sops-secretsmanager-cdk
Version:
Safely load secrets from sops into secretsmanager using the CDK
121 lines • 17.3 kB
JavaScript
;
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __exportStar = (this && this.__exportStar) || function(m, exports) {
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.SopsSecretsManager = void 0;
const iam = require("aws-cdk-lib/aws-iam");
const lambda = require("aws-cdk-lib/aws-lambda");
const s3Assets = require("aws-cdk-lib/aws-s3-assets");
const secretsManager = require("aws-cdk-lib/aws-secretsmanager");
const cdk = require("aws-cdk-lib");
const constructs = require("constructs");
const customResource = require("aws-cdk-lib/custom-resources");
const common = require("./common");
__exportStar(require("./common"), exports);
class SopsSecretsManagerProvider extends constructs.Construct {
static getOrCreate(scope) {
const stack = cdk.Stack.of(scope);
const id = common.providerId;
const x = stack.node.tryFindChild(id) || new SopsSecretsManagerProvider(stack, id);
return x.provider;
}
constructor(scope, id) {
super(scope, id);
const policyStatements = [];
for (const statement of common.providerPolicyStatements) {
policyStatements.push(new iam.PolicyStatement(statement));
}
this.provider = new customResource.Provider(this, common.providerLogicalId, {
onEventHandler: new lambda.Function(this, common.providerFunctionLogicalId, {
code: lambda.Code.fromAsset(common.providerCodePath),
// CDK v2 does have lambda.Runtime.NODEJS_18_X, but
// only >=2.51.0 It is supported in all commercial
// regions. See
// https://aws.amazon.com/about-aws/whats-new/2022/11/aws-lambda-support-node-js-18/
runtime: new lambda.Runtime('nodejs18.x', lambda.RuntimeFamily.NODEJS, { supportsInlineCode: true }),
handler: common.providerHandler,
timeout: cdk.Duration.minutes(common.providerTimoutMinutes),
initialPolicy: policyStatements,
}),
});
}
}
class SopsSecretsManager extends constructs.Construct {
constructor(scope, id, props) {
var _a;
super(scope, id);
if (props.secret && props.secretName) {
throw new Error('Cannot set both secret and secretName');
}
else if (props.secret) {
this.secretArn = props.secret.secretArn;
this.secret = undefined;
}
else if (props.secretName) {
this.secret = new secretsManager.Secret(this, 'Secret', {
secretName: props.secretName,
});
this.secretArn = this.secret.secretArn;
}
else {
throw new Error('Must set one of secret or secretName');
}
this.asset = this.getAsset(props.asset, props.path);
const mutuallyExclusiveProps = {
wholeFile: !!props.wholeFile,
mappings: !!props.mappings,
singleValueMapping: !!props.singleValueMapping,
};
const mutuallyExclusivePropsEnabled = Object.keys(mutuallyExclusiveProps).filter((key) => mutuallyExclusiveProps[key]);
if (mutuallyExclusivePropsEnabled.length > 1) {
throw new Error(`Cannot set more than one of ${mutuallyExclusivePropsEnabled.join(', ')}`);
}
if (mutuallyExclusivePropsEnabled.length === 0) {
throw new Error(`Must set one of ${Object.keys(mutuallyExclusiveProps).join(', ')}`);
}
const provider = SopsSecretsManagerProvider.getOrCreate(this);
new cdk.CustomResource(this, 'Resource', {
serviceToken: provider.serviceToken,
resourceType: 'Custom::SopsSecretsManager',
properties: {
SecretArn: this.secretArn,
S3Bucket: this.asset.s3BucketName,
S3Path: this.asset.s3ObjectKey,
SourceHash: this.asset.assetHash,
KMSKeyArn: (_a = props.kmsKey) === null || _a === void 0 ? void 0 : _a.keyArn,
Mappings: JSON.stringify(props.mappings || {}),
SingleValueMapping: JSON.stringify(props.singleValueMapping || null),
WholeFile: props.wholeFile || false,
FileType: props.fileType,
},
});
}
getAsset(asset, secretFilePath) {
if (asset && secretFilePath) {
throw new Error('Cannot set both asset and path');
}
if (asset) {
return asset;
}
if (secretFilePath) {
return new s3Assets.Asset(this, 'SopsAsset', {
path: secretFilePath,
});
}
throw new Error('Must set one of asset or path');
}
}
exports.SopsSecretsManager = SopsSecretsManager;
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2RrdjIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9jZGt2Mi50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7OztBQUFBLDJDQUEyQztBQUUzQyxpREFBaUQ7QUFDakQsc0RBQXNEO0FBQ3RELGlFQUFpRTtBQUNqRSxtQ0FBbUM7QUFDbkMseUNBQXlDO0FBQ3pDLCtEQUErRDtBQUMvRCxtQ0FBbUM7QUFDbkMsMkNBQXlCO0FBUXpCLE1BQU0sMEJBQTJCLFNBQVEsVUFBVSxDQUFDLFNBQVM7SUFHbEQsTUFBTSxDQUFDLFdBQVcsQ0FBQyxLQUEyQjtRQUNqRCxNQUFNLEtBQUssR0FBRyxHQUFHLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUNsQyxNQUFNLEVBQUUsR0FBRyxNQUFNLENBQUMsVUFBVSxDQUFDO1FBQzdCLE1BQU0sQ0FBQyxHQUFJLEtBQUssQ0FBQyxJQUFJLENBQUMsWUFBWSxDQUFDLEVBQUUsQ0FBZ0MsSUFBSSxJQUFJLDBCQUEwQixDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztRQUNuSCxPQUFPLENBQUMsQ0FBQyxRQUFRLENBQUM7SUFDdEIsQ0FBQztJQUVELFlBQVksS0FBMkIsRUFBRSxFQUFVO1FBQy9DLEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFFakIsTUFBTSxnQkFBZ0IsR0FBK0IsRUFBRSxDQUFDO1FBQ3hELEtBQUssTUFBTSxTQUFTLElBQUksTUFBTSxDQUFDLHdCQUF3QixFQUFFO1lBQ3JELGdCQUFnQixDQUFDLElBQUksQ0FBQyxJQUFJLEdBQUcsQ0FBQyxlQUFlLENBQUMsU0FBUyxDQUFDLENBQUMsQ0FBQztTQUM3RDtRQUVELElBQUksQ0FBQyxRQUFRLEdBQUcsSUFBSSxjQUFjLENBQUMsUUFBUSxDQUFDLElBQUksRUFBRSxNQUFNLENBQUMsaUJBQWlCLEVBQUU7WUFDeEUsY0FBYyxFQUFFLElBQUksTUFBTSxDQUFDLFFBQVEsQ0FBQyxJQUFJLEVBQUUsTUFBTSxDQUFDLHlCQUF5QixFQUFFO2dCQUN4RSxJQUFJLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDLGdCQUFnQixDQUFDO2dCQUNwRCxtREFBbUQ7Z0JBQ25ELGtEQUFrRDtnQkFDbEQsZUFBZTtnQkFDZixvRkFBb0Y7Z0JBQ3BGLE9BQU8sRUFBRSxJQUFJLE1BQU0sQ0FBQyxPQUFPLENBQUMsWUFBWSxFQUFFLE1BQU0sQ0FBQyxhQUFhLENBQUMsTUFBTSxFQUFFLEVBQUUsa0JBQWtCLEVBQUUsSUFBSSxFQUFFLENBQUM7Z0JBQ3BHLE9BQU8sRUFBRSxNQUFNLENBQUMsZUFBZTtnQkFDL0IsT0FBTyxFQUFFLEdBQUcsQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFDLE1BQU0sQ0FBQyxxQkFBcUIsQ0FBQztnQkFDM0QsYUFBYSxFQUFFLGdCQUFnQjthQUNsQyxDQUFDO1NBQ0wsQ0FBQyxDQUFDO0lBQ1AsQ0FBQztDQUNKO0FBRUQsTUFBYSxrQkFBbUIsU0FBUSxVQUFVLENBQUMsU0FBUztJQUt4RCxZQUFZLEtBQTJCLEVBQUUsRUFBVSxFQUFFLEtBQThCOztRQUMvRSxLQUFLLENBQUMsS0FBSyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBRWpCLElBQUksS0FBSyxDQUFDLE1BQU0sSUFBSSxLQUFLLENBQUMsVUFBVSxFQUFFO1lBQ2xDLE1BQU0sSUFBSSxLQUFLLENBQUMsdUNBQXVDLENBQUMsQ0FBQztTQUM1RDthQUFNLElBQUksS0FBSyxDQUFDLE1BQU0sRUFBRTtZQUNyQixJQUFJLENBQUMsU0FBUyxHQUFHLEtBQUssQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDO1lBQ3hDLElBQUksQ0FBQyxNQUFNLEdBQUcsU0FBUyxDQUFDO1NBQzNCO2FBQU0sSUFBSSxLQUFLLENBQUMsVUFBVSxFQUFFO1lBQ3pCLElBQUksQ0FBQyxNQUFNLEdBQUcsSUFBSSxjQUFjLENBQUMsTUFBTSxDQUFDLElBQUksRUFBRSxRQUFRLEVBQUU7Z0JBQ3BELFVBQVUsRUFBRSxLQUFLLENBQUMsVUFBVTthQUMvQixDQUFDLENBQUM7WUFDSCxJQUFJLENBQUMsU0FBUyxHQUFHLElBQUksQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDO1NBQzFDO2FBQU07WUFDSCxNQUFNLElBQUksS0FBSyxDQUFDLHNDQUFzQyxDQUFDLENBQUM7U0FDM0Q7UUFDRCxJQUFJLENBQUMsS0FBSyxHQUFHLElBQUksQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFDLEtBQUssRUFBRSxLQUFLLENBQUMsSUFBSSxDQUFDLENBQUM7UUFFcEQsTUFBTSxzQkFBc0IsR0FBNEI7WUFDcEQsU0FBUyxFQUFFLENBQUMsQ0FBQyxLQUFLLENBQUMsU0FBUztZQUM1QixRQUFRLEVBQUUsQ0FBQyxDQUFDLEtBQUssQ0FBQyxRQUFRO1lBQzFCLGtCQUFrQixFQUFFLENBQUMsQ0FBQyxLQUFLLENBQUMsa0JBQWtCO1NBQ2pELENBQUE7UUFFRCxNQUFNLDZCQUE2QixHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMsc0JBQXNCLENBQUMsQ0FBQyxNQUFNLENBQUMsQ0FBQyxHQUFHLEVBQUUsRUFBRSxDQUFDLHNCQUFzQixDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUM7UUFDdkgsSUFBSSw2QkFBNkIsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxFQUFFO1lBQzFDLE1BQU0sSUFBSSxLQUFLLENBQUMsK0JBQStCLDZCQUE2QixDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLENBQUM7U0FDOUY7UUFFRCxJQUFJLDZCQUE2QixDQUFDLE1BQU0sS0FBSyxDQUFDLEVBQUU7WUFDNUMsTUFBTSxJQUFJLEtBQUssQ0FBQyxtQkFBbUIsTUFBTSxDQUFDLElBQUksQ0FBQyxzQkFBc0IsQ0FBQyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLENBQUM7U0FDeEY7UUFFRCxNQUFNLFFBQVEsR0FBRywwQkFBMEIsQ0FBQyxXQUFXLENBQUMsSUFBSSxDQUFDLENBQUM7UUFFOUQsSUFBSSxHQUFHLENBQUMsY0FBYyxDQUFDLElBQUksRUFBRSxVQUFVLEVBQUU7WUFDckMsWUFBWSxFQUFFLFFBQVEsQ0FBQyxZQUFZO1lBQ25DLFlBQVksRUFBRSw0QkFBNEI7WUFDMUMsVUFBVSxFQUFFO2dCQUNSLFNBQVMsRUFBRSxJQUFJLENBQUMsU0FBUztnQkFDekIsUUFBUSxFQUFFLElBQUksQ0FBQyxLQUFLLENBQUMsWUFBWTtnQkFDakMsTUFBTSxFQUFFLElBQUksQ0FBQyxLQUFLLENBQUMsV0FBVztnQkFDOUIsVUFBVSxFQUFFLElBQUksQ0FBQyxLQUFLLENBQUMsU0FBUztnQkFDaEMsU0FBUyxFQUFFLE1BQUEsS0FBSyxDQUFDLE1BQU0sMENBQUUsTUFBTTtnQkFDL0IsUUFBUSxFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsS0FBSyxDQUFDLFFBQVEsSUFBSSxFQUFFLENBQUM7Z0JBQzlDLGtCQUFrQixFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsS0FBSyxDQUFDLGtCQUFrQixJQUFJLElBQUksQ0FBQztnQkFDcEUsU0FBUyxFQUFFLEtBQUssQ0FBQyxTQUFTLElBQUksS0FBSztnQkFDbkMsUUFBUSxFQUFFLEtBQUssQ0FBQyxRQUFRO2FBQzNCO1NBQ0osQ0FBQyxDQUFDO0lBQ1AsQ0FBQztJQUVNLFFBQVEsQ0FBQyxLQUFzQixFQUFFLGNBQXVCO1FBQzNELElBQUksS0FBSyxJQUFJLGNBQWMsRUFBRTtZQUN6QixNQUFNLElBQUksS0FBSyxDQUFDLGdDQUFnQyxDQUFDLENBQUM7U0FDckQ7UUFFRCxJQUFJLEtBQUssRUFBRTtZQUNQLE9BQU8sS0FBSyxDQUFDO1NBQ2hCO1FBRUQsSUFBSSxjQUFjLEVBQUU7WUFDaEIsT0FBTyxJQUFJLFFBQVEsQ0FBQyxLQUFLLENBQUMsSUFBSSxFQUFFLFdBQVcsRUFBRTtnQkFDekMsSUFBSSxFQUFFLGNBQWM7YUFDdkIsQ0FBQyxDQUFDO1NBQ047UUFFRCxNQUFNLElBQUksS0FBSyxDQUFDLCtCQUErQixDQUFDLENBQUM7SUFDckQsQ0FBQztDQUNKO0FBMUVELGdEQTBFQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCAqIGFzIGlhbSBmcm9tICdhd3MtY2RrLWxpYi9hd3MtaWFtJztcbmltcG9ydCAqIGFzIGttcyBmcm9tICdhd3MtY2RrLWxpYi9hd3Mta21zJztcbmltcG9ydCAqIGFzIGxhbWJkYSBmcm9tICdhd3MtY2RrLWxpYi9hd3MtbGFtYmRhJztcbmltcG9ydCAqIGFzIHMzQXNzZXRzIGZyb20gJ2F3cy1jZGstbGliL2F3cy1zMy1hc3NldHMnO1xuaW1wb3J0ICogYXMgc2VjcmV0c01hbmFnZXIgZnJvbSAnYXdzLWNkay1saWIvYXdzLXNlY3JldHNtYW5hZ2VyJztcbmltcG9ydCAqIGFzIGNkayBmcm9tICdhd3MtY2RrLWxpYic7XG5pbXBvcnQgKiBhcyBjb25zdHJ1Y3RzIGZyb20gJ2NvbnN0cnVjdHMnO1xuaW1wb3J0ICogYXMgY3VzdG9tUmVzb3VyY2UgZnJvbSAnYXdzLWNkay1saWIvY3VzdG9tLXJlc291cmNlcyc7XG5pbXBvcnQgKiBhcyBjb21tb24gZnJvbSAnLi9jb21tb24nO1xuZXhwb3J0ICogZnJvbSAnLi9jb21tb24nO1xuXG5leHBvcnQgaW50ZXJmYWNlIFNvcHNTZWNyZXRzTWFuYWdlclByb3BzIGV4dGVuZHMgY29tbW9uLlNvcHNTZWNyZXRzTWFuYWdlckJhc2VQcm9wcyB7XG4gICAgcmVhZG9ubHkgc2VjcmV0Pzogc2VjcmV0c01hbmFnZXIuU2VjcmV0IHwgc2VjcmV0c01hbmFnZXIuSVNlY3JldDtcbiAgICByZWFkb25seSBhc3NldD86IHMzQXNzZXRzLkFzc2V0O1xuICAgIHJlYWRvbmx5IGttc0tleT86IGttcy5JS2V5O1xufVxuXG5jbGFzcyBTb3BzU2VjcmV0c01hbmFnZXJQcm92aWRlciBleHRlbmRzIGNvbnN0cnVjdHMuQ29uc3RydWN0IHtcbiAgICBwdWJsaWMgcmVhZG9ubHkgcHJvdmlkZXI6IGN1c3RvbVJlc291cmNlLlByb3ZpZGVyO1xuXG4gICAgcHVibGljIHN0YXRpYyBnZXRPckNyZWF0ZShzY29wZTogY29uc3RydWN0cy5Db25zdHJ1Y3QpOiBjdXN0b21SZXNvdXJjZS5Qcm92aWRlciB7XG4gICAgICAgIGNvbnN0IHN0YWNrID0gY2RrLlN0YWNrLm9mKHNjb3BlKTtcbiAgICAgICAgY29uc3QgaWQgPSBjb21tb24ucHJvdmlkZXJJZDtcbiAgICAgICAgY29uc3QgeCA9IChzdGFjay5ub2RlLnRyeUZpbmRDaGlsZChpZCkgYXMgU29wc1NlY3JldHNNYW5hZ2VyUHJvdmlkZXIpIHx8IG5ldyBTb3BzU2VjcmV0c01hbmFnZXJQcm92aWRlcihzdGFjaywgaWQpO1xuICAgICAgICByZXR1cm4geC5wcm92aWRlcjtcbiAgICB9XG5cbiAgICBjb25zdHJ1Y3RvcihzY29wZTogY29uc3RydWN0cy5Db25zdHJ1Y3QsIGlkOiBzdHJpbmcpIHtcbiAgICAgICAgc3VwZXIoc2NvcGUsIGlkKTtcblxuICAgICAgICBjb25zdCBwb2xpY3lTdGF0ZW1lbnRzOiBBcnJheTxpYW0uUG9saWN5U3RhdGVtZW50PiA9IFtdO1xuICAgICAgICBmb3IgKGNvbnN0IHN0YXRlbWVudCBvZiBjb21tb24ucHJvdmlkZXJQb2xpY3lTdGF0ZW1lbnRzKSB7XG4gICAgICAgICAgICBwb2xpY3lTdGF0ZW1lbnRzLnB1c2gobmV3IGlhbS5Qb2xpY3lTdGF0ZW1lbnQoc3RhdGVtZW50KSk7XG4gICAgICAgIH1cblxuICAgICAgICB0aGlzLnByb3ZpZGVyID0gbmV3IGN1c3RvbVJlc291cmNlLlByb3ZpZGVyKHRoaXMsIGNvbW1vbi5wcm92aWRlckxvZ2ljYWxJZCwge1xuICAgICAgICAgICAgb25FdmVudEhhbmRsZXI6IG5ldyBsYW1iZGEuRnVuY3Rpb24odGhpcywgY29tbW9uLnByb3ZpZGVyRnVuY3Rpb25Mb2dpY2FsSWQsIHtcbiAgICAgICAgICAgICAgICBjb2RlOiBsYW1iZGEuQ29kZS5mcm9tQXNzZXQoY29tbW9uLnByb3ZpZGVyQ29kZVBhdGgpLFxuICAgICAgICAgICAgICAgIC8vIENESyB2MiBkb2VzIGhhdmUgbGFtYmRhLlJ1bnRpbWUuTk9ERUpTXzE4X1gsIGJ1dFxuICAgICAgICAgICAgICAgIC8vIG9ubHkgPj0yLjUxLjAgSXQgaXMgc3VwcG9ydGVkIGluIGFsbCBjb21tZXJjaWFsXG4gICAgICAgICAgICAgICAgLy8gcmVnaW9ucy4gU2VlXG4gICAgICAgICAgICAgICAgLy8gaHR0cHM6Ly9hd3MuYW1hem9uLmNvbS9hYm91dC1hd3Mvd2hhdHMtbmV3LzIwMjIvMTEvYXdzLWxhbWJkYS1zdXBwb3J0LW5vZGUtanMtMTgvXG4gICAgICAgICAgICAgICAgcnVudGltZTogbmV3IGxhbWJkYS5SdW50aW1lKCdub2RlanMxOC54JywgbGFtYmRhLlJ1bnRpbWVGYW1pbHkuTk9ERUpTLCB7IHN1cHBvcnRzSW5saW5lQ29kZTogdHJ1ZSB9KSxcbiAgICAgICAgICAgICAgICBoYW5kbGVyOiBjb21tb24ucHJvdmlkZXJIYW5kbGVyLFxuICAgICAgICAgICAgICAgIHRpbWVvdXQ6IGNkay5EdXJhdGlvbi5taW51dGVzKGNvbW1vbi5wcm92aWRlclRpbW91dE1pbnV0ZXMpLFxuICAgICAgICAgICAgICAgIGluaXRpYWxQb2xpY3k6IHBvbGljeVN0YXRlbWVudHMsXG4gICAgICAgICAgICB9KSxcbiAgICAgICAgfSk7XG4gICAgfVxufVxuXG5leHBvcnQgY2xhc3MgU29wc1NlY3JldHNNYW5hZ2VyIGV4dGVuZHMgY29uc3RydWN0cy5Db25zdHJ1Y3Qge1xuICAgIHB1YmxpYyByZWFkb25seSBzZWNyZXQ6IHNlY3JldHNNYW5hZ2VyLlNlY3JldCB8IHVuZGVmaW5lZDtcbiAgICBwdWJsaWMgcmVhZG9ubHkgc2VjcmV0QXJuOiBzdHJpbmc7XG4gICAgcHVibGljIHJlYWRvbmx5IGFzc2V0OiBzM0Fzc2V0cy5Bc3NldDtcblxuICAgIGNvbnN0cnVjdG9yKHNjb3BlOiBjb25zdHJ1Y3RzLkNvbnN0cnVjdCwgaWQ6IHN0cmluZywgcHJvcHM6IFNvcHNTZWNyZXRzTWFuYWdlclByb3BzKSB7XG4gICAgICAgIHN1cGVyKHNjb3BlLCBpZCk7XG5cbiAgICAgICAgaWYgKHByb3BzLnNlY3JldCAmJiBwcm9wcy5zZWNyZXROYW1lKSB7XG4gICAgICAgICAgICB0aHJvdyBuZXcgRXJyb3IoJ0Nhbm5vdCBzZXQgYm90aCBzZWNyZXQgYW5kIHNlY3JldE5hbWUnKTtcbiAgICAgICAgfSBlbHNlIGlmIChwcm9wcy5zZWNyZXQpIHtcbiAgICAgICAgICAgIHRoaXMuc2VjcmV0QXJuID0gcHJvcHMuc2VjcmV0LnNlY3JldEFybjtcbiAgICAgICAgICAgIHRoaXMuc2VjcmV0ID0gdW5kZWZpbmVkO1xuICAgICAgICB9IGVsc2UgaWYgKHByb3BzLnNlY3JldE5hbWUpIHtcbiAgICAgICAgICAgIHRoaXMuc2VjcmV0ID0gbmV3IHNlY3JldHNNYW5hZ2VyLlNlY3JldCh0aGlzLCAnU2VjcmV0Jywge1xuICAgICAgICAgICAgICAgIHNlY3JldE5hbWU6IHByb3BzLnNlY3JldE5hbWUsXG4gICAgICAgICAgICB9KTtcbiAgICAgICAgICAgIHRoaXMuc2VjcmV0QXJuID0gdGhpcy5zZWNyZXQuc2VjcmV0QXJuO1xuICAgICAgICB9IGVsc2Uge1xuICAgICAgICAgICAgdGhyb3cgbmV3IEVycm9yKCdNdXN0IHNldCBvbmUgb2Ygc2VjcmV0IG9yIHNlY3JldE5hbWUnKTtcbiAgICAgICAgfVxuICAgICAgICB0aGlzLmFzc2V0ID0gdGhpcy5nZXRBc3NldChwcm9wcy5hc3NldCwgcHJvcHMucGF0aCk7XG5cbiAgICAgICAgY29uc3QgbXV0dWFsbHlFeGNsdXNpdmVQcm9wczogUmVjb3JkPHN0cmluZywgYm9vbGVhbj4gPSB7XG4gICAgICAgICAgICB3aG9sZUZpbGU6ICEhcHJvcHMud2hvbGVGaWxlLFxuICAgICAgICAgICAgbWFwcGluZ3M6ICEhcHJvcHMubWFwcGluZ3MsXG4gICAgICAgICAgICBzaW5nbGVWYWx1ZU1hcHBpbmc6ICEhcHJvcHMuc2luZ2xlVmFsdWVNYXBwaW5nLFxuICAgICAgICB9XG5cbiAgICAgICAgY29uc3QgbXV0dWFsbHlFeGNsdXNpdmVQcm9wc0VuYWJsZWQgPSBPYmplY3Qua2V5cyhtdXR1YWxseUV4Y2x1c2l2ZVByb3BzKS5maWx0ZXIoKGtleSkgPT4gbXV0dWFsbHlFeGNsdXNpdmVQcm9wc1trZXldKTtcbiAgICAgICAgaWYgKG11dHVhbGx5RXhjbHVzaXZlUHJvcHNFbmFibGVkLmxlbmd0aCA+IDEpIHtcbiAgICAgICAgICAgIHRocm93IG5ldyBFcnJvcihgQ2Fubm90IHNldCBtb3JlIHRoYW4gb25lIG9mICR7bXV0dWFsbHlFeGNsdXNpdmVQcm9wc0VuYWJsZWQuam9pbignLCAnKX1gKTtcbiAgICAgICAgfVxuXG4gICAgICAgIGlmIChtdXR1YWxseUV4Y2x1c2l2ZVByb3BzRW5hYmxlZC5sZW5ndGggPT09IDApIHtcbiAgICAgICAgICAgIHRocm93IG5ldyBFcnJvcihgTXVzdCBzZXQgb25lIG9mICR7T2JqZWN0LmtleXMobXV0dWFsbHlFeGNsdXNpdmVQcm9wcykuam9pbignLCAnKX1gKTtcbiAgICAgICAgfVxuXG4gICAgICAgIGNvbnN0IHByb3ZpZGVyID0gU29wc1NlY3JldHNNYW5hZ2VyUHJvdmlkZXIuZ2V0T3JDcmVhdGUodGhpcyk7XG5cbiAgICAgICAgbmV3IGNkay5DdXN0b21SZXNvdXJjZSh0aGlzLCAnUmVzb3VyY2UnLCB7XG4gICAgICAgICAgICBzZXJ2aWNlVG9rZW46IHByb3ZpZGVyLnNlcnZpY2VUb2tlbixcbiAgICAgICAgICAgIHJlc291cmNlVHlwZTogJ0N1c3RvbTo6U29wc1NlY3JldHNNYW5hZ2VyJyxcbiAgICAgICAgICAgIHByb3BlcnRpZXM6IHtcbiAgICAgICAgICAgICAgICBTZWNyZXRBcm46IHRoaXMuc2VjcmV0QXJuLFxuICAgICAgICAgICAgICAgIFMzQnVja2V0OiB0aGlzLmFzc2V0LnMzQnVja2V0TmFtZSxcbiAgICAgICAgICAgICAgICBTM1BhdGg6IHRoaXMuYXNzZXQuczNPYmplY3RLZXksXG4gICAgICAgICAgICAgICAgU291cmNlSGFzaDogdGhpcy5hc3NldC5hc3NldEhhc2gsXG4gICAgICAgICAgICAgICAgS01TS2V5QXJuOiBwcm9wcy5rbXNLZXk/LmtleUFybixcbiAgICAgICAgICAgICAgICBNYXBwaW5nczogSlNPTi5zdHJpbmdpZnkocHJvcHMubWFwcGluZ3MgfHwge30pLFxuICAgICAgICAgICAgICAgIFNpbmdsZVZhbHVlTWFwcGluZzogSlNPTi5zdHJpbmdpZnkocHJvcHMuc2luZ2xlVmFsdWVNYXBwaW5nIHx8IG51bGwpLFxuICAgICAgICAgICAgICAgIFdob2xlRmlsZTogcHJvcHMud2hvbGVGaWxlIHx8IGZhbHNlLFxuICAgICAgICAgICAgICAgIEZpbGVUeXBlOiBwcm9wcy5maWxlVHlwZSxcbiAgICAgICAgICAgIH0sXG4gICAgICAgIH0pO1xuICAgIH1cblxuICAgIHB1YmxpYyBnZXRBc3NldChhc3NldD86IHMzQXNzZXRzLkFzc2V0LCBzZWNyZXRGaWxlUGF0aD86IHN0cmluZyk6IHMzQXNzZXRzLkFzc2V0IHtcbiAgICAgICAgaWYgKGFzc2V0ICYmIHNlY3JldEZpbGVQYXRoKSB7XG4gICAgICAgICAgICB0aHJvdyBuZXcgRXJyb3IoJ0Nhbm5vdCBzZXQgYm90aCBhc3NldCBhbmQgcGF0aCcpO1xuICAgICAgICB9XG5cbiAgICAgICAgaWYgKGFzc2V0KSB7XG4gICAgICAgICAgICByZXR1cm4gYXNzZXQ7XG4gICAgICAgIH1cblxuICAgICAgICBpZiAoc2VjcmV0RmlsZVBhdGgpIHtcbiAgICAgICAgICAgIHJldHVybiBuZXcgczNBc3NldHMuQXNzZXQodGhpcywgJ1NvcHNBc3NldCcsIHtcbiAgICAgICAgICAgICAgICBwYXRoOiBzZWNyZXRGaWxlUGF0aCxcbiAgICAgICAgICAgIH0pO1xuICAgICAgICB9XG5cbiAgICAgICAgdGhyb3cgbmV3IEVycm9yKCdNdXN0IHNldCBvbmUgb2YgYXNzZXQgb3IgcGF0aCcpO1xuICAgIH1cbn1cbiJdfQ==