@drunk-pulumi/azure-components 1.0.1 → 1.0.3

package/README.md

@@ -1 +1,127 @@
-# drunk-pulumi-azure-components
+# Drunk Pulumi Azure Components
+
+A modular, reusable TypeScript library of Pulumi components for rapidly building and managing Azure infrastructure. This project provides high-level abstractions for common Azure resources, enabling you to compose complex cloud environments with minimal boilerplate.
+
+## Features
+
+- **Composable Components:** Build infrastructure using reusable building blocks (e.g., Resource Groups, Key Vaults, VMs, Networking, Storage, Databases, etc.).
+- **Opinionated Defaults:** Sensible defaults for security, tagging, and resource configuration.
+- **Extensible:** Easily extend or customize components for your organization's needs.
+- **Pulumi Native:** Leverages Pulumi's TypeScript SDK for full infrastructure-as-code power.
+- **Azure Best Practices:** Implements patterns for identity, encryption, logging, and networking.
+
+## Project Structure
+
+```
+src/
+  aks/           # Azure Kubernetes Service components
+  app/           # App-related Azure resources (App Service, IoT Hub, etc.)
+  azAd/          # Azure Active Directory (roles, identities, etc.)
+  base/          # Base classes and helpers for components
+  common/        # Common utilities and resource helpers
+  database/      # Database resources (SQL, MySQL, Postgres, Redis)
+  helpers/       # Utility functions and configuration helpers
+  logs/          # Logging and monitoring components
+  services/      # Azure services (Automation, Search, Service Bus)
+  storage/       # Storage account components
+  vault/         # Key Vault and encryption helpers
+  vm/            # Virtual machine and disk encryption components
+  vnet/          # Networking (VNet, Firewall, CDN, etc.)
+  types.ts       # Shared TypeScript types
+  ResourceBuilder.ts # Main builder for composing resources
+```
+
+## Getting Started
+
+### Prerequisites
+
+- [Node.js](https://nodejs.org/) (v16+ recommended)
+- [Pulumi CLI](https://www.pulumi.com/docs/get-started/install/)
+- Azure account with sufficient permissions
+- [pnpm](https://pnpm.io/) (or npm/yarn)
+
+### Installation
+
+Clone the repository and install dependencies:
+
+```bash
+git clone <repo-url>
+cd drunk-pulumi-azure-components
+pnpm install
+```
+
+### Set Default Config
+
+```
+pulumi org set-default YOUR_ORG_NAME
+
+pulumi config set azure-native:tenantId YOUR_AZ_TENANT_ID
+pulumi config set azure-native:subscriptionId YOUR_AZ_SUBSCRIPTION_ID
+pulumi config set azure-native:location YOUR_AZ_LOCATION
+```
+
+### Usage
+
+You can use the components in your own Pulumi project or in the provided `pulumi-test/` directory for examples.
+
+#### Example: Creating a Resource Group with Key Vault and Logging
+
+```typescript
+import { ResourceBuilder } from '../src/ResourceBuilder';
+
+const builder = new ResourceBuilder('my-stack', {
+  groupRoles: { createWithName: 'my-rg-roles' },
+  vault: {
+    /* vault config */
+  },
+  logs: {
+    /* logs config */
+  },
+  enableDefaultUAssignId: true,
+});
+
+export const outputs = builder.getOutputs();
+```
+
+See `pulumi-test/samples/` for more usage examples.
+
+### Project Scripts
+
+- `pnpm build` – Compile TypeScript sources
+- `pnpm lint` – Run ESLint
+- `pnpm test` – Run tests (if available)
+
+### Directory Reference
+
+- **src/**: All core component code
+- **pulumi-test/**: Example Pulumi stacks and sample usage
+- **.devcontainer/**: Development container setup for VS Code
+
+## Component Overview
+
+- **ResourceBuilder**: Main entry point for composing resources (resource group, roles, vault, logs, disk encryption, etc.)
+- **azAd/**: Azure AD roles, group roles, user-assigned identities
+- **vault/**: Key Vaults, encryption keys, secrets
+- **vm/**: Virtual machines, disk encryption sets
+- **vnet/**: Virtual networks, firewalls, peering, endpoints
+- **logs/**: Log analytics and monitoring
+- **database/**: SQL, MySQL, Postgres, Redis
+- **storage/**: Storage accounts
+- **app/**: App Service, IoT Hub, Logic Apps, SignalR
+- **services/**: Automation, Search, Service Bus
+
+## Contributing
+
+1. Fork the repository
+2. Create a new branch (`git checkout -b feature/my-feature`)
+3. Make your changes
+4. Run tests and linting
+5. Submit a pull request
+
+## License
+
+MIT License
+
+## Support & Contact
+
+For questions, issues, or feature requests, please open an issue on GitHub or contact the maintainer.

package/ResourceBuilder.d.ts

@@ -1,54 +1,93 @@
 import * as pulumi from '@pulumi/pulumi';
-import { GroupRoleOutput } from './azAd';
-import { BaseComponent } from './base/BaseComponent';
-import { RsGroupArgs } from './common';
-import { LogsArgs } from './logs';
 import * as types from './types';
-import { KeyVaultArgs } from './vault';
-import { DiskEncryptionSetArgs } from './vm';
-type GroupRoleOutputTypes = {
-    admin: pulumi.Output<GroupRoleOutput>;
-    contributor: pulumi.Output<GroupRoleOutput>;
-    readOnly: pulumi.Output<GroupRoleOutput>;
+import { AppRegistration, AppRegistrationArgs, GroupRole, GroupRoleArgs, RoleAssignmentArgs, UserAssignedIdentity, UserAssignedIdentityArgs } from './azAd';
+import { DiskEncryptionSet, DiskEncryptionSetArgs } from './vm';
+import { KeyVault, KeyVaultArgs } from './vault';
+import { Logs, LogsArgs } from './logs';
+import { RsGroup, RsGroupArgs } from './common';
+import { Vnet, VnetArgs } from './vnet';
+import { BaseComponent } from './base/BaseComponent';
+export type ResourceBuilderOutputs = {
+    groupRoles?: types.GroupRoleOutputTypes;
+    rsGroup: ReturnType<RsGroup['getOutputs']>;
+    vaultInfo?: ReturnType<KeyVault['getOutputs']>;
+    defaultUAssignedId?: ReturnType<UserAssignedIdentity['getOutputs']>;
+    defaultAppIdentity?: ReturnType<AppRegistration['getOutputs']>;
+    logs?: ReturnType<Logs['getOutputs']>;
+    diskEncryptionSet?: ReturnType<DiskEncryptionSet['getOutputs']>;
+    vnet?: ReturnType<Vnet['getOutputs']>;
 };
-type CommonProps = 'rsGroup' | 'groupRoles' | 'vaultInfo' | 'resourceGroupName';
-export interface ResourceBuilderArgs extends Omit<RsGroupArgs, CommonProps> {
-    groupRoles?: {
-        createWithName?: string;
-    } | GroupRoleOutputTypes;
-    vault?: Omit<KeyVaultArgs, CommonProps>;
-    logs?: Omit<LogsArgs, CommonProps>;
-    diskEncryption?: Omit<DiskEncryptionSetArgs, CommonProps>;
-    enableDefaultUAssignId?: boolean;
+/**
+ * Arguments for composing a standard Azure resource group environment with optional common foundation resources.
+ *
+ * You always pass the base `RsGroupArgs` (minus common meta props removed via `Omit`).
+ * Each optional `*Create` property triggers creation of that resource. If both an existing instance reference
+ * (e.g. `groupRoles`) and a corresponding `*Create` block are provided, the existing instance takes precedence
+ * and the `*Create` block is ignored.
+ */
+export interface ResourceBuilderArgs extends Omit<RsGroupArgs, types.CommonProps> {
+    /**
+     * Pre-created group role outputs or the `GroupRole` component itself to reuse instead of creating new ones.
+     * When supplied, `groupRolesCreate` is ignored.
+     */
+    groupRoles?: types.GroupRoleOutputTypes | GroupRole;
+    /**
+     * Definition to create a new set of Azure AD groups / roles (reader, contributor, etc.).
+     * Provide when you want the builder to provision standard role groups automatically.
+     */
+    groupRolesCreate?: types.WithName & GroupRoleArgs;
+    vaultInfo?: types.ResourceInputs;
+    /**
+     * Configuration to create a Key Vault in the resource group. Adds linkage with created identities and group roles.
+     */
+    vaultCreate?: types.WithName & Omit<KeyVaultArgs, types.CommonProps>;
+    /**
+     * Configuration to create a Log Analytics workspace (and related diagnostics) bound to the resource group.
+     */
+    logsCreate?: types.WithName & Omit<LogsArgs, types.CommonProps>;
+    /**
+     * Configuration for provisioning a Disk Encryption Set (defaults encryptionType if omitted).
+     * Depends on Key Vault (if also created) and optionally the default user-assigned identity.
+     */
+    diskEncryptionCreate?: types.WithName & Omit<DiskEncryptionSetArgs, types.CommonProps>;
+    /**
+     * Create a default User Assigned Managed Identity. `memberof` selects which generated group role (defaults to 'readOnly').
+     * If `groupRoles` / `groupRolesCreate` not provided, the identity will not have group memberships applied.
+     */
+    defaultUAssignedIdCreate?: types.WithName & Omit<UserAssignedIdentityArgs, types.CommonProps | 'memberof'> & {
+        /** Which group role key to map the identity into (e.g. 'readOnly', 'contributor'). */
+        memberof?: types.GroupRoleTypes;
+    };
+    /**
+     * Create a default App Registration + Service Principal. `memberof` optionally assigns it a role group (defaults 'readOnly').
+     * Vault info (if created) is passed for secret references.
+     */
+    defaultAppIdentityCreate?: types.WithName & Omit<AppRegistrationArgs, types.CommonProps | 'memberof'> & {
+        /** Which group role key to map the app into. */
+        memberof?: types.GroupRoleTypes;
+    };
+    /**
+     * Configuration to create a Virtual Network with sub-resources (subnets, NSGs, etc. per `VnetArgs`).
+     */
+    vnetCreate?: types.WithName & Omit<VnetArgs, types.CommonProps>;
 }
 export declare class ResourceBuilder extends BaseComponent<ResourceBuilderArgs> {
-    readonly rsGroup: types.ResourceGroupOutputs;
+    readonly rsGroup: RsGroup;
     readonly vaultInfo?: types.ResourceOutputs;
-    readonly groupRoles?: GroupRoleOutputTypes;
-    readonly defaultUAssignedId?: types.UserAssignedIdentityOutputs;
-    readonly logs?: types.LogsOutputs;
-    readonly diskEncryptionSet?: types.ResourceOutputs;
+    readonly groupRoles?: types.GroupRoleOutputTypes;
+    readonly defaultUAssignedId?: UserAssignedIdentity;
+    readonly defaultAppIdentity?: AppRegistration;
+    readonly logs?: Logs;
+    private readonly diskEncryptionSet?;
+    private readonly vnet;
     constructor(name: string, args: ResourceBuilderArgs, opts?: pulumi.ComponentResourceOptions);
-    getOutputs(): {
-        groupRoles: GroupRoleOutputTypes | undefined;
-        rsGroup: {
-            resourceGroupName: pulumi.Output<string>;
-            location?: pulumi.Output<string> | undefined;
-        };
-        vaultInfo: {
-            resourceName: pulumi.Output<string>;
-            id: pulumi.Output<string>;
-        } | undefined;
-        defaultUAssignedId: {
-            id: pulumi.Output<string>;
-            clientId: pulumi.Output<string>;
-            principalId: pulumi.Output<string>;
-        } | undefined;
-        logs: types.LogsOutputs | undefined;
-        diskEncryptionSet: {
-            resourceName: pulumi.Output<string>;
-            id: pulumi.Output<string>;
-        } | undefined;
-    };
+    getOutputs(): ResourceBuilderOutputs;
+    private createGroupRoles;
+    private createVault;
+    private createUserIdentity;
+    private createAppIdentity;
+    private createLogs;
+    private createDiskEncryptionSet;
+    private createVnet;
+    grant(props: Omit<RoleAssignmentArgs, 'scope'>): this;
 }
-export {};

package/ResourceBuilder.js

@@ -1,71 +1,172 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.ResourceBuilder = void 0;
+const pulumi = __importStar(require("@pulumi/pulumi"));
 const azAd_1 = require("./azAd");
+const vm_1 = require("./vm");
+const vault_1 = require("./vault");
+const logs_1 = require("./logs");
+const common_1 = require("./common");
+const vnet_1 = require("./vnet");
 const BaseComponent_1 = require("./base/BaseComponent");
 const helpers_1 = require("./base/helpers");
-const common_1 = require("./common");
-const logs_1 = require("./logs");
-const vault_1 = require("./vault");
-const vm_1 = require("./vm");
+const helpers_2 = require("./helpers");
 class ResourceBuilder extends BaseComponent_1.BaseComponent {
     rsGroup;
     vaultInfo;
     groupRoles;
     defaultUAssignedId;
+    defaultAppIdentity;
     logs;
     diskEncryptionSet;
+    vnet;
     constructor(name, args, opts) {
         super((0, helpers_1.getComponentResourceType)('ResourceBuilder'), name, args, opts);
-        const { groupRoles, vault, enableDefaultUAssignId, logs, diskEncryption, ...props } = args;
-        if (groupRoles) {
-            if ('createWithName' in groupRoles) {
-                this.groupRoles = new azAd_1.GroupRole(groupRoles.createWithName, {}, { dependsOn: opts?.dependsOn, parent: this }).getOutputs();
-            }
-            else
-                this.groupRoles = groupRoles;
-        }
-        const group = new common_1.RsGroup(name, { ...props, groupRoles: this.groupRoles }, { dependsOn: opts?.dependsOn, parent: this });
-        this.rsGroup = group.getOutputs();
-        if (vault) {
-            this.vaultInfo = new vault_1.KeyVault(name, { ...vault, rsGroup: this.rsGroup, groupRoles: this.groupRoles }, { dependsOn: group, parent: this }).getOutputs();
-        }
-        if (enableDefaultUAssignId) {
-            this.defaultUAssignedId = new azAd_1.UserAssignedIdentity(name, {
-                rsGroup: this.rsGroup,
-                vaultInfo: this.vaultInfo,
-                memberof: this.groupRoles ? [this.groupRoles.readOnly] : undefined,
-            }, { dependsOn: group, parent: this }).getOutputs();
-        }
-        if (logs) {
-            this.logs = new logs_1.Logs(name, {
-                ...logs,
-                rsGroup: this.rsGroup,
-                vaultInfo: this.vaultInfo,
-                groupRoles: this.groupRoles,
-            }, { dependsOn: group, parent: this }).getOutputs();
-        }
-        if (diskEncryption) {
-            this.diskEncryptionSet = new vm_1.DiskEncryptionSet(name, {
-                ...diskEncryption,
-                rsGroup: this.rsGroup,
-                encryptionType: 'EncryptionAtRestWithPlatformAndCustomerKeys',
-                defaultUAssignedId: this.defaultUAssignedId,
-                vaultInfo: this.vaultInfo,
-                groupRoles: this.groupRoles,
-            }, { dependsOn: group, parent: this }).getOutputs();
-        }
+        const { groupRolesCreate, groupRoles, vaultCreate, defaultUAssignedIdCreate, logsCreate, diskEncryptionCreate, ...props } = args;
+        this.groupRoles = this.createGroupRoles();
+        this.rsGroup = new common_1.RsGroup(name, { ...props, groupRoles: this.groupRoles }, { dependsOn: opts?.dependsOn, parent: this });
+        this.vaultInfo = this.createVault();
+        this.defaultUAssignedId = this.createUserIdentity();
+        this.defaultAppIdentity = this.createAppIdentity();
+        this.logs = this.createLogs();
+        this.diskEncryptionSet = this.createDiskEncryptionSet();
+        this.vnet = this.createVnet();
+        this.registerOutputs();
     }
     getOutputs() {
         return {
             groupRoles: this.groupRoles,
+            rsGroup: this.rsGroup.getOutputs(),
+            vaultInfo: this.vaultInfo,
+            defaultUAssignedId: this.defaultUAssignedId?.getOutputs(),
+            defaultAppIdentity: this.defaultAppIdentity?.getOutputs(),
+            logs: this.logs?.getOutputs(),
+            diskEncryptionSet: this.diskEncryptionSet?.getOutputs(),
+            vnet: this.vnet?.getOutputs(),
+        };
+    }
+    createGroupRoles() {
+        const { groupRoles, groupRolesCreate } = this.args;
+        if (groupRoles) {
+            return groupRoles instanceof azAd_1.GroupRole ? groupRoles.getOutputs() : groupRoles;
+        }
+        if (groupRolesCreate) {
+            return new azAd_1.GroupRole(groupRolesCreate.name ?? this.name, groupRolesCreate, {
+                dependsOn: this.opts?.dependsOn,
+                parent: this,
+            }).getOutputs();
+        }
+    }
+    createVault() {
+        const { vaultInfo, vaultCreate } = this.args;
+        if (vaultInfo)
+            return { resourceName: pulumi.output(vaultInfo.resourceName), id: pulumi.output(vaultInfo.id) };
+        if (!vaultCreate)
+            return undefined;
+        return new vault_1.KeyVault(vaultCreate.name ?? this.name, { ...vaultCreate, rsGroup: this.rsGroup, groupRoles: this.groupRoles }, {
+            dependsOn: this.rsGroup,
+            parent: this,
+        }).getOutputs();
+    }
+    createUserIdentity() {
+        const { defaultUAssignedIdCreate } = this.args;
+        if (!defaultUAssignedIdCreate)
+            return undefined;
+        return new azAd_1.UserAssignedIdentity(defaultUAssignedIdCreate.name ?? this.name, {
+            ...defaultUAssignedIdCreate,
+            rsGroup: this.rsGroup,
+            vaultInfo: this.vaultInfo,
+            memberof: this.groupRoles ? [this.groupRoles[defaultUAssignedIdCreate.memberof ?? 'readOnly']] : undefined,
+        }, {
+            dependsOn: this.rsGroup,
+            parent: this,
+        });
+    }
+    createAppIdentity() {
+        const { defaultAppIdentityCreate } = this.args;
+        if (!defaultAppIdentityCreate)
+            return undefined;
+        return new azAd_1.AppRegistration(defaultAppIdentityCreate.name ?? this.name, {
+            ...defaultAppIdentityCreate,
+            memberof: this.groupRoles ? [this.groupRoles[defaultAppIdentityCreate.memberof ?? 'readOnly']] : undefined,
+            vaultInfo: this.vaultInfo,
+        }, {
+            dependsOn: this.rsGroup,
+            parent: this,
+        });
+    }
+    createLogs() {
+        const { logsCreate } = this.args;
+        if (!logsCreate)
+            return undefined;
+        return new logs_1.Logs(logsCreate.name ?? this.name, {
+            ...logsCreate,
             rsGroup: this.rsGroup,
             vaultInfo: this.vaultInfo,
+            groupRoles: this.groupRoles,
+        }, { dependsOn: this.rsGroup, parent: this });
+    }
+    createDiskEncryptionSet() {
+        const { diskEncryptionCreate } = this.args;
+        if (!diskEncryptionCreate)
+            return undefined;
+        return new vm_1.DiskEncryptionSet(diskEncryptionCreate.name ?? this.name, {
+            ...diskEncryptionCreate,
+            encryptionType: diskEncryptionCreate.encryptionType ?? 'EncryptionAtRestWithPlatformAndCustomerKeys',
+            rsGroup: this.rsGroup,
             defaultUAssignedId: this.defaultUAssignedId,
-            logs: this.logs,
-            diskEncryptionSet: this.diskEncryptionSet,
-        };
+            vaultInfo: this.vaultInfo,
+            groupRoles: this.groupRoles,
+        }, { dependsOn: this.rsGroup, parent: this });
+    }
+    createVnet() {
+        const { vnetCreate } = this.args;
+        if (!vnetCreate)
+            return undefined;
+        return new vnet_1.Vnet(vnetCreate.name ?? this.name, {
+            ...vnetCreate,
+            rsGroup: this.rsGroup,
+            groupRoles: this.groupRoles,
+            vaultInfo: this.vaultInfo,
+        }, { dependsOn: this.rsGroup, parent: this });
+    }
+    grant(props) {
+        new azAd_1.RoleAssignment(`${this.name}-${props.roleName}`, { ...props, scope: helpers_2.rsHelpers.getRsGroupIdFrom(this.rsGroup) }, { dependsOn: this, deletedWith: this, parent: this });
+        return this;
     }
 }
 exports.ResourceBuilder = ResourceBuilder;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiUmVzb3VyY2VCdWlsZGVyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL1Jlc291cmNlQnVpbGRlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFDQSxpQ0FBMEU7QUFDMUUsd0RBQXFEO0FBQ3JELDRDQUEwRDtBQUMxRCxxQ0FBZ0Q7QUFDaEQsaUNBQXdDO0FBRXhDLG1DQUFpRDtBQUNqRCw2QkFBZ0U7QUFrQmhFLE1BQWEsZUFBZ0IsU0FBUSw2QkFBa0M7SUFDckQsT0FBTyxDQUE2QjtJQUNwQyxTQUFTLENBQXlCO0lBQ2xDLFVBQVUsQ0FBd0I7SUFDbEMsa0JBQWtCLENBQXFDO0lBQ3ZELElBQUksQ0FBcUI7SUFDekIsaUJBQWlCLENBQXlCO0lBRTFELFlBQVksSUFBWSxFQUFFLElBQXlCLEVBQUUsSUFBc0M7UUFDekYsS0FBSyxDQUFDLElBQUEsa0NBQXdCLEVBQUMsaUJBQWlCLENBQUMsRUFBRSxJQUFJLEVBQUUsSUFBSSxFQUFFLElBQUksQ0FBQyxDQUFDO1FBQ3JFLE1BQU0sRUFBRSxVQUFVLEVBQUUsS0FBSyxFQUFFLHNCQUFzQixFQUFFLElBQUksRUFBRSxjQUFjLEVBQUUsR0FBRyxLQUFLLEVBQUUsR0FBRyxJQUFJLENBQUM7UUFFM0YsSUFBSSxVQUFVLEVBQUUsQ0FBQztZQUNmLElBQUksZ0JBQWdCLElBQUksVUFBVSxFQUFFLENBQUM7Z0JBQ25DLElBQUksQ0FBQyxVQUFVLEdBQUcsSUFBSSxnQkFBUyxDQUM3QixVQUFVLENBQUMsY0FBYyxFQUN6QixFQUFFLEVBQ0YsRUFBRSxTQUFTLEVBQUUsSUFBSSxFQUFFLFNBQVMsRUFBRSxNQUFNLEVBQUUsSUFBSSxFQUFFLENBQzdDLENBQUMsVUFBVSxFQUFFLENBQUM7WUFDakIsQ0FBQzs7Z0JBQU0sSUFBSSxDQUFDLFVBQVUsR0FBRyxVQUFrQyxDQUFDO1FBQzlELENBQUM7UUFFRCxNQUFNLEtBQUssR0FBRyxJQUFJLGdCQUFPLENBQ3ZCLElBQUksRUFDSixFQUFFLEdBQUcsS0FBSyxFQUFFLFVBQVUsRUFBRSxJQUFJLENBQUMsVUFBVSxFQUFFLEVBQ3pDLEVBQUUsU0FBUyxFQUFFLElBQUksRUFBRSxTQUFTLEVBQUUsTUFBTSxFQUFFLElBQUksRUFBRSxDQUM3QyxDQUFDO1FBQ0YsSUFBSSxDQUFDLE9BQU8sR0FBRyxLQUFLLENBQUMsVUFBVSxFQUFFLENBQUM7UUFFbEMsSUFBSSxLQUFLLEVBQUUsQ0FBQztZQUNWLElBQUksQ0FBQyxTQUFTLEdBQUcsSUFBSSxnQkFBUSxDQUMzQixJQUFJLEVBQ0osRUFBRSxHQUFHLEtBQUssRUFBRSxPQUFPLEVBQUUsSUFBSSxDQUFDLE9BQU8sRUFBRSxVQUFVLEVBQUUsSUFBSSxDQUFDLFVBQVUsRUFBRSxFQUNoRSxFQUFFLFNBQVMsRUFBRSxLQUFLLEVBQUUsTUFBTSxFQUFFLElBQUksRUFBRSxDQUNuQyxDQUFDLFVBQVUsRUFBRSxDQUFDO1FBQ2pCLENBQUM7UUFFRCxJQUFJLHNCQUFzQixFQUFFLENBQUM7WUFDM0IsSUFBSSxDQUFDLGtCQUFrQixHQUFHLElBQUksMkJBQW9CLENBQ2hELElBQUksRUFDSjtnQkFDRSxPQUFPLEVBQUUsSUFBSSxDQUFDLE9BQU87Z0JBQ3JCLFNBQVMsRUFBRSxJQUFJLENBQUMsU0FBUztnQkFDekIsUUFBUSxFQUFFLElBQUksQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMsQ0FBQyxDQUFDLENBQUMsU0FBUzthQUNuRSxFQUNELEVBQUUsU0FBUyxFQUFFLEtBQUssRUFBRSxNQUFNLEVBQUUsSUFBSSxFQUFFLENBQ25DLENBQUMsVUFBVSxFQUFFLENBQUM7UUFDakIsQ0FBQztRQUVELElBQUksSUFBSSxFQUFFLENBQUM7WUFDVCxJQUFJLENBQUMsSUFBSSxHQUFHLElBQUksV0FBSSxDQUNsQixJQUFJLEVBQ0o7Z0JBQ0UsR0FBRyxJQUFJO2dCQUNQLE9BQU8sRUFBRSxJQUFJLENBQUMsT0FBTztnQkFDckIsU0FBUyxFQUFFLElBQUksQ0FBQyxTQUFTO2dCQUN6QixVQUFVLEVBQUUsSUFBSSxDQUFDLFVBQVU7YUFDNUIsRUFDRCxFQUFFLFNBQVMsRUFBRSxLQUFLLEVBQUUsTUFBTSxFQUFFLElBQUksRUFBRSxDQUNuQyxDQUFDLFVBQVUsRUFBRSxDQUFDO1FBQ2pCLENBQUM7UUFFRCxJQUFJLGNBQWMsRUFBRSxDQUFDO1lBQ25CLElBQUksQ0FBQyxpQkFBaUIsR0FBRyxJQUFJLHNCQUFpQixDQUM1QyxJQUFJLEVBQ0o7Z0JBQ0UsR0FBRyxjQUFjO2dCQUNqQixPQUFPLEVBQUUsSUFBSSxDQUFDLE9BQU87Z0JBQ3JCLGNBQWMsRUFBRSw2Q0FBNkM7Z0JBQzdELGtCQUFrQixFQUFFLElBQUksQ0FBQyxrQkFBa0I7Z0JBQzNDLFNBQVMsRUFBRSxJQUFJLENBQUMsU0FBUztnQkFDekIsVUFBVSxFQUFFLElBQUksQ0FBQyxVQUFVO2FBQzVCLEVBQ0QsRUFBRSxTQUFTLEVBQUUsS0FBSyxFQUFFLE1BQU0sRUFBRSxJQUFJLEVBQUUsQ0FDbkMsQ0FBQyxVQUFVLEVBQUUsQ0FBQztRQUNqQixDQUFDO0lBQ0gsQ0FBQztJQUVNLFVBQVU7UUFDZixPQUFPO1lBQ0wsVUFBVSxFQUFFLElBQUksQ0FBQyxVQUFVO1lBQzNCLE9BQU8sRUFBRSxJQUFJLENBQUMsT0FBTztZQUNyQixTQUFTLEVBQUUsSUFBSSxDQUFDLFNBQVM7WUFDekIsa0JBQWtCLEVBQUUsSUFBSSxDQUFDLGtCQUFrQjtZQUMzQyxJQUFJLEVBQUUsSUFBSSxDQUFDLElBQUk7WUFDZixpQkFBaUIsRUFBRSxJQUFJLENBQUMsaUJBQWlCO1NBQzFDLENBQUM7SUFDSixDQUFDO0NBQ0Y7QUF4RkQsMENBd0ZDIn0=
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiUmVzb3VyY2VCdWlsZGVyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL1Jlc291cmNlQnVpbGRlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7QUFBQSx1REFBeUM7QUFHekMsaUNBU2dCO0FBQ2hCLDZCQUFnRTtBQUNoRSxtQ0FBaUQ7QUFDakQsaUNBQXdDO0FBQ3hDLHFDQUFnRDtBQUNoRCxpQ0FBd0M7QUFFeEMsd0RBQXFEO0FBQ3JELDRDQUEwRDtBQUMxRCx1Q0FBc0M7QUE2RXRDLE1BQWEsZUFBZ0IsU0FBUSw2QkFBa0M7SUFDckQsT0FBTyxDQUFVO0lBQ2pCLFNBQVMsQ0FBeUI7SUFDbEMsVUFBVSxDQUE4QjtJQUN4QyxrQkFBa0IsQ0FBd0I7SUFDMUMsa0JBQWtCLENBQW1CO0lBQ3JDLElBQUksQ0FBUTtJQUNYLGlCQUFpQixDQUFxQjtJQUN0QyxJQUFJLENBQW1CO0lBRXhDLFlBQVksSUFBWSxFQUFFLElBQXlCLEVBQUUsSUFBc0M7UUFDekYsS0FBSyxDQUFDLElBQUEsa0NBQXdCLEVBQUMsaUJBQWlCLENBQUMsRUFBRSxJQUFJLEVBQUUsSUFBSSxFQUFFLElBQUksQ0FBQyxDQUFDO1FBQ3JFLE1BQU0sRUFDSixnQkFBZ0IsRUFDaEIsVUFBVSxFQUNWLFdBQVcsRUFDWCx3QkFBd0IsRUFDeEIsVUFBVSxFQUNWLG9CQUFvQixFQUNwQixHQUFHLEtBQUssRUFDVCxHQUFHLElBQUksQ0FBQztRQUVULElBQUksQ0FBQyxVQUFVLEdBQUcsSUFBSSxDQUFDLGdCQUFnQixFQUFFLENBQUM7UUFFMUMsSUFBSSxDQUFDLE9BQU8sR0FBRyxJQUFJLGdCQUFPLENBQ3hCLElBQUksRUFDSixFQUFFLEdBQUcsS0FBSyxFQUFFLFVBQVUsRUFBRSxJQUFJLENBQUMsVUFBVSxFQUFFLEVBQ3pDLEVBQUUsU0FBUyxFQUFFLElBQUksRUFBRSxTQUFTLEVBQUUsTUFBTSxFQUFFLElBQUksRUFBRSxDQUM3QyxDQUFDO1FBRUYsSUFBSSxDQUFDLFNBQVMsR0FBRyxJQUFJLENBQUMsV0FBVyxFQUFFLENBQUM7UUFDcEMsSUFBSSxDQUFDLGtCQUFrQixHQUFHLElBQUksQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO1FBQ3BELElBQUksQ0FBQyxrQkFBa0IsR0FBRyxJQUFJLENBQUMsaUJBQWlCLEVBQUUsQ0FBQztRQUNuRCxJQUFJLENBQUMsSUFBSSxHQUFHLElBQUksQ0FBQyxVQUFVLEVBQUUsQ0FBQztRQUM5QixJQUFJLENBQUMsaUJBQWlCLEdBQUcsSUFBSSxDQUFDLHVCQUF1QixFQUFFLENBQUM7UUFDeEQsSUFBSSxDQUFDLElBQUksR0FBRyxJQUFJLENBQUMsVUFBVSxFQUFFLENBQUM7UUFFOUIsSUFBSSxDQUFDLGVBQWUsRUFBRSxDQUFDO0lBQ3pCLENBQUM7SUFFTSxVQUFVO1FBQ2YsT0FBTztZQUNMLFVBQVUsRUFBRSxJQUFJLENBQUMsVUFBVTtZQUMzQixPQUFPLEVBQUUsSUFBSSxDQUFDLE9BQU8sQ0FBQyxVQUFVLEVBQUU7WUFDbEMsU0FBUyxFQUFFLElBQUksQ0FBQyxTQUFTO1lBQ3pCLGtCQUFrQixFQUFFLElBQUksQ0FBQyxrQkFBa0IsRUFBRSxVQUFVLEVBQUU7WUFDekQsa0JBQWtCLEVBQUUsSUFBSSxDQUFDLGtCQUFrQixFQUFFLFVBQVUsRUFBRTtZQUN6RCxJQUFJLEVBQUUsSUFBSSxDQUFDLElBQUksRUFBRSxVQUFVLEVBQUU7WUFDN0IsaUJBQWlCLEVBQUUsSUFBSSxDQUFDLGlCQUFpQixFQUFFLFVBQVUsRUFBRTtZQUN2RCxJQUFJLEVBQUUsSUFBSSxDQUFDLElBQUksRUFBRSxVQUFVLEVBQUU7U0FDOUIsQ0FBQztJQUNKLENBQUM7SUFFTyxnQkFBZ0I7UUFDdEIsTUFBTSxFQUFFLFVBQVUsRUFBRSxnQkFBZ0IsRUFBRSxHQUFHLElBQUksQ0FBQyxJQUFJLENBQUM7UUFDbkQsSUFBSSxVQUFVLEVBQUUsQ0FBQztZQUNmLE9BQU8sVUFBVSxZQUFZLGdCQUFTLENBQUMsQ0FBQyxDQUFDLFVBQVUsQ0FBQyxVQUFVLEVBQUUsQ0FBQyxDQUFDLENBQUMsVUFBVSxDQUFDO1FBQ2hGLENBQUM7UUFFRCxJQUFJLGdCQUFnQixFQUFFLENBQUM7WUFDckIsT0FBTyxJQUFJLGdCQUFTLENBQUMsZ0JBQWdCLENBQUMsSUFBSSxJQUFJLElBQUksQ0FBQyxJQUFJLEVBQUUsZ0JBQWdCLEVBQUU7Z0JBQ3pFLFNBQVMsRUFBRSxJQUFJLENBQUMsSUFBSSxFQUFFLFNBQVM7Z0JBQy9CLE1BQU0sRUFBRSxJQUFJO2FBQ2IsQ0FBQyxDQUFDLFVBQVUsRUFBRSxDQUFDO1FBQ2xCLENBQUM7SUFDSCxDQUFDO0lBRU8sV0FBVztRQUNqQixNQUFNLEVBQUUsU0FBUyxFQUFFLFdBQVcsRUFBRSxHQUFHLElBQUksQ0FBQyxJQUFJLENBQUM7UUFDN0MsSUFBSSxTQUFTO1lBQUUsT0FBTyxFQUFFLFlBQVksRUFBRSxNQUFNLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxZQUFZLENBQUMsRUFBRSxFQUFFLEVBQUUsTUFBTSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUMsRUFBRSxDQUFDLEVBQUUsQ0FBQztRQUMvRyxJQUFJLENBQUMsV0FBVztZQUFFLE9BQU8sU0FBUyxDQUFDO1FBRW5DLE9BQU8sSUFBSSxnQkFBUSxDQUNqQixXQUFXLENBQUMsSUFBSSxJQUFJLElBQUksQ0FBQyxJQUFJLEVBQzdCLEVBQUUsR0FBRyxXQUFXLEVBQUUsT0FBTyxFQUFFLElBQUksQ0FBQyxPQUFPLEVBQUUsVUFBVSxFQUFFLElBQUksQ0FBQyxVQUFVLEVBQUUsRUFDdEU7WUFDRSxTQUFTLEVBQUUsSUFBSSxDQUFDLE9BQU87WUFDdkIsTUFBTSxFQUFFLElBQUk7U0FDYixDQUNGLENBQUMsVUFBVSxFQUFFLENBQUM7SUFDakIsQ0FBQztJQUVPLGtCQUFrQjtRQUN4QixNQUFNLEVBQUUsd0JBQXdCLEVBQUUsR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDO1FBQy9DLElBQUksQ0FBQyx3QkFBd0I7WUFBRSxPQUFPLFNBQVMsQ0FBQztRQUVoRCxPQUFPLElBQUksMkJBQW9CLENBQzdCLHdCQUF3QixDQUFDLElBQUksSUFBSSxJQUFJLENBQUMsSUFBSSxFQUMxQztZQUNFLEdBQUcsd0JBQXdCO1lBQzNCLE9BQU8sRUFBRSxJQUFJLENBQUMsT0FBTztZQUNyQixTQUFTLEVBQUUsSUFBSSxDQUFDLFNBQVM7WUFDekIsUUFBUSxFQUFFLElBQUksQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyx3QkFBd0IsQ0FBQyxRQUFRLElBQUksVUFBVSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsU0FBUztTQUMzRyxFQUNEO1lBQ0UsU0FBUyxFQUFFLElBQUksQ0FBQyxPQUFPO1lBQ3ZCLE1BQU0sRUFBRSxJQUFJO1NBQ2IsQ0FDRixDQUFDO0lBQ0osQ0FBQztJQUVPLGlCQUFpQjtRQUN2QixNQUFNLEVBQUUsd0JBQXdCLEVBQUUsR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDO1FBQy9DLElBQUksQ0FBQyx3QkFBd0I7WUFBRSxPQUFPLFNBQVMsQ0FBQztRQUVoRCxPQUFPLElBQUksc0JBQWUsQ0FDeEIsd0JBQXdCLENBQUMsSUFBSSxJQUFJLElBQUksQ0FBQyxJQUFJLEVBQzFDO1lBQ0UsR0FBRyx3QkFBd0I7WUFDM0IsUUFBUSxFQUFFLElBQUksQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyx3QkFBd0IsQ0FBQyxRQUFRLElBQUksVUFBVSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsU0FBUztZQUMxRyxTQUFTLEVBQUUsSUFBSSxDQUFDLFNBQVM7U0FDMUIsRUFDRDtZQUNFLFNBQVMsRUFBRSxJQUFJLENBQUMsT0FBTztZQUN2QixNQUFNLEVBQUUsSUFBSTtTQUNiLENBQ0YsQ0FBQztJQUNKLENBQUM7SUFFTyxVQUFVO1FBQ2hCLE1BQU0sRUFBRSxVQUFVLEVBQUUsR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDO1FBQ2pDLElBQUksQ0FBQyxVQUFVO1lBQUUsT0FBTyxTQUFTLENBQUM7UUFFbEMsT0FBTyxJQUFJLFdBQUksQ0FDYixVQUFVLENBQUMsSUFBSSxJQUFJLElBQUksQ0FBQyxJQUFJLEVBQzVCO1lBQ0UsR0FBRyxVQUFVO1lBQ2IsT0FBTyxFQUFFLElBQUksQ0FBQyxPQUFPO1lBQ3JCLFNBQVMsRUFBRSxJQUFJLENBQUMsU0FBUztZQUN6QixVQUFVLEVBQUUsSUFBSSxDQUFDLFVBQVU7U0FDNUIsRUFDRCxFQUFFLFNBQVMsRUFBRSxJQUFJLENBQUMsT0FBTyxFQUFFLE1BQU0sRUFBRSxJQUFJLEVBQUUsQ0FDMUMsQ0FBQztJQUNKLENBQUM7SUFFTyx1QkFBdUI7UUFDN0IsTUFBTSxFQUFFLG9CQUFvQixFQUFFLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQztRQUMzQyxJQUFJLENBQUMsb0JBQW9CO1lBQUUsT0FBTyxTQUFTLENBQUM7UUFFNUMsT0FBTyxJQUFJLHNCQUFpQixDQUMxQixvQkFBb0IsQ0FBQyxJQUFJLElBQUksSUFBSSxDQUFDLElBQUksRUFDdEM7WUFDRSxHQUFHLG9CQUFvQjtZQUN2QixjQUFjLEVBQUUsb0JBQW9CLENBQUMsY0FBYyxJQUFJLDZDQUE2QztZQUVwRyxPQUFPLEVBQUUsSUFBSSxDQUFDLE9BQU87WUFDckIsa0JBQWtCLEVBQUUsSUFBSSxDQUFDLGtCQUFrQjtZQUMzQyxTQUFTLEVBQUUsSUFBSSxDQUFDLFNBQVM7WUFDekIsVUFBVSxFQUFFLElBQUksQ0FBQyxVQUFVO1NBQzVCLEVBQ0QsRUFBRSxTQUFTLEVBQUUsSUFBSSxDQUFDLE9BQU8sRUFBRSxNQUFNLEVBQUUsSUFBSSxFQUFFLENBQzFDLENBQUM7SUFDSixDQUFDO0lBRU8sVUFBVTtRQUNoQixNQUFNLEVBQUUsVUFBVSxFQUFFLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQztRQUNqQyxJQUFJLENBQUMsVUFBVTtZQUFFLE9BQU8sU0FBUyxDQUFDO1FBQ2xDLE9BQU8sSUFBSSxXQUFJLENBQ2IsVUFBVSxDQUFDLElBQUksSUFBSSxJQUFJLENBQUMsSUFBSSxFQUM1QjtZQUNFLEdBQUcsVUFBVTtZQUNiLE9BQU8sRUFBRSxJQUFJLENBQUMsT0FBTztZQUNyQixVQUFVLEVBQUUsSUFBSSxDQUFDLFVBQVU7WUFDM0IsU0FBUyxFQUFFLElBQUksQ0FBQyxTQUFTO1NBQzFCLEVBQ0QsRUFBRSxTQUFTLEVBQUUsSUFBSSxDQUFDLE9BQU8sRUFBRSxNQUFNLEVBQUUsSUFBSSxFQUFFLENBQzFDLENBQUM7SUFDSixDQUFDO0lBRU0sS0FBSyxDQUFDLEtBQXdDO1FBQ25ELElBQUkscUJBQWMsQ0FDaEIsR0FBRyxJQUFJLENBQUMsSUFBSSxJQUFJLEtBQUssQ0FBQyxRQUFRLEVBQUUsRUFDaEMsRUFBRSxHQUFHLEtBQUssRUFBRSxLQUFLLEVBQUUsbUJBQVMsQ0FBQyxnQkFBZ0IsQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLEVBQUUsRUFDN0QsRUFBRSxTQUFTLEVBQUUsSUFBSSxFQUFFLFdBQVcsRUFBRSxJQUFJLEVBQUUsTUFBTSxFQUFFLElBQUksRUFBRSxDQUNyRCxDQUFDO1FBQ0YsT0FBTyxJQUFJLENBQUM7SUFDZCxDQUFDO0NBQ0Y7QUFqTEQsMENBaUxDIn0=

package/aks/AzKubernetes.d.ts

@@ -3,11 +3,15 @@ import * as inputs from '@pulumi/azure-native/types/input';
 import * as pulumi from '@pulumi/pulumi';
 import { BaseResourceComponent, CommonBaseArgs } from '../base';
 import * as types from '../types';
-export interface AzKubernetesArgs extends CommonBaseArgs, types.WithEncryptionEnabler, types.WithGroupRolesArgs, types.WithUserAssignedIdentity, Pick<ccs.ManagedClusterArgs, 'dnsPrefix' | 'supportPlan' | 'autoScalerProfile' | 'autoUpgradeProfile' | 'disableLocalAccounts' | 'storageProfile'> {
+export interface AzKubernetesArgs extends CommonBaseArgs, types.WithEncryptionEnabler, types.WithGroupRolesArgs, types.WithUserAssignedIdentity, types.WithDiskEncryptSet, Partial<Pick<ccs.ManagedClusterArgs, 'dnsPrefix' | 'supportPlan' | 'autoScalerProfile' | 'autoUpgradeProfile' | 'storageProfile'>> {
     sku: ccs.ManagedClusterSKUTier;
+    nodeResourceGroup?: pulumi.Input<string>;
+    namespaces?: Record<string, ccs.NamespaceArgs['properties']>;
     agentPoolProfiles: pulumi.Input<inputs.containerservice.ManagedClusterAgentPoolProfileArgs & {
         vmSize: pulumi.Input<string>;
         vnetSubnetID: pulumi.Input<string>;
+        enableEncryptionAtHost: pulumi.Input<boolean>;
+        osDiskSizeGB: pulumi.Input<number>;
     }>[];
     attachToAcr?: types.ResourceInputs;
     features: {
@@ -15,7 +19,6 @@ export interface AzKubernetesArgs extends CommonBaseArgs, types.WithEncryptionEn
         enablePrivateClusterPublicFQDN?: boolean;
         enableVerticalPodAutoscaler?: boolean;
         /** KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. */
-        enableKeda?: boolean;
         enableWorkloadIdentity?: boolean;
         enablePodIdentity?: boolean;
     };
@@ -40,16 +43,27 @@ export interface AzKubernetesArgs extends CommonBaseArgs, types.WithEncryptionEn
 export declare class AzKubernetes extends BaseResourceComponent<AzKubernetesArgs> {
     readonly id: pulumi.Output<string>;
     readonly resourceName: pulumi.Output<string>;
+    readonly namespaces: Record<string, types.ResourceOutputs>;
+    readonly privateDnsZone: types.ResourceOutputs | undefined;
     constructor(name: string, args: AzKubernetesArgs, opts?: pulumi.ComponentResourceOptions);
     getOutputs(): {
         id: pulumi.Output<string>;
         resourceName: pulumi.Output<string>;
+        namespaces: Record<string, {
+            resourceName: pulumi.Output<string>;
+            id: pulumi.Output<string>;
+        }>;
+        privateDnsZone: {
+            resourceName: pulumi.Output<string>;
+            id: pulumi.Output<string>;
+        } | undefined;
     };
     private createIdentity;
     private createUserNameAndSshKeys;
     private createDiskEncryptionSet;
     private createCluster;
+    private createNameSpaces;
     private createMaintenance;
     private assignPermission;
-    private addAksCredentialToVault;
+    private getPrivateDNSZone;
 }