@drunk-pulumi/azure 0.0.19

package/Sql/index.d.ts

@@ -0,0 +1,44 @@
+import { Input, Output } from '@pulumi/pulumi';
+import { EnvRoleNamesType } from '../AzAd/EnvRoles';
+import { BasicResourceArgs, BasicResourceResultProps, KeyVaultInfo, PrivateLinkProps } from '../types';
+import { SqlDbProps } from './SqlDb';
+type ElasticPoolCapacityProps = 50 | 100 | 200 | 300 | 400 | 800 | 1200;
+interface Props extends BasicResourceArgs {
+    vaultInfo?: KeyVaultInfo;
+    /** if Auth is not provided it will be auto generated */
+    auth: {
+        envRoleNames?: EnvRoleNamesType;
+        /** create an Admin group on AzAD for SQL accessing.*/
+        enableAdAdministrator?: boolean;
+        azureAdOnlyAuthentication?: boolean;
+        adminLogin: Input<string>;
+        password: Input<string>;
+    };
+    elasticPool?: {
+        name: 'Standard' | 'Basic';
+        capacity: ElasticPoolCapacityProps;
+    };
+    databases: Array<Omit<SqlDbProps, 'sqlServerName' | 'group' | 'elasticPoolId' | 'dependsOn'>>;
+    network?: {
+        acceptAllInternetConnect?: boolean;
+        subnetId?: Input<string>;
+        ipAddresses?: Input<string>[];
+        /** To enable Private Link need to ensure the subnetId is provided. */
+        privateLink?: Omit<PrivateLinkProps, 'subnetId'>;
+    };
+    vulnerabilityAssessment?: {
+        alertEmails: Array<string>;
+        logStorageId?: Input<string>;
+        storageAccessKey: Input<string>;
+        storageEndpoint: Input<string>;
+    };
+    lock?: boolean;
+}
+declare const _default: ({ name, auth, group, elasticPool, databases, vaultInfo, network, vulnerabilityAssessment, lock, }: Props) => {
+    name: string;
+    resource: import("@pulumi/azure-native/sql/server").Server;
+    elasticPool: BasicResourceResultProps<import("@pulumi/azure-native/sql/elasticPool").ElasticPool> | undefined;
+    databases: BasicResourceResultProps<import("@pulumi/azure-native/sql/database").Database>[] | undefined;
+    adminGroup: Output<import("@pulumi/pulumi").UnwrappedObject<import("@pulumi/azuread").GetGroupResult>> | Output<import("@pulumi/azuread/group").Group> | undefined;
+};
+export default _default;

package/Sql/index.js

@@ -0,0 +1,236 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const sql = require("@pulumi/azure-native/sql");
+const pulumi_1 = require("@pulumi/pulumi");
+const Group_1 = require("../AzAd/Group");
+const RoleAssignment_1 = require("../AzAd/RoleAssignment");
+const AzureEnv_1 = require("../Common/AzureEnv");
+const Naming_1 = require("../Common/Naming");
+const Locker_1 = require("../Core/Locker");
+const Helper_1 = require("../VNet/Helper");
+const PrivateEndpoint_1 = require("../VNet/PrivateEndpoint");
+const SqlDb_1 = require("./SqlDb");
+const CustomHelper_1 = require("../KeyVault/CustomHelper");
+const Role_1 = require("../AzAd/Role");
+const createElasticPool = ({ group, name, sqlName, 
+//Minimum is 50 GD
+maxSizeBytesGb = 50, sku = { name: AzureEnv_1.isPrd ? 'Standard' : 'Basic', capacity: 50 }, lock = true, }) => {
+    //Create Sql Elastic
+    const elasticName = (0, Naming_1.getElasticPoolName)(name);
+    const ep = new sql.ElasticPool(elasticName, {
+        elasticPoolName: elasticName,
+        serverName: sqlName,
+        ...group,
+        maxSizeBytes: AzureEnv_1.isPrd ? maxSizeBytesGb * 1024 * 1024 * 1024 : undefined,
+        sku: {
+            name: `${sku.name}Pool`,
+            tier: sku.name,
+            capacity: sku.capacity,
+        },
+        perDatabaseSettings: {
+            minCapacity: 0,
+            maxCapacity: sku.name === 'Basic' ? 5 : sku.capacity,
+        },
+        //licenseType: sql.ElasticPoolLicenseType.BasePrice,
+        //zoneRedundant: isPrd,
+    });
+    if (lock) {
+        (0, Locker_1.default)({ name, resourceId: ep.id, dependsOn: ep });
+    }
+    return { name: elasticName, resource: ep };
+};
+exports.default = ({ name, auth, group, elasticPool, databases, vaultInfo, network, vulnerabilityAssessment, lock = true, }) => {
+    const sqlName = (0, Naming_1.getSqlServerName)(name);
+    // if (vaultInfo && !auth) {
+    //   const login = await randomLogin({ name, loginPrefix: 'sql', vaultInfo });
+    //   auth = {
+    //     enableAdAdministrator: true,
+    //     adminLogin: login.userName,
+    //     password: login.password,
+    //   };
+    // }
+    const adminGroup = auth?.enableAdAdministrator
+        ? auth.envRoleNames
+            ? (0, Group_1.getAdGroup)(auth.envRoleNames.admin)
+            : (0, Role_1.default)({ env: AzureEnv_1.currentEnv, roleName: 'ADMIN', appName: 'SQL' })
+        : undefined;
+    const ignoreChanges = ['administratorLogin', 'administrators'];
+    if (auth.azureAdOnlyAuthentication)
+        ignoreChanges.push('administratorLoginPassword');
+    const sqlServer = new sql.Server(sqlName, {
+        serverName: sqlName,
+        ...group,
+        version: '12.0',
+        minimalTlsVersion: '1.2',
+        identity: { type: 'SystemAssigned' },
+        administratorLogin: auth?.adminLogin,
+        administratorLoginPassword: auth.azureAdOnlyAuthentication
+            ? undefined
+            : auth?.password,
+        administrators: auth?.enableAdAdministrator && adminGroup
+            ? {
+                administratorType: sql.AdministratorType.ActiveDirectory,
+                azureADOnlyAuthentication: auth.azureAdOnlyAuthentication,
+                principalType: sql.PrincipalType.Group,
+                tenantId: AzureEnv_1.tenantId,
+                sid: adminGroup.objectId,
+                login: adminGroup.displayName,
+            }
+            : undefined,
+        publicNetworkAccess: network?.privateLink
+            ? sql.ServerNetworkAccessFlag.Disabled
+            : sql.ServerNetworkAccessFlag.Enabled,
+        tags: AzureEnv_1.defaultTags,
+    }, {
+        ignoreChanges,
+        protect: lock,
+    });
+    if (lock) {
+        (0, Locker_1.default)({ name: sqlName, resourceId: sqlServer.id, dependsOn: sqlServer });
+    }
+    const ep = elasticPool
+        ? createElasticPool({
+            name,
+            group,
+            sqlName: sqlServer.name,
+            sku: elasticPool,
+        })
+        : undefined;
+    if (network?.subnetId) {
+        if (network.privateLink) {
+            (0, PrivateEndpoint_1.default)({
+                group,
+                name,
+                resourceId: sqlServer.id,
+                privateDnsZoneName: 'privatelink.database.windows.net',
+                ...network.privateLink,
+                subnetId: network.subnetId,
+                linkServiceGroupIds: ['sqlServer'],
+            });
+        }
+        else {
+            //Link to Vnet
+            new sql.VirtualNetworkRule(sqlName, {
+                virtualNetworkRuleName: `${sqlName}-vnetRule`,
+                serverName: sqlServer.name,
+                ...group,
+                virtualNetworkSubnetId: network.subnetId,
+                ignoreMissingVnetServiceEndpoint: false,
+            });
+        }
+    }
+    //Allow Public Ip Accessing
+    if (network?.acceptAllInternetConnect) {
+        new sql.FirewallRule('accept-all-connection', {
+            firewallRuleName: 'accept-all-connection',
+            serverName: sqlServer.name,
+            ...group,
+            startIpAddress: '0.0.0.0',
+            endIpAddress: '255.255.255.255',
+        });
+    }
+    else if (network?.ipAddresses) {
+        (0, pulumi_1.all)(network.ipAddresses).apply((ips) => (0, Helper_1.convertToIpRange)(ips).map((ip, i) => {
+            const n = `${sqlName}-fwRule-${i}`;
+            return new sql.FirewallRule(n, {
+                firewallRuleName: n,
+                serverName: sqlServer.name,
+                ...group,
+                startIpAddress: ip.start,
+                endIpAddress: ip.end,
+            });
+        }));
+    }
+    if (vulnerabilityAssessment) {
+        //Grant Storage permission
+        if (vulnerabilityAssessment.logStorageId) {
+            (0, RoleAssignment_1.roleAssignment)({
+                name,
+                principalId: sqlServer.identity.apply((i) => i?.principalId || ''),
+                principalType: 'ServicePrincipal',
+                roleName: 'Storage Blob Data Contributor',
+                scope: vulnerabilityAssessment.logStorageId,
+            });
+        }
+        //Server Audit
+        new sql.ExtendedServerBlobAuditingPolicy(name, {
+            auditActionsAndGroups: [
+                'SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP',
+                'FAILED_DATABASE_AUTHENTICATION_GROUP',
+                'BATCH_COMPLETED_GROUP',
+            ],
+            serverName: sqlServer.name,
+            ...group,
+            blobAuditingPolicyName: 'default',
+            isAzureMonitorTargetEnabled: true,
+            isStorageSecondaryKeyInUse: false,
+            predicateExpression: "object_name = 'SensitiveData'",
+            queueDelayMs: 4000,
+            retentionDays: AzureEnv_1.isPrd ? 30 : 6,
+            state: 'Enabled',
+            isDevopsAuditEnabled: true,
+            storageAccountAccessKey: vulnerabilityAssessment.storageAccessKey,
+            storageAccountSubscriptionId: AzureEnv_1.subscriptionId,
+            storageEndpoint: vulnerabilityAssessment.storageEndpoint,
+        });
+        //ServerSecurityAlertPolicy
+        new sql.ServerSecurityAlertPolicy(name, {
+            securityAlertPolicyName: name,
+            ...group,
+            serverName: sqlServer.name,
+            emailAccountAdmins: !vulnerabilityAssessment.alertEmails,
+            emailAddresses: vulnerabilityAssessment.alertEmails,
+            retentionDays: 7,
+            storageAccountAccessKey: vulnerabilityAssessment.storageAccessKey,
+            storageEndpoint: vulnerabilityAssessment.storageEndpoint,
+            state: 'Enabled',
+        });
+        //ServerVulnerabilityAssessment
+        new sql.ServerVulnerabilityAssessment(name, {
+            vulnerabilityAssessmentName: name,
+            ...group,
+            serverName: sqlServer.name,
+            recurringScans: {
+                isEnabled: true,
+                emailSubscriptionAdmins: !vulnerabilityAssessment.alertEmails,
+                emails: vulnerabilityAssessment.alertEmails,
+            },
+            storageContainerPath: (0, pulumi_1.interpolate) `${vulnerabilityAssessment.storageEndpoint}/${sqlName}`,
+            storageAccountAccessKey: vulnerabilityAssessment.storageAccessKey,
+        });
+    }
+    let dbs;
+    if (databases) {
+        dbs = databases.map((db) => {
+            const d = (0, SqlDb_1.default)({
+                ...db,
+                group,
+                sqlServerName: sqlName,
+                dependsOn: sqlServer,
+                elasticPoolId: ep ? ep.resource.id : undefined,
+            });
+            if (vaultInfo) {
+                const connectionString = auth?.adminLogin
+                    ? (0, pulumi_1.interpolate) `Data Source=${sqlName}.database.windows.net;Initial Catalog=${d.name};User Id=${auth.adminLogin};Password=${auth.password};MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=120;`
+                    : (0, pulumi_1.interpolate) `Data Source=${sqlName}.database.windows.net;Initial Catalog=${d.name};Authentication=Active Directory Integrated;;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=120;`;
+                (0, CustomHelper_1.addCustomSecret)({
+                    name: d.name,
+                    value: connectionString,
+                    vaultInfo,
+                    contentType: `Sql ${d.name} Connection String`,
+                    dependsOn: d.resource,
+                    tags: AzureEnv_1.defaultTags,
+                });
+            }
+            return d;
+        });
+    }
+    return {
+        name: sqlName,
+        resource: sqlServer,
+        elasticPool: ep,
+        databases: dbs,
+        adminGroup,
+    };
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvU3FsL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBQUEsZ0RBQWdEO0FBQ2hELDJDQUFpRTtBQUdqRSx5Q0FBMkM7QUFDM0MsMkRBQXdEO0FBQ3hELGlEQU00QjtBQUM1Qiw2Q0FBd0U7QUFDeEUsMkNBQW9DO0FBT3BDLDJDQUFrRDtBQUNsRCw2REFBNkQ7QUFDN0QsbUNBQW1EO0FBQ25ELDJEQUEyRDtBQUMzRCx1Q0FBZ0M7QUFZaEMsTUFBTSxpQkFBaUIsR0FBRyxDQUFDLEVBQ3pCLEtBQUssRUFDTCxJQUFJLEVBQ0osT0FBTztBQUNQLGtCQUFrQjtBQUNsQixjQUFjLEdBQUcsRUFBRSxFQUNuQixHQUFHLEdBQUcsRUFBRSxJQUFJLEVBQUUsZ0JBQUssQ0FBQyxDQUFDLENBQUMsVUFBVSxDQUFDLENBQUMsQ0FBQyxPQUFPLEVBQUUsUUFBUSxFQUFFLEVBQUUsRUFBRSxFQUMxRCxJQUFJLEdBQUcsSUFBSSxHQUNNLEVBQTZDLEVBQUU7SUFDaEUsb0JBQW9CO0lBQ3BCLE1BQU0sV0FBVyxHQUFHLElBQUEsMkJBQWtCLEVBQUMsSUFBSSxDQUFDLENBQUM7SUFFN0MsTUFBTSxFQUFFLEdBQUcsSUFBSSxHQUFHLENBQUMsV0FBVyxDQUFDLFdBQVcsRUFBRTtRQUMxQyxlQUFlLEVBQUUsV0FBVztRQUM1QixVQUFVLEVBQUUsT0FBTztRQUNuQixHQUFHLEtBQUs7UUFFUixZQUFZLEVBQUUsZ0JBQUssQ0FBQyxDQUFDLENBQUMsY0FBYyxHQUFHLElBQUksR0FBRyxJQUFJLEdBQUcsSUFBSSxDQUFDLENBQUMsQ0FBQyxTQUFTO1FBQ3JFLEdBQUcsRUFBRTtZQUNILElBQUksRUFBRSxHQUFHLEdBQUcsQ0FBQyxJQUFJLE1BQU07WUFDdkIsSUFBSSxFQUFFLEdBQUcsQ0FBQyxJQUFJO1lBQ2QsUUFBUSxFQUFFLEdBQUcsQ0FBQyxRQUFRO1NBQ3ZCO1FBQ0QsbUJBQW1CLEVBQUU7WUFDbkIsV0FBVyxFQUFFLENBQUM7WUFDZCxXQUFXLEVBQUUsR0FBRyxDQUFDLElBQUksS0FBSyxPQUFPLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsR0FBRyxDQUFDLFFBQVE7U0FDckQ7UUFFRCxvREFBb0Q7UUFDcEQsdUJBQXVCO0tBQ3hCLENBQUMsQ0FBQztJQUVILElBQUksSUFBSSxFQUFFLENBQUM7UUFDVCxJQUFBLGdCQUFNLEVBQUMsRUFBRSxJQUFJLEVBQUUsVUFBVSxFQUFFLEVBQUUsQ0FBQyxFQUFFLEVBQUUsU0FBUyxFQUFFLEVBQUUsRUFBRSxDQUFDLENBQUM7SUFDckQsQ0FBQztJQUVELE9BQU8sRUFBRSxJQUFJLEVBQUUsV0FBVyxFQUFFLFFBQVEsRUFBRSxFQUFFLEVBQUUsQ0FBQztBQUM3QyxDQUFDLENBQUM7QUEwQ0Ysa0JBQWUsQ0FBQyxFQUNkLElBQUksRUFDSixJQUFJLEVBQ0osS0FBSyxFQUVMLFdBQVcsRUFDWCxTQUFTLEVBQ1QsU0FBUyxFQUVULE9BQU8sRUFDUCx1QkFBdUIsRUFDdkIsSUFBSSxHQUFHLElBQUksR0FDTCxFQUFFLEVBQUU7SUFDVixNQUFNLE9BQU8sR0FBRyxJQUFBLHlCQUFnQixFQUFDLElBQUksQ0FBQyxDQUFDO0lBRXZDLDRCQUE0QjtJQUM1Qiw4RUFBOEU7SUFDOUUsYUFBYTtJQUNiLG1DQUFtQztJQUNuQyxrQ0FBa0M7SUFDbEMsZ0NBQWdDO0lBQ2hDLE9BQU87SUFDUCxJQUFJO0lBRUosTUFBTSxVQUFVLEdBQUcsSUFBSSxFQUFFLHFCQUFxQjtRQUM1QyxDQUFDLENBQUMsSUFBSSxDQUFDLFlBQVk7WUFDakIsQ0FBQyxDQUFDLElBQUEsa0JBQVUsRUFBQyxJQUFJLENBQUMsWUFBWSxDQUFDLEtBQUssQ0FBQztZQUNyQyxDQUFDLENBQUMsSUFBQSxjQUFJLEVBQUMsRUFBRSxHQUFHLEVBQUUscUJBQVUsRUFBRSxRQUFRLEVBQUUsT0FBTyxFQUFFLE9BQU8sRUFBRSxLQUFLLEVBQUUsQ0FBQztRQUNoRSxDQUFDLENBQUMsU0FBUyxDQUFDO0lBRWQsTUFBTSxhQUFhLEdBQUcsQ0FBQyxvQkFBb0IsRUFBRSxnQkFBZ0IsQ0FBQyxDQUFDO0lBQy9ELElBQUksSUFBSSxDQUFDLHlCQUF5QjtRQUNoQyxhQUFhLENBQUMsSUFBSSxDQUFDLDRCQUE0QixDQUFDLENBQUM7SUFFbkQsTUFBTSxTQUFTLEdBQUcsSUFBSSxHQUFHLENBQUMsTUFBTSxDQUM5QixPQUFPLEVBQ1A7UUFDRSxVQUFVLEVBQUUsT0FBTztRQUNuQixHQUFHLEtBQUs7UUFDUixPQUFPLEVBQUUsTUFBTTtRQUNmLGlCQUFpQixFQUFFLEtBQUs7UUFFeEIsUUFBUSxFQUFFLEVBQUUsSUFBSSxFQUFFLGdCQUFnQixFQUFFO1FBQ3BDLGtCQUFrQixFQUFFLElBQUksRUFBRSxVQUFVO1FBQ3BDLDBCQUEwQixFQUFFLElBQUksQ0FBQyx5QkFBeUI7WUFDeEQsQ0FBQyxDQUFDLFNBQVM7WUFDWCxDQUFDLENBQUMsSUFBSSxFQUFFLFFBQVE7UUFFbEIsY0FBYyxFQUNaLElBQUksRUFBRSxxQkFBcUIsSUFBSSxVQUFVO1lBQ3ZDLENBQUMsQ0FBQztnQkFDRSxpQkFBaUIsRUFBRSxHQUFHLENBQUMsaUJBQWlCLENBQUMsZUFBZTtnQkFDeEQseUJBQXlCLEVBQUUsSUFBSSxDQUFDLHlCQUF5QjtnQkFFekQsYUFBYSxFQUFFLEdBQUcsQ0FBQyxhQUFhLENBQUMsS0FBSztnQkFDdEMsUUFBUSxFQUFSLG1CQUFRO2dCQUNSLEdBQUcsRUFBRSxVQUFVLENBQUMsUUFBUTtnQkFDeEIsS0FBSyxFQUFFLFVBQVUsQ0FBQyxXQUFXO2FBQzlCO1lBQ0gsQ0FBQyxDQUFDLFNBQVM7UUFFZixtQkFBbUIsRUFBRSxPQUFPLEVBQUUsV0FBVztZQUN2QyxDQUFDLENBQUMsR0FBRyxDQUFDLHVCQUF1QixDQUFDLFFBQVE7WUFDdEMsQ0FBQyxDQUFDLEdBQUcsQ0FBQyx1QkFBdUIsQ0FBQyxPQUFPO1FBRXZDLElBQUksRUFBRSxzQkFBVztLQUNsQixFQUNEO1FBQ0UsYUFBYTtRQUNiLE9BQU8sRUFBRSxJQUFJO0tBQ2QsQ0FDRixDQUFDO0lBRUYsSUFBSSxJQUFJLEVBQUUsQ0FBQztRQUNULElBQUEsZ0JBQU0sRUFBQyxFQUFFLElBQUksRUFBRSxPQUFPLEVBQUUsVUFBVSxFQUFFLFNBQVMsQ0FBQyxFQUFFLEVBQUUsU0FBUyxFQUFFLFNBQVMsRUFBRSxDQUFDLENBQUM7SUFDNUUsQ0FBQztJQUVELE1BQU0sRUFBRSxHQUFHLFdBQVc7UUFDcEIsQ0FBQyxDQUFDLGlCQUFpQixDQUFDO1lBQ2hCLElBQUk7WUFDSixLQUFLO1lBQ0wsT0FBTyxFQUFFLFNBQVMsQ0FBQyxJQUFJO1lBQ3ZCLEdBQUcsRUFBRSxXQUFXO1NBQ2pCLENBQUM7UUFDSixDQUFDLENBQUMsU0FBUyxDQUFDO0lBRWQsSUFBSSxPQUFPLEVBQUUsUUFBUSxFQUFFLENBQUM7UUFDdEIsSUFBSSxPQUFPLENBQUMsV0FBVyxFQUFFLENBQUM7WUFDeEIsSUFBQSx5QkFBc0IsRUFBQztnQkFDckIsS0FBSztnQkFDTCxJQUFJO2dCQUNKLFVBQVUsRUFBRSxTQUFTLENBQUMsRUFBRTtnQkFDeEIsa0JBQWtCLEVBQUUsa0NBQWtDO2dCQUN0RCxHQUFHLE9BQU8sQ0FBQyxXQUFXO2dCQUN0QixRQUFRLEVBQUUsT0FBTyxDQUFDLFFBQVE7Z0JBQzFCLG1CQUFtQixFQUFFLENBQUMsV0FBVyxDQUFDO2FBQ25DLENBQUMsQ0FBQztRQUNMLENBQUM7YUFBTSxDQUFDO1lBQ04sY0FBYztZQUNkLElBQUksR0FBRyxDQUFDLGtCQUFrQixDQUFDLE9BQU8sRUFBRTtnQkFDbEMsc0JBQXNCLEVBQUUsR0FBRyxPQUFPLFdBQVc7Z0JBQzdDLFVBQVUsRUFBRSxTQUFTLENBQUMsSUFBSTtnQkFDMUIsR0FBRyxLQUFLO2dCQUVSLHNCQUFzQixFQUFFLE9BQU8sQ0FBQyxRQUFRO2dCQUN4QyxnQ0FBZ0MsRUFBRSxLQUFLO2FBQ3hDLENBQUMsQ0FBQztRQUNMLENBQUM7SUFDSCxDQUFDO0lBRUQsMkJBQTJCO0lBQzNCLElBQUksT0FBTyxFQUFFLHdCQUF3QixFQUFFLENBQUM7UUFDdEMsSUFBSSxHQUFHLENBQUMsWUFBWSxDQUFDLHVCQUF1QixFQUFFO1lBQzVDLGdCQUFnQixFQUFFLHVCQUF1QjtZQUN6QyxVQUFVLEVBQUUsU0FBUyxDQUFDLElBQUk7WUFDMUIsR0FBRyxLQUFLO1lBQ1IsY0FBYyxFQUFFLFNBQVM7WUFDekIsWUFBWSxFQUFFLGlCQUFpQjtTQUNoQyxDQUFDLENBQUM7SUFDTCxDQUFDO1NBQU0sSUFBSSxPQUFPLEVBQUUsV0FBVyxFQUFFLENBQUM7UUFDaEMsSUFBQSxZQUFHLEVBQUMsT0FBTyxDQUFDLFdBQVcsQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDLEdBQUcsRUFBRSxFQUFFLENBQ3JDLElBQUEseUJBQWdCLEVBQUMsR0FBRyxDQUFDLENBQUMsR0FBRyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsRUFBRSxFQUFFO1lBQ2xDLE1BQU0sQ0FBQyxHQUFHLEdBQUcsT0FBTyxXQUFXLENBQUMsRUFBRSxDQUFDO1lBRW5DLE9BQU8sSUFBSSxHQUFHLENBQUMsWUFBWSxDQUFDLENBQUMsRUFBRTtnQkFDN0IsZ0JBQWdCLEVBQUUsQ0FBQztnQkFDbkIsVUFBVSxFQUFFLFNBQVMsQ0FBQyxJQUFJO2dCQUMxQixHQUFHLEtBQUs7Z0JBQ1IsY0FBYyxFQUFFLEVBQUUsQ0FBQyxLQUFLO2dCQUN4QixZQUFZLEVBQUUsRUFBRSxDQUFDLEdBQUc7YUFDckIsQ0FBQyxDQUFDO1FBQ0wsQ0FBQyxDQUFDLENBQ0gsQ0FBQztJQUNKLENBQUM7SUFFRCxJQUFJLHVCQUF1QixFQUFFLENBQUM7UUFDNUIsMEJBQTBCO1FBQzFCLElBQUksdUJBQXVCLENBQUMsWUFBWSxFQUFFLENBQUM7WUFDekMsSUFBQSwrQkFBYyxFQUFDO2dCQUNiLElBQUk7Z0JBQ0osV0FBVyxFQUFFLFNBQVMsQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLEVBQUUsV0FBVyxJQUFJLEVBQUUsQ0FBQztnQkFDbEUsYUFBYSxFQUFFLGtCQUFrQjtnQkFDakMsUUFBUSxFQUFFLCtCQUErQjtnQkFDekMsS0FBSyxFQUFFLHVCQUF1QixDQUFDLFlBQVk7YUFDNUMsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztRQUVELGNBQWM7UUFDZCxJQUFJLEdBQUcsQ0FBQyxnQ0FBZ0MsQ0FBQyxJQUFJLEVBQUU7WUFDN0MscUJBQXFCLEVBQUU7Z0JBQ3JCLDBDQUEwQztnQkFDMUMsc0NBQXNDO2dCQUN0Qyx1QkFBdUI7YUFDeEI7WUFDRCxVQUFVLEVBQUUsU0FBUyxDQUFDLElBQUk7WUFDMUIsR0FBRyxLQUFLO1lBRVIsc0JBQXNCLEVBQUUsU0FBUztZQUNqQywyQkFBMkIsRUFBRSxJQUFJO1lBQ2pDLDBCQUEwQixFQUFFLEtBQUs7WUFDakMsbUJBQW1CLEVBQUUsK0JBQStCO1lBQ3BELFlBQVksRUFBRSxJQUFJO1lBQ2xCLGFBQWEsRUFBRSxnQkFBSyxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUM7WUFDN0IsS0FBSyxFQUFFLFNBQVM7WUFDaEIsb0JBQW9CLEVBQUUsSUFBSTtZQUUxQix1QkFBdUIsRUFBRSx1QkFBdUIsQ0FBQyxnQkFBZ0I7WUFDakUsNEJBQTRCLEVBQUUseUJBQWM7WUFDNUMsZUFBZSxFQUFFLHVCQUF1QixDQUFDLGVBQWU7U0FDekQsQ0FBQyxDQUFDO1FBRUgsMkJBQTJCO1FBQzNCLElBQUksR0FBRyxDQUFDLHlCQUF5QixDQUFDLElBQUksRUFBRTtZQUN0Qyx1QkFBdUIsRUFBRSxJQUFJO1lBQzdCLEdBQUcsS0FBSztZQUNSLFVBQVUsRUFBRSxTQUFTLENBQUMsSUFBSTtZQUMxQixrQkFBa0IsRUFBRSxDQUFDLHVCQUF1QixDQUFDLFdBQVc7WUFDeEQsY0FBYyxFQUFFLHVCQUF1QixDQUFDLFdBQVc7WUFFbkQsYUFBYSxFQUFFLENBQUM7WUFFaEIsdUJBQXVCLEVBQUUsdUJBQXVCLENBQUMsZ0JBQWdCO1lBQ2pFLGVBQWUsRUFBRSx1QkFBdUIsQ0FBQyxlQUFlO1lBQ3hELEtBQUssRUFBRSxTQUFTO1NBQ2pCLENBQUMsQ0FBQztRQUVILCtCQUErQjtRQUMvQixJQUFJLEdBQUcsQ0FBQyw2QkFBNkIsQ0FBQyxJQUFJLEVBQUU7WUFDMUMsMkJBQTJCLEVBQUUsSUFBSTtZQUNqQyxHQUFHLEtBQUs7WUFDUixVQUFVLEVBQUUsU0FBUyxDQUFDLElBQUk7WUFFMUIsY0FBYyxFQUFFO2dCQUNkLFNBQVMsRUFBRSxJQUFJO2dCQUNmLHVCQUF1QixFQUFFLENBQUMsdUJBQXVCLENBQUMsV0FBVztnQkFDN0QsTUFBTSxFQUFFLHVCQUF1QixDQUFDLFdBQVc7YUFDNUM7WUFFRCxvQkFBb0IsRUFBRSxJQUFBLG9CQUFXLEVBQUEsR0FBRyx1QkFBdUIsQ0FBQyxlQUFlLElBQUksT0FBTyxFQUFFO1lBQ3hGLHVCQUF1QixFQUFFLHVCQUF1QixDQUFDLGdCQUFnQjtTQUNsRSxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsSUFBSSxHQUE4RCxDQUFDO0lBQ25FLElBQUksU0FBUyxFQUFFLENBQUM7UUFDZCxHQUFHLEdBQUcsU0FBUyxDQUFDLEdBQUcsQ0FBQyxDQUFDLEVBQUUsRUFBRSxFQUFFO1lBQ3pCLE1BQU0sQ0FBQyxHQUFHLElBQUEsZUFBWSxFQUFDO2dCQUNyQixHQUFHLEVBQUU7Z0JBQ0wsS0FBSztnQkFDTCxhQUFhLEVBQUUsT0FBTztnQkFDdEIsU0FBUyxFQUFFLFNBQVM7Z0JBQ3BCLGFBQWEsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxTQUFTO2FBQy9DLENBQUMsQ0FBQztZQUVILElBQUksU0FBUyxFQUFFLENBQUM7Z0JBQ2QsTUFBTSxnQkFBZ0IsR0FBRyxJQUFJLEVBQUUsVUFBVTtvQkFDdkMsQ0FBQyxDQUFDLElBQUEsb0JBQVcsRUFBQSxlQUFlLE9BQU8seUNBQXlDLENBQUMsQ0FBQyxJQUFJLFlBQVksSUFBSSxDQUFDLFVBQVUsYUFBYSxJQUFJLENBQUMsUUFBUSxtR0FBbUc7b0JBQzFPLENBQUMsQ0FBQyxJQUFBLG9CQUFXLEVBQUEsZUFBZSxPQUFPLHlDQUF5QyxDQUFDLENBQUMsSUFBSSwrSUFBK0ksQ0FBQztnQkFFcE8sSUFBQSw4QkFBZSxFQUFDO29CQUNkLElBQUksRUFBRSxDQUFDLENBQUMsSUFBSTtvQkFDWixLQUFLLEVBQUUsZ0JBQWdCO29CQUN2QixTQUFTO29CQUNULFdBQVcsRUFBRSxPQUFPLENBQUMsQ0FBQyxJQUFJLG9CQUFvQjtvQkFDOUMsU0FBUyxFQUFFLENBQUMsQ0FBQyxRQUFRO29CQUNyQixJQUFJLEVBQUUsc0JBQVc7aUJBQ2xCLENBQUMsQ0FBQztZQUNMLENBQUM7WUFFRCxPQUFPLENBQUMsQ0FBQztRQUNYLENBQUMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVELE9BQU87UUFDTCxJQUFJLEVBQUUsT0FBTztRQUNiLFFBQVEsRUFBRSxTQUFTO1FBQ25CLFdBQVcsRUFBRSxFQUFFO1FBQ2YsU0FBUyxFQUFFLEdBQUc7UUFDZCxVQUFVO0tBQ1gsQ0FBQztBQUNKLENBQUMsQ0FBQyJ9

package/Storage/CdnEndpoint.d.ts

@@ -0,0 +1,12 @@
+import { Input } from '@pulumi/pulumi';
+import { BasicArgs } from '../types';
+interface Props extends BasicArgs {
+    name: string;
+    origin: Input<string>;
+    cors?: string[];
+    domainName: string;
+    httpsEnabled?: boolean;
+    includesDefaultResponseHeaders?: boolean;
+}
+declare const _default: ({ name, domainName, origin, cors, httpsEnabled, includesDefaultResponseHeaders, dependsOn, }: Props) => import("@pulumi/azure-native/cdn/endpoint").Endpoint;
+export default _default;

package/Storage/CdnEndpoint.js

@@ -0,0 +1,62 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const native = require("@pulumi/azure-native");
+const CdnHttpsEnable_1 = require("@drunk-pulumi/azure-providers/CdnHttpsEnable");
+const CdnRules_1 = require("./CdnRules");
+const GlobalEnv_1 = require("../Common/GlobalEnv");
+const Helpers_1 = require("../Common/Helpers");
+const Naming_1 = require("../Common/Naming");
+exports.default = ({ name, domainName, origin, cors, httpsEnabled, includesDefaultResponseHeaders, dependsOn, }) => {
+    name = (0, Naming_1.getCdnEndpointName)(name);
+    const rules = [CdnRules_1.enforceHttpsRule, CdnRules_1.indexFileCacheRule];
+    if (includesDefaultResponseHeaders) {
+        rules.push((0, CdnRules_1.getDefaultResponseHeadersRule)(domainName));
+    }
+    if (cors) {
+        rules.push(...(0, CdnRules_1.allowsCorsRules)(cors));
+    }
+    //Update rule order
+    rules.forEach((r, i) => (r.order = i + 1));
+    console.log('CDN Endpoint: Link to', GlobalEnv_1.cdnProfileInfo);
+    const endpoint = new native.cdn.Endpoint(name, {
+        endpointName: name,
+        ...GlobalEnv_1.cdnProfileInfo,
+        origins: [{ name, hostName: origin }],
+        originHostHeader: origin,
+        optimizationType: 'GeneralWebDelivery',
+        queryStringCachingBehavior: 'IgnoreQueryString',
+        deliveryPolicy: {
+            rules,
+            description: 'Static Website Rules',
+        },
+        isCompressionEnabled: true,
+        contentTypesToCompress: [
+            'text/plain',
+            'text/html',
+            'text/xml',
+            'text/css',
+            'application/xml',
+            'application/xhtml+xml',
+            'application/rss+xml',
+            'application/javascript',
+            'application/x-javascript',
+        ],
+        isHttpAllowed: true,
+        isHttpsAllowed: true,
+    }, { dependsOn });
+    if (domainName) {
+        const customDomain = new native.cdn.CustomDomain(name, {
+            endpointName: endpoint.name,
+            ...GlobalEnv_1.cdnProfileInfo,
+            customDomainName: (0, Helpers_1.replaceAll)(domainName, '.', '-'),
+            hostName: domainName,
+        }, { dependsOn: endpoint });
+        if (httpsEnabled) {
+            new CdnHttpsEnable_1.default(name, {
+                customDomainId: customDomain.id,
+            }, { dependsOn: customDomain });
+        }
+    }
+    return endpoint;
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQ2RuRW5kcG9pbnQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvU3RvcmFnZS9DZG5FbmRwb2ludC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQUNBLCtDQUErQztBQUMvQyxpRkFBMEU7QUFDMUUseUNBS29CO0FBQ3BCLG1EQUFxRDtBQUNyRCwrQ0FBK0M7QUFDL0MsNkNBQXNEO0FBWXRELGtCQUFlLENBQUMsRUFDZCxJQUFJLEVBQ0osVUFBVSxFQUNWLE1BQU0sRUFDTixJQUFJLEVBQ0osWUFBWSxFQUNaLDhCQUE4QixFQUM5QixTQUFTLEdBQ0gsRUFBRSxFQUFFO0lBQ1YsSUFBSSxHQUFHLElBQUEsMkJBQWtCLEVBQUMsSUFBSSxDQUFDLENBQUM7SUFFaEMsTUFBTSxLQUFLLEdBQUcsQ0FBQywyQkFBZ0IsRUFBRSw2QkFBa0IsQ0FBQyxDQUFDO0lBQ3JELElBQUksOEJBQThCLEVBQUUsQ0FBQztRQUNuQyxLQUFLLENBQUMsSUFBSSxDQUFDLElBQUEsd0NBQTZCLEVBQUMsVUFBVSxDQUFDLENBQUMsQ0FBQztJQUN4RCxDQUFDO0lBQ0QsSUFBSSxJQUFJLEVBQUUsQ0FBQztRQUNULEtBQUssQ0FBQyxJQUFJLENBQUMsR0FBRyxJQUFBLDBCQUFlLEVBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQztJQUN2QyxDQUFDO0lBRUQsbUJBQW1CO0lBQ25CLEtBQUssQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxLQUFLLEdBQUcsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUM7SUFDM0MsT0FBTyxDQUFDLEdBQUcsQ0FBQyx1QkFBdUIsRUFBRSwwQkFBYyxDQUFDLENBQUM7SUFFckQsTUFBTSxRQUFRLEdBQUcsSUFBSSxNQUFNLENBQUMsR0FBRyxDQUFDLFFBQVEsQ0FDdEMsSUFBSSxFQUNKO1FBQ0UsWUFBWSxFQUFFLElBQUk7UUFDbEIsR0FBRywwQkFBYztRQUVqQixPQUFPLEVBQUUsQ0FBQyxFQUFFLElBQUksRUFBRSxRQUFRLEVBQUUsTUFBTSxFQUFFLENBQUM7UUFDckMsZ0JBQWdCLEVBQUUsTUFBTTtRQUV4QixnQkFBZ0IsRUFBRSxvQkFBb0I7UUFDdEMsMEJBQTBCLEVBQUUsbUJBQW1CO1FBRS9DLGNBQWMsRUFBRTtZQUNkLEtBQUs7WUFDTCxXQUFXLEVBQUUsc0JBQXNCO1NBQ3BDO1FBRUQsb0JBQW9CLEVBQUUsSUFBSTtRQUMxQixzQkFBc0IsRUFBRTtZQUN0QixZQUFZO1lBQ1osV0FBVztZQUNYLFVBQVU7WUFDVixVQUFVO1lBQ1YsaUJBQWlCO1lBQ2pCLHVCQUF1QjtZQUN2QixxQkFBcUI7WUFDckIsd0JBQXdCO1lBQ3hCLDBCQUEwQjtTQUMzQjtRQUVELGFBQWEsRUFBRSxJQUFJO1FBQ25CLGNBQWMsRUFBRSxJQUFJO0tBQ3JCLEVBQ0QsRUFBRSxTQUFTLEVBQUUsQ0FDZCxDQUFDO0lBRUYsSUFBSSxVQUFVLEVBQUUsQ0FBQztRQUNmLE1BQU0sWUFBWSxHQUFHLElBQUksTUFBTSxDQUFDLEdBQUcsQ0FBQyxZQUFZLENBQzlDLElBQUksRUFDSjtZQUNFLFlBQVksRUFBRSxRQUFRLENBQUMsSUFBSTtZQUMzQixHQUFHLDBCQUFjO1lBQ2pCLGdCQUFnQixFQUFFLElBQUEsb0JBQVUsRUFBQyxVQUFVLEVBQUUsR0FBRyxFQUFFLEdBQUcsQ0FBQztZQUNsRCxRQUFRLEVBQUUsVUFBVTtTQUNyQixFQUNELEVBQUUsU0FBUyxFQUFFLFFBQVEsRUFBRSxDQUN4QixDQUFDO1FBRUYsSUFBSSxZQUFZLEVBQUUsQ0FBQztZQUNqQixJQUFJLHdCQUFjLENBQ2hCLElBQUksRUFDSjtnQkFDRSxjQUFjLEVBQUUsWUFBWSxDQUFDLEVBQUU7YUFDaEMsRUFDRCxFQUFFLFNBQVMsRUFBRSxZQUFZLEVBQUUsQ0FDNUIsQ0FBQztRQUNKLENBQUM7SUFDSCxDQUFDO0lBRUQsT0FBTyxRQUFRLENBQUM7QUFDbEIsQ0FBQyxDQUFDIn0=

package/Storage/CdnRules.d.ts

@@ -0,0 +1,6 @@
+import * as native from '@pulumi/azure-native';
+export declare const getDefaultResponseHeaders: (envDomain: string) => Record<string, string>;
+export declare const enforceHttpsRule: native.types.input.cdn.DeliveryRuleArgs;
+export declare const indexFileCacheRule: native.types.input.cdn.DeliveryRuleArgs;
+export declare const getDefaultResponseHeadersRule: (envDomain: string) => native.types.input.cdn.DeliveryRuleArgs;
+export declare const allowsCorsRules: (cors: string[]) => native.types.input.cdn.DeliveryRuleArgs[];

package/Storage/CdnRules.js

@@ -0,0 +1,134 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.allowsCorsRules = exports.getDefaultResponseHeadersRule = exports.indexFileCacheRule = exports.enforceHttpsRule = exports.getDefaultResponseHeaders = void 0;
+const getSecurities = (envDomain) => [
+    "default-src 'self' data: 'unsafe-inline' 'unsafe-eval'",
+    `https://*.${envDomain}`,
+    'https://*.services.visualstudio.com',
+    'https://*.googleapis.com', // Font and Css
+    'https://*.gstatic.com', // Font and Css
+    'https://*.google.com', // Captcha
+    'https://login.microsoftonline.com',
+    'https://graph.microsoft.com',
+    'https://*.service.signalr.net',
+    'wss://*.service.signalr.net',
+    `frame-ancestors 'self' https://login.microsoftonline.com https://*.${envDomain}`,
+];
+const getDefaultResponseHeaders = (envDomain) => ({
+    'Strict-Transport-Security': 'max-age=86400; includeSubDomains',
+    'X-XSS-Protection': '1; mode=block',
+    'X-Content-Type-Options': 'nosniff',
+    'Content-Security-Policy': getSecurities(envDomain).join(' '),
+});
+exports.getDefaultResponseHeaders = getDefaultResponseHeaders;
+exports.enforceHttpsRule = {
+    name: 'enforceHttps',
+    order: 1,
+    conditions: [
+        {
+            name: 'RequestScheme',
+            parameters: {
+                matchValues: ['HTTP'],
+                operator: 'Equal',
+                negateCondition: false,
+                typeName: 'DeliveryRuleRequestSchemeConditionParameters',
+            },
+        },
+    ],
+    actions: [
+        {
+            name: 'UrlRedirect',
+            parameters: {
+                redirectType: 'Found',
+                destinationProtocol: 'Https',
+                typeName: 'DeliveryRuleUrlRedirectActionParameters',
+            },
+        },
+    ],
+};
+exports.indexFileCacheRule = {
+    name: 'indexCache',
+    order: 2,
+    conditions: [
+        {
+            name: 'UrlFileName',
+            parameters: {
+                operator: 'Contains',
+                negateCondition: false,
+                matchValues: ['index.html'],
+                transforms: ['Lowercase'],
+                typeName: 'DeliveryRuleUrlFilenameConditionParameters',
+            },
+        },
+    ],
+    actions: [
+        {
+            name: 'CacheExpiration',
+            parameters: {
+                cacheBehavior: 'Override',
+                cacheType: 'All',
+                cacheDuration: '08:00:00',
+                typeName: 'DeliveryRuleCacheExpirationActionParameters',
+            },
+        },
+    ],
+};
+const getDefaultResponseHeadersRule = (envDomain) => {
+    const defaultResponseHeaders = (0, exports.getDefaultResponseHeaders)(envDomain);
+    return {
+        name: 'defaultResponseHeaders',
+        order: 3,
+        conditions: [
+            {
+                name: 'UrlPath',
+                parameters: {
+                    operator: 'Any',
+                    negateCondition: false,
+                    matchValues: [],
+                    transforms: [],
+                    typeName: 'DeliveryRuleUrlPathMatchConditionParameters',
+                },
+            },
+        ],
+        actions: Object.keys(defaultResponseHeaders).map((k) => ({
+            name: 'ModifyResponseHeader',
+            parameters: {
+                headerAction: 'Overwrite',
+                headerName: k,
+                value: defaultResponseHeaders[k],
+                typeName: 'DeliveryRuleHeaderActionParameters',
+            },
+        })),
+    };
+};
+exports.getDefaultResponseHeadersRule = getDefaultResponseHeadersRule;
+const allowsCorsRules = (cors) => cors.map((c, i) => ({
+    name: `allowsCors${i + 1}`,
+    order: 5 + i,
+    conditions: [
+        {
+            name: 'RequestHeader',
+            parameters: {
+                typeName: 'DeliveryRuleRequestHeaderConditionParameters',
+                selector: 'Origin',
+                operator: 'Contains',
+                transforms: [],
+                matchValues: [c],
+                negateCondition: false,
+            },
+        },
+    ],
+    actions: [
+        {
+            name: 'ModifyResponseHeader',
+            parameters: {
+                typeName: 'DeliveryRuleHeaderActionParameters',
+                headerAction: 'Overwrite',
+                headerName: 'Access-Control-Allow-Origin',
+                value: c,
+            },
+        },
+    ],
+}));
+exports.allowsCorsRules = allowsCorsRules;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQ2RuUnVsZXMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvU3RvcmFnZS9DZG5SdWxlcy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFFQSxNQUFNLGFBQWEsR0FBRyxDQUFDLFNBQWlCLEVBQUUsRUFBRSxDQUFDO0lBQzNDLHdEQUF3RDtJQUN4RCxhQUFhLFNBQVMsRUFBRTtJQUN4QixxQ0FBcUM7SUFDckMsMEJBQTBCLEVBQUUsZUFBZTtJQUMzQyx1QkFBdUIsRUFBRSxlQUFlO0lBQ3hDLHNCQUFzQixFQUFFLFVBQVU7SUFDbEMsbUNBQW1DO0lBQ25DLDZCQUE2QjtJQUM3QiwrQkFBK0I7SUFDL0IsNkJBQTZCO0lBQzdCLHNFQUFzRSxTQUFTLEVBQUU7Q0FDbEYsQ0FBQztBQUVLLE1BQU0seUJBQXlCLEdBQUcsQ0FDdkMsU0FBaUIsRUFDTyxFQUFFLENBQUMsQ0FBQztJQUM1QiwyQkFBMkIsRUFBRSxrQ0FBa0M7SUFDL0Qsa0JBQWtCLEVBQUUsZUFBZTtJQUNuQyx3QkFBd0IsRUFBRSxTQUFTO0lBQ25DLHlCQUF5QixFQUFFLGFBQWEsQ0FBQyxTQUFTLENBQUMsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDO0NBQzlELENBQUMsQ0FBQztBQVBVLFFBQUEseUJBQXlCLDZCQU9uQztBQUVVLFFBQUEsZ0JBQWdCLEdBQTRDO0lBQ3ZFLElBQUksRUFBRSxjQUFjO0lBQ3BCLEtBQUssRUFBRSxDQUFDO0lBQ1IsVUFBVSxFQUFFO1FBQ1Y7WUFDRSxJQUFJLEVBQUUsZUFBZTtZQUNyQixVQUFVLEVBQUU7Z0JBQ1YsV0FBVyxFQUFFLENBQUMsTUFBTSxDQUFDO2dCQUNyQixRQUFRLEVBQUUsT0FBTztnQkFDakIsZUFBZSxFQUFFLEtBQUs7Z0JBQ3RCLFFBQVEsRUFBRSw4Q0FBOEM7YUFDekQ7U0FDRjtLQUNGO0lBQ0QsT0FBTyxFQUFFO1FBQ1A7WUFDRSxJQUFJLEVBQUUsYUFBYTtZQUNuQixVQUFVLEVBQUU7Z0JBQ1YsWUFBWSxFQUFFLE9BQU87Z0JBQ3JCLG1CQUFtQixFQUFFLE9BQU87Z0JBQzVCLFFBQVEsRUFBRSx5Q0FBeUM7YUFDcEQ7U0FDRjtLQUNGO0NBQ0YsQ0FBQztBQUVXLFFBQUEsa0JBQWtCLEdBQTRDO0lBQ3pFLElBQUksRUFBRSxZQUFZO0lBQ2xCLEtBQUssRUFBRSxDQUFDO0lBQ1IsVUFBVSxFQUFFO1FBQ1Y7WUFDRSxJQUFJLEVBQUUsYUFBYTtZQUNuQixVQUFVLEVBQUU7Z0JBQ1YsUUFBUSxFQUFFLFVBQVU7Z0JBQ3BCLGVBQWUsRUFBRSxLQUFLO2dCQUN0QixXQUFXLEVBQUUsQ0FBQyxZQUFZLENBQUM7Z0JBQzNCLFVBQVUsRUFBRSxDQUFDLFdBQVcsQ0FBQztnQkFDekIsUUFBUSxFQUFFLDRDQUE0QzthQUN2RDtTQUNGO0tBQ0Y7SUFDRCxPQUFPLEVBQUU7UUFDUDtZQUNFLElBQUksRUFBRSxpQkFBaUI7WUFDdkIsVUFBVSxFQUFFO2dCQUNWLGFBQWEsRUFBRSxVQUFVO2dCQUN6QixTQUFTLEVBQUUsS0FBSztnQkFDaEIsYUFBYSxFQUFFLFVBQVU7Z0JBQ3pCLFFBQVEsRUFBRSw2Q0FBNkM7YUFDeEQ7U0FDRjtLQUNGO0NBQ0YsQ0FBQztBQUVLLE1BQU0sNkJBQTZCLEdBQUcsQ0FDM0MsU0FBaUIsRUFDd0IsRUFBRTtJQUMzQyxNQUFNLHNCQUFzQixHQUFHLElBQUEsaUNBQXlCLEVBQUMsU0FBUyxDQUFDLENBQUM7SUFFcEUsT0FBTztRQUNMLElBQUksRUFBRSx3QkFBd0I7UUFDOUIsS0FBSyxFQUFFLENBQUM7UUFDUixVQUFVLEVBQUU7WUFDVjtnQkFDRSxJQUFJLEVBQUUsU0FBUztnQkFDZixVQUFVLEVBQUU7b0JBQ1YsUUFBUSxFQUFFLEtBQUs7b0JBQ2YsZUFBZSxFQUFFLEtBQUs7b0JBQ3RCLFdBQVcsRUFBRSxFQUFFO29CQUNmLFVBQVUsRUFBRSxFQUFFO29CQUNkLFFBQVEsRUFBRSw2Q0FBNkM7aUJBQ3hEO2FBQ0Y7U0FDRjtRQUNELE9BQU8sRUFBRSxNQUFNLENBQUMsSUFBSSxDQUFDLHNCQUFzQixDQUFDLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1lBQ3ZELElBQUksRUFBRSxzQkFBc0I7WUFDNUIsVUFBVSxFQUFFO2dCQUNWLFlBQVksRUFBRSxXQUFXO2dCQUN6QixVQUFVLEVBQUUsQ0FBQztnQkFDYixLQUFLLEVBQUUsc0JBQXNCLENBQUMsQ0FBQyxDQUFDO2dCQUNoQyxRQUFRLEVBQUUsb0NBQW9DO2FBQy9DO1NBQ0YsQ0FBQyxDQUFDO0tBQ0osQ0FBQztBQUNKLENBQUMsQ0FBQztBQTlCVyxRQUFBLDZCQUE2QixpQ0E4QnhDO0FBRUssTUFBTSxlQUFlLEdBQUcsQ0FDN0IsSUFBYyxFQUM2QixFQUFFLENBQzdDLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDO0lBQ2xCLElBQUksRUFBRSxhQUFhLENBQUMsR0FBRyxDQUFDLEVBQUU7SUFDMUIsS0FBSyxFQUFFLENBQUMsR0FBRyxDQUFDO0lBQ1osVUFBVSxFQUFFO1FBQ1Y7WUFDRSxJQUFJLEVBQUUsZUFBZTtZQUNyQixVQUFVLEVBQUU7Z0JBQ1YsUUFBUSxFQUFFLDhDQUE4QztnQkFDeEQsUUFBUSxFQUFFLFFBQVE7Z0JBQ2xCLFFBQVEsRUFBRSxVQUFVO2dCQUNwQixVQUFVLEVBQUUsRUFBRTtnQkFDZCxXQUFXLEVBQUUsQ0FBQyxDQUFDLENBQUM7Z0JBQ2hCLGVBQWUsRUFBRSxLQUFLO2FBQ3ZCO1NBQ0Y7S0FDRjtJQUNELE9BQU8sRUFBRTtRQUNQO1lBQ0UsSUFBSSxFQUFFLHNCQUFzQjtZQUM1QixVQUFVLEVBQUU7Z0JBQ1YsUUFBUSxFQUFFLG9DQUFvQztnQkFDOUMsWUFBWSxFQUFFLFdBQVc7Z0JBQ3pCLFVBQVUsRUFBRSw2QkFBNkI7Z0JBQ3pDLEtBQUssRUFBRSxDQUFDO2FBQ1Q7U0FDRjtLQUNGO0NBQ0YsQ0FBQyxDQUFDLENBQUM7QUE5Qk8sUUFBQSxlQUFlLG1CQThCdEIifQ==

package/Storage/Helper.d.ts

@@ -0,0 +1,28 @@
+import * as storage from '@pulumi/azure-native/storage';
+import { BasicResourceArgs, KeyVaultInfo } from '../types';
+export type StorageConnectionInfo = {
+    primaryConnection?: string;
+    secondaryConnection?: string;
+    primaryKey?: string;
+    secondaryKey?: string;
+    endpoints: {
+        blob: string;
+        file: string;
+        table: string;
+        staticSite: string;
+        DataLake: string;
+    };
+};
+export declare const getStorageSecrets: ({ name, nameFormatted, vaultInfo, }: {
+    name: string;
+    nameFormatted?: boolean | undefined;
+    vaultInfo: KeyVaultInfo;
+}) => Promise<StorageConnectionInfo>;
+export declare const getStorageSecretsById: ({ storageId, vaultInfo, }: {
+    storageId: string;
+    vaultInfo: KeyVaultInfo;
+}) => Promise<{
+    info: import("../Common/AzureEnv").ResourceInfo | undefined;
+    secrets: StorageConnectionInfo;
+} | undefined>;
+export declare const getAccountSAS: ({ group, name }: BasicResourceArgs) => Promise<storage.ListStorageAccountSASResult>;

package/Storage/Helper.js

@@ -0,0 +1,66 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getAccountSAS = exports.getStorageSecretsById = exports.getStorageSecrets = void 0;
+const storage = require("@pulumi/azure-native/storage");
+const Naming_1 = require("../Common/Naming");
+const Helper_1 = require("../KeyVault/Helper");
+const AzureEnv_1 = require("../Common/AzureEnv");
+const getStorageSecrets = async ({ name, nameFormatted, vaultInfo, }) => {
+    name = nameFormatted ? name : (0, Naming_1.getStorageName)(name);
+    const primaryKeyName = (0, Naming_1.getKeyName)(name, 'primary');
+    const secondaryKeyName = (0, Naming_1.getKeyName)(name, 'secondary');
+    const primaryConnectionKeyName = (0, Naming_1.getConnectionName)(name, 'primary');
+    const secondConnectionKeyName = (0, Naming_1.getConnectionName)(name, 'secondary');
+    const [primaryConnection, secondaryConnection, primaryKey, secondaryKey] = await Promise.all([
+        primaryConnectionKeyName,
+        secondConnectionKeyName,
+        primaryKeyName,
+        secondaryKeyName,
+    ].map((k) => {
+        const n = (0, Naming_1.getSecretName)(k);
+        return (0, Helper_1.getSecret)({ name: n, vaultInfo, nameFormatted: true });
+    }));
+    return {
+        primaryConnection: primaryConnection?.value,
+        secondaryConnection: secondaryConnection?.value,
+        primaryKey: primaryKey?.value,
+        secondaryKey: secondaryKey?.value,
+        endpoints: {
+            blob: `https://${name}.blob.core.windows.net`,
+            file: `https://${name}.file.core.windows.net`,
+            table: `https://${name}.table.core.windows.net`,
+            staticSite: `https://${name}.z23.web.core.windows.net`,
+            DataLake: `https://${name}.dfs.core.windows.net`,
+        },
+    };
+};
+exports.getStorageSecrets = getStorageSecrets;
+const getStorageSecretsById = async ({ storageId, vaultInfo, }) => {
+    const info = (0, AzureEnv_1.getResourceInfoFromId)(storageId);
+    const secrets = info
+        ? await (0, exports.getStorageSecrets)({
+            name: info.name,
+            nameFormatted: true,
+            vaultInfo,
+        })
+        : undefined;
+    return secrets ? { info, secrets } : undefined;
+};
+exports.getStorageSecretsById = getStorageSecretsById;
+const getAccountSAS = ({ group, name }) => {
+    const now = new Date();
+    const expireDate = new Date();
+    expireDate.setMonth(expireDate.getMonth() + 3);
+    return storage.listStorageAccountSAS({
+        accountName: name,
+        ...group,
+        resourceTypes: storage.SignedResourceTypes.C,
+        services: storage.Services.B,
+        permissions: storage.Permissions.W,
+        protocols: storage.HttpProtocol.Https,
+        sharedAccessStartTime: now.toISOString(),
+        sharedAccessExpiryTime: expireDate.toISOString(),
+    });
+};
+exports.getAccountSAS = getAccountSAS;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiSGVscGVyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL1N0b3JhZ2UvSGVscGVyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLHdEQUF3RDtBQUV4RCw2Q0FLMEI7QUFDMUIsK0NBQStDO0FBRS9DLGlEQUEyRDtBQWlCcEQsTUFBTSxpQkFBaUIsR0FBRyxLQUFLLEVBQUUsRUFDdEMsSUFBSSxFQUNKLGFBQWEsRUFDYixTQUFTLEdBS1YsRUFBa0MsRUFBRTtJQUNuQyxJQUFJLEdBQUcsYUFBYSxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLElBQUEsdUJBQWMsRUFBQyxJQUFJLENBQUMsQ0FBQztJQUNuRCxNQUFNLGNBQWMsR0FBRyxJQUFBLG1CQUFVLEVBQUMsSUFBSSxFQUFFLFNBQVMsQ0FBQyxDQUFDO0lBQ25ELE1BQU0sZ0JBQWdCLEdBQUcsSUFBQSxtQkFBVSxFQUFDLElBQUksRUFBRSxXQUFXLENBQUMsQ0FBQztJQUN2RCxNQUFNLHdCQUF3QixHQUFHLElBQUEsMEJBQWlCLEVBQUMsSUFBSSxFQUFFLFNBQVMsQ0FBQyxDQUFDO0lBQ3BFLE1BQU0sdUJBQXVCLEdBQUcsSUFBQSwwQkFBaUIsRUFBQyxJQUFJLEVBQUUsV0FBVyxDQUFDLENBQUM7SUFFckUsTUFBTSxDQUFDLGlCQUFpQixFQUFFLG1CQUFtQixFQUFFLFVBQVUsRUFBRSxZQUFZLENBQUMsR0FDdEUsTUFBTSxPQUFPLENBQUMsR0FBRyxDQUNmO1FBQ0Usd0JBQXdCO1FBQ3hCLHVCQUF1QjtRQUN2QixjQUFjO1FBQ2QsZ0JBQWdCO0tBQ2pCLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUU7UUFDVixNQUFNLENBQUMsR0FBRyxJQUFBLHNCQUFhLEVBQUMsQ0FBQyxDQUFDLENBQUM7UUFDM0IsT0FBTyxJQUFBLGtCQUFTLEVBQUMsRUFBRSxJQUFJLEVBQUUsQ0FBQyxFQUFFLFNBQVMsRUFBRSxhQUFhLEVBQUUsSUFBSSxFQUFFLENBQUMsQ0FBQztJQUNoRSxDQUFDLENBQUMsQ0FDSCxDQUFDO0lBRUosT0FBTztRQUNMLGlCQUFpQixFQUFFLGlCQUFpQixFQUFFLEtBQUs7UUFDM0MsbUJBQW1CLEVBQUUsbUJBQW1CLEVBQUUsS0FBSztRQUMvQyxVQUFVLEVBQUUsVUFBVSxFQUFFLEtBQUs7UUFDN0IsWUFBWSxFQUFFLFlBQVksRUFBRSxLQUFLO1FBRWpDLFNBQVMsRUFBRTtZQUNULElBQUksRUFBRSxXQUFXLElBQUksd0JBQXdCO1lBQzdDLElBQUksRUFBRSxXQUFXLElBQUksd0JBQXdCO1lBQzdDLEtBQUssRUFBRSxXQUFXLElBQUkseUJBQXlCO1lBQy9DLFVBQVUsRUFBRSxXQUFXLElBQUksMkJBQTJCO1lBQ3RELFFBQVEsRUFBRSxXQUFXLElBQUksdUJBQXVCO1NBQ2pEO0tBQ0YsQ0FBQztBQUNKLENBQUMsQ0FBQztBQTFDVyxRQUFBLGlCQUFpQixxQkEwQzVCO0FBRUssTUFBTSxxQkFBcUIsR0FBRyxLQUFLLEVBQUUsRUFDMUMsU0FBUyxFQUNULFNBQVMsR0FJVixFQUFFLEVBQUU7SUFDSCxNQUFNLElBQUksR0FBRyxJQUFBLGdDQUFxQixFQUFDLFNBQVMsQ0FBQyxDQUFDO0lBQzlDLE1BQU0sT0FBTyxHQUFHLElBQUk7UUFDbEIsQ0FBQyxDQUFDLE1BQU0sSUFBQSx5QkFBaUIsRUFBQztZQUN0QixJQUFJLEVBQUUsSUFBSSxDQUFDLElBQUk7WUFDZixhQUFhLEVBQUUsSUFBSTtZQUNuQixTQUFTO1NBQ1YsQ0FBQztRQUNKLENBQUMsQ0FBQyxTQUFTLENBQUM7SUFFZCxPQUFPLE9BQU8sQ0FBQyxDQUFDLENBQUMsRUFBRSxJQUFJLEVBQUUsT0FBTyxFQUFFLENBQUMsQ0FBQyxDQUFDLFNBQVMsQ0FBQztBQUNqRCxDQUFDLENBQUM7QUFqQlcsUUFBQSxxQkFBcUIseUJBaUJoQztBQUVLLE1BQU0sYUFBYSxHQUFHLENBQUMsRUFBRSxLQUFLLEVBQUUsSUFBSSxFQUFxQixFQUFFLEVBQUU7SUFDbEUsTUFBTSxHQUFHLEdBQUcsSUFBSSxJQUFJLEVBQUUsQ0FBQztJQUN2QixNQUFNLFVBQVUsR0FBRyxJQUFJLElBQUksRUFBRSxDQUFDO0lBQzlCLFVBQVUsQ0FBQyxRQUFRLENBQUMsVUFBVSxDQUFDLFFBQVEsRUFBRSxHQUFHLENBQUMsQ0FBQyxDQUFDO0lBRS9DLE9BQU8sT0FBTyxDQUFDLHFCQUFxQixDQUFDO1FBQ25DLFdBQVcsRUFBRSxJQUFJO1FBQ2pCLEdBQUcsS0FBSztRQUNSLGFBQWEsRUFBRSxPQUFPLENBQUMsbUJBQW1CLENBQUMsQ0FBQztRQUM1QyxRQUFRLEVBQUUsT0FBTyxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQzVCLFdBQVcsRUFBRSxPQUFPLENBQUMsV0FBVyxDQUFDLENBQUM7UUFDbEMsU0FBUyxFQUFFLE9BQU8sQ0FBQyxZQUFZLENBQUMsS0FBSztRQUNyQyxxQkFBcUIsRUFBRSxHQUFHLENBQUMsV0FBVyxFQUFFO1FBQ3hDLHNCQUFzQixFQUFFLFVBQVUsQ0FBQyxXQUFXLEVBQUU7S0FDakQsQ0FBQyxDQUFDO0FBQ0wsQ0FBQyxDQUFDO0FBZlcsUUFBQSxhQUFhLGlCQWV4QiJ9