@drunk-pulumi/azure-components 1.0.1 → 1.0.3

package/azAd/UserAssignedIdentity.js

@@ -34,21 +34,24 @@ var __importStar = (this && this.__importStar) || (function () {
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.UserAssignedIdentity = void 0;
-const mid = __importStar(require("@pulumi/azure-native/managedidentity"));
 const azAd = __importStar(require("@pulumi/azuread"));
+const mid = __importStar(require("@pulumi/azure-native/managedidentity"));
 const pulumi = __importStar(require("@pulumi/pulumi"));
 const base_1 = require("../base");
+const helpers_1 = require("../helpers");
 class UserAssignedIdentity extends base_1.BaseResourceComponent {
     id;
     clientId;
     principalId;
     constructor(name, args, opts) {
         super('UserAssignedIdentity', name, args, opts);
-        const managedIdentity = new mid.UserAssignedIdentity(name, { ...args.rsGroup }, { ...opts, parent: this });
+        const { rsGroup } = args;
+        const managedIdentity = new mid.UserAssignedIdentity(name, { ...rsGroup }, { ...opts, parent: this });
+        this.createFederations(managedIdentity);
         this.addSecrets({
-            id: managedIdentity.id,
-            clientId: managedIdentity.clientId,
-            principalId: managedIdentity.principalId,
+            ['uid-id']: managedIdentity.id,
+            ['uid-clientId']: managedIdentity.clientId,
+            ['uid-principalId']: managedIdentity.principalId,
         });
         this.id = managedIdentity.id;
         this.clientId = managedIdentity.clientId;
@@ -63,14 +66,27 @@ class UserAssignedIdentity extends base_1.BaseResourceComponent {
             principalId: this.principalId,
         };
     }
+    createFederations(managedIdentity) {
+        const { rsGroup, federations } = this.args;
+        if (!federations)
+            return undefined;
+        return helpers_1.rsHelpers.dictReduce(federations, (name, props) => new mid.FederatedIdentityCredential(`${this.name}-${name}`, {
+            ...rsGroup,
+            federatedIdentityCredentialResourceName: name,
+            audiences: ['api://AzureADTokenExchange'],
+            issuer: props.issuer ?? pulumi.interpolate `https://login.microsoftonline.com/${helpers_1.azureEnv.tenantId}/v2.0`,
+            subject: props.subject,
+            resourceName: managedIdentity.name,
+        }, { dependsOn: managedIdentity, parent: this, deletedWith: managedIdentity }));
+    }
     addMemberOf() {
         if (!this.args.memberof)
             return;
         this.args.memberof.map((group) => pulumi.output(group).apply((id) => new azAd.GroupMember(`${this.name}-${id.objectId}`, {
             groupObjectId: id.objectId,
             memberObjectId: this.principalId,
-        }, { parent: this })));
+        }, { parent: this, deletedWith: this })));
     }
 }
 exports.UserAssignedIdentity = UserAssignedIdentity;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiVXNlckFzc2lnbmVkSWRlbnRpdHkuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvYXpBZC9Vc2VyQXNzaWduZWRJZGVudGl0eS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7QUFBQSwwRUFBNEQ7QUFDNUQsc0RBQXdDO0FBQ3hDLHVEQUF5QztBQUN6QyxrQ0FBMEQ7QUFRMUQsTUFBYSxvQkFBcUIsU0FBUSw0QkFBK0M7SUFDdkUsRUFBRSxDQUF3QjtJQUMxQixRQUFRLENBQXdCO0lBQ2hDLFdBQVcsQ0FBd0I7SUFFbkQsWUFBWSxJQUFZLEVBQUUsSUFBOEIsRUFBRSxJQUFzQztRQUM5RixLQUFLLENBQUMsc0JBQXNCLEVBQUUsSUFBSSxFQUFFLElBQUksRUFBRSxJQUFJLENBQUMsQ0FBQztRQUVoRCxNQUFNLGVBQWUsR0FBRyxJQUFJLEdBQUcsQ0FBQyxvQkFBb0IsQ0FBQyxJQUFJLEVBQUUsRUFBRSxHQUFHLElBQUksQ0FBQyxPQUFPLEVBQUUsRUFBRSxFQUFFLEdBQUcsSUFBSSxFQUFFLE1BQU0sRUFBRSxJQUFJLEVBQUUsQ0FBQyxDQUFDO1FBRTNHLElBQUksQ0FBQyxVQUFVLENBQUM7WUFDZCxFQUFFLEVBQUUsZUFBZSxDQUFDLEVBQUU7WUFDdEIsUUFBUSxFQUFFLGVBQWUsQ0FBQyxRQUFRO1lBQ2xDLFdBQVcsRUFBRSxlQUFlLENBQUMsV0FBVztTQUN6QyxDQUFDLENBQUM7UUFFSCxJQUFJLENBQUMsRUFBRSxHQUFHLGVBQWUsQ0FBQyxFQUFFLENBQUM7UUFDN0IsSUFBSSxDQUFDLFFBQVEsR0FBRyxlQUFlLENBQUMsUUFBUSxDQUFDO1FBQ3pDLElBQUksQ0FBQyxXQUFXLEdBQUcsZUFBZSxDQUFDLFdBQVcsQ0FBQztRQUUvQyxJQUFJLENBQUMsV0FBVyxFQUFFLENBQUM7UUFFbkIsSUFBSSxDQUFDLGVBQWUsRUFBRSxDQUFDO0lBQ3pCLENBQUM7SUFFTSxVQUFVO1FBQ2YsT0FBTztZQUNMLEVBQUUsRUFBRSxJQUFJLENBQUMsRUFBRTtZQUNYLFFBQVEsRUFBRSxJQUFJLENBQUMsUUFBUTtZQUN2QixXQUFXLEVBQUUsSUFBSSxDQUFDLFdBQVc7U0FDOUIsQ0FBQztJQUNKLENBQUM7SUFFTyxXQUFXO1FBQ2pCLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFFBQVE7WUFBRSxPQUFPO1FBQ2hDLElBQUksQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQy9CLE1BQU0sQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLENBQUMsS0FBSyxDQUN4QixDQUFDLEVBQUUsRUFBRSxFQUFFLENBQ0wsSUFBSSxJQUFJLENBQUMsV0FBVyxDQUNsQixHQUFHLElBQUksQ0FBQyxJQUFJLElBQUksRUFBRSxDQUFDLFFBQVEsRUFBRSxFQUM3QjtZQUNFLGFBQWEsRUFBRSxFQUFFLENBQUMsUUFBUTtZQUMxQixjQUFjLEVBQUUsSUFBSSxDQUFDLFdBQVc7U0FDakMsRUFDRCxFQUFFLE1BQU0sRUFBRSxJQUFJLEVBQUUsQ0FDakIsQ0FDSixDQUNGLENBQUM7SUFDSixDQUFDO0NBQ0Y7QUFqREQsb0RBaURDIn0=
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiVXNlckFzc2lnbmVkSWRlbnRpdHkuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvYXpBZC9Vc2VyQXNzaWduZWRJZGVudGl0eS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7QUFBQSxzREFBd0M7QUFDeEMsMEVBQTREO0FBQzVELHVEQUF5QztBQUV6QyxrQ0FBMEQ7QUFFMUQsd0NBQWlEO0FBWWpELE1BQWEsb0JBQXFCLFNBQVEsNEJBQStDO0lBQ3ZFLEVBQUUsQ0FBd0I7SUFDMUIsUUFBUSxDQUF3QjtJQUNoQyxXQUFXLENBQXdCO0lBRW5ELFlBQVksSUFBWSxFQUFFLElBQThCLEVBQUUsSUFBc0M7UUFDOUYsS0FBSyxDQUFDLHNCQUFzQixFQUFFLElBQUksRUFBRSxJQUFJLEVBQUUsSUFBSSxDQUFDLENBQUM7UUFDaEQsTUFBTSxFQUFFLE9BQU8sRUFBRSxHQUFHLElBQUksQ0FBQztRQUV6QixNQUFNLGVBQWUsR0FBRyxJQUFJLEdBQUcsQ0FBQyxvQkFBb0IsQ0FBQyxJQUFJLEVBQUUsRUFBRSxHQUFHLE9BQU8sRUFBRSxFQUFFLEVBQUUsR0FBRyxJQUFJLEVBQUUsTUFBTSxFQUFFLElBQUksRUFBRSxDQUFDLENBQUM7UUFFdEcsSUFBSSxDQUFDLGlCQUFpQixDQUFDLGVBQWUsQ0FBQyxDQUFDO1FBRXhDLElBQUksQ0FBQyxVQUFVLENBQUM7WUFDZCxDQUFDLFFBQVEsQ0FBQyxFQUFFLGVBQWUsQ0FBQyxFQUFFO1lBQzlCLENBQUMsY0FBYyxDQUFDLEVBQUUsZUFBZSxDQUFDLFFBQVE7WUFDMUMsQ0FBQyxpQkFBaUIsQ0FBQyxFQUFFLGVBQWUsQ0FBQyxXQUFXO1NBQ2pELENBQUMsQ0FBQztRQUVILElBQUksQ0FBQyxFQUFFLEdBQUcsZUFBZSxDQUFDLEVBQUUsQ0FBQztRQUM3QixJQUFJLENBQUMsUUFBUSxHQUFHLGVBQWUsQ0FBQyxRQUFRLENBQUM7UUFDekMsSUFBSSxDQUFDLFdBQVcsR0FBRyxlQUFlLENBQUMsV0FBVyxDQUFDO1FBRS9DLElBQUksQ0FBQyxXQUFXLEVBQUUsQ0FBQztRQUNuQixJQUFJLENBQUMsZUFBZSxFQUFFLENBQUM7SUFDekIsQ0FBQztJQUVNLFVBQVU7UUFDZixPQUFPO1lBQ0wsRUFBRSxFQUFFLElBQUksQ0FBQyxFQUFFO1lBQ1gsUUFBUSxFQUFFLElBQUksQ0FBQyxRQUFRO1lBQ3ZCLFdBQVcsRUFBRSxJQUFJLENBQUMsV0FBVztTQUM5QixDQUFDO0lBQ0osQ0FBQztJQUVPLGlCQUFpQixDQUFDLGVBQXlDO1FBQ2pFLE1BQU0sRUFBRSxPQUFPLEVBQUUsV0FBVyxFQUFFLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQztRQUMzQyxJQUFJLENBQUMsV0FBVztZQUFFLE9BQU8sU0FBUyxDQUFDO1FBQ25DLE9BQU8sbUJBQVMsQ0FBQyxVQUFVLENBQ3pCLFdBQVcsRUFDWCxDQUFDLElBQUksRUFBRSxLQUFLLEVBQUUsRUFBRSxDQUNkLElBQUksR0FBRyxDQUFDLDJCQUEyQixDQUNqQyxHQUFHLElBQUksQ0FBQyxJQUFJLElBQUksSUFBSSxFQUFFLEVBQ3RCO1lBQ0UsR0FBRyxPQUFPO1lBQ1YsdUNBQXVDLEVBQUUsSUFBSTtZQUM3QyxTQUFTLEVBQUUsQ0FBQyw0QkFBNEIsQ0FBQztZQUN6QyxNQUFNLEVBQUUsS0FBSyxDQUFDLE1BQU0sSUFBSSxNQUFNLENBQUMsV0FBVyxDQUFBLHFDQUFxQyxrQkFBUSxDQUFDLFFBQVEsT0FBTztZQUN2RyxPQUFPLEVBQUUsS0FBSyxDQUFDLE9BQU87WUFDdEIsWUFBWSxFQUFFLGVBQWUsQ0FBQyxJQUFJO1NBQ25DLEVBQ0QsRUFBRSxTQUFTLEVBQUUsZUFBZSxFQUFFLE1BQU0sRUFBRSxJQUFJLEVBQUUsV0FBVyxFQUFFLGVBQWUsRUFBRSxDQUMzRSxDQUNKLENBQUM7SUFDSixDQUFDO0lBRU8sV0FBVztRQUNqQixJQUFJLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxRQUFRO1lBQUUsT0FBTztRQUNoQyxJQUFJLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxHQUFHLENBQUMsQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUMvQixNQUFNLENBQUMsTUFBTSxDQUFDLEtBQUssQ0FBQyxDQUFDLEtBQUssQ0FDeEIsQ0FBQyxFQUFFLEVBQUUsRUFBRSxDQUNMLElBQUksSUFBSSxDQUFDLFdBQVcsQ0FDbEIsR0FBRyxJQUFJLENBQUMsSUFBSSxJQUFJLEVBQUUsQ0FBQyxRQUFRLEVBQUUsRUFDN0I7WUFDRSxhQUFhLEVBQUUsRUFBRSxDQUFDLFFBQVE7WUFDMUIsY0FBYyxFQUFFLElBQUksQ0FBQyxXQUFXO1NBQ2pDLEVBQ0QsRUFBRSxNQUFNLEVBQUUsSUFBSSxFQUFFLFdBQVcsRUFBRSxJQUFJLEVBQUUsQ0FDcEMsQ0FDSixDQUNGLENBQUM7SUFDSixDQUFDO0NBQ0Y7QUF4RUQsb0RBd0VDIn0=

package/azAd/helpers/index.d.ts

@@ -1,3 +1 @@
 export * from './rsRoleDefinition';
-import { ResourceInputs } from '../../types';
-export declare const createAzureDevOpsAppRegistration: (name: string, vaultInfo: ResourceInputs) => void;

package/azAd/helpers/index.js

@@ -14,26 +14,30 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.createAzureDevOpsAppRegistration = void 0;
 __exportStar(require("./rsRoleDefinition"), exports);
-const AppRegistration_1 = require("../AppRegistration");
-const graphBuiltIn_1 = require("./graphBuiltIn");
-const RoleAssignment_1 = require("../RoleAssignment");
-const helpers_1 = require("../../helpers");
-const createAzureDevOpsAppRegistration = (name, vaultInfo) => {
-    const graphAccess = (0, graphBuiltIn_1.getGraphPermissions)({ name: 'User.Read', type: 'Scope' });
-    const identity = new AppRegistration_1.AppRegistration(name, {
-        appType: 'native',
-        servicePrincipal: { enabled: true },
-        requiredResourceAccesses: [graphAccess],
-        vaultInfo,
-    });
-    new RoleAssignment_1.RoleAssignment(name, {
-        principalId: identity.servicePrincipalId,
-        principalType: 'ServicePrincipal',
-        roleName: 'Owner',
-        scope: helpers_1.azureEnv.defaultSubScope,
-    }, { dependsOn: identity, parent: this });
-};
-exports.createAzureDevOpsAppRegistration = createAzureDevOpsAppRegistration;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvYXpBZC9oZWxwZXJzL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7Ozs7O0FBQUEscURBQW1DO0FBRW5DLHdEQUFxRDtBQUNyRCxpREFBcUQ7QUFDckQsc0RBQW1EO0FBQ25ELDJDQUF5QztBQUdsQyxNQUFNLGdDQUFnQyxHQUFHLENBQzlDLElBQVksRUFDWixTQUF5QixFQUN6QixFQUFFO0lBQ0YsTUFBTSxXQUFXLEdBQUcsSUFBQSxrQ0FBbUIsRUFBQyxFQUFFLElBQUksRUFBRSxXQUFXLEVBQUUsSUFBSSxFQUFFLE9BQU8sRUFBRSxDQUFDLENBQUM7SUFFOUUsTUFBTSxRQUFRLEdBQUcsSUFBSSxpQ0FBZSxDQUFDLElBQUksRUFBRTtRQUN6QyxPQUFPLEVBQUUsUUFBUTtRQUNqQixnQkFBZ0IsRUFBRSxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUU7UUFDbkMsd0JBQXdCLEVBQUUsQ0FBQyxXQUFXLENBQUM7UUFDdkMsU0FBUztLQUNWLENBQUMsQ0FBQztJQUVILElBQUksK0JBQWMsQ0FDaEIsSUFBSSxFQUNKO1FBQ0UsV0FBVyxFQUFFLFFBQVEsQ0FBQyxrQkFBbUI7UUFDekMsYUFBYSxFQUFFLGtCQUFrQjtRQUNqQyxRQUFRLEVBQUUsT0FBTztRQUNqQixLQUFLLEVBQUUsa0JBQVEsQ0FBQyxlQUFlO0tBQ2hDLEVBQ0QsRUFBRSxTQUFTLEVBQUUsUUFBUSxFQUFFLE1BQU0sRUFBRSxJQUFJLEVBQUUsQ0FDdEMsQ0FBQztBQUNKLENBQUMsQ0FBQztBQXZCVyxRQUFBLGdDQUFnQyxvQ0F1QjNDIn0=
+// import { azureEnv } from '../../helpers';
+// import { ResourceInputs } from '../../types';
+// import { AppRegistration } from '../AppRegistration';
+// import { RoleAssignment } from '../RoleAssignment';
+// import { getGraphPermissions } from './graphBuiltIn';
+// export const createAzureDevOpsAppRegistration = (name: string, vaultInfo: ResourceInputs) => {
+//   const graphAccess = getGraphPermissions({ name: 'User.Read', type: 'Scope' });
+//
+//   const identity = new AppRegistration(name, {
+//     appType: 'native',
+//     requiredResourceAccesses: [graphAccess],
+//     vaultInfo,
+//   });
+//
+//   new RoleAssignment(
+//     name,
+//     {
+//       principalId: identity.servicePrincipalId!,
+//       principalType: 'ServicePrincipal',
+//       roleName: 'Owner',
+//       scope: azureEnv.defaultSubScope,
+//     },
+//     { dependsOn: identity, deletedWith: identity, parent: this },
+//   );
+// };
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvYXpBZC9oZWxwZXJzL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7Ozs7QUFBQSxxREFBbUM7QUFFbkMsNENBQTRDO0FBQzVDLGdEQUFnRDtBQUNoRCx3REFBd0Q7QUFDeEQsc0RBQXNEO0FBQ3RELHdEQUF3RDtBQUV4RCxpR0FBaUc7QUFDakcsbUZBQW1GO0FBQ25GLEVBQUU7QUFDRixpREFBaUQ7QUFDakQseUJBQXlCO0FBQ3pCLCtDQUErQztBQUMvQyxpQkFBaUI7QUFDakIsUUFBUTtBQUNSLEVBQUU7QUFDRix3QkFBd0I7QUFDeEIsWUFBWTtBQUNaLFFBQVE7QUFDUixtREFBbUQ7QUFDbkQsMkNBQTJDO0FBQzNDLDJCQUEyQjtBQUMzQix5Q0FBeUM7QUFDekMsU0FBUztBQUNULG9FQUFvRTtBQUNwRSxPQUFPO0FBQ1AsS0FBSyJ9

package/azAd/helpers/rolesBuiltIn.d.ts

@@ -12,7 +12,7 @@ export declare function getRoleDefinitionByName(name: string): {
         }[];
         createdOn: string;
         updatedOn: string;
-        createdBy: null;
+        createdBy: string;
         updatedBy: string;
     };
     id: string;
@@ -27,13 +27,13 @@ export declare function getRoleDefinitionByName(name: string): {
         permissions: {
             actions: string[];
             notActions: never[];
-            dataActions: string[];
-            notDataActions: string[];
+            dataActions: never[];
+            notDataActions: never[];
         }[];
         createdOn: string;
         updatedOn: string;
         createdBy: null;
-        updatedBy: null;
+        updatedBy: string;
     };
     id: string;
     type: string;
@@ -46,9 +46,9 @@ export declare function getRoleDefinitionByName(name: string): {
         assignableScopes: string[];
         permissions: {
             actions: string[];
-            notActions: string[];
+            notActions: never[];
             dataActions: string[];
-            notDataActions: never[];
+            notDataActions: string[];
         }[];
         createdOn: string;
         updatedOn: string;
@@ -64,21 +64,12 @@ export declare function getRoleDefinitionByName(name: string): {
         type: string;
         description: string;
         assignableScopes: string[];
-        permissions: ({
-            actions: string[];
-            notActions: never[];
-            dataActions: never[];
-            notDataActions: never[];
-            conditionVersion?: undefined;
-            condition?: undefined;
-        } | {
+        permissions: {
             actions: string[];
-            notActions: never[];
-            dataActions: never[];
+            notActions: string[];
+            dataActions: string[];
             notDataActions: never[];
-            conditionVersion: string;
-            condition: string;
-        })[];
+        }[];
         createdOn: string;
         updatedOn: string;
         createdBy: null;