@drunk-pulumi/azure 0.0.19

package/VNet/Vnet.js

@@ -0,0 +1,196 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const network = require("@pulumi/azure-native/network");
+const AzureEnv_1 = require("../Common/AzureEnv");
+const Helper_1 = require("./Helper");
+const Naming_1 = require("../Common/Naming");
+const Bastion_1 = require("./Bastion");
+const Subnet_1 = require("./Subnet");
+exports.default = ({ name, group, ddosId, addressSpaces, subnets = [], dnsServers, features = {}, }) => {
+    const vName = (0, Naming_1.getVnetName)(name);
+    const securityRules = features.securityGroup?.rules ||
+        new Array();
+    //AppGateway
+    if (features.appGatewaySubnet) {
+        subnets.push({
+            name: Helper_1.appGatewaySubnetName,
+            addressPrefix: features.appGatewaySubnet.addressPrefix,
+            allowedServiceEndpoints: false,
+        });
+        //Add Security Rules for App Gateway
+        securityRules.push(...getAppGatewayRules(features.appGatewaySubnet));
+    }
+    //Bastion Host
+    if (features.bastion) {
+        subnets.push({
+            name: Helper_1.azBastionSubnetName,
+            addressPrefix: features.bastion.addressPrefix,
+            allowedServiceEndpoints: false,
+        });
+        securityRules.push({
+            name: 'allow-internet-bastion',
+            sourceAddressPrefix: '*',
+            sourcePortRange: '*',
+            destinationAddressPrefix: features.bastion.addressPrefix,
+            destinationPortRange: '443',
+            protocol: 'TCP',
+            access: 'Allow',
+            direction: 'Inbound',
+            priority: 3000,
+        });
+    }
+    //Firewall Subnet
+    if (features.firewall) {
+        subnets.push({
+            name: Helper_1.azFirewallSubnet,
+            addressPrefix: features.firewall.addressPrefix,
+            allowedServiceEndpoints: false,
+        });
+        if (features.firewall.managementAddressPrefix)
+            subnets.push({
+                name: Helper_1.azFirewallManagementSubnet,
+                addressPrefix: features.firewall.managementAddressPrefix,
+                allowedServiceEndpoints: false,
+            });
+    }
+    //NetworkSecurityGroup
+    let securityGroup = undefined;
+    if (features.securityGroup) {
+        //Allow outbound internet
+        if (!features.securityGroup.allowOutboundInternetAccess) {
+            securityRules.push({
+                name: 'deny-internet',
+                sourceAddressPrefix: '*',
+                sourcePortRange: '*',
+                destinationAddressPrefix: 'Internet',
+                destinationPortRange: '*',
+                protocol: '*',
+                access: 'Deny',
+                direction: 'Outbound',
+                priority: 4096, //The last rule in the list;
+            });
+        }
+        securityGroup = new network.NetworkSecurityGroup(`${vName}-sg`, {
+            networkSecurityGroupName: `${vName}-sg`,
+            ...group,
+            securityRules,
+        });
+    }
+    //Route Table
+    const routeTable = new network.RouteTable(`${vName}-route`, {
+        routeTableName: `${vName}-route`,
+        ...group,
+        routes: features.routeTable?.rules || [],
+    });
+    //Create VNet
+    const vnet = new network.VirtualNetwork(vName, {
+        virtualNetworkName: vName,
+        addressSpace: {
+            addressPrefixes: addressSpaces || subnets.map((s) => s.addressPrefix),
+        },
+        ...group,
+        enableVmProtection: true,
+        dhcpOptions: dnsServers ? { dnsServers } : undefined,
+        subnets: subnets.map((s) => (0, Subnet_1.default)({
+            subnet: s,
+            vnetName: name,
+            group,
+            securityGroup: s.enableSecurityGroup === false ||
+                [Helper_1.azFirewallSubnet, Helper_1.azBastionSubnetName, Helper_1.gatewaySubnetName].includes(s.name)
+                ? undefined
+                : securityGroup,
+            routeTable: [
+                Helper_1.azBastionSubnetName,
+                Helper_1.azFirewallSubnet,
+                Helper_1.gatewaySubnetName,
+            ].includes(s.name)
+                ? undefined
+                : routeTable,
+        })),
+        enableDdosProtection: ddosId !== undefined,
+        ddosProtectionPlan: ddosId ? { id: ddosId } : undefined,
+        tags: AzureEnv_1.defaultTags,
+    });
+    const subnetResults = {};
+    const findSubnet = (name) => vnet.subnets.apply((ss) => ss.find((s) => s.name === name));
+    subnets?.forEach((s) => {
+        subnetResults[s.name] = findSubnet(s.name).apply((s) => s);
+    });
+    const bastionSubnet = subnetResults[Helper_1.azBastionSubnetName];
+    //Create Bastion
+    if (features.bastion && !features.bastion.disableBastionHostCreation) {
+        (0, Bastion_1.default)({
+            name,
+            group,
+            subnetId: bastionSubnet.apply((s) => s.id),
+            dependsOn: [vnet],
+        });
+    }
+    //Return the results
+    return {
+        vnet,
+        firewallSubnet: subnetResults[Helper_1.azFirewallSubnet],
+        firewallManageSubnet: subnetResults[Helper_1.azFirewallManagementSubnet],
+        appGatewaySubnet: subnetResults[Helper_1.appGatewaySubnetName],
+        bastionSubnet,
+        subnets: subnetResults,
+        securityGroup,
+        routeTable,
+    };
+};
+const getAppGatewayRules = ({ addressPrefix, version, }) => {
+    let start = 100;
+    return [
+        //Add inbound rule for app gateway subnet
+        {
+            name: 'allow_internet_in_gateway_health',
+            description: 'Allow Health check access from internet to Gateway',
+            priority: 200 + start++,
+            protocol: 'Tcp',
+            access: 'Allow',
+            direction: 'Inbound',
+            sourceAddressPrefix: 'Internet',
+            sourcePortRange: '*',
+            destinationAddressPrefix: addressPrefix,
+            destinationPortRanges: version === 'v1' ? ['65503-65534'] : ['65200-65535'],
+        },
+        {
+            name: 'allow_https_internet_in_gateway',
+            description: 'Allow HTTPS access from internet to Gateway',
+            priority: 200 + start++,
+            protocol: 'Tcp',
+            access: 'Allow',
+            direction: 'Inbound',
+            sourceAddressPrefix: 'Internet',
+            sourcePortRange: '*',
+            destinationAddressPrefix: addressPrefix,
+            destinationPortRange: '443',
+        },
+        {
+            name: 'allow_loadbalancer_in_gateway',
+            description: 'Allow Load balancer to Gateway',
+            priority: 200 + start++,
+            protocol: 'Tcp',
+            access: 'Allow',
+            direction: 'Inbound',
+            sourceAddressPrefix: 'AzureLoadBalancer',
+            sourcePortRange: '*',
+            destinationAddressPrefix: addressPrefix,
+            destinationPortRange: '*',
+        },
+        //Denied others
+        // {
+        //   name: 'denied_others_in_gateway',
+        //   description: 'Denied others to Gateway',
+        //   priority: 3000 + start++,
+        //   protocol: 'Tcp',
+        //   access: 'Deny',
+        //   direction: 'Inbound',
+        //   sourceAddressPrefix: '*',
+        //   sourcePortRange: '*',
+        //   destinationAddressPrefix: addressPrefix,
+        //   destinationPortRange: '*',
+        // },
+    ];
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiVm5ldC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9WTmV0L1ZuZXQudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFBQSx3REFBd0Q7QUFLeEQsaURBQWlEO0FBQ2pELHFDQU1rQjtBQUNsQiw2Q0FBK0M7QUFDL0MsdUNBQWdDO0FBQ2hDLHFDQUFxRDtBQWdEckQsa0JBQWUsQ0FBQyxFQUNkLElBQUksRUFDSixLQUFLLEVBQ0wsTUFBTSxFQUNOLGFBQWEsRUFDYixPQUFPLEdBQUcsRUFBRSxFQUNaLFVBQVUsRUFDVixRQUFRLEdBQUcsRUFBRSxHQUNILEVBQUUsRUFBRTtJQUNkLE1BQU0sS0FBSyxHQUFHLElBQUEsb0JBQVcsRUFBQyxJQUFJLENBQUMsQ0FBQztJQUNoQyxNQUFNLGFBQWEsR0FDakIsUUFBUSxDQUFDLGFBQWEsRUFBRSxLQUFLO1FBQzdCLElBQUksS0FBSyxFQUFpRCxDQUFDO0lBRTdELFlBQVk7SUFDWixJQUFJLFFBQVEsQ0FBQyxnQkFBZ0IsRUFBRSxDQUFDO1FBQzlCLE9BQU8sQ0FBQyxJQUFJLENBQUM7WUFDWCxJQUFJLEVBQUUsNkJBQW9CO1lBQzFCLGFBQWEsRUFBRSxRQUFRLENBQUMsZ0JBQWdCLENBQUMsYUFBYTtZQUN0RCx1QkFBdUIsRUFBRSxLQUFLO1NBQy9CLENBQUMsQ0FBQztRQUNILG9DQUFvQztRQUNwQyxhQUFhLENBQUMsSUFBSSxDQUFDLEdBQUcsa0JBQWtCLENBQUMsUUFBUSxDQUFDLGdCQUFnQixDQUFDLENBQUMsQ0FBQztJQUN2RSxDQUFDO0lBQ0QsY0FBYztJQUNkLElBQUksUUFBUSxDQUFDLE9BQU8sRUFBRSxDQUFDO1FBQ3JCLE9BQU8sQ0FBQyxJQUFJLENBQUM7WUFDWCxJQUFJLEVBQUUsNEJBQW1CO1lBQ3pCLGFBQWEsRUFBRSxRQUFRLENBQUMsT0FBTyxDQUFDLGFBQWE7WUFDN0MsdUJBQXVCLEVBQUUsS0FBSztTQUMvQixDQUFDLENBQUM7UUFFSCxhQUFhLENBQUMsSUFBSSxDQUFDO1lBQ2pCLElBQUksRUFBRSx3QkFBd0I7WUFDOUIsbUJBQW1CLEVBQUUsR0FBRztZQUN4QixlQUFlLEVBQUUsR0FBRztZQUNwQix3QkFBd0IsRUFBRSxRQUFRLENBQUMsT0FBTyxDQUFDLGFBQWE7WUFDeEQsb0JBQW9CLEVBQUUsS0FBSztZQUMzQixRQUFRLEVBQUUsS0FBSztZQUNmLE1BQU0sRUFBRSxPQUFPO1lBQ2YsU0FBUyxFQUFFLFNBQVM7WUFDcEIsUUFBUSxFQUFFLElBQUk7U0FDZixDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsaUJBQWlCO0lBQ2pCLElBQUksUUFBUSxDQUFDLFFBQVEsRUFBRSxDQUFDO1FBQ3RCLE9BQU8sQ0FBQyxJQUFJLENBQUM7WUFDWCxJQUFJLEVBQUUseUJBQWdCO1lBQ3RCLGFBQWEsRUFBRSxRQUFRLENBQUMsUUFBUSxDQUFDLGFBQWE7WUFDOUMsdUJBQXVCLEVBQUUsS0FBSztTQUMvQixDQUFDLENBQUM7UUFFSCxJQUFJLFFBQVEsQ0FBQyxRQUFRLENBQUMsdUJBQXVCO1lBQzNDLE9BQU8sQ0FBQyxJQUFJLENBQUM7Z0JBQ1gsSUFBSSxFQUFFLG1DQUEwQjtnQkFDaEMsYUFBYSxFQUFFLFFBQVEsQ0FBQyxRQUFRLENBQUMsdUJBQXVCO2dCQUN4RCx1QkFBdUIsRUFBRSxLQUFLO2FBQy9CLENBQUMsQ0FBQztJQUNQLENBQUM7SUFFRCxzQkFBc0I7SUFDdEIsSUFBSSxhQUFhLEdBQTZDLFNBQVMsQ0FBQztJQUN4RSxJQUFJLFFBQVEsQ0FBQyxhQUFhLEVBQUUsQ0FBQztRQUMzQix5QkFBeUI7UUFDekIsSUFBSSxDQUFDLFFBQVEsQ0FBQyxhQUFhLENBQUMsMkJBQTJCLEVBQUUsQ0FBQztZQUN4RCxhQUFhLENBQUMsSUFBSSxDQUFDO2dCQUNqQixJQUFJLEVBQUUsZUFBZTtnQkFDckIsbUJBQW1CLEVBQUUsR0FBRztnQkFDeEIsZUFBZSxFQUFFLEdBQUc7Z0JBQ3BCLHdCQUF3QixFQUFFLFVBQVU7Z0JBQ3BDLG9CQUFvQixFQUFFLEdBQUc7Z0JBQ3pCLFFBQVEsRUFBRSxHQUFHO2dCQUNiLE1BQU0sRUFBRSxNQUFNO2dCQUNkLFNBQVMsRUFBRSxVQUFVO2dCQUNyQixRQUFRLEVBQUUsSUFBSSxFQUFFLDRCQUE0QjthQUM3QyxDQUFDLENBQUM7UUFDTCxDQUFDO1FBRUQsYUFBYSxHQUFHLElBQUksT0FBTyxDQUFDLG9CQUFvQixDQUFDLEdBQUcsS0FBSyxLQUFLLEVBQUU7WUFDOUQsd0JBQXdCLEVBQUUsR0FBRyxLQUFLLEtBQUs7WUFDdkMsR0FBRyxLQUFLO1lBQ1IsYUFBYTtTQUNkLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRCxhQUFhO0lBQ2IsTUFBTSxVQUFVLEdBQUcsSUFBSSxPQUFPLENBQUMsVUFBVSxDQUFDLEdBQUcsS0FBSyxRQUFRLEVBQUU7UUFDMUQsY0FBYyxFQUFFLEdBQUcsS0FBSyxRQUFRO1FBQ2hDLEdBQUcsS0FBSztRQUNSLE1BQU0sRUFBRSxRQUFRLENBQUMsVUFBVSxFQUFFLEtBQUssSUFBSSxFQUFFO0tBQ3pDLENBQUMsQ0FBQztJQUVILGFBQWE7SUFDYixNQUFNLElBQUksR0FBRyxJQUFJLE9BQU8sQ0FBQyxjQUFjLENBQUMsS0FBSyxFQUFFO1FBQzdDLGtCQUFrQixFQUFFLEtBQUs7UUFDekIsWUFBWSxFQUFFO1lBQ1osZUFBZSxFQUFFLGFBQWEsSUFBSSxPQUFPLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsYUFBYSxDQUFDO1NBQ3RFO1FBQ0QsR0FBRyxLQUFLO1FBQ1Isa0JBQWtCLEVBQUUsSUFBSTtRQUN4QixXQUFXLEVBQUUsVUFBVSxDQUFDLENBQUMsQ0FBQyxFQUFFLFVBQVUsRUFBRSxDQUFDLENBQUMsQ0FBQyxTQUFTO1FBRXBELE9BQU8sRUFBRSxPQUFPLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FDekIsSUFBQSxnQkFBWSxFQUFDO1lBQ1gsTUFBTSxFQUFFLENBQUM7WUFDVCxRQUFRLEVBQUUsSUFBSTtZQUNkLEtBQUs7WUFFTCxhQUFhLEVBQ1gsQ0FBQyxDQUFDLG1CQUFtQixLQUFLLEtBQUs7Z0JBQy9CLENBQUMseUJBQWdCLEVBQUUsNEJBQW1CLEVBQUUsMEJBQWlCLENBQUMsQ0FBQyxRQUFRLENBQ2pFLENBQUMsQ0FBQyxJQUFJLENBQ1A7Z0JBQ0MsQ0FBQyxDQUFDLFNBQVM7Z0JBQ1gsQ0FBQyxDQUFDLGFBQWE7WUFFbkIsVUFBVSxFQUFFO2dCQUNWLDRCQUFtQjtnQkFDbkIseUJBQWdCO2dCQUNoQiwwQkFBaUI7YUFDbEIsQ0FBQyxRQUFRLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQztnQkFDaEIsQ0FBQyxDQUFDLFNBQVM7Z0JBQ1gsQ0FBQyxDQUFDLFVBQVU7U0FDZixDQUFDLENBQ0g7UUFFRCxvQkFBb0IsRUFBRSxNQUFNLEtBQUssU0FBUztRQUMxQyxrQkFBa0IsRUFBRSxNQUFNLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxFQUFFLE1BQU0sRUFBRSxDQUFDLENBQUMsQ0FBQyxTQUFTO1FBRXZELElBQUksRUFBRSxzQkFBVztLQUNsQixDQUFDLENBQUM7SUFFSCxNQUFNLGFBQWEsR0FJZixFQUFFLENBQUM7SUFFUCxNQUFNLFVBQVUsR0FBRyxDQUFDLElBQVksRUFBRSxFQUFFLENBQ2xDLElBQUksQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxFQUFFLEVBQUUsQ0FBQyxFQUFHLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsSUFBSSxLQUFLLElBQUksQ0FBQyxDQUFDLENBQUM7SUFFL0QsT0FBTyxFQUFFLE9BQU8sQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFO1FBQ3JCLGFBQWEsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLEdBQUcsVUFBVSxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUUsQ0FBQyxDQUFDO0lBQzlELENBQUMsQ0FBQyxDQUFDO0lBRUgsTUFBTSxhQUFhLEdBQUcsYUFBYSxDQUFDLDRCQUFtQixDQUFDLENBQUM7SUFFekQsZ0JBQWdCO0lBQ2hCLElBQUksUUFBUSxDQUFDLE9BQU8sSUFBSSxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsMEJBQTBCLEVBQUUsQ0FBQztRQUNyRSxJQUFBLGlCQUFPLEVBQUM7WUFDTixJQUFJO1lBQ0osS0FBSztZQUNMLFFBQVEsRUFBRSxhQUFhLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsRUFBRyxDQUFDO1lBQzNDLFNBQVMsRUFBRSxDQUFDLElBQUksQ0FBQztTQUNsQixDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsb0JBQW9CO0lBQ3BCLE9BQU87UUFDTCxJQUFJO1FBRUosY0FBYyxFQUFFLGFBQWEsQ0FBQyx5QkFBZ0IsQ0FBQztRQUMvQyxvQkFBb0IsRUFBRSxhQUFhLENBQUMsbUNBQTBCLENBQUM7UUFDL0QsZ0JBQWdCLEVBQUUsYUFBYSxDQUFDLDZCQUFvQixDQUFDO1FBRXJELGFBQWE7UUFDYixPQUFPLEVBQUUsYUFBYTtRQUV0QixhQUFhO1FBQ2IsVUFBVTtLQUNYLENBQUM7QUFDSixDQUFDLENBQUM7QUFFRixNQUFNLGtCQUFrQixHQUFHLENBQUMsRUFDMUIsYUFBYSxFQUNiLE9BQU8sR0FJUixFQUFtRCxFQUFFO0lBQ3BELElBQUksS0FBSyxHQUFHLEdBQUcsQ0FBQztJQUVoQixPQUFPO1FBQ0wseUNBQXlDO1FBQ3pDO1lBQ0UsSUFBSSxFQUFFLGtDQUFrQztZQUN4QyxXQUFXLEVBQUUsb0RBQW9EO1lBQ2pFLFFBQVEsRUFBRSxHQUFHLEdBQUcsS0FBSyxFQUFFO1lBQ3ZCLFFBQVEsRUFBRSxLQUFLO1lBQ2YsTUFBTSxFQUFFLE9BQU87WUFDZixTQUFTLEVBQUUsU0FBUztZQUVwQixtQkFBbUIsRUFBRSxVQUFVO1lBQy9CLGVBQWUsRUFBRSxHQUFHO1lBQ3BCLHdCQUF3QixFQUFFLGFBQWE7WUFDdkMscUJBQXFCLEVBQ25CLE9BQU8sS0FBSyxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUMsYUFBYSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsYUFBYSxDQUFDO1NBQ3ZEO1FBRUQ7WUFDRSxJQUFJLEVBQUUsaUNBQWlDO1lBQ3ZDLFdBQVcsRUFBRSw2Q0FBNkM7WUFDMUQsUUFBUSxFQUFFLEdBQUcsR0FBRyxLQUFLLEVBQUU7WUFDdkIsUUFBUSxFQUFFLEtBQUs7WUFDZixNQUFNLEVBQUUsT0FBTztZQUNmLFNBQVMsRUFBRSxTQUFTO1lBRXBCLG1CQUFtQixFQUFFLFVBQVU7WUFDL0IsZUFBZSxFQUFFLEdBQUc7WUFDcEIsd0JBQXdCLEVBQUUsYUFBYTtZQUN2QyxvQkFBb0IsRUFBRSxLQUFLO1NBQzVCO1FBRUQ7WUFDRSxJQUFJLEVBQUUsK0JBQStCO1lBQ3JDLFdBQVcsRUFBRSxnQ0FBZ0M7WUFDN0MsUUFBUSxFQUFFLEdBQUcsR0FBRyxLQUFLLEVBQUU7WUFDdkIsUUFBUSxFQUFFLEtBQUs7WUFDZixNQUFNLEVBQUUsT0FBTztZQUNmLFNBQVMsRUFBRSxTQUFTO1lBRXBCLG1CQUFtQixFQUFFLG1CQUFtQjtZQUN4QyxlQUFlLEVBQUUsR0FBRztZQUNwQix3QkFBd0IsRUFBRSxhQUFhO1lBQ3ZDLG9CQUFvQixFQUFFLEdBQUc7U0FDMUI7UUFFRCxlQUFlO1FBQ2YsSUFBSTtRQUNKLHNDQUFzQztRQUN0Qyw2Q0FBNkM7UUFDN0MsOEJBQThCO1FBQzlCLHFCQUFxQjtRQUNyQixvQkFBb0I7UUFDcEIsMEJBQTBCO1FBRTFCLDhCQUE4QjtRQUM5QiwwQkFBMEI7UUFDMUIsNkNBQTZDO1FBQzdDLCtCQUErQjtRQUMvQixLQUFLO0tBQ04sQ0FBQztBQUNKLENBQUMsQ0FBQyJ9

package/VNet/index.d.ts

@@ -0,0 +1,65 @@
+import * as network from '@pulumi/azure-native/network';
+import { input as inputs } from '@pulumi/azure-native/types';
+import { Input } from '@pulumi/pulumi';
+import * as pulumi from '@pulumi/pulumi';
+import { BasicMonitorArgs, ResourceGroupInfo } from '../types';
+import { FirewallSkus } from './Firewall';
+import { FirewallPolicyProps } from './FirewallRules/types';
+import { SubnetProps } from './Subnet';
+interface Props {
+    name: string;
+    group: ResourceGroupInfo;
+    ddosId?: Input<string>;
+    addressSpace?: Input<string>[];
+    subnets?: SubnetProps[];
+    publicIpAddress?: network.PublicIPAddress;
+    dnsServers?: pulumi.Input<pulumi.Input<string>[]>;
+    features?: {
+        enableBastion?: {
+            subnetPrefix: string;
+            disableBastionHostCreation?: boolean;
+        };
+        enableAppGateway?: {
+            subnetPrefix: string;
+        };
+        enableFirewall?: {
+            subnetPrefix: string;
+            /** Only required if Firewall is Basic tier */
+            managementSubnetPrefix?: string;
+            sku?: FirewallSkus;
+            publicManageIpAddress?: network.PublicIPAddress;
+            policy: Omit<FirewallPolicyProps, 'enabled'>;
+            /** set this is TRUE if want to create firewall subnet but not create firewall component */
+            disabledFirewallCreation?: boolean;
+        };
+        vnetPeering?: Array<{
+            vnetId: Input<string>;
+            /** To create a route and Security access to the applicant */
+            firewallPrivateIpAddress?: Input<string>;
+        }>;
+        securityGroup?: {
+            /**Add Security rule to block/allow inbound internet if it is TRUE*/
+            allowInboundInternetAccess?: boolean;
+            /**Add Security rule to block/allow internet if it is TRUE*/
+            allowOutboundInternetAccess?: boolean;
+            rules?: Input<inputs.network.SecurityRuleArgs>[];
+        };
+    };
+    monitorConfig?: BasicMonitorArgs;
+}
+declare const _default: ({ group, name, ddosId, addressSpace, publicIpAddress, subnets, features, monitorConfig, ...others }: Props) => {
+    firewall: {
+        firewall: network.AzureFirewall;
+        policy: network.FirewallPolicy | undefined;
+    } | undefined;
+    vnet: import("@pulumi/azure-native/network/virtualNetwork").VirtualNetwork;
+    firewallSubnet: pulumi.OutputInstance<import("@pulumi/azure-native/types/output").network.SubnetResponse> & pulumi.LiftedObject<import("@pulumi/azure-native/types/output").network.SubnetResponse, "type" | "id" | "name" | "etag" | "provisioningState" | "addressPrefix" | "ipConfigurations" | "addressPrefixes" | "purpose" | "serviceEndpoints" | "networkSecurityGroup" | "natGateway" | "applicationGatewayIPConfigurations" | "delegations" | "ipAllocations" | "ipConfigurationProfiles" | "privateEndpointNetworkPolicies" | "privateEndpoints" | "privateLinkServiceNetworkPolicies" | "resourceNavigationLinks" | "routeTable" | "serviceAssociationLinks" | "serviceEndpointPolicies" | "interfaceEndpoints" | undefined>;
+    firewallManageSubnet: pulumi.OutputInstance<import("@pulumi/azure-native/types/output").network.SubnetResponse> & pulumi.LiftedObject<import("@pulumi/azure-native/types/output").network.SubnetResponse, "type" | "id" | "name" | "etag" | "provisioningState" | "addressPrefix" | "ipConfigurations" | "addressPrefixes" | "purpose" | "serviceEndpoints" | "networkSecurityGroup" | "natGateway" | "applicationGatewayIPConfigurations" | "delegations" | "ipAllocations" | "ipConfigurationProfiles" | "privateEndpointNetworkPolicies" | "privateEndpoints" | "privateLinkServiceNetworkPolicies" | "resourceNavigationLinks" | "routeTable" | "serviceAssociationLinks" | "serviceEndpointPolicies" | "interfaceEndpoints" | undefined>;
+    appGatewaySubnet: pulumi.OutputInstance<import("@pulumi/azure-native/types/output").network.SubnetResponse> & pulumi.LiftedObject<import("@pulumi/azure-native/types/output").network.SubnetResponse, "type" | "id" | "name" | "etag" | "provisioningState" | "addressPrefix" | "ipConfigurations" | "addressPrefixes" | "purpose" | "serviceEndpoints" | "networkSecurityGroup" | "natGateway" | "applicationGatewayIPConfigurations" | "delegations" | "ipAllocations" | "ipConfigurationProfiles" | "privateEndpointNetworkPolicies" | "privateEndpoints" | "privateLinkServiceNetworkPolicies" | "resourceNavigationLinks" | "routeTable" | "serviceAssociationLinks" | "serviceEndpointPolicies" | "interfaceEndpoints" | undefined>;
+    bastionSubnet: pulumi.OutputInstance<import("@pulumi/azure-native/types/output").network.SubnetResponse> & pulumi.LiftedObject<import("@pulumi/azure-native/types/output").network.SubnetResponse, "type" | "id" | "name" | "etag" | "provisioningState" | "addressPrefix" | "ipConfigurations" | "addressPrefixes" | "purpose" | "serviceEndpoints" | "networkSecurityGroup" | "natGateway" | "applicationGatewayIPConfigurations" | "delegations" | "ipAllocations" | "ipConfigurationProfiles" | "privateEndpointNetworkPolicies" | "privateEndpoints" | "privateLinkServiceNetworkPolicies" | "resourceNavigationLinks" | "routeTable" | "serviceAssociationLinks" | "serviceEndpointPolicies" | "interfaceEndpoints" | undefined>;
+    subnets: Record<string, pulumi.OutputInstance<import("@pulumi/azure-native/types/output").network.SubnetResponse> & pulumi.LiftedObject<import("@pulumi/azure-native/types/output").network.SubnetResponse, "type" | "id" | "name" | "etag" | "provisioningState" | "addressPrefix" | "ipConfigurations" | "addressPrefixes" | "purpose" | "serviceEndpoints" | "networkSecurityGroup" | "natGateway" | "applicationGatewayIPConfigurations" | "delegations" | "ipAllocations" | "ipConfigurationProfiles" | "privateEndpointNetworkPolicies" | "privateEndpoints" | "privateLinkServiceNetworkPolicies" | "resourceNavigationLinks" | "routeTable" | "serviceAssociationLinks" | "serviceEndpointPolicies" | "interfaceEndpoints" | undefined>>;
+    securityGroup: import("@pulumi/azure-native/network/networkSecurityGroup").NetworkSecurityGroup | undefined;
+    routeTable: import("@pulumi/azure-native/network/routeTable").RouteTable;
+    publicIpAddress: import("@pulumi/azure-native/network/publicIPAddress").PublicIPAddress | undefined;
+};
+export default _default;

package/VNet/index.js

@@ -0,0 +1,198 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const network = require("@pulumi/azure-native/network");
+const pulumi_1 = require("@pulumi/pulumi");
+const AzureEnv_1 = require("../Common/AzureEnv");
+const NetworkRuote_1 = require("@drunk-pulumi/azure-providers/NetworkRuote");
+const Firewall_1 = require("./Firewall");
+const NetworkPeering_1 = require("./NetworkPeering");
+const Vnet_1 = require("./Vnet");
+exports.default = ({ group, name, ddosId, addressSpace, publicIpAddress, subnets, features = {}, monitorConfig, ...others }) => {
+    const securities = features.securityGroup?.rules ||
+        new Array();
+    const routes = new Array();
+    if (publicIpAddress) {
+        //Add route from IpAddress to internet
+        if (features.enableFirewall) {
+            routes.push({
+                name: `firewall-to-internet`,
+                addressPrefix: publicIpAddress.ipAddress.apply((i) => `${i}/32`),
+                nextHopType: network.RouteNextHopType.Internet,
+            });
+        } //Allow Internet to public IpAddress security group
+        else if (features.securityGroup?.allowInboundInternetAccess)
+            securities.push({
+                name: 'allow-inbound-internet-publicIpAddress',
+                sourceAddressPrefix: '*',
+                sourcePortRange: '*',
+                destinationAddressPrefix: publicIpAddress.ipAddress.apply((i) => `${i}/32`),
+                destinationPortRanges: ['443', '80'],
+                protocol: 'TCP',
+                access: 'Allow',
+                direction: 'Inbound',
+                priority: 200 + securities.length + 1,
+            });
+    }
+    //Update Security Group
+    if (features.vnetPeering) {
+        features.vnetPeering.forEach((pp, index) => {
+            // The below rules should not be duplicated.
+            if (pp.firewallPrivateIpAddress) {
+                //Update route to firewall IpAddress
+                routes.push({
+                    name: `vnet-to-firewall`,
+                    addressPrefix: '0.0.0.0/0',
+                    nextHopType: network.RouteNextHopType.VirtualAppliance,
+                    nextHopIpAddress: pp.firewallPrivateIpAddress,
+                });
+                //Allow Vnet to Firewall
+                securities.push({
+                    name: `allow-vnet-to-firewall`,
+                    sourceAddressPrefix: '*',
+                    sourcePortRange: '*',
+                    destinationAddressPrefix: pp.firewallPrivateIpAddress,
+                    destinationPortRange: '*',
+                    protocol: '*',
+                    access: 'Allow',
+                    direction: 'Outbound',
+                    priority: 100,
+                });
+            }
+            securities.push({
+                name: `allow-vnet-to-vnet-${index}`,
+                sourceAddressPrefix: 'VirtualNetwork',
+                sourcePortRange: '*',
+                destinationAddressPrefix: 'VirtualNetwork',
+                destinationPortRange: '*',
+                protocol: '*',
+                access: 'Allow',
+                direction: 'Outbound',
+                priority: 101,
+            });
+        });
+    }
+    //Vnet
+    const vnet = (0, Vnet_1.default)({
+        group,
+        name,
+        ddosId,
+        addressSpaces: addressSpace,
+        subnets,
+        features: {
+            securityGroup: features.securityGroup
+                ? {
+                    ...features.securityGroup,
+                    rules: securities,
+                }
+                : undefined,
+            routeTable: { rules: routes },
+            appGatewaySubnet: features.enableAppGateway
+                ? {
+                    addressPrefix: features.enableAppGateway.subnetPrefix,
+                    version: 'v1',
+                }
+                : undefined,
+            firewall: features.enableFirewall
+                ? {
+                    addressPrefix: features.enableFirewall.subnetPrefix,
+                    managementAddressPrefix: features.enableFirewall.managementSubnetPrefix,
+                }
+                : undefined,
+            bastion: features.enableBastion
+                ? {
+                    addressPrefix: features.enableBastion.subnetPrefix,
+                    disableBastionHostCreation: features.enableBastion.disableBastionHostCreation,
+                }
+                : undefined,
+        },
+        ...others,
+    });
+    //Firewall
+    let firewall;
+    if (features.enableFirewall &&
+        !features.enableFirewall.disabledFirewallCreation) {
+        firewall = createFirewall({
+            name,
+            group,
+            policy: {
+                enabled: true,
+                ...features.enableFirewall.policy,
+            },
+            outbound: [
+                {
+                    name: `${name}-outbound`,
+                    publicIpAddress: publicIpAddress,
+                    subnetId: vnet.firewallSubnet.apply((c) => c.id),
+                },
+            ],
+            management: features.enableFirewall.publicManageIpAddress
+                ? {
+                    name: `${name}-management`,
+                    publicIpAddress: features.enableFirewall.publicManageIpAddress,
+                    subnetId: vnet.firewallManageSubnet.apply((c) => c.id),
+                }
+                : undefined,
+            sku: features.enableFirewall.sku,
+            routeTableName: vnet.routeTable.name,
+            monitorConfig,
+            dependsOn: [vnet.routeTable, vnet.vnet],
+        });
+    }
+    //Vnet Peering
+    if (features.vnetPeering) {
+        features.vnetPeering.map((pp) => {
+            //get info
+            (0, pulumi_1.output)(pp.vnetId).apply((id) => {
+                const info = (0, AzureEnv_1.getResourceInfoFromId)(id);
+                if (info) {
+                    //peering
+                    (0, NetworkPeering_1.default)({
+                        name,
+                        firstVNetName: vnet.vnet.name,
+                        firstVNetResourceGroupName: group.resourceGroupName,
+                        secondVNetName: info.name,
+                        secondVNetResourceGroupName: info.group.resourceGroupName,
+                    });
+                }
+            });
+            //Update route to firewall IpAddress
+            if (pp.firewallPrivateIpAddress) {
+                new NetworkRuote_1.NetworkRouteResource(`${name}-vnet-to-firewall`, {
+                    routeName: 'vnet-to-firewall',
+                    ...group,
+                    routeTableName: vnet.routeTable.name,
+                    addressPrefix: '0.0.0.0/0',
+                    nextHopType: network.RouteNextHopType.VirtualAppliance,
+                    nextHopIpAddress: pp.firewallPrivateIpAddress,
+                }, {
+                    dependsOn: vnet.routeTable,
+                });
+            }
+        });
+    }
+    //Return the results
+    return { publicIpAddress, ...vnet, firewall };
+};
+const createFirewall = ({ name, group, routeTableName, dependsOn = [], ...others }) => {
+    const rs = (0, Firewall_1.default)({
+        name,
+        group,
+        ...others,
+        dependsOn,
+    });
+    if (routeTableName) {
+        //Route Vnet to Firewall
+        new NetworkRuote_1.NetworkRouteResource(`${name}-vnet-to-firewall`, {
+            routeName: `vnet-to-firewall`,
+            ...group,
+            routeTableName: routeTableName,
+            addressPrefix: '0.0.0.0/0',
+            nextHopType: network.RouteNextHopType.VirtualAppliance,
+            nextHopIpAddress: rs.firewall.ipConfigurations.apply((c) => c ? c[0].privateIPAddress : ''),
+        }, {
+            dependsOn: [...dependsOn, rs.firewall],
+        });
+    }
+    return rs;
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvVk5ldC9pbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQUFBLHdEQUF3RDtBQUV4RCwyQ0FBeUQ7QUFHekQsaURBQTJEO0FBQzNELDZFQUFrRjtBQU9sRix5Q0FBc0U7QUFFdEUscURBQTJDO0FBRTNDLGlDQUEwQjtBQWtEMUIsa0JBQWUsQ0FBQyxFQUNkLEtBQUssRUFDTCxJQUFJLEVBQ0osTUFBTSxFQUNOLFlBQVksRUFDWixlQUFlLEVBQ2YsT0FBTyxFQUNQLFFBQVEsR0FBRyxFQUFFLEVBQ2IsYUFBYSxFQUNiLEdBQUcsTUFBTSxFQUNILEVBQUUsRUFBRTtJQUNWLE1BQU0sVUFBVSxHQUNkLFFBQVEsQ0FBQyxhQUFhLEVBQUUsS0FBSztRQUM3QixJQUFJLEtBQUssRUFBMEMsQ0FBQztJQUN0RCxNQUFNLE1BQU0sR0FBRyxJQUFJLEtBQUssRUFBbUMsQ0FBQztJQUU1RCxJQUFJLGVBQWUsRUFBRSxDQUFDO1FBQ3BCLHNDQUFzQztRQUN0QyxJQUFJLFFBQVEsQ0FBQyxjQUFjLEVBQUUsQ0FBQztZQUM1QixNQUFNLENBQUMsSUFBSSxDQUFDO2dCQUNWLElBQUksRUFBRSxzQkFBc0I7Z0JBQzVCLGFBQWEsRUFBRSxlQUFlLENBQUMsU0FBUyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsR0FBRyxDQUFDLEtBQUssQ0FBQztnQkFDaEUsV0FBVyxFQUFFLE9BQU8sQ0FBQyxnQkFBZ0IsQ0FBQyxRQUFRO2FBQy9DLENBQUMsQ0FBQztRQUNMLENBQUMsQ0FBQyxtREFBbUQ7YUFDaEQsSUFBSSxRQUFRLENBQUMsYUFBYSxFQUFFLDBCQUEwQjtZQUN6RCxVQUFVLENBQUMsSUFBSSxDQUFDO2dCQUNkLElBQUksRUFBRSx3Q0FBd0M7Z0JBQzlDLG1CQUFtQixFQUFFLEdBQUc7Z0JBQ3hCLGVBQWUsRUFBRSxHQUFHO2dCQUNwQix3QkFBd0IsRUFBRSxlQUFlLENBQUMsU0FBUyxDQUFDLEtBQUssQ0FDdkQsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLEdBQUcsQ0FBQyxLQUFLLENBQ2pCO2dCQUNELHFCQUFxQixFQUFFLENBQUMsS0FBSyxFQUFFLElBQUksQ0FBQztnQkFDcEMsUUFBUSxFQUFFLEtBQUs7Z0JBQ2YsTUFBTSxFQUFFLE9BQU87Z0JBQ2YsU0FBUyxFQUFFLFNBQVM7Z0JBQ3BCLFFBQVEsRUFBRSxHQUFHLEdBQUcsVUFBVSxDQUFDLE1BQU0sR0FBRyxDQUFDO2FBQ3RDLENBQUMsQ0FBQztJQUNQLENBQUM7SUFFRCx1QkFBdUI7SUFDdkIsSUFBSSxRQUFRLENBQUMsV0FBVyxFQUFFLENBQUM7UUFDekIsUUFBUSxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsQ0FBQyxFQUFFLEVBQUUsS0FBSyxFQUFFLEVBQUU7WUFDekMsNENBQTRDO1lBQzVDLElBQUksRUFBRSxDQUFDLHdCQUF3QixFQUFFLENBQUM7Z0JBQ2hDLG9DQUFvQztnQkFDcEMsTUFBTSxDQUFDLElBQUksQ0FBQztvQkFDVixJQUFJLEVBQUUsa0JBQWtCO29CQUN4QixhQUFhLEVBQUUsV0FBVztvQkFDMUIsV0FBVyxFQUFFLE9BQU8sQ0FBQyxnQkFBZ0IsQ0FBQyxnQkFBZ0I7b0JBQ3RELGdCQUFnQixFQUFFLEVBQUUsQ0FBQyx3QkFBd0I7aUJBQzlDLENBQUMsQ0FBQztnQkFFSCx3QkFBd0I7Z0JBQ3hCLFVBQVUsQ0FBQyxJQUFJLENBQUM7b0JBQ2QsSUFBSSxFQUFFLHdCQUF3QjtvQkFDOUIsbUJBQW1CLEVBQUUsR0FBRztvQkFDeEIsZUFBZSxFQUFFLEdBQUc7b0JBQ3BCLHdCQUF3QixFQUFFLEVBQUUsQ0FBQyx3QkFBd0I7b0JBQ3JELG9CQUFvQixFQUFFLEdBQUc7b0JBQ3pCLFFBQVEsRUFBRSxHQUFHO29CQUNiLE1BQU0sRUFBRSxPQUFPO29CQUNmLFNBQVMsRUFBRSxVQUFVO29CQUNyQixRQUFRLEVBQUUsR0FBRztpQkFDZCxDQUFDLENBQUM7WUFDTCxDQUFDO1lBRUQsVUFBVSxDQUFDLElBQUksQ0FBQztnQkFDZCxJQUFJLEVBQUUsc0JBQXNCLEtBQUssRUFBRTtnQkFDbkMsbUJBQW1CLEVBQUUsZ0JBQWdCO2dCQUNyQyxlQUFlLEVBQUUsR0FBRztnQkFDcEIsd0JBQXdCLEVBQUUsZ0JBQWdCO2dCQUMxQyxvQkFBb0IsRUFBRSxHQUFHO2dCQUN6QixRQUFRLEVBQUUsR0FBRztnQkFDYixNQUFNLEVBQUUsT0FBTztnQkFDZixTQUFTLEVBQUUsVUFBVTtnQkFDckIsUUFBUSxFQUFFLEdBQUc7YUFDZCxDQUFDLENBQUM7UUFDTCxDQUFDLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRCxNQUFNO0lBQ04sTUFBTSxJQUFJLEdBQUcsSUFBQSxjQUFJLEVBQUM7UUFDaEIsS0FBSztRQUNMLElBQUk7UUFDSixNQUFNO1FBQ04sYUFBYSxFQUFFLFlBQVk7UUFFM0IsT0FBTztRQUNQLFFBQVEsRUFBRTtZQUNSLGFBQWEsRUFBRSxRQUFRLENBQUMsYUFBYTtnQkFDbkMsQ0FBQyxDQUFDO29CQUNFLEdBQUcsUUFBUSxDQUFDLGFBQWE7b0JBQ3pCLEtBQUssRUFBRSxVQUFVO2lCQUNsQjtnQkFDSCxDQUFDLENBQUMsU0FBUztZQUNiLFVBQVUsRUFBRSxFQUFFLEtBQUssRUFBRSxNQUFNLEVBQUU7WUFFN0IsZ0JBQWdCLEVBQUUsUUFBUSxDQUFDLGdCQUFnQjtnQkFDekMsQ0FBQyxDQUFDO29CQUNFLGFBQWEsRUFBRSxRQUFRLENBQUMsZ0JBQWdCLENBQUMsWUFBWTtvQkFDckQsT0FBTyxFQUFFLElBQUk7aUJBQ2Q7Z0JBQ0gsQ0FBQyxDQUFDLFNBQVM7WUFFYixRQUFRLEVBQUUsUUFBUSxDQUFDLGNBQWM7Z0JBQy9CLENBQUMsQ0FBQztvQkFDRSxhQUFhLEVBQUUsUUFBUSxDQUFDLGNBQWMsQ0FBQyxZQUFZO29CQUNuRCx1QkFBdUIsRUFDckIsUUFBUSxDQUFDLGNBQWMsQ0FBQyxzQkFBc0I7aUJBQ2pEO2dCQUNILENBQUMsQ0FBQyxTQUFTO1lBRWIsT0FBTyxFQUFFLFFBQVEsQ0FBQyxhQUFhO2dCQUM3QixDQUFDLENBQUM7b0JBQ0UsYUFBYSxFQUFFLFFBQVEsQ0FBQyxhQUFhLENBQUMsWUFBWTtvQkFDbEQsMEJBQTBCLEVBQ3hCLFFBQVEsQ0FBQyxhQUFhLENBQUMsMEJBQTBCO2lCQUNwRDtnQkFDSCxDQUFDLENBQUMsU0FBUztTQUNkO1FBQ0QsR0FBRyxNQUFNO0tBQ1YsQ0FBQyxDQUFDO0lBRUgsVUFBVTtJQUNWLElBQUksUUFLUyxDQUFDO0lBRWQsSUFDRSxRQUFRLENBQUMsY0FBYztRQUN2QixDQUFDLFFBQVEsQ0FBQyxjQUFjLENBQUMsd0JBQXdCLEVBQ2pELENBQUM7UUFDRCxRQUFRLEdBQUcsY0FBYyxDQUFDO1lBQ3hCLElBQUk7WUFDSixLQUFLO1lBRUwsTUFBTSxFQUFFO2dCQUNOLE9BQU8sRUFBRSxJQUFJO2dCQUNiLEdBQUcsUUFBUSxDQUFDLGNBQWMsQ0FBQyxNQUFNO2FBQ2xDO1lBRUQsUUFBUSxFQUFFO2dCQUNSO29CQUNFLElBQUksRUFBRSxHQUFHLElBQUksV0FBVztvQkFDeEIsZUFBZSxFQUFFLGVBQWdCO29CQUNqQyxRQUFRLEVBQUUsSUFBSSxDQUFDLGNBQWMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxFQUFHLENBQUM7aUJBQ2xEO2FBQ0Y7WUFDRCxVQUFVLEVBQUUsUUFBUSxDQUFDLGNBQWMsQ0FBQyxxQkFBcUI7Z0JBQ3ZELENBQUMsQ0FBQztvQkFDRSxJQUFJLEVBQUUsR0FBRyxJQUFJLGFBQWE7b0JBQzFCLGVBQWUsRUFBRSxRQUFRLENBQUMsY0FBYyxDQUFDLHFCQUFxQjtvQkFDOUQsUUFBUSxFQUFFLElBQUksQ0FBQyxvQkFBb0IsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxFQUFHLENBQUM7aUJBQ3hEO2dCQUNILENBQUMsQ0FBQyxTQUFTO1lBQ2IsR0FBRyxFQUFFLFFBQVEsQ0FBQyxjQUFjLENBQUMsR0FBRztZQUVoQyxjQUFjLEVBQUUsSUFBSSxDQUFDLFVBQVUsQ0FBQyxJQUFJO1lBQ3BDLGFBQWE7WUFDYixTQUFTLEVBQUUsQ0FBQyxJQUFJLENBQUMsVUFBVSxFQUFFLElBQUksQ0FBQyxJQUFJLENBQUM7U0FDeEMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVELGNBQWM7SUFDZCxJQUFJLFFBQVEsQ0FBQyxXQUFXLEVBQUUsQ0FBQztRQUN6QixRQUFRLENBQUMsV0FBVyxDQUFDLEdBQUcsQ0FBQyxDQUFDLEVBQUUsRUFBRSxFQUFFO1lBQzlCLFVBQVU7WUFDVixJQUFBLGVBQU0sRUFBQyxFQUFFLENBQUMsTUFBTSxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxFQUFFLEVBQUU7Z0JBQzdCLE1BQU0sSUFBSSxHQUFHLElBQUEsZ0NBQXFCLEVBQUMsRUFBRSxDQUFDLENBQUM7Z0JBRXZDLElBQUksSUFBSSxFQUFFLENBQUM7b0JBQ1QsU0FBUztvQkFDVCxJQUFBLHdCQUFXLEVBQUM7d0JBQ1YsSUFBSTt3QkFDSixhQUFhLEVBQUUsSUFBSSxDQUFDLElBQUksQ0FBQyxJQUFJO3dCQUM3QiwwQkFBMEIsRUFBRSxLQUFLLENBQUMsaUJBQWlCO3dCQUNuRCxjQUFjLEVBQUUsSUFBSSxDQUFDLElBQUk7d0JBQ3pCLDJCQUEyQixFQUFFLElBQUksQ0FBQyxLQUFLLENBQUMsaUJBQWlCO3FCQUMxRCxDQUFDLENBQUM7Z0JBQ0wsQ0FBQztZQUNILENBQUMsQ0FBQyxDQUFDO1lBRUgsb0NBQW9DO1lBQ3BDLElBQUksRUFBRSxDQUFDLHdCQUF3QixFQUFFLENBQUM7Z0JBQ2hDLElBQUksbUNBQW9CLENBQ3RCLEdBQUcsSUFBSSxtQkFBbUIsRUFDMUI7b0JBQ0UsU0FBUyxFQUFFLGtCQUFrQjtvQkFDN0IsR0FBRyxLQUFLO29CQUNSLGNBQWMsRUFBRSxJQUFJLENBQUMsVUFBVSxDQUFDLElBQUk7b0JBQ3BDLGFBQWEsRUFBRSxXQUFXO29CQUMxQixXQUFXLEVBQUUsT0FBTyxDQUFDLGdCQUFnQixDQUFDLGdCQUFnQjtvQkFDdEQsZ0JBQWdCLEVBQUUsRUFBRSxDQUFDLHdCQUF3QjtpQkFDOUMsRUFDRDtvQkFDRSxTQUFTLEVBQUUsSUFBSSxDQUFDLFVBQVU7aUJBQzNCLENBQ0YsQ0FBQztZQUNKLENBQUM7UUFDSCxDQUFDLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRCxvQkFBb0I7SUFDcEIsT0FBTyxFQUFFLGVBQWUsRUFBRSxHQUFHLElBQUksRUFBRSxRQUFRLEVBQUUsQ0FBQztBQUNoRCxDQUFDLENBQUM7QUFlRixNQUFNLGNBQWMsR0FBRyxDQUFDLEVBQ3RCLElBQUksRUFDSixLQUFLLEVBQ0wsY0FBYyxFQUNkLFNBQVMsR0FBRyxFQUFFLEVBQ2QsR0FBRyxNQUFNLEVBQ0ssRUFBRSxFQUFFO0lBQ2xCLE1BQU0sRUFBRSxHQUFHLElBQUEsa0JBQVEsRUFBQztRQUNsQixJQUFJO1FBQ0osS0FBSztRQUNMLEdBQUcsTUFBTTtRQUNULFNBQVM7S0FDVixDQUFDLENBQUM7SUFFSCxJQUFJLGNBQWMsRUFBRSxDQUFDO1FBQ25CLHdCQUF3QjtRQUN4QixJQUFJLG1DQUFvQixDQUN0QixHQUFHLElBQUksbUJBQW1CLEVBQzFCO1lBQ0UsU0FBUyxFQUFFLGtCQUFrQjtZQUM3QixHQUFHLEtBQUs7WUFDUixjQUFjLEVBQUUsY0FBYztZQUM5QixhQUFhLEVBQUUsV0FBVztZQUMxQixXQUFXLEVBQUUsT0FBTyxDQUFDLGdCQUFnQixDQUFDLGdCQUFnQjtZQUN0RCxnQkFBZ0IsRUFBRSxFQUFFLENBQUMsUUFBUSxDQUFDLGdCQUFnQixDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQ3pELENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLGdCQUFnQixDQUFDLENBQUMsQ0FBQyxFQUFFLENBQy9CO1NBQ0YsRUFDRDtZQUNFLFNBQVMsRUFBRSxDQUFDLEdBQUcsU0FBUyxFQUFFLEVBQUUsQ0FBQyxRQUFRLENBQUM7U0FDdkMsQ0FDRixDQUFDO0lBQ0osQ0FBQztJQUVELE9BQU8sRUFBRSxDQUFDO0FBQ1osQ0FBQyxDQUFDIn0=

package/Web/AppCertOrder.d.ts

@@ -0,0 +1,16 @@
+import * as certificateregistration from "@pulumi/azure-native/certificateregistration";
+import { DefaultResourceArgs, KeyVaultInfo } from "../types";
+interface Props extends DefaultResourceArgs {
+    domain: string;
+    productType?: certificateregistration.CertificateProductType;
+    vaultInfo?: KeyVaultInfo;
+}
+declare const _default: ({ domain, productType, vaultInfo, ...others }: Props) => {
+    resource: import("@pulumi/pulumi").CustomResource & {
+        id: import("@pulumi/pulumi").Output<string>;
+        urn: import("@pulumi/pulumi").Output<string>;
+    };
+    locker: import("@pulumi/azure-native/authorization/managementLockByScope").ManagementLockByScope | undefined;
+    diagnostic: import("@pulumi/azure-native/aadiam/diagnosticSetting").DiagnosticSetting | undefined;
+};
+export default _default;

package/Web/AppCertOrder.js

@@ -0,0 +1,34 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const certificateregistration = require("@pulumi/azure-native/certificateregistration");
+const ResourceCreator_1 = require("../Core/ResourceCreator");
+const AzureEnv_1 = require("../Common/AzureEnv");
+const Common_1 = require("../Common");
+const Naming_1 = require("../Common/Naming");
+exports.default = ({ domain, productType = certificateregistration.CertificateProductType
+    .StandardDomainValidatedWildCardSsl, vaultInfo, ...others }) => {
+    const n = (0, Naming_1.getCertOrderName)(domain);
+    const order = (0, ResourceCreator_1.default)(certificateregistration.AppServiceCertificateOrder, {
+        certificateOrderName: n,
+        ...Common_1.global.groupInfo,
+        location: "global",
+        productType,
+        autoRenew: true,
+        distinguishedName: `CN=*.${domain}`,
+        keySize: 2048,
+        validityInYears: 1,
+        tags: AzureEnv_1.defaultTags,
+        ...others,
+    });
+    if (vaultInfo) {
+        new certificateregistration.AppServiceCertificateOrderCertificate(n, {
+            certificateOrderName: n,
+            ...Common_1.global.groupInfo,
+            location: "global",
+            keyVaultSecretName: n,
+            keyVaultId: vaultInfo.id,
+        }, { dependsOn: order.resource });
+    }
+    return order;
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQXBwQ2VydE9yZGVyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL1dlYi9BcHBDZXJ0T3JkZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFBQSx3RkFBd0Y7QUFJeEYsNkRBQThDO0FBQzlDLGlEQUFpRDtBQUNqRCxzQ0FBbUM7QUFDbkMsNkNBQW9EO0FBUXBELGtCQUFlLENBQUMsRUFDZCxNQUFNLEVBQ04sV0FBVyxHQUFHLHVCQUF1QixDQUFDLHNCQUFzQjtLQUN6RCxrQ0FBa0MsRUFDckMsU0FBUyxFQUNULEdBQUcsTUFBTSxFQUNILEVBQUUsRUFBRTtJQUNWLE1BQU0sQ0FBQyxHQUFHLElBQUEseUJBQWdCLEVBQUMsTUFBTSxDQUFDLENBQUM7SUFFbkMsTUFBTSxLQUFLLEdBQUcsSUFBQSx5QkFBTyxFQUNuQix1QkFBdUIsQ0FBQywwQkFBMEIsRUFDbEQ7UUFDRSxvQkFBb0IsRUFBRSxDQUFDO1FBQ3ZCLEdBQUcsZUFBTSxDQUFDLFNBQVM7UUFDbkIsUUFBUSxFQUFFLFFBQVE7UUFDbEIsV0FBVztRQUNYLFNBQVMsRUFBRSxJQUFJO1FBQ2YsaUJBQWlCLEVBQUUsUUFBUSxNQUFNLEVBQUU7UUFDbkMsT0FBTyxFQUFFLElBQUk7UUFDYixlQUFlLEVBQUUsQ0FBQztRQUNsQixJQUFJLEVBQUUsc0JBQVc7UUFDakIsR0FBRyxNQUFNO0tBRVUsQ0FDdEIsQ0FBQztJQUVGLElBQUksU0FBUyxFQUFFLENBQUM7UUFDZCxJQUFJLHVCQUF1QixDQUFDLHFDQUFxQyxDQUMvRCxDQUFDLEVBQ0Q7WUFDRSxvQkFBb0IsRUFBRSxDQUFDO1lBQ3ZCLEdBQUcsZUFBTSxDQUFDLFNBQVM7WUFDbkIsUUFBUSxFQUFFLFFBQVE7WUFDbEIsa0JBQWtCLEVBQUUsQ0FBQztZQUNyQixVQUFVLEVBQUUsU0FBUyxDQUFDLEVBQUU7U0FDekIsRUFDRCxFQUFFLFNBQVMsRUFBRSxLQUFLLENBQUMsUUFBUSxFQUFFLENBQzlCLENBQUM7SUFDSixDQUFDO0lBQ0QsT0FBTyxLQUFLLENBQUM7QUFDZixDQUFDLENBQUMifQ==

package/Web/AppConfig.d.ts

@@ -0,0 +1,16 @@
+import { KeyVaultInfo, PrivateLinkProps, ResourceGroupInfo } from '../types';
+interface Props {
+    name: string;
+    group: ResourceGroupInfo;
+    disabledAccessKeys?: boolean;
+    privateLink?: PrivateLinkProps;
+    vaultInfo?: KeyVaultInfo;
+}
+declare const _default: ({ group, name, vaultInfo, disabledAccessKeys, privateLink, }: Props) => {
+    appConfig: import("@pulumi/azure-native/appconfiguration/configurationStore").ConfigurationStore;
+    vaultNames: {
+        readPrimaryConnectionStringKey: string;
+        readSecondaryConnectionStringKey: string;
+    };
+};
+export default _default;

package/Web/AppConfig.js

@@ -0,0 +1,79 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const AppConfiguration = require("@pulumi/azure-native/appconfiguration");
+const AzureEnv_1 = require("../Common/AzureEnv");
+const Naming_1 = require("../Common/Naming");
+const AppConfigDisableAccessKeys_1 = require("@drunk-pulumi/azure-providers/AppConfigDisableAccessKeys");
+const PrivateEndpoint_1 = require("../VNet/PrivateEndpoint");
+const CustomHelper_1 = require("../KeyVault/CustomHelper");
+exports.default = ({ group, name, vaultInfo, disabledAccessKeys, 
+//enablePublicAccess,
+privateLink, }) => {
+    name = (0, Naming_1.getAppConfigName)(name);
+    const readPrimaryConnectionStringKey = `${name}-read-primary-connection-string`;
+    const readSecondaryConnectionStringKey = `${name}-read-secondary-connection-string`;
+    //Default is enable public access however will be not if private link is enabled.
+    // if (!enablePublicAccess && !privateLink) {
+    //   enablePublicAccess = true;
+    // }
+    const appConfig = new AppConfiguration.ConfigurationStore(name, {
+        configStoreName: name,
+        ...group,
+        identity: { type: 'SystemAssigned' },
+        //This only able to disable when private link created.
+        // publicNetworkAccess: enablePublicAccess
+        //   ? AppConfiguration.PublicNetworkAccess.Enabled
+        //   : AppConfiguration.PublicNetworkAccess.Disabled,
+        sku: { name: 'Standard' },
+        tags: AzureEnv_1.defaultTags,
+    });
+    //Access Keys
+    if (disabledAccessKeys) {
+        new AppConfigDisableAccessKeys_1.AppConfigDisableAccessKeysResource(name, { configStoreName: name, ...group }, { dependsOn: appConfig });
+    }
+    else if (vaultInfo) {
+        appConfig.id.apply(async (id) => {
+            if (!id)
+                return;
+            //Load the  keys from Azure
+            const keys = await AppConfiguration.listConfigurationStoreKeys({
+                configStoreName: name,
+                ...group,
+            });
+            if (keys.value) {
+                keys.value.map((key) => {
+                    //Only Read Connection String here
+                    if (key.readOnly) {
+                        (0, CustomHelper_1.addCustomSecret)({
+                            name: key.name.includes('Primary')
+                                ? readPrimaryConnectionStringKey
+                                : readSecondaryConnectionStringKey,
+                            value: key.connectionString,
+                            contentType: `AppConfig ${name} ${key.name}`,
+                            vaultInfo,
+                        });
+                    }
+                });
+            }
+        });
+    }
+    //Private Link
+    if (privateLink) {
+        (0, PrivateEndpoint_1.default)({
+            name: (0, Naming_1.getPrivateEndpointName)(name),
+            group,
+            privateDnsZoneName: 'privatelink.azconfig.io',
+            linkServiceGroupIds: ['appConfig'],
+            resourceId: appConfig.id,
+            ...privateLink,
+        });
+    }
+    return {
+        appConfig,
+        vaultNames: {
+            readPrimaryConnectionStringKey,
+            readSecondaryConnectionStringKey,
+        },
+    };
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQXBwQ29uZmlnLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL1dlYi9BcHBDb25maWcudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFBQSwwRUFBMEU7QUFDMUUsaURBQWlEO0FBQ2pELDZDQUE0RTtBQUU1RSx5R0FBOEc7QUFDOUcsNkRBQXNEO0FBQ3RELDJEQUEyRDtBQVczRCxrQkFBZSxDQUFDLEVBQ2QsS0FBSyxFQUNMLElBQUksRUFDSixTQUFTLEVBQ1Qsa0JBQWtCO0FBQ2xCLHFCQUFxQjtBQUNyQixXQUFXLEdBQ0wsRUFBRSxFQUFFO0lBQ1YsSUFBSSxHQUFHLElBQUEseUJBQWdCLEVBQUMsSUFBSSxDQUFDLENBQUM7SUFDOUIsTUFBTSw4QkFBOEIsR0FBRyxHQUFHLElBQUksaUNBQWlDLENBQUM7SUFDaEYsTUFBTSxnQ0FBZ0MsR0FBRyxHQUFHLElBQUksbUNBQW1DLENBQUM7SUFFcEYsaUZBQWlGO0lBQ2pGLDZDQUE2QztJQUM3QywrQkFBK0I7SUFDL0IsSUFBSTtJQUVKLE1BQU0sU0FBUyxHQUFHLElBQUksZ0JBQWdCLENBQUMsa0JBQWtCLENBQUMsSUFBSSxFQUFFO1FBQzlELGVBQWUsRUFBRSxJQUFJO1FBQ3JCLEdBQUcsS0FBSztRQUNSLFFBQVEsRUFBRSxFQUFFLElBQUksRUFBRSxnQkFBZ0IsRUFBRTtRQUNwQyxzREFBc0Q7UUFDdEQsMENBQTBDO1FBQzFDLG1EQUFtRDtRQUNuRCxxREFBcUQ7UUFDckQsR0FBRyxFQUFFLEVBQUUsSUFBSSxFQUFFLFVBQVUsRUFBRTtRQUN6QixJQUFJLEVBQUUsc0JBQVc7S0FDbEIsQ0FBQyxDQUFDO0lBRUgsYUFBYTtJQUNiLElBQUksa0JBQWtCLEVBQUUsQ0FBQztRQUN2QixJQUFJLCtEQUFrQyxDQUNwQyxJQUFJLEVBQ0osRUFBRSxlQUFlLEVBQUUsSUFBSSxFQUFFLEdBQUcsS0FBSyxFQUFFLEVBQ25DLEVBQUUsU0FBUyxFQUFFLFNBQVMsRUFBRSxDQUN6QixDQUFDO0lBQ0osQ0FBQztTQUFNLElBQUksU0FBUyxFQUFFLENBQUM7UUFDckIsU0FBUyxDQUFDLEVBQUUsQ0FBQyxLQUFLLENBQUMsS0FBSyxFQUFFLEVBQUUsRUFBRSxFQUFFO1lBQzlCLElBQUksQ0FBQyxFQUFFO2dCQUFFLE9BQU87WUFDaEIsMkJBQTJCO1lBQzNCLE1BQU0sSUFBSSxHQUFHLE1BQU0sZ0JBQWdCLENBQUMsMEJBQTBCLENBQUM7Z0JBQzdELGVBQWUsRUFBRSxJQUFJO2dCQUNyQixHQUFHLEtBQUs7YUFDVCxDQUFDLENBQUM7WUFFSCxJQUFJLElBQUksQ0FBQyxLQUFLLEVBQUUsQ0FBQztnQkFDZixJQUFJLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDLEdBQUcsRUFBRSxFQUFFO29CQUNyQixrQ0FBa0M7b0JBQ2xDLElBQUksR0FBRyxDQUFDLFFBQVEsRUFBRSxDQUFDO3dCQUNqQixJQUFBLDhCQUFlLEVBQUM7NEJBQ2QsSUFBSSxFQUFFLEdBQUcsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLFNBQVMsQ0FBQztnQ0FDaEMsQ0FBQyxDQUFDLDhCQUE4QjtnQ0FDaEMsQ0FBQyxDQUFDLGdDQUFnQzs0QkFDcEMsS0FBSyxFQUFFLEdBQUcsQ0FBQyxnQkFBZ0I7NEJBQzNCLFdBQVcsRUFBRSxhQUFhLElBQUksSUFBSSxHQUFHLENBQUMsSUFBSSxFQUFFOzRCQUM1QyxTQUFTO3lCQUNWLENBQUMsQ0FBQztvQkFDTCxDQUFDO2dCQUNILENBQUMsQ0FBQyxDQUFDO1lBQ0wsQ0FBQztRQUNILENBQUMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVELGNBQWM7SUFDZCxJQUFJLFdBQVcsRUFBRSxDQUFDO1FBQ2hCLElBQUEseUJBQWUsRUFBQztZQUNkLElBQUksRUFBRSxJQUFBLCtCQUFzQixFQUFDLElBQUksQ0FBQztZQUNsQyxLQUFLO1lBQ0wsa0JBQWtCLEVBQUUseUJBQXlCO1lBQzdDLG1CQUFtQixFQUFFLENBQUMsV0FBVyxDQUFDO1lBQ2xDLFVBQVUsRUFBRSxTQUFTLENBQUMsRUFBRTtZQUN4QixHQUFHLFdBQVc7U0FDZixDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsT0FBTztRQUNMLFNBQVM7UUFDVCxVQUFVLEVBQUU7WUFDViw4QkFBOEI7WUFDOUIsZ0NBQWdDO1NBQ2pDO0tBQ0YsQ0FBQztBQUNKLENBQUMsQ0FBQyJ9

package/Web/AppGateway.d.ts

@@ -0,0 +1,15 @@
+import { DefaultResourceArgs, BasicResourceArgs } from '../types';
+import { Input } from '@pulumi/pulumi';
+interface Props extends DefaultResourceArgs, BasicResourceArgs {
+    publicIpAddressId: Input<string>;
+    subnetId: Input<string>;
+}
+declare const _default: ({ name, group, subnetId, publicIpAddressId }: Props) => {
+    resource: import("@pulumi/pulumi").CustomResource & {
+        id: import("@pulumi/pulumi").Output<string>;
+        urn: import("@pulumi/pulumi").Output<string>;
+    };
+    locker: import("@pulumi/azure-native/authorization/managementLockByScope").ManagementLockByScope | undefined;
+    diagnostic: import("@pulumi/azure-native/aadiam/diagnosticSetting").DiagnosticSetting | undefined;
+};
+export default _default;