@drunk-pulumi/azure-components 1.0.4 → 1.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/ResourceBuilder.d.ts +5 -5
- package/ResourceBuilder.js +9 -8
- package/aks/AzKubernetes.d.ts +35 -12
- package/aks/AzKubernetes.js +216 -124
- package/aks/ContainerRegistry.js +2 -1
- package/aks/helpers.d.ts +6 -0
- package/aks/helpers.js +26 -5
- package/aks/types.d.ts +245 -0
- package/aks/types.js +3 -0
- package/apim/Apim.d.ts +6 -3
- package/apim/Apim.js +18 -16
- package/app/AppContainer.d.ts +91 -0
- package/app/AppContainer.js +141 -0
- package/app/AppContainerEnv.d.ts +68 -0
- package/app/AppContainerEnv.js +142 -0
- package/app/index.d.ts +2 -0
- package/app/index.js +3 -1
- package/azAd/AppRegistration.d.ts +9 -12
- package/azAd/AppRegistration.js +15 -12
- package/azAd/CloudflareAzIdentity.d.ts +10 -0
- package/azAd/CloudflareAzIdentity.js +61 -0
- package/azAd/GroupRole.d.ts +1 -1
- package/azAd/GroupRole.js +4 -5
- package/azAd/UserAssignedIdentity.js +6 -6
- package/azAd/helpers/rsRoleDefinition.js +2 -7
- package/azAd/index.d.ts +1 -0
- package/azAd/index.js +2 -1
- package/base/BaseResourceComponent.d.ts +1 -1
- package/base/BaseResourceComponent.js +5 -5
- package/base/helpers.js +2 -2
- package/database/Redis.d.ts +1 -4
- package/database/Redis.js +12 -4
- package/database/helpers.js +3 -3
- package/helpers/autoTags.js +4 -1
- package/helpers/index.d.ts +1 -0
- package/helpers/index.js +3 -2
- package/helpers/stackEnv.d.ts +2 -1
- package/helpers/stackEnv.js +4 -3
- package/helpers/zoneHelper.d.ts +24 -0
- package/helpers/zoneHelper.js +40 -0
- package/logs/Logs.d.ts +6 -16
- package/logs/Logs.js +4 -5
- package/package.json +7 -6
- package/services/ServiceBus.js +2 -1
- package/storage/StorageAccount.d.ts +4 -7
- package/storage/StorageAccount.js +16 -13
- package/types.d.ts +14 -3
- package/vault/helpers.d.ts +7 -4
- package/vault/helpers.js +11 -4
- package/vm/DiskEncryptionSet.js +3 -1
- package/vm/VirtualMachine.d.ts +5 -0
- package/vm/VirtualMachine.js +156 -41
- package/vnet/Basion.js +3 -1
- package/vnet/Firewall.d.ts +8 -13
- package/vnet/Firewall.js +8 -6
- package/vnet/FirewallPolicies/FirewallPolicyBuilder.js +24 -6
- package/vnet/FirewallPolicies/commonPolicies.d.ts +29 -2
- package/vnet/FirewallPolicies/commonPolicies.js +466 -20
- package/vnet/FirewallPolicies/index.d.ts +2 -0
- package/vnet/FirewallPolicies/index.js +18 -1
- package/vnet/IpAddresses.d.ts +1 -1
- package/vnet/IpAddresses.js +3 -2
- package/vnet/PrivateDnsZone.d.ts +4 -4
- package/vnet/PrivateDnsZone.js +17 -17
- package/vnet/PrivateEndpoint.d.ts +2 -5
- package/vnet/PrivateEndpoint.js +6 -1
- package/vnet/VirtualNetwork.d.ts +11 -5
- package/vnet/VirtualNetwork.js +31 -9
- package/vnet/helpers.d.ts +2 -0
- package/vnet/helpers.js +40 -2
package/vnet/Basion.js
CHANGED
|
@@ -39,6 +39,7 @@ const pulumi = __importStar(require("@pulumi/pulumi"));
|
|
|
39
39
|
const BaseComponent_1 = require("../base/BaseComponent");
|
|
40
40
|
const IpAddresses_1 = require("./IpAddresses");
|
|
41
41
|
const helpers_1 = require("../base/helpers");
|
|
42
|
+
const helpers_2 = require("../helpers");
|
|
42
43
|
class Basion extends BaseComponent_1.BaseComponent {
|
|
43
44
|
id;
|
|
44
45
|
resourceName;
|
|
@@ -50,6 +51,7 @@ class Basion extends BaseComponent_1.BaseComponent {
|
|
|
50
51
|
...props,
|
|
51
52
|
...rsGroup,
|
|
52
53
|
sku: { name: sku },
|
|
54
|
+
zones: sku != 'Basic' && sku != 'Developer' ? helpers_2.zoneHelper.getDefaultZones(props.zones) : undefined,
|
|
53
55
|
ipConfigurations: [
|
|
54
56
|
{
|
|
55
57
|
name: 'IpConfig',
|
|
@@ -88,4 +90,4 @@ class Basion extends BaseComponent_1.BaseComponent {
|
|
|
88
90
|
}
|
|
89
91
|
}
|
|
90
92
|
exports.Basion = Basion;
|
|
91
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
93
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQmFzaW9uLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL3ZuZXQvQmFzaW9uLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztBQUFBLGlFQUFtRDtBQUNuRCx1REFBeUM7QUFHekMseURBQXNEO0FBQ3RELCtDQUE0QztBQUM1Qyw2Q0FBMkQ7QUFDM0Qsd0NBQXdDO0FBNEJ4QyxNQUFhLE1BQU8sU0FBUSw2QkFBeUI7SUFDbkMsRUFBRSxDQUF3QjtJQUMxQixZQUFZLENBQXdCO0lBRXBELFlBQVksSUFBWSxFQUFFLElBQWdCLEVBQUUsSUFBc0M7UUFDaEYsS0FBSyxDQUFDLElBQUEsa0NBQXdCLEVBQUMsUUFBUSxDQUFDLEVBQUUsSUFBSSxFQUFFLElBQUksRUFBRSxJQUFJLENBQUMsQ0FBQztRQUU1RCxNQUFNLEVBQUUsT0FBTyxFQUFFLEdBQUcsRUFBRSxPQUFPLEVBQUUsUUFBUSxFQUFFLEdBQUcsS0FBSyxFQUFFLEdBQUcsSUFBSSxDQUFDO1FBRTNELE1BQU0sU0FBUyxHQUFHLElBQUksQ0FBQyxlQUFlLEVBQUUsQ0FBQztRQUV6QyxNQUFNLEVBQUUsR0FBRyxJQUFJLEVBQUUsQ0FBQyxXQUFXLENBQzNCLElBQUksRUFDSjtZQUNFLEdBQUcsS0FBSztZQUNSLEdBQUcsT0FBTztZQUNWLEdBQUcsRUFBRSxFQUFFLElBQUksRUFBRSxHQUFHLEVBQUU7WUFDbEIsS0FBSyxFQUFFLEdBQUcsSUFBSSxPQUFPLElBQUksR0FBRyxJQUFJLFdBQVcsQ0FBQyxDQUFDLENBQUMsb0JBQVUsQ0FBQyxlQUFlLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQyxTQUFTO1lBQ2pHLGdCQUFnQixFQUFFO2dCQUNoQjtvQkFDRSxJQUFJLEVBQUUsVUFBVTtvQkFDaEIsZUFBZSxFQUFFLEdBQUcsS0FBSyxXQUFXLENBQUMsQ0FBQyxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUMsU0FBUztvQkFDNUQsTUFBTSxFQUFFLEVBQUUsRUFBRSxFQUFFLFFBQVEsRUFBRTtvQkFDeEIseUJBQXlCLEVBQUUsRUFBRSxDQUFDLGtCQUFrQixDQUFDLE9BQU87aUJBQ3pEO2FBQ0Y7WUFFRCxXQUFXLEVBQUUsT0FBTyxFQUFFLE9BQU87Z0JBQzNCLENBQUMsQ0FBQyxFQUFFLE9BQU8sRUFBRSxNQUFNLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxPQUFPLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxHQUFHLEVBQUUsRUFBRSxDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUMsQ0FBQyxFQUFFLEVBQUUsRUFBRSxDQUFDLENBQUMsRUFBRSxhQUFhLEVBQUUsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDLEVBQUU7Z0JBQ3RHLENBQUMsQ0FBQyxTQUFTO1NBQ2QsRUFDRDtZQUNFLEdBQUcsSUFBSTtZQUNQLE1BQU0sRUFBRSxJQUFJO1NBQ2IsQ0FDRixDQUFDO1FBRUYsSUFBSSxDQUFDLEVBQUUsR0FBRyxFQUFFLENBQUMsRUFBRSxDQUFDO1FBQ2hCLElBQUksQ0FBQyxZQUFZLEdBQUcsRUFBRSxDQUFDLElBQUksQ0FBQztRQUU1QixJQUFJLENBQUMsZUFBZSxFQUFFLENBQUM7SUFDekIsQ0FBQztJQUVNLFVBQVU7UUFDZixPQUFPO1lBQ0wsRUFBRSxFQUFFLElBQUksQ0FBQyxFQUFFO1lBQ1gsWUFBWSxFQUFFLElBQUksQ0FBQyxZQUFZO1NBQ2hDLENBQUM7SUFDSixDQUFDO0lBRU8sZUFBZTtRQUNyQixNQUFNLEVBQUUsT0FBTyxFQUFFLGVBQWUsRUFBRSxHQUFHLElBQUksQ0FBQyxJQUFJLENBQUM7UUFDL0MsSUFBSSxlQUFlO1lBQUUsT0FBTyxlQUFlLENBQUM7UUFDNUMsTUFBTSxDQUFDLEdBQUcsR0FBRyxJQUFJLENBQUMsSUFBSSxhQUFhLENBQUM7UUFFcEMsT0FBTyxJQUFJLHlCQUFXLENBQ3BCLEdBQUcsSUFBSSxDQUFDLElBQUksS0FBSyxFQUNqQjtZQUNFLE9BQU87WUFDUCxHQUFHLEVBQUUsRUFBRSxJQUFJLEVBQUUsVUFBVSxFQUFFO1lBQ3pCLFdBQVcsRUFBRSxDQUFDLEVBQUUsSUFBSSxFQUFFLENBQUMsRUFBRSxDQUFDO1NBQzNCLEVBQ0QsRUFBRSxNQUFNLEVBQUUsSUFBSSxFQUFFLENBQ2pCLENBQUMsVUFBVSxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUM7SUFDcEIsQ0FBQztDQUNGO0FBakVELHdCQWlFQyJ9
|
package/vnet/Firewall.d.ts
CHANGED
|
@@ -8,7 +8,7 @@ export type RulePolicyArgs = {
|
|
|
8
8
|
name: string;
|
|
9
9
|
ruleCollections?: pulumi.Input<pulumi.Input<inputs.network.FirewallPolicyFilterRuleCollectionArgs | inputs.network.FirewallPolicyNatRuleCollectionArgs>[]>;
|
|
10
10
|
};
|
|
11
|
-
export interface FirewallArgs extends CommonBaseArgs, types.WithUserAssignedIdentity, types.WithEncryptionEnabler, Pick<network.AzureFirewallArgs, 'autoscaleConfiguration' | 'tags' | 'virtualHub' | 'zones' | 'managementIpConfiguration' | 'ipConfigurations' | 'hubIPAddresses' | 'threatIntelMode'
|
|
11
|
+
export interface FirewallArgs extends CommonBaseArgs, types.WithUserAssignedIdentity, types.WithEncryptionEnabler, Partial<Pick<network.AzureFirewallArgs, 'autoscaleConfiguration' | 'tags' | 'virtualHub' | 'zones' | 'managementIpConfiguration' | 'ipConfigurations' | 'hubIPAddresses' | 'threatIntelMode'>> {
|
|
12
12
|
sku: {
|
|
13
13
|
name: network.AzureFirewallSkuName;
|
|
14
14
|
tier: network.AzureFirewallSkuTier;
|
|
@@ -17,7 +17,7 @@ export interface FirewallArgs extends CommonBaseArgs, types.WithUserAssignedIden
|
|
|
17
17
|
snat?: {
|
|
18
18
|
routeServerId?: pulumi.Input<string>;
|
|
19
19
|
};
|
|
20
|
-
policy: Pick<network.FirewallPolicyArgs, 'dnsSettings' | 'explicitProxy' | 'insights' | 'intrusionDetection' | 'sql' | 'threatIntelMode' | 'threatIntelWhitelist'
|
|
20
|
+
policy: Partial<Pick<network.FirewallPolicyArgs, 'dnsSettings' | 'explicitProxy' | 'insights' | 'intrusionDetection' | 'sql' | 'threatIntelMode' | 'threatIntelWhitelist'>> & {
|
|
21
21
|
basePolicy?: types.ResourceInputs;
|
|
22
22
|
transportSecurityCA?: pulumi.Input<inputs.network.FirewallPolicyCertificateAuthorityArgs>;
|
|
23
23
|
/** The rule collections for this Firewall. Recommend to use "FirewallPolicyBuilder" to build this rules */
|
|
@@ -31,22 +31,17 @@ export interface FirewallArgs extends CommonBaseArgs, types.WithUserAssignedIden
|
|
|
31
31
|
}>;
|
|
32
32
|
};
|
|
33
33
|
}
|
|
34
|
+
export type FirewallOutputs = {
|
|
35
|
+
firewall: types.ResourceOutputs;
|
|
36
|
+
policy: types.ResourceOutputs;
|
|
37
|
+
privateIpAddress: pulumi.Output<string>;
|
|
38
|
+
};
|
|
34
39
|
export declare class Firewall extends BaseResourceComponent<FirewallArgs> {
|
|
35
40
|
readonly firewall: types.ResourceOutputs;
|
|
36
41
|
readonly policy: types.ResourceOutputs;
|
|
37
42
|
readonly privateIpAddress: pulumi.Output<string>;
|
|
38
43
|
constructor(name: string, args: FirewallArgs, opts?: pulumi.ComponentResourceOptions);
|
|
39
|
-
getOutputs():
|
|
40
|
-
firewall: {
|
|
41
|
-
resourceName: pulumi.Output<string>;
|
|
42
|
-
id: pulumi.Output<string>;
|
|
43
|
-
};
|
|
44
|
-
policy: {
|
|
45
|
-
resourceName: pulumi.Output<string>;
|
|
46
|
-
id: pulumi.Output<string>;
|
|
47
|
-
};
|
|
48
|
-
privateIpAddress: pulumi.Output<string>;
|
|
49
|
-
};
|
|
44
|
+
getOutputs(): FirewallOutputs;
|
|
50
45
|
private createPolicy;
|
|
51
46
|
private createFirewall;
|
|
52
47
|
private createPolicyRuleGroup;
|
package/vnet/Firewall.js
CHANGED
|
@@ -36,6 +36,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
36
36
|
exports.Firewall = void 0;
|
|
37
37
|
const network = __importStar(require("@pulumi/azure-native/network"));
|
|
38
38
|
const base_1 = require("../base");
|
|
39
|
+
const helpers_1 = require("../helpers");
|
|
39
40
|
class Firewall extends base_1.BaseResourceComponent {
|
|
40
41
|
firewall;
|
|
41
42
|
policy;
|
|
@@ -61,7 +62,7 @@ class Firewall extends base_1.BaseResourceComponent {
|
|
|
61
62
|
...rsGroup,
|
|
62
63
|
sku,
|
|
63
64
|
basePolicy: basePolicy ? { id: basePolicy.id } : undefined,
|
|
64
|
-
dnsSettings: policy.dnsSettings ?? sku.tier !== network.FirewallPolicySkuTier.Basic
|
|
65
|
+
dnsSettings: (policy.dnsSettings ?? sku.tier !== network.FirewallPolicySkuTier.Basic)
|
|
65
66
|
? {
|
|
66
67
|
enableProxy: true,
|
|
67
68
|
}
|
|
@@ -71,7 +72,7 @@ class Firewall extends base_1.BaseResourceComponent {
|
|
|
71
72
|
autoLearnPrivateRanges: 'Enabled',
|
|
72
73
|
privateRanges: ['IANAPrivateRanges'],
|
|
73
74
|
},
|
|
74
|
-
threatIntelMode: policy.threatIntelMode ?? sku.tier !== network.FirewallPolicySkuTier.Basic
|
|
75
|
+
threatIntelMode: (policy.threatIntelMode ?? sku.tier !== network.FirewallPolicySkuTier.Basic)
|
|
75
76
|
? network.AzureFirewallThreatIntelMode.Deny
|
|
76
77
|
: undefined,
|
|
77
78
|
threatIntelWhitelist: policy.threatIntelWhitelist ?? {
|
|
@@ -112,12 +113,13 @@ class Firewall extends base_1.BaseResourceComponent {
|
|
|
112
113
|
...props,
|
|
113
114
|
...rsGroup,
|
|
114
115
|
sku,
|
|
116
|
+
zones: sku.tier == 'Basic' ? ['1'] : helpers_1.zoneHelper.getDefaultZones(props.zones),
|
|
115
117
|
additionalProperties: properties,
|
|
116
118
|
firewallPolicy: firewallPolicy ? { id: firewallPolicy.id } : undefined,
|
|
117
|
-
threatIntelMode: props.threatIntelMode ?? (sku.tier !== network.AzureFirewallSkuTier.Basic && sku.name !== 'AZFW_Hub')
|
|
119
|
+
threatIntelMode: (props.threatIntelMode ?? (sku.tier !== network.AzureFirewallSkuTier.Basic && sku.name !== 'AZFW_Hub'))
|
|
118
120
|
? network.AzureFirewallThreatIntelMode.Deny
|
|
119
121
|
: undefined,
|
|
120
|
-
}, { ...this.opts, dependsOn:
|
|
122
|
+
}, { ...this.opts, dependsOn: this.opts?.dependsOn, parent: this });
|
|
121
123
|
}
|
|
122
124
|
createPolicyRuleGroup(firewallPolicy) {
|
|
123
125
|
const { policy, rsGroup } = this.args;
|
|
@@ -129,8 +131,8 @@ class Firewall extends base_1.BaseResourceComponent {
|
|
|
129
131
|
...rsGroup,
|
|
130
132
|
...p,
|
|
131
133
|
firewallPolicyName: firewallPolicy.name,
|
|
132
|
-
}, { dependsOn:
|
|
134
|
+
}, { dependsOn: firewallPolicy, parent: this, deletedWith: firewallPolicy }));
|
|
133
135
|
}
|
|
134
136
|
}
|
|
135
137
|
exports.Firewall = Firewall;
|
|
136
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
138
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiRmlyZXdhbGwuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvdm5ldC9GaXJld2FsbC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7QUFBQSxzRUFBd0Q7QUFHeEQsa0NBQWdFO0FBRWhFLHdDQUF3QztBQXNFeEMsTUFBYSxRQUFTLFNBQVEsNEJBQW1DO0lBQy9DLFFBQVEsQ0FBd0I7SUFDaEMsTUFBTSxDQUF3QjtJQUM5QixnQkFBZ0IsQ0FBd0I7SUFFeEQsWUFBWSxJQUFZLEVBQUUsSUFBa0IsRUFBRSxJQUFzQztRQUNsRixLQUFLLENBQUMsVUFBVSxFQUFFLElBQUksRUFBRSxJQUFJLEVBQUUsSUFBSSxDQUFDLENBQUM7UUFFcEMsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLFlBQVksRUFBRSxDQUFDO1FBQ25DLE1BQU0sUUFBUSxHQUFHLElBQUksQ0FBQyxjQUFjLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDN0MsSUFBSSxDQUFDLHFCQUFxQixDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBRW5DLElBQUksQ0FBQyxRQUFRLEdBQUcsRUFBRSxFQUFFLEVBQUUsUUFBUSxDQUFDLEVBQUUsRUFBRSxZQUFZLEVBQUUsUUFBUSxDQUFDLElBQUksRUFBRSxDQUFDO1FBQ2pFLElBQUksQ0FBQyxNQUFNLEdBQUcsRUFBRSxFQUFFLEVBQUUsTUFBTSxDQUFDLEVBQUUsRUFBRSxZQUFZLEVBQUUsTUFBTSxDQUFDLElBQUksRUFBRSxDQUFDO1FBQzNELElBQUksQ0FBQyxnQkFBZ0IsR0FBRyxRQUFRLENBQUMsZ0JBQWdCLENBQUMsS0FBSyxDQUFDLENBQUMsTUFBTSxFQUFFLEVBQUUsQ0FBQyxNQUFPLENBQUMsQ0FBQyxDQUFDLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztRQUVqRyx5QkFBeUI7UUFDekIsSUFBSSxDQUFDLGVBQWUsRUFBRSxDQUFDO0lBQ3pCLENBQUM7SUFFTSxVQUFVO1FBQ2YsT0FBTyxFQUFFLFFBQVEsRUFBRSxJQUFJLENBQUMsUUFBUSxFQUFFLE1BQU0sRUFBRSxJQUFJLENBQUMsTUFBTSxFQUFFLGdCQUFnQixFQUFFLElBQUksQ0FBQyxnQkFBZ0IsRUFBRSxDQUFDO0lBQ25HLENBQUM7SUFFTyxZQUFZLENBQUMsVUFBaUM7UUFDcEQsTUFBTSxFQUNKLE9BQU8sRUFDUCxHQUFHLEVBQ0gsTUFBTSxFQUFFLEVBQUUsS0FBSyxFQUFFLEdBQUcsTUFBTSxFQUFFLEVBQzVCLElBQUksR0FDTCxHQUFHLElBQUksQ0FBQyxJQUFJLENBQUM7UUFFZCxPQUFPLElBQUksT0FBTyxDQUFDLGNBQWMsQ0FDL0IsSUFBSSxDQUFDLElBQUksRUFDVDtZQUNFLEdBQUcsTUFBTTtZQUNULEdBQUcsT0FBTztZQUNWLEdBQUc7WUFDSCxVQUFVLEVBQUUsVUFBVSxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsRUFBRSxVQUFVLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDLFNBQVM7WUFDMUQsV0FBVyxFQUNULENBQUMsTUFBTSxDQUFDLFdBQVcsSUFBSSxHQUFHLENBQUMsSUFBSSxLQUFLLE9BQU8sQ0FBQyxxQkFBcUIsQ0FBQyxLQUFLLENBQUM7Z0JBQ3RFLENBQUMsQ0FBQztvQkFDRSxXQUFXLEVBQUUsSUFBSTtpQkFDbEI7Z0JBQ0gsQ0FBQyxDQUFDLFNBQVM7WUFFZixJQUFJLEVBQUU7Z0JBQ0osZ0NBQWdDO2dCQUNoQyxzQkFBc0IsRUFBRSxTQUFTO2dCQUNqQyxhQUFhLEVBQUUsQ0FBQyxtQkFBbUIsQ0FBQzthQUNyQztZQUVELGVBQWUsRUFDYixDQUFDLE1BQU0sQ0FBQyxlQUFlLElBQUksR0FBRyxDQUFDLElBQUksS0FBSyxPQUFPLENBQUMscUJBQXFCLENBQUMsS0FBSyxDQUFDO2dCQUMxRSxDQUFDLENBQUMsT0FBTyxDQUFDLDRCQUE0QixDQUFDLElBQUk7Z0JBQzNDLENBQUMsQ0FBQyxTQUFTO1lBQ2Ysb0JBQW9CLEVBQUUsTUFBTSxDQUFDLG9CQUFvQixJQUFJO2dCQUNuRCxLQUFLLEVBQUUsQ0FBQyxpQkFBaUIsQ0FBQztnQkFDMUIsV0FBVyxFQUFFLENBQUMsVUFBVSxDQUFDO2FBQzFCO1lBRUQsaUJBQWlCLEVBQ2YsR0FBRyxDQUFDLElBQUksS0FBSyxPQUFPLENBQUMscUJBQXFCLENBQUMsS0FBSyxJQUFJLE1BQU0sQ0FBQyxtQkFBbUI7Z0JBQzVFLENBQUMsQ0FBQyxFQUFFLG9CQUFvQixFQUFFLE1BQU0sQ0FBQyxtQkFBbUIsRUFBRTtnQkFDdEQsQ0FBQyxDQUFDLFNBQVM7WUFFZixRQUFRLEVBQUUsSUFBSTtnQkFDWixDQUFDLENBQUM7b0JBQ0UsU0FBUyxFQUFFLElBQUk7b0JBQ2YscUJBQXFCLEVBQUU7d0JBQ3JCLGtCQUFrQixFQUFFLEVBQUUsRUFBRSxFQUFFLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxFQUFFLEVBQUU7d0JBQ3BELFVBQVUsRUFBRSxJQUFJLENBQUMsa0JBQWtCOzRCQUNqQyxDQUFDLENBQUMsSUFBSSxDQUFDLGtCQUFrQixDQUFDLEdBQUcsQ0FBQyxDQUFDLEVBQUUsRUFBRSxFQUFFLENBQUMsQ0FBQztnQ0FDbkMsTUFBTSxFQUFFLEVBQUUsQ0FBQyxNQUFNO2dDQUNqQixXQUFXLEVBQUUsRUFBRSxFQUFFLEVBQUUsRUFBRSxDQUFDLEVBQUUsRUFBRTs2QkFDM0IsQ0FBQyxDQUFDOzRCQUNMLENBQUMsQ0FBQyxTQUFTO3FCQUNkO2lCQUNGO2dCQUNILENBQUMsQ0FBQyxTQUFTO1NBQ2QsRUFDRCxFQUFFLFNBQVMsRUFBRSxJQUFJLENBQUMsSUFBSSxFQUFFLFNBQVMsRUFBRSxNQUFNLEVBQUUsSUFBSSxFQUFFLENBQ2xELENBQUM7SUFDSixDQUFDO0lBRU8sY0FBYyxDQUFDLGNBQXNDO1FBQzNELE1BQU0sRUFBRSxPQUFPLEVBQUUsR0FBRyxFQUFFLElBQUksRUFBRSxNQUFNLEVBQUUsSUFBSSxFQUFFLG9CQUFvQixFQUFFLEdBQUcsS0FBSyxFQUFFLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQztRQUN2RixNQUFNLFVBQVUsR0FBeUM7WUFDdkQsR0FBRyxvQkFBb0I7WUFDdkIsb0NBQW9DO1lBQ3BDLHFDQUFxQztTQUN0QyxDQUFDO1FBRUYsSUFBSSxJQUFJLEVBQUUsQ0FBQztZQUNULElBQUksSUFBSSxDQUFDLGFBQWE7Z0JBQUUsVUFBVSxDQUFDLHVDQUF1QyxDQUFDLEdBQUcsSUFBSSxDQUFDLGFBQWEsQ0FBQztRQUNuRyxDQUFDO1FBRUQsT0FBTyxJQUFJLE9BQU8sQ0FBQyxhQUFhLENBQzlCLElBQUksQ0FBQyxJQUFJLEVBQ1Q7WUFDRSxHQUFHLEtBQUs7WUFDUixHQUFHLE9BQU87WUFDVixHQUFHO1lBQ0gsS0FBSyxFQUFFLEdBQUcsQ0FBQyxJQUFJLElBQUksT0FBTyxDQUFDLENBQUMsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxvQkFBVSxDQUFDLGVBQWUsQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDO1lBQzVFLG9CQUFvQixFQUFFLFVBQVU7WUFDaEMsY0FBYyxFQUFFLGNBQWMsQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLEVBQUUsY0FBYyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxTQUFTO1lBQ3RFLGVBQWUsRUFDYixDQUFDLEtBQUssQ0FBQyxlQUFlLElBQUksQ0FBQyxHQUFHLENBQUMsSUFBSSxLQUFLLE9BQU8sQ0FBQyxvQkFBb0IsQ0FBQyxLQUFLLElBQUksR0FBRyxDQUFDLElBQUksS0FBSyxVQUFVLENBQUMsQ0FBQztnQkFDckcsQ0FBQyxDQUFDLE9BQU8sQ0FBQyw0QkFBNEIsQ0FBQyxJQUFJO2dCQUMzQyxDQUFDLENBQUMsU0FBUztTQUNoQixFQUNELEVBQUUsR0FBRyxJQUFJLENBQUMsSUFBSSxFQUFFLFNBQVMsRUFBRSxJQUFJLENBQUMsSUFBSSxFQUFFLFNBQVMsRUFBRSxNQUFNLEVBQUUsSUFBSSxFQUFFLENBQ2hFLENBQUM7SUFDSixDQUFDO0lBRU8scUJBQXFCLENBQUMsY0FBc0M7UUFDbEUsTUFBTSxFQUFFLE1BQU0sRUFBRSxPQUFPLEVBQUUsR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDO1FBQ3RDLElBQUksQ0FBQyxNQUFNLENBQUMsS0FBSztZQUFFLE9BQU87UUFFMUIsTUFBTSxDQUFDLEtBQUs7YUFDVCxJQUFJLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsUUFBUSxHQUFHLENBQUMsQ0FBQyxRQUFRLENBQUM7YUFDdkMsR0FBRyxDQUNGLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FDSixJQUFJLE9BQU8sQ0FBQyxpQ0FBaUMsQ0FDM0MsR0FBRyxJQUFJLENBQUMsSUFBSSxJQUFJLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFDeEI7WUFDRSxHQUFHLE9BQU87WUFDVixHQUFHLENBQUM7WUFDSixrQkFBa0IsRUFBRSxjQUFjLENBQUMsSUFBSTtTQUN4QyxFQUNELEVBQUUsU0FBUyxFQUFFLGNBQWMsRUFBRSxNQUFNLEVBQUUsSUFBSSxFQUFFLFdBQVcsRUFBRSxjQUFjLEVBQUUsQ0FDekUsQ0FDSixDQUFDO0lBQ04sQ0FBQztDQUNGO0FBdElELDRCQXNJQyJ9
|
|
@@ -71,21 +71,39 @@ class FirewallPolicyBuilder {
|
|
|
71
71
|
}
|
|
72
72
|
build() {
|
|
73
73
|
const natRules = {
|
|
74
|
-
name: `${this.name}-
|
|
74
|
+
name: `${this.name}-dNat-rules`.toLocaleLowerCase(),
|
|
75
75
|
action: { type: network.FirewallPolicyNatRuleCollectionActionType.DNAT },
|
|
76
76
|
ruleCollectionType: 'FirewallPolicyNatRuleCollection',
|
|
77
77
|
priority: 300,
|
|
78
78
|
rules: this._natRules,
|
|
79
79
|
};
|
|
80
|
-
const
|
|
81
|
-
name: `${this.name}-${this.props.action}-rules
|
|
80
|
+
const netRules = {
|
|
81
|
+
name: `${this.name}-${this.props.action}-net-rules`.toLocaleLowerCase(),
|
|
82
82
|
action: { type: this.props.action },
|
|
83
83
|
ruleCollectionType: `FirewallPolicyFilterRuleCollection`,
|
|
84
84
|
priority: 400,
|
|
85
|
-
rules:
|
|
85
|
+
rules: this._netRules,
|
|
86
|
+
};
|
|
87
|
+
const appRules = {
|
|
88
|
+
name: `${this.name}-${this.props.action}-app-rules`.toLocaleLowerCase(),
|
|
89
|
+
action: { type: this.props.action },
|
|
90
|
+
ruleCollectionType: `FirewallPolicyFilterRuleCollection`,
|
|
91
|
+
priority: 500,
|
|
92
|
+
rules: this._appRules,
|
|
93
|
+
};
|
|
94
|
+
const ruleCollections = [];
|
|
95
|
+
if (this._natRules.length > 0)
|
|
96
|
+
ruleCollections.push(natRules);
|
|
97
|
+
if (this._netRules.length > 0)
|
|
98
|
+
ruleCollections.push(netRules);
|
|
99
|
+
if (this._appRules.length > 0)
|
|
100
|
+
ruleCollections.push(appRules);
|
|
101
|
+
return {
|
|
102
|
+
name: this.name,
|
|
103
|
+
priority: this.props.priority,
|
|
104
|
+
ruleCollections: ruleCollections,
|
|
86
105
|
};
|
|
87
|
-
return { name: this.name, priority: this.props.priority, ruleCollections: [natRules, rules] };
|
|
88
106
|
}
|
|
89
107
|
}
|
|
90
108
|
exports.FirewallPolicyBuilder = FirewallPolicyBuilder;
|
|
91
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
109
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiRmlyZXdhbGxQb2xpY3lCdWlsZGVyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3ZuZXQvRmlyZXdhbGxQb2xpY2llcy9GaXJld2FsbFBvbGljeUJ1aWxkZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0FBQ0Esc0VBQXdEO0FBR3hELE1BQWEscUJBQXFCO0lBTWQ7SUFDQztJQU5YLFNBQVMsR0FBc0MsRUFBRSxDQUFDO0lBQ2xELFNBQVMsR0FBMEMsRUFBRSxDQUFDO0lBQ3RELFNBQVMsR0FBOEMsRUFBRSxDQUFDO0lBRWxFLFlBQ2tCLElBQVksRUFDWCxLQUF5RjtRQUQxRixTQUFJLEdBQUosSUFBSSxDQUFRO1FBQ1gsVUFBSyxHQUFMLEtBQUssQ0FBb0Y7SUFDekcsQ0FBQztJQUVHLFVBQVUsQ0FBQyxJQUFZLEVBQUUsS0FBNEQ7UUFDMUYsSUFBSSxDQUFDLFNBQVMsQ0FBQyxJQUFJLENBQUM7WUFDbEIsR0FBRyxLQUFLO1lBQ1IsSUFBSSxFQUFFLEdBQUcsSUFBSSxDQUFDLElBQUksSUFBSSxJQUFJLE1BQU07WUFDaEMsUUFBUSxFQUFFLFNBQVM7U0FDcEIsQ0FBQyxDQUFDO1FBRUgsT0FBTyxJQUFJLENBQUM7SUFDZCxDQUFDO0lBRU0sVUFBVSxDQUNmLElBQVksRUFDWixLQUFnRTtRQUVoRSxJQUFJLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQztZQUNsQixHQUFHLEtBQUs7WUFDUixJQUFJLEVBQUUsR0FBRyxJQUFJLENBQUMsSUFBSSxJQUFJLElBQUksTUFBTTtZQUNoQyxRQUFRLEVBQUUsYUFBYTtTQUN4QixDQUFDLENBQUM7UUFDSCxPQUFPLElBQUksQ0FBQztJQUNkLENBQUM7SUFFTSxVQUFVLENBQ2YsSUFBWSxFQUNaLEtBQW9FO1FBRXBFLElBQUksQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDO1lBQ2xCLEdBQUcsS0FBSztZQUNSLElBQUksRUFBRSxHQUFHLElBQUksQ0FBQyxJQUFJLElBQUksSUFBSSxNQUFNO1lBQ2hDLFFBQVEsRUFBRSxpQkFBaUI7U0FDNUIsQ0FBQyxDQUFDO1FBQ0gsT0FBTyxJQUFJLENBQUM7SUFDZCxDQUFDO0lBRU0sS0FBSztRQUNWLE1BQU0sUUFBUSxHQUF1RDtZQUNuRSxJQUFJLEVBQUUsR0FBRyxJQUFJLENBQUMsSUFBSSxhQUFhLENBQUMsaUJBQWlCLEVBQUU7WUFDbkQsTUFBTSxFQUFFLEVBQUUsSUFBSSxFQUFFLE9BQU8sQ0FBQyx5Q0FBeUMsQ0FBQyxJQUFJLEVBQUU7WUFDeEUsa0JBQWtCLEVBQUUsaUNBQWlDO1lBQ3JELFFBQVEsRUFBRSxHQUFHO1lBQ2IsS0FBSyxFQUFFLElBQUksQ0FBQyxTQUFTO1NBQ3RCLENBQUM7UUFFRixNQUFNLFFBQVEsR0FBMEQ7WUFDdEUsSUFBSSxFQUFFLEdBQUcsSUFBSSxDQUFDLElBQUksSUFBSSxJQUFJLENBQUMsS0FBSyxDQUFDLE1BQU0sWUFBWSxDQUFDLGlCQUFpQixFQUFFO1lBQ3ZFLE1BQU0sRUFBRSxFQUFFLElBQUksRUFBRSxJQUFJLENBQUMsS0FBSyxDQUFDLE1BQU0sRUFBRTtZQUNuQyxrQkFBa0IsRUFBRSxvQ0FBb0M7WUFDeEQsUUFBUSxFQUFFLEdBQUc7WUFDYixLQUFLLEVBQUUsSUFBSSxDQUFDLFNBQVM7U0FDdEIsQ0FBQztRQUVGLE1BQU0sUUFBUSxHQUEwRDtZQUN0RSxJQUFJLEVBQUUsR0FBRyxJQUFJLENBQUMsSUFBSSxJQUFJLElBQUksQ0FBQyxLQUFLLENBQUMsTUFBTSxZQUFZLENBQUMsaUJBQWlCLEVBQUU7WUFDdkUsTUFBTSxFQUFFLEVBQUUsSUFBSSxFQUFFLElBQUksQ0FBQyxLQUFLLENBQUMsTUFBTSxFQUFFO1lBQ25DLGtCQUFrQixFQUFFLG9DQUFvQztZQUN4RCxRQUFRLEVBQUUsR0FBRztZQUNiLEtBQUssRUFBRSxJQUFJLENBQUMsU0FBUztTQUN0QixDQUFDO1FBRUYsTUFBTSxlQUFlLEdBQUcsRUFBRSxDQUFDO1FBQzNCLElBQUksSUFBSSxDQUFDLFNBQVMsQ0FBQyxNQUFNLEdBQUcsQ0FBQztZQUFFLGVBQWUsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLENBQUM7UUFDOUQsSUFBSSxJQUFJLENBQUMsU0FBUyxDQUFDLE1BQU0sR0FBRyxDQUFDO1lBQUUsZUFBZSxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUM5RCxJQUFJLElBQUksQ0FBQyxTQUFTLENBQUMsTUFBTSxHQUFHLENBQUM7WUFBRSxlQUFlLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBRTlELE9BQU87WUFDTCxJQUFJLEVBQUUsSUFBSSxDQUFDLElBQUk7WUFDZixRQUFRLEVBQUUsSUFBSSxDQUFDLEtBQUssQ0FBQyxRQUFRO1lBQzdCLGVBQWUsRUFBRSxlQUFlO1NBQ2pDLENBQUM7SUFDSixDQUFDO0NBQ0Y7QUFoRkQsc0RBZ0ZDIn0=
|
|
@@ -1,9 +1,36 @@
|
|
|
1
1
|
import * as pulumi from '@pulumi/pulumi';
|
|
2
2
|
import { FirewallPolicyBuilder } from './FirewallPolicyBuilder';
|
|
3
|
-
export declare
|
|
3
|
+
export declare const allAzurePorts: string[];
|
|
4
|
+
export declare function newFirewallPolicy(name: string, { priority, action }: {
|
|
5
|
+
priority: number;
|
|
6
|
+
action: 'Allow' | 'Deny';
|
|
7
|
+
}): FirewallPolicyBuilder;
|
|
8
|
+
export declare function defaultAllowedPolicies({ name, priority, sourceAddresses, allowsAllApps, allowsAzurePortal, allowsAzureDevOps, allowsOffice365, allowsWindowsUpdate, }: {
|
|
9
|
+
name?: string;
|
|
10
|
+
priority: number;
|
|
11
|
+
sourceAddresses: pulumi.Input<string>[];
|
|
12
|
+
allowsAzurePortal?: boolean;
|
|
13
|
+
allowsOffice365?: boolean;
|
|
14
|
+
allowsAzureDevOps?: boolean;
|
|
15
|
+
/**This is dangerous rule use with care*/
|
|
16
|
+
allowsAllApps?: boolean;
|
|
17
|
+
allowsWindowsUpdate?: boolean;
|
|
18
|
+
}): FirewallPolicyBuilder;
|
|
19
|
+
export declare function defaultDeniedPolicies(priority?: number): import("..").RulePolicyArgs;
|
|
20
|
+
export declare function allowsCloudflareTunnels({ name, priority, sourceAddresses, internalDestinationAddresses, internalDestinationPorts, }: {
|
|
21
|
+
name?: string;
|
|
22
|
+
priority: number;
|
|
23
|
+
sourceAddresses: pulumi.Input<string>[];
|
|
24
|
+
/**Allows tunnels access to these addresses only*/
|
|
25
|
+
internalDestinationAddresses?: pulumi.Input<string>[];
|
|
26
|
+
/**Allows tunnels access to these ports only*/
|
|
27
|
+
internalDestinationPorts?: pulumi.Input<string>[];
|
|
28
|
+
}): import("..").RulePolicyArgs;
|
|
4
29
|
/** These rules are not required for Private AKS */
|
|
5
|
-
export declare function
|
|
30
|
+
export declare function allowsAksPolicies({ name, priority, subnetAddressSpaces, privateCluster, }: {
|
|
31
|
+
name?: string;
|
|
6
32
|
priority: number;
|
|
33
|
+
privateCluster?: boolean;
|
|
7
34
|
subnetAddressSpaces: Array<pulumi.Input<string>>;
|
|
8
35
|
/** the name of Azure Container registry allows access from Azure AKS */
|
|
9
36
|
allowsAcrs?: pulumi.Input<string>[];
|