@drunk-pulumi/azure-components 0.0.6

package/azAd/helpers/rsRoleDefinition.d.ts

@@ -0,0 +1,62 @@
+import * as types from '../../types';
+export type RsRoleDefinitionType = Record<types.GroupRoleTypes, string[]>;
+declare const rsRoles: {
+    rsGroup: {
+        admin: string[];
+        contributor: string[];
+        readOnly: string[];
+    };
+    aks: {
+        readOnly: string[];
+        contributor: string[];
+        admin: string[];
+    };
+    iotHub: {
+        readOnly: string[];
+        contributor: string[];
+        admin: string[];
+    };
+    keyVault: {
+        readOnly: string[];
+        contributor: string[];
+        admin: string[];
+    };
+    storage: {
+        readOnly: string[];
+        contributor: string[];
+        admin: string[];
+    };
+    containerRegistry: {
+        readOnly: string[];
+        contributor: string[];
+        admin: string[];
+    };
+    appConfig: {
+        readOnly: string[];
+        contributor: string[];
+        admin: never[];
+    };
+    serviceBus: {
+        readOnly: string[];
+        contributor: string[];
+        admin: string[];
+    };
+    signalR: {
+        readOnly: string[];
+        contributor: string[];
+        admin: string[];
+    };
+    redis: {
+        readOnly: never[];
+        contributor: string[];
+        admin: never[];
+    };
+};
+export type RsRoleDefinitionObject = {
+    [K in keyof typeof rsRoles]: RsRoleDefinitionType & {
+        getReadOnly: () => RsRoleDefinitionType;
+        getContributor: () => RsRoleDefinitionType;
+    };
+};
+export declare const rsRoleDefinitions: RsRoleDefinitionObject;
+export {};

package/azAd/helpers/rsRoleDefinition.js

@@ -0,0 +1,120 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.rsRoleDefinitions = void 0;
+const rsRoles = {
+    rsGroup: {
+        admin: ['Owner'],
+        contributor: ['Contributor'],
+        readOnly: ['Reader'],
+    },
+    aks: {
+        readOnly: ['Azure Kubernetes Service RBAC Reader', 'Azure Kubernetes Service Cluster User Role'],
+        contributor: ['Azure Kubernetes Service RBAC Writer', 'Azure Kubernetes Service Cluster User Role'],
+        admin: ['Azure Kubernetes Service RBAC Cluster Admin'],
+    },
+    iotHub: {
+        readOnly: ['IoT Hub Data Reader'],
+        contributor: ['IoT Hub Data Contributor'],
+        admin: ['IoT Hub Registry Contributor', 'IoT Hub Twin Contributor'],
+    },
+    keyVault: {
+        readOnly: [
+            'Key Vault Crypto Service Encryption User',
+            'Key Vault Crypto Service Release User',
+            'Key Vault Secrets User',
+            'Key Vault Crypto User',
+            'Key Vault Certificate User',
+            'Key Vault Reader',
+        ],
+        contributor: [
+            'Key Vault Certificates Officer',
+            'Key Vault Crypto Officer',
+            'Key Vault Secrets Officer',
+            'Key Vault Contributor',
+        ],
+        admin: ['Key Vault Administrator', 'Key Vault Data Access Administrator'],
+    },
+    storage: {
+        readOnly: [
+            'Storage Blob Data Reader',
+            'Storage File Data SMB Share Reader',
+            'Storage Queue Data Reader',
+            'Storage Table Data Reader',
+        ],
+        contributor: [
+            'Storage Account Backup Contributor',
+            'Storage Account Contributor',
+            'Storage Account Encryption Scope Contributor Role',
+            'Storage Blob Data Contributor',
+            'Storage File Data Privileged Reader',
+            'Storage File Data SMB Share Contributor',
+            'Storage File Data SMB Share Elevated Contributor',
+            'Storage Queue Data Contributor',
+            'Storage Queue Data Message Processor',
+            'Storage Queue Data Message Sender',
+            'Storage Table Data Contributor',
+        ],
+        admin: [
+            'Storage Account Key Operator Service Role',
+            'Storage Blob Data Owner',
+            'Storage File Data Privileged Contributor',
+        ],
+    },
+    containerRegistry: {
+        readOnly: [
+            //'ACR Registry Catalog Lister',
+            'ACR Repository Reader',
+            'AcrQuarantineReader',
+            //'AcrPull',
+        ],
+        contributor: [
+            'AcrImageSigner',
+            'AcrPull',
+            'AcrPush',
+            //'ACR Repository Contributor',
+            //'ACR Repository Writer',
+            //'AcrQuarantineWriter',
+        ],
+        admin: ['AcrDelete'],
+    },
+    appConfig: {
+        readOnly: ['App Configuration Data Reader'],
+        contributor: ['App Configuration Data Owner'],
+        admin: [],
+    },
+    serviceBus: {
+        readOnly: ['Azure Service Bus Data Receiver'],
+        contributor: ['Azure Service Bus Data Sender'],
+        admin: ['Azure Service Bus Data Owner'],
+    },
+    signalR: {
+        readOnly: ['SignalR REST API Reader'],
+        contributor: ['SignalR App Server'],
+        admin: ['SignalR REST API Owner'],
+    },
+    redis: {
+        readOnly: [],
+        contributor: ['Redis Cache Contributor'],
+        admin: [],
+    },
+};
+function getRsRoleDefinitions() {
+    return Object.entries(rsRoles).reduce((acc, [key, roles]) => {
+        acc[key] = {
+            ...roles,
+            getReadOnly: () => ({
+                admin: [],
+                contributor: [],
+                readOnly: roles.readOnly,
+            }),
+            getContributor: () => ({
+                admin: [],
+                contributor: roles.contributor,
+                readOnly: roles.readOnly,
+            }),
+        };
+        return acc;
+    }, {});
+}
+exports.rsRoleDefinitions = getRsRoleDefinitions();
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicnNSb2xlRGVmaW5pdGlvbi5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9hekFkL2hlbHBlcnMvcnNSb2xlRGVmaW5pdGlvbi50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFJQSxNQUFNLE9BQU8sR0FBRztJQUNkLE9BQU8sRUFBRTtRQUNQLEtBQUssRUFBRSxDQUFDLE9BQU8sQ0FBQztRQUNoQixXQUFXLEVBQUUsQ0FBQyxhQUFhLENBQUM7UUFDNUIsUUFBUSxFQUFFLENBQUMsUUFBUSxDQUFDO0tBQ3JCO0lBQ0QsR0FBRyxFQUFFO1FBQ0gsUUFBUSxFQUFFLENBQUMsc0NBQXNDLEVBQUUsNENBQTRDLENBQUM7UUFDaEcsV0FBVyxFQUFFLENBQUMsc0NBQXNDLEVBQUUsNENBQTRDLENBQUM7UUFDbkcsS0FBSyxFQUFFLENBQUMsNkNBQTZDLENBQUM7S0FDdkQ7SUFDRCxNQUFNLEVBQUU7UUFDTixRQUFRLEVBQUUsQ0FBQyxxQkFBcUIsQ0FBQztRQUNqQyxXQUFXLEVBQUUsQ0FBQywwQkFBMEIsQ0FBQztRQUN6QyxLQUFLLEVBQUUsQ0FBQyw4QkFBOEIsRUFBRSwwQkFBMEIsQ0FBQztLQUNwRTtJQUNELFFBQVEsRUFBRTtRQUNSLFFBQVEsRUFBRTtZQUNSLDBDQUEwQztZQUMxQyx1Q0FBdUM7WUFDdkMsd0JBQXdCO1lBQ3hCLHVCQUF1QjtZQUN2Qiw0QkFBNEI7WUFDNUIsa0JBQWtCO1NBQ25CO1FBQ0QsV0FBVyxFQUFFO1lBQ1gsZ0NBQWdDO1lBQ2hDLDBCQUEwQjtZQUMxQiwyQkFBMkI7WUFDM0IsdUJBQXVCO1NBQ3hCO1FBQ0QsS0FBSyxFQUFFLENBQUMseUJBQXlCLEVBQUUscUNBQXFDLENBQUM7S0FDMUU7SUFDRCxPQUFPLEVBQUU7UUFDUCxRQUFRLEVBQUU7WUFDUiwwQkFBMEI7WUFDMUIsb0NBQW9DO1lBQ3BDLDJCQUEyQjtZQUMzQiwyQkFBMkI7U0FDNUI7UUFDRCxXQUFXLEVBQUU7WUFDWCxvQ0FBb0M7WUFDcEMsNkJBQTZCO1lBQzdCLG1EQUFtRDtZQUNuRCwrQkFBK0I7WUFDL0IscUNBQXFDO1lBQ3JDLHlDQUF5QztZQUN6QyxrREFBa0Q7WUFDbEQsZ0NBQWdDO1lBQ2hDLHNDQUFzQztZQUN0QyxtQ0FBbUM7WUFDbkMsZ0NBQWdDO1NBQ2pDO1FBQ0QsS0FBSyxFQUFFO1lBQ0wsMkNBQTJDO1lBQzNDLHlCQUF5QjtZQUN6QiwwQ0FBMEM7U0FDM0M7S0FDRjtJQUNELGlCQUFpQixFQUFFO1FBQ2pCLFFBQVEsRUFBRTtZQUNSLGdDQUFnQztZQUNoQyx1QkFBdUI7WUFDdkIscUJBQXFCO1lBQ3JCLFlBQVk7U0FDYjtRQUNELFdBQVcsRUFBRTtZQUNYLGdCQUFnQjtZQUNoQixTQUFTO1lBQ1QsU0FBUztZQUVULCtCQUErQjtZQUMvQiwwQkFBMEI7WUFDMUIsd0JBQXdCO1NBQ3pCO1FBQ0QsS0FBSyxFQUFFLENBQUMsV0FBVyxDQUFDO0tBQ3JCO0lBQ0QsU0FBUyxFQUFFO1FBQ1QsUUFBUSxFQUFFLENBQUMsK0JBQStCLENBQUM7UUFDM0MsV0FBVyxFQUFFLENBQUMsOEJBQThCLENBQUM7UUFDN0MsS0FBSyxFQUFFLEVBQUU7S0FDVjtJQUNELFVBQVUsRUFBRTtRQUNWLFFBQVEsRUFBRSxDQUFDLGlDQUFpQyxDQUFDO1FBQzdDLFdBQVcsRUFBRSxDQUFDLCtCQUErQixDQUFDO1FBQzlDLEtBQUssRUFBRSxDQUFDLDhCQUE4QixDQUFDO0tBQ3hDO0lBQ0QsT0FBTyxFQUFFO1FBQ1AsUUFBUSxFQUFFLENBQUMseUJBQXlCLENBQUM7UUFDckMsV0FBVyxFQUFFLENBQUMsb0JBQW9CLENBQUM7UUFDbkMsS0FBSyxFQUFFLENBQUMsd0JBQXdCLENBQUM7S0FDbEM7SUFDRCxLQUFLLEVBQUU7UUFDTCxRQUFRLEVBQUUsRUFBRTtRQUNaLFdBQVcsRUFBRSxDQUFDLHlCQUF5QixDQUFDO1FBQ3hDLEtBQUssRUFBRSxFQUFFO0tBQ1Y7Q0FDRixDQUFDO0FBUUYsU0FBUyxvQkFBb0I7SUFDM0IsT0FBTyxNQUFNLENBQUMsT0FBTyxDQUFDLE9BQU8sQ0FBQyxDQUFDLE1BQU0sQ0FBQyxDQUFDLEdBQUcsRUFBRSxDQUFDLEdBQUcsRUFBRSxLQUFLLENBQUMsRUFBRSxFQUFFO1FBQzFELEdBQUcsQ0FBQyxHQUEyQixDQUFDLEdBQUc7WUFDakMsR0FBRyxLQUFLO1lBQ1IsV0FBVyxFQUFFLEdBQUcsRUFBRSxDQUFDLENBQUM7Z0JBQ2xCLEtBQUssRUFBRSxFQUFFO2dCQUNULFdBQVcsRUFBRSxFQUFFO2dCQUNmLFFBQVEsRUFBRSxLQUFLLENBQUMsUUFBUTthQUN6QixDQUFDO1lBQ0YsY0FBYyxFQUFFLEdBQUcsRUFBRSxDQUFDLENBQUM7Z0JBQ3JCLEtBQUssRUFBRSxFQUFFO2dCQUNULFdBQVcsRUFBRSxLQUFLLENBQUMsV0FBVztnQkFDOUIsUUFBUSxFQUFFLEtBQUssQ0FBQyxRQUFRO2FBQ3pCLENBQUM7U0FDSCxDQUFDO1FBQ0YsT0FBTyxHQUFHLENBQUM7SUFDYixDQUFDLEVBQUUsRUFBNEIsQ0FBQyxDQUFDO0FBQ25DLENBQUM7QUFFWSxRQUFBLGlCQUFpQixHQUFHLG9CQUFvQixFQUFFLENBQUMifQ==

package/azAd/index.d.ts

@@ -0,0 +1,7 @@
+export * from './helpers';
+export * from './AppRegistration';
+export * from './AzRole';
+export * from './CustomRoles';
+export * from './GroupRole';
+export * from './RoleAssignment';
+export * from './UserAssignedIdentity';

package/azAd/index.js

@@ -0,0 +1,24 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./helpers"), exports);
+__exportStar(require("./AppRegistration"), exports);
+__exportStar(require("./AzRole"), exports);
+__exportStar(require("./CustomRoles"), exports);
+__exportStar(require("./GroupRole"), exports);
+__exportStar(require("./RoleAssignment"), exports);
+__exportStar(require("./UserAssignedIdentity"), exports);
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvYXpBZC9pbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsNENBQTBCO0FBQzFCLG9EQUFrQztBQUNsQywyQ0FBeUI7QUFDekIsZ0RBQThCO0FBQzlCLDhDQUE0QjtBQUM1QixtREFBaUM7QUFDakMseURBQXVDIn0=

package/base/BaseComponent.d.ts

@@ -0,0 +1,53 @@
+import * as pulumi from '@pulumi/pulumi';
+/**
+ * BaseComponent serves as an abstract foundation class for Pulumi resource components.
+ * It provides core functionality and structure for creating custom infrastructure components.
+ *
+ * @template TArgs - Generic type parameter extending pulumi.Inputs to define component arguments
+ * @extends pulumi.ComponentResource<TArgs>
+ */
+/**
+ * @template TArgs - Generic type parameter extending pulumi.Inputs
+ * @example
+ * // Add usage example here
+ * const component = new MyComponent('name', args);
+ */
+export declare abstract class BaseComponent<TArgs extends pulumi.Inputs> extends pulumi.ComponentResource<TArgs> {
+    readonly name: string;
+    protected readonly args: TArgs;
+    protected readonly opts?: pulumi.ComponentResourceOptions | undefined;
+    /**
+     * Creates a new instance of BaseComponent
+     * @param type - The resource type identifier for this component
+     * @param name - Unique name for this component instance
+     * @param args - Configuration arguments for this component
+     * @param opts - Optional Pulumi resource options to control component behavior
+     */
+    constructor(type: string, name: string, args: TArgs, opts?: pulumi.ComponentResourceOptions | undefined);
+    /**
+     * Registers component outputs with the Pulumi engine.
+     * This method should be overridden by derived classes to ensure proper output registration.
+     * @param outputs - The outputs to register for this component
+     */
+    protected registerOutputs(outputs: pulumi.Inputs | pulumi.Output<pulumi.Inputs>): void;
+    /**
+     * Abstract method that must be implemented by derived classes to expose component outputs.
+     * This method should return all relevant outputs that consumers of the component might need.
+     * @returns An object containing the component's outputs, either as direct values or Pulumi outputs
+     */
+    abstract getOutputs(): pulumi.Inputs | pulumi.Output<pulumi.Inputs>;
+    /**
+     * Utility method to selectively extract specific properties from the component instance.
+     * Useful for creating a subset of component properties for downstream consumption.
+     *
+     * @template K - Generic type parameter constrained to keys of the component instance
+     * @param keys - Array of property names to extract from the component
+     * @returns A new object containing only the requested properties from the component
+     * @example
+     * ```typescript
+     * const component = new MyComponent();
+     * const subset = component.PickOutputs('name', 'id');
+     * ```
+     */
+    PickOutputs<K extends keyof this>(...keys: K[]): Pick<this, K>;
+}

package/base/BaseComponent.js

@@ -0,0 +1,98 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BaseComponent = void 0;
+const pulumi = __importStar(require("@pulumi/pulumi"));
+const helpers_1 = require("./helpers");
+/**
+ * BaseComponent serves as an abstract foundation class for Pulumi resource components.
+ * It provides core functionality and structure for creating custom infrastructure components.
+ *
+ * @template TArgs - Generic type parameter extending pulumi.Inputs to define component arguments
+ * @extends pulumi.ComponentResource<TArgs>
+ */
+/**
+ * @template TArgs - Generic type parameter extending pulumi.Inputs
+ * @example
+ * // Add usage example here
+ * const component = new MyComponent('name', args);
+ */
+class BaseComponent extends pulumi.ComponentResource {
+    name;
+    args;
+    opts;
+    /**
+     * Creates a new instance of BaseComponent
+     * @param type - The resource type identifier for this component
+     * @param name - Unique name for this component instance
+     * @param args - Configuration arguments for this component
+     * @param opts - Optional Pulumi resource options to control component behavior
+     */
+    constructor(type, name, args, opts) {
+        super((0, helpers_1.getComponentResourceType)(type), name, args, opts);
+        this.name = name;
+        this.args = args;
+        this.opts = opts;
+    }
+    /**
+     * Registers component outputs with the Pulumi engine.
+     * This method should be overridden by derived classes to ensure proper output registration.
+     * @param outputs - The outputs to register for this component
+     */
+    registerOutputs(outputs) {
+        super.registerOutputs(outputs);
+    }
+    /**
+     * Utility method to selectively extract specific properties from the component instance.
+     * Useful for creating a subset of component properties for downstream consumption.
+     *
+     * @template K - Generic type parameter constrained to keys of the component instance
+     * @param keys - Array of property names to extract from the component
+     * @returns A new object containing only the requested properties from the component
+     * @example
+     * ```typescript
+     * const component = new MyComponent();
+     * const subset = component.PickOutputs('name', 'id');
+     * ```
+     */
+    PickOutputs(...keys) {
+        return keys.reduce((acc, key) => {
+            acc[key] = this[key];
+            return acc;
+        }, {});
+    }
+}
+exports.BaseComponent = BaseComponent;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQmFzZUNvbXBvbmVudC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9iYXNlL0Jhc2VDb21wb25lbnQudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsdURBQXlDO0FBQ3pDLHVDQUFxRDtBQUVyRDs7Ozs7O0dBTUc7QUFDSDs7Ozs7R0FLRztBQUNILE1BQXNCLGFBQTJDLFNBQVEsTUFBTSxDQUFDLGlCQUF3QjtJQVVwRjtJQUNHO0lBQ0E7SUFYckI7Ozs7OztPQU1HO0lBQ0gsWUFDRSxJQUFZLEVBQ0ksSUFBWSxFQUNULElBQVcsRUFDWCxJQUFzQztRQUV6RCxLQUFLLENBQUMsSUFBQSxrQ0FBd0IsRUFBQyxJQUFJLENBQUMsRUFBRSxJQUFJLEVBQUUsSUFBSSxFQUFFLElBQUksQ0FBQyxDQUFDO1FBSnhDLFNBQUksR0FBSixJQUFJLENBQVE7UUFDVCxTQUFJLEdBQUosSUFBSSxDQUFPO1FBQ1gsU0FBSSxHQUFKLElBQUksQ0FBa0M7SUFHM0QsQ0FBQztJQUVEOzs7O09BSUc7SUFDTyxlQUFlLENBQUMsT0FBcUQ7UUFDN0UsS0FBSyxDQUFDLGVBQWUsQ0FBQyxPQUFPLENBQUMsQ0FBQztJQUNqQyxDQUFDO0lBU0Q7Ozs7Ozs7Ozs7OztPQVlHO0lBQ0ksV0FBVyxDQUF1QixHQUFHLElBQVM7UUFDbkQsT0FBTyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUMsR0FBRyxFQUFFLEdBQUcsRUFBRSxFQUFFO1lBQzlCLEdBQUcsQ0FBQyxHQUFHLENBQUMsR0FBSSxJQUFZLENBQUMsR0FBRyxDQUFDLENBQUM7WUFDOUIsT0FBTyxHQUFHLENBQUM7UUFDYixDQUFDLEVBQUUsRUFBbUIsQ0FBQyxDQUFDO0lBQzFCLENBQUM7Q0FDRjtBQXBERCxzQ0FvREMifQ==

package/base/BaseResourceComponent.d.ts

@@ -0,0 +1,108 @@
+import * as pulumi from '@pulumi/pulumi';
+import { RandomPassword, RandomPasswordArgs } from '../common/RandomPassword';
+import { RandomString, RandomStringArgs } from '../common/RandomString';
+import { ResourceLocker } from '../common/ResourceLocker';
+import * as types from '../types';
+import { EncryptionKey } from '../vault/EncryptionKey';
+import { VaultSecretResult } from '../vault/VaultSecrets';
+import { BaseComponent } from './BaseComponent';
+/**
+ * Base interface for resource component arguments that combines vault information
+ * and Azure AD group role requirements.
+ *
+ * This interface extends:
+ * - WithVaultInfo: Provides Azure Key Vault configuration
+ * - WithGroupRolesArgs: Defines Azure AD group role assignments
+ */
+export interface BaseArgs extends types.WithVaultInfo, types.WithGroupRolesArgs {
+}
+/**
+ * Extended interface that includes resource group input parameters
+ * alongside base vault and role requirements
+ */
+export interface CommonBaseArgs extends BaseArgs, types.WithResourceGroupInputs {
+}
+/**
+ * BaseResourceComponent serves as a foundational abstract class for Azure resource management
+ * with integrated Key Vault capabilities. It provides:
+ *
+ * Key Features:
+ * - Automated secret management with Azure Key Vault integration
+ * - Resource group handling and organization
+ * - Managed identity role assignments
+ * - Resource locking capabilities
+ * - Random string/password generation
+ * - Encryption key management
+ *
+ * This component is designed to be extended by specific Azure resource implementations
+ * that require secure secret management and standardized resource organization.
+ *
+ * @template TArgs - Type parameter extending BaseArgs to define required component arguments
+ */
+export declare abstract class BaseResourceComponent<TArgs extends BaseArgs> extends BaseComponent<TArgs> {
+    private readonly type;
+    readonly name: string;
+    protected readonly args: TArgs;
+    protected readonly opts?: pulumi.ComponentResourceOptions | undefined;
+    private _secrets;
+    private _vaultSecretsCreated;
+    vaultSecrets?: {
+        [key: string]: VaultSecretResult;
+    };
+    /**
+     * Creates a new instance of BaseResourceComponent
+     * @param type - The type of the resource component
+     * @param name - The unique name of the resource component
+     * @param args - Arguments containing vault and resource group information
+     * @param opts - Optional component resource options
+     */
+    constructor(type: string, name: string, args: TArgs, opts?: pulumi.ComponentResourceOptions | undefined);
+    /**
+     * Internal method to handle post-creation secret management
+     * Creates vault secrets if any secrets were added during component creation
+     */
+    private postCreated;
+    /**
+     * Adds a single secret to the component
+     * Can be called multiple times to add different secrets
+     * @param name - The name of the secret
+     * @param value - The value to be stored in the secret
+     */
+    protected addSecret(name: string, value: pulumi.Input<string>): void;
+    /**
+     * Adds multiple secrets to the component at once
+     * Should only be called once as it replaces existing secrets
+     * @param secrets - Object containing secret name-value pairs
+     */
+    protected addSecrets(secrets: {
+        [key: string]: pulumi.Input<string>;
+    }): void;
+    /**
+     * Overwrote this method with no parameters as it will be provided by calling getOutputs method.
+     */
+    protected registerOutputs(): void;
+    /**
+     * Creates a new encryption key in the Azure Key Vault
+     * @returns A new EncryptionKey instance if vaultInfo is provided, undefined otherwise
+     */
+    protected getEncryptionKey({ name, keySize }?: {
+        name?: string;
+        keySize?: 2048 | 3072 | 4096;
+    }): EncryptionKey;
+    /**
+     * Generates a new random password with predefined settings
+     * @returns A new RandomPassword instance with 20 characters length, yearly rotation policy, and no special characters
+     */
+    protected createPassword(props?: RandomPasswordArgs): RandomPassword;
+    protected createRandomString(props?: RandomStringArgs): RandomString;
+    protected lockFromDeleting(resource: pulumi.CustomResource): ResourceLocker;
+    /**
+     * Adds a managed identity to a specified Azure AD group role
+     * @param type - The type of group role to add the identity to (from GroupRoleTypes enum)
+     * @param identity - A Pulumi output containing the managed identity with its principal ID
+     * @returns A new GroupMember resource if successful, undefined if groupRoles not configured or identity invalid
+     */
+    addIdentityToRole(type: types.GroupRoleTypes, identity: pulumi.Input<{
+        principalId: pulumi.Input<string>;
+    } | undefined>): pulumi.OutputInstance<import("@pulumi/azuread/groupMember").GroupMember | undefined> | undefined;
+}

package/base/BaseResourceComponent.js

@@ -0,0 +1,180 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BaseResourceComponent = void 0;
+const azAd = __importStar(require("@pulumi/azuread"));
+const pulumi = __importStar(require("@pulumi/pulumi"));
+const RandomPassword_1 = require("../common/RandomPassword");
+const RandomString_1 = require("../common/RandomString");
+const ResourceLocker_1 = require("../common/ResourceLocker");
+const EncryptionKey_1 = require("../vault/EncryptionKey");
+const VaultSecrets_1 = require("../vault/VaultSecrets");
+const BaseComponent_1 = require("./BaseComponent");
+const helpers_1 = require("./helpers");
+/**
+ * BaseResourceComponent serves as a foundational abstract class for Azure resource management
+ * with integrated Key Vault capabilities. It provides:
+ *
+ * Key Features:
+ * - Automated secret management with Azure Key Vault integration
+ * - Resource group handling and organization
+ * - Managed identity role assignments
+ * - Resource locking capabilities
+ * - Random string/password generation
+ * - Encryption key management
+ *
+ * This component is designed to be extended by specific Azure resource implementations
+ * that require secure secret management and standardized resource organization.
+ *
+ * @template TArgs - Type parameter extending BaseArgs to define required component arguments
+ */
+class BaseResourceComponent extends BaseComponent_1.BaseComponent {
+    type;
+    name;
+    args;
+    opts;
+    _secrets = {};
+    _vaultSecretsCreated = false;
+    vaultSecrets;
+    /**
+     * Creates a new instance of BaseResourceComponent
+     * @param type - The type of the resource component
+     * @param name - The unique name of the resource component
+     * @param args - Arguments containing vault and resource group information
+     * @param opts - Optional component resource options
+     */
+    constructor(type, name, args, opts) {
+        super((0, helpers_1.getComponentResourceType)(type), name, args, opts);
+        this.type = type;
+        this.name = name;
+        this.args = args;
+        this.opts = opts;
+    }
+    /**
+     * Internal method to handle post-creation secret management
+     * Creates vault secrets if any secrets were added during component creation
+     */
+    postCreated() {
+        const { vaultInfo } = this.args;
+        if (Object.keys(this._secrets).length <= 0 || !vaultInfo)
+            return;
+        if (this._vaultSecretsCreated)
+            return;
+        const se = {};
+        for (const key in this._secrets) {
+            se[key] = {
+                value: this._secrets[key],
+                contentType: `${this.type} ${key}`,
+            };
+        }
+        this._vaultSecretsCreated = true;
+        const rs = new VaultSecrets_1.VaultSecrets(this.name, {
+            vaultInfo,
+            secrets: se,
+        }, { dependsOn: this.opts?.dependsOn, parent: this });
+        this.vaultSecrets = rs.results;
+    }
+    /**
+     * Adds a single secret to the component
+     * Can be called multiple times to add different secrets
+     * @param name - The name of the secret
+     * @param value - The value to be stored in the secret
+     */
+    addSecret(name, value) {
+        this._secrets[name] = value;
+    }
+    /**
+     * Adds multiple secrets to the component at once
+     * Should only be called once as it replaces existing secrets
+     * @param secrets - Object containing secret name-value pairs
+     */
+    addSecrets(secrets) {
+        this._secrets = { ...this._secrets, ...secrets };
+    }
+    /**
+     * Overwrote this method with no parameters as it will be provided by calling getOutputs method.
+     */
+    registerOutputs() {
+        this.postCreated();
+        super.registerOutputs({ ...this.getOutputs(), vaultSecrets: this.vaultSecrets });
+    }
+    /**
+     * Creates a new encryption key in the Azure Key Vault
+     * @returns A new EncryptionKey instance if vaultInfo is provided, undefined otherwise
+     */
+    getEncryptionKey({ name, keySize } = { keySize: 4096 }) {
+        if (!this.args.vaultInfo) {
+            throw new Error(`VaultInfo is required for encryption key creation in component ${this.name}`);
+        }
+        return new EncryptionKey_1.EncryptionKey(name ? `${this.name}-${name}` : this.name, { vaultInfo: this.args.vaultInfo, keySize }, { dependsOn: this.opts?.dependsOn, parent: this });
+    }
+    /**
+     * Generates a new random password with predefined settings
+     * @returns A new RandomPassword instance with 20 characters length, yearly rotation policy, and no special characters
+     */
+    createPassword(props = { length: 20, policy: 'yearly', options: { special: false } }) {
+        return new RandomPassword_1.RandomPassword(this.name, props, { parent: this });
+    }
+    createRandomString(props = { type: 'string', length: 10, options: { special: false } }) {
+        return new RandomString_1.RandomString(this.name, props, { parent: this });
+    }
+    lockFromDeleting(resource) {
+        return new ResourceLocker_1.ResourceLocker(`${this.name}-lock`, {
+            resource,
+            level: 'CanNotDelete',
+        }, { dependsOn: resource, parent: this });
+    }
+    /**
+     * Adds a managed identity to a specified Azure AD group role
+     * @param type - The type of group role to add the identity to (from GroupRoleTypes enum)
+     * @param identity - A Pulumi output containing the managed identity with its principal ID
+     * @returns A new GroupMember resource if successful, undefined if groupRoles not configured or identity invalid
+     */
+    addIdentityToRole(type, identity) {
+        const { groupRoles } = this.args;
+        if (!groupRoles)
+            return;
+        return pulumi.output(identity).apply((i) => {
+            if (!i?.principalId)
+                return;
+            return new azAd.GroupMember(`${this.name}-${type}-${i.principalId}`, {
+                groupObjectId: groupRoles[type].objectId,
+                memberObjectId: i.principalId,
+            });
+        });
+    }
+}
+exports.BaseResourceComponent = BaseResourceComponent;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQmFzZVJlc291cmNlQ29tcG9uZW50LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL2Jhc2UvQmFzZVJlc291cmNlQ29tcG9uZW50LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztBQUFBLHNEQUF3QztBQUN4Qyx1REFBeUM7QUFDekMsNkRBQThFO0FBQzlFLHlEQUF3RTtBQUN4RSw2REFBMEQ7QUFFMUQsMERBQXVEO0FBRXZELHdEQUF3RTtBQUN4RSxtREFBZ0Q7QUFDaEQsdUNBQXFEO0FBa0JyRDs7Ozs7Ozs7Ozs7Ozs7OztHQWdCRztBQUNILE1BQXNCLHFCQUE4QyxTQUFRLDZCQUFvQjtJQWEzRTtJQUNEO0lBQ0c7SUFDQTtJQWZiLFFBQVEsR0FBNEMsRUFBRSxDQUFDO0lBQ3ZELG9CQUFvQixHQUFZLEtBQUssQ0FBQztJQUN2QyxZQUFZLENBQXdDO0lBRTNEOzs7Ozs7T0FNRztJQUNILFlBQ21CLElBQVksRUFDYixJQUFZLEVBQ1QsSUFBVyxFQUNYLElBQXNDO1FBRXpELEtBQUssQ0FBQyxJQUFBLGtDQUF3QixFQUFDLElBQUksQ0FBQyxFQUFFLElBQUksRUFBRSxJQUFJLEVBQUUsSUFBSSxDQUFDLENBQUM7UUFMdkMsU0FBSSxHQUFKLElBQUksQ0FBUTtRQUNiLFNBQUksR0FBSixJQUFJLENBQVE7UUFDVCxTQUFJLEdBQUosSUFBSSxDQUFPO1FBQ1gsU0FBSSxHQUFKLElBQUksQ0FBa0M7SUFHM0QsQ0FBQztJQUVEOzs7T0FHRztJQUNLLFdBQVc7UUFDakIsTUFBTSxFQUFFLFNBQVMsRUFBRSxHQUFHLElBQUksQ0FBQyxJQUFJLENBQUM7UUFDaEMsSUFBSSxNQUFNLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsQ0FBQyxNQUFNLElBQUksQ0FBQyxJQUFJLENBQUMsU0FBUztZQUFFLE9BQU87UUFDakUsSUFBSSxJQUFJLENBQUMsb0JBQW9CO1lBQUUsT0FBTztRQUV0QyxNQUFNLEVBQUUsR0FBc0MsRUFBRSxDQUFDO1FBQ2pELEtBQUssTUFBTSxHQUFHLElBQUksSUFBSSxDQUFDLFFBQVEsRUFBRSxDQUFDO1lBQ2hDLEVBQUUsQ0FBQyxHQUFHLENBQUMsR0FBRztnQkFDUixLQUFLLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxHQUFHLENBQUM7Z0JBQ3pCLFdBQVcsRUFBRSxHQUFHLElBQUksQ0FBQyxJQUFJLElBQUksR0FBRyxFQUFFO2FBQ25DLENBQUM7UUFDSixDQUFDO1FBRUQsSUFBSSxDQUFDLG9CQUFvQixHQUFHLElBQUksQ0FBQztRQUNqQyxNQUFNLEVBQUUsR0FBRyxJQUFJLDJCQUFZLENBQ3pCLElBQUksQ0FBQyxJQUFJLEVBQ1Q7WUFDRSxTQUFTO1lBQ1QsT0FBTyxFQUFFLEVBQUU7U0FDWixFQUNELEVBQUUsU0FBUyxFQUFFLElBQUksQ0FBQyxJQUFJLEVBQUUsU0FBUyxFQUFFLE1BQU0sRUFBRSxJQUFJLEVBQUUsQ0FDbEQsQ0FBQztRQUVGLElBQUksQ0FBQyxZQUFZLEdBQUcsRUFBRSxDQUFDLE9BQU8sQ0FBQztJQUNqQyxDQUFDO0lBRUQ7Ozs7O09BS0c7SUFDTyxTQUFTLENBQUMsSUFBWSxFQUFFLEtBQTJCO1FBQzNELElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLEdBQUcsS0FBSyxDQUFDO0lBQzlCLENBQUM7SUFFRDs7OztPQUlHO0lBQ08sVUFBVSxDQUFDLE9BQWdEO1FBQ25FLElBQUksQ0FBQyxRQUFRLEdBQUcsRUFBRSxHQUFHLElBQUksQ0FBQyxRQUFRLEVBQUUsR0FBRyxPQUFPLEVBQUUsQ0FBQztJQUNuRCxDQUFDO0lBRUQ7O09BRUc7SUFDTyxlQUFlO1FBQ3ZCLElBQUksQ0FBQyxXQUFXLEVBQUUsQ0FBQztRQUNuQixLQUFLLENBQUMsZUFBZSxDQUFDLEVBQUUsR0FBRyxJQUFJLENBQUMsVUFBVSxFQUFFLEVBQUUsWUFBWSxFQUFFLElBQUksQ0FBQyxZQUFZLEVBQUUsQ0FBQyxDQUFDO0lBQ25GLENBQUM7SUFFRDs7O09BR0c7SUFDTyxnQkFBZ0IsQ0FBQyxFQUFFLElBQUksRUFBRSxPQUFPLEtBQXNELEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRTtRQUMvRyxJQUFJLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxTQUFTLEVBQUUsQ0FBQztZQUN6QixNQUFNLElBQUksS0FBSyxDQUFDLGtFQUFrRSxJQUFJLENBQUMsSUFBSSxFQUFFLENBQUMsQ0FBQztRQUNqRyxDQUFDO1FBQ0QsT0FBTyxJQUFJLDZCQUFhLENBQ3RCLElBQUksQ0FBQyxDQUFDLENBQUMsR0FBRyxJQUFJLENBQUMsSUFBSSxJQUFJLElBQUksRUFBRSxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsSUFBSSxFQUN6QyxFQUFFLFNBQVMsRUFBRSxJQUFJLENBQUMsSUFBSSxDQUFDLFNBQVMsRUFBRSxPQUFPLEVBQUUsRUFDM0MsRUFBRSxTQUFTLEVBQUUsSUFBSSxDQUFDLElBQUksRUFBRSxTQUFTLEVBQUUsTUFBTSxFQUFFLElBQUksRUFBRSxDQUNsRCxDQUFDO0lBQ0osQ0FBQztJQUVEOzs7T0FHRztJQUNPLGNBQWMsQ0FBQyxRQUE0QixFQUFFLE1BQU0sRUFBRSxFQUFFLEVBQUUsTUFBTSxFQUFFLFFBQVEsRUFBRSxPQUFPLEVBQUUsRUFBRSxPQUFPLEVBQUUsS0FBSyxFQUFFLEVBQUU7UUFDaEgsT0FBTyxJQUFJLCtCQUFjLENBQUMsSUFBSSxDQUFDLElBQUksRUFBRSxLQUFLLEVBQUUsRUFBRSxNQUFNLEVBQUUsSUFBSSxFQUFFLENBQUMsQ0FBQztJQUNoRSxDQUFDO0lBRVMsa0JBQWtCLENBQUMsUUFBMEIsRUFBRSxJQUFJLEVBQUUsUUFBUSxFQUFFLE1BQU0sRUFBRSxFQUFFLEVBQUUsT0FBTyxFQUFFLEVBQUUsT0FBTyxFQUFFLEtBQUssRUFBRSxFQUFFO1FBQ2hILE9BQU8sSUFBSSwyQkFBWSxDQUFDLElBQUksQ0FBQyxJQUFJLEVBQUUsS0FBSyxFQUFFLEVBQUUsTUFBTSxFQUFFLElBQUksRUFBRSxDQUFDLENBQUM7SUFDOUQsQ0FBQztJQUVTLGdCQUFnQixDQUFDLFFBQStCO1FBQ3hELE9BQU8sSUFBSSwrQkFBYyxDQUN2QixHQUFHLElBQUksQ0FBQyxJQUFJLE9BQU8sRUFDbkI7WUFDRSxRQUFRO1lBQ1IsS0FBSyxFQUFFLGNBQWM7U0FDdEIsRUFDRCxFQUFFLFNBQVMsRUFBRSxRQUFRLEVBQUUsTUFBTSxFQUFFLElBQUksRUFBRSxDQUN0QyxDQUFDO0lBQ0osQ0FBQztJQUVEOzs7OztPQUtHO0lBQ0ksaUJBQWlCLENBQ3RCLElBQTBCLEVBQzFCLFFBQXlFO1FBRXpFLE1BQU0sRUFBRSxVQUFVLEVBQUUsR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDO1FBQ2pDLElBQUksQ0FBQyxVQUFVO1lBQUUsT0FBTztRQUV4QixPQUFPLE1BQU0sQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUU7WUFDekMsSUFBSSxDQUFDLENBQUMsRUFBRSxXQUFXO2dCQUFFLE9BQU87WUFDNUIsT0FBTyxJQUFJLElBQUksQ0FBQyxXQUFXLENBQUMsR0FBRyxJQUFJLENBQUMsSUFBSSxJQUFJLElBQUksSUFBSSxDQUFDLENBQUMsV0FBVyxFQUFFLEVBQUU7Z0JBQ25FLGFBQWEsRUFBRSxVQUFVLENBQUMsSUFBSSxDQUFDLENBQUMsUUFBUTtnQkFDeEMsY0FBYyxFQUFFLENBQUMsQ0FBQyxXQUFXO2FBQzlCLENBQUMsQ0FBQztRQUNMLENBQUMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztDQUNGO0FBeklELHNEQXlJQyJ9