@drunk-pulumi/azure-components 0.0.6

package/database/MySql.js

@@ -0,0 +1,181 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MySql = void 0;
+const mysql = __importStar(require("@pulumi/azure-native/dbformysql"));
+const pulumi = __importStar(require("@pulumi/pulumi"));
+const azAd_1 = require("../azAd");
+const base_1 = require("../base");
+const helpers_1 = require("../helpers");
+const vnet = __importStar(require("../vnet"));
+const helpers_2 = require("./helpers");
+class MySql extends base_1.BaseResourceComponent {
+    id;
+    resourceName;
+    constructor(name, args, opts) {
+        super('MySql', name, args, opts);
+        const server = this.createMySql();
+        this.createNetwork(server);
+        this.enableADAdmin(server);
+        this.createDatabases(server);
+        if (args.lock)
+            this.lockFromDeleting(server);
+        this.id = server.id;
+        this.resourceName = server.name;
+        this.registerOutputs();
+    }
+    getOutputs() {
+        return {
+            id: this.id,
+            resourceName: this.resourceName,
+        };
+    }
+    createMySql() {
+        const { rsGroup, enableEncryption, administratorLogin, lock } = this.args;
+        const adminLogin = administratorLogin ?? pulumi.interpolate `${this.name}-admin-${this.createRandomString().value}`;
+        const password = this.createPassword();
+        const encryptionKey = enableEncryption ? this.getEncryptionKey() : undefined;
+        const uAssignedId = this.getUAssignedId();
+        const server = new mysql.Server(this.name, {
+            ...this.args,
+            ...rsGroup,
+            administratorLogin: adminLogin,
+            administratorLoginPassword: password.value,
+            version: this.args.version ?? mysql.ServerVersion.ServerVersion_8_0_21,
+            storage: this.args.storage ?? { storageSizeGB: 30 },
+            identity: {
+                type: mysql.ManagedServiceIdentityType.UserAssigned,
+                userAssignedIdentities: [uAssignedId.id],
+            },
+            dataEncryption: encryptionKey
+                ? {
+                    type: mysql.DataEncryptionType.AzureKeyVault,
+                    primaryUserAssignedIdentityId: uAssignedId.id,
+                    primaryKeyURI: encryptionKey.id,
+                }
+                : { type: 'SystemManaged' },
+            maintenanceWindow: this.args.maintenanceWindow ?? {
+                customWindow: 'Enabled',
+                dayOfWeek: 0, //0 is Sunday
+                startHour: 0,
+                startMinute: 0,
+            },
+            backup: this.args.backup ?? {
+                geoRedundantBackup: helpers_1.azureEnv.isPrd ? 'Enabled' : 'Disabled',
+                backupRetentionDays: helpers_1.azureEnv.isPrd ? 30 : 7,
+            },
+            highAvailability: this.args.sku.tier !== 'Burstable'
+                ? this.args.highAvailability ?? {
+                    mode: helpers_1.azureEnv.isPrd ? 'ZoneRedundant' : 'SameZone',
+                    standbyAvailabilityZone: helpers_1.azureEnv.isPrd ? '3' : '1',
+                }
+                : undefined,
+            availabilityZone: this.args.availabilityZone ?? helpers_1.azureEnv.isPrd ? '3' : '1',
+            network: {
+                publicNetworkAccess: this.args.network?.publicNetworkAccess ?? this.args.network?.privateLink ? 'Disabled' : 'Enabled',
+            },
+        }, {
+            ...this.opts,
+            protect: lock ?? this.opts?.protect,
+            parent: this,
+        });
+        this.addSecrets({
+            [`${this.name}-host`]: pulumi.interpolate `${server.name}.mysql.database.azure.com`,
+            [`${this.name}-port`]: '3306',
+            [`${this.name}-login`]: this.args.administratorLogin,
+            [`${this.name}-pass`]: password.value,
+            [`${this.name}-username`]: adminLogin,
+        });
+        return server;
+    }
+    createNetwork(server) {
+        const { rsGroup, network } = this.args;
+        if (network?.ipRules) {
+            pulumi.output(network.ipRules).apply((ips) => (0, helpers_2.convertToIpRange)(ips).map((f, i) => new mysql.FirewallRule(`${this.name}-firewall-${i}`, {
+                ...rsGroup,
+                //firewallRuleName: `${this.name}-firewall-${i}`,
+                serverName: server.name,
+                startIpAddress: f.start,
+                endIpAddress: f.end,
+            }, { dependsOn: server, parent: this })));
+        }
+        if (network?.privateLink) {
+            new vnet.PrivateEndpoint(this.name, {
+                ...network.privateLink,
+                rsGroup,
+                type: 'mysql',
+                resourceInfo: server,
+            }, { dependsOn: server, parent: this });
+        }
+    }
+    enableADAdmin(server) {
+        const { rsGroup, groupRoles, enableAzureADAdmin } = this.args;
+        if (!enableAzureADAdmin || !groupRoles)
+            return undefined;
+        return new mysql.AzureADAdministrator(this.name, {
+            ...rsGroup,
+            administratorName: `${this.name}-azure-ad`,
+            serverName: server.name,
+            login: server.administratorLogin.apply((login) => login),
+            administratorType: 'ActiveDirectory',
+            sid: groupRoles.contributor.objectId,
+            tenantId: helpers_1.azureEnv.tenantId,
+        }, { dependsOn: server, parent: this });
+    }
+    createDatabases(server) {
+        const { rsGroup, databases } = this.args;
+        if (!databases)
+            return undefined;
+        return databases.map((d) => {
+            const db = new mysql.Database(`${this.name}-${d.name}`, {
+                ...rsGroup,
+                serverName: server.name,
+                databaseName: d.name,
+            }, { dependsOn: server, parent: this });
+            //add connection string to vault
+            //   const conn = pulumi.interpolate``;
+            //   this.addSecret(`${this.name}-${d.name}-conn`, conn);
+            return db;
+        });
+    }
+    getUAssignedId() {
+        const { defaultUAssignedId, rsGroup, groupRoles, vaultInfo } = this.args;
+        if (defaultUAssignedId)
+            return defaultUAssignedId;
+        return new azAd_1.UserAssignedIdentity(this.name, { rsGroup, vaultInfo, memberof: groupRoles ? [groupRoles.readOnly] : undefined }, { dependsOn: this.opts?.dependsOn, parent: this });
+    }
+}
+exports.MySql = MySql;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiTXlTcWwuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvZGF0YWJhc2UvTXlTcWwudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsdUVBQXlEO0FBQ3pELHVEQUF5QztBQUN6QyxrQ0FBK0M7QUFDL0Msa0NBQTBEO0FBQzFELHdDQUFzQztBQUV0Qyw4Q0FBZ0M7QUFDaEMsdUNBQTZDO0FBa0M3QyxNQUFhLEtBQU0sU0FBUSw0QkFBZ0M7SUFDekMsRUFBRSxDQUF3QjtJQUMxQixZQUFZLENBQXdCO0lBRXBELFlBQVksSUFBWSxFQUFFLElBQWUsRUFBRSxJQUFzQztRQUMvRSxLQUFLLENBQUMsT0FBTyxFQUFFLElBQUksRUFBRSxJQUFJLEVBQUUsSUFBSSxDQUFDLENBQUM7UUFFakMsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO1FBQ2xDLElBQUksQ0FBQyxhQUFhLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDM0IsSUFBSSxDQUFDLGFBQWEsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUMzQixJQUFJLENBQUMsZUFBZSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBRTdCLElBQUksSUFBSSxDQUFDLElBQUk7WUFBRSxJQUFJLENBQUMsZ0JBQWdCLENBQUMsTUFBTSxDQUFDLENBQUM7UUFFN0MsSUFBSSxDQUFDLEVBQUUsR0FBRyxNQUFNLENBQUMsRUFBRSxDQUFDO1FBQ3BCLElBQUksQ0FBQyxZQUFZLEdBQUcsTUFBTSxDQUFDLElBQUksQ0FBQztRQUVoQyxJQUFJLENBQUMsZUFBZSxFQUFFLENBQUM7SUFDekIsQ0FBQztJQUVNLFVBQVU7UUFDZixPQUFPO1lBQ0wsRUFBRSxFQUFFLElBQUksQ0FBQyxFQUFFO1lBQ1gsWUFBWSxFQUFFLElBQUksQ0FBQyxZQUFZO1NBQ2hDLENBQUM7SUFDSixDQUFDO0lBRU8sV0FBVztRQUNqQixNQUFNLEVBQUUsT0FBTyxFQUFFLGdCQUFnQixFQUFFLGtCQUFrQixFQUFFLElBQUksRUFBRSxHQUFHLElBQUksQ0FBQyxJQUFJLENBQUM7UUFFMUUsTUFBTSxVQUFVLEdBQUcsa0JBQWtCLElBQUksTUFBTSxDQUFDLFdBQVcsQ0FBQSxHQUFHLElBQUksQ0FBQyxJQUFJLFVBQVUsSUFBSSxDQUFDLGtCQUFrQixFQUFFLENBQUMsS0FBSyxFQUFFLENBQUM7UUFDbkgsTUFBTSxRQUFRLEdBQUcsSUFBSSxDQUFDLGNBQWMsRUFBRSxDQUFDO1FBQ3ZDLE1BQU0sYUFBYSxHQUFHLGdCQUFnQixDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQyxDQUFDLENBQUMsU0FBUyxDQUFDO1FBQzdFLE1BQU0sV0FBVyxHQUFHLElBQUksQ0FBQyxjQUFjLEVBQUUsQ0FBQztRQUUxQyxNQUFNLE1BQU0sR0FBRyxJQUFJLEtBQUssQ0FBQyxNQUFNLENBQzdCLElBQUksQ0FBQyxJQUFJLEVBQ1Q7WUFDRSxHQUFHLElBQUksQ0FBQyxJQUFJO1lBQ1osR0FBRyxPQUFPO1lBRVYsa0JBQWtCLEVBQUUsVUFBVTtZQUM5QiwwQkFBMEIsRUFBRSxRQUFRLENBQUMsS0FBSztZQUMxQyxPQUFPLEVBQUUsSUFBSSxDQUFDLElBQUksQ0FBQyxPQUFPLElBQUksS0FBSyxDQUFDLGFBQWEsQ0FBQyxvQkFBb0I7WUFDdEUsT0FBTyxFQUFFLElBQUksQ0FBQyxJQUFJLENBQUMsT0FBTyxJQUFJLEVBQUUsYUFBYSxFQUFFLEVBQUUsRUFBRTtZQUVuRCxRQUFRLEVBQUU7Z0JBQ1IsSUFBSSxFQUFFLEtBQUssQ0FBQywwQkFBMEIsQ0FBQyxZQUFZO2dCQUNuRCxzQkFBc0IsRUFBRSxDQUFDLFdBQVcsQ0FBQyxFQUFFLENBQUM7YUFDekM7WUFFRCxjQUFjLEVBQUUsYUFBYTtnQkFDM0IsQ0FBQyxDQUFDO29CQUNFLElBQUksRUFBRSxLQUFLLENBQUMsa0JBQWtCLENBQUMsYUFBYTtvQkFDNUMsNkJBQTZCLEVBQUUsV0FBVyxDQUFDLEVBQUU7b0JBQzdDLGFBQWEsRUFBRSxhQUFhLENBQUMsRUFBRTtpQkFDaEM7Z0JBQ0gsQ0FBQyxDQUFDLEVBQUUsSUFBSSxFQUFFLGVBQWUsRUFBRTtZQUU3QixpQkFBaUIsRUFBRSxJQUFJLENBQUMsSUFBSSxDQUFDLGlCQUFpQixJQUFJO2dCQUNoRCxZQUFZLEVBQUUsU0FBUztnQkFDdkIsU0FBUyxFQUFFLENBQUMsRUFBRSxhQUFhO2dCQUMzQixTQUFTLEVBQUUsQ0FBQztnQkFDWixXQUFXLEVBQUUsQ0FBQzthQUNmO1lBRUQsTUFBTSxFQUFFLElBQUksQ0FBQyxJQUFJLENBQUMsTUFBTSxJQUFJO2dCQUMxQixrQkFBa0IsRUFBRSxrQkFBUSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsU0FBUyxDQUFDLENBQUMsQ0FBQyxVQUFVO2dCQUMzRCxtQkFBbUIsRUFBRSxrQkFBUSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxDQUFDO2FBQzdDO1lBRUQsZ0JBQWdCLEVBQ2QsSUFBSSxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsSUFBSSxLQUFLLFdBQVc7Z0JBQ2hDLENBQUMsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLGdCQUFnQixJQUFJO29CQUM1QixJQUFJLEVBQUUsa0JBQVEsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLGVBQWUsQ0FBQyxDQUFDLENBQUMsVUFBVTtvQkFDbkQsdUJBQXVCLEVBQUUsa0JBQVEsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsR0FBRztpQkFDcEQ7Z0JBQ0gsQ0FBQyxDQUFDLFNBQVM7WUFDZixnQkFBZ0IsRUFBRSxJQUFJLENBQUMsSUFBSSxDQUFDLGdCQUFnQixJQUFJLGtCQUFRLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEdBQUc7WUFFMUUsT0FBTyxFQUFFO2dCQUNQLG1CQUFtQixFQUNqQixJQUFJLENBQUMsSUFBSSxDQUFDLE9BQU8sRUFBRSxtQkFBbUIsSUFBSSxJQUFJLENBQUMsSUFBSSxDQUFDLE9BQU8sRUFBRSxXQUFXLENBQUMsQ0FBQyxDQUFDLFVBQVUsQ0FBQyxDQUFDLENBQUMsU0FBUzthQUNwRztTQUNGLEVBQ0Q7WUFDRSxHQUFHLElBQUksQ0FBQyxJQUFJO1lBQ1osT0FBTyxFQUFFLElBQUksSUFBSSxJQUFJLENBQUMsSUFBSSxFQUFFLE9BQU87WUFDbkMsTUFBTSxFQUFFLElBQUk7U0FDYixDQUNGLENBQUM7UUFFRixJQUFJLENBQUMsVUFBVSxDQUFDO1lBQ2QsQ0FBQyxHQUFHLElBQUksQ0FBQyxJQUFJLE9BQU8sQ0FBQyxFQUFFLE1BQU0sQ0FBQyxXQUFXLENBQUEsR0FBRyxNQUFNLENBQUMsSUFBSSwyQkFBMkI7WUFDbEYsQ0FBQyxHQUFHLElBQUksQ0FBQyxJQUFJLE9BQU8sQ0FBQyxFQUFFLE1BQU07WUFDN0IsQ0FBQyxHQUFHLElBQUksQ0FBQyxJQUFJLFFBQVEsQ0FBQyxFQUFFLElBQUksQ0FBQyxJQUFJLENBQUMsa0JBQW1CO1lBQ3JELENBQUMsR0FBRyxJQUFJLENBQUMsSUFBSSxPQUFPLENBQUMsRUFBRSxRQUFRLENBQUMsS0FBSztZQUNyQyxDQUFDLEdBQUcsSUFBSSxDQUFDLElBQUksV0FBVyxDQUFDLEVBQUUsVUFBVTtTQUN0QyxDQUFDLENBQUM7UUFFSCxPQUFPLE1BQU0sQ0FBQztJQUNoQixDQUFDO0lBRU8sYUFBYSxDQUFDLE1BQW9CO1FBQ3hDLE1BQU0sRUFBRSxPQUFPLEVBQUUsT0FBTyxFQUFFLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQztRQUV2QyxJQUFJLE9BQU8sRUFBRSxPQUFPLEVBQUUsQ0FBQztZQUNyQixNQUFNLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxPQUFPLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxHQUFHLEVBQUUsRUFBRSxDQUMzQyxJQUFBLDBCQUFnQixFQUFDLEdBQUcsQ0FBQyxDQUFDLEdBQUcsQ0FDdkIsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FDUCxJQUFJLEtBQUssQ0FBQyxZQUFZLENBQ3BCLEdBQUcsSUFBSSxDQUFDLElBQUksYUFBYSxDQUFDLEVBQUUsRUFDNUI7Z0JBQ0UsR0FBRyxPQUFPO2dCQUNWLGlEQUFpRDtnQkFDakQsVUFBVSxFQUFFLE1BQU0sQ0FBQyxJQUFJO2dCQUN2QixjQUFjLEVBQUUsQ0FBQyxDQUFDLEtBQUs7Z0JBQ3ZCLFlBQVksRUFBRSxDQUFDLENBQUMsR0FBRzthQUNwQixFQUNELEVBQUUsU0FBUyxFQUFFLE1BQU0sRUFBRSxNQUFNLEVBQUUsSUFBSSxFQUFFLENBQ3BDLENBQ0osQ0FDRixDQUFDO1FBQ0osQ0FBQztRQUVELElBQUksT0FBTyxFQUFFLFdBQVcsRUFBRSxDQUFDO1lBQ3pCLElBQUksSUFBSSxDQUFDLGVBQWUsQ0FDdEIsSUFBSSxDQUFDLElBQUksRUFDVDtnQkFDRSxHQUFHLE9BQU8sQ0FBQyxXQUFXO2dCQUN0QixPQUFPO2dCQUNQLElBQUksRUFBRSxPQUFPO2dCQUNiLFlBQVksRUFBRSxNQUFNO2FBQ3JCLEVBQ0QsRUFBRSxTQUFTLEVBQUUsTUFBTSxFQUFFLE1BQU0sRUFBRSxJQUFJLEVBQUUsQ0FDcEMsQ0FBQztRQUNKLENBQUM7SUFDSCxDQUFDO0lBRU8sYUFBYSxDQUFDLE1BQW9CO1FBQ3hDLE1BQU0sRUFBRSxPQUFPLEVBQUUsVUFBVSxFQUFFLGtCQUFrQixFQUFFLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQztRQUM5RCxJQUFJLENBQUMsa0JBQWtCLElBQUksQ0FBQyxVQUFVO1lBQUUsT0FBTyxTQUFTLENBQUM7UUFFekQsT0FBTyxJQUFJLEtBQUssQ0FBQyxvQkFBb0IsQ0FDbkMsSUFBSSxDQUFDLElBQUksRUFDVDtZQUNFLEdBQUcsT0FBTztZQUNWLGlCQUFpQixFQUFFLEdBQUcsSUFBSSxDQUFDLElBQUksV0FBVztZQUMxQyxVQUFVLEVBQUUsTUFBTSxDQUFDLElBQUk7WUFFdkIsS0FBSyxFQUFFLE1BQU0sQ0FBQyxrQkFBa0IsQ0FBQyxLQUFLLENBQUMsQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFDLEtBQWUsQ0FBQztZQUNsRSxpQkFBaUIsRUFBRSxpQkFBaUI7WUFDcEMsR0FBRyxFQUFFLFVBQVUsQ0FBQyxXQUFXLENBQUMsUUFBUTtZQUNwQyxRQUFRLEVBQUUsa0JBQVEsQ0FBQyxRQUFRO1NBQzVCLEVBQ0QsRUFBRSxTQUFTLEVBQUUsTUFBTSxFQUFFLE1BQU0sRUFBRSxJQUFJLEVBQUUsQ0FDcEMsQ0FBQztJQUNKLENBQUM7SUFFTyxlQUFlLENBQUMsTUFBb0I7UUFDMUMsTUFBTSxFQUFFLE9BQU8sRUFBRSxTQUFTLEVBQUUsR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDO1FBQ3pDLElBQUksQ0FBQyxTQUFTO1lBQUUsT0FBTyxTQUFTLENBQUM7UUFFakMsT0FBTyxTQUFTLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUU7WUFDekIsTUFBTSxFQUFFLEdBQUcsSUFBSSxLQUFLLENBQUMsUUFBUSxDQUMzQixHQUFHLElBQUksQ0FBQyxJQUFJLElBQUksQ0FBQyxDQUFDLElBQUksRUFBRSxFQUN4QjtnQkFDRSxHQUFHLE9BQU87Z0JBQ1YsVUFBVSxFQUFFLE1BQU0sQ0FBQyxJQUFJO2dCQUN2QixZQUFZLEVBQUUsQ0FBQyxDQUFDLElBQUk7YUFDckIsRUFDRCxFQUFFLFNBQVMsRUFBRSxNQUFNLEVBQUUsTUFBTSxFQUFFLElBQUksRUFBRSxDQUNwQyxDQUFDO1lBRUYsZ0NBQWdDO1lBQ2hDLHVDQUF1QztZQUN2Qyx5REFBeUQ7WUFFekQsT0FBTyxFQUFFLENBQUM7UUFDWixDQUFDLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFTyxjQUFjO1FBQ3BCLE1BQU0sRUFBRSxrQkFBa0IsRUFBRSxPQUFPLEVBQUUsVUFBVSxFQUFFLFNBQVMsRUFBRSxHQUFHLElBQUksQ0FBQyxJQUFJLENBQUM7UUFDekUsSUFBSSxrQkFBa0I7WUFBRSxPQUFPLGtCQUFrQixDQUFDO1FBRWxELE9BQU8sSUFBSSwyQkFBb0IsQ0FDN0IsSUFBSSxDQUFDLElBQUksRUFDVCxFQUFFLE9BQU8sRUFBRSxTQUFTLEVBQUUsUUFBUSxFQUFFLFVBQVUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxVQUFVLENBQUMsUUFBUSxDQUFDLENBQUMsQ0FBQyxDQUFDLFNBQVMsRUFBRSxFQUNoRixFQUFFLFNBQVMsRUFBRSxJQUFJLENBQUMsSUFBSSxFQUFFLFNBQVMsRUFBRSxNQUFNLEVBQUUsSUFBSSxFQUFFLENBQ2xELENBQUM7SUFDSixDQUFDO0NBQ0Y7QUFoTUQsc0JBZ01DIn0=

package/database/Postgres.d.ts

@@ -0,0 +1,32 @@
+import * as postgresql from '@pulumi/azure-native/dbforpostgresql';
+import * as pulumi from '@pulumi/pulumi';
+import { BaseArgs, BaseResourceComponent } from '../base';
+import * as types from '../types';
+export interface PostgresArgs extends BaseArgs, types.WithEncryptionEnabler, types.WithResourceGroupInputs, types.WithGroupRolesArgs, types.WithUserAssignedIdentity, types.WithNetworkArgs, Pick<postgresql.ServerArgs, 'version' | 'storage' | 'administratorLogin' | 'maintenanceWindow' | 'backup' | 'highAvailability' | 'availabilityZone'> {
+    sku: {
+        /** The name of postgres: Standard_B2ms,  */
+        name: pulumi.Input<string>;
+        /**
+         * The tier of the particular SKU, e.g. Burstable.
+         */
+        tier: postgresql.SkuTier;
+    };
+    enableAzureADAdmin?: boolean;
+    databases?: Array<{
+        name: string;
+    }>;
+    lock?: boolean;
+}
+export declare class Postgres extends BaseResourceComponent<PostgresArgs> {
+    readonly id: pulumi.Output<string>;
+    readonly resourceName: pulumi.Output<string>;
+    constructor(name: string, args: PostgresArgs, opts?: pulumi.ComponentResourceOptions);
+    getOutputs(): {
+        id: pulumi.Output<string>;
+        resourceName: pulumi.Output<string>;
+    };
+    private createPostgres;
+    private createNetwork;
+    private createDatabases;
+    private getUAssignedId;
+}

package/database/Postgres.js

@@ -0,0 +1,171 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Postgres = void 0;
+const postgresql = __importStar(require("@pulumi/azure-native/dbforpostgresql"));
+const pulumi = __importStar(require("@pulumi/pulumi"));
+const azAd_1 = require("../azAd");
+const base_1 = require("../base");
+const helpers_1 = require("../helpers");
+const vnet = __importStar(require("../vnet"));
+const helpers_2 = require("./helpers");
+class Postgres extends base_1.BaseResourceComponent {
+    id;
+    resourceName;
+    constructor(name, args, opts) {
+        super('Postgres', name, args, opts);
+        const server = this.createPostgres();
+        this.createNetwork(server);
+        this.createDatabases(server);
+        if (args.lock)
+            this.lockFromDeleting(server);
+        this.id = server.id;
+        this.resourceName = server.name;
+        this.registerOutputs();
+    }
+    getOutputs() {
+        return {
+            id: this.id,
+            resourceName: this.resourceName,
+        };
+    }
+    createPostgres() {
+        const { rsGroup, enableEncryption, administratorLogin, lock } = this.args;
+        const adminLogin = administratorLogin ?? pulumi.interpolate `${this.name}-admin-${this.createRandomString().value}`;
+        const password = this.createPassword();
+        const encryptionKey = enableEncryption ? this.getEncryptionKey() : undefined;
+        const uAssignedId = this.getUAssignedId();
+        const server = new postgresql.Server(this.name, {
+            ...this.args,
+            ...rsGroup,
+            version: this.args.version ?? postgresql.ServerVersion.ServerVersion_16,
+            administratorLogin: adminLogin,
+            administratorLoginPassword: password.value,
+            storage: this.args.storage ?? { storageSizeGB: 32 },
+            identity: {
+                type: postgresql.IdentityType.UserAssigned,
+                userAssignedIdentities: pulumi.output(uAssignedId.id).apply((id) => ({ [id]: {} })),
+            },
+            dataEncryption: encryptionKey?.id
+                ? {
+                    type: postgresql.DataEncryptionType.AzureKeyVault,
+                    primaryUserAssignedIdentityId: uAssignedId.id,
+                    primaryKeyURI: encryptionKey.id,
+                }
+                : { type: 'SystemManaged' },
+            maintenanceWindow: this.args.maintenanceWindow ?? {
+                customWindow: 'Enabled',
+                dayOfWeek: 0, //0 is Sunday
+                startHour: 0,
+                startMinute: 0,
+            },
+            authConfig: {
+                activeDirectoryAuth: this.args.enableAzureADAdmin ? 'Enabled' : 'Disabled',
+                passwordAuth: 'Enabled',
+                tenantId: helpers_1.azureEnv.tenantId,
+            },
+            backup: this.args.backup ?? {
+                geoRedundantBackup: helpers_1.azureEnv.isPrd ? 'Enabled' : 'Disabled',
+                backupRetentionDays: helpers_1.azureEnv.isPrd ? 30 : 7,
+            },
+            highAvailability: this.args.sku?.tier !== 'Burstable'
+                ? this.args.highAvailability ?? {
+                    mode: helpers_1.azureEnv.isPrd ? 'ZoneRedundant' : 'SameZone',
+                    standbyAvailabilityZone: helpers_1.azureEnv.isPrd ? '3' : '1',
+                }
+                : undefined,
+            availabilityZone: this.args.availabilityZone ?? helpers_1.azureEnv.isPrd ? '3' : '1',
+            network: {
+                publicNetworkAccess: this.args.network?.publicNetworkAccess ?? this.args.network?.privateLink ? 'Disabled' : 'Enabled',
+            },
+        }, {
+            ...this.opts,
+            protect: lock ?? this.opts?.protect,
+            parent: this,
+        });
+        this.addSecrets({
+            [`${this.name}-host`]: pulumi.interpolate `${server.name}.postgres.database.azure.com`,
+            [`${this.name}-port`]: '5432',
+            [`${this.name}-login`]: this.args.administratorLogin,
+            [`${this.name}-pass`]: password.value,
+            [`${this.name}-username`]: adminLogin,
+        });
+        return server;
+    }
+    createNetwork(server) {
+        const { rsGroup, network } = this.args;
+        if (network?.ipRules) {
+            pulumi.output(network.ipRules).apply((ips) => (0, helpers_2.convertToIpRange)(ips).map((f, i) => new postgresql.FirewallRule(`${this.name}-firewall-${i}`, {
+                ...rsGroup,
+                //firewallRuleName: `${this.name}-firewall-${i}`,
+                serverName: server.name,
+                startIpAddress: f.start,
+                endIpAddress: f.end,
+            }, { dependsOn: server, parent: this })));
+        }
+        if (network?.privateLink) {
+            new vnet.PrivateEndpoint(this.name, {
+                ...network.privateLink,
+                rsGroup,
+                type: 'postgres',
+                resourceInfo: server,
+            }, { dependsOn: server, parent: this });
+        }
+    }
+    createDatabases(server) {
+        const { rsGroup, databases } = this.args;
+        if (!databases)
+            return undefined;
+        return databases.map((d) => {
+            const db = new postgresql.Database(`${this.name}-${d.name}`, {
+                ...rsGroup,
+                serverName: server.name,
+                databaseName: d.name,
+            }, { dependsOn: server, parent: this });
+            //add connection string to vault
+            //   const conn = pulumi.interpolate``;
+            //   this.addSecret(`${this.name}-${d.name}-conn`, conn);
+            return db;
+        });
+    }
+    getUAssignedId() {
+        const { defaultUAssignedId, rsGroup, groupRoles, vaultInfo } = this.args;
+        if (defaultUAssignedId)
+            return defaultUAssignedId;
+        return new azAd_1.UserAssignedIdentity(this.name, { rsGroup, vaultInfo, memberof: groupRoles ? [groupRoles.readOnly] : undefined }, { dependsOn: this.opts?.dependsOn, parent: this });
+    }
+}
+exports.Postgres = Postgres;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiUG9zdGdyZXMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvZGF0YWJhc2UvUG9zdGdyZXMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsaUZBQW1FO0FBQ25FLHVEQUF5QztBQUN6QyxrQ0FBK0M7QUFDL0Msa0NBQTBEO0FBQzFELHdDQUFzQztBQUV0Qyw4Q0FBZ0M7QUFDaEMsdUNBQTZDO0FBZ0M3QyxNQUFhLFFBQVMsU0FBUSw0QkFBbUM7SUFDL0MsRUFBRSxDQUF3QjtJQUMxQixZQUFZLENBQXdCO0lBRXBELFlBQVksSUFBWSxFQUFFLElBQWtCLEVBQUUsSUFBc0M7UUFDbEYsS0FBSyxDQUFDLFVBQVUsRUFBRSxJQUFJLEVBQUUsSUFBSSxFQUFFLElBQUksQ0FBQyxDQUFDO1FBRXBDLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxjQUFjLEVBQUUsQ0FBQztRQUNyQyxJQUFJLENBQUMsYUFBYSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQzNCLElBQUksQ0FBQyxlQUFlLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDN0IsSUFBSSxJQUFJLENBQUMsSUFBSTtZQUFFLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUU3QyxJQUFJLENBQUMsRUFBRSxHQUFHLE1BQU0sQ0FBQyxFQUFFLENBQUM7UUFDcEIsSUFBSSxDQUFDLFlBQVksR0FBRyxNQUFNLENBQUMsSUFBSSxDQUFDO1FBRWhDLElBQUksQ0FBQyxlQUFlLEVBQUUsQ0FBQztJQUN6QixDQUFDO0lBRU0sVUFBVTtRQUNmLE9BQU87WUFDTCxFQUFFLEVBQUUsSUFBSSxDQUFDLEVBQUU7WUFDWCxZQUFZLEVBQUUsSUFBSSxDQUFDLFlBQVk7U0FDaEMsQ0FBQztJQUNKLENBQUM7SUFDTyxjQUFjO1FBQ3BCLE1BQU0sRUFBRSxPQUFPLEVBQUUsZ0JBQWdCLEVBQUUsa0JBQWtCLEVBQUUsSUFBSSxFQUFFLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQztRQUUxRSxNQUFNLFVBQVUsR0FBRyxrQkFBa0IsSUFBSSxNQUFNLENBQUMsV0FBVyxDQUFBLEdBQUcsSUFBSSxDQUFDLElBQUksVUFBVSxJQUFJLENBQUMsa0JBQWtCLEVBQUUsQ0FBQyxLQUFLLEVBQUUsQ0FBQztRQUNuSCxNQUFNLFFBQVEsR0FBRyxJQUFJLENBQUMsY0FBYyxFQUFFLENBQUM7UUFDdkMsTUFBTSxhQUFhLEdBQUcsZ0JBQWdCLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxnQkFBZ0IsRUFBRSxDQUFDLENBQUMsQ0FBQyxTQUFTLENBQUM7UUFDN0UsTUFBTSxXQUFXLEdBQUcsSUFBSSxDQUFDLGNBQWMsRUFBRSxDQUFDO1FBRTFDLE1BQU0sTUFBTSxHQUFHLElBQUksVUFBVSxDQUFDLE1BQU0sQ0FDbEMsSUFBSSxDQUFDLElBQUksRUFDVDtZQUNFLEdBQUcsSUFBSSxDQUFDLElBQUk7WUFDWixHQUFHLE9BQU87WUFFVixPQUFPLEVBQUUsSUFBSSxDQUFDLElBQUksQ0FBQyxPQUFPLElBQUksVUFBVSxDQUFDLGFBQWEsQ0FBQyxnQkFBZ0I7WUFDdkUsa0JBQWtCLEVBQUUsVUFBVTtZQUM5QiwwQkFBMEIsRUFBRSxRQUFRLENBQUMsS0FBSztZQUMxQyxPQUFPLEVBQUUsSUFBSSxDQUFDLElBQUksQ0FBQyxPQUFPLElBQUksRUFBRSxhQUFhLEVBQUUsRUFBRSxFQUFFO1lBQ25ELFFBQVEsRUFBRTtnQkFDUixJQUFJLEVBQUUsVUFBVSxDQUFDLFlBQVksQ0FBQyxZQUFZO2dCQUMxQyxzQkFBc0IsRUFBRSxNQUFNLENBQUMsTUFBTSxDQUFDLFdBQVcsQ0FBQyxFQUFFLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxFQUFFLEVBQUUsRUFBRSxDQUFDLENBQUMsRUFBRSxDQUFDLEVBQUUsQ0FBQyxFQUFFLEVBQUUsRUFBRSxDQUFDLENBQUM7YUFDcEY7WUFFRCxjQUFjLEVBQUUsYUFBYSxFQUFFLEVBQUU7Z0JBQy9CLENBQUMsQ0FBQztvQkFDRSxJQUFJLEVBQUUsVUFBVSxDQUFDLGtCQUFrQixDQUFDLGFBQWE7b0JBQ2pELDZCQUE2QixFQUFFLFdBQVcsQ0FBQyxFQUFFO29CQUM3QyxhQUFhLEVBQUUsYUFBYSxDQUFDLEVBQUU7aUJBQ2hDO2dCQUNILENBQUMsQ0FBQyxFQUFFLElBQUksRUFBRSxlQUFlLEVBQUU7WUFFN0IsaUJBQWlCLEVBQUUsSUFBSSxDQUFDLElBQUksQ0FBQyxpQkFBaUIsSUFBSTtnQkFDaEQsWUFBWSxFQUFFLFNBQVM7Z0JBQ3ZCLFNBQVMsRUFBRSxDQUFDLEVBQUUsYUFBYTtnQkFDM0IsU0FBUyxFQUFFLENBQUM7Z0JBQ1osV0FBVyxFQUFFLENBQUM7YUFDZjtZQUVELFVBQVUsRUFBRTtnQkFDVixtQkFBbUIsRUFBRSxJQUFJLENBQUMsSUFBSSxDQUFDLGtCQUFrQixDQUFDLENBQUMsQ0FBQyxTQUFTLENBQUMsQ0FBQyxDQUFDLFVBQVU7Z0JBQzFFLFlBQVksRUFBRSxTQUFTO2dCQUN2QixRQUFRLEVBQUUsa0JBQVEsQ0FBQyxRQUFRO2FBQzVCO1lBRUQsTUFBTSxFQUFFLElBQUksQ0FBQyxJQUFJLENBQUMsTUFBTSxJQUFJO2dCQUMxQixrQkFBa0IsRUFBRSxrQkFBUSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsU0FBUyxDQUFDLENBQUMsQ0FBQyxVQUFVO2dCQUMzRCxtQkFBbUIsRUFBRSxrQkFBUSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxDQUFDO2FBQzdDO1lBRUQsZ0JBQWdCLEVBQ2QsSUFBSSxDQUFDLElBQUksQ0FBQyxHQUFHLEVBQUUsSUFBSSxLQUFLLFdBQVc7Z0JBQ2pDLENBQUMsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLGdCQUFnQixJQUFJO29CQUM1QixJQUFJLEVBQUUsa0JBQVEsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLGVBQWUsQ0FBQyxDQUFDLENBQUMsVUFBVTtvQkFDbkQsdUJBQXVCLEVBQUUsa0JBQVEsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsR0FBRztpQkFDcEQ7Z0JBQ0gsQ0FBQyxDQUFDLFNBQVM7WUFFZixnQkFBZ0IsRUFBRSxJQUFJLENBQUMsSUFBSSxDQUFDLGdCQUFnQixJQUFJLGtCQUFRLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEdBQUc7WUFFMUUsT0FBTyxFQUFFO2dCQUNQLG1CQUFtQixFQUNqQixJQUFJLENBQUMsSUFBSSxDQUFDLE9BQU8sRUFBRSxtQkFBbUIsSUFBSSxJQUFJLENBQUMsSUFBSSxDQUFDLE9BQU8sRUFBRSxXQUFXLENBQUMsQ0FBQyxDQUFDLFVBQVUsQ0FBQyxDQUFDLENBQUMsU0FBUzthQUNwRztTQUNGLEVBQ0Q7WUFDRSxHQUFHLElBQUksQ0FBQyxJQUFJO1lBQ1osT0FBTyxFQUFFLElBQUksSUFBSSxJQUFJLENBQUMsSUFBSSxFQUFFLE9BQU87WUFDbkMsTUFBTSxFQUFFLElBQUk7U0FDYixDQUNGLENBQUM7UUFFRixJQUFJLENBQUMsVUFBVSxDQUFDO1lBQ2QsQ0FBQyxHQUFHLElBQUksQ0FBQyxJQUFJLE9BQU8sQ0FBQyxFQUFFLE1BQU0sQ0FBQyxXQUFXLENBQUEsR0FBRyxNQUFNLENBQUMsSUFBSSw4QkFBOEI7WUFDckYsQ0FBQyxHQUFHLElBQUksQ0FBQyxJQUFJLE9BQU8sQ0FBQyxFQUFFLE1BQU07WUFDN0IsQ0FBQyxHQUFHLElBQUksQ0FBQyxJQUFJLFFBQVEsQ0FBQyxFQUFFLElBQUksQ0FBQyxJQUFJLENBQUMsa0JBQW1CO1lBQ3JELENBQUMsR0FBRyxJQUFJLENBQUMsSUFBSSxPQUFPLENBQUMsRUFBRSxRQUFRLENBQUMsS0FBSztZQUNyQyxDQUFDLEdBQUcsSUFBSSxDQUFDLElBQUksV0FBVyxDQUFDLEVBQUUsVUFBVTtTQUN0QyxDQUFDLENBQUM7UUFFSCxPQUFPLE1BQU0sQ0FBQztJQUNoQixDQUFDO0lBRU8sYUFBYSxDQUFDLE1BQXlCO1FBQzdDLE1BQU0sRUFBRSxPQUFPLEVBQUUsT0FBTyxFQUFFLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQztRQUV2QyxJQUFJLE9BQU8sRUFBRSxPQUFPLEVBQUUsQ0FBQztZQUNyQixNQUFNLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxPQUFPLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxHQUFHLEVBQUUsRUFBRSxDQUMzQyxJQUFBLDBCQUFnQixFQUFDLEdBQUcsQ0FBQyxDQUFDLEdBQUcsQ0FDdkIsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FDUCxJQUFJLFVBQVUsQ0FBQyxZQUFZLENBQ3pCLEdBQUcsSUFBSSxDQUFDLElBQUksYUFBYSxDQUFDLEVBQUUsRUFDNUI7Z0JBQ0UsR0FBRyxPQUFPO2dCQUNWLGlEQUFpRDtnQkFDakQsVUFBVSxFQUFFLE1BQU0sQ0FBQyxJQUFJO2dCQUN2QixjQUFjLEVBQUUsQ0FBQyxDQUFDLEtBQUs7Z0JBQ3ZCLFlBQVksRUFBRSxDQUFDLENBQUMsR0FBRzthQUNwQixFQUNELEVBQUUsU0FBUyxFQUFFLE1BQU0sRUFBRSxNQUFNLEVBQUUsSUFBSSxFQUFFLENBQ3BDLENBQ0osQ0FDRixDQUFDO1FBQ0osQ0FBQztRQUVELElBQUksT0FBTyxFQUFFLFdBQVcsRUFBRSxDQUFDO1lBQ3pCLElBQUksSUFBSSxDQUFDLGVBQWUsQ0FDdEIsSUFBSSxDQUFDLElBQUksRUFDVDtnQkFDRSxHQUFHLE9BQU8sQ0FBQyxXQUFXO2dCQUN0QixPQUFPO2dCQUNQLElBQUksRUFBRSxVQUFVO2dCQUNoQixZQUFZLEVBQUUsTUFBTTthQUNyQixFQUNELEVBQUUsU0FBUyxFQUFFLE1BQU0sRUFBRSxNQUFNLEVBQUUsSUFBSSxFQUFFLENBQ3BDLENBQUM7UUFDSixDQUFDO0lBQ0gsQ0FBQztJQUVPLGVBQWUsQ0FBQyxNQUF5QjtRQUMvQyxNQUFNLEVBQUUsT0FBTyxFQUFFLFNBQVMsRUFBRSxHQUFHLElBQUksQ0FBQyxJQUFJLENBQUM7UUFDekMsSUFBSSxDQUFDLFNBQVM7WUFBRSxPQUFPLFNBQVMsQ0FBQztRQUVqQyxPQUFPLFNBQVMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRTtZQUN6QixNQUFNLEVBQUUsR0FBRyxJQUFJLFVBQVUsQ0FBQyxRQUFRLENBQ2hDLEdBQUcsSUFBSSxDQUFDLElBQUksSUFBSSxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQ3hCO2dCQUNFLEdBQUcsT0FBTztnQkFDVixVQUFVLEVBQUUsTUFBTSxDQUFDLElBQUk7Z0JBQ3ZCLFlBQVksRUFBRSxDQUFDLENBQUMsSUFBSTthQUNyQixFQUNELEVBQUUsU0FBUyxFQUFFLE1BQU0sRUFBRSxNQUFNLEVBQUUsSUFBSSxFQUFFLENBQ3BDLENBQUM7WUFFRixnQ0FBZ0M7WUFDaEMsdUNBQXVDO1lBQ3ZDLHlEQUF5RDtZQUV6RCxPQUFPLEVBQUUsQ0FBQztRQUNaLENBQUMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVPLGNBQWM7UUFDcEIsTUFBTSxFQUFFLGtCQUFrQixFQUFFLE9BQU8sRUFBRSxVQUFVLEVBQUUsU0FBUyxFQUFFLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQztRQUN6RSxJQUFJLGtCQUFrQjtZQUFFLE9BQU8sa0JBQWtCLENBQUM7UUFFbEQsT0FBTyxJQUFJLDJCQUFvQixDQUM3QixJQUFJLENBQUMsSUFBSSxFQUNULEVBQUUsT0FBTyxFQUFFLFNBQVMsRUFBRSxRQUFRLEVBQUUsVUFBVSxDQUFDLENBQUMsQ0FBQyxDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMsQ0FBQyxDQUFDLENBQUMsU0FBUyxFQUFFLEVBQ2hGLEVBQUUsU0FBUyxFQUFFLElBQUksQ0FBQyxJQUFJLEVBQUUsU0FBUyxFQUFFLE1BQU0sRUFBRSxJQUFJLEVBQUUsQ0FDbEQsQ0FBQztJQUNKLENBQUM7Q0FDRjtBQS9LRCw0QkErS0MifQ==

package/database/Redis.d.ts

@@ -0,0 +1,26 @@
+import * as redis from '@pulumi/azure-native/redis';
+import * as pulumi from '@pulumi/pulumi';
+import { BaseArgs, BaseResourceComponent } from '../base';
+import * as types from '../types';
+import { PrivateEndpointType } from '../vnet';
+export interface RedisArgs extends BaseArgs, types.WithResourceGroupInputs, Pick<redis.RedisArgs, 'sku' | 'zones' | 'disableAccessKeyAuthentication' | 'redisVersion' | 'replicasPerMaster' | 'replicasPerPrimary' | 'tenantSettings' | 'redisConfiguration' | 'identity'> {
+    network?: {
+        subnetId: pulumi.Input<string>;
+        staticIP?: pulumi.Input<string>;
+        privateLink?: PrivateEndpointType;
+        ipRules?: pulumi.Input<pulumi.Input<string>[]>;
+    };
+    lock?: boolean;
+}
+export declare class Redis extends BaseResourceComponent<RedisArgs> {
+    readonly id: pulumi.Output<string>;
+    readonly resourceName: pulumi.Output<string>;
+    constructor(name: string, args: RedisArgs, opts?: pulumi.ComponentResourceOptions);
+    getOutputs(): {
+        id: pulumi.Output<string>;
+        resourceName: pulumi.Output<string>;
+    };
+    private createRedis;
+    private createNetwork;
+    private addSecretsToVault;
+}

package/database/Redis.js

@@ -0,0 +1,125 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Redis = void 0;
+const redis = __importStar(require("@pulumi/azure-native/redis"));
+const pulumi = __importStar(require("@pulumi/pulumi"));
+const base_1 = require("../base");
+const vault = __importStar(require("../vault"));
+const vnet = __importStar(require("../vnet"));
+const helpers_1 = require("./helpers");
+class Redis extends base_1.BaseResourceComponent {
+    id;
+    resourceName;
+    constructor(name, args, opts) {
+        super('Redis', name, args, opts);
+        const server = this.createRedis();
+        this.createNetwork(server);
+        this.addSecretsToVault(server);
+        if (args.lock)
+            this.lockFromDeleting(server);
+        this.id = server.id;
+        this.resourceName = server.name;
+        this.registerOutputs();
+    }
+    getOutputs() {
+        return {
+            id: this.id,
+            resourceName: this.resourceName,
+        };
+    }
+    createRedis() {
+        const { rsGroup, network, lock, ...props } = this.args;
+        const server = new redis.Redis(this.name, {
+            ...props,
+            ...rsGroup,
+            minimumTlsVersion: '1.2',
+            enableNonSslPort: false,
+            redisVersion: props.redisVersion ?? '6.0',
+            subnetId: network?.subnetId,
+            staticIP: network?.staticIP,
+            publicNetworkAccess: network?.privateLink ? 'Disabled' : 'Enabled',
+            updateChannel: 'Stable',
+        }, { ...this.opts, protect: lock ?? this.opts?.protect, parent: this });
+        return server;
+    }
+    createNetwork(server) {
+        const { rsGroup, network } = this.args;
+        if (network?.ipRules) {
+            pulumi.output(network.ipRules).apply((ips) => (0, helpers_1.convertToIpRange)(ips).map((f, i) => new redis.FirewallRule(`${this.name}-firewall-${i}`, {
+                ...rsGroup,
+                //ruleName: `${this.name}-firewall-${i}`,
+                cacheName: server.name,
+                startIP: f.start,
+                endIP: f.end,
+            }, { dependsOn: server, parent: this })));
+        }
+        if (network?.privateLink) {
+            new vnet.PrivateEndpoint(this.name, {
+                ...network.privateLink,
+                rsGroup,
+                type: 'redis',
+                resourceInfo: server,
+            }, { dependsOn: server, parent: this });
+        }
+    }
+    addSecretsToVault(server) {
+        const { rsGroup, vaultInfo } = this.args;
+        if (!vaultInfo)
+            return;
+        return server.hostName.apply(async (h) => {
+            if (!h)
+                return;
+            const keys = await redis.listRedisKeysOutput({
+                name: server.name,
+                resourceGroupName: rsGroup.resourceGroupName,
+            });
+            return new vault.VaultSecrets(this.name, {
+                vaultInfo,
+                secrets: {
+                    [`${this.name}-host`]: { value: h, contentType: `Redis host` },
+                    [`${this.name}-pass`]: { value: keys.primaryKey, contentType: `Redis pass` },
+                    [`${this.name}-port`]: { value: '6380', contentType: `Redis port` },
+                    [`${this.name}-conn`]: {
+                        value: pulumi.interpolate `${h}:6380,password=${keys.primaryKey},ssl=True,abortConnect=False`,
+                        contentType: `Redis conn`,
+                    },
+                },
+            }, { dependsOn: server, parent: this });
+        });
+    }
+}
+exports.Redis = Redis;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiUmVkaXMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvZGF0YWJhc2UvUmVkaXMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsa0VBQW9EO0FBQ3BELHVEQUF5QztBQUN6QyxrQ0FBMEQ7QUFFMUQsZ0RBQWtDO0FBQ2xDLDhDQUFnQztBQUVoQyx1Q0FBNkM7QUEwQjdDLE1BQWEsS0FBTSxTQUFRLDRCQUFnQztJQUN6QyxFQUFFLENBQXdCO0lBQzFCLFlBQVksQ0FBd0I7SUFFcEQsWUFBWSxJQUFZLEVBQUUsSUFBZSxFQUFFLElBQXNDO1FBQy9FLEtBQUssQ0FBQyxPQUFPLEVBQUUsSUFBSSxFQUFFLElBQUksRUFBRSxJQUFJLENBQUMsQ0FBQztRQUVqQyxNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsV0FBVyxFQUFFLENBQUM7UUFDbEMsSUFBSSxDQUFDLGFBQWEsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUMzQixJQUFJLENBQUMsaUJBQWlCLENBQUMsTUFBTSxDQUFDLENBQUM7UUFFL0IsSUFBSSxJQUFJLENBQUMsSUFBSTtZQUFFLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUU3QyxJQUFJLENBQUMsRUFBRSxHQUFHLE1BQU0sQ0FBQyxFQUFFLENBQUM7UUFDcEIsSUFBSSxDQUFDLFlBQVksR0FBRyxNQUFNLENBQUMsSUFBSSxDQUFDO1FBRWhDLElBQUksQ0FBQyxlQUFlLEVBQUUsQ0FBQztJQUN6QixDQUFDO0lBRU0sVUFBVTtRQUNmLE9BQU87WUFDTCxFQUFFLEVBQUUsSUFBSSxDQUFDLEVBQUU7WUFDWCxZQUFZLEVBQUUsSUFBSSxDQUFDLFlBQVk7U0FDaEMsQ0FBQztJQUNKLENBQUM7SUFDTyxXQUFXO1FBQ2pCLE1BQU0sRUFBRSxPQUFPLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRSxHQUFHLEtBQUssRUFBRSxHQUFHLElBQUksQ0FBQyxJQUFJLENBQUM7UUFFdkQsTUFBTSxNQUFNLEdBQUcsSUFBSSxLQUFLLENBQUMsS0FBSyxDQUM1QixJQUFJLENBQUMsSUFBSSxFQUNUO1lBQ0UsR0FBRyxLQUFLO1lBQ1IsR0FBRyxPQUFPO1lBRVYsaUJBQWlCLEVBQUUsS0FBSztZQUN4QixnQkFBZ0IsRUFBRSxLQUFLO1lBQ3ZCLFlBQVksRUFBRSxLQUFLLENBQUMsWUFBWSxJQUFJLEtBQUs7WUFDekMsUUFBUSxFQUFFLE9BQU8sRUFBRSxRQUFRO1lBQzNCLFFBQVEsRUFBRSxPQUFPLEVBQUUsUUFBUTtZQUMzQixtQkFBbUIsRUFBRSxPQUFPLEVBQUUsV0FBVyxDQUFDLENBQUMsQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDLFNBQVM7WUFDbEUsYUFBYSxFQUFFLFFBQVE7U0FDeEIsRUFDRCxFQUFFLEdBQUcsSUFBSSxDQUFDLElBQUksRUFBRSxPQUFPLEVBQUUsSUFBSSxJQUFJLElBQUksQ0FBQyxJQUFJLEVBQUUsT0FBTyxFQUFFLE1BQU0sRUFBRSxJQUFJLEVBQUUsQ0FDcEUsQ0FBQztRQUVGLE9BQU8sTUFBTSxDQUFDO0lBQ2hCLENBQUM7SUFFTyxhQUFhLENBQUMsTUFBbUI7UUFDdkMsTUFBTSxFQUFFLE9BQU8sRUFBRSxPQUFPLEVBQUUsR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDO1FBRXZDLElBQUksT0FBTyxFQUFFLE9BQU8sRUFBRSxDQUFDO1lBQ3JCLE1BQU0sQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDLE9BQU8sQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDLEdBQUcsRUFBRSxFQUFFLENBQzNDLElBQUEsMEJBQWdCLEVBQUMsR0FBRyxDQUFDLENBQUMsR0FBRyxDQUN2QixDQUFDLENBQUMsRUFBRSxDQUFDLEVBQUUsRUFBRSxDQUNQLElBQUksS0FBSyxDQUFDLFlBQVksQ0FDcEIsR0FBRyxJQUFJLENBQUMsSUFBSSxhQUFhLENBQUMsRUFBRSxFQUM1QjtnQkFDRSxHQUFHLE9BQU87Z0JBQ1YseUNBQXlDO2dCQUN6QyxTQUFTLEVBQUUsTUFBTSxDQUFDLElBQUk7Z0JBQ3RCLE9BQU8sRUFBRSxDQUFDLENBQUMsS0FBSztnQkFDaEIsS0FBSyxFQUFFLENBQUMsQ0FBQyxHQUFHO2FBQ2IsRUFDRCxFQUFFLFNBQVMsRUFBRSxNQUFNLEVBQUUsTUFBTSxFQUFFLElBQUksRUFBRSxDQUNwQyxDQUNKLENBQ0YsQ0FBQztRQUNKLENBQUM7UUFFRCxJQUFJLE9BQU8sRUFBRSxXQUFXLEVBQUUsQ0FBQztZQUN6QixJQUFJLElBQUksQ0FBQyxlQUFlLENBQ3RCLElBQUksQ0FBQyxJQUFJLEVBQ1Q7Z0JBQ0UsR0FBRyxPQUFPLENBQUMsV0FBVztnQkFDdEIsT0FBTztnQkFDUCxJQUFJLEVBQUUsT0FBTztnQkFDYixZQUFZLEVBQUUsTUFBTTthQUNyQixFQUNELEVBQUUsU0FBUyxFQUFFLE1BQU0sRUFBRSxNQUFNLEVBQUUsSUFBSSxFQUFFLENBQ3BDLENBQUM7UUFDSixDQUFDO0lBQ0gsQ0FBQztJQUVPLGlCQUFpQixDQUFDLE1BQW1CO1FBQzNDLE1BQU0sRUFBRSxPQUFPLEVBQUUsU0FBUyxFQUFFLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQztRQUN6QyxJQUFJLENBQUMsU0FBUztZQUFFLE9BQU87UUFFdkIsT0FBTyxNQUFNLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxLQUFLLEVBQUUsQ0FBQyxFQUFFLEVBQUU7WUFDdkMsSUFBSSxDQUFDLENBQUM7Z0JBQUUsT0FBTztZQUVmLE1BQU0sSUFBSSxHQUFHLE1BQU0sS0FBSyxDQUFDLG1CQUFtQixDQUFDO2dCQUMzQyxJQUFJLEVBQUUsTUFBTSxDQUFDLElBQUk7Z0JBQ2pCLGlCQUFpQixFQUFFLE9BQU8sQ0FBQyxpQkFBaUI7YUFDN0MsQ0FBQyxDQUFDO1lBRUgsT0FBTyxJQUFJLEtBQUssQ0FBQyxZQUFZLENBQzNCLElBQUksQ0FBQyxJQUFJLEVBQ1Q7Z0JBQ0UsU0FBUztnQkFDVCxPQUFPLEVBQUU7b0JBQ1AsQ0FBQyxHQUFHLElBQUksQ0FBQyxJQUFJLE9BQU8sQ0FBQyxFQUFFLEVBQUUsS0FBSyxFQUFFLENBQUMsRUFBRSxXQUFXLEVBQUUsWUFBWSxFQUFFO29CQUM5RCxDQUFDLEdBQUcsSUFBSSxDQUFDLElBQUksT0FBTyxDQUFDLEVBQUUsRUFBRSxLQUFLLEVBQUUsSUFBSSxDQUFDLFVBQVUsRUFBRSxXQUFXLEVBQUUsWUFBWSxFQUFFO29CQUM1RSxDQUFDLEdBQUcsSUFBSSxDQUFDLElBQUksT0FBTyxDQUFDLEVBQUUsRUFBRSxLQUFLLEVBQUUsTUFBTSxFQUFFLFdBQVcsRUFBRSxZQUFZLEVBQUU7b0JBQ25FLENBQUMsR0FBRyxJQUFJLENBQUMsSUFBSSxPQUFPLENBQUMsRUFBRTt3QkFDckIsS0FBSyxFQUFFLE1BQU0sQ0FBQyxXQUFXLENBQUEsR0FBRyxDQUFDLGtCQUFrQixJQUFJLENBQUMsVUFBVSw4QkFBOEI7d0JBQzVGLFdBQVcsRUFBRSxZQUFZO3FCQUMxQjtpQkFDRjthQUNGLEVBQ0QsRUFBRSxTQUFTLEVBQUUsTUFBTSxFQUFFLE1BQU0sRUFBRSxJQUFJLEVBQUUsQ0FDcEMsQ0FBQztRQUNKLENBQUMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztDQUNGO0FBbEhELHNCQWtIQyJ9

package/database/helpers.d.ts

@@ -0,0 +1,7 @@
+import * as netmask from 'netmask';
+export declare function getIpsRange(prefix: string): netmask.Netmask;
+/** Convert IP address and IP address group into range */
+export declare function convertToIpRange(ipAddress: string[]): Array<{
+    start: string;
+    end: string;
+}>;

package/database/helpers.js

@@ -0,0 +1,52 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getIpsRange = getIpsRange;
+exports.convertToIpRange = convertToIpRange;
+const netmask = __importStar(require("netmask"));
+function getIpsRange(prefix) {
+    return new netmask.Netmask(prefix);
+}
+/** Convert IP address and IP address group into range */
+function convertToIpRange(ipAddress) {
+    return ipAddress.map((ip) => {
+        if (ip.includes('/')) {
+            const range = getIpsRange(ip);
+            return { start: range.base, end: range.broadcast };
+        }
+        return { start: ip, end: ip };
+    });
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaGVscGVycy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9kYXRhYmFzZS9oZWxwZXJzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0FBRUEsa0NBRUM7QUFHRCw0Q0FRQztBQWZELGlEQUFtQztBQUVuQyxTQUFnQixXQUFXLENBQUMsTUFBYztJQUN4QyxPQUFPLElBQUksT0FBTyxDQUFDLE9BQU8sQ0FBQyxNQUFNLENBQUMsQ0FBQztBQUNyQyxDQUFDO0FBRUQseURBQXlEO0FBQ3pELFNBQWdCLGdCQUFnQixDQUFDLFNBQW1CO0lBQ2xELE9BQU8sU0FBUyxDQUFDLEdBQUcsQ0FBQyxDQUFDLEVBQUUsRUFBRSxFQUFFO1FBQzFCLElBQUksRUFBRSxDQUFDLFFBQVEsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQ3JCLE1BQU0sS0FBSyxHQUFHLFdBQVcsQ0FBQyxFQUFFLENBQUMsQ0FBQztZQUM5QixPQUFPLEVBQUUsS0FBSyxFQUFFLEtBQUssQ0FBQyxJQUFJLEVBQUUsR0FBRyxFQUFFLEtBQUssQ0FBQyxTQUFTLEVBQUUsQ0FBQztRQUNyRCxDQUFDO1FBQ0QsT0FBTyxFQUFFLEtBQUssRUFBRSxFQUFFLEVBQUUsR0FBRyxFQUFFLEVBQUUsRUFBRSxDQUFDO0lBQ2hDLENBQUMsQ0FBQyxDQUFDO0FBQ0wsQ0FBQyJ9

package/database/index.d.ts

@@ -0,0 +1,5 @@
+export * from './AzSql';
+export * as dbHelpers from './helpers';
+export * from './MySql';
+export * from './Postgres';
+export * from './Redis';