@drunk-pulumi/azure-components 1.0.2 → 1.0.3

package/README.md

@@ -3,6 +3,7 @@
 A modular, reusable TypeScript library of Pulumi components for rapidly building and managing Azure infrastructure. This project provides high-level abstractions for common Azure resources, enabling you to compose complex cloud environments with minimal boilerplate.
 
 ## Features
+
 - **Composable Components:** Build infrastructure using reusable building blocks (e.g., Resource Groups, Key Vaults, VMs, Networking, Storage, Databases, etc.).
 - **Opinionated Defaults:** Sensible defaults for security, tagging, and resource configuration.
 - **Extensible:** Easily extend or customize components for your organization's needs.
@@ -10,6 +11,7 @@ A modular, reusable TypeScript library of Pulumi components for rapidly building
 - **Azure Best Practices:** Implements patterns for identity, encryption, logging, and networking.
 
 ## Project Structure
+
 ```
 src/
   aks/           # Azure Kubernetes Service components
@@ -32,30 +34,49 @@ src/
 ## Getting Started
 
 ### Prerequisites
+
 - [Node.js](https://nodejs.org/) (v16+ recommended)
 - [Pulumi CLI](https://www.pulumi.com/docs/get-started/install/)
 - Azure account with sufficient permissions
 - [pnpm](https://pnpm.io/) (or npm/yarn)
 
 ### Installation
+
 Clone the repository and install dependencies:
+
 ```bash
 git clone <repo-url>
 cd drunk-pulumi-azure-components
 pnpm install
 ```
 
+### Set Default Config
+
+```
+pulumi org set-default YOUR_ORG_NAME
+
+pulumi config set azure-native:tenantId YOUR_AZ_TENANT_ID
+pulumi config set azure-native:subscriptionId YOUR_AZ_SUBSCRIPTION_ID
+pulumi config set azure-native:location YOUR_AZ_LOCATION
+```
+
 ### Usage
+
 You can use the components in your own Pulumi project or in the provided `pulumi-test/` directory for examples.
 
 #### Example: Creating a Resource Group with Key Vault and Logging
+
 ```typescript
 import { ResourceBuilder } from '../src/ResourceBuilder';
 
 const builder = new ResourceBuilder('my-stack', {
   groupRoles: { createWithName: 'my-rg-roles' },
-  vault: { /* vault config */ },
-  logs: { /* logs config */ },
+  vault: {
+    /* vault config */
+  },
+  logs: {
+    /* logs config */
+  },
   enableDefaultUAssignId: true,
 });
 
@@ -65,16 +86,19 @@ export const outputs = builder.getOutputs();
 See `pulumi-test/samples/` for more usage examples.
 
 ### Project Scripts
+
 - `pnpm build` – Compile TypeScript sources
 - `pnpm lint` – Run ESLint
 - `pnpm test` – Run tests (if available)
 
 ### Directory Reference
+
 - **src/**: All core component code
 - **pulumi-test/**: Example Pulumi stacks and sample usage
 - **.devcontainer/**: Development container setup for VS Code
 
 ## Component Overview
+
 - **ResourceBuilder**: Main entry point for composing resources (resource group, roles, vault, logs, disk encryption, etc.)
 - **azAd/**: Azure AD roles, group roles, user-assigned identities
 - **vault/**: Key Vaults, encryption keys, secrets
@@ -87,6 +111,7 @@ See `pulumi-test/samples/` for more usage examples.
 - **services/**: Automation, Search, Service Bus
 
 ## Contributing
+
 1. Fork the repository
 2. Create a new branch (`git checkout -b feature/my-feature`)
 3. Make your changes
@@ -94,7 +119,9 @@ See `pulumi-test/samples/` for more usage examples.
 5. Submit a pull request
 
 ## License
+
 MIT License
 
 ## Support & Contact
+
 For questions, issues, or feature requests, please open an issue on GitHub or contact the maintainer.

package/ResourceBuilder.d.ts

@@ -1,41 +1,93 @@
 import * as pulumi from '@pulumi/pulumi';
-import { GroupRoleOutput, UserAssignedIdentity } from './azAd';
-import { BaseComponent } from './base/BaseComponent';
-import { RsGroup, RsGroupArgs } from './common';
-import { Logs, LogsArgs } from './logs';
-import { KeyVault, KeyVaultArgs } from './vault';
+import * as types from './types';
+import { AppRegistration, AppRegistrationArgs, GroupRole, GroupRoleArgs, RoleAssignmentArgs, UserAssignedIdentity, UserAssignedIdentityArgs } from './azAd';
 import { DiskEncryptionSet, DiskEncryptionSetArgs } from './vm';
-type GroupRoleOutputTypes = {
-    admin: pulumi.Output<GroupRoleOutput>;
-    contributor: pulumi.Output<GroupRoleOutput>;
-    readOnly: pulumi.Output<GroupRoleOutput>;
-};
+import { KeyVault, KeyVaultArgs } from './vault';
+import { Logs, LogsArgs } from './logs';
+import { RsGroup, RsGroupArgs } from './common';
+import { Vnet, VnetArgs } from './vnet';
+import { BaseComponent } from './base/BaseComponent';
 export type ResourceBuilderOutputs = {
-    groupRoles?: GroupRoleOutputTypes;
+    groupRoles?: types.GroupRoleOutputTypes;
     rsGroup: ReturnType<RsGroup['getOutputs']>;
     vaultInfo?: ReturnType<KeyVault['getOutputs']>;
     defaultUAssignedId?: ReturnType<UserAssignedIdentity['getOutputs']>;
+    defaultAppIdentity?: ReturnType<AppRegistration['getOutputs']>;
     logs?: ReturnType<Logs['getOutputs']>;
     diskEncryptionSet?: ReturnType<DiskEncryptionSet['getOutputs']>;
+    vnet?: ReturnType<Vnet['getOutputs']>;
 };
-type CommonProps = 'rsGroup' | 'groupRoles' | 'vaultInfo' | 'resourceGroupName';
-export interface ResourceBuilderArgs extends Omit<RsGroupArgs, CommonProps> {
-    groupRoles?: {
-        createWithName?: string;
-    } | GroupRoleOutputTypes;
-    vault?: Omit<KeyVaultArgs, CommonProps>;
-    logs?: Omit<LogsArgs, CommonProps>;
-    diskEncryption?: Omit<DiskEncryptionSetArgs, CommonProps>;
-    enableDefaultUAssignId?: boolean;
+/**
+ * Arguments for composing a standard Azure resource group environment with optional common foundation resources.
+ *
+ * You always pass the base `RsGroupArgs` (minus common meta props removed via `Omit`).
+ * Each optional `*Create` property triggers creation of that resource. If both an existing instance reference
+ * (e.g. `groupRoles`) and a corresponding `*Create` block are provided, the existing instance takes precedence
+ * and the `*Create` block is ignored.
+ */
+export interface ResourceBuilderArgs extends Omit<RsGroupArgs, types.CommonProps> {
+    /**
+     * Pre-created group role outputs or the `GroupRole` component itself to reuse instead of creating new ones.
+     * When supplied, `groupRolesCreate` is ignored.
+     */
+    groupRoles?: types.GroupRoleOutputTypes | GroupRole;
+    /**
+     * Definition to create a new set of Azure AD groups / roles (reader, contributor, etc.).
+     * Provide when you want the builder to provision standard role groups automatically.
+     */
+    groupRolesCreate?: types.WithName & GroupRoleArgs;
+    vaultInfo?: types.ResourceInputs;
+    /**
+     * Configuration to create a Key Vault in the resource group. Adds linkage with created identities and group roles.
+     */
+    vaultCreate?: types.WithName & Omit<KeyVaultArgs, types.CommonProps>;
+    /**
+     * Configuration to create a Log Analytics workspace (and related diagnostics) bound to the resource group.
+     */
+    logsCreate?: types.WithName & Omit<LogsArgs, types.CommonProps>;
+    /**
+     * Configuration for provisioning a Disk Encryption Set (defaults encryptionType if omitted).
+     * Depends on Key Vault (if also created) and optionally the default user-assigned identity.
+     */
+    diskEncryptionCreate?: types.WithName & Omit<DiskEncryptionSetArgs, types.CommonProps>;
+    /**
+     * Create a default User Assigned Managed Identity. `memberof` selects which generated group role (defaults to 'readOnly').
+     * If `groupRoles` / `groupRolesCreate` not provided, the identity will not have group memberships applied.
+     */
+    defaultUAssignedIdCreate?: types.WithName & Omit<UserAssignedIdentityArgs, types.CommonProps | 'memberof'> & {
+        /** Which group role key to map the identity into (e.g. 'readOnly', 'contributor'). */
+        memberof?: types.GroupRoleTypes;
+    };
+    /**
+     * Create a default App Registration + Service Principal. `memberof` optionally assigns it a role group (defaults 'readOnly').
+     * Vault info (if created) is passed for secret references.
+     */
+    defaultAppIdentityCreate?: types.WithName & Omit<AppRegistrationArgs, types.CommonProps | 'memberof'> & {
+        /** Which group role key to map the app into. */
+        memberof?: types.GroupRoleTypes;
+    };
+    /**
+     * Configuration to create a Virtual Network with sub-resources (subnets, NSGs, etc. per `VnetArgs`).
+     */
+    vnetCreate?: types.WithName & Omit<VnetArgs, types.CommonProps>;
 }
 export declare class ResourceBuilder extends BaseComponent<ResourceBuilderArgs> {
     readonly rsGroup: RsGroup;
-    readonly vaultInfo?: KeyVault;
-    readonly groupRoles?: GroupRoleOutputTypes;
+    readonly vaultInfo?: types.ResourceOutputs;
+    readonly groupRoles?: types.GroupRoleOutputTypes;
     readonly defaultUAssignedId?: UserAssignedIdentity;
+    readonly defaultAppIdentity?: AppRegistration;
     readonly logs?: Logs;
-    readonly diskEncryptionSet?: DiskEncryptionSet;
+    private readonly diskEncryptionSet?;
+    private readonly vnet;
     constructor(name: string, args: ResourceBuilderArgs, opts?: pulumi.ComponentResourceOptions);
     getOutputs(): ResourceBuilderOutputs;
+    private createGroupRoles;
+    private createVault;
+    private createUserIdentity;
+    private createAppIdentity;
+    private createLogs;
+    private createDiskEncryptionSet;
+    private createVnet;
+    grant(props: Omit<RoleAssignmentArgs, 'scope'>): this;
 }
-export {};

package/ResourceBuilder.js

@@ -1,72 +1,172 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.ResourceBuilder = void 0;
+const pulumi = __importStar(require("@pulumi/pulumi"));
 const azAd_1 = require("./azAd");
+const vm_1 = require("./vm");
+const vault_1 = require("./vault");
+const logs_1 = require("./logs");
+const common_1 = require("./common");
+const vnet_1 = require("./vnet");
 const BaseComponent_1 = require("./base/BaseComponent");
 const helpers_1 = require("./base/helpers");
-const common_1 = require("./common");
-const logs_1 = require("./logs");
-const vault_1 = require("./vault");
-const vm_1 = require("./vm");
+const helpers_2 = require("./helpers");
 class ResourceBuilder extends BaseComponent_1.BaseComponent {
     rsGroup;
     vaultInfo;
     groupRoles;
     defaultUAssignedId;
+    defaultAppIdentity;
     logs;
     diskEncryptionSet;
+    vnet;
     constructor(name, args, opts) {
         super((0, helpers_1.getComponentResourceType)('ResourceBuilder'), name, args, opts);
-        const { groupRoles, vault, enableDefaultUAssignId, logs, diskEncryption, ...props } = args;
-        if (groupRoles) {
-            if ('createWithName' in groupRoles) {
-                this.groupRoles = new azAd_1.GroupRole(groupRoles.createWithName, {}, { dependsOn: opts?.dependsOn, parent: this }).getOutputs();
-            }
-            else if (groupRoles instanceof azAd_1.GroupRole)
-                this.groupRoles = groupRoles.getOutputs();
-            else
-                this.groupRoles = groupRoles;
-        }
+        const { groupRolesCreate, groupRoles, vaultCreate, defaultUAssignedIdCreate, logsCreate, diskEncryptionCreate, ...props } = args;
+        this.groupRoles = this.createGroupRoles();
         this.rsGroup = new common_1.RsGroup(name, { ...props, groupRoles: this.groupRoles }, { dependsOn: opts?.dependsOn, parent: this });
-        if (vault) {
-            this.vaultInfo = new vault_1.KeyVault(name, { ...vault, rsGroup: this.rsGroup, groupRoles: this.groupRoles }, { dependsOn: this.rsGroup, parent: this });
-        }
-        if (enableDefaultUAssignId) {
-            this.defaultUAssignedId = new azAd_1.UserAssignedIdentity(name, {
-                rsGroup: this.rsGroup,
-                vaultInfo: this.vaultInfo,
-                memberof: this.groupRoles ? [this.groupRoles.readOnly] : undefined,
-            }, { dependsOn: this.vaultInfo ? [this.rsGroup, this.vaultInfo] : this.rsGroup, parent: this });
-        }
-        if (logs) {
-            this.logs = new logs_1.Logs(name, {
-                ...logs,
-                rsGroup: this.rsGroup,
-                vaultInfo: this.vaultInfo,
-                groupRoles: this.groupRoles,
-            }, { dependsOn: this.vaultInfo ? [this.rsGroup, this.vaultInfo] : this.rsGroup, parent: this });
-        }
-        if (diskEncryption) {
-            this.diskEncryptionSet = new vm_1.DiskEncryptionSet(name, {
-                ...diskEncryption,
-                rsGroup: this.rsGroup,
-                encryptionType: 'EncryptionAtRestWithPlatformAndCustomerKeys',
-                defaultUAssignedId: this.defaultUAssignedId,
-                vaultInfo: this.vaultInfo,
-                groupRoles: this.groupRoles,
-            }, { dependsOn: this.vaultInfo ? [this.rsGroup, this.vaultInfo] : this.rsGroup, parent: this });
-        }
+        this.vaultInfo = this.createVault();
+        this.defaultUAssignedId = this.createUserIdentity();
+        this.defaultAppIdentity = this.createAppIdentity();
+        this.logs = this.createLogs();
+        this.diskEncryptionSet = this.createDiskEncryptionSet();
+        this.vnet = this.createVnet();
+        this.registerOutputs();
     }
     getOutputs() {
         return {
             groupRoles: this.groupRoles,
             rsGroup: this.rsGroup.getOutputs(),
-            vaultInfo: this.vaultInfo?.getOutputs(),
+            vaultInfo: this.vaultInfo,
             defaultUAssignedId: this.defaultUAssignedId?.getOutputs(),
+            defaultAppIdentity: this.defaultAppIdentity?.getOutputs(),
             logs: this.logs?.getOutputs(),
             diskEncryptionSet: this.diskEncryptionSet?.getOutputs(),
+            vnet: this.vnet?.getOutputs(),
         };
     }
+    createGroupRoles() {
+        const { groupRoles, groupRolesCreate } = this.args;
+        if (groupRoles) {
+            return groupRoles instanceof azAd_1.GroupRole ? groupRoles.getOutputs() : groupRoles;
+        }
+        if (groupRolesCreate) {
+            return new azAd_1.GroupRole(groupRolesCreate.name ?? this.name, groupRolesCreate, {
+                dependsOn: this.opts?.dependsOn,
+                parent: this,
+            }).getOutputs();
+        }
+    }
+    createVault() {
+        const { vaultInfo, vaultCreate } = this.args;
+        if (vaultInfo)
+            return { resourceName: pulumi.output(vaultInfo.resourceName), id: pulumi.output(vaultInfo.id) };
+        if (!vaultCreate)
+            return undefined;
+        return new vault_1.KeyVault(vaultCreate.name ?? this.name, { ...vaultCreate, rsGroup: this.rsGroup, groupRoles: this.groupRoles }, {
+            dependsOn: this.rsGroup,
+            parent: this,
+        }).getOutputs();
+    }
+    createUserIdentity() {
+        const { defaultUAssignedIdCreate } = this.args;
+        if (!defaultUAssignedIdCreate)
+            return undefined;
+        return new azAd_1.UserAssignedIdentity(defaultUAssignedIdCreate.name ?? this.name, {
+            ...defaultUAssignedIdCreate,
+            rsGroup: this.rsGroup,
+            vaultInfo: this.vaultInfo,
+            memberof: this.groupRoles ? [this.groupRoles[defaultUAssignedIdCreate.memberof ?? 'readOnly']] : undefined,
+        }, {
+            dependsOn: this.rsGroup,
+            parent: this,
+        });
+    }
+    createAppIdentity() {
+        const { defaultAppIdentityCreate } = this.args;
+        if (!defaultAppIdentityCreate)
+            return undefined;
+        return new azAd_1.AppRegistration(defaultAppIdentityCreate.name ?? this.name, {
+            ...defaultAppIdentityCreate,
+            memberof: this.groupRoles ? [this.groupRoles[defaultAppIdentityCreate.memberof ?? 'readOnly']] : undefined,
+            vaultInfo: this.vaultInfo,
+        }, {
+            dependsOn: this.rsGroup,
+            parent: this,
+        });
+    }
+    createLogs() {
+        const { logsCreate } = this.args;
+        if (!logsCreate)
+            return undefined;
+        return new logs_1.Logs(logsCreate.name ?? this.name, {
+            ...logsCreate,
+            rsGroup: this.rsGroup,
+            vaultInfo: this.vaultInfo,
+            groupRoles: this.groupRoles,
+        }, { dependsOn: this.rsGroup, parent: this });
+    }
+    createDiskEncryptionSet() {
+        const { diskEncryptionCreate } = this.args;
+        if (!diskEncryptionCreate)
+            return undefined;
+        return new vm_1.DiskEncryptionSet(diskEncryptionCreate.name ?? this.name, {
+            ...diskEncryptionCreate,
+            encryptionType: diskEncryptionCreate.encryptionType ?? 'EncryptionAtRestWithPlatformAndCustomerKeys',
+            rsGroup: this.rsGroup,
+            defaultUAssignedId: this.defaultUAssignedId,
+            vaultInfo: this.vaultInfo,
+            groupRoles: this.groupRoles,
+        }, { dependsOn: this.rsGroup, parent: this });
+    }
+    createVnet() {
+        const { vnetCreate } = this.args;
+        if (!vnetCreate)
+            return undefined;
+        return new vnet_1.Vnet(vnetCreate.name ?? this.name, {
+            ...vnetCreate,
+            rsGroup: this.rsGroup,
+            groupRoles: this.groupRoles,
+            vaultInfo: this.vaultInfo,
+        }, { dependsOn: this.rsGroup, parent: this });
+    }
+    grant(props) {
+        new azAd_1.RoleAssignment(`${this.name}-${props.roleName}`, { ...props, scope: helpers_2.rsHelpers.getRsGroupIdFrom(this.rsGroup) }, { dependsOn: this, deletedWith: this, parent: this });
+        return this;
+    }
 }
 exports.ResourceBuilder = ResourceBuilder;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiUmVzb3VyY2VCdWlsZGVyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL1Jlc291cmNlQnVpbGRlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFDQSxpQ0FBMEU7QUFDMUUsd0RBQXFEO0FBQ3JELDRDQUEwRDtBQUMxRCxxQ0FBZ0Q7QUFDaEQsaUNBQXdDO0FBQ3hDLG1DQUFpRDtBQUNqRCw2QkFBZ0U7QUEyQmhFLE1BQWEsZUFBZ0IsU0FBUSw2QkFBa0M7SUFDckQsT0FBTyxDQUFVO0lBQ2pCLFNBQVMsQ0FBWTtJQUNyQixVQUFVLENBQXdCO0lBQ2xDLGtCQUFrQixDQUF3QjtJQUMxQyxJQUFJLENBQVE7SUFDWixpQkFBaUIsQ0FBcUI7SUFFdEQsWUFBWSxJQUFZLEVBQUUsSUFBeUIsRUFBRSxJQUFzQztRQUN6RixLQUFLLENBQUMsSUFBQSxrQ0FBd0IsRUFBQyxpQkFBaUIsQ0FBQyxFQUFFLElBQUksRUFBRSxJQUFJLEVBQUUsSUFBSSxDQUFDLENBQUM7UUFDckUsTUFBTSxFQUFFLFVBQVUsRUFBRSxLQUFLLEVBQUUsc0JBQXNCLEVBQUUsSUFBSSxFQUFFLGNBQWMsRUFBRSxHQUFHLEtBQUssRUFBRSxHQUFHLElBQUksQ0FBQztRQUUzRixJQUFJLFVBQVUsRUFBRSxDQUFDO1lBQ2YsSUFBSSxnQkFBZ0IsSUFBSSxVQUFVLEVBQUUsQ0FBQztnQkFDbkMsSUFBSSxDQUFDLFVBQVUsR0FBRyxJQUFJLGdCQUFTLENBQzdCLFVBQVUsQ0FBQyxjQUFjLEVBQ3pCLEVBQUUsRUFDRixFQUFFLFNBQVMsRUFBRSxJQUFJLEVBQUUsU0FBUyxFQUFFLE1BQU0sRUFBRSxJQUFJLEVBQUUsQ0FDN0MsQ0FBQyxVQUFVLEVBQUUsQ0FBQztZQUNqQixDQUFDO2lCQUFNLElBQUksVUFBVSxZQUFZLGdCQUFTO2dCQUFFLElBQUksQ0FBQyxVQUFVLEdBQUcsVUFBVSxDQUFDLFVBQVUsRUFBRSxDQUFDOztnQkFDakYsSUFBSSxDQUFDLFVBQVUsR0FBRyxVQUFrQyxDQUFDO1FBQzVELENBQUM7UUFFRCxJQUFJLENBQUMsT0FBTyxHQUFHLElBQUksZ0JBQU8sQ0FDeEIsSUFBSSxFQUNKLEVBQUUsR0FBRyxLQUFLLEVBQUUsVUFBVSxFQUFFLElBQUksQ0FBQyxVQUFVLEVBQUUsRUFDekMsRUFBRSxTQUFTLEVBQUUsSUFBSSxFQUFFLFNBQVMsRUFBRSxNQUFNLEVBQUUsSUFBSSxFQUFFLENBQzdDLENBQUM7UUFFRixJQUFJLEtBQUssRUFBRSxDQUFDO1lBQ1YsSUFBSSxDQUFDLFNBQVMsR0FBRyxJQUFJLGdCQUFRLENBQzNCLElBQUksRUFDSixFQUFFLEdBQUcsS0FBSyxFQUFFLE9BQU8sRUFBRSxJQUFJLENBQUMsT0FBTyxFQUFFLFVBQVUsRUFBRSxJQUFJLENBQUMsVUFBVSxFQUFFLEVBQ2hFLEVBQUUsU0FBUyxFQUFFLElBQUksQ0FBQyxPQUFPLEVBQUUsTUFBTSxFQUFFLElBQUksRUFBRSxDQUMxQyxDQUFDO1FBQ0osQ0FBQztRQUVELElBQUksc0JBQXNCLEVBQUUsQ0FBQztZQUMzQixJQUFJLENBQUMsa0JBQWtCLEdBQUcsSUFBSSwyQkFBb0IsQ0FDaEQsSUFBSSxFQUNKO2dCQUNFLE9BQU8sRUFBRSxJQUFJLENBQUMsT0FBTztnQkFDckIsU0FBUyxFQUFFLElBQUksQ0FBQyxTQUFTO2dCQUN6QixRQUFRLEVBQUUsSUFBSSxDQUFDLFVBQVUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLFFBQVEsQ0FBQyxDQUFDLENBQUMsQ0FBQyxTQUFTO2FBQ25FLEVBQ0QsRUFBRSxTQUFTLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsT0FBTyxFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLE9BQU8sRUFBRSxNQUFNLEVBQUUsSUFBSSxFQUFFLENBQzVGLENBQUM7UUFDSixDQUFDO1FBRUQsSUFBSSxJQUFJLEVBQUUsQ0FBQztZQUNULElBQUksQ0FBQyxJQUFJLEdBQUcsSUFBSSxXQUFJLENBQ2xCLElBQUksRUFDSjtnQkFDRSxHQUFHLElBQUk7Z0JBQ1AsT0FBTyxFQUFFLElBQUksQ0FBQyxPQUFPO2dCQUNyQixTQUFTLEVBQUUsSUFBSSxDQUFDLFNBQVM7Z0JBQ3pCLFVBQVUsRUFBRSxJQUFJLENBQUMsVUFBVTthQUM1QixFQUNELEVBQUUsU0FBUyxFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLE9BQU8sRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxPQUFPLEVBQUUsTUFBTSxFQUFFLElBQUksRUFBRSxDQUM1RixDQUFDO1FBQ0osQ0FBQztRQUVELElBQUksY0FBYyxFQUFFLENBQUM7WUFDbkIsSUFBSSxDQUFDLGlCQUFpQixHQUFHLElBQUksc0JBQWlCLENBQzVDLElBQUksRUFDSjtnQkFDRSxHQUFHLGNBQWM7Z0JBQ2pCLE9BQU8sRUFBRSxJQUFJLENBQUMsT0FBTztnQkFDckIsY0FBYyxFQUFFLDZDQUE2QztnQkFDN0Qsa0JBQWtCLEVBQUUsSUFBSSxDQUFDLGtCQUFrQjtnQkFDM0MsU0FBUyxFQUFFLElBQUksQ0FBQyxTQUFTO2dCQUN6QixVQUFVLEVBQUUsSUFBSSxDQUFDLFVBQVU7YUFDNUIsRUFDRCxFQUFFLFNBQVMsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxPQUFPLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsT0FBTyxFQUFFLE1BQU0sRUFBRSxJQUFJLEVBQUUsQ0FDNUYsQ0FBQztRQUNKLENBQUM7SUFDSCxDQUFDO0lBRU0sVUFBVTtRQUNmLE9BQU87WUFDTCxVQUFVLEVBQUUsSUFBSSxDQUFDLFVBQVU7WUFDM0IsT0FBTyxFQUFFLElBQUksQ0FBQyxPQUFPLENBQUMsVUFBVSxFQUFFO1lBQ2xDLFNBQVMsRUFBRSxJQUFJLENBQUMsU0FBUyxFQUFFLFVBQVUsRUFBRTtZQUN2QyxrQkFBa0IsRUFBRSxJQUFJLENBQUMsa0JBQWtCLEVBQUUsVUFBVSxFQUFFO1lBQ3pELElBQUksRUFBRSxJQUFJLENBQUMsSUFBSSxFQUFFLFVBQVUsRUFBRTtZQUM3QixpQkFBaUIsRUFBRSxJQUFJLENBQUMsaUJBQWlCLEVBQUUsVUFBVSxFQUFFO1NBQ3hELENBQUM7SUFDSixDQUFDO0NBQ0Y7QUF4RkQsMENBd0ZDIn0=
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiUmVzb3VyY2VCdWlsZGVyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL1Jlc291cmNlQnVpbGRlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7QUFBQSx1REFBeUM7QUFHekMsaUNBU2dCO0FBQ2hCLDZCQUFnRTtBQUNoRSxtQ0FBaUQ7QUFDakQsaUNBQXdDO0FBQ3hDLHFDQUFnRDtBQUNoRCxpQ0FBd0M7QUFFeEMsd0RBQXFEO0FBQ3JELDRDQUEwRDtBQUMxRCx1Q0FBc0M7QUE2RXRDLE1BQWEsZUFBZ0IsU0FBUSw2QkFBa0M7SUFDckQsT0FBTyxDQUFVO0lBQ2pCLFNBQVMsQ0FBeUI7SUFDbEMsVUFBVSxDQUE4QjtJQUN4QyxrQkFBa0IsQ0FBd0I7SUFDMUMsa0JBQWtCLENBQW1CO0lBQ3JDLElBQUksQ0FBUTtJQUNYLGlCQUFpQixDQUFxQjtJQUN0QyxJQUFJLENBQW1CO0lBRXhDLFlBQVksSUFBWSxFQUFFLElBQXlCLEVBQUUsSUFBc0M7UUFDekYsS0FBSyxDQUFDLElBQUEsa0NBQXdCLEVBQUMsaUJBQWlCLENBQUMsRUFBRSxJQUFJLEVBQUUsSUFBSSxFQUFFLElBQUksQ0FBQyxDQUFDO1FBQ3JFLE1BQU0sRUFDSixnQkFBZ0IsRUFDaEIsVUFBVSxFQUNWLFdBQVcsRUFDWCx3QkFBd0IsRUFDeEIsVUFBVSxFQUNWLG9CQUFvQixFQUNwQixHQUFHLEtBQUssRUFDVCxHQUFHLElBQUksQ0FBQztRQUVULElBQUksQ0FBQyxVQUFVLEdBQUcsSUFBSSxDQUFDLGdCQUFnQixFQUFFLENBQUM7UUFFMUMsSUFBSSxDQUFDLE9BQU8sR0FBRyxJQUFJLGdCQUFPLENBQ3hCLElBQUksRUFDSixFQUFFLEdBQUcsS0FBSyxFQUFFLFVBQVUsRUFBRSxJQUFJLENBQUMsVUFBVSxFQUFFLEVBQ3pDLEVBQUUsU0FBUyxFQUFFLElBQUksRUFBRSxTQUFTLEVBQUUsTUFBTSxFQUFFLElBQUksRUFBRSxDQUM3QyxDQUFDO1FBRUYsSUFBSSxDQUFDLFNBQVMsR0FBRyxJQUFJLENBQUMsV0FBVyxFQUFFLENBQUM7UUFDcEMsSUFBSSxDQUFDLGtCQUFrQixHQUFHLElBQUksQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO1FBQ3BELElBQUksQ0FBQyxrQkFBa0IsR0FBRyxJQUFJLENBQUMsaUJBQWlCLEVBQUUsQ0FBQztRQUNuRCxJQUFJLENBQUMsSUFBSSxHQUFHLElBQUksQ0FBQyxVQUFVLEVBQUUsQ0FBQztRQUM5QixJQUFJLENBQUMsaUJBQWlCLEdBQUcsSUFBSSxDQUFDLHVCQUF1QixFQUFFLENBQUM7UUFDeEQsSUFBSSxDQUFDLElBQUksR0FBRyxJQUFJLENBQUMsVUFBVSxFQUFFLENBQUM7UUFFOUIsSUFBSSxDQUFDLGVBQWUsRUFBRSxDQUFDO0lBQ3pCLENBQUM7SUFFTSxVQUFVO1FBQ2YsT0FBTztZQUNMLFVBQVUsRUFBRSxJQUFJLENBQUMsVUFBVTtZQUMzQixPQUFPLEVBQUUsSUFBSSxDQUFDLE9BQU8sQ0FBQyxVQUFVLEVBQUU7WUFDbEMsU0FBUyxFQUFFLElBQUksQ0FBQyxTQUFTO1lBQ3pCLGtCQUFrQixFQUFFLElBQUksQ0FBQyxrQkFBa0IsRUFBRSxVQUFVLEVBQUU7WUFDekQsa0JBQWtCLEVBQUUsSUFBSSxDQUFDLGtCQUFrQixFQUFFLFVBQVUsRUFBRTtZQUN6RCxJQUFJLEVBQUUsSUFBSSxDQUFDLElBQUksRUFBRSxVQUFVLEVBQUU7WUFDN0IsaUJBQWlCLEVBQUUsSUFBSSxDQUFDLGlCQUFpQixFQUFFLFVBQVUsRUFBRTtZQUN2RCxJQUFJLEVBQUUsSUFBSSxDQUFDLElBQUksRUFBRSxVQUFVLEVBQUU7U0FDOUIsQ0FBQztJQUNKLENBQUM7SUFFTyxnQkFBZ0I7UUFDdEIsTUFBTSxFQUFFLFVBQVUsRUFBRSxnQkFBZ0IsRUFBRSxHQUFHLElBQUksQ0FBQyxJQUFJLENBQUM7UUFDbkQsSUFBSSxVQUFVLEVBQUUsQ0FBQztZQUNmLE9BQU8sVUFBVSxZQUFZLGdCQUFTLENBQUMsQ0FBQyxDQUFDLFVBQVUsQ0FBQyxVQUFVLEVBQUUsQ0FBQyxDQUFDLENBQUMsVUFBVSxDQUFDO1FBQ2hGLENBQUM7UUFFRCxJQUFJLGdCQUFnQixFQUFFLENBQUM7WUFDckIsT0FBTyxJQUFJLGdCQUFTLENBQUMsZ0JBQWdCLENBQUMsSUFBSSxJQUFJLElBQUksQ0FBQyxJQUFJLEVBQUUsZ0JBQWdCLEVBQUU7Z0JBQ3pFLFNBQVMsRUFBRSxJQUFJLENBQUMsSUFBSSxFQUFFLFNBQVM7Z0JBQy9CLE1BQU0sRUFBRSxJQUFJO2FBQ2IsQ0FBQyxDQUFDLFVBQVUsRUFBRSxDQUFDO1FBQ2xCLENBQUM7SUFDSCxDQUFDO0lBRU8sV0FBVztRQUNqQixNQUFNLEVBQUUsU0FBUyxFQUFFLFdBQVcsRUFBRSxHQUFHLElBQUksQ0FBQyxJQUFJLENBQUM7UUFDN0MsSUFBSSxTQUFTO1lBQUUsT0FBTyxFQUFFLFlBQVksRUFBRSxNQUFNLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxZQUFZLENBQUMsRUFBRSxFQUFFLEVBQUUsTUFBTSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUMsRUFBRSxDQUFDLEVBQUUsQ0FBQztRQUMvRyxJQUFJLENBQUMsV0FBVztZQUFFLE9BQU8sU0FBUyxDQUFDO1FBRW5DLE9BQU8sSUFBSSxnQkFBUSxDQUNqQixXQUFXLENBQUMsSUFBSSxJQUFJLElBQUksQ0FBQyxJQUFJLEVBQzdCLEVBQUUsR0FBRyxXQUFXLEVBQUUsT0FBTyxFQUFFLElBQUksQ0FBQyxPQUFPLEVBQUUsVUFBVSxFQUFFLElBQUksQ0FBQyxVQUFVLEVBQUUsRUFDdEU7WUFDRSxTQUFTLEVBQUUsSUFBSSxDQUFDLE9BQU87WUFDdkIsTUFBTSxFQUFFLElBQUk7U0FDYixDQUNGLENBQUMsVUFBVSxFQUFFLENBQUM7SUFDakIsQ0FBQztJQUVPLGtCQUFrQjtRQUN4QixNQUFNLEVBQUUsd0JBQXdCLEVBQUUsR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDO1FBQy9DLElBQUksQ0FBQyx3QkFBd0I7WUFBRSxPQUFPLFNBQVMsQ0FBQztRQUVoRCxPQUFPLElBQUksMkJBQW9CLENBQzdCLHdCQUF3QixDQUFDLElBQUksSUFBSSxJQUFJLENBQUMsSUFBSSxFQUMxQztZQUNFLEdBQUcsd0JBQXdCO1lBQzNCLE9BQU8sRUFBRSxJQUFJLENBQUMsT0FBTztZQUNyQixTQUFTLEVBQUUsSUFBSSxDQUFDLFNBQVM7WUFDekIsUUFBUSxFQUFFLElBQUksQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyx3QkFBd0IsQ0FBQyxRQUFRLElBQUksVUFBVSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsU0FBUztTQUMzRyxFQUNEO1lBQ0UsU0FBUyxFQUFFLElBQUksQ0FBQyxPQUFPO1lBQ3ZCLE1BQU0sRUFBRSxJQUFJO1NBQ2IsQ0FDRixDQUFDO0lBQ0osQ0FBQztJQUVPLGlCQUFpQjtRQUN2QixNQUFNLEVBQUUsd0JBQXdCLEVBQUUsR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDO1FBQy9DLElBQUksQ0FBQyx3QkFBd0I7WUFBRSxPQUFPLFNBQVMsQ0FBQztRQUVoRCxPQUFPLElBQUksc0JBQWUsQ0FDeEIsd0JBQXdCLENBQUMsSUFBSSxJQUFJLElBQUksQ0FBQyxJQUFJLEVBQzFDO1lBQ0UsR0FBRyx3QkFBd0I7WUFDM0IsUUFBUSxFQUFFLElBQUksQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyx3QkFBd0IsQ0FBQyxRQUFRLElBQUksVUFBVSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsU0FBUztZQUMxRyxTQUFTLEVBQUUsSUFBSSxDQUFDLFNBQVM7U0FDMUIsRUFDRDtZQUNFLFNBQVMsRUFBRSxJQUFJLENBQUMsT0FBTztZQUN2QixNQUFNLEVBQUUsSUFBSTtTQUNiLENBQ0YsQ0FBQztJQUNKLENBQUM7SUFFTyxVQUFVO1FBQ2hCLE1BQU0sRUFBRSxVQUFVLEVBQUUsR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDO1FBQ2pDLElBQUksQ0FBQyxVQUFVO1lBQUUsT0FBTyxTQUFTLENBQUM7UUFFbEMsT0FBTyxJQUFJLFdBQUksQ0FDYixVQUFVLENBQUMsSUFBSSxJQUFJLElBQUksQ0FBQyxJQUFJLEVBQzVCO1lBQ0UsR0FBRyxVQUFVO1lBQ2IsT0FBTyxFQUFFLElBQUksQ0FBQyxPQUFPO1lBQ3JCLFNBQVMsRUFBRSxJQUFJLENBQUMsU0FBUztZQUN6QixVQUFVLEVBQUUsSUFBSSxDQUFDLFVBQVU7U0FDNUIsRUFDRCxFQUFFLFNBQVMsRUFBRSxJQUFJLENBQUMsT0FBTyxFQUFFLE1BQU0sRUFBRSxJQUFJLEVBQUUsQ0FDMUMsQ0FBQztJQUNKLENBQUM7SUFFTyx1QkFBdUI7UUFDN0IsTUFBTSxFQUFFLG9CQUFvQixFQUFFLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQztRQUMzQyxJQUFJLENBQUMsb0JBQW9CO1lBQUUsT0FBTyxTQUFTLENBQUM7UUFFNUMsT0FBTyxJQUFJLHNCQUFpQixDQUMxQixvQkFBb0IsQ0FBQyxJQUFJLElBQUksSUFBSSxDQUFDLElBQUksRUFDdEM7WUFDRSxHQUFHLG9CQUFvQjtZQUN2QixjQUFjLEVBQUUsb0JBQW9CLENBQUMsY0FBYyxJQUFJLDZDQUE2QztZQUVwRyxPQUFPLEVBQUUsSUFBSSxDQUFDLE9BQU87WUFDckIsa0JBQWtCLEVBQUUsSUFBSSxDQUFDLGtCQUFrQjtZQUMzQyxTQUFTLEVBQUUsSUFBSSxDQUFDLFNBQVM7WUFDekIsVUFBVSxFQUFFLElBQUksQ0FBQyxVQUFVO1NBQzVCLEVBQ0QsRUFBRSxTQUFTLEVBQUUsSUFBSSxDQUFDLE9BQU8sRUFBRSxNQUFNLEVBQUUsSUFBSSxFQUFFLENBQzFDLENBQUM7SUFDSixDQUFDO0lBRU8sVUFBVTtRQUNoQixNQUFNLEVBQUUsVUFBVSxFQUFFLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQztRQUNqQyxJQUFJLENBQUMsVUFBVTtZQUFFLE9BQU8sU0FBUyxDQUFDO1FBQ2xDLE9BQU8sSUFBSSxXQUFJLENBQ2IsVUFBVSxDQUFDLElBQUksSUFBSSxJQUFJLENBQUMsSUFBSSxFQUM1QjtZQUNFLEdBQUcsVUFBVTtZQUNiLE9BQU8sRUFBRSxJQUFJLENBQUMsT0FBTztZQUNyQixVQUFVLEVBQUUsSUFBSSxDQUFDLFVBQVU7WUFDM0IsU0FBUyxFQUFFLElBQUksQ0FBQyxTQUFTO1NBQzFCLEVBQ0QsRUFBRSxTQUFTLEVBQUUsSUFBSSxDQUFDLE9BQU8sRUFBRSxNQUFNLEVBQUUsSUFBSSxFQUFFLENBQzFDLENBQUM7SUFDSixDQUFDO0lBRU0sS0FBSyxDQUFDLEtBQXdDO1FBQ25ELElBQUkscUJBQWMsQ0FDaEIsR0FBRyxJQUFJLENBQUMsSUFBSSxJQUFJLEtBQUssQ0FBQyxRQUFRLEVBQUUsRUFDaEMsRUFBRSxHQUFHLEtBQUssRUFBRSxLQUFLLEVBQUUsbUJBQVMsQ0FBQyxnQkFBZ0IsQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLEVBQUUsRUFDN0QsRUFBRSxTQUFTLEVBQUUsSUFBSSxFQUFFLFdBQVcsRUFBRSxJQUFJLEVBQUUsTUFBTSxFQUFFLElBQUksRUFBRSxDQUNyRCxDQUFDO1FBQ0YsT0FBTyxJQUFJLENBQUM7SUFDZCxDQUFDO0NBQ0Y7QUFqTEQsMENBaUxDIn0=

package/aks/AzKubernetes.d.ts

@@ -3,11 +3,15 @@ import * as inputs from '@pulumi/azure-native/types/input';
 import * as pulumi from '@pulumi/pulumi';
 import { BaseResourceComponent, CommonBaseArgs } from '../base';
 import * as types from '../types';
-export interface AzKubernetesArgs extends CommonBaseArgs, types.WithEncryptionEnabler, types.WithGroupRolesArgs, types.WithUserAssignedIdentity, Pick<ccs.ManagedClusterArgs, 'dnsPrefix' | 'supportPlan' | 'autoScalerProfile' | 'autoUpgradeProfile' | 'disableLocalAccounts' | 'storageProfile'> {
+export interface AzKubernetesArgs extends CommonBaseArgs, types.WithEncryptionEnabler, types.WithGroupRolesArgs, types.WithUserAssignedIdentity, types.WithDiskEncryptSet, Partial<Pick<ccs.ManagedClusterArgs, 'dnsPrefix' | 'supportPlan' | 'autoScalerProfile' | 'autoUpgradeProfile' | 'storageProfile'>> {
     sku: ccs.ManagedClusterSKUTier;
+    nodeResourceGroup?: pulumi.Input<string>;
+    namespaces?: Record<string, ccs.NamespaceArgs['properties']>;
     agentPoolProfiles: pulumi.Input<inputs.containerservice.ManagedClusterAgentPoolProfileArgs & {
         vmSize: pulumi.Input<string>;
         vnetSubnetID: pulumi.Input<string>;
+        enableEncryptionAtHost: pulumi.Input<boolean>;
+        osDiskSizeGB: pulumi.Input<number>;
     }>[];
     attachToAcr?: types.ResourceInputs;
     features: {
@@ -15,7 +19,6 @@ export interface AzKubernetesArgs extends CommonBaseArgs, types.WithEncryptionEn
         enablePrivateClusterPublicFQDN?: boolean;
         enableVerticalPodAutoscaler?: boolean;
         /** KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. */
-        enableKeda?: boolean;
         enableWorkloadIdentity?: boolean;
         enablePodIdentity?: boolean;
     };
@@ -40,16 +43,27 @@ export interface AzKubernetesArgs extends CommonBaseArgs, types.WithEncryptionEn
 export declare class AzKubernetes extends BaseResourceComponent<AzKubernetesArgs> {
     readonly id: pulumi.Output<string>;
     readonly resourceName: pulumi.Output<string>;
+    readonly namespaces: Record<string, types.ResourceOutputs>;
+    readonly privateDnsZone: types.ResourceOutputs | undefined;
     constructor(name: string, args: AzKubernetesArgs, opts?: pulumi.ComponentResourceOptions);
     getOutputs(): {
         id: pulumi.Output<string>;
         resourceName: pulumi.Output<string>;
+        namespaces: Record<string, {
+            resourceName: pulumi.Output<string>;
+            id: pulumi.Output<string>;
+        }>;
+        privateDnsZone: {
+            resourceName: pulumi.Output<string>;
+            id: pulumi.Output<string>;
+        } | undefined;
     };
     private createIdentity;
     private createUserNameAndSshKeys;
     private createDiskEncryptionSet;
     private createCluster;
+    private createNameSpaces;
     private createMaintenance;
     private assignPermission;
-    private addAksCredentialToVault;
+    private getPrivateDNSZone;
 }