@drunk-pulumi/azure 0.0.19

package/VNet/Firewall.d.ts

@@ -0,0 +1,27 @@
+import * as network from '@pulumi/azure-native/network';
+import * as pulumi from '@pulumi/pulumi';
+import { BasicMonitorArgs, BasicResourceArgs, DefaultResourceArgs } from '../types';
+import { FirewallPolicyProps } from './FirewallRules/types';
+export interface FwOutboundConfig {
+    name?: string;
+    subnetId: pulumi.Input<string>;
+    publicIpAddress: network.PublicIPAddress;
+}
+export type FirewallSkus = {
+    name: network.AzureFirewallSkuName;
+    tier: network.AzureFirewallSkuTier;
+};
+interface Props extends BasicResourceArgs, Omit<DefaultResourceArgs, 'monitoring'> {
+    outbound: Array<FwOutboundConfig>;
+    /** This must be provided if sku is Basic */
+    management?: FwOutboundConfig;
+    policy: FirewallPolicyProps;
+    enableDnsProxy?: boolean;
+    sku?: FirewallSkus;
+    monitorConfig?: BasicMonitorArgs;
+}
+declare const _default: ({ name, group, policy, outbound, management, monitorConfig, enableDnsProxy, sku, ...others }: Props) => {
+    firewall: import("@pulumi/azure-native/network/azureFirewall").AzureFirewall;
+    policy: import("@pulumi/azure-native/network/firewallPolicy").FirewallPolicy | undefined;
+};
+export default _default;

package/VNet/Firewall.js

@@ -0,0 +1,87 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const network = require("@pulumi/azure-native/network");
+const AzureEnv_1 = require("../Common/AzureEnv");
+const Naming_1 = require("../Common/Naming");
+const ResourceCreator_1 = require("../Core/ResourceCreator");
+const FirewallPolicy_1 = require("./FirewallPolicy");
+exports.default = ({ name, group, 
+//rules,
+policy, outbound, management, monitorConfig, enableDnsProxy, sku = {
+    name: network.AzureFirewallSkuName.AZFW_VNet,
+    tier: network.AzureFirewallSkuTier.Basic,
+}, ...others }) => {
+    if (sku.tier === network.AzureFirewallSkuTier.Basic && !management) {
+        throw new Error('Management Public Ip Address is required for Firewall Basic tier.');
+    }
+    const fwName = (0, Naming_1.getFirewallName)(name);
+    // if (rules?.applicationRuleCollections) {
+    //   //Add Denied other rules
+    //   rules.applicationRuleCollections.push(deniedOthersRule);
+    // }
+    const fwPolicy = policy.enabled
+        ? (0, FirewallPolicy_1.default)({
+            name,
+            group,
+            basePolicyId: policy.parentPolicyId,
+            sku: sku.tier,
+            dnsSettings: { enableProxy: true },
+        })
+        : undefined;
+    const dependsOn = new Array();
+    outbound.forEach((o) => dependsOn.push(o.publicIpAddress));
+    if (management)
+        dependsOn.push(management.publicIpAddress);
+    const { resource } = (0, ResourceCreator_1.default)(network.AzureFirewall, {
+        azureFirewallName: fwName,
+        ...group,
+        //...rules,
+        firewallPolicy: fwPolicy ? { id: fwPolicy.id } : undefined,
+        zones: AzureEnv_1.isPrd ? ['1', '2', '3'] : undefined,
+        threatIntelMode: network.AzureFirewallThreatIntelMode.Deny,
+        sku,
+        managementIpConfiguration: management
+            ? {
+                name: management.name,
+                publicIPAddress: { id: management.publicIpAddress.id },
+                subnet: { id: management.subnetId },
+            }
+            : undefined,
+        ipConfigurations: outbound.map((o, i) => ({
+            name: o.name || `outbound-${i}`,
+            publicIPAddress: o.publicIpAddress.id
+                ? { id: o.publicIpAddress.id }
+                : undefined,
+            subnet: { id: o.subnetId },
+        })),
+        additionalProperties: enableDnsProxy && sku.tier !== network.AzureFirewallSkuTier.Basic
+            ? {
+                'Network.DNS.EnableProxy': 'true',
+            }
+            : undefined,
+        monitoring: {
+            ...monitorConfig,
+            logsCategories: [
+                'AzureFirewallApplicationRule',
+                'AzureFirewallNetworkRule',
+                'AzureFirewallDnsProxy',
+            ],
+        },
+        tags: AzureEnv_1.defaultTags,
+        ...others,
+        dependsOn,
+    });
+    //Link Rule to Policy
+    if (fwPolicy && policy?.rules) {
+        (0, FirewallPolicy_1.linkRulesToPolicy)({
+            name: `${name}-policies`,
+            group,
+            priority: policy.priority,
+            firewallPolicyName: fwPolicy.name,
+            rules: policy.rules,
+            dependsOn: [fwPolicy, resource],
+        });
+    }
+    return { firewall: resource, policy: fwPolicy };
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiRmlyZXdhbGwuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvVk5ldC9GaXJld2FsbC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQUFBLHdEQUF3RDtBQUd4RCxpREFBd0Q7QUFDeEQsNkNBQW1EO0FBQ25ELDZEQUFzRDtBQU10RCxxREFBcUU7QUE0QnJFLGtCQUFlLENBQUMsRUFDZCxJQUFJLEVBQ0osS0FBSztBQUNMLFFBQVE7QUFDUixNQUFNLEVBQ04sUUFBUSxFQUNSLFVBQVUsRUFDVixhQUFhLEVBQ2IsY0FBYyxFQUNkLEdBQUcsR0FBRztJQUNKLElBQUksRUFBRSxPQUFPLENBQUMsb0JBQW9CLENBQUMsU0FBUztJQUM1QyxJQUFJLEVBQUUsT0FBTyxDQUFDLG9CQUFvQixDQUFDLEtBQUs7Q0FDekMsRUFDRCxHQUFHLE1BQU0sRUFDSCxFQUFFLEVBQUU7SUFDVixJQUFJLEdBQUcsQ0FBQyxJQUFJLEtBQUssT0FBTyxDQUFDLG9CQUFvQixDQUFDLEtBQUssSUFBSSxDQUFDLFVBQVUsRUFBRSxDQUFDO1FBQ25FLE1BQU0sSUFBSSxLQUFLLENBQ2IsbUVBQW1FLENBQ3BFLENBQUM7SUFDSixDQUFDO0lBRUQsTUFBTSxNQUFNLEdBQUcsSUFBQSx3QkFBZSxFQUFDLElBQUksQ0FBQyxDQUFDO0lBRXJDLDJDQUEyQztJQUMzQyw2QkFBNkI7SUFDN0IsNkRBQTZEO0lBQzdELElBQUk7SUFFSixNQUFNLFFBQVEsR0FBRyxNQUFNLENBQUMsT0FBTztRQUM3QixDQUFDLENBQUMsSUFBQSx3QkFBYyxFQUFDO1lBQ2IsSUFBSTtZQUNKLEtBQUs7WUFDTCxZQUFZLEVBQUUsTUFBTSxDQUFDLGNBQWM7WUFDbkMsR0FBRyxFQUFFLEdBQUcsQ0FBQyxJQUFJO1lBQ2IsV0FBVyxFQUFFLEVBQUUsV0FBVyxFQUFFLElBQUksRUFBRTtTQUNuQyxDQUFDO1FBQ0osQ0FBQyxDQUFDLFNBQVMsQ0FBQztJQUVkLE1BQU0sU0FBUyxHQUFHLElBQUksS0FBSyxFQUFtQixDQUFDO0lBQy9DLFFBQVEsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLFNBQVMsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLGVBQWUsQ0FBQyxDQUFDLENBQUM7SUFDM0QsSUFBSSxVQUFVO1FBQUUsU0FBUyxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsZUFBZSxDQUFDLENBQUM7SUFFM0QsTUFBTSxFQUFFLFFBQVEsRUFBRSxHQUFHLElBQUEseUJBQWUsRUFBQyxPQUFPLENBQUMsYUFBYSxFQUFFO1FBQzFELGlCQUFpQixFQUFFLE1BQU07UUFDekIsR0FBRyxLQUFLO1FBQ1IsV0FBVztRQUNYLGNBQWMsRUFBRSxRQUFRLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxFQUFFLFFBQVEsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsU0FBUztRQUUxRCxLQUFLLEVBQUUsZ0JBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQyxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxTQUFTO1FBQzFDLGVBQWUsRUFBRSxPQUFPLENBQUMsNEJBQTRCLENBQUMsSUFBSTtRQUMxRCxHQUFHO1FBRUgseUJBQXlCLEVBQUUsVUFBVTtZQUNuQyxDQUFDLENBQUM7Z0JBQ0UsSUFBSSxFQUFFLFVBQVUsQ0FBQyxJQUFJO2dCQUNyQixlQUFlLEVBQUUsRUFBRSxFQUFFLEVBQUUsVUFBVSxDQUFDLGVBQWUsQ0FBQyxFQUFFLEVBQUU7Z0JBQ3RELE1BQU0sRUFBRSxFQUFFLEVBQUUsRUFBRSxVQUFVLENBQUMsUUFBUSxFQUFFO2FBQ3BDO1lBQ0gsQ0FBQyxDQUFDLFNBQVM7UUFFYixnQkFBZ0IsRUFBRSxRQUFRLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQztZQUN4QyxJQUFJLEVBQUUsQ0FBQyxDQUFDLElBQUksSUFBSSxZQUFZLENBQUMsRUFBRTtZQUMvQixlQUFlLEVBQUUsQ0FBQyxDQUFDLGVBQWUsQ0FBQyxFQUFFO2dCQUNuQyxDQUFDLENBQUMsRUFBRSxFQUFFLEVBQUUsQ0FBQyxDQUFDLGVBQWUsQ0FBQyxFQUFFLEVBQUU7Z0JBQzlCLENBQUMsQ0FBQyxTQUFTO1lBQ2IsTUFBTSxFQUFFLEVBQUUsRUFBRSxFQUFFLENBQUMsQ0FBQyxRQUFRLEVBQUU7U0FDM0IsQ0FBQyxDQUFDO1FBRUgsb0JBQW9CLEVBQ2xCLGNBQWMsSUFBSSxHQUFHLENBQUMsSUFBSSxLQUFLLE9BQU8sQ0FBQyxvQkFBb0IsQ0FBQyxLQUFLO1lBQy9ELENBQUMsQ0FBQztnQkFDRSx5QkFBeUIsRUFBRSxNQUFNO2FBQ2xDO1lBQ0gsQ0FBQyxDQUFDLFNBQVM7UUFFZixVQUFVLEVBQUU7WUFDVixHQUFHLGFBQWE7WUFDaEIsY0FBYyxFQUFFO2dCQUNkLDhCQUE4QjtnQkFDOUIsMEJBQTBCO2dCQUMxQix1QkFBdUI7YUFDeEI7U0FDRjtRQUVELElBQUksRUFBRSxzQkFBVztRQUNqQixHQUFHLE1BQU07UUFDVCxTQUFTO0tBQ3lDLENBQUMsQ0FBQztJQUV0RCxxQkFBcUI7SUFDckIsSUFBSSxRQUFRLElBQUksTUFBTSxFQUFFLEtBQUssRUFBRSxDQUFDO1FBQzlCLElBQUEsa0NBQWlCLEVBQUM7WUFDaEIsSUFBSSxFQUFFLEdBQUcsSUFBSSxXQUFXO1lBQ3hCLEtBQUs7WUFDTCxRQUFRLEVBQUUsTUFBTSxDQUFDLFFBQVE7WUFDekIsa0JBQWtCLEVBQUUsUUFBUSxDQUFDLElBQUk7WUFDakMsS0FBSyxFQUFFLE1BQU0sQ0FBQyxLQUFLO1lBQ25CLFNBQVMsRUFBRSxDQUFDLFFBQVEsRUFBRSxRQUFRLENBQUM7U0FDaEMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVELE9BQU8sRUFBRSxRQUFRLEVBQUUsUUFBaUMsRUFBRSxNQUFNLEVBQUUsUUFBUSxFQUFFLENBQUM7QUFDM0UsQ0FBQyxDQUFDIn0=

package/VNet/FirewallPolicies/AksFirewallPolicy.d.ts

@@ -0,0 +1,20 @@
+import { Input } from '@pulumi/pulumi';
+import { FirewallRuleProps } from '../FirewallRules/types';
+interface Props {
+    name: string;
+    vnetAddressSpace: Array<Input<string>>;
+    location: Input<string>;
+    privateCluster?: boolean;
+    /** Allows access to Docker and Kubenetes registries */
+    allowAccessPublicRegistries?: boolean;
+    natRule: {
+        publicIpAddress: Input<string>;
+        internalIpAddress: Input<string>;
+        apim?: {
+            apimPublicIpAddress: Input<string>;
+            internalIpAddress: Input<string>;
+        };
+    };
+}
+declare const _default: ({ name, location, privateCluster, allowAccessPublicRegistries, vnetAddressSpace, natRule, }: Props) => FirewallRuleProps;
+export default _default;

package/VNet/FirewallPolicies/AksFirewallPolicy.js

@@ -0,0 +1,241 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const pulumi_1 = require("@pulumi/pulumi");
+const Location_1 = require("../../Common/Location");
+exports.default = ({ name, location, privateCluster, allowAccessPublicRegistries, vnetAddressSpace, natRule, }) => {
+    location = (0, Location_1.getLocation)(location);
+    const dnatRules = new Array();
+    const netRules = new Array();
+    const appRules = new Array();
+    if (natRule.apim) {
+        dnatRules.push({
+            ruleType: 'NatRule',
+            name: 'apim-inbound-443',
+            description: 'Forward APIM inbound port 443 to api IP of Ingress',
+            sourceAddresses: [natRule.apim.apimPublicIpAddress],
+            destinationAddresses: [natRule.publicIpAddress],
+            destinationPorts: ['443'],
+            ipProtocols: ['TCP'],
+            translatedAddress: natRule.apim.internalIpAddress,
+            translatedPort: '443',
+        });
+    }
+    dnatRules.push({
+        ruleType: 'NatRule',
+        name: 'public-inbound-443',
+        description: 'Forward public inbound port 443 to api IP of Ingress',
+        sourceAddresses: ['*'],
+        destinationAddresses: [natRule.publicIpAddress],
+        destinationPorts: ['443'],
+        ipProtocols: ['TCP'],
+        translatedAddress: natRule.internalIpAddress,
+        translatedPort: '443',
+    }, {
+        ruleType: 'NatRule',
+        name: 'public-inbound-80',
+        description: 'Forward public inbound port 80 to api IP of Ingress',
+        sourceAddresses: ['*'],
+        destinationAddresses: [natRule.publicIpAddress],
+        destinationPorts: ['80'],
+        ipProtocols: ['TCP'],
+        translatedAddress: natRule.internalIpAddress,
+        translatedPort: '80',
+    });
+    if (!privateCluster) {
+        //Net Rules for non-private cluster
+        netRules.push({
+            ruleType: 'NetworkRule',
+            name: 'aks-tcp',
+            description: 'For tunneled secure communication between the nodes and the control plane for AzureCloud.SoutheastAsia',
+            ipProtocols: ['TCP'],
+            sourceAddresses: vnetAddressSpace,
+            destinationAddresses: [(0, pulumi_1.interpolate) `AzureCloud.${location}`],
+            destinationPorts: ['443', '9000'],
+        });
+        //App rule for non-private cluster
+        appRules.push({
+            ruleType: 'ApplicationRule',
+            name: 'aks-services',
+            description: 'Allows pods to access AzureKubernetesService',
+            sourceAddresses: vnetAddressSpace,
+            //AzureKubernetesService is allow to access google.com
+            fqdnTags: ['AzureKubernetesService'],
+        }, {
+            ruleType: 'ApplicationRule',
+            name: 'aks-controller',
+            description: 'Allows pods to access AKS controller',
+            sourceAddresses: vnetAddressSpace,
+            protocols: [{ port: 443, protocolType: 'Https' }],
+            targetFqdns: [(0, pulumi_1.interpolate) `*.hcp.${location}.azmk8s.io`],
+        });
+    }
+    if (allowAccessPublicRegistries) {
+        appRules.push({
+            ruleType: 'ApplicationRule',
+            //TODO Allow Docker Access is potential risk once we have budget and able to upload external images to ACR then remove docker.
+            name: 'docker-services',
+            sourceAddresses: vnetAddressSpace,
+            targetFqdns: [
+                '*quay.io', //For Cert Manager
+                '*auth.docker.io',
+                '*cloudflare.docker.io',
+                '*cloudflare.docker.com',
+                '*registry-1.docker.io',
+            ],
+            protocols: [{ protocolType: 'Https', port: 443 }],
+        }, {
+            ruleType: 'ApplicationRule',
+            //TODO Allow external registry is potential risk once we have budget and able to upload external images to ACR then remove docker.
+            name: 'k8s-services',
+            sourceAddresses: vnetAddressSpace,
+            targetFqdns: [
+                'k8s.gcr.io', //nginx images
+                '*.k8s.io',
+                'storage.googleapis.com',
+            ],
+            protocols: [{ protocolType: 'Https', port: 443 }],
+        });
+    }
+    return {
+        name,
+        dnatRules,
+        networkRules: [
+            ...netRules,
+            // {
+            //   name: 'aks-vpn',
+            //   description:
+            //     'For OPEN VPN tunneled secure communication between the nodes and the control plane for AzureCloud.SoutheastAsia',
+            //   protocols: ['UDP'],
+            //   sourceAddresses: vnetAddressSpace,
+            //   destinationAddresses: [`AzureCloud.${location}`],
+            //   destinationPorts: ['1194'],
+            // },
+            {
+                ruleType: 'NetworkRule',
+                name: 'aks-time',
+                description: 'Required for Network Time Protocol (NTP) time synchronization on Linux nodes.',
+                ipProtocols: ['UDP'],
+                sourceAddresses: vnetAddressSpace,
+                destinationFqdns: ['ntp.ubuntu.com'],
+                destinationPorts: ['123'],
+            },
+            {
+                ruleType: 'NetworkRule',
+                name: 'aks-time_others',
+                description: 'Required for Network Time Protocol (NTP) time synchronization on Linux nodes.',
+                ipProtocols: ['UDP'],
+                sourceAddresses: vnetAddressSpace,
+                destinationAddresses: ['*'],
+                destinationPorts: ['123'],
+            },
+            // {
+            //   name: 'aks-control-server',
+            //   description:
+            //     'Required if running pods/deployments that access the API Server, those pods/deployments would use the API IP.',
+            //   protocols: ['TCP'],
+            //   sourceAddresses: vnetAddressSpace,
+            //   destinationAddresses: ['10.0.0.0/16'],//Ask default is '10.0.0.0/16'
+            //   destinationPorts: ['443', '10250', '10251'],
+            // },
+            {
+                ruleType: 'NetworkRule',
+                name: 'azure-services-tags',
+                description: 'Allows internal services to connect to Azure Resources.',
+                ipProtocols: ['TCP'],
+                sourceAddresses: vnetAddressSpace,
+                destinationAddresses: [
+                    (0, pulumi_1.interpolate) `AzureContainerRegistry.${location}`,
+                    (0, pulumi_1.interpolate) `MicrosoftContainerRegistry.${location}`,
+                    'AzureActiveDirectory',
+                    (0, pulumi_1.interpolate) `AzureMonitor.${location}`,
+                    'AppConfiguration',
+                ],
+                destinationPorts: ['443'],
+            },
+            // {
+            //   name: 'azure-dns',
+            //   description: 'Azure DNS.',
+            //   protocols: ['TCP', 'UDP'],
+            //   sourceAddresses: vnetAddressSpace,
+            //   destinationFqdns: [
+            //     'ns1-01.azure-dns.com',
+            //     'ns2-01.azure-dns.net',
+            //     'ns3-01.azure-dns.org',
+            //     'ns4-01.azure-dns.info',
+            //   ],
+            //   destinationPorts: ['53'],
+            // },
+            {
+                ruleType: 'NetworkRule',
+                name: 'others-dns',
+                description: 'Others DNS.',
+                ipProtocols: ['TCP', 'UDP'],
+                sourceAddresses: vnetAddressSpace,
+                destinationAddresses: ['*'],
+                destinationPorts: ['53'],
+            },
+        ],
+        applicationRules: [
+            ...appRules,
+            {
+                ruleType: 'ApplicationRule',
+                name: 'aks-fqdn',
+                description: 'Azure Global required FQDN',
+                sourceAddresses: vnetAddressSpace,
+                targetFqdns: [
+                    //Microsoft Container Registry
+                    'mcr.microsoft.com',
+                    'data.mcr.microsoft.com',
+                    '*.data.mcr.microsoft.com',
+                    //Azure management
+                    'management.azure.com',
+                    'login.microsoftonline.com',
+                    //Microsoft trusted package repository
+                    'packages.microsoft.com',
+                    //Azure CDN
+                    'acs-mirror.azureedge.net',
+                    //CosmosDb
+                    '*.documents.azure.com',
+                ],
+                protocols: [{ protocolType: 'Https', port: 443 }],
+            },
+            {
+                ruleType: 'ApplicationRule',
+                name: 'azure-monitors',
+                sourceAddresses: vnetAddressSpace,
+                targetFqdns: [
+                    'dc.services.visualstudio.com',
+                    '*.ods.opinsights.azure.com',
+                    '*.oms.opinsights.azure.com',
+                    '*.monitoring.azure.com',
+                    '*.services.visualstudio.com',
+                ],
+                protocols: [{ protocolType: 'Https', port: 443 }],
+            },
+            {
+                ruleType: 'ApplicationRule',
+                name: 'azure-policy',
+                sourceAddresses: vnetAddressSpace,
+                targetFqdns: [
+                    '*.policy.core.windows.net',
+                    'gov-prod-policy-data.trafficmanager.net',
+                    'raw.githubusercontent.com',
+                    'dc.services.visualstudio.com',
+                ],
+                protocols: [{ protocolType: 'Https', port: 443 }],
+            },
+            {
+                ruleType: 'ApplicationRule',
+                name: 'ubuntu-services',
+                sourceAddresses: vnetAddressSpace,
+                targetFqdns: [
+                    'security.ubuntu.com',
+                    'azure.archive.ubuntu.com',
+                    'changelogs.ubuntu.com',
+                ],
+                protocols: [{ protocolType: 'Https', port: 443 }],
+            },
+        ],
+    };
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQWtzRmlyZXdhbGxQb2xpY3kuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvVk5ldC9GaXJld2FsbFBvbGljaWVzL0Frc0ZpcmV3YWxsUG9saWN5LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBQUEsMkNBQW9EO0FBR3BELG9EQUFvRDtBQXVCcEQsa0JBQWUsQ0FBQyxFQUNkLElBQUksRUFDSixRQUFRLEVBQ1IsY0FBYyxFQUNkLDJCQUEyQixFQUMzQixnQkFBZ0IsRUFDaEIsT0FBTyxHQUNELEVBQXFCLEVBQUU7SUFDN0IsUUFBUSxHQUFHLElBQUEsc0JBQVcsRUFBQyxRQUFRLENBQUMsQ0FBQztJQUVqQyxNQUFNLFNBQVMsR0FBRyxJQUFJLEtBQUssRUFBcUMsQ0FBQztJQUNqRSxNQUFNLFFBQVEsR0FBRyxJQUFJLEtBQUssRUFBeUMsQ0FBQztJQUNwRSxNQUFNLFFBQVEsR0FBRyxJQUFJLEtBQUssRUFBNkMsQ0FBQztJQUV4RSxJQUFJLE9BQU8sQ0FBQyxJQUFJLEVBQUUsQ0FBQztRQUNqQixTQUFTLENBQUMsSUFBSSxDQUFDO1lBQ2IsUUFBUSxFQUFFLFNBQVM7WUFDbkIsSUFBSSxFQUFFLGtCQUFrQjtZQUN4QixXQUFXLEVBQUUsb0RBQW9EO1lBQ2pFLGVBQWUsRUFBRSxDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUMsbUJBQW1CLENBQUM7WUFDbkQsb0JBQW9CLEVBQUUsQ0FBQyxPQUFPLENBQUMsZUFBZSxDQUFDO1lBQy9DLGdCQUFnQixFQUFFLENBQUMsS0FBSyxDQUFDO1lBQ3pCLFdBQVcsRUFBRSxDQUFDLEtBQUssQ0FBQztZQUNwQixpQkFBaUIsRUFBRSxPQUFPLENBQUMsSUFBSSxDQUFDLGlCQUFpQjtZQUNqRCxjQUFjLEVBQUUsS0FBSztTQUN0QixDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsU0FBUyxDQUFDLElBQUksQ0FDWjtRQUNFLFFBQVEsRUFBRSxTQUFTO1FBQ25CLElBQUksRUFBRSxvQkFBb0I7UUFDMUIsV0FBVyxFQUFFLHNEQUFzRDtRQUNuRSxlQUFlLEVBQUUsQ0FBQyxHQUFHLENBQUM7UUFDdEIsb0JBQW9CLEVBQUUsQ0FBQyxPQUFPLENBQUMsZUFBZSxDQUFDO1FBQy9DLGdCQUFnQixFQUFFLENBQUMsS0FBSyxDQUFDO1FBQ3pCLFdBQVcsRUFBRSxDQUFDLEtBQUssQ0FBQztRQUNwQixpQkFBaUIsRUFBRSxPQUFPLENBQUMsaUJBQWlCO1FBQzVDLGNBQWMsRUFBRSxLQUFLO0tBQ3RCLEVBQ0Q7UUFDRSxRQUFRLEVBQUUsU0FBUztRQUNuQixJQUFJLEVBQUUsbUJBQW1CO1FBQ3pCLFdBQVcsRUFBRSxxREFBcUQ7UUFDbEUsZUFBZSxFQUFFLENBQUMsR0FBRyxDQUFDO1FBQ3RCLG9CQUFvQixFQUFFLENBQUMsT0FBTyxDQUFDLGVBQWUsQ0FBQztRQUMvQyxnQkFBZ0IsRUFBRSxDQUFDLElBQUksQ0FBQztRQUN4QixXQUFXLEVBQUUsQ0FBQyxLQUFLLENBQUM7UUFDcEIsaUJBQWlCLEVBQUUsT0FBTyxDQUFDLGlCQUFpQjtRQUM1QyxjQUFjLEVBQUUsSUFBSTtLQUNyQixDQUNGLENBQUM7SUFFRixJQUFJLENBQUMsY0FBYyxFQUFFLENBQUM7UUFDcEIsbUNBQW1DO1FBQ25DLFFBQVEsQ0FBQyxJQUFJLENBQUM7WUFDWixRQUFRLEVBQUUsYUFBYTtZQUN2QixJQUFJLEVBQUUsU0FBUztZQUNmLFdBQVcsRUFDVCx3R0FBd0c7WUFDMUcsV0FBVyxFQUFFLENBQUMsS0FBSyxDQUFDO1lBQ3BCLGVBQWUsRUFBRSxnQkFBZ0I7WUFDakMsb0JBQW9CLEVBQUUsQ0FBQyxJQUFBLG9CQUFXLEVBQUEsY0FBYyxRQUFRLEVBQUUsQ0FBQztZQUMzRCxnQkFBZ0IsRUFBRSxDQUFDLEtBQUssRUFBRSxNQUFNLENBQUM7U0FDbEMsQ0FBQyxDQUFDO1FBRUgsa0NBQWtDO1FBQ2xDLFFBQVEsQ0FBQyxJQUFJLENBQ1g7WUFDRSxRQUFRLEVBQUUsaUJBQWlCO1lBQzNCLElBQUksRUFBRSxjQUFjO1lBQ3BCLFdBQVcsRUFBRSw4Q0FBOEM7WUFDM0QsZUFBZSxFQUFFLGdCQUFnQjtZQUNqQyxzREFBc0Q7WUFDdEQsUUFBUSxFQUFFLENBQUMsd0JBQXdCLENBQUM7U0FDckMsRUFDRDtZQUNFLFFBQVEsRUFBRSxpQkFBaUI7WUFDM0IsSUFBSSxFQUFFLGdCQUFnQjtZQUN0QixXQUFXLEVBQUUsc0NBQXNDO1lBQ25ELGVBQWUsRUFBRSxnQkFBZ0I7WUFDakMsU0FBUyxFQUFFLENBQUMsRUFBRSxJQUFJLEVBQUUsR0FBRyxFQUFFLFlBQVksRUFBRSxPQUFPLEVBQUUsQ0FBQztZQUNqRCxXQUFXLEVBQUUsQ0FBQyxJQUFBLG9CQUFXLEVBQUEsU0FBUyxRQUFRLFlBQVksQ0FBQztTQUN4RCxDQUNGLENBQUM7SUFDSixDQUFDO0lBRUQsSUFBSSwyQkFBMkIsRUFBRSxDQUFDO1FBQ2hDLFFBQVEsQ0FBQyxJQUFJLENBQ1g7WUFDRSxRQUFRLEVBQUUsaUJBQWlCO1lBQzNCLDhIQUE4SDtZQUM5SCxJQUFJLEVBQUUsaUJBQWlCO1lBQ3ZCLGVBQWUsRUFBRSxnQkFBZ0I7WUFDakMsV0FBVyxFQUFFO2dCQUNYLFVBQVUsRUFBRSxrQkFBa0I7Z0JBQzlCLGlCQUFpQjtnQkFDakIsdUJBQXVCO2dCQUN2Qix3QkFBd0I7Z0JBQ3hCLHVCQUF1QjthQUN4QjtZQUNELFNBQVMsRUFBRSxDQUFDLEVBQUUsWUFBWSxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsR0FBRyxFQUFFLENBQUM7U0FDbEQsRUFDRDtZQUNFLFFBQVEsRUFBRSxpQkFBaUI7WUFDM0Isa0lBQWtJO1lBQ2xJLElBQUksRUFBRSxjQUFjO1lBQ3BCLGVBQWUsRUFBRSxnQkFBZ0I7WUFDakMsV0FBVyxFQUFFO2dCQUNYLFlBQVksRUFBRSxjQUFjO2dCQUM1QixVQUFVO2dCQUNWLHdCQUF3QjthQUN6QjtZQUNELFNBQVMsRUFBRSxDQUFDLEVBQUUsWUFBWSxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsR0FBRyxFQUFFLENBQUM7U0FDbEQsQ0FDRixDQUFDO0lBQ0osQ0FBQztJQUVELE9BQU87UUFDTCxJQUFJO1FBQ0osU0FBUztRQUNULFlBQVksRUFBRTtZQUNaLEdBQUcsUUFBUTtZQUNYLElBQUk7WUFDSixxQkFBcUI7WUFDckIsaUJBQWlCO1lBQ2pCLHlIQUF5SDtZQUN6SCx3QkFBd0I7WUFDeEIsdUNBQXVDO1lBQ3ZDLHNEQUFzRDtZQUN0RCxnQ0FBZ0M7WUFDaEMsS0FBSztZQUNMO2dCQUNFLFFBQVEsRUFBRSxhQUFhO2dCQUN2QixJQUFJLEVBQUUsVUFBVTtnQkFDaEIsV0FBVyxFQUNULCtFQUErRTtnQkFDakYsV0FBVyxFQUFFLENBQUMsS0FBSyxDQUFDO2dCQUNwQixlQUFlLEVBQUUsZ0JBQWdCO2dCQUNqQyxnQkFBZ0IsRUFBRSxDQUFDLGdCQUFnQixDQUFDO2dCQUNwQyxnQkFBZ0IsRUFBRSxDQUFDLEtBQUssQ0FBQzthQUMxQjtZQUNEO2dCQUNFLFFBQVEsRUFBRSxhQUFhO2dCQUN2QixJQUFJLEVBQUUsaUJBQWlCO2dCQUN2QixXQUFXLEVBQ1QsK0VBQStFO2dCQUNqRixXQUFXLEVBQUUsQ0FBQyxLQUFLLENBQUM7Z0JBQ3BCLGVBQWUsRUFBRSxnQkFBZ0I7Z0JBQ2pDLG9CQUFvQixFQUFFLENBQUMsR0FBRyxDQUFDO2dCQUMzQixnQkFBZ0IsRUFBRSxDQUFDLEtBQUssQ0FBQzthQUMxQjtZQUNELElBQUk7WUFDSixnQ0FBZ0M7WUFDaEMsaUJBQWlCO1lBQ2pCLHVIQUF1SDtZQUN2SCx3QkFBd0I7WUFDeEIsdUNBQXVDO1lBQ3ZDLHlFQUF5RTtZQUN6RSxpREFBaUQ7WUFDakQsS0FBSztZQUNMO2dCQUNFLFFBQVEsRUFBRSxhQUFhO2dCQUN2QixJQUFJLEVBQUUscUJBQXFCO2dCQUMzQixXQUFXLEVBQUUseURBQXlEO2dCQUN0RSxXQUFXLEVBQUUsQ0FBQyxLQUFLLENBQUM7Z0JBQ3BCLGVBQWUsRUFBRSxnQkFBZ0I7Z0JBQ2pDLG9CQUFvQixFQUFFO29CQUNwQixJQUFBLG9CQUFXLEVBQUEsMEJBQTBCLFFBQVEsRUFBRTtvQkFDL0MsSUFBQSxvQkFBVyxFQUFBLDhCQUE4QixRQUFRLEVBQUU7b0JBQ25ELHNCQUFzQjtvQkFDdEIsSUFBQSxvQkFBVyxFQUFBLGdCQUFnQixRQUFRLEVBQUU7b0JBQ3JDLGtCQUFrQjtpQkFDbkI7Z0JBQ0QsZ0JBQWdCLEVBQUUsQ0FBQyxLQUFLLENBQUM7YUFDMUI7WUFDRCxJQUFJO1lBQ0osdUJBQXVCO1lBQ3ZCLCtCQUErQjtZQUMvQiwrQkFBK0I7WUFDL0IsdUNBQXVDO1lBQ3ZDLHdCQUF3QjtZQUN4Qiw4QkFBOEI7WUFDOUIsOEJBQThCO1lBQzlCLDhCQUE4QjtZQUM5QiwrQkFBK0I7WUFDL0IsT0FBTztZQUNQLDhCQUE4QjtZQUM5QixLQUFLO1lBQ0w7Z0JBQ0UsUUFBUSxFQUFFLGFBQWE7Z0JBQ3ZCLElBQUksRUFBRSxZQUFZO2dCQUNsQixXQUFXLEVBQUUsYUFBYTtnQkFDMUIsV0FBVyxFQUFFLENBQUMsS0FBSyxFQUFFLEtBQUssQ0FBQztnQkFDM0IsZUFBZSxFQUFFLGdCQUFnQjtnQkFDakMsb0JBQW9CLEVBQUUsQ0FBQyxHQUFHLENBQUM7Z0JBQzNCLGdCQUFnQixFQUFFLENBQUMsSUFBSSxDQUFDO2FBQ3pCO1NBQ0Y7UUFDRCxnQkFBZ0IsRUFBRTtZQUNoQixHQUFHLFFBQVE7WUFDWDtnQkFDRSxRQUFRLEVBQUUsaUJBQWlCO2dCQUMzQixJQUFJLEVBQUUsVUFBVTtnQkFDaEIsV0FBVyxFQUFFLDRCQUE0QjtnQkFDekMsZUFBZSxFQUFFLGdCQUFnQjtnQkFDakMsV0FBVyxFQUFFO29CQUNYLDhCQUE4QjtvQkFDOUIsbUJBQW1CO29CQUNuQix3QkFBd0I7b0JBQ3hCLDBCQUEwQjtvQkFDMUIsa0JBQWtCO29CQUNsQixzQkFBc0I7b0JBQ3RCLDJCQUEyQjtvQkFDM0Isc0NBQXNDO29CQUN0Qyx3QkFBd0I7b0JBQ3hCLFdBQVc7b0JBQ1gsMEJBQTBCO29CQUMxQixVQUFVO29CQUNWLHVCQUF1QjtpQkFDeEI7Z0JBQ0QsU0FBUyxFQUFFLENBQUMsRUFBRSxZQUFZLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRSxHQUFHLEVBQUUsQ0FBQzthQUNsRDtZQUNEO2dCQUNFLFFBQVEsRUFBRSxpQkFBaUI7Z0JBQzNCLElBQUksRUFBRSxnQkFBZ0I7Z0JBQ3RCLGVBQWUsRUFBRSxnQkFBZ0I7Z0JBQ2pDLFdBQVcsRUFBRTtvQkFDWCw4QkFBOEI7b0JBQzlCLDRCQUE0QjtvQkFDNUIsNEJBQTRCO29CQUM1Qix3QkFBd0I7b0JBQ3hCLDZCQUE2QjtpQkFDOUI7Z0JBQ0QsU0FBUyxFQUFFLENBQUMsRUFBRSxZQUFZLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRSxHQUFHLEVBQUUsQ0FBQzthQUNsRDtZQUNEO2dCQUNFLFFBQVEsRUFBRSxpQkFBaUI7Z0JBQzNCLElBQUksRUFBRSxjQUFjO2dCQUNwQixlQUFlLEVBQUUsZ0JBQWdCO2dCQUNqQyxXQUFXLEVBQUU7b0JBQ1gsMkJBQTJCO29CQUMzQix5Q0FBeUM7b0JBQ3pDLDJCQUEyQjtvQkFDM0IsOEJBQThCO2lCQUMvQjtnQkFDRCxTQUFTLEVBQUUsQ0FBQyxFQUFFLFlBQVksRUFBRSxPQUFPLEVBQUUsSUFBSSxFQUFFLEdBQUcsRUFBRSxDQUFDO2FBQ2xEO1lBQ0Q7Z0JBQ0UsUUFBUSxFQUFFLGlCQUFpQjtnQkFDM0IsSUFBSSxFQUFFLGlCQUFpQjtnQkFDdkIsZUFBZSxFQUFFLGdCQUFnQjtnQkFDakMsV0FBVyxFQUFFO29CQUNYLHFCQUFxQjtvQkFDckIsMEJBQTBCO29CQUMxQix1QkFBdUI7aUJBQ3hCO2dCQUNELFNBQVMsRUFBRSxDQUFDLEVBQUUsWUFBWSxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsR0FBRyxFQUFFLENBQUM7YUFDbEQ7U0FDRjtLQUNGLENBQUM7QUFDSixDQUFDLENBQUMifQ==

package/VNet/FirewallPolicies/CloudPCFirewallPolicy.d.ts

@@ -0,0 +1,14 @@
+import { Input } from '@pulumi/pulumi';
+import { FirewallRuleProps } from '../FirewallRules/types';
+interface Props {
+    name: string;
+    vnetAddressSpace: Array<Input<string>>;
+    location: Input<string>;
+    allowFullOutboundAddress?: Array<Input<string>>;
+    allowIpCheckApi?: boolean;
+    enableCloudPcRules?: boolean;
+    enableDeveloperResources?: boolean;
+    enableAzureResources?: boolean;
+}
+declare const _default: ({ name, location, vnetAddressSpace, enableCloudPcRules, enableDeveloperResources, enableAzureResources, allowIpCheckApi, allowFullOutboundAddress, }: Props) => Array<FirewallRuleProps>;
+export default _default;