agent-claw: automated task changes

cdk/node_modules/aws-cdk-lib/aws-iam/lib/private/assume-role-policy.d.ts

@@ -0,0 +1,8 @@
+import type { PolicyDocument } from '../policy-document';
+import type { IPrincipal } from '../principals';
+/**
+ * Add a principal to an AssumeRolePolicyDocument in the right way
+ *
+ * Delegate to the principal if it can do the job itself, do a default job if it can't.
+ */
+export declare function defaultAddPrincipalToAssumeRole(principal: IPrincipal, doc: PolicyDocument): void;

cdk/node_modules/aws-cdk-lib/aws-iam/lib/private/assume-role-policy.js

@@ -0,0 +1 @@
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.defaultAddPrincipalToAssumeRole=defaultAddPrincipalToAssumeRole;var policy_statement_1=()=>{var tmp=require("../policy-statement");return policy_statement_1=()=>tmp,tmp};function defaultAddPrincipalToAssumeRole(principal,doc){isAssumeRolePrincipal(principal)?principal.addToAssumeRolePolicy(doc):doc.addStatements(new(policy_statement_1()).PolicyStatement({actions:[principal.assumeRoleAction],principals:[principal]}))}function isAssumeRolePrincipal(principal){return!!principal.addToAssumeRolePolicy}

cdk/node_modules/aws-cdk-lib/aws-iam/lib/private/comparable-principal.d.ts

@@ -0,0 +1,6 @@
+import type { IPrincipal } from '../principals';
+export declare function partitionPrincipals(xs: IPrincipal[]): PartitionResult;
+export interface PartitionResult {
+    readonly nonComparable: IPrincipal[];
+    readonly comparable: Record<string, IPrincipal>;
+}

cdk/node_modules/aws-cdk-lib/aws-iam/lib/private/comparable-principal.js

@@ -0,0 +1 @@
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.partitionPrincipals=partitionPrincipals;var principals_1=()=>{var tmp=require("../principals");return principals_1=()=>tmp,tmp};function partitionPrincipals(xs){const nonComparable=[],comparable={};for(const x of xs){const dedupe=principals_1().ComparablePrincipal.dedupeStringFor(x);dedupe?comparable[dedupe]=x:nonComparable.push(x)}return{comparable,nonComparable}}

cdk/node_modules/aws-cdk-lib/aws-iam/lib/private/immutable-role.d.ts

@@ -0,0 +1,45 @@
+import type { Construct } from 'constructs';
+import { Resource } from '../../../core';
+import type { Grant } from '../grant';
+import type { RoleReference } from '../iam.generated';
+import type { IManagedPolicy } from '../managed-policy';
+import type { Policy } from '../policy';
+import type { PolicyStatement } from '../policy-statement';
+import type { AddToPrincipalPolicyResult, IPrincipal } from '../principals';
+import type { IRole } from '../role';
+/**
+ * An immutable wrapper around an IRole
+ *
+ * This wrapper ignores all mutating operations, like attaching policies or
+ * adding policy statements.
+ *
+ * Useful in cases where you want to turn off CDK's automatic permissions
+ * management, and instead have full control over all permissions.
+ *
+ * Note: if you want to ignore all mutations for an externally defined role
+ * which was imported into the CDK with `Role.fromRoleArn`, you don't have to use this class -
+ * simply pass the property mutable = false when calling `Role.fromRoleArn`.
+ */
+export declare class ImmutableRole extends Resource implements IRole {
+    private readonly role;
+    private readonly addGrantsToResources;
+    /** Uniquely identifies this class. */
+    static readonly PROPERTY_INJECTION_ID: string;
+    readonly assumeRoleAction: string;
+    readonly policyFragment: any;
+    readonly grantPrincipal: IPrincipal;
+    readonly principalAccount: string | undefined;
+    readonly roleArn: string;
+    readonly roleName: string;
+    private readonly _stack;
+    constructor(scope: Construct, id: string, role: IRole, addGrantsToResources: boolean);
+    get stack(): import("../../../core").Stack;
+    get roleRef(): RoleReference;
+    attachInlinePolicy(_policy: Policy): void;
+    addManagedPolicy(_policy: IManagedPolicy): void;
+    addToPolicy(statement: PolicyStatement): boolean;
+    addToPrincipalPolicy(_statement: PolicyStatement): AddToPrincipalPolicyResult;
+    grant(grantee: IPrincipal, ...actions: string[]): Grant;
+    grantPassRole(grantee: IPrincipal): Grant;
+    grantAssumeRole(identity: IPrincipal): Grant;
+}

cdk/node_modules/aws-cdk-lib/aws-iam/lib/private/imported-role.d.ts

@@ -0,0 +1,37 @@
+import type { Construct } from 'constructs';
+import { Resource } from '../../../core';
+import { Grant } from '../grant';
+import type { RoleReference } from '../iam.generated';
+import type { IManagedPolicy } from '../managed-policy';
+import { Policy } from '../policy';
+import type { PolicyStatement } from '../policy-statement';
+import type { AddToPrincipalPolicyResult, IComparablePrincipal, IPrincipal, PrincipalPolicyFragment } from '../principals';
+import type { FromRoleArnOptions, IRole } from '../role';
+export interface ImportedRoleProps extends FromRoleArnOptions {
+    readonly roleArn: string;
+    readonly roleName: string;
+    readonly account?: string;
+}
+export declare class ImportedRole extends Resource implements IRole, IComparablePrincipal {
+    /** Uniquely identifies this class. */
+    static readonly PROPERTY_INJECTION_ID: string;
+    readonly grantPrincipal: IPrincipal;
+    readonly principalAccount?: string;
+    readonly assumeRoleAction: string;
+    readonly policyFragment: PrincipalPolicyFragment;
+    readonly roleArn: string;
+    readonly roleName: string;
+    private readonly attachedPolicies;
+    private readonly defaultPolicyName?;
+    private defaultPolicy?;
+    constructor(scope: Construct, id: string, props: ImportedRoleProps);
+    get roleRef(): RoleReference;
+    addToPolicy(statement: PolicyStatement): boolean;
+    addToPrincipalPolicy(statement: PolicyStatement): AddToPrincipalPolicyResult;
+    attachInlinePolicy(policy: Policy): void;
+    addManagedPolicy(policy: IManagedPolicy): void;
+    grantPassRole(identity: IPrincipal): Grant;
+    grantAssumeRole(identity: IPrincipal): Grant;
+    grant(grantee: IPrincipal, ...actions: string[]): Grant;
+    dedupeString(): string | undefined;
+}

cdk/node_modules/aws-cdk-lib/aws-iam/lib/private/merge-statements.d.ts

@@ -0,0 +1,44 @@
+import type { IConstruct } from 'constructs';
+import type { PolicyStatement } from '../policy-statement';
+/**
+ * Options for the mergeStatement command
+ */
+export interface MergeStatementOptions {
+    /**
+     * Scope to derive configuration flags from
+     */
+    readonly scope: IConstruct;
+    /**
+     * Do not merge statements if the result would be bigger than MAX_MERGE_SIZE
+     *
+     * @default false
+     */
+    readonly limitSize?: boolean;
+    /**
+     * Merge statements if they can be combined to produce the same effects.
+     *
+     * If false, statements are only merged if they are exactly equal.
+     *
+     * @default true
+     */
+    readonly mergeIfCombinable?: boolean;
+}
+/**
+ * Merge as many statements as possible to shrink the total policy doc, modifying the input array in place
+ *
+ * We compare and merge all pairs of statements (O(N^2) complexity), opportunistically
+ * merging them. This is not guaranteed to produce the optimal output, but it's probably
+ * Good Enough(tm). If it merges anything, it's at least going to produce a smaller output
+ * than the input.
+ */
+export declare function mergeStatements(statements: PolicyStatement[], options: MergeStatementOptions): MergeStatementResult;
+export interface MergeStatementResult {
+    /**
+     * The list of maximally merged statements
+     */
+    readonly mergedStatements: PolicyStatement[];
+    /**
+     * Mapping of old to new statements
+     */
+    readonly originsMap: Map<PolicyStatement, PolicyStatement[]>;
+}

cdk/node_modules/aws-cdk-lib/aws-iam/lib/private/merge-statements.js

@@ -0,0 +1 @@
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.mergeStatements=mergeStatements;var comparable_principal_1=()=>{var tmp=require("./comparable-principal");return comparable_principal_1=()=>tmp,tmp},policy_statement_1=()=>{var tmp=require("../policy-statement");return policy_statement_1=()=>tmp,tmp},util_1=()=>{var tmp=require("../util");return util_1=()=>tmp,tmp};const MAX_MERGE_SIZE=2e3;function mergeStatements(statements,options){const sizeOptions=(0,policy_statement_1().deriveEstimateSizeOptions)(options.scope),compStatements=statements.map(makeComparable),mergeFn=options?.mergeIfCombinable??!0?mergeIfCombinable:mergeIfEqual;for(;onePass(););const mergedStatements=new Array,originsMap=new Map;for(const comp of compStatements){const statement=renderComparable(comp);mergedStatements.push(statement),originsMap.set(statement,comp.originals)}return{mergedStatements,originsMap};function onePass(){let ret=!1;for(let i=0;i<compStatements.length;i++){let j=i+1;for(;j<compStatements.length;){const merged=mergeFn(compStatements[i],compStatements[j],!!options.limitSize,sizeOptions);merged?(compStatements[i]=merged,compStatements.splice(j,1),ret=!0):j++}}return ret}}function mergeIfCombinable(a,b,limitSize,options){if(a.statement.effect!==b.statement.effect||a.statement.sid||b.statement.sid||a.conditionString!==b.conditionString||!setEqual(a.statement.notActions,b.statement.notActions)||!setEqual(a.statement.notResources,b.statement.notResources)||!setEqualPrincipals(a.statement.notPrincipals,b.statement.notPrincipals)||(setEqual(a.statement.actions,b.statement.actions)?1:0)+(setEqual(a.statement.resources,b.statement.resources)?1:0)+(setEqualPrincipals(a.statement.principals,b.statement.principals)?1:0)<2||unmergeablePrincipals(a,b))return;const combined=a.statement.copy({actions:setMerge(a.statement.actions,b.statement.actions),resources:setMerge(a.statement.resources,b.statement.resources),principals:setMergePrincipals(a.statement.principals,b.statement.principals)});if(!(limitSize&&combined._estimateSize(options)>MAX_MERGE_SIZE))return{originals:[...a.originals,...b.originals],statement:combined,conditionString:a.conditionString}}function mergeIfEqual(a,b){if(a.statement.effect===b.statement.effect&&a.statement.sid===b.statement.sid&&a.conditionString===b.conditionString&&!(!setEqual(a.statement.notActions,b.statement.notActions)||!setEqual(a.statement.notResources,b.statement.notResources)||!setEqualPrincipals(a.statement.notPrincipals,b.statement.notPrincipals))&&!(!setEqual(a.statement.actions,b.statement.actions)||!setEqual(a.statement.resources,b.statement.resources)||!setEqualPrincipals(a.statement.principals,b.statement.principals)))return{originals:[...a.originals,...b.originals],statement:a.statement,conditionString:a.conditionString}}function makeComparable(s){return{originals:[s],statement:s,conditionString:JSON.stringify(s.conditions)}}function unmergeablePrincipals(a,b){const aHasLiteral=a.statement.principals.some(v=>util_1().LITERAL_STRING_KEY in v.policyFragment.principalJson),bHasLiteral=b.statement.principals.some(v=>util_1().LITERAL_STRING_KEY in v.policyFragment.principalJson);return aHasLiteral!==bHasLiteral}function renderComparable(s){return s.statement}function setEqual(a,b){const bSet=new Set(b);return a.length===b.length&&a.every(k=>bSet.has(k))}function setMerge(x,y){return Array.from(new Set([...x,...y])).sort()}function setEqualPrincipals(xs,ys){const xPrincipals=(0,comparable_principal_1().partitionPrincipals)(xs),yPrincipals=(0,comparable_principal_1().partitionPrincipals)(ys),nonComp=setEqual(xPrincipals.nonComparable,yPrincipals.nonComparable),comp=setEqual(Object.keys(xPrincipals.comparable),Object.keys(yPrincipals.comparable));return nonComp&&comp}function setMergePrincipals(xs,ys){const xPrincipals=(0,comparable_principal_1().partitionPrincipals)(xs),yPrincipals=(0,comparable_principal_1().partitionPrincipals)(ys),comparable={...xPrincipals.comparable,...yPrincipals.comparable};return[...Object.values(comparable),...xPrincipals.nonComparable,...yPrincipals.nonComparable]}

cdk/node_modules/aws-cdk-lib/aws-iam/lib/private/policydoc-adapter.d.ts

@@ -0,0 +1,11 @@
+import { PolicyDocument } from '../policy-document';
+import type { PolicyStatement } from '../policy-statement';
+/**
+ * A PolicyDocument adapter that can modify statements flowing through it
+ */
+export declare class MutatingPolicyDocumentAdapter extends PolicyDocument {
+    private readonly wrapped;
+    private readonly mutator;
+    constructor(wrapped: PolicyDocument, mutator: (s: PolicyStatement) => PolicyStatement);
+    addStatements(...statements: PolicyStatement[]): void;
+}

cdk/node_modules/aws-cdk-lib/aws-iam/lib/private/policydoc-adapter.js

@@ -0,0 +1 @@
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.MutatingPolicyDocumentAdapter=void 0;var policy_document_1=()=>{var tmp=require("../policy-document");return policy_document_1=()=>tmp,tmp};class MutatingPolicyDocumentAdapter extends policy_document_1().PolicyDocument{wrapped;mutator;constructor(wrapped,mutator){super(),this.wrapped=wrapped,this.mutator=mutator}addStatements(...statements){for(const st of statements)this.wrapped.addStatements(this.mutator(st))}}exports.MutatingPolicyDocumentAdapter=MutatingPolicyDocumentAdapter;

cdk/node_modules/aws-cdk-lib/aws-iam/lib/private/postprocess-policy-document.d.ts

@@ -0,0 +1,29 @@
+import * as cdk from '../../../core';
+/**
+ * A Token postprocesser for policy documents
+ *
+ * Removes duplicate statements, and assign Sids if necessary
+ *
+ * Because policy documents can contain all kinds of crazy things,
+ * we do all the necessary work here after the document has been mostly resolved
+ * into a predictable CloudFormation form.
+ */
+export declare class PostProcessPolicyDocument implements cdk.IPostProcessor {
+    private readonly autoAssignSids;
+    private readonly sort;
+    constructor(autoAssignSids: boolean, sort: boolean);
+    postProcess(input: any, _context: cdk.IResolveContext): any;
+}
+export type IamValue = string | Record<string, any> | Array<string | Record<string, any>>;
+export interface StatementSchema {
+    Sid?: string;
+    Effect?: string;
+    Principal?: string | string[] | Record<string, IamValue>;
+    NotPrincipal?: string | string[] | Record<string, IamValue>;
+    Resource?: IamValue;
+    NotResource?: IamValue;
+    Action?: IamValue;
+    NotAction?: IamValue;
+    Condition?: unknown;
+}
+export declare function normalizeStatement(s: StatementSchema): any;

cdk/node_modules/aws-cdk-lib/aws-iam/lib/private/postprocess-policy-document.js

@@ -0,0 +1 @@
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.PostProcessPolicyDocument=void 0,exports.normalizeStatement=normalizeStatement;var cdk=()=>{var tmp=require("../../../core");return cdk=()=>tmp,tmp},util_1=()=>{var tmp=require("../util");return util_1=()=>tmp,tmp};class PostProcessPolicyDocument{autoAssignSids;sort;constructor(autoAssignSids,sort){this.autoAssignSids=autoAssignSids,this.sort=sort}postProcess(input,_context){if(!input||!input.Statement)return input;const jsonStatements=new Set,uniqueStatements=[];for(const statement of input.Statement){const jsonStatement=JSON.stringify(statement);jsonStatements.has(jsonStatement)||(uniqueStatements.push(statement),jsonStatements.add(jsonStatement))}const statements=uniqueStatements.map((s,i)=>(this.autoAssignSids&&!s.Sid&&(s.Sid=i.toString()),this.sort&&(s.Action&&(s.Action=sortByJson(s.Action)),s.Resource&&(s.Resource=sortByJson(s.Resource)),s.Principal&&(s.Principal=sortPrincipals(s.Principal))),s));return{...input,Statement:statements}}}exports.PostProcessPolicyDocument=PostProcessPolicyDocument;function normalizeStatement(s){return noUndef({Action:_norm(s.Action,{unique:!0}),NotAction:_norm(s.NotAction,{unique:!0}),Condition:_norm(s.Condition),Effect:_norm(s.Effect),Principal:_normPrincipal(s.Principal),NotPrincipal:_normPrincipal(s.NotPrincipal),Resource:_norm(s.Resource,{unique:!0}),NotResource:_norm(s.NotResource,{unique:!0}),Sid:_norm(s.Sid)});function _norm(values,{unique=!1}={unique:!1}){if(values!=null){if(cdk().Token.isUnresolved(values))return values;if(Array.isArray(values))return!values||values.length===0?void 0:values.length===1?values[0]:unique?Array.from(new Set(values)):values;if(!(values&&typeof values=="object"&&Object.keys(values).length===0))return values}}function _normPrincipal(principal){if(!principal||Array.isArray(principal)||typeof principal!="object")return;const keys=Object.keys(principal);if(keys.length===0)return;if(util_1().LITERAL_STRING_KEY in principal)return principal[util_1().LITERAL_STRING_KEY][0];const result={};for(const key of keys){const normVal=_norm(principal[key]);normVal&&(result[key]=normVal)}return result}}function noUndef(x){const ret={};for(const[key,value]of Object.entries(x))value!==void 0&&(ret[key]=value);return ret}function sortPrincipals(xs){if(!xs||Array.isArray(xs)||typeof xs!="object")return xs;const ret={};for(const k of Object.keys(xs).sort())ret[k]=sortByJson(xs[k]);return ret}function sortByJson(xs){if(!Array.isArray(xs))return xs;const intermediate=new Map;for(const x of xs)intermediate.set(JSON.stringify(x),x);const sorted=Array.from(intermediate.keys()).sort().map(k=>intermediate.get(k));return xs.splice(0,xs.length,...sorted),xs.length!==1?xs:xs[0]}

cdk/node_modules/aws-cdk-lib/aws-iam/lib/private/precreated-role.d.ts

@@ -0,0 +1,76 @@
+import type { Construct } from 'constructs';
+import { Resource, Stack } from '../../../core';
+import type { Grant } from '../grant';
+import type { RoleReference } from '../iam.generated';
+import type { IManagedPolicy } from '../managed-policy';
+import type { Policy } from '../policy';
+import type { PolicyDocument } from '../policy-document';
+import type { PolicyStatement } from '../policy-statement';
+import type { AddToPrincipalPolicyResult, IPrincipal, PrincipalPolicyFragment } from '../principals';
+import type { IRole } from '../role';
+/**
+ * Options for a precreated role
+ */
+export interface PrecreatedRoleProps {
+    /**
+     * The base role to use for the precreated role. In most cases this will be
+     * the `Role` or `IRole` that is being created by a construct. For example,
+     * users (or constructs) will create an IAM role with `new Role(this, 'MyRole', {...})`.
+     * That `Role` will be used as the base role for the `PrecreatedRole` meaning it be able
+     * to access any methods and properties on the base role.
+     */
+    readonly role: IRole;
+    /**
+     * The assume role (trust) policy for the precreated role.
+     *
+     * @default - no assume role policy
+     */
+    readonly assumeRolePolicy?: PolicyDocument;
+    /**
+     * If the role is missing from the precreatedRole context
+     *
+     * @default false
+     */
+    readonly missing?: boolean;
+    /**
+     * The construct path to display in the report.
+     * This should be the path that the user can trace to the
+     * role being created in their application
+     *
+     * @default the construct path of this construct
+     */
+    readonly rolePath?: string;
+}
+/**
+ * An IAM role that has been created outside of CDK and can be
+ * used in place of a role that CDK _is_ creating.
+ *
+ * When any policy is attached to a precreated role the policy will be
+ * synthesized into a separate report and will _not_ be synthesized in
+ * the CloudFormation template.
+ */
+export declare class PrecreatedRole extends Resource implements IRole {
+    /** Uniquely identifies this class. */
+    static readonly PROPERTY_INJECTION_ID: string;
+    readonly assumeRoleAction: string;
+    readonly policyFragment: PrincipalPolicyFragment;
+    readonly grantPrincipal: this;
+    readonly principalAccount?: string;
+    readonly roleArn: string;
+    readonly roleName: string;
+    private readonly _stack;
+    private readonly policySynthesizer;
+    private readonly policyStatements;
+    private readonly managedPolicies;
+    private readonly role;
+    constructor(scope: Construct, id: string, props: PrecreatedRoleProps);
+    get stack(): Stack;
+    get roleRef(): RoleReference;
+    attachInlinePolicy(policy: Policy): void;
+    addManagedPolicy(policy: IManagedPolicy): void;
+    addToPolicy(statement: PolicyStatement): boolean;
+    addToPrincipalPolicy(statement: PolicyStatement): AddToPrincipalPolicyResult;
+    grant(grantee: IPrincipal, ...actions: string[]): Grant;
+    grantPassRole(grantee: IPrincipal): Grant;
+    grantAssumeRole(identity: IPrincipal): Grant;
+}

cdk/node_modules/aws-cdk-lib/aws-iam/lib/private/util.d.ts

@@ -0,0 +1,58 @@
+import type { IConstruct } from 'constructs';
+import type { IPostProcessor, IResolvable, IResolveContext } from '../../../core';
+import type { IPolicy } from '../policy';
+export declare const MAX_POLICY_NAME_LEN = 128;
+export declare const LITERAL_STRING_KEY = "LiteralString";
+export declare function undefinedIfEmpty(f: () => string[]): string[];
+/**
+ * Used to generate a unique policy name based on the policy resource construct.
+ * The logical ID of the resource is a great candidate as long as it doesn't exceed
+ * 128 characters, so we take the last 128 characters (in order to make sure the hash
+ * is there).
+ */
+export declare function generatePolicyName(scope: IConstruct, logicalId: string): string;
+/**
+ * Helper class that maintains the set of attached policies for a principal.
+ */
+export declare class AttachedPolicies {
+    private policies;
+    /**
+     * Adds a policy to the list of attached policies.
+     *
+     * If this policy is already, attached, returns false.
+     * If there is another policy attached with the same name, throws an exception.
+     */
+    attach(policy: IPolicy): void;
+}
+/**
+ * Merge two dictionaries that represent IAM principals
+ *
+ * Does an in-place merge.
+ */
+export declare function mergePrincipal(target: {
+    [key: string]: string[];
+}, source: {
+    [key: string]: string[];
+}): {
+    [key: string]: string[];
+};
+/**
+ * Lazy string set token that dedupes entries
+ *
+ * Needs to operate post-resolve, because the inputs could be
+ * `[ '${Token[TOKEN.9]}', '${Token[TOKEN.10]}', '${Token[TOKEN.20]}' ]`, which
+ * still all resolve to the same string value.
+ *
+ * Needs to JSON.stringify() results because strings could resolve to literal
+ * strings but could also resolve to `{ Fn::Join: [...] }`.
+ */
+export declare class UniqueStringSet implements IResolvable, IPostProcessor {
+    private readonly fn;
+    static from(fn: () => string[]): string[];
+    readonly creationStack: string[];
+    private constructor();
+    resolve(context: IResolveContext): string[];
+    postProcess(input: any, _context: IResolveContext): any;
+    toString(): string;
+}
+export declare function sum(xs: number[]): number;

cdk/node_modules/aws-cdk-lib/aws-iam/lib/private/util.js

@@ -0,0 +1 @@
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.UniqueStringSet=exports.AttachedPolicies=exports.LITERAL_STRING_KEY=exports.MAX_POLICY_NAME_LEN=void 0,exports.undefinedIfEmpty=undefinedIfEmpty,exports.generatePolicyName=generatePolicyName,exports.mergePrincipal=mergePrincipal,exports.sum=sum;var core_1=()=>{var tmp=require("../../../core");return core_1=()=>tmp,tmp},literal_string_1=()=>{var tmp=require("../../../core/lib/private/literal-string");return literal_string_1=()=>tmp,tmp};exports.MAX_POLICY_NAME_LEN=128,exports.LITERAL_STRING_KEY="LiteralString";function undefinedIfEmpty(f){return core_1().Lazy.list({produce:()=>{const array=f();return array&&array.length>0?array:void 0}})}function generatePolicyName(scope,logicalId){const resolvedLogicalId=core_1().Tokenization.resolve(logicalId,{scope,resolver:new(core_1()).DefaultTokenResolver(new(core_1()).StringConcat)});return lastNCharacters(resolvedLogicalId,exports.MAX_POLICY_NAME_LEN)}function lastNCharacters(str,n){const startIndex=Math.max(str.length-n,0);return str.substring(startIndex,str.length)}class AttachedPolicies{policies=new Array;attach(policy){if(!this.policies.find(p=>p===policy)){if(this.policies.find(p=>p.policyName===policy.policyName))throw new(core_1()).ValidationError((0,literal_string_1().lit)`PolicyNamedAlreadyAttached`,`A policy named "${policy.policyName}" is already attached`,policy);this.policies.push(policy)}}}exports.AttachedPolicies=AttachedPolicies;function mergePrincipal(target,source){const sourceKeys=Object.keys(source),targetKeys=Object.keys(target);if(exports.LITERAL_STRING_KEY in source&&targetKeys.some(k=>k!==exports.LITERAL_STRING_KEY)||exports.LITERAL_STRING_KEY in target&&sourceKeys.some(k=>k!==exports.LITERAL_STRING_KEY))throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`CannotMustBeCannotMerge`,`Cannot merge principals ${JSON.stringify(target)} and ${JSON.stringify(source)}; if one uses a literal principal string the other one must be empty`);for(const key of sourceKeys){target[key]=target[key]??[];let value=source[key];Array.isArray(value)||(value=[value]),target[key].push(...value)}return target}class UniqueStringSet{fn;static from(fn){return core_1().Token.asList(new UniqueStringSet(fn))}creationStack=["Token stack traces are no longer captured"];constructor(fn){this.fn=fn}resolve(context){return context.registerPostProcessor(this),this.fn()}postProcess(input,_context){if(!Array.isArray(input))return input;if(input.length===0)return;const uniq={};for(const el of input)uniq[JSON.stringify(el)]=el;return Object.values(uniq)}toString(){return core_1().Token.asString(this)}}exports.UniqueStringSet=UniqueStringSet;function sum(xs){return xs.reduce((a,b)=>a+b,0)}