@drunk-pulumi/azure 0.0.19

package/Core/KeyGenetators.js

@@ -0,0 +1,66 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generatePGP = exports.generateSsh = void 0;
+const Naming_1 = require("../Common/Naming");
+const SshKeyGenerator_1 = require("@drunk-pulumi/azure-providers/SshKeyGenerator");
+const CustomHelper_1 = require("../KeyVault/CustomHelper");
+const Helper_1 = require("../KeyVault/Helper");
+const Random_1 = require("./Random");
+const PGPGenerator_1 = require("@drunk-pulumi/azure-providers/PGPGenerator");
+const generateSsh = ({ name, loginPrefix, maxUserNameLength, passwordOptions = { policy: false }, vaultInfo, }) => {
+    name = (0, Naming_1.getSshName)(name);
+    const userNameKey = `${name}-user`;
+    const passwordKeyName = `${name}-password`;
+    const publicKeyName = `${name}-publicKey`;
+    const privateKeyName = `${name}-privateKey`;
+    const userName = (0, Random_1.randomUserName)({ name, loginPrefix, maxUserNameLength });
+    const pass = (0, Random_1.randomPassword)({ name, ...passwordOptions });
+    const rs = new SshKeyGenerator_1.SshKeyResource(name, {
+        password: pass.result,
+        vaultInfo,
+        publicKeyName,
+        privateKeyName,
+    }, { dependsOn: pass });
+    (0, CustomHelper_1.addCustomSecret)({
+        name: userNameKey,
+        value: userName,
+        vaultInfo,
+        contentType: 'Random Ssh',
+    });
+    (0, CustomHelper_1.addCustomSecret)({
+        name: passwordKeyName,
+        value: pass.result,
+        vaultInfo,
+        contentType: 'Random Ssh',
+        dependsOn: rs,
+    });
+    return {
+        userName,
+        ssh: rs,
+        password: pass.result,
+        vaultNames: { passwordKeyName, publicKeyName, privateKeyName },
+        lists: {
+            getUserName: async () => (await (0, Helper_1.getSecret)({ name: userNameKey, vaultInfo }))?.value,
+            getPublicKey: async () => (await (0, Helper_1.getSecret)({ name: publicKeyName, vaultInfo }))?.value,
+        },
+    };
+};
+exports.generateSsh = generateSsh;
+const generatePGP = ({ name, options, vaultInfo, }) => {
+    const rs = new PGPGenerator_1.PGPResource(name, {
+        pgp: options,
+        vaultInfo,
+    });
+    return {
+        name,
+        pgp: rs,
+        lists: {
+            getPublicKey: async () => (await (0, Helper_1.getSecret)({ name: `${name}-publicKey`, vaultInfo }))?.value,
+            getPrivateKey: async () => (await (0, Helper_1.getSecret)({ name: `${name}-privateKey`, vaultInfo }))?.value,
+            getRevocationCertificate: async () => (await (0, Helper_1.getSecret)({ name: `${name}-revocationCertificate`, vaultInfo }))
+                ?.value,
+        },
+    };
+};
+exports.generatePGP = generatePGP;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiS2V5R2VuZXRhdG9ycy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9Db3JlL0tleUdlbmV0YXRvcnMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQ0EsNkNBQThDO0FBQzlDLG1GQUErRTtBQUMvRSwyREFBMkQ7QUFDM0QsK0NBQStDO0FBQy9DLHFDQUFzRTtBQUN0RSw2RUFBbUY7QUFFNUUsTUFBTSxXQUFXLEdBQUcsQ0FBQyxFQUMxQixJQUFJLEVBQ0osV0FBVyxFQUNYLGlCQUFpQixFQUNqQixlQUFlLEdBQUcsRUFBRSxNQUFNLEVBQUUsS0FBSyxFQUFFLEVBQ25DLFNBQVMsR0FDZ0MsRUFBRSxFQUFFO0lBQzdDLElBQUksR0FBRyxJQUFBLG1CQUFVLEVBQUMsSUFBSSxDQUFDLENBQUM7SUFFeEIsTUFBTSxXQUFXLEdBQUcsR0FBRyxJQUFJLE9BQU8sQ0FBQztJQUNuQyxNQUFNLGVBQWUsR0FBRyxHQUFHLElBQUksV0FBVyxDQUFDO0lBQzNDLE1BQU0sYUFBYSxHQUFHLEdBQUcsSUFBSSxZQUFZLENBQUM7SUFDMUMsTUFBTSxjQUFjLEdBQUcsR0FBRyxJQUFJLGFBQWEsQ0FBQztJQUU1QyxNQUFNLFFBQVEsR0FBRyxJQUFBLHVCQUFjLEVBQUMsRUFBRSxJQUFJLEVBQUUsV0FBVyxFQUFFLGlCQUFpQixFQUFFLENBQUMsQ0FBQztJQUMxRSxNQUFNLElBQUksR0FBRyxJQUFBLHVCQUFjLEVBQUMsRUFBRSxJQUFJLEVBQUUsR0FBRyxlQUFlLEVBQUUsQ0FBQyxDQUFDO0lBRTFELE1BQU0sRUFBRSxHQUFHLElBQUksZ0NBQWMsQ0FDM0IsSUFBSSxFQUNKO1FBQ0UsUUFBUSxFQUFFLElBQUksQ0FBQyxNQUFNO1FBQ3JCLFNBQVM7UUFDVCxhQUFhO1FBQ2IsY0FBYztLQUNmLEVBQ0QsRUFBRSxTQUFTLEVBQUUsSUFBSSxFQUFFLENBQ3BCLENBQUM7SUFFRixJQUFBLDhCQUFlLEVBQUM7UUFDZCxJQUFJLEVBQUUsV0FBVztRQUNqQixLQUFLLEVBQUUsUUFBUTtRQUNmLFNBQVM7UUFDVCxXQUFXLEVBQUUsWUFBWTtLQUMxQixDQUFDLENBQUM7SUFFSCxJQUFBLDhCQUFlLEVBQUM7UUFDZCxJQUFJLEVBQUUsZUFBZTtRQUNyQixLQUFLLEVBQUUsSUFBSSxDQUFDLE1BQU07UUFDbEIsU0FBUztRQUNULFdBQVcsRUFBRSxZQUFZO1FBQ3pCLFNBQVMsRUFBRSxFQUFFO0tBQ2QsQ0FBQyxDQUFDO0lBRUgsT0FBTztRQUNMLFFBQVE7UUFDUixHQUFHLEVBQUUsRUFBRTtRQUNQLFFBQVEsRUFBRSxJQUFJLENBQUMsTUFBTTtRQUNyQixVQUFVLEVBQUUsRUFBRSxlQUFlLEVBQUUsYUFBYSxFQUFFLGNBQWMsRUFBRTtRQUM5RCxLQUFLLEVBQUU7WUFDTCxXQUFXLEVBQUUsS0FBSyxJQUFJLEVBQUUsQ0FDdEIsQ0FBQyxNQUFNLElBQUEsa0JBQVMsRUFBQyxFQUFFLElBQUksRUFBRSxXQUFXLEVBQUUsU0FBUyxFQUFFLENBQUMsQ0FBQyxFQUFFLEtBQUs7WUFDNUQsWUFBWSxFQUFFLEtBQUssSUFBSSxFQUFFLENBQ3ZCLENBQUMsTUFBTSxJQUFBLGtCQUFTLEVBQUMsRUFBRSxJQUFJLEVBQUUsYUFBYSxFQUFFLFNBQVMsRUFBRSxDQUFDLENBQUMsRUFBRSxLQUFLO1NBQy9EO0tBQ0YsQ0FBQztBQUNKLENBQUMsQ0FBQztBQXZEVyxRQUFBLFdBQVcsZUF1RHRCO0FBRUssTUFBTSxXQUFXLEdBQUcsQ0FBQyxFQUMxQixJQUFJLEVBQ0osT0FBTyxFQUNQLFNBQVMsR0FLVixFQUFFLEVBQUU7SUFDSCxNQUFNLEVBQUUsR0FBRyxJQUFJLDBCQUFXLENBQUMsSUFBSSxFQUFFO1FBQy9CLEdBQUcsRUFBRSxPQUFPO1FBQ1osU0FBUztLQUNWLENBQUMsQ0FBQztJQUVILE9BQU87UUFDTCxJQUFJO1FBQ0osR0FBRyxFQUFFLEVBQUU7UUFDUCxLQUFLLEVBQUU7WUFDTCxZQUFZLEVBQUUsS0FBSyxJQUFJLEVBQUUsQ0FDdkIsQ0FBQyxNQUFNLElBQUEsa0JBQVMsRUFBQyxFQUFFLElBQUksRUFBRSxHQUFHLElBQUksWUFBWSxFQUFFLFNBQVMsRUFBRSxDQUFDLENBQUMsRUFBRSxLQUFLO1lBQ3BFLGFBQWEsRUFBRSxLQUFLLElBQUksRUFBRSxDQUN4QixDQUFDLE1BQU0sSUFBQSxrQkFBUyxFQUFDLEVBQUUsSUFBSSxFQUFFLEdBQUcsSUFBSSxhQUFhLEVBQUUsU0FBUyxFQUFFLENBQUMsQ0FBQyxFQUFFLEtBQUs7WUFDckUsd0JBQXdCLEVBQUUsS0FBSyxJQUFJLEVBQUUsQ0FDbkMsQ0FBQyxNQUFNLElBQUEsa0JBQVMsRUFBQyxFQUFFLElBQUksRUFBRSxHQUFHLElBQUksd0JBQXdCLEVBQUUsU0FBUyxFQUFFLENBQUMsQ0FBQztnQkFDckUsRUFBRSxLQUFLO1NBQ1o7S0FDRixDQUFDO0FBQ0osQ0FBQyxDQUFDO0FBM0JXLFFBQUEsV0FBVyxlQTJCdEIifQ==

package/Core/Locker.d.ts

@@ -0,0 +1,13 @@
+import * as authorization from '@pulumi/azure-native/authorization';
+import * as pulumi from '@pulumi/pulumi';
+import { Input, Resource } from '@pulumi/pulumi';
+interface Props {
+    name: string;
+    resourceId: pulumi.Output<string>;
+    level?: authorization.LockLevel;
+    protect?: boolean;
+    dependsOn?: Input<Input<Resource>[]> | Input<Resource>;
+}
+/** Lock Delete from Resource group level.*/
+declare const _default: ({ name, resourceId, level, protect, dependsOn, }: Props) => import("@pulumi/azure-native/authorization/managementLockByScope").ManagementLockByScope;
+export default _default;

package/Core/Locker.js

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const authorization = require("@pulumi/azure-native/authorization");
+/** Lock Delete from Resource group level.*/
+exports.default = ({ name, resourceId, level = authorization.LockLevel.CanNotDelete, protect = true, dependsOn, }) => {
+    const n = `${name}-${level}`;
+    return new authorization.ManagementLockByScope(name, {
+        lockName: n,
+        level,
+        scope: resourceId,
+        notes: `Lock ${name} from ${level}`,
+    }, { dependsOn, protect });
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiTG9ja2VyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL0NvcmUvTG9ja2VyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBQUEsb0VBQW9FO0FBWXBFLDRDQUE0QztBQUM1QyxrQkFBZSxDQUFDLEVBQ2QsSUFBSSxFQUNKLFVBQVUsRUFDVixLQUFLLEdBQUcsYUFBYSxDQUFDLFNBQVMsQ0FBQyxZQUFZLEVBQzVDLE9BQU8sR0FBRyxJQUFJLEVBQ2QsU0FBUyxHQUNILEVBQUUsRUFBRTtJQUNWLE1BQU0sQ0FBQyxHQUFHLEdBQUcsSUFBSSxJQUFJLEtBQUssRUFBRSxDQUFDO0lBRTdCLE9BQU8sSUFBSSxhQUFhLENBQUMscUJBQXFCLENBQzVDLElBQUksRUFDSjtRQUNFLFFBQVEsRUFBRSxDQUFDO1FBQ1gsS0FBSztRQUNMLEtBQUssRUFBRSxVQUFVO1FBQ2pCLEtBQUssRUFBRSxRQUFRLElBQUksU0FBUyxLQUFLLEVBQUU7S0FDcEMsRUFDRCxFQUFFLFNBQVMsRUFBRSxPQUFPLEVBQUUsQ0FDdkIsQ0FBQztBQUNKLENBQUMsQ0FBQyJ9

package/Core/Random.d.ts

@@ -0,0 +1,40 @@
+import { Output } from '@pulumi/pulumi';
+import { KeyVaultInfo } from '../types';
+interface RandomPassProps {
+    name: string;
+    policy?: 'monthly' | 'yearly' | boolean;
+    length?: number;
+    options?: {
+        lower?: boolean;
+        upper?: boolean;
+        numeric?: boolean;
+        special?: boolean;
+    };
+    vaultInfo?: KeyVaultInfo;
+}
+/**
+ * Genera random password with 50 characters length.
+ * @param name the name of password
+ * @param autoRolling if true the password will be changed every year.
+ */
+export declare const randomPassword: ({ length, name, policy, options, vaultInfo, }: RandomPassProps) => import("@pulumi/random/randomPassword").RandomPassword;
+export declare const randomUuId: (name: string) => import("@pulumi/random/randomUuid").RandomUuid;
+interface UserNameProps {
+    name: string;
+    loginPrefix?: string;
+    maxUserNameLength?: number;
+}
+export declare const randomUserName: ({ name, loginPrefix, maxUserNameLength, }: UserNameProps) => Output<string>;
+export interface LoginProps extends UserNameProps {
+    passwordOptions?: Omit<RandomPassProps, 'name'>;
+    vaultInfo?: KeyVaultInfo;
+}
+export declare const randomLogin: ({ name, loginPrefix, maxUserNameLength, passwordOptions, vaultInfo, }: LoginProps) => {
+    userName: Output<string>;
+    password: Output<string>;
+    vaultKeys: {
+        userNameKey: string;
+        passwordKey: string;
+    };
+};
+export {};

package/Core/Random.js

@@ -0,0 +1,83 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.randomLogin = exports.randomUserName = exports.randomUuId = exports.randomPassword = void 0;
+const random = require("@pulumi/random");
+const Naming_1 = require("../Common/Naming");
+const CustomHelper_1 = require("../KeyVault/CustomHelper");
+/**
+ * Genera random password with 50 characters length.
+ * @param name the name of password
+ * @param autoRolling if true the password will be changed every year.
+ */
+const randomPassword = ({ length = 50, name, policy = 'yearly', options, vaultInfo, }) => {
+    if (length < 10)
+        length = 10;
+    const keepKey = policy === 'monthly'
+        ? `${new Date().getMonth()}.${new Date().getFullYear()}`
+        : policy === 'yearly'
+            ? `${new Date().getFullYear()}`
+            : '';
+    name = (0, Naming_1.getPasswordName)(name, null);
+    const randomPass = new random.RandomPassword(name, {
+        keepers: { keepKey },
+        length,
+        lower: true,
+        minLower: 2,
+        upper: true,
+        minUpper: 2,
+        numeric: true,
+        minNumeric: 2,
+        special: true,
+        minSpecial: options?.special ? 2 : 0,
+        ...options,
+        //Exclude some special characters that are not accepted by XML and SQLServer.
+        overrideSpecial: options?.special == false ? '' : '#%&*+-/:<>?^_|~',
+    });
+    if (vaultInfo) {
+        (0, CustomHelper_1.addCustomSecret)({
+            name: (0, Naming_1.getPasswordName)(name, null),
+            vaultInfo,
+            value: randomPass.result,
+            contentType: name,
+        });
+    }
+    return randomPass;
+};
+exports.randomPassword = randomPassword;
+const randomUuId = (name) => new random.RandomUuid(name);
+exports.randomUuId = randomUuId;
+const randomString = (name, length = 5) => new random.RandomString(name, {
+    length,
+    numeric: true,
+    lower: true,
+    upper: true,
+    special: false,
+});
+const randomUserName = ({ name, loginPrefix = 'admin', maxUserNameLength = 15, }) => {
+    const rd = randomString(name);
+    return rd.result.apply((r) => `${loginPrefix}${name}${r}`.substring(0, maxUserNameLength));
+};
+exports.randomUserName = randomUserName;
+const randomLogin = ({ name, loginPrefix, maxUserNameLength, passwordOptions = { policy: 'yearly' }, vaultInfo, }) => {
+    const userName = (0, exports.randomUserName)({ name, loginPrefix, maxUserNameLength });
+    const password = (0, exports.randomPassword)({ name, ...passwordOptions }).result;
+    const userNameKey = `${name}-user`;
+    const passwordKey = `${name}-password`;
+    if (vaultInfo) {
+        (0, CustomHelper_1.addCustomSecret)({
+            name: userNameKey,
+            value: userName,
+            vaultInfo,
+            contentType: 'Random Login',
+        });
+        (0, CustomHelper_1.addCustomSecret)({
+            name: passwordKey,
+            value: password,
+            vaultInfo,
+            contentType: 'Random Login',
+        });
+    }
+    return { userName, password, vaultKeys: { userNameKey, passwordKey } };
+};
+exports.randomLogin = randomLogin;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiUmFuZG9tLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL0NvcmUvUmFuZG9tLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUNBLHlDQUF5QztBQUV6Qyw2Q0FBbUQ7QUFDbkQsMkRBQTJEO0FBZ0IzRDs7OztHQUlHO0FBQ0ksTUFBTSxjQUFjLEdBQUcsQ0FBQyxFQUM3QixNQUFNLEdBQUcsRUFBRSxFQUNYLElBQUksRUFDSixNQUFNLEdBQUcsUUFBUSxFQUNqQixPQUFPLEVBQ1AsU0FBUyxHQUNPLEVBQUUsRUFBRTtJQUNwQixJQUFJLE1BQU0sR0FBRyxFQUFFO1FBQUUsTUFBTSxHQUFHLEVBQUUsQ0FBQztJQUU3QixNQUFNLE9BQU8sR0FDWCxNQUFNLEtBQUssU0FBUztRQUNsQixDQUFDLENBQUMsR0FBRyxJQUFJLElBQUksRUFBRSxDQUFDLFFBQVEsRUFBRSxJQUFJLElBQUksSUFBSSxFQUFFLENBQUMsV0FBVyxFQUFFLEVBQUU7UUFDeEQsQ0FBQyxDQUFDLE1BQU0sS0FBSyxRQUFRO1lBQ3JCLENBQUMsQ0FBQyxHQUFHLElBQUksSUFBSSxFQUFFLENBQUMsV0FBVyxFQUFFLEVBQUU7WUFDL0IsQ0FBQyxDQUFDLEVBQUUsQ0FBQztJQUVULElBQUksR0FBRyxJQUFBLHdCQUFlLEVBQUMsSUFBSSxFQUFFLElBQUksQ0FBQyxDQUFDO0lBRW5DLE1BQU0sVUFBVSxHQUFHLElBQUksTUFBTSxDQUFDLGNBQWMsQ0FBQyxJQUFJLEVBQUU7UUFDakQsT0FBTyxFQUFFLEVBQUUsT0FBTyxFQUFFO1FBQ3BCLE1BQU07UUFDTixLQUFLLEVBQUUsSUFBSTtRQUNYLFFBQVEsRUFBRSxDQUFDO1FBQ1gsS0FBSyxFQUFFLElBQUk7UUFDWCxRQUFRLEVBQUUsQ0FBQztRQUNYLE9BQU8sRUFBRSxJQUFJO1FBQ2IsVUFBVSxFQUFFLENBQUM7UUFDYixPQUFPLEVBQUUsSUFBSTtRQUNiLFVBQVUsRUFBRSxPQUFPLEVBQUUsT0FBTyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDcEMsR0FBRyxPQUFPO1FBQ1YsNkVBQTZFO1FBQzdFLGVBQWUsRUFBRSxPQUFPLEVBQUUsT0FBTyxJQUFJLEtBQUssQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxpQkFBaUI7S0FDcEUsQ0FBQyxDQUFDO0lBRUgsSUFBSSxTQUFTLEVBQUUsQ0FBQztRQUNkLElBQUEsOEJBQWUsRUFBQztZQUNkLElBQUksRUFBRSxJQUFBLHdCQUFlLEVBQUMsSUFBSSxFQUFFLElBQUksQ0FBQztZQUNqQyxTQUFTO1lBQ1QsS0FBSyxFQUFFLFVBQVUsQ0FBQyxNQUFNO1lBQ3hCLFdBQVcsRUFBRSxJQUFJO1NBQ2xCLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRCxPQUFPLFVBQVUsQ0FBQztBQUNwQixDQUFDLENBQUM7QUE1Q1csUUFBQSxjQUFjLGtCQTRDekI7QUFFSyxNQUFNLFVBQVUsR0FBRyxDQUFDLElBQVksRUFBRSxFQUFFLENBQUMsSUFBSSxNQUFNLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxDQUFDO0FBQTNELFFBQUEsVUFBVSxjQUFpRDtBQUV4RSxNQUFNLFlBQVksR0FBRyxDQUFDLElBQVksRUFBRSxNQUFNLEdBQUcsQ0FBQyxFQUFFLEVBQUUsQ0FDaEQsSUFBSSxNQUFNLENBQUMsWUFBWSxDQUFDLElBQUksRUFBRTtJQUM1QixNQUFNO0lBQ04sT0FBTyxFQUFFLElBQUk7SUFDYixLQUFLLEVBQUUsSUFBSTtJQUNYLEtBQUssRUFBRSxJQUFJO0lBQ1gsT0FBTyxFQUFFLEtBQUs7Q0FDZixDQUFDLENBQUM7QUFRRSxNQUFNLGNBQWMsR0FBRyxDQUFDLEVBQzdCLElBQUksRUFDSixXQUFXLEdBQUcsT0FBTyxFQUNyQixpQkFBaUIsR0FBRyxFQUFFLEdBQ1IsRUFBa0IsRUFBRTtJQUNsQyxNQUFNLEVBQUUsR0FBRyxZQUFZLENBQUMsSUFBSSxDQUFDLENBQUM7SUFDOUIsT0FBTyxFQUFFLENBQUMsTUFBTSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQzNCLEdBQUcsV0FBVyxHQUFHLElBQUksR0FBRyxDQUFDLEVBQUUsQ0FBQyxTQUFTLENBQUMsQ0FBQyxFQUFFLGlCQUFpQixDQUFDLENBQzVELENBQUM7QUFDSixDQUFDLENBQUM7QUFUVyxRQUFBLGNBQWMsa0JBU3pCO0FBT0ssTUFBTSxXQUFXLEdBQUcsQ0FBQyxFQUMxQixJQUFJLEVBQ0osV0FBVyxFQUNYLGlCQUFpQixFQUNqQixlQUFlLEdBQUcsRUFBRSxNQUFNLEVBQUUsUUFBUSxFQUFFLEVBQ3RDLFNBQVMsR0FDRSxFQUFFLEVBQUU7SUFDZixNQUFNLFFBQVEsR0FBRyxJQUFBLHNCQUFjLEVBQUMsRUFBRSxJQUFJLEVBQUUsV0FBVyxFQUFFLGlCQUFpQixFQUFFLENBQUMsQ0FBQztJQUMxRSxNQUFNLFFBQVEsR0FBRyxJQUFBLHNCQUFjLEVBQUMsRUFBRSxJQUFJLEVBQUUsR0FBRyxlQUFlLEVBQUUsQ0FBQyxDQUFDLE1BQU0sQ0FBQztJQUVyRSxNQUFNLFdBQVcsR0FBRyxHQUFHLElBQUksT0FBTyxDQUFDO0lBQ25DLE1BQU0sV0FBVyxHQUFHLEdBQUcsSUFBSSxXQUFXLENBQUM7SUFFdkMsSUFBSSxTQUFTLEVBQUUsQ0FBQztRQUNkLElBQUEsOEJBQWUsRUFBQztZQUNkLElBQUksRUFBRSxXQUFXO1lBQ2pCLEtBQUssRUFBRSxRQUFRO1lBQ2YsU0FBUztZQUNULFdBQVcsRUFBRSxjQUFjO1NBQzVCLENBQUMsQ0FBQztRQUVILElBQUEsOEJBQWUsRUFBQztZQUNkLElBQUksRUFBRSxXQUFXO1lBQ2pCLEtBQUssRUFBRSxRQUFRO1lBQ2YsU0FBUztZQUNULFdBQVcsRUFBRSxjQUFjO1NBQzVCLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRCxPQUFPLEVBQUUsUUFBUSxFQUFFLFFBQVEsRUFBRSxTQUFTLEVBQUUsRUFBRSxXQUFXLEVBQUUsV0FBVyxFQUFFLEVBQUUsQ0FBQztBQUN6RSxDQUFDLENBQUM7QUE5QlcsUUFBQSxXQUFXLGVBOEJ0QiJ9

package/Core/ResourceCreator.d.ts

@@ -0,0 +1,17 @@
+import * as pulumi from '@pulumi/pulumi';
+import { DefaultResourceArgs } from '../types';
+import { DiagnosticSetting } from '@pulumi/azure-native/aadiam/diagnosticSetting';
+type ClassOf = new (name: string, props: any, opts?: pulumi.CustomResourceOptions) => pulumi.CustomResource & {
+    id: pulumi.Output<string>;
+    urn: pulumi.Output<string>;
+};
+/** Create Resource with Locker */
+export default function <TClass extends ClassOf, TProps extends Omit<DefaultResourceArgs, 'name' | 'group'>>(Class: TClass, { lock, monitoring, dependsOn, ignoreChanges, importUri, ...props }: TProps): {
+    resource: pulumi.CustomResource & {
+        id: pulumi.Output<string>;
+        urn: pulumi.Output<string>;
+    };
+    locker: import("@pulumi/azure-native/authorization/managementLockByScope").ManagementLockByScope | undefined;
+    diagnostic: DiagnosticSetting | undefined;
+};
+export {};

package/Core/ResourceCreator.js

@@ -0,0 +1,48 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const Locker_1 = require("./Locker");
+const Helpers_1 = require("../Logs/Helpers");
+const AzureEnv_1 = require("../Common/AzureEnv");
+const tryFindName = (props, isResourceGroup) => {
+    const rs = props;
+    //If resource group then just return the resourceGroupName or name.
+    let name = rs.resourceGroupName || rs.name;
+    if (isResourceGroup && name)
+        return name;
+    name = rs.resourceName || rs.name;
+    if (name)
+        return name;
+    const keys = Object.keys(rs);
+    //Try to find the name that is not a resourceGroupName
+    const key = keys.find((k) => k.endsWith('Name') && k !== 'resourceGroupName');
+    if (key) {
+        name = rs[key];
+    }
+    if (!name)
+        throw new Error('Name is not able to find in: ' + JSON.stringify(props));
+    return name;
+};
+/** Create Resource with Locker */
+function default_1(Class, { lock, monitoring, dependsOn, ignoreChanges, importUri, ...props }) {
+    const isResourceGroup = Class.name.endsWith('ResourceGroup');
+    const name = tryFindName(props, isResourceGroup);
+    const resource = new Class(name, { name, ...props, tags: AzureEnv_1.defaultTags }, { dependsOn, import: importUri, ignoreChanges, deleteBeforeReplace: true });
+    //Lock Azure Resource from Delete
+    let locker = undefined;
+    if (lock) {
+        locker = (0, Locker_1.default)({ name, resourceId: resource.id, dependsOn: resource });
+    }
+    //Azure DiagnosticSetting
+    let diagnostic = undefined;
+    if (monitoring) {
+        diagnostic = (0, Helpers_1.createDiagnostic)({
+            name,
+            targetResourceId: resource.id,
+            ...monitoring,
+            dependsOn: resource,
+        });
+    }
+    return { resource, locker, diagnostic };
+}
+exports.default = default_1;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiUmVzb3VyY2VDcmVhdG9yLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL0NvcmUvUmVzb3VyY2VDcmVhdG9yLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBS0EscUNBQThCO0FBQzlCLDZDQUFtRDtBQUNuRCxpREFBaUQ7QUFFakQsTUFBTSxXQUFXLEdBQUcsQ0FBQyxLQUFjLEVBQUUsZUFBd0IsRUFBVSxFQUFFO0lBQ3ZFLE1BQU0sRUFBRSxHQUFHLEtBS1YsQ0FBQztJQUNGLG1FQUFtRTtJQUNuRSxJQUFJLElBQUksR0FBdUIsRUFBRSxDQUFDLGlCQUFpQixJQUFJLEVBQUUsQ0FBQyxJQUFJLENBQUM7SUFDL0QsSUFBSSxlQUFlLElBQUksSUFBSTtRQUFFLE9BQU8sSUFBSSxDQUFDO0lBRXpDLElBQUksR0FBRyxFQUFFLENBQUMsWUFBWSxJQUFJLEVBQUUsQ0FBQyxJQUFJLENBQUM7SUFDbEMsSUFBSSxJQUFJO1FBQUUsT0FBTyxJQUFJLENBQUM7SUFFdEIsTUFBTSxJQUFJLEdBQUcsTUFBTSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsQ0FBQztJQUM3QixzREFBc0Q7SUFDdEQsTUFBTSxHQUFHLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLEtBQUssbUJBQW1CLENBQUMsQ0FBQztJQUU5RSxJQUFJLEdBQUcsRUFBRSxDQUFDO1FBQ1IsSUFBSSxHQUFHLEVBQUUsQ0FBQyxHQUFHLENBQVcsQ0FBQztJQUMzQixDQUFDO0lBRUQsSUFBSSxDQUFDLElBQUk7UUFDUCxNQUFNLElBQUksS0FBSyxDQUFDLCtCQUErQixHQUFHLElBQUksQ0FBQyxTQUFTLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQztJQUUzRSxPQUFPLElBQUksQ0FBQztBQUNkLENBQUMsQ0FBQztBQVdGLGtDQUFrQztBQUNsQyxtQkFJRSxLQUFhLEVBQ2IsRUFBRSxJQUFJLEVBQUUsVUFBVSxFQUFFLFNBQVMsRUFBRSxhQUFhLEVBQUUsU0FBUyxFQUFFLEdBQUcsS0FBSyxFQUFVO0lBRTNFLE1BQU0sZUFBZSxHQUFHLEtBQUssQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLGVBQWUsQ0FBQyxDQUFDO0lBQzdELE1BQU0sSUFBSSxHQUFHLFdBQVcsQ0FBQyxLQUFLLEVBQUUsZUFBZSxDQUFDLENBQUM7SUFFakQsTUFBTSxRQUFRLEdBQUcsSUFBSSxLQUFLLENBQ3hCLElBQUksRUFDSixFQUFFLElBQUksRUFBRSxHQUFHLEtBQUssRUFBRSxJQUFJLEVBQUUsc0JBQVcsRUFBRSxFQUNyQyxFQUFFLFNBQVMsRUFBRSxNQUFNLEVBQUUsU0FBUyxFQUFFLGFBQWEsRUFBRSxtQkFBbUIsRUFBRSxJQUFJLEVBQUUsQ0FDM0UsQ0FBQztJQUVGLGlDQUFpQztJQUNqQyxJQUFJLE1BQU0sR0FBb0QsU0FBUyxDQUFDO0lBQ3hFLElBQUksSUFBSSxFQUFFLENBQUM7UUFDVCxNQUFNLEdBQUcsSUFBQSxnQkFBTSxFQUFDLEVBQUUsSUFBSSxFQUFFLFVBQVUsRUFBRSxRQUFRLENBQUMsRUFBRSxFQUFFLFNBQVMsRUFBRSxRQUFRLEVBQUUsQ0FBQyxDQUFDO0lBQzFFLENBQUM7SUFFRCx5QkFBeUI7SUFDekIsSUFBSSxVQUFVLEdBQWtDLFNBQVMsQ0FBQztJQUMxRCxJQUFJLFVBQVUsRUFBRSxDQUFDO1FBQ2YsVUFBVSxHQUFHLElBQUEsMEJBQWdCLEVBQUM7WUFDNUIsSUFBSTtZQUNKLGdCQUFnQixFQUFFLFFBQVEsQ0FBQyxFQUFFO1lBQzdCLEdBQUcsVUFBVTtZQUNiLFNBQVMsRUFBRSxRQUFRO1NBQ3BCLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRCxPQUFPLEVBQUUsUUFBUSxFQUFFLE1BQU0sRUFBRSxVQUFVLEVBQUUsQ0FBQztBQUMxQyxDQUFDO0FBbENELDRCQWtDQyJ9

package/Core/ResourceGroup.d.ts

@@ -0,0 +1,13 @@
+import { DefaultResourceArgs, ResourceGroupInfo, ResourceResultProps, BasicResourceArgs } from '../types';
+import { ResourceGroup } from '@pulumi/azure-native/resources';
+import { EnvRoleNamesType } from '../AzAd/EnvRoles';
+interface Props extends Omit<DefaultResourceArgs, 'monitoring'>, Omit<BasicResourceArgs, 'group'> {
+    formattedName?: boolean;
+    location?: string;
+    /** Grant permission of this group into Environment Roles groups*/
+    envRoleNames?: EnvRoleNamesType;
+}
+declare const _default: ({ name, formattedName, envRoleNames, ...others }: Props) => ResourceResultProps<ResourceGroup> & {
+    toGroupInfo: () => ResourceGroupInfo;
+};
+export default _default;

package/Core/ResourceGroup.js

@@ -0,0 +1,45 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const resources_1 = require("@pulumi/azure-native/resources");
+const ResourceCreator_1 = require("./ResourceCreator");
+const Naming_1 = require("../Common/Naming");
+const Group_1 = require("../AzAd/Group");
+// export const getResourceGroupInfo = (name: string, globalGroup?: boolean) => ({
+//   resourceGroupName: getResourceGroupName(name),
+// });
+exports.default = ({ name, formattedName, envRoleNames, ...others }) => {
+    name = formattedName ? name : (0, Naming_1.getResourceGroupName)(name);
+    const { resource, locker, diagnostic } = (0, ResourceCreator_1.default)(resources_1.ResourceGroup, {
+        resourceGroupName: name,
+        ...others,
+    });
+    const g = resource;
+    if (envRoleNames) {
+        (0, Group_1.assignRolesToGroup)({
+            groupName: envRoleNames.readOnly,
+            roles: ['Reader'],
+            scope: g.id,
+        });
+        (0, Group_1.assignRolesToGroup)({
+            groupName: envRoleNames.contributor,
+            roles: ['Contributor'],
+            scope: g.id,
+        });
+        (0, Group_1.assignRolesToGroup)({
+            groupName: envRoleNames.admin,
+            roles: ['Owner'],
+            scope: g.id,
+        });
+    }
+    return {
+        name,
+        resource: g,
+        locker,
+        diagnostic,
+        toGroupInfo: () => ({
+            resourceGroupName: name,
+            location: g.location,
+        }),
+    };
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiUmVzb3VyY2VHcm91cC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9Db3JlL1Jlc291cmNlR3JvdXAudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFNQSw4REFHd0M7QUFDeEMsdURBQWdEO0FBQ2hELDZDQUF3RDtBQUV4RCx5Q0FBbUQ7QUFXbkQsa0ZBQWtGO0FBQ2xGLG1EQUFtRDtBQUNuRCxNQUFNO0FBRU4sa0JBQWUsQ0FBQyxFQUNkLElBQUksRUFDSixhQUFhLEVBQ2IsWUFBWSxFQUNaLEdBQUcsTUFBTSxFQUNILEVBRU4sRUFBRTtJQUNGLElBQUksR0FBRyxhQUFhLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsSUFBQSw2QkFBb0IsRUFBQyxJQUFJLENBQUMsQ0FBQztJQUV6RCxNQUFNLEVBQUUsUUFBUSxFQUFFLE1BQU0sRUFBRSxVQUFVLEVBQUUsR0FBRyxJQUFBLHlCQUFlLEVBQUMseUJBQWEsRUFBRTtRQUN0RSxpQkFBaUIsRUFBRSxJQUFJO1FBQ3ZCLEdBQUcsTUFBTTtLQUNpQyxDQUFDLENBQUM7SUFFOUMsTUFBTSxDQUFDLEdBQUcsUUFBeUIsQ0FBQztJQUVwQyxJQUFJLFlBQVksRUFBRSxDQUFDO1FBQ2pCLElBQUEsMEJBQWtCLEVBQUM7WUFDakIsU0FBUyxFQUFFLFlBQVksQ0FBQyxRQUFRO1lBQ2hDLEtBQUssRUFBRSxDQUFDLFFBQVEsQ0FBQztZQUNqQixLQUFLLEVBQUUsQ0FBQyxDQUFDLEVBQUU7U0FDWixDQUFDLENBQUM7UUFDSCxJQUFBLDBCQUFrQixFQUFDO1lBQ2pCLFNBQVMsRUFBRSxZQUFZLENBQUMsV0FBVztZQUNuQyxLQUFLLEVBQUUsQ0FBQyxhQUFhLENBQUM7WUFDdEIsS0FBSyxFQUFFLENBQUMsQ0FBQyxFQUFFO1NBQ1osQ0FBQyxDQUFDO1FBQ0gsSUFBQSwwQkFBa0IsRUFBQztZQUNqQixTQUFTLEVBQUUsWUFBWSxDQUFDLEtBQUs7WUFDN0IsS0FBSyxFQUFFLENBQUMsT0FBTyxDQUFDO1lBQ2hCLEtBQUssRUFBRSxDQUFDLENBQUMsRUFBRTtTQUNaLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRCxPQUFPO1FBQ0wsSUFBSTtRQUNKLFFBQVEsRUFBRSxDQUFDO1FBQ1gsTUFBTTtRQUNOLFVBQVU7UUFDVixXQUFXLEVBQUUsR0FBRyxFQUFFLENBQUMsQ0FBQztZQUNsQixpQkFBaUIsRUFBRSxJQUFJO1lBQ3ZCLFFBQVEsRUFBRSxDQUFDLENBQUMsUUFBUTtTQUNyQixDQUFDO0tBQ0gsQ0FBQztBQUNKLENBQUMsQ0FBQyJ9

package/CosmosDb/index.d.ts

@@ -0,0 +1,33 @@
+import * as documentdb from '@pulumi/azure-native/documentdb';
+import { KeyVaultInfo, ResourceGroupInfo } from '../types';
+import { Input } from '@pulumi/pulumi';
+interface CosmosDbProps {
+    name: string;
+    group: ResourceGroupInfo;
+    vaultInfo?: KeyVaultInfo;
+    locations?: Input<string>[];
+    enableMultipleWriteLocations?: boolean;
+    capabilities?: Array<'EnableCassandra' | 'EnableTable' | 'EnableGremlin'>;
+    kind?: documentdb.DatabaseAccountKind;
+    enableThreatProtection?: boolean;
+    network?: {
+        publicNetworkAccess?: boolean;
+        allowAzureServicesAccess?: boolean;
+        subnetIds?: Input<string>[];
+        ipAddresses?: Input<string>[];
+    };
+    sqlDbs?: Array<{
+        name: string;
+        containers?: Array<{
+            name: string;
+            partitionKeyPath: string;
+            /** auto expired items in seconds*/
+            ttl?: number;
+        }>;
+    }>;
+}
+declare const _default: ({ name, group, vaultInfo, locations, capabilities, enableMultipleWriteLocations, enableThreatProtection, network, sqlDbs, kind, }: CosmosDbProps) => import("@pulumi/pulumi").CustomResource & {
+    id: import("@pulumi/pulumi").Output<string>;
+    urn: import("@pulumi/pulumi").Output<string>;
+};
+export default _default;

package/CosmosDb/index.js

@@ -0,0 +1,129 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const documentdb = require("@pulumi/azure-native/documentdb");
+const Naming_1 = require("../Common/Naming");
+const ResourceCreator_1 = require("../Core/ResourceCreator");
+const AzureEnv_1 = require("../Common/AzureEnv");
+const Helpers_1 = require("../Logs/Helpers");
+exports.default = ({ name, group, vaultInfo, locations, capabilities, enableMultipleWriteLocations, enableThreatProtection, network, sqlDbs, kind = documentdb.DatabaseAccountKind.GlobalDocumentDB, }) => {
+    name = (0, Naming_1.getCosmosDbName)(name);
+    /**
+     * The failover priority of the region. A failover priority of 0 indicates a write region. The maximum value for a failover priority = (total number of regions - 1). Failover priority values must be unique for each of the regions in which the database account exists.
+     */
+    //failoverPriority?: pulumi.Input<number>;
+    /**
+     * Flag to indicate whether or not this region is an AvailabilityZone region
+     */
+    //isZoneRedundant?: pulumi.Input<boolean>;
+    /**
+     * The name of the region.
+     */
+    //locationName?: pulumi.Input<string>;
+    if (!locations)
+        locations = [group.location];
+    const { resource } = (0, ResourceCreator_1.default)(documentdb.DatabaseAccount, {
+        accountName: name,
+        ...group,
+        databaseAccountOfferType: documentdb.DatabaseAccountOfferType.Standard,
+        kind,
+        identity: { type: 'SystemAssigned' },
+        capabilities: capabilities
+            ? capabilities.map((n) => ({ name: n }))
+            : undefined,
+        locations: locations?.map((n) => ({ locationName: n })),
+        backupPolicy: AzureEnv_1.isPrd
+            ? {
+                type: 'Periodic',
+                periodicModeProperties: {
+                    backupIntervalInMinutes: 30,
+                    backupRetentionIntervalInHours: 4,
+                },
+            }
+            : undefined,
+        enableAutomaticFailover: AzureEnv_1.isPrd,
+        enableAnalyticalStorage: false,
+        enableFreeTier: true,
+        enableMultipleWriteLocations,
+        consistencyPolicy: {
+            defaultConsistencyLevel: documentdb.DefaultConsistencyLevel.BoundedStaleness,
+            maxIntervalInSeconds: 60 * 60, //1 hours
+            maxStalenessPrefix: 100000,
+        },
+        publicNetworkAccess: network?.publicNetworkAccess === true
+            ? documentdb.PublicNetworkAccess.Enabled
+            : documentdb.PublicNetworkAccess.Disabled,
+        isVirtualNetworkFilterEnabled: !network?.publicNetworkAccess,
+        networkAclBypass: network?.allowAzureServicesAccess === true
+            ? documentdb.NetworkAclBypass.AzureServices
+            : documentdb.NetworkAclBypass.None,
+        virtualNetworkRules: network?.subnetIds
+            ? network.subnetIds.map((s) => ({
+                id: s,
+                ignoreMissingVNetServiceEndpoint: true,
+            }))
+            : undefined,
+        ipRules: network?.ipAddresses
+            ? network.ipAddresses.map((i) => ({ ipAddressOrRange: i }))
+            : undefined,
+        //keyVaultKeyId: encryptKey?.properties.id,
+        monitoring: {
+            logsCategories: [
+                'CassandraRequests',
+                'PartitionKeyStatistics',
+                'ControlPlaneRequests',
+                'MongoRequests',
+                'QueryRuntimeStatistics',
+                'GremlinRequests',
+                'PartitionKeyRUConsumption',
+                'DataPlaneRequests',
+            ],
+            metricsCategories: ['Requests'],
+        },
+        tags: AzureEnv_1.defaultTags,
+    });
+    if (enableThreatProtection &&
+        kind !== documentdb.DatabaseAccountKind.MongoDB) {
+        //Thread Protection
+        (0, Helpers_1.createThreatProtection)({
+            name,
+            targetResourceId: resource.id,
+        });
+    }
+    //Vault variables
+    if (vaultInfo) {
+        resource.id.apply(async (id) => {
+            if (!id)
+                return undefined;
+            return await documentdb.listDatabaseAccountKeys({
+                accountName: name,
+                ...group,
+            });
+        });
+    }
+    //Database and Containers
+    if (sqlDbs) {
+        sqlDbs.forEach((db) => {
+            new documentdb.SqlResourceSqlDatabase(db.name, {
+                databaseName: db.name,
+                accountName: name,
+                resource: { id: db.name },
+                ...group,
+            }, { dependsOn: resource });
+            if (db.containers) {
+                db.containers.forEach((c) => new documentdb.SqlResourceSqlContainer(`${db.name}-${c.name}`, {
+                    accountName: name,
+                    ...group,
+                    databaseName: db.name,
+                    containerName: c.name,
+                    resource: {
+                        id: c.name,
+                        defaultTtl: c.ttl,
+                        partitionKey: { paths: [c.partitionKeyPath || '/id'] },
+                    },
+                }));
+            }
+        });
+    }
+    return resource;
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvQ29zbW9zRGIvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFBQSw4REFBOEQ7QUFDOUQsNkNBQW1EO0FBRW5ELDZEQUFzRDtBQUN0RCxpREFBd0Q7QUFDeEQsNkNBQXlEO0FBa0N6RCxrQkFBZSxDQUFDLEVBQ2QsSUFBSSxFQUNKLEtBQUssRUFDTCxTQUFTLEVBQ1QsU0FBUyxFQUNULFlBQVksRUFDWiw0QkFBNEIsRUFDNUIsc0JBQXNCLEVBQ3RCLE9BQU8sRUFDUCxNQUFNLEVBQ04sSUFBSSxHQUFHLFVBQVUsQ0FBQyxtQkFBbUIsQ0FBQyxnQkFBZ0IsR0FDeEMsRUFBRSxFQUFFO0lBQ2xCLElBQUksR0FBRyxJQUFBLHdCQUFlLEVBQUMsSUFBSSxDQUFDLENBQUM7SUFFN0I7O09BRUc7SUFDSCwwQ0FBMEM7SUFDMUM7O09BRUc7SUFDSCwwQ0FBMEM7SUFDMUM7O09BRUc7SUFDSCxzQ0FBc0M7SUFDdEMsSUFBSSxDQUFDLFNBQVM7UUFBRSxTQUFTLEdBQUcsQ0FBQyxLQUFLLENBQUMsUUFBUyxDQUFDLENBQUM7SUFFOUMsTUFBTSxFQUFFLFFBQVEsRUFBRSxHQUFHLElBQUEseUJBQWUsRUFBQyxVQUFVLENBQUMsZUFBZSxFQUFFO1FBQy9ELFdBQVcsRUFBRSxJQUFJO1FBQ2pCLEdBQUcsS0FBSztRQUNSLHdCQUF3QixFQUFFLFVBQVUsQ0FBQyx3QkFBd0IsQ0FBQyxRQUFRO1FBQ3RFLElBQUk7UUFDSixRQUFRLEVBQUUsRUFBRSxJQUFJLEVBQUUsZ0JBQWdCLEVBQUU7UUFFcEMsWUFBWSxFQUFFLFlBQVk7WUFDeEIsQ0FBQyxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsRUFBRSxJQUFJLEVBQUUsQ0FBQyxFQUFFLENBQUMsQ0FBQztZQUN4QyxDQUFDLENBQUMsU0FBUztRQUViLFNBQVMsRUFBRSxTQUFTLEVBQUUsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLEVBQUUsWUFBWSxFQUFFLENBQUMsRUFBRSxDQUFDLENBQUM7UUFFdkQsWUFBWSxFQUFFLGdCQUFLO1lBQ2pCLENBQUMsQ0FBQztnQkFDRSxJQUFJLEVBQUUsVUFBVTtnQkFDaEIsc0JBQXNCLEVBQUU7b0JBQ3RCLHVCQUF1QixFQUFFLEVBQUU7b0JBQzNCLDhCQUE4QixFQUFFLENBQUM7aUJBQ2xDO2FBQ0Y7WUFDSCxDQUFDLENBQUMsU0FBUztRQUViLHVCQUF1QixFQUFFLGdCQUFLO1FBQzlCLHVCQUF1QixFQUFFLEtBQUs7UUFDOUIsY0FBYyxFQUFFLElBQUk7UUFDcEIsNEJBQTRCO1FBRTVCLGlCQUFpQixFQUFFO1lBQ2pCLHVCQUF1QixFQUNyQixVQUFVLENBQUMsdUJBQXVCLENBQUMsZ0JBQWdCO1lBQ3JELG9CQUFvQixFQUFFLEVBQUUsR0FBRyxFQUFFLEVBQUUsU0FBUztZQUN4QyxrQkFBa0IsRUFBRSxNQUFNO1NBQzNCO1FBRUQsbUJBQW1CLEVBQ2pCLE9BQU8sRUFBRSxtQkFBbUIsS0FBSyxJQUFJO1lBQ25DLENBQUMsQ0FBQyxVQUFVLENBQUMsbUJBQW1CLENBQUMsT0FBTztZQUN4QyxDQUFDLENBQUMsVUFBVSxDQUFDLG1CQUFtQixDQUFDLFFBQVE7UUFFN0MsNkJBQTZCLEVBQUUsQ0FBQyxPQUFPLEVBQUUsbUJBQW1CO1FBRTVELGdCQUFnQixFQUNkLE9BQU8sRUFBRSx3QkFBd0IsS0FBSyxJQUFJO1lBQ3hDLENBQUMsQ0FBQyxVQUFVLENBQUMsZ0JBQWdCLENBQUMsYUFBYTtZQUMzQyxDQUFDLENBQUMsVUFBVSxDQUFDLGdCQUFnQixDQUFDLElBQUk7UUFFdEMsbUJBQW1CLEVBQUUsT0FBTyxFQUFFLFNBQVM7WUFDckMsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDO2dCQUM1QixFQUFFLEVBQUUsQ0FBQztnQkFDTCxnQ0FBZ0MsRUFBRSxJQUFJO2FBQ3ZDLENBQUMsQ0FBQztZQUNMLENBQUMsQ0FBQyxTQUFTO1FBRWIsT0FBTyxFQUFFLE9BQU8sRUFBRSxXQUFXO1lBQzNCLENBQUMsQ0FBQyxPQUFPLENBQUMsV0FBVyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxFQUFFLGdCQUFnQixFQUFFLENBQUMsRUFBRSxDQUFDLENBQUM7WUFDM0QsQ0FBQyxDQUFDLFNBQVM7UUFFYiwyQ0FBMkM7UUFDM0MsVUFBVSxFQUFFO1lBQ1YsY0FBYyxFQUFFO2dCQUNkLG1CQUFtQjtnQkFDbkIsd0JBQXdCO2dCQUN4QixzQkFBc0I7Z0JBQ3RCLGVBQWU7Z0JBQ2Ysd0JBQXdCO2dCQUN4QixpQkFBaUI7Z0JBQ2pCLDJCQUEyQjtnQkFDM0IsbUJBQW1CO2FBQ3BCO1lBQ0QsaUJBQWlCLEVBQUUsQ0FBQyxVQUFVLENBQUM7U0FDaEM7UUFDRCxJQUFJLEVBQUUsc0JBQVc7S0FDaUQsQ0FBQyxDQUFDO0lBRXRFLElBQ0Usc0JBQXNCO1FBQ3RCLElBQUksS0FBSyxVQUFVLENBQUMsbUJBQW1CLENBQUMsT0FBTyxFQUMvQyxDQUFDO1FBQ0QsbUJBQW1CO1FBQ25CLElBQUEsZ0NBQXNCLEVBQUM7WUFDckIsSUFBSTtZQUNKLGdCQUFnQixFQUFFLFFBQVEsQ0FBQyxFQUFFO1NBQzlCLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRCxpQkFBaUI7SUFDakIsSUFBSSxTQUFTLEVBQUUsQ0FBQztRQUNkLFFBQVEsQ0FBQyxFQUFFLENBQUMsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLEVBQUUsRUFBRTtZQUM3QixJQUFJLENBQUMsRUFBRTtnQkFBRSxPQUFPLFNBQVMsQ0FBQztZQUMxQixPQUFPLE1BQU0sVUFBVSxDQUFDLHVCQUF1QixDQUFDO2dCQUM5QyxXQUFXLEVBQUUsSUFBSTtnQkFDakIsR0FBRyxLQUFLO2FBQ1QsQ0FBQyxDQUFDO1FBQ0wsQ0FBQyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQseUJBQXlCO0lBQ3pCLElBQUksTUFBTSxFQUFFLENBQUM7UUFDWCxNQUFNLENBQUMsT0FBTyxDQUFDLENBQUMsRUFBRSxFQUFFLEVBQUU7WUFDcEIsSUFBSSxVQUFVLENBQUMsc0JBQXNCLENBQ25DLEVBQUUsQ0FBQyxJQUFJLEVBQ1A7Z0JBQ0UsWUFBWSxFQUFFLEVBQUUsQ0FBQyxJQUFJO2dCQUNyQixXQUFXLEVBQUUsSUFBSTtnQkFDakIsUUFBUSxFQUFFLEVBQUUsRUFBRSxFQUFFLEVBQUUsQ0FBQyxJQUFJLEVBQUU7Z0JBQ3pCLEdBQUcsS0FBSzthQUNULEVBQ0QsRUFBRSxTQUFTLEVBQUUsUUFBUSxFQUFFLENBQ3hCLENBQUM7WUFFRixJQUFJLEVBQUUsQ0FBQyxVQUFVLEVBQUUsQ0FBQztnQkFDbEIsRUFBRSxDQUFDLFVBQVUsQ0FBQyxPQUFPLENBQ25CLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FDSixJQUFJLFVBQVUsQ0FBQyx1QkFBdUIsQ0FBQyxHQUFHLEVBQUUsQ0FBQyxJQUFJLElBQUksQ0FBQyxDQUFDLElBQUksRUFBRSxFQUFFO29CQUM3RCxXQUFXLEVBQUUsSUFBSTtvQkFDakIsR0FBRyxLQUFLO29CQUNSLFlBQVksRUFBRSxFQUFFLENBQUMsSUFBSTtvQkFDckIsYUFBYSxFQUFFLENBQUMsQ0FBQyxJQUFJO29CQUNyQixRQUFRLEVBQUU7d0JBQ1IsRUFBRSxFQUFFLENBQUMsQ0FBQyxJQUFJO3dCQUNWLFVBQVUsRUFBRSxDQUFDLENBQUMsR0FBRzt3QkFDakIsWUFBWSxFQUFFLEVBQUUsS0FBSyxFQUFFLENBQUMsQ0FBQyxDQUFDLGdCQUFnQixJQUFJLEtBQUssQ0FBQyxFQUFFO3FCQUN2RDtpQkFDRixDQUFDLENBQ0wsQ0FBQztZQUNKLENBQUM7UUFDSCxDQUFDLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRCxPQUFPLFFBQVEsQ0FBQztBQUNsQixDQUFDLENBQUMifQ==

package/CustomRoles/index.d.ts

@@ -0,0 +1,5 @@
+interface Props {
+    enableJustInTimeRemoteRole?: boolean;
+}
+declare const _default: ({ enableJustInTimeRemoteRole }: Props) => void;
+export default _default;

package/CustomRoles/index.js

@@ -0,0 +1,27 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const AzureEnv_1 = require("../Common/AzureEnv");
+const authorization = require("@pulumi/azure-native/authorization");
+exports.default = ({ enableJustInTimeRemoteRole = true }) => {
+    if (enableJustInTimeRemoteRole) {
+        new authorization.RoleDefinition('JustInTime-User-Remote-Request', {
+            roleName: 'Just-In-Time-User-Remote-Request-Role',
+            description: 'Just-in-time virtual machine user remote request role',
+            scope: AzureEnv_1.defaultScope,
+            permissions: [
+                {
+                    actions: [
+                        'Microsoft.Security/locations/jitNetworkAccessPolicies/initiate/action',
+                        'Microsoft.Security/locations/jitNetworkAccessPolicies/*/read',
+                        'Microsoft.Security/policies/read',
+                        'Microsoft.Compute/virtualMachines/read',
+                        'Microsoft.Network/networkInterfaces/*/read',
+                    ],
+                    notActions: [],
+                },
+            ],
+            assignableScopes: [AzureEnv_1.defaultScope],
+        });
+    }
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvQ3VzdG9tUm9sZXMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFBQSxpREFBa0Q7QUFDbEQsb0VBQW9FO0FBS3BFLGtCQUFlLENBQUMsRUFBRSwwQkFBMEIsR0FBRyxJQUFJLEVBQVMsRUFBRSxFQUFFO0lBQzlELElBQUksMEJBQTBCLEVBQUUsQ0FBQztRQUMvQixJQUFJLGFBQWEsQ0FBQyxjQUFjLENBQUMsZ0NBQWdDLEVBQUU7WUFDakUsUUFBUSxFQUFFLHVDQUF1QztZQUNqRCxXQUFXLEVBQUUsdURBQXVEO1lBQ3BFLEtBQUssRUFBRSx1QkFBWTtZQUNuQixXQUFXLEVBQUU7Z0JBQ1g7b0JBQ0UsT0FBTyxFQUFFO3dCQUNQLHVFQUF1RTt3QkFDdkUsOERBQThEO3dCQUM5RCxrQ0FBa0M7d0JBQ2xDLHdDQUF3Qzt3QkFDeEMsNENBQTRDO3FCQUM3QztvQkFDRCxVQUFVLEVBQUUsRUFBRTtpQkFDZjthQUNGO1lBQ0QsZ0JBQWdCLEVBQUUsQ0FBQyx1QkFBWSxDQUFDO1NBQ2pDLENBQUMsQ0FBQztJQUNMLENBQUM7QUFDSCxDQUFDLENBQUMifQ==

package/IOT/Hub/index.d.ts

@@ -0,0 +1,32 @@
+import { BasicResourceArgs, KeyVaultInfo } from '../../types';
+import * as devices from '@pulumi/azure-native/devices';
+import { Input } from '@pulumi/pulumi';
+import { EnvRoleNamesType } from '../../AzAd/EnvRoles';
+interface Props extends BasicResourceArgs {
+    sku: {
+        name: devices.IotHubSku;
+        capacity?: number;
+    };
+    auth?: {
+        envRoleNames: EnvRoleNamesType;
+    };
+    serviceBus?: {
+        /** provide the queue connection string to enable message to be pushing to service bus queue */
+        queueMessageConnectionString?: Input<string>;
+        /** provide the topic connection string to enable message to be pushing to service bus topic */
+        topicMessageConnectionString?: Input<string>;
+    };
+    storage?: {
+        connectionString: Input<string>;
+        /** provide the file container name to enable file to be upload in IOT hub*/
+        fileContainerName?: Input<string>;
+        /** provide the message container name to enable message to be pushing to storage */
+        messageContainerName?: Input<string>;
+        /** provide the event container name to enable events to be pushing to storage */
+        eventContainerName?: Input<string>;
+    };
+    vaultInfo?: KeyVaultInfo;
+    lock?: boolean;
+}
+declare const _default: ({ name, group, auth, sku, storage, serviceBus, dependsOn, vaultInfo, lock, }: Props) => Promise<import("@pulumi/azure-native/devices/iotHubResource").IotHubResource>;
+export default _default;