSkge1xuICAgICAgdGhyb3cgbmV3IEVycm9yKFwiUHJvdmlkZSBlaXRoZXIgZnVuY3Rpb25Bcm4gb3IgZnVuY3Rpb25OYW1lLCBub3QgYm90aFwiKVxuICAgIH1cblxuICAgIC8vIEltcG9ydCB0aGUgZXhpc3RpbmcgTGFtYmRhIGZ1bmN0aW9uXG4gICAgdGhpcy5oYW5kbGVyID0gYXR0cnMuZnVuY3Rpb25Bcm5cbiAgICAgID8gRnVuY3Rpb24uZnJvbUZ1bmN0aW9uQXJuKHRoaXMsIFwiSGFuZGxlclwiLCBhdHRycy5mdW5jdGlvbkFybilcbiAgICAgIDogRnVuY3Rpb24uZnJvbUZ1bmN0aW9uTmFtZSh0aGlzLCBcIkhhbmRsZXJcIiwgYXR0cnMuZnVuY3Rpb25OYW1lISlcblxuICAgIC8vIERlcml2ZSBzZXJ2aWNlVG9rZW4gYnkgd3JhcHBpbmcgaW4gY3VzdG9tIHJlc291cmNlIHByb3ZpZGVyXG4gICAgY29uc3QgcHJvdmlkZXIgPSBuZXcgY3VzdG9tUmVzb3VyY2VzLlByb3ZpZGVyKHRoaXMsIFwiUHJvdmlkZXJcIiwge1xuICAgICAgb25FdmVudEhhbmRsZXI6IHRoaXMuaGFuZGxlcixcbiAgICB9KVxuICAgIHRoaXMuc2VydmljZVRva2VuID0gcHJvdmlkZXIuc2VydmljZVRva2VuXG5cbiAgICB0aGlzLmVuZ2luZSA9IGF0dHJzLmVuZ2luZVxuICAgIHRoaXMuc2VjcmV0ID0gdW5kZWZpbmVkIC8vIEltcG9ydGVkIHByb3ZpZGVycyBnZXQgc2VjcmV0IGZyb20gZW52aXJvbm1lbnRcbiAgICB0aGlzLmNsdXN0ZXIgPSBhdHRycy5jbHVzdGVyIC8vIE9wdGlvbmFsIGNsdXN0ZXIgZm9yIHJvbGUgY3JlYXRpb25cbiAgfVxufVxuXG5mdW5jdGlvbiBzbHVnaWZ5KHg6IHN0cmluZyk6IHN0cmluZyB7XG4gIHJldHVybiB4LnJlcGxhY2UoL1teYS16QS1aMC05XS9nLCBcIlwiKVxufVxuIl19